From bf372706c469764d59e9f29c39e3ecbebd72b8d2 Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Sat, 16 Jul 2016 15:19:53 +0200 Subject: Imported Upstream version 5.5.0 --- Android.common.mk | 2 +- Android.mk | 7 +- Makefile.in | 51 +- NEWS | 38 + aclocal.m4 | 295 +- compile | 2 +- conf/Makefile.in | 30 +- conf/options/charon.conf | 5 + conf/options/charon.opt | 5 + conf/plugins/imc-attestation.opt | 6 + conf/strongswan.conf.5.main | 14 + config.guess | 233 +- config.h.in | 8 +- config.sub | 60 +- configure | 2363 ++++++--- configure.ac | 58 +- depcomp | 2 +- init/Makefile.in | 26 +- init/systemd-swanctl/Makefile.in | 26 +- init/systemd/Makefile.in | 26 +- install-sh | 373 +- ltmain.sh | 5533 +++++++++++++------- m4/config/libtool.m4 | 2525 +++++---- m4/config/ltoptions.m4 | 127 +- m4/config/ltsugar.m4 | 7 +- m4/config/ltversion.m4 | 12 +- m4/config/lt~obsolete.m4 | 7 +- man/Makefile.in | 28 +- missing | 6 +- scripts/Makefile.in | 27 +- scripts/timeattack.c | 10 +- src/Makefile.am | 8 + src/Makefile.in | 91 +- src/_copyright/Makefile.in | 27 +- src/_updown/Makefile.in | 26 +- src/aikgen/Makefile.am | 9 +- src/aikgen/Makefile.in | 36 +- src/aikgen/aikgen.c | 229 +- src/aikpub2/Makefile.am | 15 + src/aikpub2/Makefile.in | 763 +++ src/aikpub2/aikpub2.c | 305 ++ src/charon-cmd/Makefile.am | 2 +- src/charon-cmd/Makefile.in | 33 +- src/charon-cmd/cmd/cmd_connection.c | 42 +- src/charon-nm/Makefile.am | 2 +- src/charon-nm/Makefile.in | 31 +- src/charon-nm/nm/nm_service.c | 84 +- src/charon-svc/Makefile.in | 27 +- src/charon-systemd/Makefile.am | 3 +- src/charon-systemd/Makefile.in | 32 +- src/charon-tkm/Makefile.in | 26 +- src/charon-tkm/src/tkm/tkm_diffie_hellman.c | 6 +- src/charon-tkm/src/tkm/tkm_kernel_ipsec.c | 97 +- src/charon-tkm/src/tkm/tkm_kernel_sad.c | 32 +- src/charon-tkm/src/tkm/tkm_kernel_sad.h | 10 +- src/charon-tkm/src/tkm/tkm_keymat.c | 8 +- src/charon-tkm/src/tkm/tkm_nonceg.c | 2 +- src/charon-tkm/src/tkm/tkm_spi_generator.c | 12 +- src/charon-tkm/tests/nonceg_tests.c | 6 +- src/charon/Makefile.am | 2 +- src/charon/Makefile.in | 32 +- src/checksum/Makefile.am | 5 + src/checksum/Makefile.in | 79 +- src/checksum/checksum_builder.c | 2 +- src/conftest/Makefile.am | 2 +- src/conftest/Makefile.in | 32 +- src/conftest/actions.c | 2 +- src/conftest/config.c | 26 +- src/conftest/hooks/custom_proposal.c | 4 +- src/conftest/hooks/log_proposals.c | 2 +- src/conftest/hooks/rebuild_auth.c | 2 +- src/conftest/hooks/reset_seq.c | 2 +- src/conftest/hooks/set_ike_spi.c | 4 +- src/conftest/hooks/set_length.c | 4 +- src/conftest/hooks/set_proposal_number.c | 2 +- src/conftest/hooks/set_reserved.c | 6 +- src/dumm/Makefile.in | 27 +- src/dumm/mconsole.c | 18 +- src/include/Makefile.in | 26 +- src/include/linux/pfkeyv2.h | 2 +- src/ipsec/Makefile.in | 27 +- src/ipsec/_ipsec.8 | 2 +- src/libcharon/Android.mk | 1 + src/libcharon/Makefile.am | 5 +- src/libcharon/Makefile.in | 83 +- src/libcharon/attributes/mem_pool.c | 16 +- src/libcharon/bus/bus.c | 2 +- src/libcharon/bus/bus.h | 10 +- src/libcharon/bus/listeners/listener.h | 2 +- src/libcharon/config/child_cfg.c | 172 +- src/libcharon/config/child_cfg.h | 116 +- src/libcharon/config/ike_cfg.c | 87 +- src/libcharon/config/ike_cfg.h | 19 +- src/libcharon/config/peer_cfg.c | 89 +- src/libcharon/config/peer_cfg.h | 97 +- src/libcharon/config/proposal.c | 66 +- src/libcharon/config/proposal.h | 10 +- src/libcharon/control/controller.c | 76 +- src/libcharon/control/controller.h | 4 +- src/libcharon/daemon.c | 63 +- src/libcharon/encoding/generator.c | 64 +- src/libcharon/encoding/generator.h | 2 +- src/libcharon/encoding/message.c | 42 +- src/libcharon/encoding/message.h | 16 +- src/libcharon/encoding/parser.c | 64 +- src/libcharon/encoding/parser.h | 2 +- src/libcharon/encoding/payloads/auth_payload.c | 8 +- src/libcharon/encoding/payloads/cert_payload.c | 6 +- src/libcharon/encoding/payloads/certreq_payload.c | 6 +- .../encoding/payloads/configuration_attribute.c | 12 +- .../encoding/payloads/configuration_attribute.h | 4 +- src/libcharon/encoding/payloads/cp_payload.c | 14 +- src/libcharon/encoding/payloads/cp_payload.h | 4 +- src/libcharon/encoding/payloads/delete_payload.c | 28 +- src/libcharon/encoding/payloads/delete_payload.h | 8 +- src/libcharon/encoding/payloads/eap_payload.c | 28 +- src/libcharon/encoding/payloads/eap_payload.h | 12 +- src/libcharon/encoding/payloads/encodings.h | 6 +- .../encoding/payloads/encrypted_fragment_payload.h | 6 +- .../encoding/payloads/encrypted_payload.c | 48 +- .../encoding/payloads/encrypted_payload.h | 2 +- src/libcharon/encoding/payloads/endpoint_notify.c | 44 +- src/libcharon/encoding/payloads/endpoint_notify.h | 4 +- src/libcharon/encoding/payloads/fragment_payload.c | 18 +- src/libcharon/encoding/payloads/fragment_payload.h | 6 +- src/libcharon/encoding/payloads/hash_payload.c | 6 +- src/libcharon/encoding/payloads/id_payload.c | 18 +- src/libcharon/encoding/payloads/ike_header.c | 40 +- src/libcharon/encoding/payloads/ike_header.h | 24 +- src/libcharon/encoding/payloads/ke_payload.c | 8 +- src/libcharon/encoding/payloads/nonce_payload.c | 4 +- src/libcharon/encoding/payloads/notify_payload.c | 24 +- src/libcharon/encoding/payloads/notify_payload.h | 8 +- src/libcharon/encoding/payloads/payload.c | 2 +- src/libcharon/encoding/payloads/payload.h | 2 +- .../encoding/payloads/proposal_substructure.c | 120 +- .../encoding/payloads/proposal_substructure.h | 22 +- src/libcharon/encoding/payloads/sa_payload.c | 32 +- src/libcharon/encoding/payloads/sa_payload.h | 14 +- .../payloads/traffic_selector_substructure.c | 10 +- .../payloads/traffic_selector_substructure.h | 4 +- .../encoding/payloads/transform_attribute.c | 14 +- .../encoding/payloads/transform_attribute.h | 6 +- .../encoding/payloads/transform_substructure.c | 18 +- .../encoding/payloads/transform_substructure.h | 6 +- src/libcharon/encoding/payloads/ts_payload.c | 6 +- src/libcharon/encoding/payloads/unknown_payload.c | 4 +- .../encoding/payloads/vendor_id_payload.c | 4 +- src/libcharon/kernel/kernel_handler.c | 10 +- src/libcharon/kernel/kernel_interface.c | 115 +- src/libcharon/kernel/kernel_interface.h | 185 +- src/libcharon/kernel/kernel_ipsec.h | 299 +- src/libcharon/kernel/kernel_listener.h | 8 +- src/libcharon/kernel/kernel_net.h | 12 +- src/libcharon/network/receiver.c | 32 +- src/libcharon/network/socket.h | 2 +- src/libcharon/network/socket_manager.c | 4 +- src/libcharon/network/socket_manager.h | 2 +- src/libcharon/plugins/addrblock/Makefile.in | 27 +- src/libcharon/plugins/android_dns/Makefile.in | 27 +- src/libcharon/plugins/android_log/Makefile.in | 27 +- src/libcharon/plugins/attr/Makefile.in | 27 +- src/libcharon/plugins/attr/attr_provider.c | 4 +- src/libcharon/plugins/attr_sql/Makefile.in | 27 +- src/libcharon/plugins/certexpire/Makefile.in | 27 +- src/libcharon/plugins/connmark/Makefile.in | 27 +- src/libcharon/plugins/connmark/connmark_listener.c | 45 +- src/libcharon/plugins/coupling/Makefile.in | 27 +- src/libcharon/plugins/dhcp/Makefile.in | 27 +- src/libcharon/plugins/dhcp/dhcp_socket.c | 34 +- src/libcharon/plugins/dhcp/dhcp_transaction.c | 6 +- src/libcharon/plugins/dhcp/dhcp_transaction.h | 4 +- src/libcharon/plugins/dnscert/Makefile.in | 27 +- src/libcharon/plugins/dnscert/dnscert.c | 8 +- src/libcharon/plugins/dnscert/dnscert.h | 2 +- src/libcharon/plugins/duplicheck/Makefile.in | 27 +- src/libcharon/plugins/duplicheck/duplicheck.c | 2 +- src/libcharon/plugins/duplicheck/duplicheck_msg.h | 2 +- .../plugins/duplicheck/duplicheck_notify.c | 2 +- src/libcharon/plugins/eap_aka/Makefile.in | 27 +- src/libcharon/plugins/eap_aka/eap_aka_peer.c | 16 +- src/libcharon/plugins/eap_aka/eap_aka_server.c | 14 +- src/libcharon/plugins/eap_aka_3gpp2/Makefile.in | 27 +- .../eap_aka_3gpp2/eap_aka_3gpp2_functions.c | 10 +- src/libcharon/plugins/eap_dynamic/Makefile.in | 27 +- src/libcharon/plugins/eap_dynamic/eap_dynamic.c | 12 +- src/libcharon/plugins/eap_gtc/Makefile.in | 27 +- src/libcharon/plugins/eap_gtc/eap_gtc.c | 18 +- src/libcharon/plugins/eap_identity/Makefile.in | 27 +- src/libcharon/plugins/eap_identity/eap_identity.c | 18 +- src/libcharon/plugins/eap_md5/Makefile.in | 27 +- src/libcharon/plugins/eap_md5/eap_md5.c | 20 +- src/libcharon/plugins/eap_mschapv2/Makefile.in | 27 +- src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c | 58 +- src/libcharon/plugins/eap_peap/Makefile.in | 27 +- src/libcharon/plugins/eap_peap/eap_peap.c | 6 +- src/libcharon/plugins/eap_peap/eap_peap_avp.c | 8 +- src/libcharon/plugins/eap_peap/eap_peap_avp.h | 2 +- src/libcharon/plugins/eap_peap/eap_peap_peer.c | 4 +- src/libcharon/plugins/eap_peap/eap_peap_server.c | 4 +- src/libcharon/plugins/eap_radius/Makefile.in | 27 +- src/libcharon/plugins/eap_radius/eap_radius.c | 32 +- .../plugins/eap_radius/eap_radius_accounting.c | 28 +- .../plugins/eap_radius/eap_radius_accounting.h | 2 +- src/libcharon/plugins/eap_radius/eap_radius_dae.c | 4 +- .../plugins/eap_radius/eap_radius_forward.c | 6 +- .../plugins/eap_radius/eap_radius_provider.c | 4 +- .../plugins/eap_radius/eap_radius_provider.h | 4 +- src/libcharon/plugins/eap_sim/Makefile.in | 27 +- src/libcharon/plugins/eap_sim/eap_sim_peer.c | 16 +- src/libcharon/plugins/eap_sim/eap_sim_server.c | 14 +- src/libcharon/plugins/eap_sim_file/Makefile.in | 27 +- src/libcharon/plugins/eap_sim_pcsc/Makefile.in | 27 +- .../plugins/eap_simaka_pseudonym/Makefile.in | 27 +- .../eap_simaka_pseudonym_card.c | 82 +- .../plugins/eap_simaka_reauth/Makefile.in | 27 +- .../eap_simaka_reauth/eap_simaka_reauth_card.c | 6 +- .../eap_simaka_reauth/eap_simaka_reauth_provider.c | 4 +- src/libcharon/plugins/eap_simaka_sql/Makefile.in | 27 +- src/libcharon/plugins/eap_tls/Makefile.in | 27 +- src/libcharon/plugins/eap_tls/eap_tls.c | 6 +- src/libcharon/plugins/eap_tnc/Makefile.in | 27 +- src/libcharon/plugins/eap_ttls/Makefile.in | 27 +- src/libcharon/plugins/eap_ttls/eap_ttls.c | 6 +- src/libcharon/plugins/eap_ttls/eap_ttls_avp.c | 10 +- src/libcharon/plugins/eap_ttls/eap_ttls_peer.c | 6 +- src/libcharon/plugins/error_notify/Makefile.in | 27 +- .../plugins/error_notify/error_notify_listener.c | 5 + .../plugins/error_notify/error_notify_msg.h | 1 + src/libcharon/plugins/ext_auth/Makefile.in | 27 +- src/libcharon/plugins/farp/Makefile.in | 27 +- src/libcharon/plugins/farp/farp_listener.c | 2 +- src/libcharon/plugins/farp/farp_spoofer.c | 18 +- src/libcharon/plugins/forecast/Makefile.in | 27 +- .../plugins/forecast/forecast_forwarder.c | 6 +- src/libcharon/plugins/forecast/forecast_listener.c | 32 +- src/libcharon/plugins/ha/Makefile.in | 27 +- src/libcharon/plugins/ha/ha_attribute.c | 12 +- src/libcharon/plugins/ha/ha_cache.c | 4 +- src/libcharon/plugins/ha/ha_child.c | 4 +- src/libcharon/plugins/ha/ha_dispatcher.c | 20 +- src/libcharon/plugins/ha/ha_ike.c | 6 +- src/libcharon/plugins/ha/ha_kernel.c | 20 +- src/libcharon/plugins/ha/ha_kernel.h | 2 +- src/libcharon/plugins/ha/ha_message.c | 86 +- src/libcharon/plugins/ha/ha_message.h | 44 +- src/libcharon/plugins/ha/ha_segments.h | 2 +- src/libcharon/plugins/ha/ha_tunnel.c | 28 +- src/libcharon/plugins/ipseckey/Makefile.in | 27 +- src/libcharon/plugins/ipseckey/ipseckey.c | 10 +- src/libcharon/plugins/ipseckey/ipseckey.h | 2 +- src/libcharon/plugins/ipseckey/ipseckey_cred.c | 2 +- src/libcharon/plugins/kernel_iph/Makefile.in | 27 +- src/libcharon/plugins/kernel_iph/kernel_iph_net.c | 13 +- src/libcharon/plugins/kernel_libipsec/Makefile.in | 27 +- .../kernel_libipsec/kernel_libipsec_ipsec.c | 101 +- src/libcharon/plugins/kernel_netlink/Makefile.am | 2 + src/libcharon/plugins/kernel_netlink/Makefile.in | 31 +- .../plugins/kernel_netlink/kernel_netlink_ipsec.c | 1098 ++-- .../plugins/kernel_netlink/kernel_netlink_net.c | 126 +- .../plugins/kernel_netlink/kernel_netlink_shared.c | 8 +- src/libcharon/plugins/kernel_pfkey/Makefile.in | 27 +- .../plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 690 +-- src/libcharon/plugins/kernel_pfroute/Makefile.in | 27 +- .../plugins/kernel_pfroute/kernel_pfroute_net.c | 34 +- src/libcharon/plugins/kernel_wfp/Makefile.in | 27 +- .../plugins/kernel_wfp/kernel_wfp_ipsec.c | 260 +- src/libcharon/plugins/led/Makefile.in | 27 +- src/libcharon/plugins/load_tester/Makefile.in | 27 +- src/libcharon/plugins/load_tester/load_tester.c | 2 +- .../plugins/load_tester/load_tester_config.c | 58 +- .../plugins/load_tester/load_tester_creds.c | 4 +- .../plugins/load_tester/load_tester_ipsec.c | 45 +- src/libcharon/plugins/lookip/Makefile.in | 27 +- src/libcharon/plugins/maemo/Makefile.in | 27 +- src/libcharon/plugins/maemo/maemo_service.c | 36 +- src/libcharon/plugins/medcli/Makefile.in | 27 +- src/libcharon/plugins/medcli/medcli_config.c | 88 +- src/libcharon/plugins/medsrv/Makefile.in | 27 +- src/libcharon/plugins/medsrv/medsrv_config.c | 20 +- src/libcharon/plugins/osx_attr/Makefile.in | 27 +- src/libcharon/plugins/p_cscf/Makefile.am | 1 - src/libcharon/plugins/p_cscf/Makefile.in | 28 +- src/libcharon/plugins/radattr/Makefile.in | 27 +- src/libcharon/plugins/resolve/Makefile.in | 27 +- src/libcharon/plugins/resolve/resolve_handler.c | 203 +- src/libcharon/plugins/smp/Makefile.in | 27 +- src/libcharon/plugins/smp/smp.c | 2 +- src/libcharon/plugins/socket_default/Makefile.in | 27 +- .../plugins/socket_default/socket_default_socket.c | 32 +- src/libcharon/plugins/socket_dynamic/Makefile.in | 27 +- .../plugins/socket_dynamic/socket_dynamic_socket.c | 10 +- src/libcharon/plugins/socket_win/Makefile.in | 27 +- .../plugins/socket_win/socket_win_socket.c | 6 +- src/libcharon/plugins/sql/Makefile.in | 27 +- src/libcharon/plugins/sql/sql_config.c | 50 +- src/libcharon/plugins/sql/sql_logger.c | 2 +- src/libcharon/plugins/stroke/Makefile.in | 27 +- src/libcharon/plugins/stroke/stroke_config.c | 132 +- src/libcharon/plugins/stroke/stroke_control.c | 18 +- src/libcharon/plugins/stroke/stroke_counter.c | 10 +- src/libcharon/plugins/stroke/stroke_cred.c | 47 +- src/libcharon/plugins/stroke/stroke_list.c | 10 +- src/libcharon/plugins/stroke/stroke_socket.c | 2 +- src/libcharon/plugins/systime_fix/Makefile.in | 27 +- src/libcharon/plugins/tnc_ifmap/Makefile.in | 27 +- .../plugins/tnc_ifmap/tnc_ifmap_listener.c | 2 +- .../tnc_ifmap/tnc_ifmap_renew_session_job.c | 4 +- .../tnc_ifmap/tnc_ifmap_renew_session_job.h | 2 +- src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c | 6 +- src/libcharon/plugins/tnc_pdp/Makefile.in | 27 +- src/libcharon/plugins/tnc_pdp/tnc_pdp.c | 16 +- src/libcharon/plugins/uci/Makefile.in | 27 +- src/libcharon/plugins/uci/uci_config.c | 36 +- src/libcharon/plugins/unity/Makefile.in | 27 +- src/libcharon/plugins/unity/unity_handler.c | 8 +- src/libcharon/plugins/unity/unity_provider.c | 4 +- src/libcharon/plugins/updown/Makefile.in | 27 +- src/libcharon/plugins/updown/updown_listener.c | 12 +- src/libcharon/plugins/vici/Makefile.in | 27 +- src/libcharon/plugins/vici/README.md | 11 +- src/libcharon/plugins/vici/libvici.c | 18 +- src/libcharon/plugins/vici/perl/Makefile.in | 26 +- src/libcharon/plugins/vici/python/MANIFEST.in | 1 + src/libcharon/plugins/vici/python/Makefile.am | 20 +- src/libcharon/plugins/vici/python/Makefile.in | 46 +- src/libcharon/plugins/vici/python/README.rst | 24 + src/libcharon/plugins/vici/python/setup.py.in | 18 +- src/libcharon/plugins/vici/python/vici/protocol.py | 11 +- src/libcharon/plugins/vici/ruby/Makefile.in | 28 +- src/libcharon/plugins/vici/suites/test_socket.c | 4 +- src/libcharon/plugins/vici/vici_attribute.c | 6 +- src/libcharon/plugins/vici/vici_config.c | 329 +- src/libcharon/plugins/vici/vici_control.c | 6 +- src/libcharon/plugins/vici/vici_dispatcher.c | 6 +- src/libcharon/plugins/vici/vici_message.c | 2 +- src/libcharon/plugins/vici/vici_query.c | 36 +- src/libcharon/plugins/vici/vici_socket.c | 6 +- src/libcharon/plugins/whitelist/Makefile.in | 27 +- src/libcharon/plugins/xauth_eap/Makefile.in | 27 +- src/libcharon/plugins/xauth_eap/xauth_eap.c | 2 +- src/libcharon/plugins/xauth_generic/Makefile.in | 27 +- src/libcharon/plugins/xauth_noauth/Makefile.in | 27 +- src/libcharon/plugins/xauth_pam/Makefile.in | 27 +- src/libcharon/processing/jobs/acquire_job.c | 4 +- src/libcharon/processing/jobs/acquire_job.h | 2 +- src/libcharon/processing/jobs/adopt_children_job.c | 2 +- .../processing/jobs/delete_child_sa_job.c | 4 +- .../processing/jobs/delete_child_sa_job.h | 2 +- src/libcharon/processing/jobs/inactivity_job.c | 10 +- src/libcharon/processing/jobs/inactivity_job.h | 2 +- src/libcharon/processing/jobs/migrate_job.c | 4 +- src/libcharon/processing/jobs/migrate_job.h | 2 +- src/libcharon/processing/jobs/rekey_child_sa_job.c | 4 +- src/libcharon/processing/jobs/rekey_child_sa_job.h | 2 +- src/libcharon/processing/jobs/rekey_ike_sa_job.c | 6 +- src/libcharon/processing/jobs/retransmit_job.c | 4 +- src/libcharon/processing/jobs/retransmit_job.h | 2 +- src/libcharon/processing/jobs/update_sa_job.c | 4 +- src/libcharon/processing/jobs/update_sa_job.h | 2 +- src/libcharon/sa/child_sa.c | 398 +- src/libcharon/sa/child_sa.h | 18 +- src/libcharon/sa/child_sa_manager.c | 14 +- src/libcharon/sa/child_sa_manager.h | 4 +- src/libcharon/sa/eap/eap_manager.c | 8 +- src/libcharon/sa/eap/eap_manager.h | 6 +- src/libcharon/sa/eap/eap_method.h | 6 +- src/libcharon/sa/ike_sa.c | 72 +- src/libcharon/sa/ike_sa.h | 48 +- src/libcharon/sa/ike_sa_id.c | 20 +- src/libcharon/sa/ike_sa_id.h | 14 +- src/libcharon/sa/ike_sa_manager.c | 94 +- src/libcharon/sa/ike_sa_manager.h | 4 +- src/libcharon/sa/ikev1/keymat_v1.c | 48 +- src/libcharon/sa/ikev1/keymat_v1.h | 8 +- src/libcharon/sa/ikev1/task_manager_v1.c | 100 +- src/libcharon/sa/ikev1/tasks/aggressive_mode.c | 17 +- src/libcharon/sa/ikev1/tasks/isakmp_delete.c | 2 +- src/libcharon/sa/ikev1/tasks/isakmp_dpd.c | 8 +- src/libcharon/sa/ikev1/tasks/isakmp_dpd.h | 2 +- src/libcharon/sa/ikev1/tasks/isakmp_natd.c | 4 +- src/libcharon/sa/ikev1/tasks/isakmp_vendor.c | 2 +- src/libcharon/sa/ikev1/tasks/main_mode.c | 22 +- src/libcharon/sa/ikev1/tasks/mode_config.c | 2 +- src/libcharon/sa/ikev1/tasks/quick_delete.c | 10 +- src/libcharon/sa/ikev1/tasks/quick_delete.h | 2 +- src/libcharon/sa/ikev1/tasks/quick_mode.c | 60 +- src/libcharon/sa/ikev1/tasks/quick_mode.h | 6 +- src/libcharon/sa/ikev1/tasks/xauth.c | 2 +- .../sa/ikev2/authenticators/eap_authenticator.c | 16 +- .../sa/ikev2/authenticators/pubkey_authenticator.c | 4 +- src/libcharon/sa/ikev2/connect_manager.c | 34 +- src/libcharon/sa/ikev2/keymat_v2.c | 20 +- src/libcharon/sa/ikev2/task_manager_v2.c | 284 +- src/libcharon/sa/ikev2/tasks/child_create.c | 74 +- src/libcharon/sa/ikev2/tasks/child_create.h | 2 +- src/libcharon/sa/ikev2/tasks/child_delete.c | 73 +- src/libcharon/sa/ikev2/tasks/child_delete.h | 2 +- src/libcharon/sa/ikev2/tasks/child_rekey.c | 146 +- src/libcharon/sa/ikev2/tasks/child_rekey.h | 23 +- src/libcharon/sa/ikev2/tasks/ike_auth.c | 23 +- src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c | 8 +- src/libcharon/sa/ikev2/tasks/ike_delete.c | 62 +- src/libcharon/sa/ikev2/tasks/ike_init.c | 12 +- src/libcharon/sa/ikev2/tasks/ike_me.c | 2 +- src/libcharon/sa/ikev2/tasks/ike_mobike.c | 2 +- src/libcharon/sa/ikev2/tasks/ike_natd.c | 6 +- src/libcharon/sa/ikev2/tasks/ike_rekey.c | 261 +- src/libcharon/sa/ikev2/tasks/ike_rekey.h | 10 +- src/libcharon/sa/redirect_manager.c | 2 +- src/libcharon/sa/shunt_manager.c | 110 +- src/libcharon/sa/task_manager.h | 25 +- src/libcharon/sa/trap_manager.c | 26 +- src/libcharon/sa/trap_manager.h | 10 +- src/libcharon/tests/Makefile.am | 34 +- src/libcharon/tests/Makefile.in | 333 +- src/libcharon/tests/exchange_tests.c | 64 + src/libcharon/tests/exchange_tests.h | 20 + src/libcharon/tests/libcharon_tests.c | 3 - src/libcharon/tests/libcharon_tests.h | 12 + src/libcharon/tests/suites/test_child_create.c | 106 + src/libcharon/tests/suites/test_child_delete.c | 366 ++ src/libcharon/tests/suites/test_child_rekey.c | 1569 ++++++ src/libcharon/tests/suites/test_ike_delete.c | 137 + src/libcharon/tests/suites/test_ike_rekey.c | 1480 ++++++ src/libcharon/tests/suites/test_message_chapoly.c | 8 +- src/libcharon/tests/suites/test_proposal.c | 81 + src/libcharon/tests/utils/exchange_test_asserts.c | 182 + src/libcharon/tests/utils/exchange_test_asserts.h | 343 ++ src/libcharon/tests/utils/exchange_test_helper.c | 372 ++ src/libcharon/tests/utils/exchange_test_helper.h | 128 + src/libcharon/tests/utils/job_asserts.h | 59 + src/libcharon/tests/utils/mock_dh.c | 87 + src/libcharon/tests/utils/mock_dh.h | 37 + src/libcharon/tests/utils/mock_ipsec.c | 128 + src/libcharon/tests/utils/mock_ipsec.h | 36 + src/libcharon/tests/utils/mock_nonce_gen.c | 91 + src/libcharon/tests/utils/mock_nonce_gen.h | 37 + src/libcharon/tests/utils/mock_sender.c | 85 + src/libcharon/tests/utils/mock_sender.h | 56 + src/libcharon/tests/utils/sa_asserts.h | 145 + src/libfast/Makefile.am | 2 +- src/libfast/Makefile.in | 33 +- src/libimcv/Android.mk | 4 +- src/libimcv/Makefile.am | 10 +- src/libimcv/Makefile.in | 74 +- src/libimcv/generic/generic_attr_bool.c | 4 +- src/libimcv/generic/generic_attr_chunk.c | 2 +- src/libimcv/generic/generic_attr_string.c | 2 +- src/libimcv/ietf/ietf_attr.c | 2 +- src/libimcv/ietf/ietf_attr.h | 2 +- src/libimcv/ietf/ietf_attr_assess_result.c | 8 +- src/libimcv/ietf/ietf_attr_assess_result.h | 4 +- src/libimcv/ietf/ietf_attr_attr_request.c | 10 +- src/libimcv/ietf/ietf_attr_attr_request.h | 4 +- src/libimcv/ietf/ietf_attr_fwd_enabled.c | 4 +- src/libimcv/ietf/ietf_attr_installed_packages.c | 4 +- src/libimcv/ietf/ietf_attr_numeric_version.c | 26 +- src/libimcv/ietf/ietf_attr_numeric_version.h | 14 +- src/libimcv/ietf/ietf_attr_op_status.c | 14 +- src/libimcv/ietf/ietf_attr_op_status.h | 6 +- src/libimcv/ietf/ietf_attr_port_filter.c | 16 +- src/libimcv/ietf/ietf_attr_port_filter.h | 4 +- src/libimcv/ietf/ietf_attr_product_info.c | 8 +- src/libimcv/ietf/ietf_attr_product_info.h | 4 +- src/libimcv/ietf/ietf_attr_remediation_instr.c | 4 +- src/libimcv/ietf/ietf_attr_string_version.c | 2 +- src/libimcv/imc/imc_agent.c | 8 +- src/libimcv/imc/imc_agent.h | 2 +- src/libimcv/imc/imc_os_info.c | 2 +- src/libimcv/imc/imc_os_info.h | 4 +- src/libimcv/imc/imc_state.h | 4 +- src/libimcv/imv/data.sql | 170 +- src/libimcv/imv/imv_database.h | 2 +- src/libimcv/ita/ita_attr.c | 2 +- src/libimcv/ita/ita_attr.h | 2 +- src/libimcv/ita/ita_attr_angel.c | 2 +- src/libimcv/ita/ita_attr_command.c | 2 +- src/libimcv/ita/ita_attr_dummy.c | 2 +- src/libimcv/ita/ita_attr_get_settings.c | 4 +- src/libimcv/ita/ita_attr_settings.c | 4 +- src/libimcv/pa_tnc/pa_tnc_attr_manager.h | 2 +- src/libimcv/plugins/imc_attestation/Makefile.am | 3 +- src/libimcv/plugins/imc_attestation/Makefile.in | 30 +- .../imc_attestation/imc_attestation_process.c | 43 +- .../imc_attestation/imc_attestation_state.c | 8 +- .../imc_attestation/imc_attestation_state.h | 2 +- src/libimcv/plugins/imc_hcd/Makefile.in | 27 +- src/libimcv/plugins/imc_hcd/imc_hcd_state.c | 6 +- src/libimcv/plugins/imc_os/Makefile.in | 27 +- src/libimcv/plugins/imc_os/imc_os.c | 2 +- src/libimcv/plugins/imc_os/imc_os_state.c | 6 +- src/libimcv/plugins/imc_scanner/Makefile.in | 27 +- src/libimcv/plugins/imc_scanner/imc_scanner.c | 4 +- .../plugins/imc_scanner/imc_scanner_state.c | 6 +- src/libimcv/plugins/imc_swid/Makefile.in | 27 +- src/libimcv/plugins/imc_swid/imc_swid_state.c | 14 +- src/libimcv/plugins/imc_swid/imc_swid_state.h | 2 +- src/libimcv/plugins/imc_test/Makefile.in | 27 +- src/libimcv/plugins/imc_test/imc_test_state.c | 6 +- src/libimcv/plugins/imv_attestation/Makefile.am | 3 + src/libimcv/plugins/imv_attestation/Makefile.in | 32 +- src/libimcv/plugins/imv_attestation/attest_db.c | 2 +- .../imv_attestation/imv_attestation_agent.c | 7 +- .../imv_attestation/imv_attestation_process.c | 37 +- src/libimcv/plugins/imv_hcd/Makefile.am | 1 + src/libimcv/plugins/imv_hcd/Makefile.in | 28 +- src/libimcv/plugins/imv_os/Makefile.am | 3 +- src/libimcv/plugins/imv_os/Makefile.in | 30 +- src/libimcv/plugins/imv_scanner/Makefile.am | 3 +- src/libimcv/plugins/imv_scanner/Makefile.in | 30 +- .../plugins/imv_scanner/imv_scanner_agent.c | 8 +- src/libimcv/plugins/imv_swid/Makefile.am | 1 + src/libimcv/plugins/imv_swid/Makefile.in | 28 +- src/libimcv/plugins/imv_test/Makefile.in | 27 +- src/libimcv/pts/components/ita/ita_comp_ima.h | 2 +- src/libimcv/pts/components/ita/ita_comp_tboot.c | 20 +- src/libimcv/pts/components/ita/ita_comp_tboot.h | 2 +- src/libimcv/pts/components/ita/ita_comp_tgrub.c | 20 +- src/libimcv/pts/components/ita/ita_comp_tgrub.h | 2 +- src/libimcv/pts/components/pts_comp_evidence.c | 14 +- src/libimcv/pts/components/pts_comp_evidence.h | 10 +- src/libimcv/pts/components/pts_comp_func_name.c | 22 +- src/libimcv/pts/components/pts_comp_func_name.h | 12 +- src/libimcv/pts/components/pts_component.h | 10 +- src/libimcv/pts/components/pts_component_manager.c | 10 +- src/libimcv/pts/components/pts_component_manager.h | 8 +- src/libimcv/pts/pts.c | 766 +-- src/libimcv/pts/pts.h | 74 +- src/libimcv/pts/pts_file_meas.c | 8 +- src/libimcv/pts/pts_file_meas.h | 6 +- src/libimcv/pts/pts_file_meta.h | 12 +- src/libimcv/pts/pts_ima_bios_list.c | 9 +- src/libimcv/pts/pts_meas_algo.c | 18 + src/libimcv/pts/pts_meas_algo.h | 8 + src/libimcv/pts/pts_pcr.c | 54 +- src/libimcv/pts/pts_pcr.h | 16 +- src/libimcv/pts/pts_simple_evid_final.h | 47 - src/libimcv/pwg/pwg_attr.c | 2 +- src/libimcv/pwg/pwg_attr.h | 2 +- src/libimcv/pwg/pwg_attr_vendor_smi_code.c | 2 +- src/libimcv/swid/swid_error.c | 4 +- src/libimcv/swid/swid_error.h | 4 +- src/libimcv/tcg/pts/tcg_pts_attr_aik.c | 6 +- src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c | 6 +- src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h | 2 +- .../tcg/pts/tcg_pts_attr_dh_nonce_params_req.c | 12 +- .../tcg/pts/tcg_pts_attr_dh_nonce_params_req.h | 4 +- .../tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c | 8 +- src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c | 6 +- src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c | 4 +- src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c | 4 +- .../tcg/pts/tcg_pts_attr_get_tpm_version_info.c | 4 +- src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c | 4 +- src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c | 4 +- src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c | 20 +- src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h | 8 +- src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c | 14 +- src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h | 4 +- .../tcg/pts/tcg_pts_attr_req_func_comp_evid.c | 18 +- .../tcg/pts/tcg_pts_attr_req_func_comp_evid.h | 2 +- .../tcg/pts/tcg_pts_attr_simple_comp_evid.c | 16 +- .../tcg/pts/tcg_pts_attr_simple_evid_final.c | 249 +- .../tcg/pts/tcg_pts_attr_simple_evid_final.h | 29 +- .../tcg/pts/tcg_pts_attr_tpm_version_info.c | 2 +- src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c | 12 +- src/libimcv/tcg/seg/tcg_seg_attr_max_size.c | 2 +- src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c | 2 +- src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c | 2 +- src/libimcv/tcg/swid/tcg_swid_attr_req.c | 20 +- src/libimcv/tcg/swid/tcg_swid_attr_req.h | 10 +- src/libimcv/tcg/tcg_attr.c | 2 +- src/libimcv/tcg/tcg_attr.h | 2 +- src/libipsec/Makefile.in | 27 +- src/libipsec/esp_context.c | 12 +- src/libipsec/esp_context.h | 8 +- src/libipsec/esp_packet.c | 28 +- src/libipsec/esp_packet.h | 6 +- src/libipsec/ip_packet.c | 58 +- src/libipsec/ip_packet.h | 6 +- src/libipsec/ipsec_event_listener.h | 2 +- src/libipsec/ipsec_event_relay.c | 6 +- src/libipsec/ipsec_event_relay.h | 2 +- src/libipsec/ipsec_policy.c | 8 +- src/libipsec/ipsec_policy.h | 4 +- src/libipsec/ipsec_policy_mgr.c | 14 +- src/libipsec/ipsec_policy_mgr.h | 2 +- src/libipsec/ipsec_processor.c | 4 +- src/libipsec/ipsec_sa.c | 36 +- src/libipsec/ipsec_sa.h | 28 +- src/libipsec/ipsec_sa_mgr.c | 62 +- src/libipsec/ipsec_sa_mgr.h | 24 +- src/libipsec/tests/Makefile.in | 27 +- src/libipsec/tests/suites/test_chapoly.c | 6 +- src/libpttls/Makefile.in | 27 +- src/libpttls/pt_tls.c | 11 +- src/libpttls/pt_tls.h | 6 +- src/libpttls/pt_tls_client.c | 16 +- src/libpttls/pt_tls_server.c | 14 +- src/libradius/Makefile.in | 27 +- src/libradius/radius_config.c | 2 +- src/libradius/radius_config.h | 2 +- src/libradius/radius_message.c | 30 +- src/libradius/radius_message.h | 10 +- src/libradius/radius_mppe.h | 10 +- src/libradius/radius_socket.c | 18 +- src/libradius/radius_socket.h | 4 +- src/libsimaka/Makefile.in | 27 +- src/libsimaka/simaka_card.h | 6 +- src/libsimaka/simaka_manager.c | 6 +- src/libsimaka/simaka_manager.h | 8 +- src/libsimaka/simaka_message.c | 26 +- src/libsimaka/simaka_message.h | 4 +- src/libsimaka/simaka_provider.h | 4 +- src/libstrongswan/Makefile.am | 4 +- src/libstrongswan/Makefile.in | 117 +- src/libstrongswan/asn1/asn1.c | 6 +- src/libstrongswan/asn1/asn1.h | 4 +- src/libstrongswan/asn1/oid.c | 891 ++-- src/libstrongswan/asn1/oid.h | 431 +- src/libstrongswan/asn1/oid.txt | 1 + src/libstrongswan/bio/bio_reader.c | 58 +- src/libstrongswan/bio/bio_reader.h | 26 +- src/libstrongswan/bio/bio_writer.c | 14 +- src/libstrongswan/bio/bio_writer.h | 12 +- src/libstrongswan/collections/array.c | 20 +- src/libstrongswan/collections/array.h | 2 +- src/libstrongswan/credentials/auth_cfg.h | 2 +- src/libstrongswan/credentials/containers/pkcs12.c | 10 +- src/libstrongswan/credentials/containers/pkcs12.h | 2 +- src/libstrongswan/credentials/sets/mem_cred.c | 1 + src/libstrongswan/crypto/crypto_factory.c | 4 + src/libstrongswan/crypto/hashers/hasher.h | 2 +- src/libstrongswan/crypto/iv/iv_gen.h | 6 +- src/libstrongswan/crypto/iv/iv_gen_null.c | 4 +- src/libstrongswan/crypto/iv/iv_gen_rand.c | 4 +- src/libstrongswan/crypto/iv/iv_gen_seq.c | 28 +- src/libstrongswan/crypto/mac.h | 2 +- src/libstrongswan/crypto/mgf1/mgf1.c | 2 +- src/libstrongswan/crypto/nonce_gen.h | 2 +- src/libstrongswan/crypto/pkcs5.c | 12 +- src/libstrongswan/crypto/prf_plus.c | 4 +- src/libstrongswan/crypto/prf_plus.h | 2 +- src/libstrongswan/crypto/prfs/mac_prf.c | 2 +- src/libstrongswan/crypto/prfs/prf.h | 2 +- .../crypto/proposal/proposal_keywords.c | 2 +- .../crypto/proposal/proposal_keywords.h | 8 +- .../crypto/proposal/proposal_keywords_static.c | 298 +- .../crypto/proposal/proposal_keywords_static.txt | 5 +- src/libstrongswan/crypto/rngs/rng.c | 4 +- src/libstrongswan/crypto/rngs/rng.h | 4 +- src/libstrongswan/crypto/signers/mac_signer.c | 8 +- src/libstrongswan/crypto/signers/signer.h | 2 +- src/libstrongswan/eap/eap.h | 12 +- src/libstrongswan/ipsec/ipsec_types.c | 16 + src/libstrongswan/ipsec/ipsec_types.h | 29 +- src/libstrongswan/networking/host.c | 20 +- src/libstrongswan/networking/host.h | 12 +- src/libstrongswan/networking/packet.c | 6 +- src/libstrongswan/networking/packet.h | 4 +- src/libstrongswan/networking/tun_device.c | 16 +- src/libstrongswan/networking/tun_device.h | 4 +- src/libstrongswan/pen/pen.h | 6 +- src/libstrongswan/plugins/acert/Makefile.in | 27 +- src/libstrongswan/plugins/aes/Makefile.in | 27 +- src/libstrongswan/plugins/aes/aes_crypter.c | 82 +- src/libstrongswan/plugins/aesni/Makefile.in | 27 +- src/libstrongswan/plugins/aesni/aesni_ccm.c | 8 +- src/libstrongswan/plugins/aesni/aesni_cmac.c | 2 +- src/libstrongswan/plugins/aesni/aesni_ctr.c | 2 +- src/libstrongswan/plugins/aesni/aesni_gcm.c | 2 +- src/libstrongswan/plugins/aesni/aesni_xcbc.c | 2 +- src/libstrongswan/plugins/af_alg/Makefile.in | 27 +- src/libstrongswan/plugins/af_alg/af_alg_hasher.c | 2 +- src/libstrongswan/plugins/af_alg/af_alg_ops.c | 2 +- src/libstrongswan/plugins/af_alg/af_alg_ops.h | 2 +- src/libstrongswan/plugins/af_alg/af_alg_plugin.c | 19 + src/libstrongswan/plugins/af_alg/af_alg_prf.c | 2 +- src/libstrongswan/plugins/af_alg/af_alg_signer.c | 2 +- src/libstrongswan/plugins/agent/Makefile.in | 27 +- .../plugins/agent/agent_private_key.c | 20 +- src/libstrongswan/plugins/bliss/Makefile.in | 27 +- src/libstrongswan/plugins/bliss/tests/Makefile.in | 27 +- src/libstrongswan/plugins/blowfish/Makefile.in | 27 +- .../plugins/blowfish/blowfish_crypter.c | 6 +- src/libstrongswan/plugins/ccm/Makefile.in | 27 +- src/libstrongswan/plugins/ccm/ccm_aead.c | 6 +- src/libstrongswan/plugins/chapoly/Makefile.in | 27 +- src/libstrongswan/plugins/chapoly/chapoly_aead.c | 8 +- .../plugins/chapoly/chapoly_drv_portable.c | 42 +- .../plugins/chapoly/chapoly_drv_ssse3.c | 66 +- src/libstrongswan/plugins/cmac/Makefile.in | 27 +- src/libstrongswan/plugins/cmac/cmac.c | 16 +- src/libstrongswan/plugins/constraints/Makefile.in | 27 +- src/libstrongswan/plugins/ctr/Makefile.in | 27 +- src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c | 2 +- src/libstrongswan/plugins/curl/Makefile.in | 27 +- src/libstrongswan/plugins/curl/curl_plugin.c | 5 +- src/libstrongswan/plugins/des/Makefile.in | 27 +- src/libstrongswan/plugins/des/des_crypter.c | 14 +- src/libstrongswan/plugins/dnskey/Makefile.in | 27 +- src/libstrongswan/plugins/dnskey/dnskey_builder.c | 8 +- src/libstrongswan/plugins/files/Makefile.in | 27 +- src/libstrongswan/plugins/fips_prf/Makefile.in | 27 +- src/libstrongswan/plugins/fips_prf/fips_prf.c | 26 +- src/libstrongswan/plugins/gcm/Makefile.in | 27 +- src/libstrongswan/plugins/gcm/gcm_aead.c | 4 +- src/libstrongswan/plugins/gcrypt/Makefile.in | 27 +- src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c | 2 +- src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c | 2 +- src/libstrongswan/plugins/gcrypt/gcrypt_rng.c | 2 +- src/libstrongswan/plugins/gmp/Makefile.in | 27 +- .../plugins/gmp/gmp_rsa_private_key.c | 2 +- src/libstrongswan/plugins/hmac/Makefile.in | 27 +- src/libstrongswan/plugins/hmac/hmac.c | 8 +- src/libstrongswan/plugins/keychain/Makefile.in | 27 +- src/libstrongswan/plugins/ldap/Makefile.in | 27 +- src/libstrongswan/plugins/md4/Makefile.in | 27 +- src/libstrongswan/plugins/md4/md4_hasher.c | 48 +- src/libstrongswan/plugins/md5/Makefile.in | 27 +- src/libstrongswan/plugins/md5/md5_hasher.c | 52 +- src/libstrongswan/plugins/mysql/Makefile.in | 27 +- src/libstrongswan/plugins/nonce/Makefile.in | 27 +- src/libstrongswan/plugins/nonce/nonce_nonceg.c | 2 +- src/libstrongswan/plugins/ntru/Makefile.in | 27 +- src/libstrongswan/plugins/ntru/ntru_drbg.c | 14 +- src/libstrongswan/plugins/ntru/ntru_drbg.h | 8 +- src/libstrongswan/plugins/ntru/ntru_ke.c | 4 +- src/libstrongswan/plugins/openssl/Makefile.in | 27 +- src/libstrongswan/plugins/openssl/openssl_crl.c | 49 +- .../plugins/openssl/openssl_crypter.c | 55 +- .../plugins/openssl/openssl_diffie_hellman.c | 56 +- .../plugins/openssl/openssl_ec_private_key.c | 10 +- .../plugins/openssl/openssl_ec_public_key.c | 19 +- src/libstrongswan/plugins/openssl/openssl_gcm.c | 26 +- src/libstrongswan/plugins/openssl/openssl_hasher.c | 4 +- src/libstrongswan/plugins/openssl/openssl_hmac.c | 36 +- src/libstrongswan/plugins/openssl/openssl_pkcs12.c | 6 +- src/libstrongswan/plugins/openssl/openssl_pkcs7.c | 12 +- src/libstrongswan/plugins/openssl/openssl_plugin.c | 41 +- src/libstrongswan/plugins/openssl/openssl_rng.c | 9 +- .../plugins/openssl/openssl_rsa_private_key.c | 41 +- .../plugins/openssl/openssl_rsa_public_key.c | 27 +- .../plugins/openssl/openssl_sha1_prf.c | 4 +- src/libstrongswan/plugins/openssl/openssl_util.c | 15 +- src/libstrongswan/plugins/openssl/openssl_util.h | 43 +- src/libstrongswan/plugins/openssl/openssl_x509.c | 60 +- src/libstrongswan/plugins/padlock/Makefile.in | 27 +- src/libstrongswan/plugins/padlock/padlock_rng.c | 2 +- .../plugins/padlock/padlock_sha1_hasher.c | 10 +- src/libstrongswan/plugins/pem/Makefile.in | 27 +- src/libstrongswan/plugins/pem/pem_builder.c | 2 +- src/libstrongswan/plugins/pgp/Makefile.in | 27 +- src/libstrongswan/plugins/pgp/pgp_builder.c | 6 +- src/libstrongswan/plugins/pgp/pgp_cert.c | 8 +- src/libstrongswan/plugins/pgp/pgp_utils.c | 10 +- src/libstrongswan/plugins/pgp/pgp_utils.h | 2 +- src/libstrongswan/plugins/pkcs1/Makefile.in | 27 +- src/libstrongswan/plugins/pkcs11/Makefile.in | 27 +- src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c | 2 +- .../plugins/pkcs11/pkcs11_private_key.c | 12 +- src/libstrongswan/plugins/pkcs11/pkcs11_rng.c | 2 +- src/libstrongswan/plugins/pkcs12/Makefile.in | 27 +- src/libstrongswan/plugins/pkcs12/pkcs12_decode.c | 4 +- src/libstrongswan/plugins/pkcs7/Makefile.in | 27 +- src/libstrongswan/plugins/pkcs8/Makefile.in | 27 +- src/libstrongswan/plugins/plugin_feature.c | 2 +- src/libstrongswan/plugins/plugin_feature.h | 2 +- src/libstrongswan/plugins/plugin_loader.c | 34 +- src/libstrongswan/plugins/pubkey/Makefile.in | 27 +- src/libstrongswan/plugins/random/Makefile.in | 27 +- src/libstrongswan/plugins/random/random_rng.c | 2 +- src/libstrongswan/plugins/rc2/Makefile.in | 27 +- src/libstrongswan/plugins/rc2/rc2_crypter.c | 20 +- src/libstrongswan/plugins/rdrand/Makefile.in | 27 +- src/libstrongswan/plugins/rdrand/rdrand_rng.c | 76 +- src/libstrongswan/plugins/revocation/Makefile.in | 27 +- src/libstrongswan/plugins/sha1/Makefile.in | 27 +- src/libstrongswan/plugins/sha1/sha1_hasher.c | 34 +- src/libstrongswan/plugins/sha1/sha1_prf.c | 16 +- src/libstrongswan/plugins/sha2/Makefile.in | 27 +- src/libstrongswan/plugins/sha2/sha2_hasher.c | 58 +- src/libstrongswan/plugins/sha3/Makefile.in | 27 +- src/libstrongswan/plugins/soup/Makefile.in | 27 +- src/libstrongswan/plugins/sqlite/Makefile.in | 27 +- src/libstrongswan/plugins/sshkey/Makefile.in | 27 +- src/libstrongswan/plugins/test_vectors/Makefile.in | 27 +- src/libstrongswan/plugins/unbound/Makefile.in | 27 +- src/libstrongswan/plugins/winhttp/Makefile.in | 27 +- .../plugins/winhttp/winhttp_fetcher.c | 2 +- src/libstrongswan/plugins/x509/Makefile.in | 27 +- src/libstrongswan/plugins/x509/x509_ac.c | 3 +- src/libstrongswan/plugins/xcbc/Makefile.in | 27 +- src/libstrongswan/plugins/xcbc/xcbc.c | 16 +- src/libstrongswan/processing/jobs/job.h | 2 +- src/libstrongswan/processing/scheduler.c | 4 +- src/libstrongswan/processing/scheduler.h | 4 +- src/libstrongswan/selectors/traffic_selector.c | 80 +- src/libstrongswan/selectors/traffic_selector.h | 36 +- src/libstrongswan/settings/settings.c | 14 +- src/libstrongswan/settings/settings.h | 10 +- src/libstrongswan/settings/settings_lexer.c | 233 +- src/libstrongswan/settings/settings_parser.c | 44 +- src/libstrongswan/settings/settings_parser.h | 8 +- src/libstrongswan/tests/Makefile.am | 2 +- src/libstrongswan/tests/Makefile.in | 31 +- src/libstrongswan/tests/suites/test_array.c | 2 +- src/libstrongswan/tests/suites/test_asn1.c | 6 +- src/libstrongswan/tests/suites/test_bio_reader.c | 20 +- src/libstrongswan/tests/suites/test_chunk.c | 38 +- src/libstrongswan/tests/suites/test_host.c | 6 +- src/libstrongswan/tests/suites/test_iv_gen.c | 32 +- src/libstrongswan/tests/suites/test_ntru.c | 8 +- src/libstrongswan/tests/suites/test_printf.c | 12 +- .../tests/suites/test_traffic_selector.c | 40 +- src/libstrongswan/tests/suites/test_utils.c | 96 +- src/libstrongswan/tests/test_runner.c | 30 +- src/libstrongswan/tests/test_runner.h | 4 + src/libstrongswan/tests/utils/test_rng.c | 2 +- src/libstrongswan/threading/thread.c | 26 +- src/libstrongswan/utils/chunk.c | 62 +- src/libstrongswan/utils/chunk.h | 18 +- src/libstrongswan/utils/compat/android.h | 17 + src/libstrongswan/utils/cpu_feature.c | 2 +- src/libstrongswan/utils/identification.c | 9 +- src/libstrongswan/utils/identification.h | 2 + src/libstrongswan/utils/integrity_checker.c | 10 +- src/libstrongswan/utils/integrity_checker.h | 8 +- src/libstrongswan/utils/leak_detective.c | 34 +- src/libstrongswan/utils/utils.c | 2 +- src/libstrongswan/utils/utils/align.c | 6 +- src/libstrongswan/utils/utils/align.h | 2 +- src/libstrongswan/utils/utils/byteorder.h | 47 +- src/libstrongswan/utils/utils/memory.c | 2 +- src/libstrongswan/utils/utils/memory.h | 2 +- src/libstrongswan/utils/utils/string.h | 8 +- src/libstrongswan/utils/utils/time.c | 2 +- src/libstrongswan/utils/utils/types.h | 15 +- src/libtls/Makefile.in | 28 +- src/libtls/tests/Makefile.in | 27 +- src/libtls/tests/suites/test_socket.c | 4 +- src/libtls/tls.c | 6 +- src/libtls/tls_aead.c | 16 +- src/libtls/tls_aead.h | 4 +- src/libtls/tls_aead_expl.c | 16 +- src/libtls/tls_aead_impl.c | 16 +- src/libtls/tls_aead_null.c | 12 +- src/libtls/tls_crypto.c | 6 +- src/libtls/tls_fragmentation.c | 6 +- src/libtls/tls_peer.c | 10 +- src/libtls/tls_protection.c | 4 +- src/libtls/tls_server.c | 8 +- src/libtnccs/Makefile.in | 27 +- src/libtnccs/plugins/tnc_imc/Makefile.in | 27 +- src/libtnccs/plugins/tnc_imv/Makefile.in | 27 +- src/libtnccs/plugins/tnc_tnccs/Makefile.in | 27 +- src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c | 14 +- src/libtnccs/plugins/tnccs_11/Makefile.in | 27 +- src/libtnccs/plugins/tnccs_11/tnccs_11.c | 10 +- src/libtnccs/plugins/tnccs_20/Makefile.in | 27 +- src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c | 16 +- .../messages/ietf/pb_access_recommendation_msg.c | 10 +- .../messages/ietf/pb_access_recommendation_msg.h | 4 +- .../messages/ietf/pb_assessment_result_msg.c | 8 +- .../messages/ietf/pb_assessment_result_msg.h | 4 +- .../plugins/tnccs_20/messages/ietf/pb_error_msg.c | 30 +- .../plugins/tnccs_20/messages/ietf/pb_error_msg.h | 16 +- .../tnccs_20/messages/ietf/pb_experimental_msg.c | 2 +- .../messages/ietf/pb_language_preference_msg.c | 2 +- .../plugins/tnccs_20/messages/ietf/pb_pa_msg.c | 16 +- .../plugins/tnccs_20/messages/ietf/pb_pa_msg.h | 8 +- .../tnccs_20/messages/ietf/pb_reason_string_msg.c | 2 +- .../messages/ietf/pb_remediation_parameters_msg.c | 4 +- .../messages/ita/pb_mutual_capability_msg.c | 2 +- .../tnccs_20/messages/ita/pb_noskip_test_msg.c | 2 +- .../plugins/tnccs_20/messages/pb_tnc_msg.h | 4 +- .../tnccs_20/messages/tcg/pb_pdp_referral_msg.c | 12 +- .../tnccs_20/messages/tcg/pb_pdp_referral_msg.h | 6 +- src/libtnccs/plugins/tnccs_20/tnccs_20.c | 8 +- src/libtnccs/plugins/tnccs_20/tnccs_20_client.c | 14 +- src/libtnccs/plugins/tnccs_20/tnccs_20_client.h | 2 +- src/libtnccs/plugins/tnccs_20/tnccs_20_server.c | 6 +- src/libtnccs/plugins/tnccs_dynamic/Makefile.in | 27 +- src/libtnccs/plugins/tnccs_dynamic/tnccs_dynamic.c | 8 +- src/libtnccs/tnc/tnccs/tnccs.h | 6 +- src/libtnccs/tnc/tnccs/tnccs_manager.h | 2 +- src/libtncif/Makefile.in | 27 +- src/libtncif/tncif_identity.c | 4 +- src/libtpmtss/Makefile.am | 25 + src/libtpmtss/Makefile.in | 788 +++ src/libtpmtss/tpm_tss.c | 54 + src/libtpmtss/tpm_tss.h | 140 + src/libtpmtss/tpm_tss_quote_info.c | 330 ++ src/libtpmtss/tpm_tss_quote_info.h | 151 + src/libtpmtss/tpm_tss_trousers.c | 655 +++ src/libtpmtss/tpm_tss_trousers.h | 52 + src/libtpmtss/tpm_tss_tss2.c | 696 +++ src/libtpmtss/tpm_tss_tss2.h | 31 + src/libtpmtss/tpm_tss_tss2_names.c | 123 + src/libtpmtss/tpm_tss_tss2_names.h | 30 + src/manager/Makefile.in | 27 +- src/manager/controller/control_controller.c | 4 +- src/manager/gateway.c | 2 +- src/manager/gateway.h | 2 +- src/medsrv/Makefile.in | 27 +- src/pki/Makefile.am | 2 +- src/pki/Makefile.in | 32 +- src/pki/man/Makefile.in | 40 +- src/pool/Makefile.in | 28 +- src/pool/sqlite.sql | 2 +- src/pt-tls-client/Makefile.in | 27 +- src/pt-tls-client/pt-tls-client.c | 2 +- src/scepclient/Makefile.in | 28 +- src/starter/Makefile.am | 5 +- src/starter/Makefile.in | 38 +- src/starter/confread.c | 2 +- src/starter/confread.h | 20 +- src/starter/parser/lexer.c | 233 +- src/starter/parser/parser.c | 40 +- src/starter/parser/parser.h | 8 +- src/starter/tests/Makefile.in | 27 +- src/stroke/Makefile.in | 27 +- src/stroke/stroke_msg.h | 32 +- src/swanctl/Makefile.am | 2 +- src/swanctl/Makefile.in | 35 +- src/swanctl/commands/list_conns.c | 112 +- src/swanctl/commands/list_sas.c | 7 +- src/swanctl/commands/load_authorities.c | 2 +- src/swanctl/commands/load_conns.c | 2 +- src/swanctl/commands/load_pools.c | 2 +- src/swanctl/swanctl.conf | 6 + src/swanctl/swanctl.conf.5.main | 14 +- src/swanctl/swanctl.opt | 12 +- testing/Makefile.in | 26 +- testing/config/kernel/config-4.0 | 17 +- testing/config/kernel/config-4.1 | 17 +- testing/config/kernel/config-4.2 | 18 +- testing/config/kernel/config-4.3 | 2329 ++++++++ testing/config/kernel/config-4.4 | 2354 +++++++++ testing/config/kernel/config-4.5 | 2391 +++++++++ testing/config/kernel/config-4.6 | 2432 +++++++++ testing/do-tests | 28 +- testing/hosts/default/etc/fstab | 1 + testing/hosts/default/etc/ssh/sshd_config | 1 + .../hosts/default/usr/local/bin/expect-connection | 2 +- .../apache2/conf-enabled/testresults-as-text.conf | 1 + .../etc/apache2/sites-available/000-default.conf | 12 + .../etc/apache2/sites-enabled/001-ocsp_vhost | 54 - .../etc/apache2/sites-enabled/001-ocsp_vhost.conf | 69 + testing/hosts/winnetou/etc/openssl/generate-crl | 4 + testing/scripts/build-baseimage | 60 +- testing/scripts/build-guestimages | 14 +- testing/scripts/chroot | 67 + testing/scripts/function.sh | 8 + testing/scripts/recipes/002_tnc-fhh.mk | 9 +- testing/scripts/recipes/003_freeradius.mk | 2 +- testing/scripts/recipes/004_hostapd.mk | 39 + testing/scripts/recipes/004_wpa_supplicant.mk | 2 +- testing/scripts/recipes/011_openssl-fips.mk | 23 - testing/scripts/recipes/012_openssl.mk | 13 - testing/scripts/recipes/patches/freeradius-tnc-fhh | 4 +- testing/scripts/recipes/patches/hostapd-config | 38 + testing/scripts/recipes/patches/tnc-fhh-tncsim | 12 + testing/testing.conf | 20 +- testing/tests/af-alg/alg-camellia/evaltest.dat | 2 +- testing/tests/af-alg/rw-cert/evaltest.dat | 4 +- .../tests/gcrypt-ikev1/alg-serpent/evaltest.dat | 12 +- .../alg-serpent/hosts/carol/etc/ipsec.conf | 21 - .../alg-serpent/hosts/carol/etc/strongswan.conf | 9 +- .../hosts/carol/etc/swanctl/swanctl.conf | 26 + .../alg-serpent/hosts/moon/etc/ipsec.conf | 21 - .../alg-serpent/hosts/moon/etc/strongswan.conf | 9 +- .../hosts/moon/etc/swanctl/swanctl.conf | 24 + .../tests/gcrypt-ikev1/alg-serpent/posttest.dat | 4 +- testing/tests/gcrypt-ikev1/alg-serpent/pretest.dat | 9 +- testing/tests/gcrypt-ikev1/alg-serpent/test.conf | 3 + .../tests/gcrypt-ikev1/alg-twofish/evaltest.dat | 12 +- .../alg-twofish/hosts/carol/etc/ipsec.conf | 21 - .../alg-twofish/hosts/carol/etc/strongswan.conf | 9 +- .../hosts/carol/etc/swanctl/swanctl.conf | 26 + .../alg-twofish/hosts/moon/etc/ipsec.conf | 21 - .../alg-twofish/hosts/moon/etc/strongswan.conf | 9 +- .../hosts/moon/etc/swanctl/swanctl.conf | 24 + .../tests/gcrypt-ikev1/alg-twofish/posttest.dat | 4 +- testing/tests/gcrypt-ikev1/alg-twofish/pretest.dat | 9 +- testing/tests/gcrypt-ikev1/alg-twofish/test.conf | 3 + .../tests/gcrypt-ikev2/alg-camellia/evaltest.dat | 2 +- .../tests/gcrypt-ikev2/alg-camellia/pretest.dat | 1 + testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat | 4 +- testing/tests/ha/active-passive/evaltest.dat | 8 +- testing/tests/ha/both-active/evaltest.dat | 4 +- testing/tests/ike/rw-cert/evaltest.dat | 4 +- testing/tests/ike/rw-cert/pretest.dat | 3 +- testing/tests/ike/rw_v1-net_v2/evaltest.dat | 4 +- testing/tests/ike/rw_v1-net_v2/pretest.dat | 1 + testing/tests/ikev1/alg-3des-md5/evaltest.dat | 2 +- testing/tests/ikev1/alg-3des-md5/pretest.dat | 3 +- testing/tests/ikev1/alg-blowfish/evaltest.dat | 4 +- testing/tests/ikev1/alg-blowfish/pretest.dat | 3 +- testing/tests/ikev1/alg-modp-subgroup/evaltest.dat | 4 +- testing/tests/ikev1/alg-modp-subgroup/pretest.dat | 3 +- testing/tests/ikev1/alg-sha256/evaltest.dat | 2 +- testing/tests/ikev1/alg-sha256/pretest.dat | 1 + testing/tests/ikev1/alg-sha384/evaltest.dat | 2 +- testing/tests/ikev1/alg-sha384/pretest.dat | 1 + testing/tests/ikev1/alg-sha512/evaltest.dat | 2 +- testing/tests/ikev1/alg-sha512/pretest.dat | 1 + testing/tests/ikev1/compress/pretest.dat | 3 +- .../tests/ikev1/config-payload-push/evaltest.dat | 8 +- .../tests/ikev1/config-payload-push/pretest.dat | 5 +- testing/tests/ikev1/config-payload/evaltest.dat | 8 +- testing/tests/ikev1/config-payload/pretest.dat | 5 +- testing/tests/ikev1/double-nat-net/evaltest.dat | 6 +- testing/tests/ikev1/double-nat-net/pretest.dat | 3 +- testing/tests/ikev1/double-nat/evaltest.dat | 6 +- testing/tests/ikev1/double-nat/pretest.dat | 3 +- testing/tests/ikev1/dpd-clear/pretest.dat | 1 + testing/tests/ikev1/dpd-restart/pretest.dat | 1 + testing/tests/ikev1/dynamic-initiator/evaltest.dat | 2 +- testing/tests/ikev1/dynamic-initiator/pretest.dat | 3 +- testing/tests/ikev1/dynamic-responder/evaltest.dat | 2 +- testing/tests/ikev1/dynamic-responder/pretest.dat | 1 + testing/tests/ikev1/dynamic-two-peers/evaltest.dat | 4 +- testing/tests/ikev1/dynamic-two-peers/pretest.dat | 3 +- testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat | 2 +- testing/tests/ikev1/esp-alg-aes-ccm/pretest.dat | 1 + testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat | 2 +- testing/tests/ikev1/esp-alg-aes-ctr/pretest.dat | 1 + testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat | 2 +- testing/tests/ikev1/esp-alg-aes-gcm/pretest.dat | 1 + testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat | 2 +- testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat | 1 + testing/tests/ikev1/esp-alg-aes-xcbc/evaltest.dat | 2 +- testing/tests/ikev1/esp-alg-aes-xcbc/pretest.dat | 3 +- testing/tests/ikev1/esp-alg-null/evaltest.dat | 2 +- testing/tests/ikev1/esp-alg-null/pretest.dat | 1 + testing/tests/ikev1/host2host-ah/evaltest.dat | 2 +- testing/tests/ikev1/host2host-ah/pretest.dat | 3 +- testing/tests/ikev1/host2host-cert/evaltest.dat | 2 +- testing/tests/ikev1/host2host-cert/pretest.dat | 3 +- .../tests/ikev1/host2host-transport/evaltest.dat | 2 +- .../tests/ikev1/host2host-transport/pretest.dat | 3 +- testing/tests/ikev1/ip-pool-db/evaltest.dat | 4 +- testing/tests/ikev1/ip-pool-db/pretest.dat | 1 + testing/tests/ikev1/ip-pool/evaltest.dat | 4 +- testing/tests/ikev1/ip-pool/pretest.dat | 3 +- .../tests/ikev1/multi-level-ca-cr-init/pretest.dat | 3 +- .../tests/ikev1/multi-level-ca-cr-resp/pretest.dat | 3 +- testing/tests/ikev1/multi-level-ca/pretest.dat | 5 +- testing/tests/ikev1/nat-rw/evaltest.dat | 14 +- testing/tests/ikev1/nat-rw/pretest.dat | 3 +- testing/tests/ikev1/nat-virtual-ip/evaltest.dat | 2 +- testing/tests/ikev1/nat-virtual-ip/pretest.dat | 3 +- testing/tests/ikev1/net2net-ah/evaltest.dat | 2 +- testing/tests/ikev1/net2net-ah/pretest.dat | 1 + testing/tests/ikev1/net2net-cert/evaltest.dat | 2 +- testing/tests/ikev1/net2net-cert/pretest.dat | 1 + testing/tests/ikev1/net2net-esn/description.txt | 7 + testing/tests/ikev1/net2net-esn/evaltest.dat | 17 + .../ikev1/net2net-esn/hosts/moon/etc/ipsec.conf | 24 + .../net2net-esn/hosts/moon/etc/strongswan.conf | 6 + .../ikev1/net2net-esn/hosts/sun/etc/ipsec.conf | 24 + .../net2net-esn/hosts/sun/etc/strongswan.conf | 6 + testing/tests/ikev1/net2net-esn/posttest.dat | 5 + testing/tests/ikev1/net2net-esn/pretest.dat | 7 + testing/tests/ikev1/net2net-esn/test.conf | 21 + .../tests/ikev1/net2net-fragmentation/evaltest.dat | 2 +- .../tests/ikev1/net2net-fragmentation/pretest.dat | 1 + testing/tests/ikev1/net2net-ntru-cert/evaltest.dat | 2 +- testing/tests/ikev1/net2net-ntru-cert/pretest.dat | 3 +- testing/tests/ikev1/net2net-psk-fail/pretest.dat | 1 + testing/tests/ikev1/net2net-psk/evaltest.dat | 2 +- testing/tests/ikev1/net2net-psk/pretest.dat | 1 + testing/tests/ikev1/protoport-dual/evaltest.dat | 4 +- testing/tests/ikev1/protoport-dual/pretest.dat | 2 + .../tests/ikev1/rw-cert-aggressive/evaltest.dat | 4 +- testing/tests/ikev1/rw-cert-aggressive/pretest.dat | 1 + testing/tests/ikev1/rw-cert-unity/evaltest.dat | 2 +- testing/tests/ikev1/rw-cert-unity/pretest.dat | 1 + testing/tests/ikev1/rw-cert/evaltest.dat | 4 +- testing/tests/ikev1/rw-initiator-only/evaltest.dat | 2 +- testing/tests/ikev1/rw-initiator-only/pretest.dat | 1 + testing/tests/ikev1/rw-ntru-psk/evaltest.dat | 4 +- testing/tests/ikev1/rw-ntru-psk/pretest.dat | 2 + testing/tests/ikev1/rw-psk-aggressive/evaltest.dat | 4 +- testing/tests/ikev1/rw-psk-aggressive/pretest.dat | 1 + testing/tests/ikev1/rw-psk-fqdn/evaltest.dat | 4 +- testing/tests/ikev1/rw-psk-fqdn/pretest.dat | 2 + testing/tests/ikev1/rw-psk-ipv4/evaltest.dat | 4 +- testing/tests/ikev1/rw-psk-ipv4/pretest.dat | 2 + testing/tests/ikev1/virtual-ip/evaltest.dat | 12 +- testing/tests/ikev1/virtual-ip/pretest.dat | 3 +- .../tests/ikev1/xauth-id-psk-config/evaltest.dat | 4 +- .../tests/ikev1/xauth-id-psk-config/pretest.dat | 1 + .../ikev1/xauth-id-rsa-aggressive/evaltest.dat | 4 +- .../ikev1/xauth-id-rsa-aggressive/pretest.dat | 1 + .../tests/ikev1/xauth-id-rsa-config/evaltest.dat | 4 +- .../tests/ikev1/xauth-id-rsa-config/pretest.dat | 2 + .../tests/ikev1/xauth-id-rsa-hybrid/evaltest.dat | 4 +- .../tests/ikev1/xauth-id-rsa-hybrid/pretest.dat | 1 + testing/tests/ikev1/xauth-psk/evaltest.dat | 4 +- testing/tests/ikev1/xauth-psk/pretest.dat | 1 + .../ikev1/xauth-rsa-eap-md5-radius/evaltest.dat | 2 +- .../ikev1/xauth-rsa-eap-md5-radius/pretest.dat | 1 + testing/tests/ikev1/xauth-rsa-radius/evaltest.dat | 2 +- testing/tests/ikev1/xauth-rsa-radius/pretest.dat | 1 + testing/tests/ikev1/xauth-rsa/evaltest.dat | 4 +- testing/tests/ikev1/xauth-rsa/pretest.dat | 1 + testing/tests/ikev2/acert-cached/evaltest.dat | 4 +- testing/tests/ikev2/acert-cached/pretest.dat | 1 + testing/tests/ikev2/acert-fallback/evaltest.dat | 4 +- testing/tests/ikev2/acert-fallback/pretest.dat | 2 + testing/tests/ikev2/acert-inline/evaltest.dat | 4 +- testing/tests/ikev2/acert-inline/pretest.dat | 1 + testing/tests/ikev2/after-2038-certs/evaltest.dat | 2 +- testing/tests/ikev2/after-2038-certs/pretest.dat | 1 + testing/tests/ikev2/alg-3des-md5/evaltest.dat | 2 +- testing/tests/ikev2/alg-3des-md5/pretest.dat | 1 + testing/tests/ikev2/alg-aes-ccm/evaltest.dat | 2 +- testing/tests/ikev2/alg-aes-ccm/pretest.dat | 1 + testing/tests/ikev2/alg-aes-ctr/evaltest.dat | 2 +- testing/tests/ikev2/alg-aes-ctr/pretest.dat | 1 + testing/tests/ikev2/alg-aes-gcm/evaltest.dat | 2 +- testing/tests/ikev2/alg-aes-gcm/pretest.dat | 1 + testing/tests/ikev2/alg-aes-xcbc/evaltest.dat | 2 +- testing/tests/ikev2/alg-aes-xcbc/pretest.dat | 1 + testing/tests/ikev2/alg-blowfish/evaltest.dat | 4 +- testing/tests/ikev2/alg-blowfish/pretest.dat | 1 + .../tests/ikev2/alg-chacha20poly1305/evaltest.dat | 2 +- .../tests/ikev2/alg-chacha20poly1305/pretest.dat | 1 + testing/tests/ikev2/alg-modp-subgroup/evaltest.dat | 4 +- testing/tests/ikev2/alg-modp-subgroup/pretest.dat | 1 + testing/tests/ikev2/alg-sha256-96/evaltest.dat | 2 +- testing/tests/ikev2/alg-sha256-96/pretest.dat | 1 + testing/tests/ikev2/alg-sha256/evaltest.dat | 2 +- testing/tests/ikev2/alg-sha256/pretest.dat | 1 + testing/tests/ikev2/alg-sha384/evaltest.dat | 2 +- testing/tests/ikev2/alg-sha384/pretest.dat | 1 + testing/tests/ikev2/alg-sha512/evaltest.dat | 2 +- testing/tests/ikev2/alg-sha512/pretest.dat | 1 + testing/tests/ikev2/any-interface/pretest.dat | 2 + testing/tests/ikev2/compress-nat/evaltest.dat | 12 +- testing/tests/ikev2/compress/pretest.dat | 1 + .../ikev2/config-payload-swapped/evaltest.dat | 4 +- .../tests/ikev2/config-payload-swapped/pretest.dat | 3 +- testing/tests/ikev2/config-payload/evaltest.dat | 8 +- testing/tests/ikev2/config-payload/pretest.dat | 3 +- testing/tests/ikev2/critical-extension/pretest.dat | 1 + testing/tests/ikev2/crl-from-cache/pretest.dat | 1 + testing/tests/ikev2/crl-ldap/pretest.dat | 1 + testing/tests/ikev2/crl-revoked/pretest.dat | 1 + testing/tests/ikev2/crl-to-cache/pretest.dat | 1 + testing/tests/ikev2/default-keys/evaltest.dat | 2 +- testing/tests/ikev2/default-keys/pretest.dat | 1 + testing/tests/ikev2/dhcp-dynamic/evaltest.dat | 8 +- testing/tests/ikev2/dhcp-dynamic/posttest.dat | 2 +- testing/tests/ikev2/dhcp-dynamic/pretest.dat | 5 +- .../tests/ikev2/dhcp-static-client-id/evaltest.dat | 8 +- .../tests/ikev2/dhcp-static-client-id/posttest.dat | 2 +- .../tests/ikev2/dhcp-static-client-id/pretest.dat | 7 +- testing/tests/ikev2/dhcp-static-mac/evaltest.dat | 8 +- testing/tests/ikev2/dhcp-static-mac/posttest.dat | 2 +- testing/tests/ikev2/dhcp-static-mac/pretest.dat | 5 +- testing/tests/ikev2/double-nat-net/evaltest.dat | 6 +- testing/tests/ikev2/double-nat-net/pretest.dat | 1 + testing/tests/ikev2/double-nat/evaltest.dat | 6 +- testing/tests/ikev2/double-nat/pretest.dat | 1 + testing/tests/ikev2/dpd-clear/pretest.dat | 1 + testing/tests/ikev2/dpd-hold/pretest.dat | 1 + testing/tests/ikev2/dpd-restart/pretest.dat | 1 + testing/tests/ikev2/dynamic-initiator/evaltest.dat | 2 +- testing/tests/ikev2/dynamic-initiator/pretest.dat | 3 +- testing/tests/ikev2/dynamic-two-peers/evaltest.dat | 4 +- testing/tests/ikev2/dynamic-two-peers/pretest.dat | 3 +- testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat | 2 +- testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat | 1 + testing/tests/ikev2/esp-alg-md5-128/evaltest.dat | 2 +- testing/tests/ikev2/esp-alg-md5-128/pretest.dat | 1 + testing/tests/ikev2/esp-alg-null/evaltest.dat | 2 +- testing/tests/ikev2/esp-alg-null/pretest.dat | 1 + testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat | 2 +- testing/tests/ikev2/esp-alg-sha1-160/pretest.dat | 1 + testing/tests/ikev2/farp/evaltest.dat | 8 +- testing/tests/ikev2/farp/pretest.dat | 3 +- testing/tests/ikev2/force-udp-encaps/evaltest.dat | 6 +- testing/tests/ikev2/force-udp-encaps/pretest.dat | 1 + testing/tests/ikev2/forecast/pretest.dat | 3 +- testing/tests/ikev2/host2host-ah/evaltest.dat | 2 +- testing/tests/ikev2/host2host-ah/pretest.dat | 3 +- testing/tests/ikev2/host2host-cert/evaltest.dat | 2 +- testing/tests/ikev2/host2host-cert/pretest.dat | 3 +- testing/tests/ikev2/host2host-swapped/evaltest.dat | 2 +- testing/tests/ikev2/host2host-swapped/pretest.dat | 3 +- .../host2host-transport-connmark/evaltest.dat | 1 + .../ikev2/host2host-transport-connmark/pretest.dat | 5 +- .../ikev2/host2host-transport-nat/evaltest.dat | 4 +- .../ikev2/host2host-transport-nat/pretest.dat | 5 +- .../tests/ikev2/host2host-transport/evaltest.dat | 2 +- .../tests/ikev2/host2host-transport/pretest.dat | 3 +- .../tests/ikev2/inactivity-timeout/evaltest.dat | 4 +- testing/tests/ikev2/inactivity-timeout/pretest.dat | 1 + testing/tests/ikev2/ip-pool-db/evaltest.dat | 4 +- testing/tests/ikev2/ip-pool-db/pretest.dat | 1 + testing/tests/ikev2/ip-pool-wish/evaltest.dat | 4 +- testing/tests/ikev2/ip-pool-wish/pretest.dat | 3 +- testing/tests/ikev2/ip-pool/evaltest.dat | 4 +- testing/tests/ikev2/ip-pool/pretest.dat | 3 +- testing/tests/ikev2/ip-split-pools-db/pretest.dat | 3 +- testing/tests/ikev2/ip-two-pools-db/evaltest.dat | 8 +- testing/tests/ikev2/ip-two-pools-db/pretest.dat | 2 + .../tests/ikev2/ip-two-pools-mixed/evaltest.dat | 4 +- testing/tests/ikev2/ip-two-pools-mixed/pretest.dat | 2 + .../tests/ikev2/ip-two-pools-v4v6-db/evaltest.dat | 2 +- .../tests/ikev2/ip-two-pools-v4v6-db/pretest.dat | 1 + testing/tests/ikev2/ip-two-pools-v4v6/evaltest.dat | 2 +- testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat | 1 + testing/tests/ikev2/ip-two-pools/evaltest.dat | 4 +- testing/tests/ikev2/ip-two-pools/pretest.dat | 2 + testing/tests/ikev2/lookip/evaltest.dat | 4 +- testing/tests/ikev2/lookip/pretest.dat | 2 + testing/tests/ikev2/mobike-nat/evaltest.dat | 4 +- testing/tests/ikev2/mobike-nat/pretest.dat | 1 + testing/tests/ikev2/mobike-virtual-ip/evaltest.dat | 4 +- testing/tests/ikev2/mobike-virtual-ip/pretest.dat | 1 + testing/tests/ikev2/mobike/evaltest.dat | 4 +- testing/tests/ikev2/mobike/pretest.dat | 1 + .../ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat | 4 +- .../ikev2/mult-auth-rsa-eap-sim-id/pretest.dat | 1 + .../tests/ikev2/multi-level-ca-cr-init/pretest.dat | 2 + .../tests/ikev2/multi-level-ca-cr-resp/pretest.dat | 4 +- .../tests/ikev2/multi-level-ca-ldap/pretest.dat | 2 + .../tests/ikev2/multi-level-ca-loop/pretest.dat | 1 + .../tests/ikev2/multi-level-ca-pathlen/pretest.dat | 1 + .../tests/ikev2/multi-level-ca-revoked/pretest.dat | 1 + .../tests/ikev2/multi-level-ca-strict/pretest.dat | 4 +- testing/tests/ikev2/multi-level-ca/pretest.dat | 4 +- testing/tests/ikev2/nat-rw-mark/evaltest.dat | 12 +- testing/tests/ikev2/nat-rw-mark/pretest.dat | 2 + testing/tests/ikev2/nat-rw-psk/evaltest.dat | 8 +- testing/tests/ikev2/nat-rw-psk/pretest.dat | 1 + testing/tests/ikev2/nat-rw/evaltest.dat | 14 +- testing/tests/ikev2/nat-rw/pretest.dat | 3 +- testing/tests/ikev2/nat-virtual-ip/evaltest.dat | 2 +- testing/tests/ikev2/nat-virtual-ip/pretest.dat | 1 + testing/tests/ikev2/net2net-ah/evaltest.dat | 2 +- testing/tests/ikev2/net2net-ah/pretest.dat | 3 +- testing/tests/ikev2/net2net-cert-sha2/evaltest.dat | 2 +- testing/tests/ikev2/net2net-cert-sha2/pretest.dat | 3 +- testing/tests/ikev2/net2net-cert/evaltest.dat | 2 +- testing/tests/ikev2/net2net-cert/pretest.dat | 3 +- testing/tests/ikev2/net2net-dnscert/evaltest.dat | 2 +- testing/tests/ikev2/net2net-dnscert/pretest.dat | 3 +- testing/tests/ikev2/net2net-dnssec/evaltest.dat | 2 +- testing/tests/ikev2/net2net-dnssec/pretest.dat | 3 +- testing/tests/ikev2/net2net-esn/pretest.dat | 3 +- .../tests/ikev2/net2net-fragmentation/evaltest.dat | 2 +- .../tests/ikev2/net2net-fragmentation/pretest.dat | 3 +- .../ikev2/net2net-ntru-bandwidth/evaltest.dat | 2 +- .../tests/ikev2/net2net-ntru-bandwidth/pretest.dat | 3 +- testing/tests/ikev2/net2net-ntru-cert/evaltest.dat | 2 +- testing/tests/ikev2/net2net-ntru-cert/pretest.dat | 3 +- testing/tests/ikev2/net2net-pgp-v3/evaltest.dat | 2 +- testing/tests/ikev2/net2net-pgp-v3/pretest.dat | 3 +- testing/tests/ikev2/net2net-pgp-v4/evaltest.dat | 2 +- testing/tests/ikev2/net2net-pgp-v4/pretest.dat | 3 +- testing/tests/ikev2/net2net-pkcs12/evaltest.dat | 2 +- testing/tests/ikev2/net2net-pkcs12/pretest.dat | 3 +- testing/tests/ikev2/net2net-psk-dscp/evaltest.dat | 4 +- testing/tests/ikev2/net2net-psk-dscp/pretest.dat | 5 +- testing/tests/ikev2/net2net-psk-fail/pretest.dat | 3 +- testing/tests/ikev2/net2net-psk/evaltest.dat | 2 +- testing/tests/ikev2/net2net-psk/pretest.dat | 3 +- testing/tests/ikev2/net2net-pubkey/evaltest.dat | 2 +- testing/tests/ikev2/net2net-pubkey/pretest.dat | 3 +- testing/tests/ikev2/net2net-rfc3779/evaltest.dat | 2 +- testing/tests/ikev2/net2net-rfc3779/pretest.dat | 1 + testing/tests/ikev2/net2net-route/evaltest.dat | 2 +- testing/tests/ikev2/net2net-route/pretest.dat | 1 + testing/tests/ikev2/net2net-rsa/evaltest.dat | 2 +- testing/tests/ikev2/net2net-rsa/pretest.dat | 3 +- testing/tests/ikev2/net2net-same-nets/evaltest.dat | 4 +- testing/tests/ikev2/net2net-same-nets/pretest.dat | 1 + testing/tests/ikev2/net2net-start/evaltest.dat | 2 +- testing/tests/ikev2/ocsp-local-cert/pretest.dat | 1 + testing/tests/ikev2/ocsp-multi-level/pretest.dat | 3 +- .../tests/ikev2/ocsp-no-signer-cert/pretest.dat | 1 + testing/tests/ikev2/ocsp-revoked/pretest.dat | 1 + testing/tests/ikev2/ocsp-root-cert/pretest.dat | 1 + testing/tests/ikev2/ocsp-signer-cert/pretest.dat | 1 + testing/tests/ikev2/ocsp-strict-ifuri/pretest.dat | 3 +- testing/tests/ikev2/ocsp-timeouts-good/pretest.dat | 1 + .../tests/ikev2/ocsp-timeouts-unknown/pretest.dat | 1 + .../tests/ikev2/ocsp-untrusted-cert/pretest.dat | 1 + testing/tests/ikev2/protoport-dual/evaltest.dat | 4 +- testing/tests/ikev2/protoport-dual/pretest.dat | 2 + testing/tests/ikev2/protoport-route/evaltest.dat | 4 +- testing/tests/ikev2/protoport-route/pretest.dat | 2 + testing/tests/ikev2/reauth-early/evaltest.dat | 2 +- testing/tests/ikev2/reauth-early/pretest.dat | 1 + testing/tests/ikev2/reauth-late/evaltest.dat | 2 +- testing/tests/ikev2/reauth-late/pretest.dat | 1 + testing/tests/ikev2/reauth-mbb-revoked/pretest.dat | 1 + .../tests/ikev2/reauth-mbb-virtual-ip/pretest.dat | 1 + testing/tests/ikev2/reauth-mbb/pretest.dat | 1 + testing/tests/ikev2/redirect-active/evaltest.dat | 8 +- testing/tests/ikev2/redirect-active/pretest.dat | 5 +- testing/tests/ikev2/rw-cert/evaltest.dat | 4 +- testing/tests/ikev2/rw-dnssec/evaltest.dat | 4 +- testing/tests/ikev2/rw-dnssec/posttest.dat | 12 +- testing/tests/ikev2/rw-dnssec/pretest.dat | 1 + testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat | 2 +- testing/tests/ikev2/rw-eap-aka-id-rsa/pretest.dat | 1 + testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat | 2 +- testing/tests/ikev2/rw-eap-aka-rsa/pretest.dat | 1 + testing/tests/ikev2/rw-eap-dynamic/evaltest.dat | 4 +- testing/tests/ikev2/rw-eap-dynamic/pretest.dat | 1 + .../ikev2/rw-eap-framed-ip-radius/evaltest.dat | 4 +- .../ikev2/rw-eap-framed-ip-radius/pretest.dat | 1 + .../ikev2/rw-eap-md5-class-radius/evaltest.dat | 4 +- .../ikev2/rw-eap-md5-class-radius/pretest.dat | 2 + .../tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat | 2 +- .../tests/ikev2/rw-eap-md5-id-prompt/pretest.dat | 1 + .../tests/ikev2/rw-eap-md5-id-radius/evaltest.dat | 2 +- .../tests/ikev2/rw-eap-md5-id-radius/pretest.dat | 1 + testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat | 2 +- testing/tests/ikev2/rw-eap-md5-radius/pretest.dat | 1 + testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat | 2 +- testing/tests/ikev2/rw-eap-md5-rsa/pretest.dat | 1 + .../ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat | 2 +- .../tests/ikev2/rw-eap-mschapv2-id-rsa/pretest.dat | 1 + testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat | 2 +- testing/tests/ikev2/rw-eap-peap-md5/pretest.dat | 1 + .../tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat | 2 +- .../tests/ikev2/rw-eap-peap-mschapv2/pretest.dat | 1 + .../tests/ikev2/rw-eap-peap-radius/evaltest.dat | 2 +- testing/tests/ikev2/rw-eap-peap-radius/pretest.dat | 1 + .../tests/ikev2/rw-eap-sim-id-radius/evaltest.dat | 2 +- .../tests/ikev2/rw-eap-sim-id-radius/pretest.dat | 1 + .../ikev2/rw-eap-sim-only-radius/evaltest.dat | 4 +- .../tests/ikev2/rw-eap-sim-only-radius/pretest.dat | 1 + testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat | 4 +- testing/tests/ikev2/rw-eap-sim-radius/pretest.dat | 1 + testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat | 2 +- testing/tests/ikev2/rw-eap-sim-rsa/pretest.dat | 1 + .../tests/ikev2/rw-eap-tls-fragments/evaltest.dat | 2 +- .../tests/ikev2/rw-eap-tls-fragments/pretest.dat | 1 + testing/tests/ikev2/rw-eap-tls-only/evaltest.dat | 2 +- testing/tests/ikev2/rw-eap-tls-only/pretest.dat | 1 + testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat | 2 +- .../hosts/carol/etc/strongswan.conf | 3 + testing/tests/ikev2/rw-eap-tls-radius/pretest.dat | 1 + testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat | 2 +- testing/tests/ikev2/rw-eap-ttls-only/pretest.dat | 1 + .../rw-eap-ttls-phase2-piggyback/evaltest.dat | 2 +- .../ikev2/rw-eap-ttls-phase2-piggyback/pretest.dat | 1 + .../tests/ikev2/rw-eap-ttls-radius/evaltest.dat | 2 +- testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat | 1 + testing/tests/ikev2/rw-hash-and-url/evaltest.dat | 4 +- testing/tests/ikev2/rw-hash-and-url/pretest.dat | 1 + testing/tests/ikev2/rw-initiator-only/evaltest.dat | 2 +- testing/tests/ikev2/rw-initiator-only/pretest.dat | 3 +- testing/tests/ikev2/rw-mark-in-out/evaltest.dat | 4 +- testing/tests/ikev2/rw-mark-in-out/pretest.dat | 3 +- testing/tests/ikev2/rw-ntru-bliss/evaltest.dat | 4 +- testing/tests/ikev2/rw-ntru-bliss/pretest.dat | 3 +- testing/tests/ikev2/rw-ntru-psk/evaltest.dat | 4 +- testing/tests/ikev2/rw-ntru-psk/pretest.dat | 1 + testing/tests/ikev2/rw-pkcs8/evaltest.dat | 4 +- testing/tests/ikev2/rw-pkcs8/pretest.dat | 1 + testing/tests/ikev2/rw-psk-fqdn/evaltest.dat | 4 +- testing/tests/ikev2/rw-psk-fqdn/pretest.dat | 1 + testing/tests/ikev2/rw-psk-ipv4/evaltest.dat | 4 +- testing/tests/ikev2/rw-psk-ipv4/pretest.dat | 1 + testing/tests/ikev2/rw-psk-no-idr/evaltest.dat | 4 +- testing/tests/ikev2/rw-psk-no-idr/pretest.dat | 1 + testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat | 4 +- testing/tests/ikev2/rw-psk-rsa-mixed/pretest.dat | 2 + testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat | 4 +- testing/tests/ikev2/rw-psk-rsa-split/pretest.dat | 1 + .../tests/ikev2/rw-radius-accounting/pretest.dat | 1 + testing/tests/ikev2/rw-sig-auth/evaltest.dat | 4 +- testing/tests/ikev2/rw-sig-auth/pretest.dat | 2 + testing/tests/ikev2/rw-whitelist/evaltest.dat | 4 +- .../tests/ikev2/shunt-policies-nat-rw/evaltest.dat | 12 +- testing/tests/ikev2/strong-keys-certs/evaltest.dat | 4 +- testing/tests/ikev2/strong-keys-certs/pretest.dat | 1 + testing/tests/ikev2/trap-any/evaltest.dat | 12 +- testing/tests/ikev2/two-certs/evaltest.dat | 4 +- testing/tests/ikev2/two-certs/pretest.dat | 2 + .../tests/ikev2/virtual-ip-override/pretest.dat | 3 +- testing/tests/ikev2/virtual-ip/evaltest.dat | 12 +- testing/tests/ikev2/virtual-ip/pretest.dat | 3 +- testing/tests/ikev2/wildcards/pretest.dat | 2 + .../ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat | 2 +- .../ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat | 2 +- testing/tests/libipsec/host2host-cert/evaltest.dat | 6 +- .../libipsec/host2host-cert/hosts/moon/etc/updown | 31 + .../libipsec/host2host-cert/hosts/sun/etc/updown | 31 + testing/tests/libipsec/host2host-cert/pretest.dat | 3 +- testing/tests/libipsec/net2net-3des/evaltest.dat | 6 +- .../libipsec/net2net-3des/hosts/moon/etc/updown | 31 + .../libipsec/net2net-3des/hosts/sun/etc/updown | 31 + testing/tests/libipsec/net2net-3des/pretest.dat | 3 +- testing/tests/libipsec/net2net-cert/evaltest.dat | 6 +- .../libipsec/net2net-cert/hosts/moon/etc/updown | 31 + .../libipsec/net2net-cert/hosts/sun/etc/updown | 31 + testing/tests/libipsec/net2net-cert/pretest.dat | 3 +- testing/tests/libipsec/net2net-null/evaltest.dat | 6 +- .../libipsec/net2net-null/hosts/moon/etc/updown | 31 + .../libipsec/net2net-null/hosts/sun/etc/updown | 31 + testing/tests/libipsec/net2net-null/pretest.dat | 3 +- testing/tests/libipsec/rw-suite-b/evaltest.dat | 12 +- .../libipsec/rw-suite-b/hosts/carol/etc/updown | 31 + .../libipsec/rw-suite-b/hosts/dave/etc/updown | 31 + .../libipsec/rw-suite-b/hosts/moon/etc/updown | 31 + .../tests/openssl-ikev1/alg-camellia/evaltest.dat | 2 +- .../tests/openssl-ikev1/alg-camellia/pretest.dat | 1 + .../tests/openssl-ikev1/alg-ecp-high/evaltest.dat | 4 +- .../tests/openssl-ikev1/alg-ecp-high/pretest.dat | 1 + .../tests/openssl-ikev1/alg-ecp-low/evaltest.dat | 4 +- .../tests/openssl-ikev1/alg-ecp-low/pretest.dat | 1 + .../tests/openssl-ikev1/ecdsa-certs/evaltest.dat | 4 +- .../tests/openssl-ikev1/ecdsa-certs/pretest.dat | 1 + .../tests/openssl-ikev2/alg-aes-gcm/evaltest.dat | 4 +- .../tests/openssl-ikev2/alg-aes-gcm/pretest.dat | 1 + .../tests/openssl-ikev2/alg-blowfish/evaltest.dat | 4 +- .../tests/openssl-ikev2/alg-blowfish/pretest.dat | 1 + .../tests/openssl-ikev2/alg-camellia/evaltest.dat | 2 +- .../tests/openssl-ikev2/alg-camellia/pretest.dat | 1 + .../alg-ecp-brainpool-high/evaltest.dat | 4 +- .../alg-ecp-brainpool-high/pretest.dat | 1 + .../alg-ecp-brainpool-low/evaltest.dat | 4 +- .../alg-ecp-brainpool-low/pretest.dat | 1 + .../tests/openssl-ikev2/alg-ecp-high/evaltest.dat | 4 +- .../tests/openssl-ikev2/alg-ecp-high/pretest.dat | 1 + .../tests/openssl-ikev2/alg-ecp-low/evaltest.dat | 4 +- .../tests/openssl-ikev2/alg-ecp-low/pretest.dat | 1 + .../openssl-ikev2/critical-extension/pretest.dat | 1 + .../tests/openssl-ikev2/ecdsa-certs/evaltest.dat | 4 +- .../tests/openssl-ikev2/ecdsa-certs/pretest.dat | 1 + .../tests/openssl-ikev2/ecdsa-pkcs8/evaltest.dat | 4 +- .../tests/openssl-ikev2/ecdsa-pkcs8/pretest.dat | 1 + .../openssl-ikev2/net2net-pgp-v3/evaltest.dat | 2 +- .../tests/openssl-ikev2/net2net-pgp-v3/pretest.dat | 1 + .../openssl-ikev2/net2net-pkcs12/evaltest.dat | 2 +- .../tests/openssl-ikev2/net2net-pkcs12/pretest.dat | 1 + testing/tests/openssl-ikev2/rw-cert/evaltest.dat | 4 +- .../openssl-ikev2/rw-eap-tls-only/evaltest.dat | 2 +- .../openssl-ikev2/rw-eap-tls-only/pretest.dat | 1 + .../openssl-ikev2/rw-suite-b-128/evaltest.dat | 2 +- .../openssl-ikev2/rw-suite-b-192/evaltest.dat | 2 +- testing/tests/p2pnat/behind-same-nat/evaltest.dat | 4 +- testing/tests/p2pnat/medsrv-psk/evaltest.dat | 4 +- testing/tests/pfkey/alg-aes-xcbc/evaltest.dat | 2 +- testing/tests/pfkey/alg-aes-xcbc/pretest.dat | 1 + testing/tests/pfkey/alg-sha384/evaltest.dat | 2 +- testing/tests/pfkey/alg-sha384/pretest.dat | 1 + testing/tests/pfkey/alg-sha512/evaltest.dat | 2 +- testing/tests/pfkey/alg-sha512/pretest.dat | 1 + testing/tests/pfkey/compress/pretest.dat | 1 + testing/tests/pfkey/esp-alg-null/evaltest.dat | 2 +- testing/tests/pfkey/esp-alg-null/pretest.dat | 1 + .../tests/pfkey/host2host-transport/evaltest.dat | 2 +- .../tests/pfkey/host2host-transport/pretest.dat | 1 + testing/tests/pfkey/nat-rw/evaltest.dat | 8 +- testing/tests/pfkey/nat-rw/pretest.dat | 3 +- testing/tests/pfkey/net2net-route/evaltest.dat | 2 +- testing/tests/pfkey/net2net-route/pretest.dat | 1 + testing/tests/pfkey/protoport-dual/evaltest.dat | 4 +- testing/tests/pfkey/protoport-dual/pretest.dat | 2 + testing/tests/pfkey/protoport-route/evaltest.dat | 4 +- testing/tests/pfkey/protoport-route/pretest.dat | 2 + testing/tests/pfkey/rw-cert/evaltest.dat | 4 +- .../tests/pfkey/shunt-policies-nat-rw/evaltest.dat | 12 +- testing/tests/sql/ip-pool-db-expired/evaltest.dat | 4 +- testing/tests/sql/ip-pool-db-restart/evaltest.dat | 4 +- testing/tests/sql/ip-pool-db/evaltest.dat | 4 +- testing/tests/sql/ip-split-pools-db/evaltest.dat | 4 +- testing/tests/sql/multi-level-ca/evaltest.dat | 4 +- testing/tests/sql/net2net-cert/evaltest.dat | 2 +- testing/tests/sql/net2net-psk/evaltest.dat | 2 +- testing/tests/sql/net2net-route-pem/evaltest.dat | 4 +- testing/tests/sql/net2net-start-pem/evaltest.dat | 4 +- testing/tests/sql/rw-cert/evaltest.dat | 4 +- testing/tests/sql/rw-eap-aka-rsa/evaltest.dat | 2 +- testing/tests/sql/rw-psk-ipv4/evaltest.dat | 4 +- testing/tests/sql/rw-psk-rsa-split/evaltest.dat | 4 +- testing/tests/sql/rw-rsa-keyid/evaltest.dat | 4 +- testing/tests/sql/rw-rsa/evaltest.dat | 4 +- .../tests/sql/shunt-policies-nat-rw/evaltest.dat | 12 +- testing/tests/swanctl/config-payload/evaltest.dat | 4 +- testing/tests/swanctl/dhcp-dynamic/evaltest.dat | 8 +- testing/tests/swanctl/dhcp-dynamic/posttest.dat | 2 +- testing/tests/swanctl/dhcp-dynamic/pretest.dat | 2 +- testing/tests/swanctl/frags-ipv4/evaltest.dat | 4 +- testing/tests/swanctl/ip-pool-db/evaltest.dat | 4 +- testing/tests/swanctl/ip-pool/evaltest.dat | 4 +- testing/tests/swanctl/manual-prio/description.txt | 4 + testing/tests/swanctl/manual-prio/evaltest.dat | 24 + .../manual-prio/hosts/carol/etc/strongswan.conf | 14 + .../hosts/carol/etc/swanctl/swanctl.conf | 49 + .../manual-prio/hosts/dave/etc/strongswan.conf | 14 + .../hosts/dave/etc/swanctl/swanctl.conf | 49 + .../manual-prio/hosts/moon/etc/strongswan.conf | 14 + .../hosts/moon/etc/swanctl/swanctl.conf | 66 + testing/tests/swanctl/manual-prio/posttest.dat | 8 + testing/tests/swanctl/manual-prio/pretest.dat | 11 + testing/tests/swanctl/manual-prio/test.conf | 25 + .../swanctl/mult-auth-rsa-eap-sim-id/evaltest.dat | 4 +- testing/tests/swanctl/net2net-cert/evaltest.dat | 2 +- .../hosts/moon/etc/swanctl/swanctl.conf | 4 + .../hosts/sun/etc/swanctl/swanctl.conf | 4 + testing/tests/swanctl/net2net-gw/description.txt | 7 + testing/tests/swanctl/net2net-gw/evaltest.dat | 5 + .../net2net-gw/hosts/carol/etc/strongswan.conf | 14 + .../hosts/carol/etc/swanctl/swanctl.conf | 49 + .../net2net-gw/hosts/moon/etc/strongswan.conf | 14 + .../net2net-gw/hosts/moon/etc/swanctl/swanctl.conf | 28 + .../net2net-gw/hosts/sun/etc/strongswan.conf | 14 + .../net2net-gw/hosts/sun/etc/swanctl/swanctl.conf | 28 + testing/tests/swanctl/net2net-gw/posttest.dat | 8 + testing/tests/swanctl/net2net-gw/pretest.dat | 12 + testing/tests/swanctl/net2net-gw/test.conf | 25 + testing/tests/swanctl/net2net-pubkey/evaltest.dat | 2 +- testing/tests/swanctl/net2net-pubkey/pretest.dat | 1 + testing/tests/swanctl/net2net-route/evaltest.dat | 2 +- testing/tests/swanctl/net2net-start/evaltest.dat | 2 +- testing/tests/swanctl/protoport-dual/evaltest.dat | 4 +- testing/tests/swanctl/protoport-dual/pretest.dat | 2 + testing/tests/swanctl/protoport-range/evaltest.dat | 4 +- testing/tests/swanctl/protoport-range/pretest.dat | 3 + testing/tests/swanctl/rw-cert/evaltest.dat | 4 +- testing/tests/swanctl/rw-dnssec/evaltest.dat | 4 +- testing/tests/swanctl/rw-hash-and-url/evaltest.dat | 4 +- .../swanctl/rw-multi-ciphers-ikev1/description.txt | 15 + .../swanctl/rw-multi-ciphers-ikev1/evaltest.dat | 12 + .../hosts/carol/etc/strongswan.conf | 23 + .../hosts/carol/etc/swanctl/swanctl.conf | 26 + .../hosts/dave/etc/strongswan.conf | 23 + .../hosts/dave/etc/swanctl/swanctl.conf | 26 + .../hosts/moon/etc/strongswan.conf | 23 + .../hosts/moon/etc/swanctl/swanctl.conf | 45 + .../swanctl/rw-multi-ciphers-ikev1/posttest.dat | 8 + .../swanctl/rw-multi-ciphers-ikev1/pretest.dat | 12 + .../tests/swanctl/rw-multi-ciphers-ikev1/test.conf | 25 + testing/tests/swanctl/rw-ntru-bliss/evaltest.dat | 4 +- testing/tests/swanctl/rw-psk-fqdn/evaltest.dat | 4 +- testing/tests/swanctl/rw-psk-ikev1/evaltest.dat | 8 +- testing/tests/swanctl/rw-psk-ipv4/evaltest.dat | 4 +- testing/tests/swanctl/rw-pubkey-anon/evaltest.dat | 4 +- testing/tests/swanctl/rw-pubkey-keyid/evaltest.dat | 4 +- .../swanctl/shunt-policies-nat-rw/evaltest.dat | 12 +- testing/tests/swanctl/xauth-rsa/evaltest.dat | 10 +- .../xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf | 3 +- .../xauth-rsa/hosts/dave/etc/swanctl/swanctl.conf | 3 +- .../xauth-rsa/hosts/moon/etc/swanctl/swanctl.conf | 4 +- testing/tests/tkm/host2host-initiator/evaltest.dat | 2 +- testing/tests/tkm/host2host-responder/evaltest.dat | 2 +- testing/tests/tkm/host2host-xfrmproxy/evaltest.dat | 2 +- testing/tests/tkm/multiple-clients/evaltest.dat | 4 +- testing/tests/tkm/net2net-initiator/evaltest.dat | 2 +- testing/tests/tkm/net2net-xfrmproxy/evaltest.dat | 2 +- testing/tests/tkm/xfrmproxy-expire/evaltest.dat | 2 +- testing/tests/tnc/tnccs-11-fhh/evaltest.dat | 8 +- .../tests/tnc/tnccs-11-radius-block/evaltest.dat | 4 +- .../tests/tnc/tnccs-11-radius-block/pretest.dat | 1 + testing/tests/tnc/tnccs-11-radius-pts/evaltest.dat | 8 +- .../hosts/alice/etc/strongswan.conf | 2 +- testing/tests/tnc/tnccs-11-radius-pts/pretest.dat | 2 + testing/tests/tnc/tnccs-11-radius/evaltest.dat | 8 +- .../hosts/carol/etc/strongswan.conf | 3 + testing/tests/tnc/tnccs-11-radius/pretest.dat | 2 + testing/tests/tnc/tnccs-11/evaltest.dat | 8 +- testing/tests/tnc/tnccs-11/pretest.dat | 2 + testing/tests/tnc/tnccs-20-block/evaltest.dat | 4 +- testing/tests/tnc/tnccs-20-block/pretest.dat | 1 + .../tests/tnc/tnccs-20-client-retry/evaltest.dat | 8 +- .../tests/tnc/tnccs-20-client-retry/pretest.dat | 2 + testing/tests/tnc/tnccs-20-fail-init/pretest.dat | 2 + testing/tests/tnc/tnccs-20-fail-resp/pretest.dat | 2 + testing/tests/tnc/tnccs-20-fhh/evaltest.dat | 8 +- .../hosts/alice/etc/strongswan.conf | 2 +- testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat | 2 + .../tnc/tnccs-20-mutual-eap-fail/evaltest.dat | 2 +- .../tests/tnc/tnccs-20-mutual-eap-fail/pretest.dat | 5 +- testing/tests/tnc/tnccs-20-mutual-eap/evaltest.dat | 2 +- testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat | 5 +- testing/tests/tnc/tnccs-20-os-pts/evaltest.dat | 8 +- .../tnccs-20-os-pts/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/tnc/tnccs-20-os-pts/pretest.dat | 2 + testing/tests/tnc/tnccs-20-os/evaltest.dat | 8 +- .../tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/tnc/tnccs-20-os/pretest.dat | 2 + testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat | 8 +- .../etc/apache2/sites-available/000-default.conf | 31 + .../alice/etc/apache2/sites-available/default | 27 +- .../hosts/alice/etc/strongswan.conf | 2 +- testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat | 2 + .../etc/apache2/sites-available/000-default.conf | 31 + .../alice/etc/apache2/sites-available/default | 27 +- .../hosts/alice/etc/iptables.rules | 4 +- .../hosts/alice/etc/strongswan.conf | 5 +- testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat | 4 +- testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat | 8 +- .../hosts/moon/etc/strongswan.conf | 3 +- testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat | 2 + testing/tests/tnc/tnccs-20-pts/evaltest.dat | 8 +- .../tnccs-20-pts/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/tnc/tnccs-20-pts/pretest.dat | 2 + .../tests/tnc/tnccs-20-server-retry/evaltest.dat | 8 +- .../tests/tnc/tnccs-20-server-retry/pretest.dat | 2 + testing/tests/tnc/tnccs-20-tls/evaltest.dat | 8 +- testing/tests/tnc/tnccs-20-tls/pretest.dat | 2 + testing/tests/tnc/tnccs-20/evaltest.dat | 8 +- testing/tests/tnc/tnccs-20/pretest.dat | 2 + testing/tests/tnc/tnccs-dynamic/evaltest.dat | 8 +- testing/tests/tnc/tnccs-dynamic/pretest.dat | 2 + ylwrap | 28 +- 1618 files changed, 43727 insertions(+), 14805 deletions(-) create mode 100644 src/aikpub2/Makefile.am create mode 100644 src/aikpub2/Makefile.in create mode 100644 src/aikpub2/aikpub2.c create mode 100644 src/libcharon/plugins/vici/python/README.rst create mode 100644 src/libcharon/tests/exchange_tests.c create mode 100644 src/libcharon/tests/exchange_tests.h create mode 100644 src/libcharon/tests/suites/test_child_create.c create mode 100644 src/libcharon/tests/suites/test_child_delete.c create mode 100644 src/libcharon/tests/suites/test_child_rekey.c create mode 100644 src/libcharon/tests/suites/test_ike_delete.c create mode 100644 src/libcharon/tests/suites/test_ike_rekey.c create mode 100644 src/libcharon/tests/suites/test_proposal.c create mode 100644 src/libcharon/tests/utils/exchange_test_asserts.c create mode 100644 src/libcharon/tests/utils/exchange_test_asserts.h create mode 100644 src/libcharon/tests/utils/exchange_test_helper.c create mode 100644 src/libcharon/tests/utils/exchange_test_helper.h create mode 100644 src/libcharon/tests/utils/job_asserts.h create mode 100644 src/libcharon/tests/utils/mock_dh.c create mode 100644 src/libcharon/tests/utils/mock_dh.h create mode 100644 src/libcharon/tests/utils/mock_ipsec.c create mode 100644 src/libcharon/tests/utils/mock_ipsec.h create mode 100644 src/libcharon/tests/utils/mock_nonce_gen.c create mode 100644 src/libcharon/tests/utils/mock_nonce_gen.h create mode 100644 src/libcharon/tests/utils/mock_sender.c create mode 100644 src/libcharon/tests/utils/mock_sender.h create mode 100644 src/libcharon/tests/utils/sa_asserts.h delete mode 100644 src/libimcv/pts/pts_simple_evid_final.h create mode 100644 src/libtpmtss/Makefile.am create mode 100644 src/libtpmtss/Makefile.in create mode 100644 src/libtpmtss/tpm_tss.c create mode 100644 src/libtpmtss/tpm_tss.h create mode 100644 src/libtpmtss/tpm_tss_quote_info.c create mode 100644 src/libtpmtss/tpm_tss_quote_info.h create mode 100644 src/libtpmtss/tpm_tss_trousers.c create mode 100644 src/libtpmtss/tpm_tss_trousers.h create mode 100644 src/libtpmtss/tpm_tss_tss2.c create mode 100644 src/libtpmtss/tpm_tss_tss2.h create mode 100644 src/libtpmtss/tpm_tss_tss2_names.c create mode 100644 src/libtpmtss/tpm_tss_tss2_names.h create mode 100644 testing/config/kernel/config-4.3 create mode 100644 testing/config/kernel/config-4.4 create mode 100644 testing/config/kernel/config-4.5 create mode 100644 testing/config/kernel/config-4.6 create mode 100644 testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf create mode 100644 testing/hosts/winnetou/etc/apache2/sites-available/000-default.conf delete mode 100644 testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost create mode 100644 testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf create mode 100755 testing/scripts/chroot create mode 100644 testing/scripts/recipes/004_hostapd.mk delete mode 100644 testing/scripts/recipes/011_openssl-fips.mk delete mode 100644 testing/scripts/recipes/012_openssl.mk create mode 100644 testing/scripts/recipes/patches/hostapd-config create mode 100644 testing/scripts/recipes/patches/tnc-fhh-tncsim delete mode 100644 testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/swanctl/swanctl.conf delete mode 100644 testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/swanctl/swanctl.conf delete mode 100644 testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/swanctl/swanctl.conf delete mode 100644 testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/swanctl/swanctl.conf create mode 100644 testing/tests/ikev1/net2net-esn/description.txt create mode 100644 testing/tests/ikev1/net2net-esn/evaltest.dat create mode 100644 testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/ikev1/net2net-esn/posttest.dat create mode 100644 testing/tests/ikev1/net2net-esn/pretest.dat create mode 100644 testing/tests/ikev1/net2net-esn/test.conf create mode 100755 testing/tests/swanctl/manual-prio/description.txt create mode 100755 testing/tests/swanctl/manual-prio/evaltest.dat create mode 100755 testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf create mode 100755 testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf create mode 100755 testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf create mode 100755 testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf create mode 100755 testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf create mode 100755 testing/tests/swanctl/manual-prio/posttest.dat create mode 100755 testing/tests/swanctl/manual-prio/pretest.dat create mode 100755 testing/tests/swanctl/manual-prio/test.conf create mode 100755 testing/tests/swanctl/net2net-gw/description.txt create mode 100755 testing/tests/swanctl/net2net-gw/evaltest.dat create mode 100755 testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf create mode 100755 testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf create mode 100755 testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf create mode 100755 testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf create mode 100755 testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf create mode 100755 testing/tests/swanctl/net2net-gw/posttest.dat create mode 100755 testing/tests/swanctl/net2net-gw/pretest.dat create mode 100755 testing/tests/swanctl/net2net-gw/test.conf create mode 100755 testing/tests/swanctl/rw-multi-ciphers-ikev1/description.txt create mode 100755 testing/tests/swanctl/rw-multi-ciphers-ikev1/evaltest.dat create mode 100755 testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf create mode 100755 testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf create mode 100755 testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/swanctl/swanctl.conf create mode 100755 testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf create mode 100755 testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf create mode 100755 testing/tests/swanctl/rw-multi-ciphers-ikev1/posttest.dat create mode 100755 testing/tests/swanctl/rw-multi-ciphers-ikev1/pretest.dat create mode 100755 testing/tests/swanctl/rw-multi-ciphers-ikev1/test.conf create mode 100644 testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/apache2/sites-available/000-default.conf create mode 100644 testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf diff --git a/Android.common.mk b/Android.common.mk index 1aa5b533b..1c12487b8 100644 --- a/Android.common.mk +++ b/Android.common.mk @@ -26,5 +26,5 @@ add_plugin_subdirs = $(if $(call plugin_enabled,$(1)), \ ) # strongSwan version, replaced by top Makefile -strongswan_VERSION := "5.4.0" +strongswan_VERSION := "5.5.0" diff --git a/Android.mk b/Android.mk index f17289ea0..0ca462ee3 100644 --- a/Android.mk +++ b/Android.mk @@ -61,15 +61,11 @@ strongswan_CFLAGS := \ -DHAVE_ALLOCA \ -DHAVE_CLOCK_GETTIME \ -DHAVE_DLADDR \ - -DHAVE_PTHREAD_COND_TIMEDWAIT_MONOTONIC \ -DHAVE_PRCTL \ -DHAVE_LINUX_UDP_H \ -DHAVE_STRUCT_SADB_X_POLICY_SADB_X_POLICY_PRIORITY \ -DHAVE_IPSEC_MODE_BEET \ -DHAVE_IPSEC_DIR_FWD \ - -DOPENSSL_NO_EC \ - -DOPENSSL_NO_ECDSA \ - -DOPENSSL_NO_ECDH \ -DOPENSSL_NO_ENGINE \ -DCONFIG_H_INCLUDED \ -DCAPABILITIES \ @@ -100,7 +96,8 @@ strongswan_BUILD := \ libstrongswan \ libtncif \ libtnccs \ - libimcv + libimcv \ + libtpmtss ifneq ($(strongswan_BUILD_STARTER),) strongswan_BUILD += \ diff --git a/Makefile.in b/Makefile.in index 55ddc0edc..2df942a8b 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,12 +90,6 @@ build_triplet = @build@ host_triplet = @host@ @USE_SCRIPTS_TRUE@am__append_1 = scripts subdir = . -DIST_COMMON = INSTALL NEWS README AUTHORS ChangeLog \ - $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/configure $(am__configure_deps) \ - $(srcdir)/config.h.in $(top_srcdir)/src/dumm/ext/extconf.rb.in \ - COPYING TODO compile config.guess config.sub depcomp \ - install-sh missing ylwrap ltmain.sh ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -99,6 +103,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \ + $(am__configure_deps) $(am__DIST_COMMON) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d @@ -191,6 +197,10 @@ ETAGS = etags CTAGS = ctags CSCOPE = cscope DIST_SUBDIRS = src man conf init testing scripts +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \ + $(top_srcdir)/src/dumm/ext/extconf.rb.in AUTHORS COPYING \ + ChangeLog INSTALL NEWS README TODO compile config.guess \ + config.sub depcomp install-sh ltmain.sh missing ylwrap DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) @@ -237,6 +247,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -286,6 +297,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -320,6 +332,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -431,6 +444,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -490,7 +504,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -744,15 +757,15 @@ dist-xz: distdir $(am__post_remove_distdir) dist-tarZ: distdir - @echo WARNING: "Support for shar distribution archives is" \ - "deprecated." >&2 + @echo WARNING: "Support for distribution archives compressed with" \ + "legacy program 'compress' is deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z $(am__post_remove_distdir) dist-shar: distdir - @echo WARNING: "Support for distribution archives compressed with" \ - "legacy program 'compress' is deprecated." >&2 + @echo WARNING: "Support for shar distribution archives is" \ + "deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz $(am__post_remove_distdir) @@ -788,17 +801,17 @@ distcheck: dist esac chmod -R a-w $(distdir) chmod u+w $(distdir) - mkdir $(distdir)/_build $(distdir)/_inst + mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ && am__cwd=`pwd` \ - && $(am__cd) $(distdir)/_build \ - && ../configure \ + && $(am__cd) $(distdir)/_build/sub \ + && ../../configure \ $(AM_DISTCHECK_CONFIGURE_FLAGS) \ $(DISTCHECK_CONFIGURE_FLAGS) \ - --srcdir=.. --prefix="$$dc_install_base" \ + --srcdir=../.. --prefix="$$dc_install_base" \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ @@ -986,6 +999,8 @@ uninstall-am: uninstall-nodist_config_includeHEADERS tags tags-am uninstall uninstall-am \ uninstall-nodist_config_includeHEADERS +.PRECIOUS: Makefile + Android.common.mk : Android.common.mk.in configure.ac $(AM_V_GEN) \ diff --git a/NEWS b/NEWS index 8de6cac4e..db30df1d2 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,41 @@ +strongswan-5.5.0 +---------------- + +- The new libtpmtss library offers support for both TPM 1.2 and TPM 2.0 + Trusted Platform Modules. This allows the Attestation IMC/IMV pair to + do TPM 2.0 based attestation. + +- The behavior during IKEv2 exchange collisions has been improved/fixed in + several corner cases and support for TEMPORARY_FAILURE and CHILD_SA_NOT_FOUND + notifies, as defined by RFC 7296, has been added. + +- IPsec policy priorities can be set manually (e.g. for high-priority drop + policies) and outbound policies may be restricted to a network interface. + +- The scheme for the automatically calculated default priorities has been + changed and now also considers port masks, which were added with 5.4.0. + +- FWD policies are now installed in both directions in regards to the traffic + selectors. Because such "outbound" FWD policies could conflict with "inbound" + FWD policies of other SAs they are installed with a lower priority and don't + have a reqid set, which allows kernel plugins to distinguish between the two + and prefer those with a reqid. + +- For outbound IPsec SAs no replay window is configured anymore. + +- Enhanced the functionality of the swanctl --list-conns command by listing + IKE_SA and CHILD_SA reauthentication and rekeying settings, and EAP/XAuth + identities and EAP types. + +- DNS servers installed by the resolve plugin are now refcounted, which should + fix its use with make-before-break reauthentication. Any output written to + stderr/stdout by resolvconf is now logged. + +- The methods in the kernel interfaces have been changed to take structs instead + of long lists of arguments. Similarly the constructors for peer_cfg_t and + child_cfg_t now take structs. + + strongswan-5.4.0 ---------------- diff --git a/aclocal.m4 b/aclocal.m4 index 4521f3789..0e461b8e9 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.14.1 -*- Autoconf -*- +# generated automatically by aclocal 1.15 -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -21,7 +21,7 @@ If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) # lib-prefix.m4 serial 7 (gettext-0.18) -dnl Copyright (C) 2001-2005, 2008-2013 Free Software Foundation, Inc. +dnl Copyright (C) 2001-2005, 2008-2015 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. @@ -245,32 +245,63 @@ sixtyfour bits test -n "$acl_libdirstem2" || acl_libdirstem2="$acl_libdirstem" ]) -# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- -# serial 1 (pkg-config-0.24) -# -# Copyright © 2004 Scott James Remnant . -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - -# PKG_PROG_PKG_CONFIG([MIN-VERSION]) -# ---------------------------------- +dnl pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- +dnl serial 11 (pkg-config-0.29.1) +dnl +dnl Copyright © 2004 Scott James Remnant . +dnl Copyright © 2012-2015 Dan Nicholson +dnl +dnl This program is free software; you can redistribute it and/or modify +dnl it under the terms of the GNU General Public License as published by +dnl the Free Software Foundation; either version 2 of the License, or +dnl (at your option) any later version. +dnl +dnl This program is distributed in the hope that it will be useful, but +dnl WITHOUT ANY WARRANTY; without even the implied warranty of +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +dnl General Public License for more details. +dnl +dnl You should have received a copy of the GNU General Public License +dnl along with this program; if not, write to the Free Software +dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +dnl 02111-1307, USA. +dnl +dnl As a special exception to the GNU General Public License, if you +dnl distribute this file as part of a program that contains a +dnl configuration script generated by Autoconf, you may include it under +dnl the same distribution terms that you use for the rest of that +dnl program. + +dnl PKG_PREREQ(MIN-VERSION) +dnl ----------------------- +dnl Since: 0.29 +dnl +dnl Verify that the version of the pkg-config macros are at least +dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's +dnl installed version of pkg-config, this checks the developer's version +dnl of pkg.m4 when generating configure. +dnl +dnl To ensure that this macro is defined, also add: +dnl m4_ifndef([PKG_PREREQ], +dnl [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])]) +dnl +dnl See the "Since" comment for each macro you use to see what version +dnl of the macros you require. +m4_defun([PKG_PREREQ], +[m4_define([PKG_MACROS_VERSION], [0.29.1]) +m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1, + [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])]) +])dnl PKG_PREREQ + +dnl PKG_PROG_PKG_CONFIG([MIN-VERSION]) +dnl ---------------------------------- +dnl Since: 0.16 +dnl +dnl Search for the pkg-config tool and set the PKG_CONFIG variable to +dnl first found in the path. Checks that the version of pkg-config found +dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is +dnl used since that's the first version where most current features of +dnl pkg-config existed. AC_DEFUN([PKG_PROG_PKG_CONFIG], [m4_pattern_forbid([^_?PKG_[A-Z_]+$]) m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$]) @@ -292,18 +323,19 @@ if test -n "$PKG_CONFIG"; then PKG_CONFIG="" fi fi[]dnl -])# PKG_PROG_PKG_CONFIG +])dnl PKG_PROG_PKG_CONFIG -# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) -# -# Check to see whether a particular set of modules exists. Similar -# to PKG_CHECK_MODULES(), but does not set variables or print errors. -# -# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) -# only at the first occurence in configure.ac, so if the first place -# it's called might be skipped (such as if it is within an "if", you -# have to call PKG_CHECK_EXISTS manually -# -------------------------------------------------------------- +dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +dnl ------------------------------------------------------------------- +dnl Since: 0.18 +dnl +dnl Check to see whether a particular set of modules exists. Similar to +dnl PKG_CHECK_MODULES(), but does not set variables or print errors. +dnl +dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) +dnl only at the first occurence in configure.ac, so if the first place +dnl it's called might be skipped (such as if it is within an "if", you +dnl have to call PKG_CHECK_EXISTS manually AC_DEFUN([PKG_CHECK_EXISTS], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl if test -n "$PKG_CONFIG" && \ @@ -313,8 +345,10 @@ m4_ifvaln([$3], [else $3])dnl fi]) -# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) -# --------------------------------------------- +dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) +dnl --------------------------------------------- +dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting +dnl pkg_failed based on the result. m4_define([_PKG_CONFIG], [if test -n "$$1"; then pkg_cv_[]$1="$$1" @@ -326,10 +360,11 @@ m4_define([_PKG_CONFIG], else pkg_failed=untried fi[]dnl -])# _PKG_CONFIG +])dnl _PKG_CONFIG -# _PKG_SHORT_ERRORS_SUPPORTED -# ----------------------------- +dnl _PKG_SHORT_ERRORS_SUPPORTED +dnl --------------------------- +dnl Internal check to see if pkg-config supports short errors. AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], [AC_REQUIRE([PKG_PROG_PKG_CONFIG]) if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then @@ -337,19 +372,17 @@ if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then else _pkg_short_errors_supported=no fi[]dnl -])# _PKG_SHORT_ERRORS_SUPPORTED +])dnl _PKG_SHORT_ERRORS_SUPPORTED -# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], -# [ACTION-IF-NOT-FOUND]) -# -# -# Note that if there is a possibility the first call to -# PKG_CHECK_MODULES might not happen, you should be sure to include an -# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac -# -# -# -------------------------------------------------------------- +dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], +dnl [ACTION-IF-NOT-FOUND]) +dnl -------------------------------------------------------------- +dnl Since: 0.4.0 +dnl +dnl Note that if there is a possibility the first call to +dnl PKG_CHECK_MODULES might not happen, you should be sure to include an +dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac AC_DEFUN([PKG_CHECK_MODULES], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl @@ -403,9 +436,92 @@ else AC_MSG_RESULT([yes]) $3 fi[]dnl -])# PKG_CHECK_MODULES +])dnl PKG_CHECK_MODULES + + +dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], +dnl [ACTION-IF-NOT-FOUND]) +dnl --------------------------------------------------------------------- +dnl Since: 0.29 +dnl +dnl Checks for existence of MODULES and gathers its build flags with +dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags +dnl and VARIABLE-PREFIX_LIBS from --libs. +dnl +dnl Note that if there is a possibility the first call to +dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to +dnl include an explicit call to PKG_PROG_PKG_CONFIG in your +dnl configure.ac. +AC_DEFUN([PKG_CHECK_MODULES_STATIC], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +_save_PKG_CONFIG=$PKG_CONFIG +PKG_CONFIG="$PKG_CONFIG --static" +PKG_CHECK_MODULES($@) +PKG_CONFIG=$_save_PKG_CONFIG[]dnl +])dnl PKG_CHECK_MODULES_STATIC + -# Copyright (C) 2002-2013 Free Software Foundation, Inc. +dnl PKG_INSTALLDIR([DIRECTORY]) +dnl ------------------------- +dnl Since: 0.27 +dnl +dnl Substitutes the variable pkgconfigdir as the location where a module +dnl should install pkg-config .pc files. By default the directory is +dnl $libdir/pkgconfig, but the default can be changed by passing +dnl DIRECTORY. The user can override through the --with-pkgconfigdir +dnl parameter. +AC_DEFUN([PKG_INSTALLDIR], +[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])]) +m4_pushdef([pkg_description], + [pkg-config installation directory @<:@]pkg_default[@:>@]) +AC_ARG_WITH([pkgconfigdir], + [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],, + [with_pkgconfigdir=]pkg_default) +AC_SUBST([pkgconfigdir], [$with_pkgconfigdir]) +m4_popdef([pkg_default]) +m4_popdef([pkg_description]) +])dnl PKG_INSTALLDIR + + +dnl PKG_NOARCH_INSTALLDIR([DIRECTORY]) +dnl -------------------------------- +dnl Since: 0.27 +dnl +dnl Substitutes the variable noarch_pkgconfigdir as the location where a +dnl module should install arch-independent pkg-config .pc files. By +dnl default the directory is $datadir/pkgconfig, but the default can be +dnl changed by passing DIRECTORY. The user can override through the +dnl --with-noarch-pkgconfigdir parameter. +AC_DEFUN([PKG_NOARCH_INSTALLDIR], +[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])]) +m4_pushdef([pkg_description], + [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@]) +AC_ARG_WITH([noarch-pkgconfigdir], + [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],, + [with_noarch_pkgconfigdir=]pkg_default) +AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir]) +m4_popdef([pkg_default]) +m4_popdef([pkg_description]) +])dnl PKG_NOARCH_INSTALLDIR + + +dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE, +dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +dnl ------------------------------------------- +dnl Since: 0.28 +dnl +dnl Retrieves the value of the pkg-config variable for the given module. +AC_DEFUN([PKG_CHECK_VAR], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl + +_PKG_CONFIG([$1], [variable="][$3]["], [$2]) +AS_VAR_COPY([$1], [pkg_cv_][$1]) + +AS_VAR_IF([$1], [""], [$5], [$4])dnl +])dnl PKG_CHECK_VAR + +# Copyright (C) 2002-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -417,10 +533,10 @@ fi[]dnl # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], -[am__api_version='1.14' +[am__api_version='1.15' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.14.1], [], +m4_if([$1], [1.15], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -436,14 +552,14 @@ m4_define([_AM_AUTOCONF_VERSION], []) # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.14.1])dnl +[AM_AUTOMAKE_VERSION([1.15])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -488,15 +604,14 @@ _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # configured tree to be moved without reconfiguration. AC_DEFUN([AM_AUX_DIR_EXPAND], -[dnl Rely on autoconf to set up CDPATH properly. -AC_PREREQ([2.50])dnl -# expand $ac_aux_dir to an absolute path -am_aux_dir=`cd $ac_aux_dir && pwd` +[AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl +# Expand $ac_aux_dir to an absolute path. +am_aux_dir=`cd "$ac_aux_dir" && pwd` ]) # AM_COND_IF -*- Autoconf -*- -# Copyright (C) 2008-2013 Free Software Foundation, Inc. +# Copyright (C) 2008-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -533,7 +648,7 @@ fi[]dnl # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997-2013 Free Software Foundation, Inc. +# Copyright (C) 1997-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -564,7 +679,7 @@ AC_CONFIG_COMMANDS_PRE( Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -755,7 +870,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -831,7 +946,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -921,8 +1036,8 @@ AC_REQUIRE([AC_PROG_MKDIR_P])dnl # # AC_SUBST([mkdir_p], ['$(MKDIR_P)']) -# We need awk for the "check" target. The system "awk" is bad on -# some platforms. +# We need awk for the "check" target (and possibly the TAP driver). The +# system "awk" is bad on some platforms. AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AM_SET_LEADING_DOT])dnl @@ -995,7 +1110,11 @@ to "yes", and re-run configure. END AC_MSG_ERROR([Your 'rm' program is bad, sorry.]) fi -fi]) +fi +dnl The trailing newline in this macro's definition is deliberate, for +dnl backward compatibility and to allow trailing 'dnl'-style comments +dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841. +]) dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further @@ -1024,7 +1143,7 @@ for _am_header in $config_headers :; do done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1035,7 +1154,7 @@ echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_co # Define $install_sh. AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl -if test x"${install_sh}" != xset; then +if test x"${install_sh+set}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; @@ -1045,7 +1164,7 @@ if test x"${install_sh}" != xset; then fi AC_SUBST([install_sh])]) -# Copyright (C) 2003-2013 Free Software Foundation, Inc. +# Copyright (C) 2003-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1066,7 +1185,7 @@ AC_SUBST([am__leading_dot])]) # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1116,7 +1235,7 @@ rm -f confinc confmf # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997-2013 Free Software Foundation, Inc. +# Copyright (C) 1997-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1155,7 +1274,7 @@ fi # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1184,7 +1303,7 @@ AC_DEFUN([_AM_SET_OPTIONS], AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1231,7 +1350,7 @@ AC_LANG_POP([C])]) # For backward compatibility. AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1466,7 +1585,7 @@ for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]] sys.exit(sys.hexversion < minverhex)" AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])]) -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1485,7 +1604,7 @@ AC_DEFUN([AM_RUN_LOG], # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1566,7 +1685,7 @@ AC_CONFIG_COMMANDS_PRE( rm -f conftest.file ]) -# Copyright (C) 2009-2013 Free Software Foundation, Inc. +# Copyright (C) 2009-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1626,7 +1745,7 @@ AC_SUBST([AM_BACKSLASH])dnl _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1654,7 +1773,7 @@ fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006-2013 Free Software Foundation, Inc. +# Copyright (C) 2006-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1673,7 +1792,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004-2013 Free Software Foundation, Inc. +# Copyright (C) 2004-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff --git a/compile b/compile index 531136b06..a85b723c7 100755 --- a/compile +++ b/compile @@ -3,7 +3,7 @@ scriptversion=2012-10-14.11; # UTC -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify diff --git a/conf/Makefile.in b/conf/Makefile.in index 8bfc298a9..6804d91e0 100644 --- a/conf/Makefile.in +++ b/conf/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,9 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = conf -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/strongswan.conf.5.head.in \ - $(srcdir)/strongswan.conf.5.tail.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = strongswan.conf.5.head strongswan.conf.5.tail @@ -154,12 +162,16 @@ MANS = $(man_MANS) DATA = $(optionstemplate_DATA) $(pluginstemplate_DATA) \ $(templates_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(srcdir)/strongswan.conf.5.head.in \ + $(srcdir)/strongswan.conf.5.tail.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -209,6 +221,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -243,6 +256,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -354,6 +368,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -516,7 +531,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu conf/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu conf/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -819,6 +833,8 @@ uninstall-man: uninstall-man5 uninstall-optionstemplateDATA uninstall-pluginstemplateDATA \ uninstall-templatesDATA +.PRECIOUS: Makefile + .opt.conf: $(AM_V_GEN) \ diff --git a/conf/options/charon.conf b/conf/options/charon.conf index 5ca61a8e8..78411250e 100644 --- a/conf/options/charon.conf +++ b/conf/options/charon.conf @@ -157,6 +157,11 @@ charon { # will be allocated. # port_nat_t = 4500 + # Prefer locally configured proposals for IKE/IPsec over supplied ones as + # responder (disabling this can avoid keying retries due to + # INVALID_KE_PAYLOAD notifies). + # prefer_configured_proposals = yes + # By default public IPv6 addresses are preferred over temporary ones (RFC # 4941), to make connections more stable. Enable this option to reverse # this. diff --git a/conf/options/charon.opt b/conf/options/charon.opt index 86279ec83..3970012d2 100644 --- a/conf/options/charon.opt +++ b/conf/options/charon.opt @@ -253,6 +253,11 @@ charon.port_nat_t = 4500 allocated. Has to be different from **charon.port**, otherwise a random port will be allocated. +charon.prefer_configured_proposals = yes + Prefer locally configured proposals for IKE/IPsec over supplied ones as + responder (disabling this can avoid keying retries due to INVALID_KE_PAYLOAD + notifies). + charon.prefer_temporary_addrs = no By default public IPv6 addresses are preferred over temporary ones (RFC 4941), to make connections more stable. Enable this option to reverse this. diff --git a/conf/plugins/imc-attestation.opt b/conf/plugins/imc-attestation.opt index 7a40bc962..925ac4eaf 100644 --- a/conf/plugins/imc-attestation.opt +++ b/conf/plugins/imc-attestation.opt @@ -7,6 +7,9 @@ libimcv.plugins.imc-attestation.aik_cert = libimcv.plugins.imc-attestation.aik_pubkey = AIK public key file. +libimcv.plugins.imc-attestation.aik_handle = + AIK object handle. + libimcv.plugins.imc-attestation.mandatory_dh_groups = yes Enforce mandatory Diffie-Hellman groups. @@ -16,6 +19,9 @@ libimcv.plugins.imc-attestation.nonce_len = 20 libimcv.plugins.imc-attestation.use_quote2 = yes Use Quote2 AIK signature instead of Quote signature. +libimcv.plugins.imc-attestation.use_version_info = no + Version Info is included in Quote2 signature. + libimcv.plugins.imc-attestation.pcr_info = no Whether to send pcr_before and pcr_after info. diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main index e6a502952..3d03f2058 100644 --- a/conf/strongswan.conf.5.main +++ b/conf/strongswan.conf.5.main @@ -1536,6 +1536,12 @@ allocated. Has to be different from otherwise a random port will be allocated. +.TP +.BR charon.prefer_configured_proposals " [yes]" +Prefer locally configured proposals for IKE/IPsec over supplied ones as +responder (disabling this can avoid keying retries due to INVALID_KE_PAYLOAD +notifies). + .TP .BR charon.prefer_temporary_addrs " [no]" By default public IPv6 addresses are preferred over temporary ones (RFC 4941), @@ -1779,6 +1785,10 @@ AIK encrypted private key blob file. .BR libimcv.plugins.imc-attestation.aik_cert " []" AIK certificate file. +.TP +.BR libimcv.plugins.imc-attestation.aik_handle " []" +AIK object handle. + .TP .BR libimcv.plugins.imc-attestation.aik_pubkey " []" AIK public key file. @@ -1823,6 +1833,10 @@ Whether to send pcr_before and pcr_after info. .BR libimcv.plugins.imc-attestation.use_quote2 " [yes]" Use Quote2 AIK signature instead of Quote signature. +.TP +.BR libimcv.plugins.imc-attestation.use_version_info " [no]" +Version Info is included in Quote2 signature. + .TP .BR libimcv.plugins.imc-hcd.push_info " [yes]" Send quadruple info without being prompted. diff --git a/config.guess b/config.guess index b79252d6b..16592509d 100755 --- a/config.guess +++ b/config.guess @@ -1,8 +1,8 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2013 Free Software Foundation, Inc. +# Copyright 1992-2015 Free Software Foundation, Inc. -timestamp='2013-06-10' +timestamp='2015-08-20' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -24,12 +24,12 @@ timestamp='2013-06-10' # program. This Exception is an additional permission under section 7 # of the GNU General Public License, version 3 ("GPLv3"). # -# Originally written by Per Bothner. +# Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD # -# Please send patches with a ChangeLog entry to config-patches@gnu.org. +# Please send patches to . me=`echo "$0" | sed -e 's,.*/,,'` @@ -50,7 +50,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2013 Free Software Foundation, Inc. +Copyright 1992-2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -149,7 +149,7 @@ Linux|GNU|GNU/*) LIBC=gnu #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` ;; esac @@ -168,20 +168,27 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" - UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ - /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ + /sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || \ + echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; + earmv*) + arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'` + endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'` + machine=${arch}${endian}-unknown + ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently, or will in the future. case "${UNAME_MACHINE_ARCH}" in - arm*|i386|m68k|ns32k|sh3*|sparc|vax) + arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ @@ -197,6 +204,13 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in os=netbsd ;; esac + # Determine ABI tags. + case "${UNAME_MACHINE_ARCH}" in + earm*) + expr='s/^earmv[0-9]/-eabi/;s/eb$//' + abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"` + ;; + esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need @@ -207,13 +221,13 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in release='-gnu' ;; *) - release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "${machine}-${os}${release}" + echo "${machine}-${os}${release}${abi}" exit ;; *:Bitrig:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` @@ -235,6 +249,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in *:MirBSD:*:*) echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} exit ;; + *:Sortix:*:*) + echo ${UNAME_MACHINE}-unknown-sortix + exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) @@ -579,8 +596,9 @@ EOF else IBM_ARCH=powerpc fi - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` + if [ -x /usr/bin/lslpp ] ; then + IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | + awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi @@ -826,7 +844,7 @@ EOF *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; - i*:MSYS*:*) + *:MSYS*:*) echo ${UNAME_MACHINE}-pc-msys exit ;; i*:windows32*:*) @@ -932,6 +950,9 @@ EOF crisv32:Linux:*:*) echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; + e2k:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; frv:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; @@ -969,10 +990,10 @@ EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; - or1k:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + openrisc*:Linux:*:*) + echo or1k-unknown-linux-${LIBC} exit ;; - or32:Linux:*:*) + or32:Linux:*:* | or1k*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; padre:Linux:*:*) @@ -1020,7 +1041,7 @@ EOF echo ${UNAME_MACHINE}-dec-linux-${LIBC} exit ;; x86_64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo ${UNAME_MACHINE}-pc-linux-${LIBC} exit ;; xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} @@ -1260,16 +1281,26 @@ EOF if test "$UNAME_PROCESSOR" = unknown ; then UNAME_PROCESSOR=powerpc fi - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - case $UNAME_PROCESSOR in - i386) UNAME_PROCESSOR=x86_64 ;; - powerpc) UNAME_PROCESSOR=powerpc64 ;; - esac + if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi fi + elif test "$UNAME_PROCESSOR" = i386 ; then + # Avoid executing cc on OS X 10.9, as it ships with a stub + # that puts up a graphical alert prompting to install + # developer tools. Any system running Mac OS X 10.7 or + # later (Darwin 11 and later) is required to have a 64-bit + # processor. This is not true of the ARM version of Darwin + # that Apple uses in portable devices. + UNAME_PROCESSOR=x86_64 fi echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; @@ -1361,154 +1392,6 @@ EOF exit ;; esac -eval $set_cc_for_build -cat >$dummy.c < -# include -#endif -main () -{ -#if defined (sony) -#if defined (MIPSEB) - /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, - I don't know.... */ - printf ("mips-sony-bsd\n"); exit (0); -#else -#include - printf ("m68k-sony-newsos%s\n", -#ifdef NEWSOS4 - "4" -#else - "" -#endif - ); exit (0); -#endif -#endif - -#if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix\n"); exit (0); -#endif - -#if defined (hp300) && !defined (hpux) - printf ("m68k-hp-bsd\n"); exit (0); -#endif - -#if defined (NeXT) -#if !defined (__ARCHITECTURE__) -#define __ARCHITECTURE__ "m68k" -#endif - int version; - version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; - if (version < 4) - printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); - else - printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); - exit (0); -#endif - -#if defined (MULTIMAX) || defined (n16) -#if defined (UMAXV) - printf ("ns32k-encore-sysv\n"); exit (0); -#else -#if defined (CMU) - printf ("ns32k-encore-mach\n"); exit (0); -#else - printf ("ns32k-encore-bsd\n"); exit (0); -#endif -#endif -#endif - -#if defined (__386BSD__) - printf ("i386-pc-bsd\n"); exit (0); -#endif - -#if defined (sequent) -#if defined (i386) - printf ("i386-sequent-dynix\n"); exit (0); -#endif -#if defined (ns32000) - printf ("ns32k-sequent-dynix\n"); exit (0); -#endif -#endif - -#if defined (_SEQUENT_) - struct utsname un; - - uname(&un); - - if (strncmp(un.version, "V2", 2) == 0) { - printf ("i386-sequent-ptx2\n"); exit (0); - } - if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ - printf ("i386-sequent-ptx1\n"); exit (0); - } - printf ("i386-sequent-ptx\n"); exit (0); - -#endif - -#if defined (vax) -# if !defined (ultrix) -# include -# if defined (BSD) -# if BSD == 43 - printf ("vax-dec-bsd4.3\n"); exit (0); -# else -# if BSD == 199006 - printf ("vax-dec-bsd4.3reno\n"); exit (0); -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# endif -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# else - printf ("vax-dec-ultrix\n"); exit (0); -# endif -#endif - -#if defined (alliant) && defined (i860) - printf ("i860-alliant-bsd\n"); exit (0); -#endif - - exit (1); -} -EOF - -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && - { echo "$SYSTEM_NAME"; exit; } - -# Apollos put the system type in the environment. - -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } - -# Convex versions that predate uname can use getsysinfo(1) - -if [ -x /usr/convex/getsysinfo ] -then - case `getsysinfo -f cpu_type` in - c1*) - echo c1-convex-bsd - exit ;; - c2*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit ;; - c34*) - echo c34-convex-bsd - exit ;; - c38*) - echo c38-convex-bsd - exit ;; - c4*) - echo c4-convex-bsd - exit ;; - esac -fi - cat >&2 <. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. @@ -68,7 +68,7 @@ Report bugs and patches to ." version="\ GNU config.sub ($timestamp) -Copyright 1992-2013 Free Software Foundation, Inc. +Copyright 1992-2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -117,7 +117,7 @@ maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ - knetbsd*-gnu* | netbsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os @@ -255,16 +255,18 @@ case $basic_machine in | arc | arceb \ | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ | avr | avr32 \ + | ba \ | be32 | be64 \ | bfin \ | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ - | epiphany \ - | fido | fr30 | frv \ + | e2k | epiphany \ + | fido | fr30 | frv | ft32 \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | hexagon \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | k1om \ | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ @@ -282,8 +284,10 @@ case $basic_machine in | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ + | mipsisa32r6 | mipsisa32r6el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64r6 | mipsisa64r6el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipsr5900 | mipsr5900el \ @@ -295,14 +299,14 @@ case $basic_machine in | nds32 | nds32le | nds32be \ | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ - | open8 \ - | or1k | or32 \ + | open8 | or1k | or1knd | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ + | riscv32 | riscv64 \ | rl78 | rx \ | score \ - | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ @@ -310,6 +314,7 @@ case $basic_machine in | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ + | visium \ | we32k \ | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) @@ -324,7 +329,10 @@ case $basic_machine in c6x) basic_machine=tic6x-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) + leon|leon[3-9]) + basic_machine=sparc-$basic_machine + ;; + m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) basic_machine=$basic_machine-unknown os=-none ;; @@ -369,18 +377,20 @@ case $basic_machine in | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ + | ba-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ | c8051-* | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ - | elxsi-* \ + | e2k-* | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | hexagon-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | k1om-* \ | le32-* | le64-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ @@ -400,8 +410,10 @@ case $basic_machine in | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa32r6-* | mipsisa32r6el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64r6-* | mipsisa64r6el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipsr5900-* | mipsr5900el-* \ @@ -413,16 +425,18 @@ case $basic_machine in | nios-* | nios2-* | nios2eb-* | nios2el-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ + | or1k*-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ | pyramid-* \ + | riscv32-* | riscv64-* \ | rl78-* | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \ | tahoe-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tile*-* \ @@ -430,6 +444,7 @@ case $basic_machine in | ubicom32-* \ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ | vax-* \ + | visium-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ @@ -506,6 +521,9 @@ case $basic_machine in basic_machine=i386-pc os=-aros ;; + asmjs) + basic_machine=asmjs-unknown + ;; aux) basic_machine=m68k-apple os=-aux @@ -767,6 +785,9 @@ case $basic_machine in basic_machine=m68k-isi os=-sysv ;; + leon-*|leon[3-9]-*) + basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'` + ;; m68knommu) basic_machine=m68k-unknown os=-linux @@ -822,6 +843,10 @@ case $basic_machine in basic_machine=powerpc-unknown os=-morphos ;; + moxiebox) + basic_machine=moxie-unknown + os=-moxiebox + ;; msdos) basic_machine=i386-pc os=-msdos @@ -1354,7 +1379,7 @@ case $os in | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ | -sym* | -kopensolaris* | -plan9* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* | -aros* \ + | -aos* | -aros* | -cloudabi* | -sortix* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ @@ -1367,14 +1392,14 @@ case $os in | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ - | -uxpv* | -beos* | -mpeix* | -udk* \ + | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1592,9 +1617,6 @@ case $basic_machine in mips*-*) os=-elf ;; - or1k-*) - os=-elf - ;; or32-*) os=-coff ;; diff --git a/configure b/configure index dac40eacc..be9df9705 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for strongSwan 5.4.0. +# Generated by GNU Autoconf 2.69 for strongSwan 5.5.0. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='strongSwan' PACKAGE_TARNAME='strongswan' -PACKAGE_VERSION='5.4.0' -PACKAGE_STRING='strongSwan 5.4.0' +PACKAGE_VERSION='5.5.0' +PACKAGE_STRING='strongSwan 5.5.0' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -649,6 +649,8 @@ USE_SVC_FALSE USE_SVC_TRUE USE_SWANCTL_FALSE USE_SWANCTL_TRUE +USE_AIKPUB2_FALSE +USE_AIKPUB2_TRUE USE_AIKGEN_FALSE USE_AIKGEN_TRUE USE_CMD_FALSE @@ -663,6 +665,8 @@ USE_SILENT_RULES_FALSE USE_SILENT_RULES_TRUE MONOLITHIC_FALSE MONOLITHIC_TRUE +USE_TSS2_FALSE +USE_TSS2_TRUE USE_TROUSERS_FALSE USE_TROUSERS_TRUE USE_IMCV_FALSE @@ -683,6 +687,8 @@ USE_IPSEC_SCRIPT_FALSE USE_IPSEC_SCRIPT_TRUE USE_FILE_CONFIG_FALSE USE_FILE_CONFIG_TRUE +USE_LIBTPMTSS_FALSE +USE_LIBTPMTSS_TRUE USE_LIBPTTLS_FALSE USE_LIBPTTLS_TRUE USE_LIBTNCCS_FALSE @@ -1034,6 +1040,7 @@ PYTHON_EGGS_INSTALL_TRUE PY_TEST PYTHONEGGINSTALLDIR EASY_INSTALL +PYTHON_PACKAGE_VERSION RUBY_GEMS_INSTALL_FALSE RUBY_GEMS_INSTALL_TRUE RUBYGEMDIR @@ -1087,6 +1094,7 @@ OPENSSL_LIB RTLIB USE_SYSLOG_FALSE USE_SYSLOG_TRUE +ATOMICLIB PTHREADLIB SOCKLIB BTLIB @@ -1108,6 +1116,7 @@ YACC LEXLIB LEX_OUTPUT_ROOT LEX +LT_SYS_LIBRARY_PATH OTOOL64 OTOOL LIPO @@ -1230,6 +1239,7 @@ infodir docdir oldincludedir includedir +runstatedir localstatedir sharedstatedir sysconfdir @@ -1269,7 +1279,6 @@ with_routing_table with_routing_table_prio with_ipsec_script with_fips_mode -with_tss with_capabilities with_mpz_powm_sec with_dev_headers @@ -1419,6 +1428,7 @@ enable_systime_fix enable_test_vectors enable_updown enable_aikgen +enable_aikpub2 enable_charon enable_cmd enable_conftest @@ -1450,6 +1460,8 @@ enable_python_eggs enable_python_eggs_install enable_perl_cpan enable_perl_cpan_install +enable_tss_trousers +enable_tss_tss2 enable_coverage enable_leak_detective enable_lock_profiler @@ -1463,6 +1475,7 @@ enable_shared enable_static with_pic enable_fast_install +with_aix_soname with_gnu_ld with_sysroot enable_libtool_lock @@ -1479,6 +1492,7 @@ LDFLAGS LIBS CPPFLAGS CPP +LT_SYS_LIBRARY_PATH YACC YFLAGS PYTHON @@ -1542,6 +1556,7 @@ datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -1794,6 +1809,15 @@ do | -silent | --silent | --silen | --sile | --sil) silent=yes ;; + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1931,7 +1955,7 @@ fi for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir + libdir localedir mandir runstatedir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -2044,7 +2068,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures strongSwan 5.4.0 to adapt to many kinds of systems. +\`configure' configures strongSwan 5.5.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -2084,6 +2108,7 @@ Fine tuning of the installation directories: --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -2114,7 +2139,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of strongSwan 5.4.0:";; + short | recursive ) echo "Configuration of strongSwan 5.5.0:";; esac cat <<\_ACEOF @@ -2299,7 +2324,8 @@ Optional Features: system time gracefully. --enable-test-vectors enable plugin providing crypto test vectors. --disable-updown disable updown firewall script plugin. - --enable-aikgen enable AIK generator. + --enable-aikgen enable AIK generator for TPM 1.2. + --enable-aikpub2 enable AIK extractor for TPM 2.0. --disable-charon disable the IKEv1/IKEv2 keying daemon charon. --enable-cmd enable the command line IKE client charon-cmd. --enable-conftest enforce Suite B conformance test framework. @@ -2345,6 +2371,9 @@ Optional Features: --enable-perl-cpan enable build of provided perl CPAN module. --enable-perl-cpan-install enable installation of provided CPAN module. + --enable-tss-trousers enable the use of the TrouSerS Trusted Software + Stack + --enable-tss-tss2 enable the use of the TSS 2.0 Trusted Software Stack --enable-coverage enable lcov coverage report generation. --enable-leak-detective enable malloc hooks to find memory leaks. --enable-lock-profiler enable lock/mutex profiling code. @@ -2410,9 +2439,6 @@ Optional Packages: ipsec). --with-fips-mode=arg set openssl FIPS mode: disabled(0), enabled(1), Suite B enabled(2) (default: 0). - --with-tss=arg set implementation of the Trusted Computing Group's - Software Stack (TSS). Currently the only supported - value is "trousers" (default: no). --with-capabilities=arg set capability dropping library. Currently supported values are "libcap" and "native" (default: no). --with-mpz_powm_sec=arg use the more side-channel resistant mpz_powm_sec in @@ -2444,9 +2470,12 @@ Optional Packages: --without-lib-prefix don't search for libraries in includedir and libdir --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use both] + --with-aix-soname=aix|svr4|both + shared library versioning (aka "SONAME") variant to + provide on AIX, [default=aix]. --with-gnu-ld assume the C compiler uses GNU ld [default=no] - --with-sysroot=DIR Search for dependent libraries within DIR - (or the compiler's sysroot if not specified). + --with-sysroot[=DIR] Search for dependent libraries within DIR (or the + compiler's sysroot if not specified). Some influential environment variables: PKG_CONFIG path to pkg-config utility @@ -2462,6 +2491,8 @@ Some influential environment variables: CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory CPP C preprocessor + LT_SYS_LIBRARY_PATH + User-defined run-time library search path. YACC The `Yet Another Compiler Compiler' implementation to use. Defaults to the first program found out of: `bison -y', `byacc', `yacc'. @@ -2569,7 +2600,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -strongSwan configure 5.4.0 +strongSwan configure 5.5.0 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -3091,7 +3122,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by strongSwan $as_me 5.4.0, which was +It was created by strongSwan $as_me 5.5.0, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3439,7 +3470,7 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ ac_compiler_gnu=$ac_cv_c_compiler_gnu -am__api_version='1.14' +am__api_version='1.15' ac_aux_dir= for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do @@ -3640,8 +3671,8 @@ test "$program_suffix" != NONE && ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` -# expand $ac_aux_dir to an absolute path -am_aux_dir=`cd $ac_aux_dir && pwd` +# Expand $ac_aux_dir to an absolute path. +am_aux_dir=`cd "$ac_aux_dir" && pwd` if test x"${MISSING+set}" != xset; then case $am_aux_dir in @@ -3660,7 +3691,7 @@ else $as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} fi -if test x"${install_sh}" != xset; then +if test x"${install_sh+set}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; @@ -3954,7 +3985,7 @@ fi # Define the identity of the package. PACKAGE='strongswan' - VERSION='5.4.0' + VERSION='5.5.0' cat >>confdefs.h <<_ACEOF @@ -3988,8 +4019,8 @@ MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} # mkdir_p='$(MKDIR_P)' -# We need awk for the "check" target. The system "awk" is bad on -# some platforms. +# We need awk for the "check" target (and possibly the TAP driver). The +# system "awk" is bad on some platforms. # Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AMTAR='$${TAR-tar}' @@ -4162,6 +4193,7 @@ END as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5 fi fi + # Check whether --enable-silent-rules was given. if test "${enable_silent_rules+set}" = set; then : enableval=$enable_silent_rules; @@ -4625,17 +4657,6 @@ fi - -# Check whether --with-tss was given. -if test "${with_tss+set}" = set; then : - withval=$with_tss; tss="$withval" -else - tss=no - -fi - - - # Check whether --with-capabilities was given. if test "${with_capabilities+set}" = set; then : withval=$with_capabilities; capabilities="$withval" @@ -7025,6 +7046,22 @@ fi disabled_by_default=${disabled_by_default}" aikgen" +# Check whether --enable-aikpub2 was given. +if test "${enable_aikpub2+set}" = set; then : + enableval=$enable_aikpub2; aikpub2_given=true + if test x$enableval = xyes; then + aikpub2=true + else + aikpub2=false + fi +else + aikpub2=false + aikpub2_given=false + +fi + + disabled_by_default=${disabled_by_default}" aikpub2" + # Check whether --enable-charon was given. if test "${enable_charon+set}" = set; then : enableval=$enable_charon; charon_given=true @@ -7522,6 +7559,39 @@ fi disabled_by_default=${disabled_by_default}" perl_cpan_install" +# Check whether --enable-tss-trousers was given. +if test "${enable_tss_trousers+set}" = set; then : + enableval=$enable_tss_trousers; tss_trousers_given=true + if test x$enableval = xyes; then + tss_trousers=true + else + tss_trousers=false + fi +else + tss_trousers=false + tss_trousers_given=false + +fi + + disabled_by_default=${disabled_by_default}" tss_trousers" + +# Check whether --enable-tss-tss2 was given. +if test "${enable_tss_tss2+set}" = set; then : + enableval=$enable_tss_tss2; tss_tss2_given=true + if test x$enableval = xyes; then + tss_tss2=true + else + tss_tss2=false + fi +else + tss_tss2=false + tss_tss2_given=false + +fi + + disabled_by_default=${disabled_by_default}" tss_tss2" + + # compile options # Check whether --enable-coverage was given. if test "${enable_coverage+set}" = set; then : @@ -9607,8 +9677,8 @@ esac -macro_version='2.4.2' -macro_revision='1.3337' +macro_version='2.4.6' +macro_revision='2.4.6' @@ -9622,7 +9692,7 @@ macro_revision='1.3337' -ltmain="$ac_aux_dir/ltmain.sh" +ltmain=$ac_aux_dir/ltmain.sh # Backslashify metacharacters that are still active within # double-quoted strings. @@ -9671,7 +9741,7 @@ func_echo_all () $ECHO "" } -case "$ECHO" in +case $ECHO in printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5 $as_echo "printf" >&6; } ;; print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5 @@ -9864,19 +9934,19 @@ test -z "$GREP" && GREP=grep # Check whether --with-gnu-ld was given. if test "${with_gnu_ld+set}" = set; then : - withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes + withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes else with_gnu_ld=no fi ac_prog=ld -if test "$GCC" = yes; then +if test yes = "$GCC"; then # Check if gcc -print-prog-name=ld gives a path. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 $as_echo_n "checking for ld used by $CC... " >&6; } case $host in *-*-mingw*) - # gcc leaves a trailing carriage return which upsets mingw + # gcc leaves a trailing carriage return, which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; @@ -9890,7 +9960,7 @@ $as_echo_n "checking for ld used by $CC... " >&6; } while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` done - test -z "$LD" && LD="$ac_prog" + test -z "$LD" && LD=$ac_prog ;; "") # If it fails, then pretend we aren't using GCC. @@ -9901,7 +9971,7 @@ $as_echo_n "checking for ld used by $CC... " >&6; } with_gnu_ld=unknown ;; esac -elif test "$with_gnu_ld" = yes; then +elif test yes = "$with_gnu_ld"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 $as_echo_n "checking for GNU ld... " >&6; } else @@ -9912,32 +9982,32 @@ if ${lt_cv_path_LD+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$LD"; then - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then - lt_cv_path_LD="$ac_dir/$ac_prog" + lt_cv_path_LD=$ac_dir/$ac_prog # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some variants of GNU ld only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$lt_cv_path_LD" -v 2>&1 &5 $as_echo "$LD" >&6; } @@ -9980,33 +10050,38 @@ if ${lt_cv_path_NM+:} false; then : else if test -n "$NM"; then # Let the user override the test. - lt_cv_path_NM="$NM" + lt_cv_path_NM=$NM else - lt_nm_to_check="${ac_tool_prefix}nm" + lt_nm_to_check=${ac_tool_prefix}nm if test -n "$ac_tool_prefix" && test "$build" = "$host"; then lt_nm_to_check="$lt_nm_to_check nm" fi for lt_tmp_nm in $lt_nm_to_check; do - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs test -z "$ac_dir" && ac_dir=. - tmp_nm="$ac_dir/$lt_tmp_nm" - if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then + tmp_nm=$ac_dir/$lt_tmp_nm + if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then # Check to see if the nm accepts a BSD-compat flag. - # Adding the `sed 1q' prevents false positives on HP-UX, which says: + # Adding the 'sed 1q' prevents false positives on HP-UX, which says: # nm: unknown option "B" ignored # Tru64's nm complains that /dev/null is an invalid object file - case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in - */dev/null* | *'Invalid file or object type'*) + # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty + case $build_os in + mingw*) lt_bad_file=conftest.nm/nofile ;; + *) lt_bad_file=/dev/null ;; + esac + case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in + *$lt_bad_file* | *'Invalid file or object type'*) lt_cv_path_NM="$tmp_nm -B" - break + break 2 ;; *) case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in */dev/null*) lt_cv_path_NM="$tmp_nm -p" - break + break 2 ;; *) lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but @@ -10017,15 +10092,15 @@ else esac fi done - IFS="$lt_save_ifs" + IFS=$lt_save_ifs done : ${lt_cv_path_NM=no} fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 $as_echo "$lt_cv_path_NM" >&6; } -if test "$lt_cv_path_NM" != "no"; then - NM="$lt_cv_path_NM" +if test no != "$lt_cv_path_NM"; then + NM=$lt_cv_path_NM else # Didn't find any BSD compatible name lister, look for dumpbin. if test -n "$DUMPBIN"; then : @@ -10131,9 +10206,9 @@ esac fi fi - case `$DUMPBIN -symbols /dev/null 2>&1 | sed '1q'` in + case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in *COFF*) - DUMPBIN="$DUMPBIN -symbols" + DUMPBIN="$DUMPBIN -symbols -headers" ;; *) DUMPBIN=: @@ -10141,8 +10216,8 @@ fi esac fi - if test "$DUMPBIN" != ":"; then - NM="$DUMPBIN" + if test : != "$DUMPBIN"; then + NM=$DUMPBIN fi fi test -z "$NM" && NM=nm @@ -10193,7 +10268,7 @@ if ${lt_cv_sys_max_cmd_len+:} false; then : $as_echo_n "(cached) " >&6 else i=0 - teststring="ABCD" + teststring=ABCD case $build_os in msdosdjgpp*) @@ -10233,7 +10308,7 @@ else lt_cv_sys_max_cmd_len=8192; ;; - netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) + bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*) # This has been around since 386BSD, at least. Likely further. if test -x /sbin/sysctl; then lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` @@ -10284,22 +10359,22 @@ else *) lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` if test -n "$lt_cv_sys_max_cmd_len" && \ - test undefined != "$lt_cv_sys_max_cmd_len"; then + test undefined != "$lt_cv_sys_max_cmd_len"; then lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` else # Make teststring a little bigger before we do anything with it. # a 1K string should be a reasonable start. - for i in 1 2 3 4 5 6 7 8 ; do + for i in 1 2 3 4 5 6 7 8; do teststring=$teststring$teststring done SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} # If test is not a shell built-in, we'll probably end up computing a # maximum length that is only half of the actual maximum length, but # we can't tell. - while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \ + while { test X`env echo "$teststring$teststring" 2>/dev/null` \ = "X$teststring$teststring"; } >/dev/null 2>&1 && - test $i != 17 # 1/2 MB should be enough + test 17 != "$i" # 1/2 MB should be enough do i=`expr $i + 1` teststring=$teststring$teststring @@ -10317,7 +10392,7 @@ else fi -if test -n $lt_cv_sys_max_cmd_len ; then +if test -n "$lt_cv_sys_max_cmd_len"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 $as_echo "$lt_cv_sys_max_cmd_len" >&6; } else @@ -10335,30 +10410,6 @@ max_cmd_len=$lt_cv_sys_max_cmd_len : ${MV="mv -f"} : ${RM="rm -f"} -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands some XSI constructs" >&5 -$as_echo_n "checking whether the shell understands some XSI constructs... " >&6; } -# Try some XSI features -xsi_shell=no -( _lt_dummy="a/b/c" - test "${_lt_dummy##*/},${_lt_dummy%/*},${_lt_dummy#??}"${_lt_dummy%"$_lt_dummy"}, \ - = c,a/b,b/c, \ - && eval 'test $(( 1 + 1 )) -eq 2 \ - && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ - && xsi_shell=yes -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $xsi_shell" >&5 -$as_echo "$xsi_shell" >&6; } - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands \"+=\"" >&5 -$as_echo_n "checking whether the shell understands \"+=\"... " >&6; } -lt_shell_append=no -( foo=bar; set foo baz; eval "$1+=\$2" && test "$foo" = barbaz ) \ - >/dev/null 2>&1 \ - && lt_shell_append=yes -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_shell_append" >&5 -$as_echo "$lt_shell_append" >&6; } - - if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then lt_unset=unset else @@ -10481,13 +10532,13 @@ esac reload_cmds='$LD$reload_flag -o $output$reload_objs' case $host_os in cygwin* | mingw* | pw32* | cegcc*) - if test "$GCC" != yes; then + if test yes != "$GCC"; then reload_cmds=false fi ;; darwin*) - if test "$GCC" = yes; then - reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs' + if test yes = "$GCC"; then + reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs' else reload_cmds='$LD$reload_flag -o $output$reload_objs' fi @@ -10615,13 +10666,13 @@ lt_cv_deplibs_check_method='unknown' # Need to set the preceding variable on all platforms that support # interlibrary dependencies. # 'none' -- dependencies not supported. -# `unknown' -- same as none, but documents that we really don't know. +# 'unknown' -- same as none, but documents that we really don't know. # 'pass_all' -- all dependencies passed with no checks. # 'test_compile' -- check by making test program. # 'file_magic [[regex]]' -- check by looking for files in library path -# which responds to the $file_magic_cmd with a given extended regex. -# If you have `file' or equivalent on your system and you're not sure -# whether `pass_all' will *always* work, you probably want this one. +# that responds to the $file_magic_cmd with a given extended regex. +# If you have 'file' or equivalent on your system and you're not sure +# whether 'pass_all' will *always* work, you probably want this one. case $host_os in aix[4-9]*) @@ -10648,8 +10699,7 @@ mingw* | pw32*) # Base MSYS/MinGW do not provide the 'file' command needed by # func_win32_libid shell function, so use a weaker test based on 'objdump', # unless we find 'file', for example because we are cross-compiling. - # func_win32_libid assumes BSD nm, so disallow it if using MS dumpbin. - if ( test "$lt_cv_nm_interface" = "BSD nm" && file / ) >/dev/null 2>&1; then + if ( file / ) >/dev/null 2>&1; then lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' else @@ -10745,8 +10795,8 @@ newos6*) lt_cv_deplibs_check_method=pass_all ;; -openbsd*) - if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then +openbsd* | bitrig*) + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' @@ -10799,6 +10849,9 @@ sysv4 | sysv4.3*) tpf*) lt_cv_deplibs_check_method=pass_all ;; +os2*) + lt_cv_deplibs_check_method=pass_all + ;; esac fi @@ -10956,8 +11009,8 @@ else case $host_os in cygwin* | mingw* | pw32* | cegcc*) - # two different shell functions defined in ltmain.sh - # decide which to use based on capabilities of $DLLTOOL + # two different shell functions defined in ltmain.sh; + # decide which one to use based on capabilities of $DLLTOOL case `$DLLTOOL --help 2>&1` in *--identify-strict*) lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib @@ -10969,7 +11022,7 @@ cygwin* | mingw* | pw32* | cegcc*) ;; *) # fallback: assume linklib IS sharedlib - lt_cv_sharedlib_from_linklib_cmd="$ECHO" + lt_cv_sharedlib_from_linklib_cmd=$ECHO ;; esac @@ -11123,7 +11176,7 @@ if ac_fn_c_try_compile "$LINENO"; then : ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } - if test "$ac_status" -eq 0; then + if test 0 -eq "$ac_status"; then # Ensure the archiver fails upon bogus file names. rm -f conftest.$ac_objext libconftest.a { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 @@ -11131,7 +11184,7 @@ if ac_fn_c_try_compile "$LINENO"; then : ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } - if test "$ac_status" -ne 0; then + if test 0 -ne "$ac_status"; then lt_cv_ar_at_file=@ fi fi @@ -11144,7 +11197,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5 $as_echo "$lt_cv_ar_at_file" >&6; } -if test "x$lt_cv_ar_at_file" = xno; then +if test no = "$lt_cv_ar_at_file"; then archiver_list_spec= else archiver_list_spec=$lt_cv_ar_at_file @@ -11361,7 +11414,7 @@ old_postuninstall_cmds= if test -n "$RANLIB"; then case $host_os in - openbsd*) + bitrig* | openbsd*) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" ;; *) @@ -11451,7 +11504,7 @@ cygwin* | mingw* | pw32* | cegcc*) symcode='[ABCDGISTW]' ;; hpux*) - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then symcode='[ABCDEGRST]' fi ;; @@ -11484,14 +11537,44 @@ case `$NM -V 2>&1` in symcode='[ABCDGIRSTW]' ;; esac +if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Gets list of data symbols to import. + lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'" + # Adjust the below global symbol transforms to fixup imported variables. + lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'" + lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'" + lt_c_name_lib_hook="\ + -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\ + -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'" +else + # Disable hooks by default. + lt_cv_sys_global_symbol_to_import= + lt_cdecl_hook= + lt_c_name_hook= + lt_c_name_lib_hook= +fi + # Transform an extracted symbol line into a proper C declaration. # Some systems (esp. on ia64) link data and code symbols differently, # so use this general approach. -lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" +lt_cv_sys_global_symbol_to_cdecl="sed -n"\ +$lt_cdecl_hook\ +" -e 's/^T .* \(.*\)$/extern int \1();/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'" # Transform an extracted symbol line into symbol name and symbol address -lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\)[ ]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (void *) \&\2},/p'" -lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([^ ]*\)[ ]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \(lib[^ ]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"lib\2\", (void *) \&\2},/p'" +lt_cv_sys_global_symbol_to_c_name_address="sed -n"\ +$lt_c_name_hook\ +" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'" + +# Transform an extracted symbol line into symbol name with lib prefix and +# symbol address. +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\ +$lt_c_name_lib_hook\ +" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ +" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'" # Handle CRLF in mingw tool chain opt_cr= @@ -11509,21 +11592,24 @@ for ac_symprfx in "" "_"; do # Write the raw and C identifiers. if test "$lt_cv_nm_interface" = "MS dumpbin"; then - # Fake it for dumpbin and say T for any non-static function - # and D for any global variable. + # Fake it for dumpbin and say T for any non-static function, + # D for any global variable and I for any imported variable. # Also find C++ and __fastcall symbols from MSVC++, # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK '"\ " {last_section=section; section=\$ 3};"\ " /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ " /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ +" /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\ +" /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\ +" /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\ " \$ 0!~/External *\|/{next};"\ " / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ " {if(hide[section]) next};"\ -" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\ -" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\ -" s[1]~/^[@?]/{print s[1], s[1]; next};"\ -" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\ +" {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\ +" {split(\$ 0,a,/\||\r/); split(a[2],s)};"\ +" s[1]~/^[@?]/{print f,s[1],s[1]; next};"\ +" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\ " ' prfx=^$ac_symprfx" else lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" @@ -11571,11 +11657,11 @@ _LT_EOF if $GREP ' nm_test_func$' "$nlist" >/dev/null; then cat <<_LT_EOF > conftest.$ac_ext /* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ -#if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) -/* DATA imports from DLLs on WIN32 con't be const, because runtime +#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE +/* DATA imports from DLLs on WIN32 can't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */ # define LT_DLSYM_CONST -#elif defined(__osf__) +#elif defined __osf__ /* This system does not cope well with relocations in const data. */ # define LT_DLSYM_CONST #else @@ -11601,7 +11687,7 @@ lt__PROGRAM__LTX_preloaded_symbols[] = { { "@PROGRAM@", (void *) 0 }, _LT_EOF - $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext + $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext cat <<\_LT_EOF >> conftest.$ac_ext {0, (void *) 0} }; @@ -11621,13 +11707,13 @@ _LT_EOF mv conftest.$ac_objext conftstm.$ac_objext lt_globsym_save_LIBS=$LIBS lt_globsym_save_CFLAGS=$CFLAGS - LIBS="conftstm.$ac_objext" + LIBS=conftstm.$ac_objext CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag" if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && test -s conftest${ac_exeext}; then + test $ac_status = 0; } && test -s conftest$ac_exeext; then pipe_works=yes fi LIBS=$lt_globsym_save_LIBS @@ -11648,7 +11734,7 @@ _LT_EOF rm -rf conftest* conftst* # Do not use the global_symbol_pipe unless it works. - if test "$pipe_works" = yes; then + if test yes = "$pipe_works"; then break else lt_cv_sys_global_symbol_pipe= @@ -11690,6 +11776,16 @@ fi + + + + + + + + + + @@ -11713,9 +11809,9 @@ fi lt_sysroot= -case ${with_sysroot} in #( +case $with_sysroot in #( yes) - if test "$GCC" = yes; then + if test yes = "$GCC"; then lt_sysroot=`$CC --print-sysroot 2>/dev/null` fi ;; #( @@ -11725,8 +11821,8 @@ case ${with_sysroot} in #( no|'') ;; #( *) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${with_sysroot}" >&5 -$as_echo "${with_sysroot}" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5 +$as_echo "$with_sysroot" >&6; } as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5 ;; esac @@ -11738,18 +11834,99 @@ $as_echo "${lt_sysroot:-no}" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5 +$as_echo_n "checking for a working dd... " >&6; } +if ${ac_cv_path_lt_DD+:} false; then : + $as_echo_n "(cached) " >&6 +else + printf 0123456789abcdef0123456789abcdef >conftest.i +cat conftest.i conftest.i >conftest2.i +: ${lt_DD:=$DD} +if test -z "$lt_DD"; then + ac_path_lt_DD_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in dd; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_lt_DD="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_lt_DD" || continue +if "$ac_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=: +fi + $ac_path_lt_DD_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_lt_DD"; then + : + fi +else + ac_cv_path_lt_DD=$lt_DD +fi + +rm -f conftest.i conftest2.i conftest.out +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5 +$as_echo "$ac_cv_path_lt_DD" >&6; } + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5 +$as_echo_n "checking how to truncate binary pipes... " >&6; } +if ${lt_cv_truncate_bin+:} false; then : + $as_echo_n "(cached) " >&6 +else + printf 0123456789abcdef0123456789abcdef >conftest.i +cat conftest.i conftest.i >conftest2.i +lt_cv_truncate_bin= +if "$ac_cv_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1" +fi +rm -f conftest.i conftest2.i conftest.out +test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q" +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5 +$as_echo "$lt_cv_truncate_bin" >&6; } + + + + + + + +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +func_cc_basename () +{ + for cc_temp in $*""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac + done + func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +} + # Check whether --enable-libtool-lock was given. if test "${enable_libtool_lock+set}" = set; then : enableval=$enable_libtool_lock; fi -test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes +test no = "$enable_libtool_lock" || enable_libtool_lock=yes # Some flags need to be propagated to the compiler or linker for good # libtool support. case $host in ia64-*-hpux*) - # Find out which ABI we are using. + # Find out what ABI is being produced by ac_compile, and set mode + # options accordingly. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 @@ -11758,24 +11935,25 @@ ia64-*-hpux*) test $ac_status = 0; }; then case `/usr/bin/file conftest.$ac_objext` in *ELF-32*) - HPUX_IA64_MODE="32" + HPUX_IA64_MODE=32 ;; *ELF-64*) - HPUX_IA64_MODE="64" + HPUX_IA64_MODE=64 ;; esac fi rm -rf conftest* ;; *-*-irix6*) - # Find out which ABI we are using. + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. echo '#line '$LINENO' "configure"' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - if test "$lt_cv_prog_gnu_ld" = yes; then + if test yes = "$lt_cv_prog_gnu_ld"; then case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -melf32bsmip" @@ -11804,9 +11982,50 @@ ia64-*-hpux*) rm -rf conftest* ;; -x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ +mips64*-*linux*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. + echo '#line '$LINENO' "configure"' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + emul=elf + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + emul="${emul}32" + ;; + *64-bit*) + emul="${emul}64" + ;; + esac + case `/usr/bin/file conftest.$ac_objext` in + *MSB*) + emul="${emul}btsmip" + ;; + *LSB*) + emul="${emul}ltsmip" + ;; + esac + case `/usr/bin/file conftest.$ac_objext` in + *N32*) + emul="${emul}n32" + ;; + esac + LD="${LD-ld} -m $emul" + fi + rm -rf conftest* + ;; + +x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) - # Find out which ABI we are using. + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. Note that the listed cases only cover the + # situations where additional linker options are needed (such as when + # doing 32-bit compilation for a host where ld defaults to 64-bit, or + # vice versa); the common cases where no linker options are needed do + # not appear in the list. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 @@ -11829,7 +12048,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) ;; esac ;; - ppc64-*linux*|powerpc64-*linux*) + powerpc64le-*linux*) + LD="${LD-ld} -m elf32lppclinux" + ;; + powerpc64-*linux*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) @@ -11848,7 +12070,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; - ppc*-*linux*|powerpc*-*linux*) + powerpcle-*linux*) + LD="${LD-ld} -m elf64lppc" + ;; + powerpc-*linux*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) @@ -11866,7 +12091,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) *-*-sco3.2v5*) # On SCO OpenServer 5, we need -belf to get full-featured binaries. - SAVE_CFLAGS="$CFLAGS" + SAVE_CFLAGS=$CFLAGS CFLAGS="$CFLAGS -belf" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 $as_echo_n "checking whether the C compiler needs -belf... " >&6; } @@ -11906,13 +12131,14 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 $as_echo "$lt_cv_cc_needs_belf" >&6; } - if test x"$lt_cv_cc_needs_belf" != x"yes"; then + if test yes != "$lt_cv_cc_needs_belf"; then # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf - CFLAGS="$SAVE_CFLAGS" + CFLAGS=$SAVE_CFLAGS fi ;; *-*solaris*) - # Find out which ABI we are using. + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 @@ -11924,7 +12150,7 @@ $as_echo "$lt_cv_cc_needs_belf" >&6; } case $lt_cv_prog_gnu_ld in yes*) case $host in - i?86-*-solaris*) + i?86-*-solaris*|x86_64-*-solaris*) LD="${LD-ld} -m elf_x86_64" ;; sparc*-*-solaris*) @@ -11933,7 +12159,7 @@ $as_echo "$lt_cv_cc_needs_belf" >&6; } esac # GNU ld 2.21 introduced _sol2 emulations. Use them if available. if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then - LD="${LD-ld}_sol2" + LD=${LD-ld}_sol2 fi ;; *) @@ -11949,7 +12175,7 @@ $as_echo "$lt_cv_cc_needs_belf" >&6; } ;; esac -need_locks="$enable_libtool_lock" +need_locks=$enable_libtool_lock if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args. @@ -12060,7 +12286,7 @@ else fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5 $as_echo "$lt_cv_path_mainfest_tool" >&6; } -if test "x$lt_cv_path_mainfest_tool" != xyes; then +if test yes != "$lt_cv_path_mainfest_tool"; then MANIFEST_TOOL=: fi @@ -12563,7 +12789,7 @@ if ${lt_cv_apple_cc_single_mod+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_apple_cc_single_mod=no - if test -z "${LT_MULTI_MODULE}"; then + if test -z "$LT_MULTI_MODULE"; then # By default we will add the -single_module flag. You can override # by either setting the environment variable LT_MULTI_MODULE # non-empty at configure time, or by adding -multi_module to the @@ -12581,7 +12807,7 @@ else cat conftest.err >&5 # Otherwise, if the output was created with a 0 exit code from # the compiler, it worked. - elif test -f libconftest.dylib && test $_lt_result -eq 0; then + elif test -f libconftest.dylib && test 0 = "$_lt_result"; then lt_cv_apple_cc_single_mod=yes else cat conftest.err >&5 @@ -12620,7 +12846,7 @@ else fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext - LDFLAGS="$save_LDFLAGS" + LDFLAGS=$save_LDFLAGS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 @@ -12649,7 +12875,7 @@ _LT_EOF _lt_result=$? if test -s conftest.err && $GREP force_load conftest.err; then cat conftest.err >&5 - elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then + elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then lt_cv_ld_force_load=yes else cat conftest.err >&5 @@ -12662,32 +12888,32 @@ fi $as_echo "$lt_cv_ld_force_load" >&6; } case $host_os in rhapsody* | darwin1.[012]) - _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; + _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;; darwin1.*) - _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; darwin*) # darwin 5.x on # if running on 10.5 or later, the deployment target defaults # to the OS version, if on x86, and 10.4, the deployment # target defaults to 10.4. Don't you love it? case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in 10.0,*86*-darwin8*|10.0,*-darwin[91]*) - _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; - 10.[012]*) - _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; + 10.[012][,.]*) + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; 10.*) - _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; esac ;; esac - if test "$lt_cv_apple_cc_single_mod" = "yes"; then + if test yes = "$lt_cv_apple_cc_single_mod"; then _lt_dar_single_mod='$single_module' fi - if test "$lt_cv_ld_exported_symbols_list" = "yes"; then - _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' + if test yes = "$lt_cv_ld_exported_symbols_list"; then + _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' else - _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' + _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib' fi - if test "$DSYMUTIL" != ":" && test "$lt_cv_ld_force_load" = "no"; then + if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then _lt_dsymutil='~$DSYMUTIL $lib || :' else _lt_dsymutil= @@ -12695,6 +12921,41 @@ $as_echo "$lt_cv_ld_force_load" >&6; } ;; esac +# func_munge_path_list VARIABLE PATH +# ----------------------------------- +# VARIABLE is name of variable containing _space_ separated list of +# directories to be munged by the contents of PATH, which is string +# having a format: +# "DIR[:DIR]:" +# string "DIR[ DIR]" will be prepended to VARIABLE +# ":DIR[:DIR]" +# string "DIR[ DIR]" will be appended to VARIABLE +# "DIRP[:DIRP]::[DIRA:]DIRA" +# string "DIRP[ DIRP]" will be prepended to VARIABLE and string +# "DIRA[ DIRA]" will be appended to VARIABLE +# "DIR[:DIR]" +# VARIABLE will be replaced by "DIR[ DIR]" +func_munge_path_list () +{ + case x$2 in + x) + ;; + *:) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\" + ;; + x:*) + eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\" + ;; + *::*) + eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" + eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\" + ;; + *) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\" + ;; + esac +} + for ac_header in dlfcn.h do : ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default @@ -12731,14 +12992,14 @@ if test "${enable_shared+set}" = set; then : *) enable_shared=no # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for pkg in $enableval; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs if test "X$pkg" = "X$p"; then enable_shared=yes fi done - IFS="$lt_save_ifs" + IFS=$lt_save_ifs ;; esac else @@ -12762,14 +13023,14 @@ if test "${enable_static+set}" = set; then : *) enable_static=no # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for pkg in $enableval; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs if test "X$pkg" = "X$p"; then enable_static=yes fi done - IFS="$lt_save_ifs" + IFS=$lt_save_ifs ;; esac else @@ -12793,14 +13054,14 @@ if test "${with_pic+set}" = set; then : *) pic_mode=default # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for lt_pkg in $withval; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs if test "X$lt_pkg" = "X$lt_p"; then pic_mode=yes fi done - IFS="$lt_save_ifs" + IFS=$lt_save_ifs ;; esac else @@ -12808,8 +13069,6 @@ else fi -test -z "$pic_mode" && pic_mode=default - @@ -12825,14 +13084,14 @@ if test "${enable_fast_install+set}" = set; then : *) enable_fast_install=no # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for pkg in $enableval; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs if test "X$pkg" = "X$p"; then enable_fast_install=yes fi done - IFS="$lt_save_ifs" + IFS=$lt_save_ifs ;; esac else @@ -12846,11 +13105,63 @@ fi + shared_archive_member_spec= +case $host,$enable_shared in +power*-*-aix[5-9]*,yes) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5 +$as_echo_n "checking which variant of shared library versioning to provide... " >&6; } + +# Check whether --with-aix-soname was given. +if test "${with_aix_soname+set}" = set; then : + withval=$with_aix_soname; case $withval in + aix|svr4|both) + ;; + *) + as_fn_error $? "Unknown argument to --with-aix-soname" "$LINENO" 5 + ;; + esac + lt_cv_with_aix_soname=$with_aix_soname +else + if ${lt_cv_with_aix_soname+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_with_aix_soname=aix +fi + + with_aix_soname=$lt_cv_with_aix_soname +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5 +$as_echo "$with_aix_soname" >&6; } + if test aix != "$with_aix_soname"; then + # For the AIX way of multilib, we name the shared archive member + # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o', + # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File. + # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag, + # the AIX toolchain works better with OBJECT_MODE set (default 32). + if test 64 = "${OBJECT_MODE-32}"; then + shared_archive_member_spec=shr_64 + else + shared_archive_member_spec=shr + fi + fi + ;; +*) + with_aix_soname=aix + ;; +esac + + + + + + + # This can be used to rebuild libtool when needed -LIBTOOL_DEPS="$ltmain" +LIBTOOL_DEPS=$ltmain # Always use our own libtool. LIBTOOL='$(SHELL) $(top_builddir)/libtool' @@ -12899,7 +13210,7 @@ test -z "$LN_S" && LN_S="ln -s" -if test -n "${ZSH_VERSION+set}" ; then +if test -n "${ZSH_VERSION+set}"; then setopt NO_GLOB_SUBST fi @@ -12938,7 +13249,7 @@ aix3*) # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. - if test "X${COLLECT_NAMES+set}" != Xset; then + if test set != "${COLLECT_NAMES+set}"; then COLLECT_NAMES= export COLLECT_NAMES fi @@ -12949,14 +13260,14 @@ esac ofile=libtool can_build_shared=yes -# All known linkers require a `.a' archive for static linking (except MSVC, +# All known linkers require a '.a' archive for static linking (except MSVC, # which needs '.lib'). libext=a -with_gnu_ld="$lt_cv_prog_gnu_ld" +with_gnu_ld=$lt_cv_prog_gnu_ld -old_CC="$CC" -old_CFLAGS="$CFLAGS" +old_CC=$CC +old_CFLAGS=$CFLAGS # Set sane defaults for various variables test -z "$CC" && CC=cc @@ -12965,15 +13276,8 @@ test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS test -z "$LD" && LD=ld test -z "$ac_objext" && ac_objext=o -for cc_temp in $compiler""; do - case $cc_temp in - compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; - distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; - \-*) ;; - *) break;; - esac -done -cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +func_cc_basename $compiler +cc_basename=$func_cc_basename_result # Only perform the check for file, if the check method requires it @@ -12988,22 +13292,22 @@ if ${lt_cv_path_MAGIC_CMD+:} false; then : else case $MAGIC_CMD in [\\/*] | ?:[\\/]*) - lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. + lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. ;; *) - lt_save_MAGIC_CMD="$MAGIC_CMD" - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + lt_save_MAGIC_CMD=$MAGIC_CMD + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" for ac_dir in $ac_dummy; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/${ac_tool_prefix}file; then - lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file" + if test -f "$ac_dir/${ac_tool_prefix}file"; then + lt_cv_path_MAGIC_CMD=$ac_dir/"${ac_tool_prefix}file" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` - MAGIC_CMD="$lt_cv_path_MAGIC_CMD" + MAGIC_CMD=$lt_cv_path_MAGIC_CMD if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : @@ -13026,13 +13330,13 @@ _LT_EOF break fi done - IFS="$lt_save_ifs" - MAGIC_CMD="$lt_save_MAGIC_CMD" + IFS=$lt_save_ifs + MAGIC_CMD=$lt_save_MAGIC_CMD ;; esac fi -MAGIC_CMD="$lt_cv_path_MAGIC_CMD" +MAGIC_CMD=$lt_cv_path_MAGIC_CMD if test -n "$MAGIC_CMD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 $as_echo "$MAGIC_CMD" >&6; } @@ -13054,22 +13358,22 @@ if ${lt_cv_path_MAGIC_CMD+:} false; then : else case $MAGIC_CMD in [\\/*] | ?:[\\/]*) - lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. + lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. ;; *) - lt_save_MAGIC_CMD="$MAGIC_CMD" - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + lt_save_MAGIC_CMD=$MAGIC_CMD + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" for ac_dir in $ac_dummy; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/file; then - lt_cv_path_MAGIC_CMD="$ac_dir/file" + if test -f "$ac_dir/file"; then + lt_cv_path_MAGIC_CMD=$ac_dir/"file" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` - MAGIC_CMD="$lt_cv_path_MAGIC_CMD" + MAGIC_CMD=$lt_cv_path_MAGIC_CMD if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : @@ -13092,13 +13396,13 @@ _LT_EOF break fi done - IFS="$lt_save_ifs" - MAGIC_CMD="$lt_save_MAGIC_CMD" + IFS=$lt_save_ifs + MAGIC_CMD=$lt_save_MAGIC_CMD ;; esac fi -MAGIC_CMD="$lt_cv_path_MAGIC_CMD" +MAGIC_CMD=$lt_cv_path_MAGIC_CMD if test -n "$MAGIC_CMD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 $as_echo "$MAGIC_CMD" >&6; } @@ -13119,7 +13423,7 @@ esac # Use C for the default configuration in the libtool script -lt_save_CC="$CC" +lt_save_CC=$CC ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -13181,7 +13485,7 @@ if test -n "$compiler"; then lt_prog_compiler_no_builtin_flag= -if test "$GCC" = yes; then +if test yes = "$GCC"; then case $cc_basename in nvcc*) lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;; @@ -13197,7 +13501,7 @@ else lt_cv_prog_compiler_rtti_exceptions=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext - lt_compiler_flag="-fno-rtti -fno-exceptions" + lt_compiler_flag="-fno-rtti -fno-exceptions" ## exclude from sc_useless_quotes_in_assignment # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins @@ -13227,7 +13531,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 $as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; } -if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then +if test yes = "$lt_cv_prog_compiler_rtti_exceptions"; then lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions" else : @@ -13245,17 +13549,18 @@ lt_prog_compiler_pic= lt_prog_compiler_static= - if test "$GCC" = yes; then + if test yes = "$GCC"; then lt_prog_compiler_wl='-Wl,' lt_prog_compiler_static='-static' case $host_os in aix*) # All AIX code is PIC. - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # AIX 5 now supports IA64 processor lt_prog_compiler_static='-Bstatic' fi + lt_prog_compiler_pic='-fPIC' ;; amigaos*) @@ -13266,8 +13571,8 @@ lt_prog_compiler_static= ;; m68k) # FIXME: we need at least 68020 code to build shared libraries, but - # adding the `-m68020' flag to GCC prevents building anything better, - # like `-m68040'. + # adding the '-m68020' flag to GCC prevents building anything better, + # like '-m68040'. lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' ;; esac @@ -13283,6 +13588,11 @@ lt_prog_compiler_static= # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries lt_prog_compiler_pic='-DDLL_EXPORT' + case $host_os in + os2*) + lt_prog_compiler_static='$wl-static' + ;; + esac ;; darwin* | rhapsody*) @@ -13353,7 +13663,7 @@ lt_prog_compiler_static= case $host_os in aix*) lt_prog_compiler_wl='-Wl,' - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # AIX 5 now supports IA64 processor lt_prog_compiler_static='-Bstatic' else @@ -13361,10 +13671,29 @@ lt_prog_compiler_static= fi ;; + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + lt_prog_compiler_pic='-fno-common' + case $cc_basename in + nagfor*) + # NAG Fortran compiler + lt_prog_compiler_wl='-Wl,-Wl,,' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + esac + ;; + mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic='-DDLL_EXPORT' + case $host_os in + os2*) + lt_prog_compiler_static='$wl-static' + ;; + esac ;; hpux9* | hpux10* | hpux11*) @@ -13380,7 +13709,7 @@ lt_prog_compiler_static= ;; esac # Is there a better lt_prog_compiler_static that works with the bundled CC? - lt_prog_compiler_static='${wl}-a ${wl}archive' + lt_prog_compiler_static='$wl-a ${wl}archive' ;; irix5* | irix6* | nonstopux*) @@ -13391,7 +13720,7 @@ lt_prog_compiler_static= linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) case $cc_basename in - # old Intel for x86_64 which still supported -KPIC. + # old Intel for x86_64, which still supported -KPIC. ecc*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-KPIC' @@ -13416,6 +13745,12 @@ lt_prog_compiler_static= lt_prog_compiler_pic='-PIC' lt_prog_compiler_static='-Bstatic' ;; + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group compilers (*not* the Pentium gcc compiler, # which looks to be a dead project) @@ -13513,7 +13848,7 @@ lt_prog_compiler_static= ;; sysv4*MP*) - if test -d /usr/nec ;then + if test -d /usr/nec; then lt_prog_compiler_pic='-Kconform_pic' lt_prog_compiler_static='-Bstatic' fi @@ -13542,7 +13877,7 @@ lt_prog_compiler_static= fi case $host_os in - # For platforms which do not support PIC, -DPIC is meaningless: + # For platforms that do not support PIC, -DPIC is meaningless: *djgpp*) lt_prog_compiler_pic= ;; @@ -13574,7 +13909,7 @@ else lt_cv_prog_compiler_pic_works=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext - lt_compiler_flag="$lt_prog_compiler_pic -DPIC" + lt_compiler_flag="$lt_prog_compiler_pic -DPIC" ## exclude from sc_useless_quotes_in_assignment # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins @@ -13604,7 +13939,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 $as_echo "$lt_cv_prog_compiler_pic_works" >&6; } -if test x"$lt_cv_prog_compiler_pic_works" = xyes; then +if test yes = "$lt_cv_prog_compiler_pic_works"; then case $lt_prog_compiler_pic in "" | " "*) ;; *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;; @@ -13636,7 +13971,7 @@ if ${lt_cv_prog_compiler_static_works+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_static_works=no - save_LDFLAGS="$LDFLAGS" + save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS $lt_tmp_static_flag" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then @@ -13655,13 +13990,13 @@ else fi fi $RM -r conftest* - LDFLAGS="$save_LDFLAGS" + LDFLAGS=$save_LDFLAGS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 $as_echo "$lt_cv_prog_compiler_static_works" >&6; } -if test x"$lt_cv_prog_compiler_static_works" = xyes; then +if test yes = "$lt_cv_prog_compiler_static_works"; then : else lt_prog_compiler_static= @@ -13781,8 +14116,8 @@ $as_echo "$lt_cv_prog_compiler_c_o" >&6; } -hard_links="nottested" -if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then +hard_links=nottested +if test no = "$lt_cv_prog_compiler_c_o" && test no != "$need_locks"; then # do not overwrite the value of need_locks provided by the user { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 $as_echo_n "checking if we can lock with hard links... " >&6; } @@ -13794,9 +14129,9 @@ $as_echo_n "checking if we can lock with hard links... " >&6; } ln conftest.a conftest.b 2>/dev/null && hard_links=no { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 $as_echo "$hard_links" >&6; } - if test "$hard_links" = no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 -$as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} + if test no = "$hard_links"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5 +$as_echo "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;} need_locks=warn fi else @@ -13839,9 +14174,9 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie # included in the symbol list include_expsyms= # exclude_expsyms can be an extended regexp of symbols to exclude - # it will be wrapped by ` (' and `)$', so one must not match beginning or - # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', - # as well as any symbol that contains `d'. + # it will be wrapped by ' (' and ')$', so one must not match beginning or + # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc', + # as well as any symbol that contains 'd'. exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out # platforms (ab)use it in PIC code, but their linkers get confused if @@ -13856,7 +14191,7 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. - if test "$GCC" != yes; then + if test yes != "$GCC"; then with_gnu_ld=no fi ;; @@ -13864,7 +14199,7 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie # we just hope/assume this is gcc and not c89 (= MSVC++) with_gnu_ld=yes ;; - openbsd*) + openbsd* | bitrig*) with_gnu_ld=no ;; linux* | k*bsd*-gnu | gnu*) @@ -13877,7 +14212,7 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie # On some targets, GNU ld is compatible enough with the native linker # that we're better off using the native interface for both. lt_use_gnu_ld_interface=no - if test "$with_gnu_ld" = yes; then + if test yes = "$with_gnu_ld"; then case $host_os in aix*) # The AIX port of GNU ld has always aspired to compatibility @@ -13899,24 +14234,24 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie esac fi - if test "$lt_use_gnu_ld_interface" = yes; then + if test yes = "$lt_use_gnu_ld_interface"; then # If archive_cmds runs LD, not CC, wlarc should be empty - wlarc='${wl}' + wlarc='$wl' # Set some defaults for GNU ld with shared library support. These # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. runpath_var=LD_RUN_PATH - hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' - export_dynamic_flag_spec='${wl}--export-dynamic' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + export_dynamic_flag_spec='$wl--export-dynamic' # ancient GNU ld didn't support --whole-archive et. al. if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then - whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + whole_archive_flag_spec=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' else whole_archive_flag_spec= fi supports_anon_versioning=no - case `$LD -v 2>&1` in + case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in *GNU\ gold*) supports_anon_versioning=yes ;; *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... @@ -13929,7 +14264,7 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie case $host_os in aix[3-9]*) # On AIX/PPC, the GNU linker is very broken - if test "$host_cpu" != ia64; then + if test ia64 != "$host_cpu"; then ld_shlibs=no cat <<_LT_EOF 1>&2 @@ -13948,7 +14283,7 @@ _LT_EOF case $host_cpu in powerpc) # see comment about AmigaOS4 .so support - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' archive_expsym_cmds='' ;; m68k) @@ -13964,7 +14299,7 @@ _LT_EOF allow_undefined_flag=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME - archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' else ld_shlibs=no fi @@ -13974,7 +14309,7 @@ _LT_EOF # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, # as there is no search path for DLLs. hardcode_libdir_flag_spec='-L$libdir' - export_dynamic_flag_spec='${wl}--export-all-symbols' + export_dynamic_flag_spec='$wl--export-all-symbols' allow_undefined_flag=unsupported always_export_symbols=no enable_shared_with_static_runtimes=yes @@ -13982,61 +14317,89 @@ _LT_EOF exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname' if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then - cp $export_symbols $output_objdir/$soname.def; - else - echo EXPORTS > $output_objdir/$soname.def; - cat $export_symbols >> $output_objdir/$soname.def; - fi~ - $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file, use it as + # is; otherwise, prepend EXPORTS... + archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else ld_shlibs=no fi ;; haiku*) - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' link_all_deplibs=yes ;; + os2*) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + allow_undefined_flag=unsupported + shrext_cmds=.dll + archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + enable_shared_with_static_runtimes=yes + ;; + interix[3-9]*) hardcode_direct=no hardcode_shlibpath_var=no - hardcode_libdir_flag_spec='${wl}-rpath,$libdir' - export_dynamic_flag_spec='${wl}-E' + hardcode_libdir_flag_spec='$wl-rpath,$libdir' + export_dynamic_flag_spec='$wl-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. - archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + archive_expsym_cmds='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) tmp_diet=no - if test "$host_os" = linux-dietlibc; then + if test linux-dietlibc = "$host_os"; then case $cc_basename in diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) esac fi if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ - && test "$tmp_diet" = no + && test no = "$tmp_diet" then tmp_addflag=' $pic_flag' tmp_sharedflag='-shared' case $cc_basename,$host_cpu in pgcc*) # Portland Group C compiler - whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' tmp_addflag=' $pic_flag' ;; pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group f77 and f90 compilers - whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' tmp_addflag=' $pic_flag -Mnomain' ;; ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 tmp_addflag=' -i_dynamic' ;; @@ -14047,42 +14410,47 @@ _LT_EOF lf95*) # Lahey Fortran 8.1 whole_archive_flag_spec= tmp_sharedflag='--shared' ;; + nagfor*) # NAGFOR 5.3 + tmp_sharedflag='-Wl,-shared' ;; xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below) tmp_sharedflag='-qmkshrobj' tmp_addflag= ;; nvcc*) # Cuda Compiler Driver 2.2 - whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' compiler_needs_object=yes ;; esac case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 - whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + whole_archive_flag_spec='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' compiler_needs_object=yes tmp_sharedflag='-G' ;; *Sun\ F*) # Sun Fortran 8.3 tmp_sharedflag='-G' ;; esac - archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - if test "x$supports_anon_versioning" = xyes; then + if test yes = "$supports_anon_versioning"; then archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - echo "local: *; };" >> $output_objdir/$libname.ver~ - $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' fi case $cc_basename in + tcc*) + export_dynamic_flag_spec='-rdynamic' + ;; xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive' - hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' - if test "x$supports_anon_versioning" = xyes; then + if test yes = "$supports_anon_versioning"; then archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - echo "local: *; };" >> $output_objdir/$libname.ver~ - $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' fi ;; esac @@ -14096,8 +14464,8 @@ _LT_EOF archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= else - archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' fi ;; @@ -14115,8 +14483,8 @@ _LT_EOF _LT_EOF elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi @@ -14128,7 +14496,7 @@ _LT_EOF ld_shlibs=no cat <<_LT_EOF 1>&2 -*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not +*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot *** reliably create shared libraries on SCO systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.16.91.0.3 or newer. Another option is to modify @@ -14143,9 +14511,9 @@ _LT_EOF # DT_RUNPATH tag from executables and libraries. But doing so # requires that you compile everything twice, which is a pain. if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi @@ -14162,15 +14530,15 @@ _LT_EOF *) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi ;; esac - if test "$ld_shlibs" = no; then + if test no = "$ld_shlibs"; then runpath_var= hardcode_libdir_flag_spec= export_dynamic_flag_spec= @@ -14186,7 +14554,7 @@ _LT_EOF # Note: this linker hardcodes the directories in LIBPATH if there # are no directories specified by -L. hardcode_minus_L=yes - if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then + if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then # Neither direct hardcoding nor static linking is supported with a # broken collect2. hardcode_direct=unsupported @@ -14194,34 +14562,57 @@ _LT_EOF ;; aix[4-9]*) - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' - no_entry_flag="" + no_entry_flag= else # If we're using GNU nm, then we don't want the "-C" option. - # -C means demangle to AIX nm, but means don't demangle with GNU nm - # Also, AIX nm treats weak defined symbols like other global - # defined symbols, whereas GNU nm marks them as "W". + # -C means demangle to GNU nm, but means don't demangle to AIX nm. + # Without the "-l" option, or with the "-B" option, AIX nm treats + # weak defined symbols like other global defined symbols, whereas + # GNU nm marks them as "W". + # While the 'weak' keyword is ignored in the Export File, we need + # it in the Import File for the 'aix-soname' feature, so we have + # to replace the "-B" option with "-P" for AIX nm. if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then - export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' else - export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we - # need to do runtime linking. + # have runtime linking enabled, and use it for executables. + # For shared libraries, we enable/disable runtime linking + # depending on the kind of the shared library created - + # when "with_aix_soname,aix_use_runtimelinking" is: + # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables + # "aix,yes" lib.so shared, rtl:yes, for executables + # lib.a static archive + # "both,no" lib.so.V(shr.o) shared, rtl:yes + # lib.a(lib.so.V) shared, rtl:no, for executables + # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a(lib.so.V) shared, rtl:no + # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a static archive case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) for ld_flag in $LDFLAGS; do - if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then + if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then aix_use_runtimelinking=yes break fi done + if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then + # With aix-soname=svr4, we create the lib.so.V shared archives only, + # so we don't have lib.a shared libs to link our executables. + # We have to force runtime linking in this case. + aix_use_runtimelinking=yes + LDFLAGS="$LDFLAGS -Wl,-brtl" + fi ;; esac @@ -14240,13 +14631,21 @@ _LT_EOF hardcode_direct_absolute=yes hardcode_libdir_separator=':' link_all_deplibs=yes - file_list_spec='${wl}-f,' + file_list_spec='$wl-f,' + case $with_aix_soname,$aix_use_runtimelinking in + aix,*) ;; # traditional, no import file + svr4,* | *,yes) # use import file + # The Import File defines what to hardcode. + hardcode_direct=no + hardcode_direct_absolute=no + ;; + esac - if test "$GCC" = yes; then + if test yes = "$GCC"; then case $host_os in aix4.[012]|aix4.[012].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ - collect2name=`${CC} -print-prog-name=collect2` + collect2name=`$CC -print-prog-name=collect2` if test -f "$collect2name" && strings "$collect2name" | $GREP resolve_lib_name >/dev/null then @@ -14265,36 +14664,42 @@ _LT_EOF ;; esac shared_flag='-shared' - if test "$aix_use_runtimelinking" = yes; then - shared_flag="$shared_flag "'${wl}-G' + if test yes = "$aix_use_runtimelinking"; then + shared_flag="$shared_flag "'$wl-G' fi - link_all_deplibs=no + # Need to ensure runtime linking is disabled for the traditional + # shared library, or the linker may eventually find shared libraries + # /with/ Import File - we do not want to mix them. + shared_flag_aix='-shared' + shared_flag_svr4='-shared $wl-G' else # not using gcc - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else - if test "$aix_use_runtimelinking" = yes; then - shared_flag='${wl}-G' + if test yes = "$aix_use_runtimelinking"; then + shared_flag='$wl-G' else - shared_flag='${wl}-bM:SRE' + shared_flag='$wl-bM:SRE' fi + shared_flag_aix='$wl-bM:SRE' + shared_flag_svr4='$wl-G' fi fi - export_dynamic_flag_spec='${wl}-bexpall' + export_dynamic_flag_spec='$wl-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. always_export_symbols=yes - if test "$aix_use_runtimelinking" = yes; then + if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. allow_undefined_flag='-berok' # Determine the default libpath from the value encoded in an # empty executable. - if test "${lt_cv_aix_libpath+set}" = set; then + if test set = "${lt_cv_aix_libpath+set}"; then aix_libpath=$lt_cv_aix_libpath else if ${lt_cv_aix_libpath_+:} false; then : @@ -14329,7 +14734,7 @@ fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test -z "$lt_cv_aix_libpath_"; then - lt_cv_aix_libpath_="/usr/lib:/lib" + lt_cv_aix_libpath_=/usr/lib:/lib fi fi @@ -14337,17 +14742,17 @@ fi aix_libpath=$lt_cv_aix_libpath_ fi - hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" - archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath" + archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag else - if test "$host_cpu" = ia64; then - hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib' + if test ia64 = "$host_cpu"; then + hardcode_libdir_flag_spec='$wl-R $libdir:/usr/lib:/lib' allow_undefined_flag="-z nodefs" - archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an # empty executable. - if test "${lt_cv_aix_libpath+set}" = set; then + if test set = "${lt_cv_aix_libpath+set}"; then aix_libpath=$lt_cv_aix_libpath else if ${lt_cv_aix_libpath_+:} false; then : @@ -14382,7 +14787,7 @@ fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test -z "$lt_cv_aix_libpath_"; then - lt_cv_aix_libpath_="/usr/lib:/lib" + lt_cv_aix_libpath_=/usr/lib:/lib fi fi @@ -14390,21 +14795,33 @@ fi aix_libpath=$lt_cv_aix_libpath_ fi - hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" + hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. - no_undefined_flag=' ${wl}-bernotok' - allow_undefined_flag=' ${wl}-berok' - if test "$with_gnu_ld" = yes; then + no_undefined_flag=' $wl-bernotok' + allow_undefined_flag=' $wl-berok' + if test yes = "$with_gnu_ld"; then # We only use this code for GNU lds that support --whole-archive. - whole_archive_flag_spec='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + whole_archive_flag_spec='$wl--whole-archive$convenience $wl--no-whole-archive' else # Exported symbols can be pulled into shared objects from archives whole_archive_flag_spec='$convenience' fi archive_cmds_need_lc=yes - # This is similar to how AIX traditionally builds its shared libraries. - archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + archive_expsym_cmds='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d' + # -brtl affects multiple linker settings, -berok does not and is overridden later + compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([, ]\\)%-berok\\1%g"`' + if test svr4 != "$with_aix_soname"; then + # This is similar to how AIX traditionally builds its shared libraries. + archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname' + fi + if test aix != "$with_aix_soname"; then + archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp' + else + # used by -dlpreopen to get the symbols + archive_expsym_cmds="$archive_expsym_cmds"'~$MV $output_objdir/$realname.d/$soname $output_objdir' + fi + archive_expsym_cmds="$archive_expsym_cmds"'~$RM -r $output_objdir/$realname.d' fi fi ;; @@ -14413,7 +14830,7 @@ fi case $host_cpu in powerpc) # see comment about AmigaOS4 .so support - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' archive_expsym_cmds='' ;; m68k) @@ -14443,16 +14860,17 @@ fi # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. - shrext_cmds=".dll" + shrext_cmds=.dll # FIXME: Setting linknames here is a bad hack. - archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' - archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then - sed -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; - else - sed -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; - fi~ - $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ - linknames=' + archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' + archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then + cp "$export_symbols" "$output_objdir/$soname.def"; + echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; + else + $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, )='true' enable_shared_with_static_runtimes=yes @@ -14461,18 +14879,18 @@ fi # Don't use ranlib old_postinstall_cmds='chmod 644 $oldlib' postlink_cmds='lt_outputfile="@OUTPUT@"~ - lt_tool_outputfile="@TOOL_OUTPUT@"~ - case $lt_outputfile in - *.exe|*.EXE) ;; - *) - lt_outputfile="$lt_outputfile.exe" - lt_tool_outputfile="$lt_tool_outputfile.exe" - ;; - esac~ - if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then - $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; - $RM "$lt_outputfile.manifest"; - fi' + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile=$lt_outputfile.exe + lt_tool_outputfile=$lt_tool_outputfile.exe + ;; + esac~ + if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' ;; *) # Assume MSVC wrapper @@ -14481,7 +14899,7 @@ fi # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. - shrext_cmds=".dll" + shrext_cmds=.dll # FIXME: Setting linknames here is a bad hack. archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' # The linker will automatically build a .lib file if we build a DLL. @@ -14500,24 +14918,24 @@ fi hardcode_direct=no hardcode_automatic=yes hardcode_shlibpath_var=unsupported - if test "$lt_cv_ld_force_load" = "yes"; then - whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + if test yes = "$lt_cv_ld_force_load"; then + whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' else whole_archive_flag_spec='' fi link_all_deplibs=yes - allow_undefined_flag="$_lt_dar_allow_undefined" + allow_undefined_flag=$_lt_dar_allow_undefined case $cc_basename in - ifort*) _lt_dar_can_shared=yes ;; + ifort*|nagfor*) _lt_dar_can_shared=yes ;; *) _lt_dar_can_shared=$GCC ;; esac - if test "$_lt_dar_can_shared" = "yes"; then + if test yes = "$_lt_dar_can_shared"; then output_verbose_link_cmd=func_echo_all - archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" - module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" - archive_expsym_cmds="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" - module_expsym_cmds="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" + archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil" + module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil" + archive_expsym_cmds="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil" + module_expsym_cmds="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil" else ld_shlibs=no @@ -14559,33 +14977,33 @@ fi ;; hpux9*) - if test "$GCC" = yes; then - archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + if test yes = "$GCC"; then + archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' else - archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' fi - hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_flag_spec='$wl+b $wl$libdir' hardcode_libdir_separator=: hardcode_direct=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes - export_dynamic_flag_spec='${wl}-E' + export_dynamic_flag_spec='$wl-E' ;; hpux10*) - if test "$GCC" = yes && test "$with_gnu_ld" = no; then - archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + if test yes,no = "$GCC,$with_gnu_ld"; then + archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi - if test "$with_gnu_ld" = no; then - hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + if test no = "$with_gnu_ld"; then + hardcode_libdir_flag_spec='$wl+b $wl$libdir' hardcode_libdir_separator=: hardcode_direct=yes hardcode_direct_absolute=yes - export_dynamic_flag_spec='${wl}-E' + export_dynamic_flag_spec='$wl-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes @@ -14593,25 +15011,25 @@ fi ;; hpux11*) - if test "$GCC" = yes && test "$with_gnu_ld" = no; then + if test yes,no = "$GCC,$with_gnu_ld"; then case $host_cpu in hppa*64*) - archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_cmds='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) - archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) - archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac else case $host_cpu in hppa*64*) - archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_cmds='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) - archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + archive_cmds='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) @@ -14623,7 +15041,7 @@ if ${lt_cv_prog_compiler__b+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler__b=no - save_LDFLAGS="$LDFLAGS" + save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS -b" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then @@ -14642,14 +15060,14 @@ else fi fi $RM -r conftest* - LDFLAGS="$save_LDFLAGS" + LDFLAGS=$save_LDFLAGS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5 $as_echo "$lt_cv_prog_compiler__b" >&6; } -if test x"$lt_cv_prog_compiler__b" = xyes; then - archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' +if test yes = "$lt_cv_prog_compiler__b"; then + archive_cmds='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi @@ -14657,8 +15075,8 @@ fi ;; esac fi - if test "$with_gnu_ld" = no; then - hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + if test no = "$with_gnu_ld"; then + hardcode_libdir_flag_spec='$wl+b $wl$libdir' hardcode_libdir_separator=: case $host_cpu in @@ -14669,7 +15087,7 @@ fi *) hardcode_direct=yes hardcode_direct_absolute=yes - export_dynamic_flag_spec='${wl}-E' + export_dynamic_flag_spec='$wl-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. @@ -14680,8 +15098,8 @@ fi ;; irix5* | irix6* | nonstopux*) - if test "$GCC" = yes; then - archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + if test yes = "$GCC"; then + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' # Try to use the -exported_symbol ld option, if it does not # work, assume that -exports_file does not work either and # implicitly export all symbols. @@ -14691,8 +15109,8 @@ $as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " > if ${lt_cv_irix_exported_symbol+:} false; then : $as_echo_n "(cached) " >&6 else - save_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int foo (void) { return 0; } @@ -14704,24 +15122,35 @@ else fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext - LDFLAGS="$save_LDFLAGS" + LDFLAGS=$save_LDFLAGS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 $as_echo "$lt_cv_irix_exported_symbol" >&6; } - if test "$lt_cv_irix_exported_symbol" = yes; then - archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' + if test yes = "$lt_cv_irix_exported_symbol"; then + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' fi + link_all_deplibs=no else - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' - archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' fi archive_cmds_need_lc='no' - hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' hardcode_libdir_separator=: inherit_rpath=yes link_all_deplibs=yes ;; + linux*) + case $cc_basename in + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + ld_shlibs=yes + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out @@ -14736,7 +15165,7 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } newsos6) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=yes - hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' hardcode_libdir_separator=: hardcode_shlibpath_var=no ;; @@ -14744,27 +15173,19 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } *nto* | *qnx*) ;; - openbsd*) + openbsd* | bitrig*) if test -f /usr/libexec/ld.so; then hardcode_direct=yes hardcode_shlibpath_var=no hardcode_direct_absolute=yes - if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' - hardcode_libdir_flag_spec='${wl}-rpath,$libdir' - export_dynamic_flag_spec='${wl}-E' + archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols' + hardcode_libdir_flag_spec='$wl-rpath,$libdir' + export_dynamic_flag_spec='$wl-E' else - case $host_os in - openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) - archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' - hardcode_libdir_flag_spec='-R$libdir' - ;; - *) - archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - hardcode_libdir_flag_spec='${wl}-rpath,$libdir' - ;; - esac + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec='$wl-rpath,$libdir' fi else ld_shlibs=no @@ -14775,33 +15196,53 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes allow_undefined_flag=unsupported - archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' - old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' + shrext_cmds=.dll + archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + enable_shared_with_static_runtimes=yes ;; osf3*) - if test "$GCC" = yes; then - allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' - archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + if test yes = "$GCC"; then + allow_undefined_flag=' $wl-expect_unresolved $wl\*' + archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' else allow_undefined_flag=' -expect_unresolved \*' - archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' fi archive_cmds_need_lc='no' - hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' hardcode_libdir_separator=: ;; osf4* | osf5*) # as osf3* with the addition of -msym flag - if test "$GCC" = yes; then - allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' - archive_cmds='$CC -shared${allow_undefined_flag} $pic_flag $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + if test yes = "$GCC"; then + allow_undefined_flag=' $wl-expect_unresolved $wl\*' + archive_cmds='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' else allow_undefined_flag=' -expect_unresolved \*' - archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ - $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' + $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp' # Both c and cxx compiler support -rpath directly hardcode_libdir_flag_spec='-rpath $libdir' @@ -14812,24 +15253,24 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } solaris*) no_undefined_flag=' -z defs' - if test "$GCC" = yes; then - wlarc='${wl}' - archive_cmds='$CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + if test yes = "$GCC"; then + wlarc='$wl' + archive_cmds='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' else case `$CC -V 2>&1` in *"Compilers 5.0"*) wlarc='' - archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' + archive_cmds='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags' archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' + $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' ;; *) - wlarc='${wl}' - archive_cmds='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags' + wlarc='$wl' + archive_cmds='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' ;; esac fi @@ -14839,11 +15280,11 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } solaris2.[0-5] | solaris2.[0-5].*) ;; *) # The compiler driver will combine and reorder linker options, - # but understands `-z linker_flag'. GCC discards it without `$wl', + # but understands '-z linker_flag'. GCC discards it without '$wl', # but is careful enough not to reorder. # Supported since Solaris 2.6 (maybe 2.5.1?) - if test "$GCC" = yes; then - whole_archive_flag_spec='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' + if test yes = "$GCC"; then + whole_archive_flag_spec='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract' else whole_archive_flag_spec='-z allextract$convenience -z defaultextract' fi @@ -14853,10 +15294,10 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } ;; sunos4*) - if test "x$host_vendor" = xsequent; then + if test sequent = "$host_vendor"; then # Use $CC to link under sequent, because it throws in some extra .o # files that make .init and .fini sections work. - archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' + archive_cmds='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' fi @@ -14905,43 +15346,43 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) - no_undefined_flag='${wl}-z,text' + no_undefined_flag='$wl-z,text' archive_cmds_need_lc=no hardcode_shlibpath_var=no runpath_var='LD_RUN_PATH' - if test "$GCC" = yes; then - archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + if test yes = "$GCC"; then + archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else - archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; sysv5* | sco3.2v5* | sco5v6*) - # Note: We can NOT use -z defs as we might desire, because we do not + # Note: We CANNOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. - no_undefined_flag='${wl}-z,text' - allow_undefined_flag='${wl}-z,nodefs' + no_undefined_flag='$wl-z,text' + allow_undefined_flag='$wl-z,nodefs' archive_cmds_need_lc=no hardcode_shlibpath_var=no - hardcode_libdir_flag_spec='${wl}-R,$libdir' + hardcode_libdir_flag_spec='$wl-R,$libdir' hardcode_libdir_separator=':' link_all_deplibs=yes - export_dynamic_flag_spec='${wl}-Bexport' + export_dynamic_flag_spec='$wl-Bexport' runpath_var='LD_RUN_PATH' - if test "$GCC" = yes; then - archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + if test yes = "$GCC"; then + archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else - archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; @@ -14956,10 +15397,10 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } ;; esac - if test x$host_vendor = xsni; then + if test sni = "$host_vendor"; then case $host in sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) - export_dynamic_flag_spec='${wl}-Blargedynsym' + export_dynamic_flag_spec='$wl-Blargedynsym' ;; esac fi @@ -14967,7 +15408,7 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 $as_echo "$ld_shlibs" >&6; } -test "$ld_shlibs" = no && can_build_shared=no +test no = "$ld_shlibs" && can_build_shared=no with_gnu_ld=$with_gnu_ld @@ -14993,7 +15434,7 @@ x|xyes) # Assume -lc should be added archive_cmds_need_lc=yes - if test "$enable_shared" = yes && test "$GCC" = yes; then + if test yes,yes = "$GCC,$enable_shared"; then case $archive_cmds in *'~'*) # FIXME: we may have to deal with multi-command sequences. @@ -15208,14 +15649,14 @@ esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 $as_echo_n "checking dynamic linker characteristics... " >&6; } -if test "$GCC" = yes; then +if test yes = "$GCC"; then case $host_os in - darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; - *) lt_awk_arg="/^libraries:/" ;; + darwin*) lt_awk_arg='/^libraries:/,/LR/' ;; + *) lt_awk_arg='/^libraries:/' ;; esac case $host_os in - mingw* | cegcc*) lt_sed_strip_eq="s,=\([A-Za-z]:\),\1,g" ;; - *) lt_sed_strip_eq="s,=/,/,g" ;; + mingw* | cegcc*) lt_sed_strip_eq='s|=\([A-Za-z]:\)|\1|g' ;; + *) lt_sed_strip_eq='s|=/|/|g' ;; esac lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` case $lt_search_path_spec in @@ -15231,28 +15672,35 @@ if test "$GCC" = yes; then ;; esac # Ok, now we have the path, separated by spaces, we can step through it - # and add multilib dir if necessary. + # and add multilib dir if necessary... lt_tmp_lt_search_path_spec= - lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` + lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` + # ...but if some path component already ends with the multilib dir we assume + # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer). + case "$lt_multi_os_dir; $lt_search_path_spec " in + "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*) + lt_multi_os_dir= + ;; + esac for lt_sys_path in $lt_search_path_spec; do - if test -d "$lt_sys_path/$lt_multi_os_dir"; then - lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" - else + if test -d "$lt_sys_path$lt_multi_os_dir"; then + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir" + elif test -n "$lt_multi_os_dir"; then test -d "$lt_sys_path" && \ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" fi done lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' -BEGIN {RS=" "; FS="/|\n";} { - lt_foo=""; - lt_count=0; +BEGIN {RS = " "; FS = "/|\n";} { + lt_foo = ""; + lt_count = 0; for (lt_i = NF; lt_i > 0; lt_i--) { if ($lt_i != "" && $lt_i != ".") { if ($lt_i == "..") { lt_count++; } else { if (lt_count == 0) { - lt_foo="/" $lt_i lt_foo; + lt_foo = "/" $lt_i lt_foo; } else { lt_count--; } @@ -15266,7 +15714,7 @@ BEGIN {RS=" "; FS="/|\n";} { # for these hosts. case $host_os in mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ - $SED 's,/\([A-Za-z]:\),\1,g'` ;; + $SED 's|/\([A-Za-z]:\)|\1|g'` ;; esac sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` else @@ -15275,7 +15723,7 @@ fi library_names_spec= libname_spec='lib$name' soname_spec= -shrext_cmds=".so" +shrext_cmds=.so postinstall_cmds= postuninstall_cmds= finish_cmds= @@ -15292,14 +15740,16 @@ hardcode_into_libs=no # flags to be left without arguments need_version=unknown + + case $host_os in aix3*) version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' + library_names_spec='$libname$release$shared_ext$versuffix $libname.a' shlibpath_var=LIBPATH # AIX 3 has no versioning support, so we append a major version to the name. - soname_spec='${libname}${release}${shared_ext}$major' + soname_spec='$libname$release$shared_ext$major' ;; aix[4-9]*) @@ -15307,41 +15757,91 @@ aix[4-9]*) need_lib_prefix=no need_version=no hardcode_into_libs=yes - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # AIX 5 supports IA64 - library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' + library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH else # With GCC up to 2.95.x, collect2 would create an import file # for dependence libraries. The import file would start with - # the line `#! .'. This would cause the generated library to - # depend on `.', always an invalid library. This was fixed in + # the line '#! .'. This would cause the generated library to + # depend on '.', always an invalid library. This was fixed in # development snapshots of GCC prior to 3.0. case $host_os in aix4 | aix4.[01] | aix4.[01].*) if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' echo ' yes ' - echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then + echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then : else can_build_shared=no fi ;; esac - # AIX (on Power*) has no versioning support, so currently we can not hardcode correct + # Using Import Files as archive members, it is possible to support + # filename-based versioning of shared library archives on AIX. While + # this would work for both with and without runtime linking, it will + # prevent static linking of such archives. So we do filename-based + # shared library versioning with .so extension only, which is used + # when both runtime linking and shared linking is enabled. + # Unfortunately, runtime linking may impact performance, so we do + # not want this to be the default eventually. Also, we use the + # versioned .so libs for executables only if there is the -brtl + # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only. + # To allow for filename-based versioning support, we need to create + # libNAME.so.V as an archive file, containing: + # *) an Import File, referring to the versioned filename of the + # archive as well as the shared archive member, telling the + # bitwidth (32 or 64) of that shared object, and providing the + # list of exported symbols of that shared object, eventually + # decorated with the 'weak' keyword + # *) the shared object with the F_LOADONLY flag set, to really avoid + # it being seen by the linker. + # At run time we better use the real file rather than another symlink, + # but for link time we create the symlink libNAME.so -> libNAME.so.V + + case $with_aix_soname,$aix_use_runtimelinking in + # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. - if test "$aix_use_runtimelinking" = yes; then + aix,yes) # traditional libtool + dynamic_linker='AIX unversionable lib.so' # If using run time linking (on AIX 4.2 or later) use lib.so # instead of lib.a to let people know that these are not # typical AIX shared libraries. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - else + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + ;; + aix,no) # traditional AIX only + dynamic_linker='AIX lib.a(lib.so.V)' # We preserve .a as extension for shared libraries through AIX4.2 # and later when we are not doing run time linking. - library_names_spec='${libname}${release}.a $libname.a' - soname_spec='${libname}${release}${shared_ext}$major' - fi + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + ;; + svr4,*) # full svr4 only + dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o)" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,yes) # both, prefer svr4 + dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o), lib.a(lib.so.V)" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # unpreferred sharedlib libNAME.a needs extra handling + postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"' + postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,no) # both, prefer aix + dynamic_linker="AIX lib.a(lib.so.V), lib.so.V($shared_archive_member_spec.o)" + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling + postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)' + postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"' + ;; + esac shlibpath_var=LIBPATH fi ;; @@ -15351,18 +15851,18 @@ amigaos*) powerpc) # Since July 2007 AmigaOS4 officially supports .so libraries. # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' ;; m68k) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. - finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' ;; esac ;; beos*) - library_names_spec='${libname}${shared_ext}' + library_names_spec='$libname$shared_ext' dynamic_linker="$host_os ld.so" shlibpath_var=LIBRARY_PATH ;; @@ -15370,8 +15870,8 @@ beos*) bsdi[45]*) version_type=linux # correct to gnu/linux during the next big refactor need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" @@ -15383,7 +15883,7 @@ bsdi[45]*) cygwin* | mingw* | pw32* | cegcc*) version_type=windows - shrext_cmds=".dll" + shrext_cmds=.dll need_version=no need_lib_prefix=no @@ -15392,8 +15892,8 @@ cygwin* | mingw* | pw32* | cegcc*) # gcc library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds - postinstall_cmds='base_file=`basename \${file}`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname~ @@ -15409,17 +15909,17 @@ cygwin* | mingw* | pw32* | cegcc*) case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' - soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api" ;; mingw* | cegcc*) # MinGW DLLs use traditional 'lib' prefix - soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' - library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' ;; esac dynamic_linker='Win32 ld.exe' @@ -15428,8 +15928,8 @@ cygwin* | mingw* | pw32* | cegcc*) *,cl*) # Native MSVC libname_spec='$name' - soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' - library_names_spec='${libname}.dll.lib' + soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + library_names_spec='$libname.dll.lib' case $build_os in mingw*) @@ -15456,7 +15956,7 @@ cygwin* | mingw* | pw32* | cegcc*) sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` ;; *) - sys_lib_search_path_spec="$LIB" + sys_lib_search_path_spec=$LIB if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then # It is most probably a Windows format PATH. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` @@ -15469,8 +15969,8 @@ cygwin* | mingw* | pw32* | cegcc*) esac # DLL is installed to $(libdir)/../bin by postinstall_cmds - postinstall_cmds='base_file=`basename \${file}`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname' @@ -15483,7 +15983,7 @@ cygwin* | mingw* | pw32* | cegcc*) *) # Assume MSVC wrapper - library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib' + library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib' dynamic_linker='Win32 ld.exe' ;; esac @@ -15496,8 +15996,8 @@ darwin* | rhapsody*) version_type=darwin need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext' - soname_spec='${libname}${release}${major}$shared_ext' + library_names_spec='$libname$release$major$shared_ext $libname$shared_ext' + soname_spec='$libname$release$major$shared_ext' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' @@ -15510,8 +16010,8 @@ dgux*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH ;; @@ -15529,12 +16029,13 @@ freebsd* | dragonfly*) version_type=freebsd-$objformat case $version_type in freebsd-elf*) - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' need_version=no need_lib_prefix=no ;; freebsd-*) - library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' need_version=yes ;; esac @@ -15564,10 +16065,10 @@ haiku*) need_lib_prefix=no need_version=no dynamic_linker="$host_os runtime_loader" - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LIBRARY_PATH - shlibpath_overrides_runpath=yes + shlibpath_overrides_runpath=no sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' hardcode_into_libs=yes ;; @@ -15585,14 +16086,15 @@ hpux9* | hpux10* | hpux11*) dynamic_linker="$host_os dld.so" shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - if test "X$HPUX_IA64_MODE" = X32; then + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + if test 32 = "$HPUX_IA64_MODE"; then sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + sys_lib_dlsearch_path_spec=/usr/lib/hpux32 else sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + sys_lib_dlsearch_path_spec=/usr/lib/hpux64 fi - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; hppa*64*) shrext_cmds='.sl' @@ -15600,8 +16102,8 @@ hpux9* | hpux10* | hpux11*) dynamic_linker="$host_os dld.sl" shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; @@ -15610,8 +16112,8 @@ hpux9* | hpux10* | hpux11*) dynamic_linker="$host_os dld.sl" shlibpath_var=SHLIB_PATH shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' ;; esac # HP-UX runs *really* slowly unless shared libraries are mode 555, ... @@ -15624,8 +16126,8 @@ interix[3-9]*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no @@ -15636,7 +16138,7 @@ irix5* | irix6* | nonstopux*) case $host_os in nonstopux*) version_type=nonstopux ;; *) - if test "$lt_cv_prog_gnu_ld" = yes; then + if test yes = "$lt_cv_prog_gnu_ld"; then version_type=linux # correct to gnu/linux during the next big refactor else version_type=irix @@ -15644,8 +16146,8 @@ irix5* | irix6* | nonstopux*) esac need_lib_prefix=no need_version=no - soname_spec='${libname}${release}${shared_ext}$major' - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext' case $host_os in irix5* | nonstopux*) libsuff= shlibsuff= @@ -15664,8 +16166,8 @@ irix5* | irix6* | nonstopux*) esac shlibpath_var=LD_LIBRARY${shlibsuff}_PATH shlibpath_overrides_runpath=no - sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" - sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" + sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" + sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" hardcode_into_libs=yes ;; @@ -15674,13 +16176,33 @@ linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; +linux*android*) + version_type=none # Android doesn't support versioned libraries. + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext' + soname_spec='$libname$release$shared_ext' + finish_cmds= + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. + hardcode_libdir_flag_spec='-L$libdir' + ;; + # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no @@ -15724,7 +16246,12 @@ fi # before this can be enabled. hardcode_into_libs=yes - # Append ld.so.conf contents to the search path + # Ideally, we could use ldconfig to report *all* directores which are + # searched for libraries, however this is still not possible. Aside from not + # being certain /sbin/ldconfig is available, command + # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64, + # even though it is searched at run-time. Try to do the best guess by + # appending ld.so.conf contents (and includes) to the search path. if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" @@ -15756,12 +16283,12 @@ netbsd*) need_lib_prefix=no need_version=no if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' dynamic_linker='NetBSD (a.out) ld.so' else - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' dynamic_linker='NetBSD ld.elf_so' fi shlibpath_var=LD_LIBRARY_PATH @@ -15771,7 +16298,7 @@ netbsd*) newsos6) version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; @@ -15780,58 +16307,68 @@ newsos6) version_type=qnx need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes dynamic_linker='ldqnx.so' ;; -openbsd*) +openbsd* | bitrig*) version_type=sunos - sys_lib_dlsearch_path_spec="/usr/lib" + sys_lib_dlsearch_path_spec=/usr/lib need_lib_prefix=no - # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. - case $host_os in - openbsd3.3 | openbsd3.3.*) need_version=yes ;; - *) need_version=no ;; - esac - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' - shlibpath_var=LD_LIBRARY_PATH - if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - case $host_os in - openbsd2.[89] | openbsd2.[89].*) - shlibpath_overrides_runpath=no - ;; - *) - shlibpath_overrides_runpath=yes - ;; - esac + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + need_version=no else - shlibpath_overrides_runpath=yes + need_version=yes fi + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes ;; os2*) libname_spec='$name' - shrext_cmds=".dll" + version_type=windows + shrext_cmds=.dll + need_version=no need_lib_prefix=no - library_names_spec='$libname${shared_ext} $libname.a' + # OS/2 can only load a DLL with a base name of 8 characters or less. + soname_spec='`test -n "$os2dllname" && libname="$os2dllname"; + v=$($ECHO $release$versuffix | tr -d .-); + n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _); + $ECHO $n$v`$shared_ext' + library_names_spec='${libname}_dll.$libext' dynamic_linker='OS/2 ld.exe' - shlibpath_var=LIBPATH + shlibpath_var=BEGINLIBPATH + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' ;; osf3* | osf4* | osf5*) version_type=osf need_lib_prefix=no need_version=no - soname_spec='${libname}${release}${shared_ext}$major' - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" - sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; rdos*) @@ -15842,8 +16379,8 @@ solaris*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes @@ -15853,11 +16390,11 @@ solaris*) sunos4*) version_type=sunos - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes - if test "$with_gnu_ld" = yes; then + if test yes = "$with_gnu_ld"; then need_lib_prefix=no fi need_version=yes @@ -15865,8 +16402,8 @@ sunos4*) sysv4 | sysv4.3*) version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH case $host_vendor in sni) @@ -15887,24 +16424,24 @@ sysv4 | sysv4.3*) ;; sysv4*MP*) - if test -d /usr/nec ;then + if test -d /usr/nec; then version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' - soname_spec='$libname${shared_ext}.$major' + library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext' + soname_spec='$libname$shared_ext.$major' shlibpath_var=LD_LIBRARY_PATH fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) - version_type=freebsd-elf + version_type=sco need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes - if test "$with_gnu_ld" = yes; then + if test yes = "$with_gnu_ld"; then sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' else sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' @@ -15922,7 +16459,7 @@ tpf*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes @@ -15930,8 +16467,8 @@ tpf*) uts4*) version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH ;; @@ -15941,20 +16478,35 @@ uts4*) esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 $as_echo "$dynamic_linker" >&6; } -test "$dynamic_linker" = no && can_build_shared=no +test no = "$dynamic_linker" && can_build_shared=no variables_saved_for_relink="PATH $shlibpath_var $runpath_var" -if test "$GCC" = yes; then +if test yes = "$GCC"; then variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" fi -if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then - sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" +if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then + sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec fi -if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then - sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" + +if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then + sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec fi +# remember unaugmented sys_lib_dlsearch_path content for libtool script decls... +configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec + +# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code +func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH" + +# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool +configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH + + + + + + @@ -16051,15 +16603,15 @@ $as_echo_n "checking how to hardcode library paths into programs... " >&6; } hardcode_action= if test -n "$hardcode_libdir_flag_spec" || test -n "$runpath_var" || - test "X$hardcode_automatic" = "Xyes" ; then + test yes = "$hardcode_automatic"; then # We can hardcode non-existent directories. - if test "$hardcode_direct" != no && + if test no != "$hardcode_direct" && # If the only mechanism to avoid hardcoding is shlibpath_var, we # have to relink, otherwise we might link with an installed library # when we should be linking with a yet-to-be-installed one - ## test "$_LT_TAGVAR(hardcode_shlibpath_var, )" != no && - test "$hardcode_minus_L" != no; then + ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, )" && + test no != "$hardcode_minus_L"; then # Linking always hardcodes the temporary library directory. hardcode_action=relink else @@ -16074,12 +16626,12 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 $as_echo "$hardcode_action" >&6; } -if test "$hardcode_action" = relink || - test "$inherit_rpath" = yes; then +if test relink = "$hardcode_action" || + test yes = "$inherit_rpath"; then # Fast installation is not supported enable_fast_install=no -elif test "$shlibpath_overrides_runpath" = yes || - test "$enable_shared" = no; then +elif test yes = "$shlibpath_overrides_runpath" || + test no = "$enable_shared"; then # Fast installation is not necessary enable_fast_install=needless fi @@ -16089,7 +16641,7 @@ fi - if test "x$enable_dlopen" != xyes; then + if test yes != "$enable_dlopen"; then enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown @@ -16099,23 +16651,23 @@ else case $host_os in beos*) - lt_cv_dlopen="load_add_on" + lt_cv_dlopen=load_add_on lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ;; mingw* | pw32* | cegcc*) - lt_cv_dlopen="LoadLibrary" + lt_cv_dlopen=LoadLibrary lt_cv_dlopen_libs= ;; cygwin*) - lt_cv_dlopen="dlopen" + lt_cv_dlopen=dlopen lt_cv_dlopen_libs= ;; darwin*) - # if libdl is installed we need to link against it + # if libdl is installed we need to link against it { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 $as_echo_n "checking for dlopen in -ldl... " >&6; } if ${ac_cv_lib_dl_dlopen+:} false; then : @@ -16153,10 +16705,10 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 $as_echo "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = xyes; then : - lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" + lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl else - lt_cv_dlopen="dyld" + lt_cv_dlopen=dyld lt_cv_dlopen_libs= lt_cv_dlopen_self=yes @@ -16164,10 +16716,18 @@ fi ;; + tpf*) + # Don't try to run any link tests for TPF. We know it's impossible + # because TPF is a cross-compiler, and we know how we open DSOs. + lt_cv_dlopen=dlopen + lt_cv_dlopen_libs= + lt_cv_dlopen_self=no + ;; + *) ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load" if test "x$ac_cv_func_shl_load" = xyes; then : - lt_cv_dlopen="shl_load" + lt_cv_dlopen=shl_load else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 $as_echo_n "checking for shl_load in -ldld... " >&6; } @@ -16206,11 +16766,11 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 $as_echo "$ac_cv_lib_dld_shl_load" >&6; } if test "x$ac_cv_lib_dld_shl_load" = xyes; then : - lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld" + lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld else ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" if test "x$ac_cv_func_dlopen" = xyes; then : - lt_cv_dlopen="dlopen" + lt_cv_dlopen=dlopen else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 $as_echo_n "checking for dlopen in -ldl... " >&6; } @@ -16249,7 +16809,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 $as_echo "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = xyes; then : - lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" + lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 $as_echo_n "checking for dlopen in -lsvld... " >&6; } @@ -16288,7 +16848,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 $as_echo "$ac_cv_lib_svld_dlopen" >&6; } if test "x$ac_cv_lib_svld_dlopen" = xyes; then : - lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld" + lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 $as_echo_n "checking for dld_link in -ldld... " >&6; } @@ -16327,7 +16887,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 $as_echo "$ac_cv_lib_dld_dld_link" >&6; } if test "x$ac_cv_lib_dld_dld_link" = xyes; then : - lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld" + lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld fi @@ -16348,21 +16908,21 @@ fi ;; esac - if test "x$lt_cv_dlopen" != xno; then - enable_dlopen=yes - else + if test no = "$lt_cv_dlopen"; then enable_dlopen=no + else + enable_dlopen=yes fi case $lt_cv_dlopen in dlopen) - save_CPPFLAGS="$CPPFLAGS" - test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" + save_CPPFLAGS=$CPPFLAGS + test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" - save_LDFLAGS="$LDFLAGS" + save_LDFLAGS=$LDFLAGS wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" - save_LIBS="$LIBS" + save_LIBS=$LIBS LIBS="$lt_cv_dlopen_libs $LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 @@ -16370,7 +16930,7 @@ $as_echo_n "checking whether a program can dlopen itself... " >&6; } if ${lt_cv_dlopen_self+:} false; then : $as_echo_n "(cached) " >&6 else - if test "$cross_compiling" = yes; then : + if test yes = "$cross_compiling"; then : lt_cv_dlopen_self=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 @@ -16417,9 +16977,9 @@ else # endif #endif -/* When -fvisbility=hidden is used, assume the code has been annotated +/* When -fvisibility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ -#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) int fnord () __attribute__((visibility("default"))); #endif @@ -16449,7 +17009,7 @@ _LT_EOF (eval $ac_link) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then + test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? case x$lt_status in @@ -16469,14 +17029,14 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 $as_echo "$lt_cv_dlopen_self" >&6; } - if test "x$lt_cv_dlopen_self" = xyes; then + if test yes = "$lt_cv_dlopen_self"; then wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 $as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; } if ${lt_cv_dlopen_self_static+:} false; then : $as_echo_n "(cached) " >&6 else - if test "$cross_compiling" = yes; then : + if test yes = "$cross_compiling"; then : lt_cv_dlopen_self_static=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 @@ -16523,9 +17083,9 @@ else # endif #endif -/* When -fvisbility=hidden is used, assume the code has been annotated +/* When -fvisibility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ -#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) int fnord () __attribute__((visibility("default"))); #endif @@ -16555,7 +17115,7 @@ _LT_EOF (eval $ac_link) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then + test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? case x$lt_status in @@ -16576,9 +17136,9 @@ fi $as_echo "$lt_cv_dlopen_self_static" >&6; } fi - CPPFLAGS="$save_CPPFLAGS" - LDFLAGS="$save_LDFLAGS" - LIBS="$save_LIBS" + CPPFLAGS=$save_CPPFLAGS + LDFLAGS=$save_LDFLAGS + LIBS=$save_LIBS ;; esac @@ -16622,7 +17182,7 @@ else # FIXME - insert some real tests, host_os isn't really good enough case $host_os in darwin*) - if test -n "$STRIP" ; then + if test -n "$STRIP"; then striplib="$STRIP -x" old_striplib="$STRIP -S" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 @@ -16650,7 +17210,7 @@ fi - # Report which library types will actually be built + # Report what library types will actually be built { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 $as_echo_n "checking if libtool supports shared libraries... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 @@ -16658,13 +17218,13 @@ $as_echo "$can_build_shared" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 $as_echo_n "checking whether to build shared libraries... " >&6; } - test "$can_build_shared" = "no" && enable_shared=no + test no = "$can_build_shared" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) - test "$enable_shared" = yes && enable_static=no + test yes = "$enable_shared" && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' @@ -16672,8 +17232,12 @@ $as_echo_n "checking whether to build shared libraries... " >&6; } ;; aix[4-9]*) - if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then - test "$enable_shared" = yes && enable_static=no + if test ia64 != "$host_cpu"; then + case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in + yes,aix,yes) ;; # shared object as lib.so file only + yes,svr4,*) ;; # shared object as lib.so archive member only + yes,*) enable_static=no ;; # shared object in lib.a archive as well + esac fi ;; esac @@ -16683,7 +17247,7 @@ $as_echo "$enable_shared" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 $as_echo_n "checking whether to build static libraries... " >&6; } # Make sure either enable_shared or enable_static is yes. - test "$enable_shared" = yes || enable_static=yes + test yes = "$enable_shared" || enable_static=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 $as_echo "$enable_static" >&6; } @@ -16697,7 +17261,7 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu -CC="$lt_save_CC" +CC=$lt_save_CC @@ -17420,6 +17984,14 @@ if test x$perl_cpan_install = xtrue; then perl_cpan=true fi +if test x$aikgen = xtrue; then + tss_trousers=true +fi + +if test x$aikpub2 = xtrue; then + tss_tss2=true +fi + # =========================================== # check required libraries and header files # =========================================== @@ -18045,7 +18617,7 @@ fi # Android has pthread_* functions in bionic (libc), others need libpthread -LIBS="" +LIBS=$DLLIB { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing pthread_create" >&5 $as_echo_n "checking for library containing pthread_create... " >&6; } if ${ac_cv_search_pthread_create+:} false; then : @@ -18104,6 +18676,66 @@ fi +# uClibc requires explicit -latomic for __atomic_* operations +LIBS="" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing __atomic_load" >&5 +$as_echo_n "checking for library containing __atomic_load... " >&6; } +if ${ac_cv_search___atomic_load+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char __atomic_load (); +int +main () +{ +return __atomic_load (); + ; + return 0; +} +_ACEOF +for ac_lib in '' atomic; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search___atomic_load=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search___atomic_load+:} false; then : + break +fi +done +if ${ac_cv_search___atomic_load+:} false; then : + +else + ac_cv_search___atomic_load=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search___atomic_load" >&5 +$as_echo "$ac_cv_search___atomic_load" >&6; } +ac_res=$ac_cv_search___atomic_load +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + ATOMICLIB=$LIBS +fi + + + LIBS=$saved_LIBS # ------------------------------------------------------ @@ -18134,11 +18766,11 @@ $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -# check if pthread_condattr_setclock(CLOCK_MONOTONE) is supported +# check if pthread_condattr_setclock(CLOCK_MONOTONIC) is supported saved_LIBS=$LIBS LIBS=$PTHREADLIB -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_condattr_setclock(CLOCK_MONOTONE)" >&5 -$as_echo_n "checking for pthread_condattr_setclock(CLOCK_MONOTONE)... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_condattr_setclock(CLOCK_MONOTONIC)" >&5 +$as_echo_n "checking for pthread_condattr_setclock(CLOCK_MONOTONIC)... " >&6; } if test "$cross_compiling" = yes; then : # Check existence of pthread_condattr_setclock if cross-compiling { $as_echo "$as_me:${as_lineno-$LINENO}: result: unknown" >&5 @@ -19329,7 +19961,6 @@ if test "x$ac_cv_lib_ldns_main" = xyes; then : else as_fn_error $? "UNBOUND library ldns not found" "$LINENO" 5 fi -ac_cv_lib_ldns=ac_cv_lib_ldns_main ac_fn_c_check_header_mongrel "$LINENO" "ldns/ldns.h" "ac_cv_header_ldns_ldns_h" "$ac_includes_default" if test "x$ac_cv_header_ldns_ldns_h" = xyes; then : @@ -19374,7 +20005,6 @@ if test "x$ac_cv_lib_unbound_main" = xyes; then : else as_fn_error $? "UNBOUND library libunbound not found" "$LINENO" 5 fi -ac_cv_lib_unbound=ac_cv_lib_unbound_main ac_fn_c_check_header_mongrel "$LINENO" "unbound.h" "ac_cv_header_unbound_h" "$ac_includes_default" if test "x$ac_cv_header_unbound_h" = xyes; then : @@ -20034,7 +20664,7 @@ $as_echo "yes" >&6; } fi fi -if test x$tss = xtrousers; then +if test x$tss_trousers = xtrue; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -ltspi" >&5 $as_echo_n "checking for main in -ltspi... " >&6; } if ${ac_cv_lib_tspi_main+:} false; then : @@ -20084,6 +20714,55 @@ $as_echo "#define TSS_TROUSERS /**/" >>confdefs.h fi +if test x$tss_tss2 = xtrue; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -ltss2" >&5 +$as_echo_n "checking for main in -ltss2... " >&6; } +if ${ac_cv_lib_tss2_main+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ltss2 $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + +int +main () +{ +return main (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_tss2_main=yes +else + ac_cv_lib_tss2_main=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_tss2_main" >&5 +$as_echo "$ac_cv_lib_tss2_main" >&6; } +if test "x$ac_cv_lib_tss2_main" = xyes; then : + LIBS="$LIBS" +else + as_fn_error $? "TTS 2.0 library libtss2 not found" "$LINENO" 5 +fi + + ac_fn_c_check_header_mongrel "$LINENO" "tss2/tpm20.h" "ac_cv_header_tss2_tpm20_h" "$ac_includes_default" +if test "x$ac_cv_header_tss2_tpm20_h" = xyes; then : + +else + as_fn_error $? "TSS 2.0 header tss2/tpm20.h not found!" "$LINENO" 5 +fi + + + +$as_echo "#define TSS_TSS2 /**/" >>confdefs.h + +fi if test x$imv_swid = xtrue; then pkg_failed=no @@ -22106,6 +22785,8 @@ fi if test x$python_eggs = xtrue; then + PYTHON_PACKAGE_VERSION=`echo "$PACKAGE_VERSION" | $SED 's/dr/dev/'` + if test x$python_eggs_install = xtrue; then # Extract the first word of "easy_install", so it can be a program name with args. set dummy easy_install; ac_word=$2 @@ -24581,7 +25262,7 @@ else USE_CONFTEST_FALSE= fi - if test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$svc = xtrue -o x$systemd = xtrue; then + if test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$aikpub2 = xtrue -o x$svc = xtrue -o x$systemd = xtrue; then USE_LIBSTRONGSWAN_TRUE= USE_LIBSTRONGSWAN_FALSE='#' else @@ -24629,6 +25310,14 @@ else USE_LIBPTTLS_FALSE= fi + if test x$tss_trousers = xtrue -o x$tss_tss2 = xtrue -o x$aikgen = xtrue -o x$aikpub2 = xtrue -o x$imcv = xtrue; then + USE_LIBTPMTSS_TRUE= + USE_LIBTPMTSS_FALSE='#' +else + USE_LIBTPMTSS_TRUE='#' + USE_LIBTPMTSS_FALSE= +fi + if test x$stroke = xtrue; then USE_FILE_CONFIG_TRUE= USE_FILE_CONFIG_FALSE='#' @@ -24701,7 +25390,7 @@ else USE_IMCV_FALSE= fi - if test x$tss = xtrousers -o x$aikgen = xtrue; then + if test x$tss_trousers = xtrue; then USE_TROUSERS_TRUE= USE_TROUSERS_FALSE='#' else @@ -24709,6 +25398,14 @@ else USE_TROUSERS_FALSE= fi + if test x$tss_tss2 = xtrue; then + USE_TSS2_TRUE= + USE_TSS2_FALSE='#' +else + USE_TSS2_TRUE='#' + USE_TSS2_FALSE= +fi + if test x$monolithic = xtrue; then MONOLITHIC_TRUE= MONOLITHIC_FALSE='#' @@ -24765,6 +25462,14 @@ else USE_AIKGEN_FALSE= fi + if test x$aikpub2 = xtrue; then + USE_AIKPUB2_TRUE= + USE_AIKPUB2_FALSE='#' +else + USE_AIKPUB2_TRUE='#' + USE_AIKPUB2_FALSE= +fi + if test x$swanctl = xtrue; then USE_SWANCTL_TRUE= USE_SWANCTL_FALSE='#' @@ -24874,6 +25579,9 @@ strongswan_options= if test -z "$USE_AIKGEN_TRUE"; then : strongswan_options=${strongswan_options}" aikgen" fi +if test -z "$USE_AIKPUB2_TRUE"; then : + strongswan_options=${strongswan_options}" aikpub2" +fi if test -z "$USE_ATTR_SQL_TRUE"; then : strongswan_options=${strongswan_options}" pool" fi @@ -24917,7 +25625,7 @@ fi # build Makefiles # ================= -ac_config_files="$ac_config_files Makefile conf/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/sha3/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/rdrand/Makefile src/libstrongswan/plugins/aesni/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/nonce/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/constraints/Makefile src/libstrongswan/plugins/acert/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pkcs7/Makefile src/libstrongswan/plugins/pkcs8/Makefile src/libstrongswan/plugins/pkcs12/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/sshkey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/files/Makefile src/libstrongswan/plugins/winhttp/Makefile src/libstrongswan/plugins/unbound/Makefile src/libstrongswan/plugins/soup/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/keychain/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/chapoly/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile src/libstrongswan/plugins/ntru/Makefile src/libstrongswan/plugins/bliss/Makefile src/libstrongswan/plugins/bliss/tests/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libstrongswan/tests/Makefile src/libipsec/Makefile src/libipsec/tests/Makefile src/libsimaka/Makefile src/libtls/Makefile src/libtls/tests/Makefile src/libradius/Makefile src/libtncif/Makefile src/libtnccs/Makefile src/libtnccs/plugins/tnc_tnccs/Makefile src/libtnccs/plugins/tnc_imc/Makefile src/libtnccs/plugins/tnc_imv/Makefile src/libtnccs/plugins/tnccs_11/Makefile src/libtnccs/plugins/tnccs_20/Makefile src/libtnccs/plugins/tnccs_dynamic/Makefile src/libpttls/Makefile src/libimcv/Makefile src/libimcv/plugins/imc_test/Makefile src/libimcv/plugins/imv_test/Makefile src/libimcv/plugins/imc_scanner/Makefile src/libimcv/plugins/imv_scanner/Makefile src/libimcv/plugins/imc_os/Makefile src/libimcv/plugins/imv_os/Makefile src/libimcv/plugins/imc_attestation/Makefile src/libimcv/plugins/imv_attestation/Makefile src/libimcv/plugins/imc_swid/Makefile src/libimcv/plugins/imv_swid/Makefile src/libimcv/plugins/imc_hcd/Makefile src/libimcv/plugins/imv_hcd/Makefile src/charon/Makefile src/charon-nm/Makefile src/charon-tkm/Makefile src/charon-cmd/Makefile src/charon-svc/Makefile src/charon-systemd/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_dynamic/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_sim_pcsc/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_peap/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/xauth_generic/Makefile src/libcharon/plugins/xauth_eap/Makefile src/libcharon/plugins/xauth_pam/Makefile src/libcharon/plugins/xauth_noauth/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/socket_win/Makefile src/libcharon/plugins/connmark/Makefile src/libcharon/plugins/forecast/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/dnscert/Makefile src/libcharon/plugins/ipseckey/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/unity/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_libipsec/Makefile src/libcharon/plugins/kernel_wfp/Makefile src/libcharon/plugins/kernel_iph/Makefile src/libcharon/plugins/whitelist/Makefile src/libcharon/plugins/ext_auth/Makefile src/libcharon/plugins/lookip/Makefile src/libcharon/plugins/error_notify/Makefile src/libcharon/plugins/certexpire/Makefile src/libcharon/plugins/systime_fix/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile src/libcharon/plugins/coupling/Makefile src/libcharon/plugins/radattr/Makefile src/libcharon/plugins/osx_attr/Makefile src/libcharon/plugins/p_cscf/Makefile src/libcharon/plugins/android_dns/Makefile src/libcharon/plugins/android_log/Makefile src/libcharon/plugins/maemo/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/vici/Makefile src/libcharon/plugins/vici/ruby/Makefile src/libcharon/plugins/vici/perl/Makefile src/libcharon/plugins/vici/python/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/load_tester/Makefile src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/attr/Makefile src/libcharon/plugins/attr_sql/Makefile src/libcharon/tests/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/starter/tests/Makefile src/_updown/Makefile src/_copyright/Makefile src/scepclient/Makefile src/aikgen/Makefile src/pki/Makefile src/pki/man/Makefile src/pool/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile src/conftest/Makefile src/pt-tls-client/Makefile src/swanctl/Makefile scripts/Makefile testing/Makefile" +ac_config_files="$ac_config_files Makefile conf/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/sha3/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/rdrand/Makefile src/libstrongswan/plugins/aesni/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/nonce/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/constraints/Makefile src/libstrongswan/plugins/acert/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pkcs7/Makefile src/libstrongswan/plugins/pkcs8/Makefile src/libstrongswan/plugins/pkcs12/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/sshkey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/files/Makefile src/libstrongswan/plugins/winhttp/Makefile src/libstrongswan/plugins/unbound/Makefile src/libstrongswan/plugins/soup/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/keychain/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/chapoly/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile src/libstrongswan/plugins/ntru/Makefile src/libstrongswan/plugins/bliss/Makefile src/libstrongswan/plugins/bliss/tests/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libstrongswan/tests/Makefile src/libipsec/Makefile src/libipsec/tests/Makefile src/libsimaka/Makefile src/libtls/Makefile src/libtls/tests/Makefile src/libradius/Makefile src/libtncif/Makefile src/libtnccs/Makefile src/libtnccs/plugins/tnc_tnccs/Makefile src/libtnccs/plugins/tnc_imc/Makefile src/libtnccs/plugins/tnc_imv/Makefile src/libtnccs/plugins/tnccs_11/Makefile src/libtnccs/plugins/tnccs_20/Makefile src/libtnccs/plugins/tnccs_dynamic/Makefile src/libpttls/Makefile src/libimcv/Makefile src/libimcv/plugins/imc_test/Makefile src/libimcv/plugins/imv_test/Makefile src/libimcv/plugins/imc_scanner/Makefile src/libimcv/plugins/imv_scanner/Makefile src/libimcv/plugins/imc_os/Makefile src/libimcv/plugins/imv_os/Makefile src/libimcv/plugins/imc_attestation/Makefile src/libimcv/plugins/imv_attestation/Makefile src/libimcv/plugins/imc_swid/Makefile src/libimcv/plugins/imv_swid/Makefile src/libimcv/plugins/imc_hcd/Makefile src/libimcv/plugins/imv_hcd/Makefile src/charon/Makefile src/charon-nm/Makefile src/charon-tkm/Makefile src/charon-cmd/Makefile src/charon-svc/Makefile src/charon-systemd/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_dynamic/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_sim_pcsc/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_peap/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/xauth_generic/Makefile src/libcharon/plugins/xauth_eap/Makefile src/libcharon/plugins/xauth_pam/Makefile src/libcharon/plugins/xauth_noauth/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/socket_win/Makefile src/libcharon/plugins/connmark/Makefile src/libcharon/plugins/forecast/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/dnscert/Makefile src/libcharon/plugins/ipseckey/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/unity/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_libipsec/Makefile src/libcharon/plugins/kernel_wfp/Makefile src/libcharon/plugins/kernel_iph/Makefile src/libcharon/plugins/whitelist/Makefile src/libcharon/plugins/ext_auth/Makefile src/libcharon/plugins/lookip/Makefile src/libcharon/plugins/error_notify/Makefile src/libcharon/plugins/certexpire/Makefile src/libcharon/plugins/systime_fix/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile src/libcharon/plugins/coupling/Makefile src/libcharon/plugins/radattr/Makefile src/libcharon/plugins/osx_attr/Makefile src/libcharon/plugins/p_cscf/Makefile src/libcharon/plugins/android_dns/Makefile src/libcharon/plugins/android_log/Makefile src/libcharon/plugins/maemo/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/vici/Makefile src/libcharon/plugins/vici/ruby/Makefile src/libcharon/plugins/vici/perl/Makefile src/libcharon/plugins/vici/python/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/load_tester/Makefile src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/attr/Makefile src/libcharon/plugins/attr_sql/Makefile src/libcharon/tests/Makefile src/libtpmtss/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/starter/tests/Makefile src/_updown/Makefile src/_copyright/Makefile src/scepclient/Makefile src/aikgen/Makefile src/aikpub2/Makefile src/pki/Makefile src/pki/man/Makefile src/pool/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile src/conftest/Makefile src/pt-tls-client/Makefile src/swanctl/Makefile scripts/Makefile testing/Makefile" # ================= @@ -25745,6 +26453,10 @@ if test -z "${USE_LIBPTTLS_TRUE}" && test -z "${USE_LIBPTTLS_FALSE}"; then as_fn_error $? "conditional \"USE_LIBPTTLS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_LIBTPMTSS_TRUE}" && test -z "${USE_LIBTPMTSS_FALSE}"; then + as_fn_error $? "conditional \"USE_LIBTPMTSS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_FILE_CONFIG_TRUE}" && test -z "${USE_FILE_CONFIG_FALSE}"; then as_fn_error $? "conditional \"USE_FILE_CONFIG\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -25785,6 +26497,10 @@ if test -z "${USE_TROUSERS_TRUE}" && test -z "${USE_TROUSERS_FALSE}"; then as_fn_error $? "conditional \"USE_TROUSERS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_TSS2_TRUE}" && test -z "${USE_TSS2_FALSE}"; then + as_fn_error $? "conditional \"USE_TSS2\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${MONOLITHIC_TRUE}" && test -z "${MONOLITHIC_FALSE}"; then as_fn_error $? "conditional \"MONOLITHIC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -25813,6 +26529,10 @@ if test -z "${USE_AIKGEN_TRUE}" && test -z "${USE_AIKGEN_FALSE}"; then as_fn_error $? "conditional \"USE_AIKGEN\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_AIKPUB2_TRUE}" && test -z "${USE_AIKPUB2_FALSE}"; then + as_fn_error $? "conditional \"USE_AIKPUB2\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_SWANCTL_TRUE}" && test -z "${USE_SWANCTL_FALSE}"; then as_fn_error $? "conditional \"USE_SWANCTL\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -26242,7 +26962,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by strongSwan $as_me 5.4.0, which was +This file was extended by strongSwan $as_me 5.5.0, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -26308,7 +27028,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -strongSwan config.status 5.4.0 +strongSwan config.status 5.5.0 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -26443,6 +27163,7 @@ enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`' enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`' pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`' enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`' +shared_archive_member_spec='`$ECHO "$shared_archive_member_spec" | $SED "$delay_single_quote_subst"`' SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`' ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`' PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`' @@ -26492,10 +27213,13 @@ compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`' GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_import='`$ECHO "$lt_cv_sys_global_symbol_to_import" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`' +lt_cv_nm_interface='`$ECHO "$lt_cv_nm_interface" | $SED "$delay_single_quote_subst"`' nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`' lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`' +lt_cv_truncate_bin='`$ECHO "$lt_cv_truncate_bin" | $SED "$delay_single_quote_subst"`' objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`' MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`' lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`' @@ -26560,7 +27284,8 @@ finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' -sys_lib_dlsearch_path_spec='`$ECHO "$sys_lib_dlsearch_path_spec" | $SED "$delay_single_quote_subst"`' +configure_time_dlsearch_path='`$ECHO "$configure_time_dlsearch_path" | $SED "$delay_single_quote_subst"`' +configure_time_lt_sys_library_path='`$ECHO "$configure_time_lt_sys_library_path" | $SED "$delay_single_quote_subst"`' hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`' enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`' enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`' @@ -26611,9 +27336,12 @@ CFLAGS \ compiler \ lt_cv_sys_global_symbol_pipe \ lt_cv_sys_global_symbol_to_cdecl \ +lt_cv_sys_global_symbol_to_import \ lt_cv_sys_global_symbol_to_c_name_address \ lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \ +lt_cv_nm_interface \ nm_file_list_spec \ +lt_cv_truncate_bin \ lt_prog_compiler_no_builtin_flag \ lt_prog_compiler_pic \ lt_prog_compiler_wl \ @@ -26648,7 +27376,7 @@ old_striplib \ striplib; do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[\\\\\\\`\\"\\\$]*) - eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" @@ -26675,10 +27403,11 @@ postinstall_cmds \ postuninstall_cmds \ finish_cmds \ sys_lib_search_path_spec \ -sys_lib_dlsearch_path_spec; do +configure_time_dlsearch_path \ +configure_time_lt_sys_library_path; do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[\\\\\\\`\\"\\\$]*) - eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" @@ -26687,19 +27416,16 @@ sys_lib_dlsearch_path_spec; do done ac_aux_dir='$ac_aux_dir' -xsi_shell='$xsi_shell' -lt_shell_append='$lt_shell_append' -# See if we are running on zsh, and set the options which allow our +# See if we are running on zsh, and set the options that allow our # commands through without removal of \ escapes INIT. -if test -n "\${ZSH_VERSION+set}" ; then +if test -n "\${ZSH_VERSION+set}"; then setopt NO_GLOB_SUBST fi PACKAGE='$PACKAGE' VERSION='$VERSION' - TIMESTAMP='$TIMESTAMP' RM='$RM' ofile='$ofile' @@ -26889,6 +27615,7 @@ do "src/libcharon/plugins/attr/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/attr/Makefile" ;; "src/libcharon/plugins/attr_sql/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/attr_sql/Makefile" ;; "src/libcharon/tests/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/tests/Makefile" ;; + "src/libtpmtss/Makefile") CONFIG_FILES="$CONFIG_FILES src/libtpmtss/Makefile" ;; "src/stroke/Makefile") CONFIG_FILES="$CONFIG_FILES src/stroke/Makefile" ;; "src/ipsec/Makefile") CONFIG_FILES="$CONFIG_FILES src/ipsec/Makefile" ;; "src/starter/Makefile") CONFIG_FILES="$CONFIG_FILES src/starter/Makefile" ;; @@ -26897,6 +27624,7 @@ do "src/_copyright/Makefile") CONFIG_FILES="$CONFIG_FILES src/_copyright/Makefile" ;; "src/scepclient/Makefile") CONFIG_FILES="$CONFIG_FILES src/scepclient/Makefile" ;; "src/aikgen/Makefile") CONFIG_FILES="$CONFIG_FILES src/aikgen/Makefile" ;; + "src/aikpub2/Makefile") CONFIG_FILES="$CONFIG_FILES src/aikpub2/Makefile" ;; "src/pki/Makefile") CONFIG_FILES="$CONFIG_FILES src/pki/Makefile" ;; "src/pki/man/Makefile") CONFIG_FILES="$CONFIG_FILES src/pki/man/Makefile" ;; "src/pool/Makefile") CONFIG_FILES="$CONFIG_FILES src/pool/Makefile" ;; @@ -27623,55 +28351,53 @@ $as_echo X"$file" | ;; "libtool":C) - # See if we are running on zsh, and set the options which allow our + # See if we are running on zsh, and set the options that allow our # commands through without removal of \ escapes. - if test -n "${ZSH_VERSION+set}" ; then + if test -n "${ZSH_VERSION+set}"; then setopt NO_GLOB_SUBST fi - cfgfile="${ofile}T" + cfgfile=${ofile}T trap "$RM \"$cfgfile\"; exit 1" 1 2 15 $RM "$cfgfile" cat <<_LT_EOF >> "$cfgfile" #! $SHELL - -# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. -# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION +# Generated automatically by $as_me ($PACKAGE) $VERSION # Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # NOTE: Changes made to this file will be lost: look at ltmain.sh. + +# Provide generalized library-building support services. +# Written by Gordon Matzigkeit, 1996 + +# Copyright (C) 2014 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# GNU Libtool is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of of the License, or +# (at your option) any later version. # -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, -# 2006, 2007, 2008, 2009, 2010, 2011 Free Software -# Foundation, Inc. -# Written by Gordon Matzigkeit, 1996 -# -# This file is part of GNU Libtool. -# -# GNU Libtool is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. -# -# As a special exception to the GNU General Public License, -# if you distribute this file as part of a program or library that -# is built using GNU Libtool, you may include this file under the -# same distribution terms that you use for the rest of that program. +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program or library that is built +# using GNU Libtool, you may include this file under the same +# distribution terms that you use for the rest of that program. # -# GNU Libtool is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of +# GNU Libtool is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with GNU Libtool; see the file COPYING. If not, a copy -# can be downloaded from http://www.gnu.org/licenses/gpl.html, or -# obtained by writing to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# along with this program. If not, see . # The names of the tagged configurations supported by this script. -available_tags="" +available_tags='' + +# Configured defaults for sys_lib_dlsearch_path munging. +: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"} # ### BEGIN LIBTOOL CONFIG @@ -27691,6 +28417,9 @@ pic_mode=$pic_mode # Whether or not to optimize for fast installation. fast_install=$enable_fast_install +# Shared archive member basename,for filename based shared library versioning on AIX. +shared_archive_member_spec=$shared_archive_member_spec + # Shell to use when invoking shell scripts. SHELL=$lt_SHELL @@ -27808,18 +28537,27 @@ global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe # Transform the output of nm in a proper C declaration. global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl +# Transform the output of nm into a list of symbols to manually relocate. +global_symbol_to_import=$lt_lt_cv_sys_global_symbol_to_import + # Transform the output of nm in a C name address pair. global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address # Transform the output of nm in a C name address pair when lib prefix is needed. global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix +# The name lister interface. +nm_interface=$lt_lt_cv_nm_interface + # Specify filename containing input files for \$NM. nm_file_list_spec=$lt_nm_file_list_spec -# The root where to search for dependent libraries,and in which our libraries should be installed. +# The root where to search for dependent libraries,and where our libraries should be installed. lt_sysroot=$lt_sysroot +# Command to truncate a binary pipe. +lt_truncate_bin=$lt_lt_cv_truncate_bin + # The name of the directory that contains temporary libtool files. objdir=$objdir @@ -27910,8 +28648,11 @@ hardcode_into_libs=$hardcode_into_libs # Compile-time system search path for libraries. sys_lib_search_path_spec=$lt_sys_lib_search_path_spec -# Run-time system search path for libraries. -sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec +# Detected run-time system search path for libraries. +sys_lib_dlsearch_path_spec=$lt_configure_time_dlsearch_path + +# Explicit LT_SYS_LIBRARY_PATH set during ./configure time. +configure_time_lt_sys_library_path=$lt_configure_time_lt_sys_library_path # Whether dlopen is supported. dlopen_support=$enable_dlopen @@ -28004,13 +28745,13 @@ hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec # Whether we need a single "-rpath" flag with a separated argument. hardcode_libdir_separator=$lt_hardcode_libdir_separator -# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes +# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes # DIR into the resulting binary. hardcode_direct=$hardcode_direct -# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes +# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes # DIR into the resulting binary and the resulting library dependency is -# "absolute",i.e impossible to change by setting \${shlibpath_var} if the +# "absolute",i.e impossible to change by setting \$shlibpath_var if the # library is relocated. hardcode_direct_absolute=$hardcode_direct_absolute @@ -28060,6 +28801,65 @@ hardcode_action=$hardcode_action # ### END LIBTOOL CONFIG +_LT_EOF + + cat <<'_LT_EOF' >> "$cfgfile" + +# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE + +# func_munge_path_list VARIABLE PATH +# ----------------------------------- +# VARIABLE is name of variable containing _space_ separated list of +# directories to be munged by the contents of PATH, which is string +# having a format: +# "DIR[:DIR]:" +# string "DIR[ DIR]" will be prepended to VARIABLE +# ":DIR[:DIR]" +# string "DIR[ DIR]" will be appended to VARIABLE +# "DIRP[:DIRP]::[DIRA:]DIRA" +# string "DIRP[ DIRP]" will be prepended to VARIABLE and string +# "DIRA[ DIRA]" will be appended to VARIABLE +# "DIR[:DIR]" +# VARIABLE will be replaced by "DIR[ DIR]" +func_munge_path_list () +{ + case x$2 in + x) + ;; + *:) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\" + ;; + x:*) + eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\" + ;; + *::*) + eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" + eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\" + ;; + *) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\" + ;; + esac +} + + +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +func_cc_basename () +{ + for cc_temp in $*""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac + done + func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +} + + +# ### END FUNCTIONS SHARED WITH CONFIGURE + _LT_EOF case $host_os in @@ -28068,7 +28868,7 @@ _LT_EOF # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. -if test "X${COLLECT_NAMES+set}" != Xset; then +if test set != "${COLLECT_NAMES+set}"; then COLLECT_NAMES= export COLLECT_NAMES fi @@ -28077,7 +28877,7 @@ _LT_EOF esac -ltmain="$ac_aux_dir/ltmain.sh" +ltmain=$ac_aux_dir/ltmain.sh # We use sed instead of cat because bash on DJGPP gets confused if @@ -28087,165 +28887,6 @@ ltmain="$ac_aux_dir/ltmain.sh" sed '$q' "$ltmain" >> "$cfgfile" \ || (rm -f "$cfgfile"; exit 1) - if test x"$xsi_shell" = xyes; then - sed -e '/^func_dirname ()$/,/^} # func_dirname /c\ -func_dirname ()\ -{\ -\ case ${1} in\ -\ */*) func_dirname_result="${1%/*}${2}" ;;\ -\ * ) func_dirname_result="${3}" ;;\ -\ esac\ -} # Extended-shell func_dirname implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - sed -e '/^func_basename ()$/,/^} # func_basename /c\ -func_basename ()\ -{\ -\ func_basename_result="${1##*/}"\ -} # Extended-shell func_basename implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - sed -e '/^func_dirname_and_basename ()$/,/^} # func_dirname_and_basename /c\ -func_dirname_and_basename ()\ -{\ -\ case ${1} in\ -\ */*) func_dirname_result="${1%/*}${2}" ;;\ -\ * ) func_dirname_result="${3}" ;;\ -\ esac\ -\ func_basename_result="${1##*/}"\ -} # Extended-shell func_dirname_and_basename implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - sed -e '/^func_stripname ()$/,/^} # func_stripname /c\ -func_stripname ()\ -{\ -\ # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are\ -\ # positional parameters, so assign one to ordinary parameter first.\ -\ func_stripname_result=${3}\ -\ func_stripname_result=${func_stripname_result#"${1}"}\ -\ func_stripname_result=${func_stripname_result%"${2}"}\ -} # Extended-shell func_stripname implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - sed -e '/^func_split_long_opt ()$/,/^} # func_split_long_opt /c\ -func_split_long_opt ()\ -{\ -\ func_split_long_opt_name=${1%%=*}\ -\ func_split_long_opt_arg=${1#*=}\ -} # Extended-shell func_split_long_opt implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - sed -e '/^func_split_short_opt ()$/,/^} # func_split_short_opt /c\ -func_split_short_opt ()\ -{\ -\ func_split_short_opt_arg=${1#??}\ -\ func_split_short_opt_name=${1%"$func_split_short_opt_arg"}\ -} # Extended-shell func_split_short_opt implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - sed -e '/^func_lo2o ()$/,/^} # func_lo2o /c\ -func_lo2o ()\ -{\ -\ case ${1} in\ -\ *.lo) func_lo2o_result=${1%.lo}.${objext} ;;\ -\ *) func_lo2o_result=${1} ;;\ -\ esac\ -} # Extended-shell func_lo2o implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - sed -e '/^func_xform ()$/,/^} # func_xform /c\ -func_xform ()\ -{\ - func_xform_result=${1%.*}.lo\ -} # Extended-shell func_xform implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - sed -e '/^func_arith ()$/,/^} # func_arith /c\ -func_arith ()\ -{\ - func_arith_result=$(( $* ))\ -} # Extended-shell func_arith implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - sed -e '/^func_len ()$/,/^} # func_len /c\ -func_len ()\ -{\ - func_len_result=${#1}\ -} # Extended-shell func_len implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - -fi - -if test x"$lt_shell_append" = xyes; then - sed -e '/^func_append ()$/,/^} # func_append /c\ -func_append ()\ -{\ - eval "${1}+=\\${2}"\ -} # Extended-shell func_append implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - sed -e '/^func_append_quoted ()$/,/^} # func_append_quoted /c\ -func_append_quoted ()\ -{\ -\ func_quote_for_eval "${2}"\ -\ eval "${1}+=\\\\ \\$func_quote_for_eval_result"\ -} # Extended-shell func_append_quoted implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - # Save a `func_append' function call where possible by direct use of '+=' - sed -e 's%func_append \([a-zA-Z_]\{1,\}\) "%\1+="%g' $cfgfile > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") - test 0 -eq $? || _lt_function_replace_fail=: -else - # Save a `func_append' function call even when '+=' is not available - sed -e 's%func_append \([a-zA-Z_]\{1,\}\) "%\1="$\1%g' $cfgfile > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") - test 0 -eq $? || _lt_function_replace_fail=: -fi - -if test x"$_lt_function_replace_fail" = x":"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to substitute extended shell functions in $ofile" >&5 -$as_echo "$as_me: WARNING: Unable to substitute extended shell functions in $ofile" >&2;} -fi - - mv -f "$cfgfile" "$ofile" || (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") chmod +x "$ofile" diff --git a/configure.ac b/configure.ac index 9486907a2..3aa7d919e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,8 +1,8 @@ # # Copyright (C) 2007-2015 Tobias Brunner -# Copyright (C) 2006-2015 Andreas Steffen +# Copyright (C) 2006-2016 Andreas Steffen # Copyright (C) 2006-2014 Martin Willi -# Hochschule fuer Technik Rapperswil +# HSR Hochschule fuer Technik Rapperswil # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the @@ -19,7 +19,7 @@ # initialize & set some vars # ============================ -AC_INIT([strongSwan],[5.4.0]) +AC_INIT([strongSwan],[5.5.0]) AM_INIT_AUTOMAKE(m4_esyscmd([ echo tar-ustar echo subdir-objects @@ -62,8 +62,6 @@ ARG_WITH_SUBST([routing-table], [220], [set routing table to use for IPsec ARG_WITH_SUBST([routing-table-prio], [220], [set priority for IPsec routing table]) ARG_WITH_SUBST([ipsec-script], [ipsec], [change the name of the ipsec script]) ARG_WITH_SUBST([fips-mode], [0], [set openssl FIPS mode: disabled(0), enabled(1), Suite B enabled(2)]) - -ARG_WITH_SET([tss], [no], [set implementation of the Trusted Computing Group's Software Stack (TSS). Currently the only supported value is "trousers"]) ARG_WITH_SET([capabilities], [no], [set capability dropping library. Currently supported values are "libcap" and "native"]) ARG_WITH_SET([mpz_powm_sec], [yes], [use the more side-channel resistant mpz_powm_sec in libgmp, if available]) ARG_WITH_SET([dev-headers], [no], [install strongSwan development headers to directory.]) @@ -269,7 +267,8 @@ ARG_ENABL_SET([systime-fix], [enable plugin to handle cert lifetimes with inv ARG_ENABL_SET([test-vectors], [enable plugin providing crypto test vectors.]) ARG_DISBL_SET([updown], [disable updown firewall script plugin.]) # programs/components -ARG_ENABL_SET([aikgen], [enable AIK generator.]) +ARG_ENABL_SET([aikgen], [enable AIK generator for TPM 1.2.]) +ARG_ENABL_SET([aikpub2], [enable AIK extractor for TPM 2.0.]) ARG_DISBL_SET([charon], [disable the IKEv1/IKEv2 keying daemon charon.]) ARG_ENABL_SET([cmd], [enable the command line IKE client charon-cmd.]) ARG_ENABL_SET([conftest], [enforce Suite B conformance test framework.]) @@ -302,6 +301,9 @@ ARG_ENABL_SET([python-eggs], [enable build of provided python eggs.]) ARG_ENABL_SET([python-eggs-install],[enable installation of provided python eggs.]) ARG_ENABL_SET([perl-cpan], [enable build of provided perl CPAN module.]) ARG_ENABL_SET([perl-cpan-install],[enable installation of provided CPAN module.]) +ARG_ENABL_SET([tss-trousers], [enable the use of the TrouSerS Trusted Software Stack]) +ARG_ENABL_SET([tss-tss2], [enable the use of the TSS 2.0 Trusted Software Stack]) + # compile options ARG_ENABL_SET([coverage], [enable lcov coverage report generation.]) ARG_ENABL_SET([leak-detective], [enable malloc hooks to find memory leaks.]) @@ -455,6 +457,14 @@ if test x$perl_cpan_install = xtrue; then perl_cpan=true fi +if test x$aikgen = xtrue; then + tss_trousers=true +fi + +if test x$aikpub2 = xtrue; then + tss_tss2=true +fi + # =========================================== # check required libraries and header files # =========================================== @@ -486,10 +496,15 @@ AC_SEARCH_LIBS(socket, socket, [SOCKLIB=$LIBS], AC_SUBST(SOCKLIB) # Android has pthread_* functions in bionic (libc), others need libpthread -LIBS="" +LIBS=$DLLIB AC_SEARCH_LIBS(pthread_create, pthread, [PTHREADLIB=$LIBS]) AC_SUBST(PTHREADLIB) +# uClibc requires explicit -latomic for __atomic_* operations +LIBS="" +AC_SEARCH_LIBS(__atomic_load, atomic, [ATOMICLIB=$LIBS]) +AC_SUBST(ATOMICLIB) + LIBS=$saved_LIBS # ------------------------------------------------------ @@ -504,10 +519,10 @@ AC_COMPILE_IFELSE( [AC_MSG_RESULT([no])] ) -# check if pthread_condattr_setclock(CLOCK_MONOTONE) is supported +# check if pthread_condattr_setclock(CLOCK_MONOTONIC) is supported saved_LIBS=$LIBS LIBS=$PTHREADLIB -AC_MSG_CHECKING([for pthread_condattr_setclock(CLOCK_MONOTONE)]) +AC_MSG_CHECKING([for pthread_condattr_setclock(CLOCK_MONOTONIC)]) AC_RUN_IFELSE( [AC_LANG_SOURCE( [[#include @@ -917,9 +932,9 @@ if test x$curl = xtrue; then fi if test x$unbound = xtrue; then - AC_HAVE_LIBRARY([ldns],[LIBS="$LIBS"],[AC_MSG_ERROR([UNBOUND library ldns not found])]) + AC_CHECK_LIB([ldns],[main],[LIBS="$LIBS"],[AC_MSG_ERROR([UNBOUND library ldns not found])],[]) AC_CHECK_HEADER([ldns/ldns.h],,[AC_MSG_ERROR([UNBOUND header ldns/ldns.h not found!])]) - AC_HAVE_LIBRARY([unbound],[LIBS="$LIBS"],[AC_MSG_ERROR([UNBOUND library libunbound not found])]) + AC_CHECK_LIB([unbound],[main],[LIBS="$LIBS"],[AC_MSG_ERROR([UNBOUND library libunbound not found])],[]) AC_CHECK_HEADER([unbound.h],,[AC_MSG_ERROR([UNBOUND header unbound.h not found!])]) fi @@ -955,12 +970,17 @@ if test x$systemd = xtrue; then ) fi -if test x$tss = xtrousers; then +if test x$tss_trousers = xtrue; then AC_CHECK_LIB([tspi],[main],[LIBS="$LIBS"],[AC_MSG_ERROR([TrouSerS library libtspi not found])],[]) AC_CHECK_HEADER([trousers/tss.h],,[AC_MSG_ERROR([TrouSerS header trousers/tss.h not found!])]) - AC_DEFINE([TSS_TROUSERS], [], [use TrouSerS library libtspi as TSS implementation]) + AC_DEFINE([TSS_TROUSERS], [], [use TrouSerS library libtspi]) fi +if test x$tss_tss2 = xtrue; then + AC_CHECK_LIB([tss2],[main],[LIBS="$LIBS"],[AC_MSG_ERROR([TTS 2.0 library libtss2 not found])],[]) + AC_CHECK_HEADER([tss2/tpm20.h],,[AC_MSG_ERROR([TSS 2.0 header tss2/tpm20.h not found!])]) + AC_DEFINE([TSS_TSS2], [], [use TSS 2.0 library libtss2]) +fi if test x$imv_swid = xtrue; then PKG_CHECK_MODULES(json, [json-c], [], [PKG_CHECK_MODULES(json, [json])]) @@ -1244,6 +1264,8 @@ fi AM_CONDITIONAL(RUBY_GEMS_INSTALL, [test "x$ruby_gems_install" = xtrue]) if test x$python_eggs = xtrue; then + PYTHON_PACKAGE_VERSION=`echo "$PACKAGE_VERSION" | $SED 's/dr/dev/'` + AC_SUBST([PYTHON_PACKAGE_VERSION]) if test x$python_eggs_install = xtrue; then AC_PATH_PROG([EASY_INSTALL], [easy_install], [], [$PATH:/bin:/usr/bin:/usr/local/bin]) if test x$EASY_INSTALL = x; then @@ -1604,12 +1626,13 @@ AM_CONDITIONAL(USE_PKI, test x$pki = xtrue) AM_CONDITIONAL(USE_SCEPCLIENT, test x$scepclient = xtrue) AM_CONDITIONAL(USE_SCRIPTS, test x$scripts = xtrue) AM_CONDITIONAL(USE_CONFTEST, test x$conftest = xtrue) -AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$svc = xtrue -o x$systemd = xtrue) +AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$aikpub2 = xtrue -o x$svc = xtrue -o x$systemd = xtrue) AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue -o x$systemd = xtrue) AM_CONDITIONAL(USE_LIBIPSEC, test x$libipsec = xtrue) AM_CONDITIONAL(USE_LIBTNCIF, test x$tnc_tnccs = xtrue -o x$imcv = xtrue) AM_CONDITIONAL(USE_LIBTNCCS, test x$tnc_tnccs = xtrue) AM_CONDITIONAL(USE_LIBPTTLS, test x$tnc_tnccs = xtrue) +AM_CONDITIONAL(USE_LIBTPMTSS, test x$tss_trousers = xtrue -o x$tss_tss2 = xtrue -o x$aikgen = xtrue -o x$aikpub2 = xtrue -o x$imcv = xtrue) AM_CONDITIONAL(USE_FILE_CONFIG, test x$stroke = xtrue) AM_CONDITIONAL(USE_IPSEC_SCRIPT, test x$stroke = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue) AM_CONDITIONAL(USE_LIBCAP, test x$capabilities = xlibcap) @@ -1619,7 +1642,8 @@ AM_CONDITIONAL(USE_SIMAKA, test x$simaka = xtrue) AM_CONDITIONAL(USE_TLS, test x$tls = xtrue) AM_CONDITIONAL(USE_RADIUS, test x$radius = xtrue) AM_CONDITIONAL(USE_IMCV, test x$imcv = xtrue) -AM_CONDITIONAL(USE_TROUSERS, test x$tss = xtrousers -o x$aikgen = xtrue) +AM_CONDITIONAL(USE_TROUSERS, test x$tss_trousers = xtrue) +AM_CONDITIONAL(USE_TSS2, test x$tss_tss2 = xtrue) AM_CONDITIONAL(MONOLITHIC, test x$monolithic = xtrue) AM_CONDITIONAL(USE_SILENT_RULES, test x$enable_silent_rules = xyes) AM_CONDITIONAL(COVERAGE, test x$coverage = xtrue) @@ -1627,6 +1651,7 @@ AM_CONDITIONAL(USE_DBGHELP, test x$dbghelp_backtraces = xtrue) AM_CONDITIONAL(USE_TKM, test x$tkm = xtrue) AM_CONDITIONAL(USE_CMD, test x$cmd = xtrue) AM_CONDITIONAL(USE_AIKGEN, test x$aikgen = xtrue) +AM_CONDITIONAL(USE_AIKPUB2, test x$aikpub2 = xtrue) AM_CONDITIONAL(USE_SWANCTL, test x$swanctl = xtrue) AM_CONDITIONAL(USE_SVC, test x$svc = xtrue) AM_CONDITIONAL(USE_SYSTEMD, test x$systemd = xtrue) @@ -1666,6 +1691,7 @@ fi strongswan_options= AM_COND_IF([USE_AIKGEN], [strongswan_options=${strongswan_options}" aikgen"]) +AM_COND_IF([USE_AIKPUB2], [strongswan_options=${strongswan_options}" aikpub2"]) AM_COND_IF([USE_ATTR_SQL], [strongswan_options=${strongswan_options}" pool"]) AM_COND_IF([USE_CHARON], [strongswan_options=${strongswan_options}" charon charon-logging"]) AM_COND_IF([USE_FILE_CONFIG], [strongswan_options=${strongswan_options}" starter"]) @@ -1858,6 +1884,7 @@ AC_CONFIG_FILES([ src/libcharon/plugins/attr/Makefile src/libcharon/plugins/attr_sql/Makefile src/libcharon/tests/Makefile + src/libtpmtss/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile @@ -1866,6 +1893,7 @@ AC_CONFIG_FILES([ src/_copyright/Makefile src/scepclient/Makefile src/aikgen/Makefile + src/aikpub2/Makefile src/pki/Makefile src/pki/man/Makefile src/pool/Makefile diff --git a/depcomp b/depcomp index 4ebd5b3a2..fc98710e2 100755 --- a/depcomp +++ b/depcomp @@ -3,7 +3,7 @@ scriptversion=2013-05-30.07; # UTC -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/init/Makefile.in b/init/Makefile.in index 72ee05912..a7c723a81 100644 --- a/init/Makefile.in +++ b/init/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,7 +90,6 @@ host_triplet = @host@ @USE_CHARON_TRUE@@USE_LEGACY_SYSTEMD_TRUE@am__append_1 = systemd @USE_SWANCTL_TRUE@@USE_SYSTEMD_TRUE@am__append_2 = systemd-swanctl subdir = init -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -153,6 +163,7 @@ am__define_uniq_tagged_files = \ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = systemd systemd-swanctl +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -184,6 +195,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -233,6 +245,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -267,6 +280,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -378,6 +392,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -422,7 +437,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu init/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu init/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -717,6 +731,8 @@ uninstall-am: mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ ps ps-am tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/init/systemd-swanctl/Makefile.in b/init/systemd-swanctl/Makefile.in index 0c5f5ce18..ceb056333 100644 --- a/init/systemd-swanctl/Makefile.in +++ b/init/systemd-swanctl/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,7 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = init/systemd-swanctl -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -93,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -146,12 +156,14 @@ am__uninstall_files_from_dir = { \ am__installdirs = "$(DESTDIR)$(systemdsystemunitdir)" DATA = $(systemdsystemunit_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -201,6 +213,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -235,6 +248,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -346,6 +360,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -392,7 +407,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu init/systemd-swanctl/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu init/systemd-swanctl/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -593,6 +607,8 @@ uninstall-am: uninstall-systemdsystemunitDATA mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \ uninstall-am uninstall-systemdsystemunitDATA +.PRECIOUS: Makefile + strongswan-swanctl.service : strongswan-swanctl.service.in $(AM_V_GEN) \ diff --git a/init/systemd/Makefile.in b/init/systemd/Makefile.in index ab7d64766..a3a796327 100644 --- a/init/systemd/Makefile.in +++ b/init/systemd/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,7 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = init/systemd -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -93,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -146,12 +156,14 @@ am__uninstall_files_from_dir = { \ am__installdirs = "$(DESTDIR)$(systemdsystemunitdir)" DATA = $(systemdsystemunit_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -201,6 +213,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -235,6 +248,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -346,6 +360,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -392,7 +407,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu init/systemd/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu init/systemd/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -593,6 +607,8 @@ uninstall-am: uninstall-systemdsystemunitDATA mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \ uninstall-am uninstall-systemdsystemunitDATA +.PRECIOUS: Makefile + strongswan.service : strongswan.service.in $(AM_V_GEN) \ diff --git a/install-sh b/install-sh index 377bb8687..59990a104 100755 --- a/install-sh +++ b/install-sh @@ -1,7 +1,7 @@ #!/bin/sh # install - install a program, script, or datafile -scriptversion=2011-11-20.07; # UTC +scriptversion=2014-09-12.12; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the @@ -41,19 +41,15 @@ scriptversion=2011-11-20.07; # UTC # This script is compatible with the BSD install script, but was written # from scratch. +tab=' ' nl=' ' -IFS=" "" $nl" +IFS=" $tab$nl" -# set DOITPROG to echo to test this script +# Set DOITPROG to "echo" to test this script. -# Don't use :- since 4.3BSD and earlier shells don't like it. doit=${DOITPROG-} -if test -z "$doit"; then - doit_exec=exec -else - doit_exec=$doit -fi +doit_exec=${doit:-exec} # Put in absolute file names if you don't have them in your path; # or use environment vars. @@ -68,17 +64,6 @@ mvprog=${MVPROG-mv} rmprog=${RMPROG-rm} stripprog=${STRIPPROG-strip} -posix_glob='?' -initialize_posix_glob=' - test "$posix_glob" != "?" || { - if (set -f) 2>/dev/null; then - posix_glob= - else - posix_glob=: - fi - } -' - posix_mkdir= # Desired mode of installed file. @@ -97,7 +82,7 @@ dir_arg= dst_arg= copy_on_change=false -no_target_directory= +is_target_a_directory=possibly usage="\ Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE @@ -137,46 +122,57 @@ while test $# -ne 0; do -d) dir_arg=true;; -g) chgrpcmd="$chgrpprog $2" - shift;; + shift;; --help) echo "$usage"; exit $?;; -m) mode=$2 - case $mode in - *' '* | *' '* | *' -'* | *'*'* | *'?'* | *'['*) - echo "$0: invalid mode: $mode" >&2 - exit 1;; - esac - shift;; + case $mode in + *' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*) + echo "$0: invalid mode: $mode" >&2 + exit 1;; + esac + shift;; -o) chowncmd="$chownprog $2" - shift;; + shift;; -s) stripcmd=$stripprog;; - -t) dst_arg=$2 - # Protect names problematic for 'test' and other utilities. - case $dst_arg in - -* | [=\(\)!]) dst_arg=./$dst_arg;; - esac - shift;; + -t) + is_target_a_directory=always + dst_arg=$2 + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + shift;; - -T) no_target_directory=true;; + -T) is_target_a_directory=never;; --version) echo "$0 $scriptversion"; exit $?;; - --) shift - break;; + --) shift + break;; - -*) echo "$0: invalid option: $1" >&2 - exit 1;; + -*) echo "$0: invalid option: $1" >&2 + exit 1;; *) break;; esac shift done +# We allow the use of options -d and -T together, by making -d +# take the precedence; this is for compatibility with GNU install. + +if test -n "$dir_arg"; then + if test -n "$dst_arg"; then + echo "$0: target directory not allowed when installing a directory." >&2 + exit 1 + fi +fi + if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then # When -d is used, all remaining arguments are directories to create. # When -t is used, the destination is already specified. @@ -207,6 +203,15 @@ if test $# -eq 0; then exit 0 fi +if test -z "$dir_arg"; then + if test $# -gt 1 || test "$is_target_a_directory" = always; then + if test ! -d "$dst_arg"; then + echo "$0: $dst_arg: Is not a directory." >&2 + exit 1 + fi + fi +fi + if test -z "$dir_arg"; then do_exit='(exit $ret); exit $ret' trap "ret=129; $do_exit" 1 @@ -223,16 +228,16 @@ if test -z "$dir_arg"; then *[0-7]) if test -z "$stripcmd"; then - u_plus_rw= + u_plus_rw= else - u_plus_rw='% 200' + u_plus_rw='% 200' fi cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; *) if test -z "$stripcmd"; then - u_plus_rw= + u_plus_rw= else - u_plus_rw=,u+rw + u_plus_rw=,u+rw fi cp_umask=$mode$u_plus_rw;; esac @@ -269,41 +274,15 @@ do # If destination is a directory, append the input filename; won't work # if double slashes aren't ignored. if test -d "$dst"; then - if test -n "$no_target_directory"; then - echo "$0: $dst_arg: Is a directory" >&2 - exit 1 + if test "$is_target_a_directory" = never; then + echo "$0: $dst_arg: Is a directory" >&2 + exit 1 fi dstdir=$dst dst=$dstdir/`basename "$src"` dstdir_status=0 else - # Prefer dirname, but fall back on a substitute if dirname fails. - dstdir=` - (dirname "$dst") 2>/dev/null || - expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$dst" : 'X\(//\)[^/]' \| \ - X"$dst" : 'X\(//\)$' \| \ - X"$dst" : 'X\(/\)' \| . 2>/dev/null || - echo X"$dst" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q' - ` - + dstdir=`dirname "$dst"` test -d "$dstdir" dstdir_status=$? fi @@ -314,74 +293,81 @@ do if test $dstdir_status != 0; then case $posix_mkdir in '') - # Create intermediate dirs using mode 755 as modified by the umask. - # This is like FreeBSD 'install' as of 1997-10-28. - umask=`umask` - case $stripcmd.$umask in - # Optimize common cases. - *[2367][2367]) mkdir_umask=$umask;; - .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; - - *[0-7]) - mkdir_umask=`expr $umask + 22 \ - - $umask % 100 % 40 + $umask % 20 \ - - $umask % 10 % 4 + $umask % 2 - `;; - *) mkdir_umask=$umask,go-w;; - esac - - # With -d, create the new directory with the user-specified mode. - # Otherwise, rely on $mkdir_umask. - if test -n "$dir_arg"; then - mkdir_mode=-m$mode - else - mkdir_mode= - fi - - posix_mkdir=false - case $umask in - *[123567][0-7][0-7]) - # POSIX mkdir -p sets u+wx bits regardless of umask, which - # is incompatible with FreeBSD 'install' when (umask & 300) != 0. - ;; - *) - tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ - trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 - - if (umask $mkdir_umask && - exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 - then - if test -z "$dir_arg" || { - # Check for POSIX incompatibilities with -m. - # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or - # other-writable bit of parent directory when it shouldn't. - # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. - ls_ld_tmpdir=`ls -ld "$tmpdir"` - case $ls_ld_tmpdir in - d????-?r-*) different_mode=700;; - d????-?--*) different_mode=755;; - *) false;; - esac && - $mkdirprog -m$different_mode -p -- "$tmpdir" && { - ls_ld_tmpdir_1=`ls -ld "$tmpdir"` - test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" - } - } - then posix_mkdir=: - fi - rmdir "$tmpdir/d" "$tmpdir" - else - # Remove any dirs left behind by ancient mkdir implementations. - rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null - fi - trap '' 0;; - esac;; + # Create intermediate dirs using mode 755 as modified by the umask. + # This is like FreeBSD 'install' as of 1997-10-28. + umask=`umask` + case $stripcmd.$umask in + # Optimize common cases. + *[2367][2367]) mkdir_umask=$umask;; + .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; + + *[0-7]) + mkdir_umask=`expr $umask + 22 \ + - $umask % 100 % 40 + $umask % 20 \ + - $umask % 10 % 4 + $umask % 2 + `;; + *) mkdir_umask=$umask,go-w;; + esac + + # With -d, create the new directory with the user-specified mode. + # Otherwise, rely on $mkdir_umask. + if test -n "$dir_arg"; then + mkdir_mode=-m$mode + else + mkdir_mode= + fi + + posix_mkdir=false + case $umask in + *[123567][0-7][0-7]) + # POSIX mkdir -p sets u+wx bits regardless of umask, which + # is incompatible with FreeBSD 'install' when (umask & 300) != 0. + ;; + *) + # $RANDOM is not portable (e.g. dash); use it when possible to + # lower collision chance + tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ + trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0 + + # As "mkdir -p" follows symlinks and we work in /tmp possibly; so + # create the $tmpdir first (and fail if unsuccessful) to make sure + # that nobody tries to guess the $tmpdir name. + if (umask $mkdir_umask && + $mkdirprog $mkdir_mode "$tmpdir" && + exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1 + then + if test -z "$dir_arg" || { + # Check for POSIX incompatibilities with -m. + # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or + # other-writable bit of parent directory when it shouldn't. + # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. + test_tmpdir="$tmpdir/a" + ls_ld_tmpdir=`ls -ld "$test_tmpdir"` + case $ls_ld_tmpdir in + d????-?r-*) different_mode=700;; + d????-?--*) different_mode=755;; + *) false;; + esac && + $mkdirprog -m$different_mode -p -- "$test_tmpdir" && { + ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"` + test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" + } + } + then posix_mkdir=: + fi + rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" + else + # Remove any dirs left behind by ancient mkdir implementations. + rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null + fi + trap '' 0;; + esac;; esac if $posix_mkdir && ( - umask $mkdir_umask && - $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" + umask $mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" ) then : else @@ -391,53 +377,51 @@ do # directory the slow way, step by step, checking for races as we go. case $dstdir in - /*) prefix='/';; - [-=\(\)!]*) prefix='./';; - *) prefix='';; + /*) prefix='/';; + [-=\(\)!]*) prefix='./';; + *) prefix='';; esac - eval "$initialize_posix_glob" - oIFS=$IFS IFS=/ - $posix_glob set -f + set -f set fnord $dstdir shift - $posix_glob set +f + set +f IFS=$oIFS prefixes= for d do - test X"$d" = X && continue - - prefix=$prefix$d - if test -d "$prefix"; then - prefixes= - else - if $posix_mkdir; then - (umask=$mkdir_umask && - $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break - # Don't fail if two instances are running concurrently. - test -d "$prefix" || exit 1 - else - case $prefix in - *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; - *) qprefix=$prefix;; - esac - prefixes="$prefixes '$qprefix'" - fi - fi - prefix=$prefix/ + test X"$d" = X && continue + + prefix=$prefix$d + if test -d "$prefix"; then + prefixes= + else + if $posix_mkdir; then + (umask=$mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break + # Don't fail if two instances are running concurrently. + test -d "$prefix" || exit 1 + else + case $prefix in + *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; + *) qprefix=$prefix;; + esac + prefixes="$prefixes '$qprefix'" + fi + fi + prefix=$prefix/ done if test -n "$prefixes"; then - # Don't fail if two instances are running concurrently. - (umask $mkdir_umask && - eval "\$doit_exec \$mkdirprog $prefixes") || - test -d "$dstdir" || exit 1 - obsolete_mkdir_used=true + # Don't fail if two instances are running concurrently. + (umask $mkdir_umask && + eval "\$doit_exec \$mkdirprog $prefixes") || + test -d "$dstdir" || exit 1 + obsolete_mkdir_used=true fi fi fi @@ -472,15 +456,12 @@ do # If -C, don't bother to copy if it wouldn't change the file. if $copy_on_change && - old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && - new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && - - eval "$initialize_posix_glob" && - $posix_glob set -f && + old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && + new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && + set -f && set X $old && old=:$2:$4:$5:$6 && set X $new && new=:$2:$4:$5:$6 && - $posix_glob set +f && - + set +f && test "$old" = "$new" && $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 then @@ -493,24 +474,24 @@ do # to itself, or perhaps because mv is so ancient that it does not # support -f. { - # Now remove or move aside any old file at destination location. - # We try this two ways since rm can't unlink itself on some - # systems and the destination file might be busy for other - # reasons. In this case, the final cleanup might fail but the new - # file should still install successfully. - { - test ! -f "$dst" || - $doit $rmcmd -f "$dst" 2>/dev/null || - { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && - { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } - } || - { echo "$0: cannot unlink or rename $dst" >&2 - (exit 1); exit 1 - } - } && - - # Now rename the file to the real destination. - $doit $mvcmd "$dsttmp" "$dst" + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + test ! -f "$dst" || + $doit $rmcmd -f "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && + { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 + } + } && + + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dst" } fi || exit 1 diff --git a/ltmain.sh b/ltmain.sh index 3825a2aa4..147d758ab 100644 --- a/ltmain.sh +++ b/ltmain.sh @@ -1,9 +1,12 @@ +#! /bin/sh +## DO NOT EDIT - This file generated from ./build-aux/ltmain.in +## by inline-source v2014-01-03.01 -# libtool (GNU libtool) 2.4.2 +# libtool (GNU libtool) 2.4.6 +# Provide generalized library-building support services. # Written by Gordon Matzigkeit , 1996 -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, -# 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. +# Copyright (C) 1996-2015 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -23,881 +26,2112 @@ # General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with GNU Libtool; see the file COPYING. If not, a copy -# can be downloaded from http://www.gnu.org/licenses/gpl.html, -# or obtained by writing to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# along with this program. If not, see . -# Usage: $progname [OPTION]... [MODE-ARG]... -# -# Provide generalized library-building support services. -# -# --config show all configuration variables -# --debug enable verbose shell tracing -# -n, --dry-run display commands without modifying any files -# --features display basic configuration information and exit -# --mode=MODE use operation mode MODE -# --preserve-dup-deps don't remove duplicate dependency libraries -# --quiet, --silent don't print informational messages -# --no-quiet, --no-silent -# print informational messages (default) -# --no-warn don't display warning messages -# --tag=TAG use configuration variables from tag TAG -# -v, --verbose print more informational messages than default -# --no-verbose don't print the extra informational messages -# --version print version information -# -h, --help, --help-all print short, long, or detailed help message -# -# MODE must be one of the following: -# -# clean remove files from the build directory -# compile compile a source file into a libtool object -# execute automatically set library path, then run a program -# finish complete the installation of libtool libraries -# install install libraries or executables -# link create a library or an executable -# uninstall remove libraries from an installed directory -# -# MODE-ARGS vary depending on the MODE. When passed as first option, -# `--mode=MODE' may be abbreviated as `MODE' or a unique abbreviation of that. -# Try `$progname --help --mode=MODE' for a more detailed description of MODE. -# -# When reporting a bug, please describe a test case to reproduce it and -# include the following information: -# -# host-triplet: $host -# shell: $SHELL -# compiler: $LTCC -# compiler flags: $LTCFLAGS -# linker: $LD (gnu? $with_gnu_ld) -# $progname: (GNU libtool) 2.4.2 Debian-2.4.2-1.3ubuntu1 -# automake: $automake_version -# autoconf: $autoconf_version -# -# Report bugs to . -# GNU libtool home page: . -# General help using GNU software: . PROGRAM=libtool PACKAGE=libtool -VERSION="2.4.2 Debian-2.4.2-1.3ubuntu1" -TIMESTAMP="" -package_revision=1.3337 +VERSION="2.4.6 Debian-2.4.6-0.1" +package_revision=2.4.6 -# Be Bourne compatible -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + +## ------ ## +## Usage. ## +## ------ ## + +# Run './libtool --help' for help with using this script from the +# command line. + + +## ------------------------------- ## +## User overridable command paths. ## +## ------------------------------- ## + +# After configure completes, it has a better idea of some of the +# shell tools we need than the defaults used by the functions shared +# with bootstrap, so set those here where they can still be over- +# ridden by the user, but otherwise take precedence. + +: ${AUTOCONF="autoconf"} +: ${AUTOMAKE="automake"} + + +## -------------------------- ## +## Source external libraries. ## +## -------------------------- ## + +# Much of our low-level functionality needs to be sourced from external +# libraries, which are installed to $pkgauxdir. + +# Set a version string for this script. +scriptversion=2015-01-20.17; # UTC + +# General shell script boiler plate, and helper functions. +# Written by Gary V. Vaughan, 2004 + +# Copyright (C) 2004-2015 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# As a special exception to the GNU General Public License, if you distribute +# this file as part of a program or library that is built using GNU Libtool, +# you may include this file under the same distribution terms that you use +# for the rest of that program. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNES FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Please report bugs or propose patches to gary@gnu.org. + + +## ------ ## +## Usage. ## +## ------ ## + +# Evaluate this file near the top of your script to gain access to +# the functions and variables defined here: +# +# . `echo "$0" | ${SED-sed} 's|[^/]*$||'`/build-aux/funclib.sh +# +# If you need to override any of the default environment variable +# settings, do that before evaluating this file. + + +## -------------------- ## +## Shell normalisation. ## +## -------------------- ## + +# Some shells need a little help to be as Bourne compatible as possible. +# Before doing anything else, make sure all that help has been provided! + +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: - # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else - case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac + case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac fi -BIN_SH=xpg4; export BIN_SH # for Tru64 -DUALCASE=1; export DUALCASE # for MKS sh - -# A function that is used when there is no print builtin or printf. -func_fallback_echo () -{ - eval 'cat <<_LTECHO_EOF -$1 -_LTECHO_EOF' -} -# NLS nuisances: We save the old values to restore during execute mode. -lt_user_locale= -lt_safe_locale= -for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES +# NLS nuisances: We save the old values in case they are required later. +_G_user_locale= +_G_safe_locale= +for _G_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES do - eval "if test \"\${$lt_var+set}\" = set; then - save_$lt_var=\$$lt_var - $lt_var=C - export $lt_var - lt_user_locale=\"$lt_var=\\\$save_\$lt_var; \$lt_user_locale\" - lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\" + eval "if test set = \"\${$_G_var+set}\"; then + save_$_G_var=\$$_G_var + $_G_var=C + export $_G_var + _G_user_locale=\"$_G_var=\\\$save_\$_G_var; \$_G_user_locale\" + _G_safe_locale=\"$_G_var=C; \$_G_safe_locale\" fi" done -LC_ALL=C -LANGUAGE=C -export LANGUAGE LC_ALL -$lt_unset CDPATH +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH +# Make sure IFS has a sensible default +sp=' ' +nl=' +' +IFS="$sp $nl" + +# There are apparently some retarded systems that use ';' as a PATH separator! +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi -# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh -# is ksh but when the shell is invoked as "sh" and the current value of -# the _XPG environment variable is not equal to 1 (one), the special -# positional parameter $0, within a function call, is the name of the -# function. -progpath="$0" +## ------------------------- ## +## Locate command utilities. ## +## ------------------------- ## + + +# func_executable_p FILE +# ---------------------- +# Check that FILE is an executable regular file. +func_executable_p () +{ + test -f "$1" && test -x "$1" +} + + +# func_path_progs PROGS_LIST CHECK_FUNC [PATH] +# -------------------------------------------- +# Search for either a program that responds to --version with output +# containing "GNU", or else returned by CHECK_FUNC otherwise, by +# trying all the directories in PATH with each of the elements of +# PROGS_LIST. +# +# CHECK_FUNC should accept the path to a candidate program, and +# set $func_check_prog_result if it truncates its output less than +# $_G_path_prog_max characters. +func_path_progs () +{ + _G_progs_list=$1 + _G_check_func=$2 + _G_PATH=${3-"$PATH"} + + _G_path_prog_max=0 + _G_path_prog_found=false + _G_save_IFS=$IFS; IFS=${PATH_SEPARATOR-:} + for _G_dir in $_G_PATH; do + IFS=$_G_save_IFS + test -z "$_G_dir" && _G_dir=. + for _G_prog_name in $_G_progs_list; do + for _exeext in '' .EXE; do + _G_path_prog=$_G_dir/$_G_prog_name$_exeext + func_executable_p "$_G_path_prog" || continue + case `"$_G_path_prog" --version 2>&1` in + *GNU*) func_path_progs_result=$_G_path_prog _G_path_prog_found=: ;; + *) $_G_check_func $_G_path_prog + func_path_progs_result=$func_check_prog_result + ;; + esac + $_G_path_prog_found && break 3 + done + done + done + IFS=$_G_save_IFS + test -z "$func_path_progs_result" && { + echo "no acceptable sed could be found in \$PATH" >&2 + exit 1 + } +} + + +# We want to be able to use the functions in this file before configure +# has figured out where the best binaries are kept, which means we have +# to search for them ourselves - except when the results are already set +# where we skip the searches. + +# Unless the user overrides by setting SED, search the path for either GNU +# sed, or the sed that truncates its output the least. +test -z "$SED" && { + _G_sed_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ + for _G_i in 1 2 3 4 5 6 7; do + _G_sed_script=$_G_sed_script$nl$_G_sed_script + done + echo "$_G_sed_script" 2>/dev/null | sed 99q >conftest.sed + _G_sed_script= + + func_check_prog_sed () + { + _G_path_prog=$1 + + _G_count=0 + printf 0123456789 >conftest.in + while : + do + cat conftest.in conftest.in >conftest.tmp + mv conftest.tmp conftest.in + cp conftest.in conftest.nl + echo '' >> conftest.nl + "$_G_path_prog" -f conftest.sed conftest.out 2>/dev/null || break + diff conftest.out conftest.nl >/dev/null 2>&1 || break + _G_count=`expr $_G_count + 1` + if test "$_G_count" -gt "$_G_path_prog_max"; then + # Best one so far, save it but keep looking for a better one + func_check_prog_result=$_G_path_prog + _G_path_prog_max=$_G_count + fi + # 10*(2^10) chars as input seems more than enough + test 10 -lt "$_G_count" && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out + } + + func_path_progs "sed gsed" func_check_prog_sed $PATH:/usr/xpg4/bin + rm -f conftest.sed + SED=$func_path_progs_result +} + + +# Unless the user overrides by setting GREP, search the path for either GNU +# grep, or the grep that truncates its output the least. +test -z "$GREP" && { + func_check_prog_grep () + { + _G_path_prog=$1 + + _G_count=0 + _G_path_prog_max=0 + printf 0123456789 >conftest.in + while : + do + cat conftest.in conftest.in >conftest.tmp + mv conftest.tmp conftest.in + cp conftest.in conftest.nl + echo 'GREP' >> conftest.nl + "$_G_path_prog" -e 'GREP$' -e '-(cannot match)-' conftest.out 2>/dev/null || break + diff conftest.out conftest.nl >/dev/null 2>&1 || break + _G_count=`expr $_G_count + 1` + if test "$_G_count" -gt "$_G_path_prog_max"; then + # Best one so far, save it but keep looking for a better one + func_check_prog_result=$_G_path_prog + _G_path_prog_max=$_G_count + fi + # 10*(2^10) chars as input seems more than enough + test 10 -lt "$_G_count" && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out + } + + func_path_progs "grep ggrep" func_check_prog_grep $PATH:/usr/xpg4/bin + GREP=$func_path_progs_result +} + + +## ------------------------------- ## +## User overridable command paths. ## +## ------------------------------- ## + +# All uppercase variable names are used for environment variables. These +# variables can be overridden by the user before calling a script that +# uses them if a suitable command of that name is not already available +# in the command search PATH. : ${CP="cp -f"} -test "${ECHO+set}" = set || ECHO=${as_echo-'printf %s\n'} +: ${ECHO="printf %s\n"} +: ${EGREP="$GREP -E"} +: ${FGREP="$GREP -F"} +: ${LN_S="ln -s"} : ${MAKE="make"} : ${MKDIR="mkdir"} : ${MV="mv -f"} : ${RM="rm -f"} : ${SHELL="${CONFIG_SHELL-/bin/sh}"} -: ${Xsed="$SED -e 1s/^X//"} - -# Global variables: -EXIT_SUCCESS=0 -EXIT_FAILURE=1 -EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing. -EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake. - -exit_status=$EXIT_SUCCESS - -# Make sure IFS has a sensible default -lt_nl=' -' -IFS=" $lt_nl" -dirname="s,/[^/]*$,," -basename="s,^.*/,," -# func_dirname file append nondir_replacement -# Compute the dirname of FILE. If nonempty, add APPEND to the result, -# otherwise set result to NONDIR_REPLACEMENT. -func_dirname () -{ - func_dirname_result=`$ECHO "${1}" | $SED "$dirname"` - if test "X$func_dirname_result" = "X${1}"; then - func_dirname_result="${3}" - else - func_dirname_result="$func_dirname_result${2}" - fi -} # func_dirname may be replaced by extended shell implementation +## -------------------- ## +## Useful sed snippets. ## +## -------------------- ## +sed_dirname='s|/[^/]*$||' +sed_basename='s|^.*/||' -# func_basename file -func_basename () -{ - func_basename_result=`$ECHO "${1}" | $SED "$basename"` -} # func_basename may be replaced by extended shell implementation +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +sed_quote_subst='s|\([`"$\\]\)|\\\1|g' +# Same as above, but do not quote variable references. +sed_double_quote_subst='s/\(["`\\]\)/\\\1/g' -# func_dirname_and_basename file append nondir_replacement -# perform func_basename and func_dirname in a single function -# call: -# dirname: Compute the dirname of FILE. If nonempty, -# add APPEND to the result, otherwise set result -# to NONDIR_REPLACEMENT. -# value returned in "$func_dirname_result" -# basename: Compute filename of FILE. -# value retuned in "$func_basename_result" -# Implementation must be kept synchronized with func_dirname -# and func_basename. For efficiency, we do not delegate to -# those functions but instead duplicate the functionality here. -func_dirname_and_basename () -{ - # Extract subdirectory from the argument. - func_dirname_result=`$ECHO "${1}" | $SED -e "$dirname"` - if test "X$func_dirname_result" = "X${1}"; then - func_dirname_result="${3}" - else - func_dirname_result="$func_dirname_result${2}" - fi - func_basename_result=`$ECHO "${1}" | $SED -e "$basename"` -} # func_dirname_and_basename may be replaced by extended shell implementation +# Sed substitution that turns a string into a regex matching for the +# string literally. +sed_make_literal_regex='s|[].[^$\\*\/]|\\&|g' +# Sed substitution that converts a w32 file name or path +# that contains forward slashes, into one that contains +# (escaped) backslashes. A very naive implementation. +sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' + +# Re-'\' parameter expansions in output of sed_double_quote_subst that +# were '\'-ed in input to the same. If an odd number of '\' preceded a +# '$' in input to sed_double_quote_subst, that '$' was protected from +# expansion. Since each input '\' is now two '\'s, look for any number +# of runs of four '\'s followed by two '\'s and then a '$'. '\' that '$'. +_G_bs='\\' +_G_bs2='\\\\' +_G_bs4='\\\\\\\\' +_G_dollar='\$' +sed_double_backslash="\ + s/$_G_bs4/&\\ +/g + s/^$_G_bs2$_G_dollar/$_G_bs&/ + s/\\([^$_G_bs]\\)$_G_bs2$_G_dollar/\\1$_G_bs2$_G_bs$_G_dollar/g + s/\n//g" -# func_stripname prefix suffix name -# strip PREFIX and SUFFIX off of NAME. -# PREFIX and SUFFIX must not contain globbing or regex special -# characters, hashes, percent signs, but SUFFIX may contain a leading -# dot (in which case that matches only a dot). -# func_strip_suffix prefix name -func_stripname () -{ - case ${2} in - .*) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%\\\\${2}\$%%"`;; - *) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%${2}\$%%"`;; - esac -} # func_stripname may be replaced by extended shell implementation +## ----------------- ## +## Global variables. ## +## ----------------- ## -# These SED scripts presuppose an absolute path with a trailing slash. -pathcar='s,^/\([^/]*\).*$,\1,' -pathcdr='s,^/[^/]*,,' -removedotparts=':dotsl - s@/\./@/@g - t dotsl - s,/\.$,/,' -collapseslashes='s@/\{1,\}@/@g' -finalslash='s,/*$,/,' +# Except for the global variables explicitly listed below, the following +# functions in the '^func_' namespace, and the '^require_' namespace +# variables initialised in the 'Resource management' section, sourcing +# this file will not pollute your global namespace with anything +# else. There's no portable way to scope variables in Bourne shell +# though, so actually running these functions will sometimes place +# results into a variable named after the function, and often use +# temporary variables in the '^_G_' namespace. If you are careful to +# avoid using those namespaces casually in your sourcing script, things +# should continue to work as you expect. And, of course, you can freely +# overwrite any of the functions or variables defined here before +# calling anything to customize them. -# func_normal_abspath PATH -# Remove doubled-up and trailing slashes, "." path components, -# and cancel out any ".." path components in PATH after making -# it an absolute path. -# value returned in "$func_normal_abspath_result" -func_normal_abspath () -{ - # Start from root dir and reassemble the path. - func_normal_abspath_result= - func_normal_abspath_tpath=$1 - func_normal_abspath_altnamespace= - case $func_normal_abspath_tpath in - "") - # Empty path, that just means $cwd. - func_stripname '' '/' "`pwd`" - func_normal_abspath_result=$func_stripname_result - return - ;; - # The next three entries are used to spot a run of precisely - # two leading slashes without using negated character classes; - # we take advantage of case's first-match behaviour. - ///*) - # Unusual form of absolute path, do nothing. - ;; - //*) - # Not necessarily an ordinary path; POSIX reserves leading '//' - # and for example Cygwin uses it to access remote file shares - # over CIFS/SMB, so we conserve a leading double slash if found. - func_normal_abspath_altnamespace=/ - ;; - /*) - # Absolute path, do nothing. - ;; - *) - # Relative path, prepend $cwd. - func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath - ;; - esac - # Cancel out all the simple stuff to save iterations. We also want - # the path to end with a slash for ease of parsing, so make sure - # there is one (and only one) here. - func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ - -e "$removedotparts" -e "$collapseslashes" -e "$finalslash"` - while :; do - # Processed it all yet? - if test "$func_normal_abspath_tpath" = / ; then - # If we ascended to the root using ".." the result may be empty now. - if test -z "$func_normal_abspath_result" ; then - func_normal_abspath_result=/ - fi - break - fi - func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \ - -e "$pathcar"` - func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ - -e "$pathcdr"` - # Figure out what to do with it - case $func_normal_abspath_tcomponent in - "") - # Trailing empty path component, ignore it. - ;; - ..) - # Parent dir; strip last assembled component from result. - func_dirname "$func_normal_abspath_result" - func_normal_abspath_result=$func_dirname_result - ;; - *) - # Actual path component, append it. - func_normal_abspath_result=$func_normal_abspath_result/$func_normal_abspath_tcomponent - ;; - esac - done - # Restore leading double-slash if one was found on entry. - func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result -} +EXIT_SUCCESS=0 +EXIT_FAILURE=1 +EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing. +EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake. -# func_relative_path SRCDIR DSTDIR -# generates a relative path from SRCDIR to DSTDIR, with a trailing -# slash if non-empty, suitable for immediately appending a filename -# without needing to append a separator. -# value returned in "$func_relative_path_result" -func_relative_path () -{ - func_relative_path_result= - func_normal_abspath "$1" - func_relative_path_tlibdir=$func_normal_abspath_result - func_normal_abspath "$2" - func_relative_path_tbindir=$func_normal_abspath_result - - # Ascend the tree starting from libdir - while :; do - # check if we have found a prefix of bindir - case $func_relative_path_tbindir in - $func_relative_path_tlibdir) - # found an exact match - func_relative_path_tcancelled= - break - ;; - $func_relative_path_tlibdir*) - # found a matching prefix - func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir" - func_relative_path_tcancelled=$func_stripname_result - if test -z "$func_relative_path_result"; then - func_relative_path_result=. - fi - break - ;; - *) - func_dirname $func_relative_path_tlibdir - func_relative_path_tlibdir=${func_dirname_result} - if test "x$func_relative_path_tlibdir" = x ; then - # Have to descend all the way to the root! - func_relative_path_result=../$func_relative_path_result - func_relative_path_tcancelled=$func_relative_path_tbindir - break - fi - func_relative_path_result=../$func_relative_path_result - ;; - esac - done +# Allow overriding, eg assuming that you follow the convention of +# putting '$debug_cmd' at the start of all your functions, you can get +# bash to show function call trace with: +# +# debug_cmd='eval echo "${FUNCNAME[0]} $*" >&2' bash your-script-name +debug_cmd=${debug_cmd-":"} +exit_cmd=: - # Now calculate path; take care to avoid doubling-up slashes. - func_stripname '' '/' "$func_relative_path_result" - func_relative_path_result=$func_stripname_result - func_stripname '/' '/' "$func_relative_path_tcancelled" - if test "x$func_stripname_result" != x ; then - func_relative_path_result=${func_relative_path_result}/${func_stripname_result} - fi +# By convention, finish your script with: +# +# exit $exit_status +# +# so that you can set exit_status to non-zero if you want to indicate +# something went wrong during execution without actually bailing out at +# the point of failure. +exit_status=$EXIT_SUCCESS - # Normalisation. If bindir is libdir, return empty string, - # else relative path ending with a slash; either way, target - # file name can be directly appended. - if test ! -z "$func_relative_path_result"; then - func_stripname './' '' "$func_relative_path_result/" - func_relative_path_result=$func_stripname_result - fi -} +# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh +# is ksh but when the shell is invoked as "sh" and the current value of +# the _XPG environment variable is not equal to 1 (one), the special +# positional parameter $0, within a function call, is the name of the +# function. +progpath=$0 -# The name of this program: -func_dirname_and_basename "$progpath" -progname=$func_basename_result +# The name of this program. +progname=`$ECHO "$progpath" |$SED "$sed_basename"` -# Make sure we have an absolute path for reexecution: +# Make sure we have an absolute progpath for reexecution: case $progpath in [\\/]*|[A-Za-z]:\\*) ;; *[\\/]*) - progdir=$func_dirname_result + progdir=`$ECHO "$progpath" |$SED "$sed_dirname"` progdir=`cd "$progdir" && pwd` - progpath="$progdir/$progname" + progpath=$progdir/$progname ;; *) - save_IFS="$IFS" + _G_IFS=$IFS IFS=${PATH_SEPARATOR-:} for progdir in $PATH; do - IFS="$save_IFS" + IFS=$_G_IFS test -x "$progdir/$progname" && break done - IFS="$save_IFS" + IFS=$_G_IFS test -n "$progdir" || progdir=`pwd` - progpath="$progdir/$progname" + progpath=$progdir/$progname ;; esac -# Sed substitution that helps us do robust quoting. It backslashifies -# metacharacters that are still active within double-quoted strings. -Xsed="${SED}"' -e 1s/^X//' -sed_quote_subst='s/\([`"$\\]\)/\\\1/g' - -# Same as above, but do not quote variable references. -double_quote_subst='s/\(["`\\]\)/\\\1/g' -# Sed substitution that turns a string into a regex matching for the -# string literally. -sed_make_literal_regex='s,[].[^$\\*\/],\\&,g' +## ----------------- ## +## Standard options. ## +## ----------------- ## -# Sed substitution that converts a w32 file name or path -# which contains forward slashes, into one that contains -# (escaped) backslashes. A very naive implementation. -lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' - -# Re-`\' parameter expansions in output of double_quote_subst that were -# `\'-ed in input to the same. If an odd number of `\' preceded a '$' -# in input to double_quote_subst, that '$' was protected from expansion. -# Since each input `\' is now two `\'s, look for any number of runs of -# four `\'s followed by two `\'s and then a '$'. `\' that '$'. -bs='\\' -bs2='\\\\' -bs4='\\\\\\\\' -dollar='\$' -sed_double_backslash="\ - s/$bs4/&\\ -/g - s/^$bs2$dollar/$bs&/ - s/\\([^$bs]\\)$bs2$dollar/\\1$bs2$bs$dollar/g - s/\n//g" +# The following options affect the operation of the functions defined +# below, and should be set appropriately depending on run-time para- +# meters passed on the command line. -# Standard options: opt_dry_run=false -opt_help=false opt_quiet=false opt_verbose=false -opt_warning=: -# func_echo arg... -# Echo program name prefixed message, along with the current mode -# name if it has been set yet. -func_echo () -{ - $ECHO "$progname: ${opt_mode+$opt_mode: }$*" -} +# Categories 'all' and 'none' are always available. Append any others +# you will pass as the first argument to func_warning from your own +# code. +warning_categories= -# func_verbose arg... -# Echo program name prefixed message in verbose mode only. -func_verbose () -{ - $opt_verbose && func_echo ${1+"$@"} +# By default, display warnings according to 'opt_warning_types'. Set +# 'warning_func' to ':' to elide all warnings, or func_fatal_error to +# treat the next displayed warning as a fatal error. +warning_func=func_warn_and_continue - # A bug in bash halts the script if the last line of a function - # fails when set -e is in force, so we need another command to - # work around that: - : -} +# Set to 'all' to display all warnings, 'none' to suppress all +# warnings, or a space delimited list of some subset of +# 'warning_categories' to display only the listed warnings. +opt_warning_types=all -# func_echo_all arg... -# Invoke $ECHO with all args, space-separated. -func_echo_all () -{ - $ECHO "$*" -} -# func_error arg... -# Echo program name prefixed message to standard error. -func_error () -{ - $ECHO "$progname: ${opt_mode+$opt_mode: }"${1+"$@"} 1>&2 -} +## -------------------- ## +## Resource management. ## +## -------------------- ## -# func_warning arg... -# Echo program name prefixed warning message to standard error. -func_warning () -{ - $opt_warning && $ECHO "$progname: ${opt_mode+$opt_mode: }warning: "${1+"$@"} 1>&2 +# This section contains definitions for functions that each ensure a +# particular resource (a file, or a non-empty configuration variable for +# example) is available, and if appropriate to extract default values +# from pertinent package files. Call them using their associated +# 'require_*' variable to ensure that they are executed, at most, once. +# +# It's entirely deliberate that calling these functions can set +# variables that don't obey the namespace limitations obeyed by the rest +# of this file, in order that that they be as useful as possible to +# callers. - # bash bug again: - : -} -# func_fatal_error arg... -# Echo program name prefixed message to standard error, and exit. -func_fatal_error () +# require_term_colors +# ------------------- +# Allow display of bold text on terminals that support it. +require_term_colors=func_require_term_colors +func_require_term_colors () { - func_error ${1+"$@"} - exit $EXIT_FAILURE -} + $debug_cmd + + test -t 1 && { + # COLORTERM and USE_ANSI_COLORS environment variables take + # precedence, because most terminfo databases neglect to describe + # whether color sequences are supported. + test -n "${COLORTERM+set}" && : ${USE_ANSI_COLORS="1"} + + if test 1 = "$USE_ANSI_COLORS"; then + # Standard ANSI escape sequences + tc_reset='' + tc_bold=''; tc_standout='' + tc_red=''; tc_green='' + tc_blue=''; tc_cyan='' + else + # Otherwise trust the terminfo database after all. + test -n "`tput sgr0 2>/dev/null`" && { + tc_reset=`tput sgr0` + test -n "`tput bold 2>/dev/null`" && tc_bold=`tput bold` + tc_standout=$tc_bold + test -n "`tput smso 2>/dev/null`" && tc_standout=`tput smso` + test -n "`tput setaf 1 2>/dev/null`" && tc_red=`tput setaf 1` + test -n "`tput setaf 2 2>/dev/null`" && tc_green=`tput setaf 2` + test -n "`tput setaf 4 2>/dev/null`" && tc_blue=`tput setaf 4` + test -n "`tput setaf 5 2>/dev/null`" && tc_cyan=`tput setaf 5` + } + fi + } -# func_fatal_help arg... -# Echo program name prefixed message to standard error, followed by -# a help hint, and exit. -func_fatal_help () -{ - func_error ${1+"$@"} - func_fatal_error "$help" + require_term_colors=: } -help="Try \`$progname --help' for more information." ## default -# func_grep expression filename +## ----------------- ## +## Function library. ## +## ----------------- ## + +# This section contains a variety of useful functions to call in your +# scripts. Take note of the portable wrappers for features provided by +# some modern shells, which will fall back to slower equivalents on +# less featureful shells. + + +# func_append VAR VALUE +# --------------------- +# Append VALUE onto the existing contents of VAR. + + # We should try to minimise forks, especially on Windows where they are + # unreasonably slow, so skip the feature probes when bash or zsh are + # being used: + if test set = "${BASH_VERSION+set}${ZSH_VERSION+set}"; then + : ${_G_HAVE_ARITH_OP="yes"} + : ${_G_HAVE_XSI_OPS="yes"} + # The += operator was introduced in bash 3.1 + case $BASH_VERSION in + [12].* | 3.0 | 3.0*) ;; + *) + : ${_G_HAVE_PLUSEQ_OP="yes"} + ;; + esac + fi + + # _G_HAVE_PLUSEQ_OP + # Can be empty, in which case the shell is probed, "yes" if += is + # useable or anything else if it does not work. + test -z "$_G_HAVE_PLUSEQ_OP" \ + && (eval 'x=a; x+=" b"; test "a b" = "$x"') 2>/dev/null \ + && _G_HAVE_PLUSEQ_OP=yes + +if test yes = "$_G_HAVE_PLUSEQ_OP" +then + # This is an XSI compatible shell, allowing a faster implementation... + eval 'func_append () + { + $debug_cmd + + eval "$1+=\$2" + }' +else + # ...otherwise fall back to using expr, which is often a shell builtin. + func_append () + { + $debug_cmd + + eval "$1=\$$1\$2" + } +fi + + +# func_append_quoted VAR VALUE +# ---------------------------- +# Quote VALUE and append to the end of shell variable VAR, separated +# by a space. +if test yes = "$_G_HAVE_PLUSEQ_OP"; then + eval 'func_append_quoted () + { + $debug_cmd + + func_quote_for_eval "$2" + eval "$1+=\\ \$func_quote_for_eval_result" + }' +else + func_append_quoted () + { + $debug_cmd + + func_quote_for_eval "$2" + eval "$1=\$$1\\ \$func_quote_for_eval_result" + } +fi + + +# func_append_uniq VAR VALUE +# -------------------------- +# Append unique VALUE onto the existing contents of VAR, assuming +# entries are delimited by the first character of VALUE. For example: +# +# func_append_uniq options " --another-option option-argument" +# +# will only append to $options if " --another-option option-argument " +# is not already present somewhere in $options already (note spaces at +# each end implied by leading space in second argument). +func_append_uniq () +{ + $debug_cmd + + eval _G_current_value='`$ECHO $'$1'`' + _G_delim=`expr "$2" : '\(.\)'` + + case $_G_delim$_G_current_value$_G_delim in + *"$2$_G_delim"*) ;; + *) func_append "$@" ;; + esac +} + + +# func_arith TERM... +# ------------------ +# Set func_arith_result to the result of evaluating TERMs. + test -z "$_G_HAVE_ARITH_OP" \ + && (eval 'test 2 = $(( 1 + 1 ))') 2>/dev/null \ + && _G_HAVE_ARITH_OP=yes + +if test yes = "$_G_HAVE_ARITH_OP"; then + eval 'func_arith () + { + $debug_cmd + + func_arith_result=$(( $* )) + }' +else + func_arith () + { + $debug_cmd + + func_arith_result=`expr "$@"` + } +fi + + +# func_basename FILE +# ------------------ +# Set func_basename_result to FILE with everything up to and including +# the last / stripped. +if test yes = "$_G_HAVE_XSI_OPS"; then + # If this shell supports suffix pattern removal, then use it to avoid + # forking. Hide the definitions single quotes in case the shell chokes + # on unsupported syntax... + _b='func_basename_result=${1##*/}' + _d='case $1 in + */*) func_dirname_result=${1%/*}$2 ;; + * ) func_dirname_result=$3 ;; + esac' + +else + # ...otherwise fall back to using sed. + _b='func_basename_result=`$ECHO "$1" |$SED "$sed_basename"`' + _d='func_dirname_result=`$ECHO "$1" |$SED "$sed_dirname"` + if test "X$func_dirname_result" = "X$1"; then + func_dirname_result=$3 + else + func_append func_dirname_result "$2" + fi' +fi + +eval 'func_basename () +{ + $debug_cmd + + '"$_b"' +}' + + +# func_dirname FILE APPEND NONDIR_REPLACEMENT +# ------------------------------------------- +# Compute the dirname of FILE. If nonempty, add APPEND to the result, +# otherwise set result to NONDIR_REPLACEMENT. +eval 'func_dirname () +{ + $debug_cmd + + '"$_d"' +}' + + +# func_dirname_and_basename FILE APPEND NONDIR_REPLACEMENT +# -------------------------------------------------------- +# Perform func_basename and func_dirname in a single function +# call: +# dirname: Compute the dirname of FILE. If nonempty, +# add APPEND to the result, otherwise set result +# to NONDIR_REPLACEMENT. +# value returned in "$func_dirname_result" +# basename: Compute filename of FILE. +# value retuned in "$func_basename_result" +# For efficiency, we do not delegate to the functions above but instead +# duplicate the functionality here. +eval 'func_dirname_and_basename () +{ + $debug_cmd + + '"$_b"' + '"$_d"' +}' + + +# func_echo ARG... +# ---------------- +# Echo program name prefixed message. +func_echo () +{ + $debug_cmd + + _G_message=$* + + func_echo_IFS=$IFS + IFS=$nl + for _G_line in $_G_message; do + IFS=$func_echo_IFS + $ECHO "$progname: $_G_line" + done + IFS=$func_echo_IFS +} + + +# func_echo_all ARG... +# -------------------- +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "$*" +} + + +# func_echo_infix_1 INFIX ARG... +# ------------------------------ +# Echo program name, followed by INFIX on the first line, with any +# additional lines not showing INFIX. +func_echo_infix_1 () +{ + $debug_cmd + + $require_term_colors + + _G_infix=$1; shift + _G_indent=$_G_infix + _G_prefix="$progname: $_G_infix: " + _G_message=$* + + # Strip color escape sequences before counting printable length + for _G_tc in "$tc_reset" "$tc_bold" "$tc_standout" "$tc_red" "$tc_green" "$tc_blue" "$tc_cyan" + do + test -n "$_G_tc" && { + _G_esc_tc=`$ECHO "$_G_tc" | $SED "$sed_make_literal_regex"` + _G_indent=`$ECHO "$_G_indent" | $SED "s|$_G_esc_tc||g"` + } + done + _G_indent="$progname: "`echo "$_G_indent" | $SED 's|.| |g'`" " ## exclude from sc_prohibit_nested_quotes + + func_echo_infix_1_IFS=$IFS + IFS=$nl + for _G_line in $_G_message; do + IFS=$func_echo_infix_1_IFS + $ECHO "$_G_prefix$tc_bold$_G_line$tc_reset" >&2 + _G_prefix=$_G_indent + done + IFS=$func_echo_infix_1_IFS +} + + +# func_error ARG... +# ----------------- +# Echo program name prefixed message to standard error. +func_error () +{ + $debug_cmd + + $require_term_colors + + func_echo_infix_1 " $tc_standout${tc_red}error$tc_reset" "$*" >&2 +} + + +# func_fatal_error ARG... +# ----------------------- +# Echo program name prefixed message to standard error, and exit. +func_fatal_error () +{ + $debug_cmd + + func_error "$*" + exit $EXIT_FAILURE +} + + +# func_grep EXPRESSION FILENAME +# ----------------------------- # Check whether EXPRESSION matches any line of FILENAME, without output. func_grep () { + $debug_cmd + $GREP "$1" "$2" >/dev/null 2>&1 } -# func_mkdir_p directory-path +# func_len STRING +# --------------- +# Set func_len_result to the length of STRING. STRING may not +# start with a hyphen. + test -z "$_G_HAVE_XSI_OPS" \ + && (eval 'x=a/b/c; + test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ + && _G_HAVE_XSI_OPS=yes + +if test yes = "$_G_HAVE_XSI_OPS"; then + eval 'func_len () + { + $debug_cmd + + func_len_result=${#1} + }' +else + func_len () + { + $debug_cmd + + func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len` + } +fi + + +# func_mkdir_p DIRECTORY-PATH +# --------------------------- # Make sure the entire path to DIRECTORY-PATH is available. func_mkdir_p () { - my_directory_path="$1" - my_dir_list= + $debug_cmd - if test -n "$my_directory_path" && test "$opt_dry_run" != ":"; then + _G_directory_path=$1 + _G_dir_list= - # Protect directory names starting with `-' - case $my_directory_path in - -*) my_directory_path="./$my_directory_path" ;; + if test -n "$_G_directory_path" && test : != "$opt_dry_run"; then + + # Protect directory names starting with '-' + case $_G_directory_path in + -*) _G_directory_path=./$_G_directory_path ;; esac # While some portion of DIR does not yet exist... - while test ! -d "$my_directory_path"; do + while test ! -d "$_G_directory_path"; do # ...make a list in topmost first order. Use a colon delimited # list incase some portion of path contains whitespace. - my_dir_list="$my_directory_path:$my_dir_list" + _G_dir_list=$_G_directory_path:$_G_dir_list # If the last portion added has no slash in it, the list is done - case $my_directory_path in */*) ;; *) break ;; esac + case $_G_directory_path in */*) ;; *) break ;; esac # ...otherwise throw away the child directory and loop - my_directory_path=`$ECHO "$my_directory_path" | $SED -e "$dirname"` + _G_directory_path=`$ECHO "$_G_directory_path" | $SED -e "$sed_dirname"` done - my_dir_list=`$ECHO "$my_dir_list" | $SED 's,:*$,,'` + _G_dir_list=`$ECHO "$_G_dir_list" | $SED 's|:*$||'` - save_mkdir_p_IFS="$IFS"; IFS=':' - for my_dir in $my_dir_list; do - IFS="$save_mkdir_p_IFS" - # mkdir can fail with a `File exist' error if two processes + func_mkdir_p_IFS=$IFS; IFS=: + for _G_dir in $_G_dir_list; do + IFS=$func_mkdir_p_IFS + # mkdir can fail with a 'File exist' error if two processes # try to create one of the directories concurrently. Don't # stop in that case! - $MKDIR "$my_dir" 2>/dev/null || : + $MKDIR "$_G_dir" 2>/dev/null || : done - IFS="$save_mkdir_p_IFS" + IFS=$func_mkdir_p_IFS # Bail out if we (or some other process) failed to create a directory. - test -d "$my_directory_path" || \ - func_fatal_error "Failed to create \`$1'" + test -d "$_G_directory_path" || \ + func_fatal_error "Failed to create '$1'" fi } -# func_mktempdir [string] +# func_mktempdir [BASENAME] +# ------------------------- # Make a temporary directory that won't clash with other running # libtool processes, and avoids race conditions if possible. If -# given, STRING is the basename for that directory. +# given, BASENAME is the basename for that directory. func_mktempdir () { - my_template="${TMPDIR-/tmp}/${1-$progname}" + $debug_cmd + + _G_template=${TMPDIR-/tmp}/${1-$progname} - if test "$opt_dry_run" = ":"; then + if test : = "$opt_dry_run"; then # Return a directory name, but don't create it in dry-run mode - my_tmpdir="${my_template}-$$" + _G_tmpdir=$_G_template-$$ else # If mktemp works, use that first and foremost - my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null` + _G_tmpdir=`mktemp -d "$_G_template-XXXXXXXX" 2>/dev/null` - if test ! -d "$my_tmpdir"; then + if test ! -d "$_G_tmpdir"; then # Failing that, at least try and use $RANDOM to avoid a race - my_tmpdir="${my_template}-${RANDOM-0}$$" + _G_tmpdir=$_G_template-${RANDOM-0}$$ - save_mktempdir_umask=`umask` + func_mktempdir_umask=`umask` umask 0077 - $MKDIR "$my_tmpdir" - umask $save_mktempdir_umask + $MKDIR "$_G_tmpdir" + umask $func_mktempdir_umask fi # If we're not in dry-run mode, bomb out on failure - test -d "$my_tmpdir" || \ - func_fatal_error "cannot create temporary directory \`$my_tmpdir'" + test -d "$_G_tmpdir" || \ + func_fatal_error "cannot create temporary directory '$_G_tmpdir'" + fi + + $ECHO "$_G_tmpdir" +} + + +# func_normal_abspath PATH +# ------------------------ +# Remove doubled-up and trailing slashes, "." path components, +# and cancel out any ".." path components in PATH after making +# it an absolute path. +func_normal_abspath () +{ + $debug_cmd + + # These SED scripts presuppose an absolute path with a trailing slash. + _G_pathcar='s|^/\([^/]*\).*$|\1|' + _G_pathcdr='s|^/[^/]*||' + _G_removedotparts=':dotsl + s|/\./|/|g + t dotsl + s|/\.$|/|' + _G_collapseslashes='s|/\{1,\}|/|g' + _G_finalslash='s|/*$|/|' + + # Start from root dir and reassemble the path. + func_normal_abspath_result= + func_normal_abspath_tpath=$1 + func_normal_abspath_altnamespace= + case $func_normal_abspath_tpath in + "") + # Empty path, that just means $cwd. + func_stripname '' '/' "`pwd`" + func_normal_abspath_result=$func_stripname_result + return + ;; + # The next three entries are used to spot a run of precisely + # two leading slashes without using negated character classes; + # we take advantage of case's first-match behaviour. + ///*) + # Unusual form of absolute path, do nothing. + ;; + //*) + # Not necessarily an ordinary path; POSIX reserves leading '//' + # and for example Cygwin uses it to access remote file shares + # over CIFS/SMB, so we conserve a leading double slash if found. + func_normal_abspath_altnamespace=/ + ;; + /*) + # Absolute path, do nothing. + ;; + *) + # Relative path, prepend $cwd. + func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath + ;; + esac + + # Cancel out all the simple stuff to save iterations. We also want + # the path to end with a slash for ease of parsing, so make sure + # there is one (and only one) here. + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$_G_removedotparts" -e "$_G_collapseslashes" -e "$_G_finalslash"` + while :; do + # Processed it all yet? + if test / = "$func_normal_abspath_tpath"; then + # If we ascended to the root using ".." the result may be empty now. + if test -z "$func_normal_abspath_result"; then + func_normal_abspath_result=/ + fi + break + fi + func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$_G_pathcar"` + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$_G_pathcdr"` + # Figure out what to do with it + case $func_normal_abspath_tcomponent in + "") + # Trailing empty path component, ignore it. + ;; + ..) + # Parent dir; strip last assembled component from result. + func_dirname "$func_normal_abspath_result" + func_normal_abspath_result=$func_dirname_result + ;; + *) + # Actual path component, append it. + func_append func_normal_abspath_result "/$func_normal_abspath_tcomponent" + ;; + esac + done + # Restore leading double-slash if one was found on entry. + func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result +} + + +# func_notquiet ARG... +# -------------------- +# Echo program name prefixed message only when not in quiet mode. +func_notquiet () +{ + $debug_cmd + + $opt_quiet || func_echo ${1+"$@"} + + # A bug in bash halts the script if the last line of a function + # fails when set -e is in force, so we need another command to + # work around that: + : +} + + +# func_relative_path SRCDIR DSTDIR +# -------------------------------- +# Set func_relative_path_result to the relative path from SRCDIR to DSTDIR. +func_relative_path () +{ + $debug_cmd + + func_relative_path_result= + func_normal_abspath "$1" + func_relative_path_tlibdir=$func_normal_abspath_result + func_normal_abspath "$2" + func_relative_path_tbindir=$func_normal_abspath_result + + # Ascend the tree starting from libdir + while :; do + # check if we have found a prefix of bindir + case $func_relative_path_tbindir in + $func_relative_path_tlibdir) + # found an exact match + func_relative_path_tcancelled= + break + ;; + $func_relative_path_tlibdir*) + # found a matching prefix + func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir" + func_relative_path_tcancelled=$func_stripname_result + if test -z "$func_relative_path_result"; then + func_relative_path_result=. + fi + break + ;; + *) + func_dirname $func_relative_path_tlibdir + func_relative_path_tlibdir=$func_dirname_result + if test -z "$func_relative_path_tlibdir"; then + # Have to descend all the way to the root! + func_relative_path_result=../$func_relative_path_result + func_relative_path_tcancelled=$func_relative_path_tbindir + break + fi + func_relative_path_result=../$func_relative_path_result + ;; + esac + done + + # Now calculate path; take care to avoid doubling-up slashes. + func_stripname '' '/' "$func_relative_path_result" + func_relative_path_result=$func_stripname_result + func_stripname '/' '/' "$func_relative_path_tcancelled" + if test -n "$func_stripname_result"; then + func_append func_relative_path_result "/$func_stripname_result" + fi + + # Normalisation. If bindir is libdir, return '.' else relative path. + if test -n "$func_relative_path_result"; then + func_stripname './' '' "$func_relative_path_result" + func_relative_path_result=$func_stripname_result fi - $ECHO "$my_tmpdir" + test -n "$func_relative_path_result" || func_relative_path_result=. + + : +} + + +# func_quote_for_eval ARG... +# -------------------------- +# Aesthetically quote ARGs to be evaled later. +# This function returns two values: +# i) func_quote_for_eval_result +# double-quoted, suitable for a subsequent eval +# ii) func_quote_for_eval_unquoted_result +# has all characters that are still active within double +# quotes backslashified. +func_quote_for_eval () +{ + $debug_cmd + + func_quote_for_eval_unquoted_result= + func_quote_for_eval_result= + while test 0 -lt $#; do + case $1 in + *[\\\`\"\$]*) + _G_unquoted_arg=`printf '%s\n' "$1" |$SED "$sed_quote_subst"` ;; + *) + _G_unquoted_arg=$1 ;; + esac + if test -n "$func_quote_for_eval_unquoted_result"; then + func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg" + else + func_append func_quote_for_eval_unquoted_result "$_G_unquoted_arg" + fi + + case $_G_unquoted_arg in + # Double-quote args containing shell metacharacters to delay + # word splitting, command substitution and variable expansion + # for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + _G_quoted_arg=\"$_G_unquoted_arg\" + ;; + *) + _G_quoted_arg=$_G_unquoted_arg + ;; + esac + + if test -n "$func_quote_for_eval_result"; then + func_append func_quote_for_eval_result " $_G_quoted_arg" + else + func_append func_quote_for_eval_result "$_G_quoted_arg" + fi + shift + done +} + + +# func_quote_for_expand ARG +# ------------------------- +# Aesthetically quote ARG to be evaled later; same as above, +# but do not quote variable references. +func_quote_for_expand () +{ + $debug_cmd + + case $1 in + *[\\\`\"]*) + _G_arg=`$ECHO "$1" | $SED \ + -e "$sed_double_quote_subst" -e "$sed_double_backslash"` ;; + *) + _G_arg=$1 ;; + esac + + case $_G_arg in + # Double-quote args containing shell metacharacters to delay + # word splitting and command substitution for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + _G_arg=\"$_G_arg\" + ;; + esac + + func_quote_for_expand_result=$_G_arg +} + + +# func_stripname PREFIX SUFFIX NAME +# --------------------------------- +# strip PREFIX and SUFFIX from NAME, and store in func_stripname_result. +# PREFIX and SUFFIX must not contain globbing or regex special +# characters, hashes, percent signs, but SUFFIX may contain a leading +# dot (in which case that matches only a dot). +if test yes = "$_G_HAVE_XSI_OPS"; then + eval 'func_stripname () + { + $debug_cmd + + # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are + # positional parameters, so assign one to ordinary variable first. + func_stripname_result=$3 + func_stripname_result=${func_stripname_result#"$1"} + func_stripname_result=${func_stripname_result%"$2"} + }' +else + func_stripname () + { + $debug_cmd + + case $2 in + .*) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%\\\\$2\$%%"`;; + *) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%$2\$%%"`;; + esac + } +fi + + +# func_show_eval CMD [FAIL_EXP] +# ----------------------------- +# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. +func_show_eval () +{ + $debug_cmd + + _G_cmd=$1 + _G_fail_exp=${2-':'} + + func_quote_for_expand "$_G_cmd" + eval "func_notquiet $func_quote_for_expand_result" + + $opt_dry_run || { + eval "$_G_cmd" + _G_status=$? + if test 0 -ne "$_G_status"; then + eval "(exit $_G_status); $_G_fail_exp" + fi + } +} + + +# func_show_eval_locale CMD [FAIL_EXP] +# ------------------------------------ +# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. Use the saved locale for evaluation. +func_show_eval_locale () +{ + $debug_cmd + + _G_cmd=$1 + _G_fail_exp=${2-':'} + + $opt_quiet || { + func_quote_for_expand "$_G_cmd" + eval "func_echo $func_quote_for_expand_result" + } + + $opt_dry_run || { + eval "$_G_user_locale + $_G_cmd" + _G_status=$? + eval "$_G_safe_locale" + if test 0 -ne "$_G_status"; then + eval "(exit $_G_status); $_G_fail_exp" + fi + } +} + + +# func_tr_sh +# ---------- +# Turn $1 into a string suitable for a shell variable name. +# Result is stored in $func_tr_sh_result. All characters +# not in the set a-zA-Z0-9_ are replaced with '_'. Further, +# if $1 begins with a digit, a '_' is prepended as well. +func_tr_sh () +{ + $debug_cmd + + case $1 in + [0-9]* | *[!a-zA-Z0-9_]*) + func_tr_sh_result=`$ECHO "$1" | $SED -e 's/^\([0-9]\)/_\1/' -e 's/[^a-zA-Z0-9_]/_/g'` + ;; + * ) + func_tr_sh_result=$1 + ;; + esac +} + + +# func_verbose ARG... +# ------------------- +# Echo program name prefixed message in verbose mode only. +func_verbose () +{ + $debug_cmd + + $opt_verbose && func_echo "$*" + + : +} + + +# func_warn_and_continue ARG... +# ----------------------------- +# Echo program name prefixed warning message to standard error. +func_warn_and_continue () +{ + $debug_cmd + + $require_term_colors + + func_echo_infix_1 "${tc_red}warning$tc_reset" "$*" >&2 +} + + +# func_warning CATEGORY ARG... +# ---------------------------- +# Echo program name prefixed warning message to standard error. Warning +# messages can be filtered according to CATEGORY, where this function +# elides messages where CATEGORY is not listed in the global variable +# 'opt_warning_types'. +func_warning () +{ + $debug_cmd + + # CATEGORY must be in the warning_categories list! + case " $warning_categories " in + *" $1 "*) ;; + *) func_internal_error "invalid warning category '$1'" ;; + esac + + _G_category=$1 + shift + + case " $opt_warning_types " in + *" $_G_category "*) $warning_func ${1+"$@"} ;; + esac +} + + +# func_sort_ver VER1 VER2 +# ----------------------- +# 'sort -V' is not generally available. +# Note this deviates from the version comparison in automake +# in that it treats 1.5 < 1.5.0, and treats 1.4.4a < 1.4-p3a +# but this should suffice as we won't be specifying old +# version formats or redundant trailing .0 in bootstrap.conf. +# If we did want full compatibility then we should probably +# use m4_version_compare from autoconf. +func_sort_ver () +{ + $debug_cmd + + printf '%s\n%s\n' "$1" "$2" \ + | sort -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n -k 5,5n -k 6,6n -k 7,7n -k 8,8n -k 9,9n +} + +# func_lt_ver PREV CURR +# --------------------- +# Return true if PREV and CURR are in the correct order according to +# func_sort_ver, otherwise false. Use it like this: +# +# func_lt_ver "$prev_ver" "$proposed_ver" || func_fatal_error "..." +func_lt_ver () +{ + $debug_cmd + + test "x$1" = x`func_sort_ver "$1" "$2" | $SED 1q` +} + + +# Local variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" +# time-stamp-time-zone: "UTC" +# End: +#! /bin/sh + +# Set a version string for this script. +scriptversion=2014-01-07.03; # UTC + +# A portable, pluggable option parser for Bourne shell. +# Written by Gary V. Vaughan, 2010 + +# Copyright (C) 2010-2015 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Please report bugs or propose patches to gary@gnu.org. + + +## ------ ## +## Usage. ## +## ------ ## + +# This file is a library for parsing options in your shell scripts along +# with assorted other useful supporting features that you can make use +# of too. +# +# For the simplest scripts you might need only: +# +# #!/bin/sh +# . relative/path/to/funclib.sh +# . relative/path/to/options-parser +# scriptversion=1.0 +# func_options ${1+"$@"} +# eval set dummy "$func_options_result"; shift +# ...rest of your script... +# +# In order for the '--version' option to work, you will need to have a +# suitably formatted comment like the one at the top of this file +# starting with '# Written by ' and ending with '# warranty; '. +# +# For '-h' and '--help' to work, you will also need a one line +# description of your script's purpose in a comment directly above the +# '# Written by ' line, like the one at the top of this file. +# +# The default options also support '--debug', which will turn on shell +# execution tracing (see the comment above debug_cmd below for another +# use), and '--verbose' and the func_verbose function to allow your script +# to display verbose messages only when your user has specified +# '--verbose'. +# +# After sourcing this file, you can plug processing for additional +# options by amending the variables from the 'Configuration' section +# below, and following the instructions in the 'Option parsing' +# section further down. + +## -------------- ## +## Configuration. ## +## -------------- ## + +# You should override these variables in your script after sourcing this +# file so that they reflect the customisations you have added to the +# option parser. + +# The usage line for option parsing errors and the start of '-h' and +# '--help' output messages. You can embed shell variables for delayed +# expansion at the time the message is displayed, but you will need to +# quote other shell meta-characters carefully to prevent them being +# expanded when the contents are evaled. +usage='$progpath [OPTION]...' + +# Short help message in response to '-h' and '--help'. Add to this or +# override it after sourcing this library to reflect the full set of +# options your script accepts. +usage_message="\ + --debug enable verbose shell tracing + -W, --warnings=CATEGORY + report the warnings falling in CATEGORY [all] + -v, --verbose verbosely report processing + --version print version information and exit + -h, --help print short or long help message and exit +" + +# Additional text appended to 'usage_message' in response to '--help'. +long_help_message=" +Warning categories include: + 'all' show all warnings + 'none' turn off all the warnings + 'error' warnings are treated as fatal errors" + +# Help message printed before fatal option parsing errors. +fatal_help="Try '\$progname --help' for more information." + + + +## ------------------------- ## +## Hook function management. ## +## ------------------------- ## + +# This section contains functions for adding, removing, and running hooks +# to the main code. A hook is just a named list of of function, that can +# be run in order later on. + +# func_hookable FUNC_NAME +# ----------------------- +# Declare that FUNC_NAME will run hooks added with +# 'func_add_hook FUNC_NAME ...'. +func_hookable () +{ + $debug_cmd + + func_append hookable_fns " $1" +} + + +# func_add_hook FUNC_NAME HOOK_FUNC +# --------------------------------- +# Request that FUNC_NAME call HOOK_FUNC before it returns. FUNC_NAME must +# first have been declared "hookable" by a call to 'func_hookable'. +func_add_hook () +{ + $debug_cmd + + case " $hookable_fns " in + *" $1 "*) ;; + *) func_fatal_error "'$1' does not accept hook functions." ;; + esac + + eval func_append ${1}_hooks '" $2"' +} + + +# func_remove_hook FUNC_NAME HOOK_FUNC +# ------------------------------------ +# Remove HOOK_FUNC from the list of functions called by FUNC_NAME. +func_remove_hook () +{ + $debug_cmd + + eval ${1}_hooks='`$ECHO "\$'$1'_hooks" |$SED "s| '$2'||"`' +} + + +# func_run_hooks FUNC_NAME [ARG]... +# --------------------------------- +# Run all hook functions registered to FUNC_NAME. +# It is assumed that the list of hook functions contains nothing more +# than a whitespace-delimited list of legal shell function names, and +# no effort is wasted trying to catch shell meta-characters or preserve +# whitespace. +func_run_hooks () +{ + $debug_cmd + + case " $hookable_fns " in + *" $1 "*) ;; + *) func_fatal_error "'$1' does not support hook funcions.n" ;; + esac + + eval _G_hook_fns=\$$1_hooks; shift + + for _G_hook in $_G_hook_fns; do + eval $_G_hook '"$@"' + + # store returned options list back into positional + # parameters for next 'cmd' execution. + eval _G_hook_result=\$${_G_hook}_result + eval set dummy "$_G_hook_result"; shift + done + + func_quote_for_eval ${1+"$@"} + func_run_hooks_result=$func_quote_for_eval_result +} + + + +## --------------- ## +## Option parsing. ## +## --------------- ## + +# In order to add your own option parsing hooks, you must accept the +# full positional parameter list in your hook function, remove any +# options that you action, and then pass back the remaining unprocessed +# options in '_result', escaped suitably for +# 'eval'. Like this: +# +# my_options_prep () +# { +# $debug_cmd +# +# # Extend the existing usage message. +# usage_message=$usage_message' +# -s, --silent don'\''t print informational messages +# ' +# +# func_quote_for_eval ${1+"$@"} +# my_options_prep_result=$func_quote_for_eval_result +# } +# func_add_hook func_options_prep my_options_prep +# +# +# my_silent_option () +# { +# $debug_cmd +# +# # Note that for efficiency, we parse as many options as we can +# # recognise in a loop before passing the remainder back to the +# # caller on the first unrecognised argument we encounter. +# while test $# -gt 0; do +# opt=$1; shift +# case $opt in +# --silent|-s) opt_silent=: ;; +# # Separate non-argument short options: +# -s*) func_split_short_opt "$_G_opt" +# set dummy "$func_split_short_opt_name" \ +# "-$func_split_short_opt_arg" ${1+"$@"} +# shift +# ;; +# *) set dummy "$_G_opt" "$*"; shift; break ;; +# esac +# done +# +# func_quote_for_eval ${1+"$@"} +# my_silent_option_result=$func_quote_for_eval_result +# } +# func_add_hook func_parse_options my_silent_option +# +# +# my_option_validation () +# { +# $debug_cmd +# +# $opt_silent && $opt_verbose && func_fatal_help "\ +# '--silent' and '--verbose' options are mutually exclusive." +# +# func_quote_for_eval ${1+"$@"} +# my_option_validation_result=$func_quote_for_eval_result +# } +# func_add_hook func_validate_options my_option_validation +# +# You'll alse need to manually amend $usage_message to reflect the extra +# options you parse. It's preferable to append if you can, so that +# multiple option parsing hooks can be added safely. + + +# func_options [ARG]... +# --------------------- +# All the functions called inside func_options are hookable. See the +# individual implementations for details. +func_hookable func_options +func_options () +{ + $debug_cmd + + func_options_prep ${1+"$@"} + eval func_parse_options \ + ${func_options_prep_result+"$func_options_prep_result"} + eval func_validate_options \ + ${func_parse_options_result+"$func_parse_options_result"} + + eval func_run_hooks func_options \ + ${func_validate_options_result+"$func_validate_options_result"} + + # save modified positional parameters for caller + func_options_result=$func_run_hooks_result } -# func_quote_for_eval arg -# Aesthetically quote ARG to be evaled later. -# This function returns two values: FUNC_QUOTE_FOR_EVAL_RESULT -# is double-quoted, suitable for a subsequent eval, whereas -# FUNC_QUOTE_FOR_EVAL_UNQUOTED_RESULT has merely all characters -# which are still active within double quotes backslashified. -func_quote_for_eval () +# func_options_prep [ARG]... +# -------------------------- +# All initialisations required before starting the option parse loop. +# Note that when calling hook functions, we pass through the list of +# positional parameters. If a hook function modifies that list, and +# needs to propogate that back to rest of this script, then the complete +# modified list must be put in 'func_run_hooks_result' before +# returning. +func_hookable func_options_prep +func_options_prep () { - case $1 in - *[\\\`\"\$]*) - func_quote_for_eval_unquoted_result=`$ECHO "$1" | $SED "$sed_quote_subst"` ;; - *) - func_quote_for_eval_unquoted_result="$1" ;; - esac + $debug_cmd - case $func_quote_for_eval_unquoted_result in - # Double-quote args containing shell metacharacters to delay - # word splitting, command substitution and and variable - # expansion for a subsequent eval. - # Many Bourne shells cannot handle close brackets correctly - # in scan sets, so we specify it separately. - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - func_quote_for_eval_result="\"$func_quote_for_eval_unquoted_result\"" - ;; - *) - func_quote_for_eval_result="$func_quote_for_eval_unquoted_result" - esac + # Option defaults: + opt_verbose=false + opt_warning_types= + + func_run_hooks func_options_prep ${1+"$@"} + + # save modified positional parameters for caller + func_options_prep_result=$func_run_hooks_result } -# func_quote_for_expand arg -# Aesthetically quote ARG to be evaled later; same as above, -# but do not quote variable references. -func_quote_for_expand () +# func_parse_options [ARG]... +# --------------------------- +# The main option parsing loop. +func_hookable func_parse_options +func_parse_options () { - case $1 in - *[\\\`\"]*) - my_arg=`$ECHO "$1" | $SED \ - -e "$double_quote_subst" -e "$sed_double_backslash"` ;; - *) - my_arg="$1" ;; - esac + $debug_cmd - case $my_arg in - # Double-quote args containing shell metacharacters to delay - # word splitting and command substitution for a subsequent eval. - # Many Bourne shells cannot handle close brackets correctly - # in scan sets, so we specify it separately. - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - my_arg="\"$my_arg\"" - ;; - esac + func_parse_options_result= - func_quote_for_expand_result="$my_arg" -} + # this just eases exit handling + while test $# -gt 0; do + # Defer to hook functions for initial option parsing, so they + # get priority in the event of reusing an option name. + func_run_hooks func_parse_options ${1+"$@"} + # Adjust func_parse_options positional parameters to match + eval set dummy "$func_run_hooks_result"; shift -# func_show_eval cmd [fail_exp] -# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is -# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP -# is given, then evaluate it. -func_show_eval () -{ - my_cmd="$1" - my_fail_exp="${2-:}" + # Break out of the loop if we already parsed every option. + test $# -gt 0 || break - ${opt_silent-false} || { - func_quote_for_expand "$my_cmd" - eval "func_echo $func_quote_for_expand_result" - } + _G_opt=$1 + shift + case $_G_opt in + --debug|-x) debug_cmd='set -x' + func_echo "enabling shell trace mode" + $debug_cmd + ;; + + --no-warnings|--no-warning|--no-warn) + set dummy --warnings none ${1+"$@"} + shift + ;; - if ${opt_dry_run-false}; then :; else - eval "$my_cmd" - my_status=$? - if test "$my_status" -eq 0; then :; else - eval "(exit $my_status); $my_fail_exp" - fi - fi + --warnings|--warning|-W) + test $# = 0 && func_missing_arg $_G_opt && break + case " $warning_categories $1" in + *" $1 "*) + # trailing space prevents matching last $1 above + func_append_uniq opt_warning_types " $1" + ;; + *all) + opt_warning_types=$warning_categories + ;; + *none) + opt_warning_types=none + warning_func=: + ;; + *error) + opt_warning_types=$warning_categories + warning_func=func_fatal_error + ;; + *) + func_fatal_error \ + "unsupported warning category: '$1'" + ;; + esac + shift + ;; + + --verbose|-v) opt_verbose=: ;; + --version) func_version ;; + -\?|-h) func_usage ;; + --help) func_help ;; + + # Separate optargs to long options (plugins may need this): + --*=*) func_split_equals "$_G_opt" + set dummy "$func_split_equals_lhs" \ + "$func_split_equals_rhs" ${1+"$@"} + shift + ;; + + # Separate optargs to short options: + -W*) + func_split_short_opt "$_G_opt" + set dummy "$func_split_short_opt_name" \ + "$func_split_short_opt_arg" ${1+"$@"} + shift + ;; + + # Separate non-argument short options: + -\?*|-h*|-v*|-x*) + func_split_short_opt "$_G_opt" + set dummy "$func_split_short_opt_name" \ + "-$func_split_short_opt_arg" ${1+"$@"} + shift + ;; + + --) break ;; + -*) func_fatal_help "unrecognised option: '$_G_opt'" ;; + *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; + esac + done + + # save modified positional parameters for caller + func_quote_for_eval ${1+"$@"} + func_parse_options_result=$func_quote_for_eval_result } -# func_show_eval_locale cmd [fail_exp] -# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is -# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP -# is given, then evaluate it. Use the saved locale for evaluation. -func_show_eval_locale () +# func_validate_options [ARG]... +# ------------------------------ +# Perform any sanity checks on option settings and/or unconsumed +# arguments. +func_hookable func_validate_options +func_validate_options () { - my_cmd="$1" - my_fail_exp="${2-:}" + $debug_cmd - ${opt_silent-false} || { - func_quote_for_expand "$my_cmd" - eval "func_echo $func_quote_for_expand_result" - } + # Display all warnings if -W was not given. + test -n "$opt_warning_types" || opt_warning_types=" $warning_categories" - if ${opt_dry_run-false}; then :; else - eval "$lt_user_locale - $my_cmd" - my_status=$? - eval "$lt_safe_locale" - if test "$my_status" -eq 0; then :; else - eval "(exit $my_status); $my_fail_exp" - fi - fi -} + func_run_hooks func_validate_options ${1+"$@"} -# func_tr_sh -# Turn $1 into a string suitable for a shell variable name. -# Result is stored in $func_tr_sh_result. All characters -# not in the set a-zA-Z0-9_ are replaced with '_'. Further, -# if $1 begins with a digit, a '_' is prepended as well. -func_tr_sh () -{ - case $1 in - [0-9]* | *[!a-zA-Z0-9_]*) - func_tr_sh_result=`$ECHO "$1" | $SED 's/^\([0-9]\)/_\1/; s/[^a-zA-Z0-9_]/_/g'` - ;; - * ) - func_tr_sh_result=$1 - ;; - esac + # Bail if the options were screwed! + $exit_cmd $EXIT_FAILURE + + # save modified positional parameters for caller + func_validate_options_result=$func_run_hooks_result } -# func_version -# Echo version message to standard output and exit. -func_version () -{ - $opt_debug - $SED -n '/(C)/!b go - :more - /\./!{ - N - s/\n# / / - b more - } - :go - /^# '$PROGRAM' (GNU /,/# warranty; / { - s/^# // - s/^# *$// - s/\((C)\)[ 0-9,-]*\( [1-9][0-9]*\)/\1\2/ - p - }' < "$progpath" - exit $? -} +## ----------------- ## +## Helper functions. ## +## ----------------- ## -# func_usage -# Echo short help message to standard output and exit. -func_usage () +# This section contains the helper functions used by the rest of the +# hookable option parser framework in ascii-betical order. + + +# func_fatal_help ARG... +# ---------------------- +# Echo program name prefixed message to standard error, followed by +# a help hint, and exit. +func_fatal_help () { - $opt_debug + $debug_cmd - $SED -n '/^# Usage:/,/^# *.*--help/ { - s/^# // - s/^# *$// - s/\$progname/'$progname'/ - p - }' < "$progpath" - echo - $ECHO "run \`$progname --help | more' for full usage" - exit $? + eval \$ECHO \""Usage: $usage"\" + eval \$ECHO \""$fatal_help"\" + func_error ${1+"$@"} + exit $EXIT_FAILURE } -# func_help [NOEXIT] -# Echo long help message to standard output and exit, -# unless 'noexit' is passed as argument. + +# func_help +# --------- +# Echo long help message to standard output and exit. func_help () { - $opt_debug - - $SED -n '/^# Usage:/,/# Report bugs to/ { - :print - s/^# // - s/^# *$// - s*\$progname*'$progname'* - s*\$host*'"$host"'* - s*\$SHELL*'"$SHELL"'* - s*\$LTCC*'"$LTCC"'* - s*\$LTCFLAGS*'"$LTCFLAGS"'* - s*\$LD*'"$LD"'* - s/\$with_gnu_ld/'"$with_gnu_ld"'/ - s/\$automake_version/'"`(${AUTOMAKE-automake} --version) 2>/dev/null |$SED 1q`"'/ - s/\$autoconf_version/'"`(${AUTOCONF-autoconf} --version) 2>/dev/null |$SED 1q`"'/ - p - d - } - /^# .* home page:/b print - /^# General help using/b print - ' < "$progpath" - ret=$? - if test -z "$1"; then - exit $ret - fi + $debug_cmd + + func_usage_message + $ECHO "$long_help_message" + exit 0 } -# func_missing_arg argname + +# func_missing_arg ARGNAME +# ------------------------ # Echo program name prefixed message to standard error and set global # exit_cmd. func_missing_arg () { - $opt_debug + $debug_cmd - func_error "missing argument for $1." + func_error "Missing argument for '$1'." exit_cmd=exit } -# func_split_short_opt shortopt +# func_split_equals STRING +# ------------------------ +# Set func_split_equals_lhs and func_split_equals_rhs shell variables after +# splitting STRING at the '=' sign. +test -z "$_G_HAVE_XSI_OPS" \ + && (eval 'x=a/b/c; + test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ + && _G_HAVE_XSI_OPS=yes + +if test yes = "$_G_HAVE_XSI_OPS" +then + # This is an XSI compatible shell, allowing a faster implementation... + eval 'func_split_equals () + { + $debug_cmd + + func_split_equals_lhs=${1%%=*} + func_split_equals_rhs=${1#*=} + test "x$func_split_equals_lhs" = "x$1" \ + && func_split_equals_rhs= + }' +else + # ...otherwise fall back to using expr, which is often a shell builtin. + func_split_equals () + { + $debug_cmd + + func_split_equals_lhs=`expr "x$1" : 'x\([^=]*\)'` + func_split_equals_rhs= + test "x$func_split_equals_lhs" = "x$1" \ + || func_split_equals_rhs=`expr "x$1" : 'x[^=]*=\(.*\)$'` + } +fi #func_split_equals + + +# func_split_short_opt SHORTOPT +# ----------------------------- # Set func_split_short_opt_name and func_split_short_opt_arg shell # variables after splitting SHORTOPT after the 2nd character. -func_split_short_opt () +if test yes = "$_G_HAVE_XSI_OPS" +then + # This is an XSI compatible shell, allowing a faster implementation... + eval 'func_split_short_opt () + { + $debug_cmd + + func_split_short_opt_arg=${1#??} + func_split_short_opt_name=${1%"$func_split_short_opt_arg"} + }' +else + # ...otherwise fall back to using expr, which is often a shell builtin. + func_split_short_opt () + { + $debug_cmd + + func_split_short_opt_name=`expr "x$1" : 'x-\(.\)'` + func_split_short_opt_arg=`expr "x$1" : 'x-.\(.*\)$'` + } +fi #func_split_short_opt + + +# func_usage +# ---------- +# Echo short help message to standard output and exit. +func_usage () { - my_sed_short_opt='1s/^\(..\).*$/\1/;q' - my_sed_short_rest='1s/^..\(.*\)$/\1/;q' + $debug_cmd - func_split_short_opt_name=`$ECHO "$1" | $SED "$my_sed_short_opt"` - func_split_short_opt_arg=`$ECHO "$1" | $SED "$my_sed_short_rest"` -} # func_split_short_opt may be replaced by extended shell implementation + func_usage_message + $ECHO "Run '$progname --help |${PAGER-more}' for full usage" + exit 0 +} -# func_split_long_opt longopt -# Set func_split_long_opt_name and func_split_long_opt_arg shell -# variables after splitting LONGOPT at the `=' sign. -func_split_long_opt () +# func_usage_message +# ------------------ +# Echo short help message to standard output. +func_usage_message () { - my_sed_long_opt='1s/^\(--[^=]*\)=.*/\1/;q' - my_sed_long_arg='1s/^--[^=]*=//' + $debug_cmd - func_split_long_opt_name=`$ECHO "$1" | $SED "$my_sed_long_opt"` - func_split_long_opt_arg=`$ECHO "$1" | $SED "$my_sed_long_arg"` -} # func_split_long_opt may be replaced by extended shell implementation + eval \$ECHO \""Usage: $usage"\" + echo + $SED -n 's|^# || + /^Written by/{ + x;p;x + } + h + /^Written by/q' < "$progpath" + echo + eval \$ECHO \""$usage_message"\" +} -exit_cmd=: +# func_version +# ------------ +# Echo version message to standard output and exit. +func_version () +{ + $debug_cmd + printf '%s\n' "$progname $scriptversion" + $SED -n ' + /(C)/!b go + :more + /\./!{ + N + s|\n# | | + b more + } + :go + /^# Written by /,/# warranty; / { + s|^# || + s|^# *$|| + s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2| + p + } + /^# Written by / { + s|^# || + p + } + /^warranty; /q' < "$progpath" + exit $? +} -magic="%%%MAGIC variable%%%" -magic_exe="%%%MAGIC EXE variable%%%" +# Local variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" +# time-stamp-time-zone: "UTC" +# End: -# Global variables. -nonopt= -preserve_args= -lo2o="s/\\.lo\$/.${objext}/" -o2lo="s/\\.${objext}\$/.lo/" -extracted_archives= -extracted_serial=0 +# Set a version string. +scriptversion='(GNU libtool) 2.4.6' -# If this variable is set in any of the actions, the command in it -# will be execed at the end. This prevents here-documents from being -# left over by shells. -exec_cmd= -# func_append var value -# Append VALUE to the end of shell variable VAR. -func_append () +# func_echo ARG... +# ---------------- +# Libtool also displays the current mode in messages, so override +# funclib.sh func_echo with this custom definition. +func_echo () { - eval "${1}=\$${1}\${2}" -} # func_append may be replaced by extended shell implementation + $debug_cmd -# func_append_quoted var value -# Quote VALUE and append to the end of shell variable VAR, separated -# by a space. -func_append_quoted () -{ - func_quote_for_eval "${2}" - eval "${1}=\$${1}\\ \$func_quote_for_eval_result" -} # func_append_quoted may be replaced by extended shell implementation + _G_message=$* + func_echo_IFS=$IFS + IFS=$nl + for _G_line in $_G_message; do + IFS=$func_echo_IFS + $ECHO "$progname${opt_mode+: $opt_mode}: $_G_line" + done + IFS=$func_echo_IFS +} -# func_arith arithmetic-term... -func_arith () + +# func_warning ARG... +# ------------------- +# Libtool warnings are not categorized, so override funclib.sh +# func_warning with this simpler definition. +func_warning () { - func_arith_result=`expr "${@}"` -} # func_arith may be replaced by extended shell implementation + $debug_cmd + $warning_func ${1+"$@"} +} -# func_len string -# STRING may not start with a hyphen. -func_len () -{ - func_len_result=`expr "${1}" : ".*" 2>/dev/null || echo $max_cmd_len` -} # func_len may be replaced by extended shell implementation +## ---------------- ## +## Options parsing. ## +## ---------------- ## + +# Hook in the functions to make sure our own options are parsed during +# the option parsing loop. + +usage='$progpath [OPTION]... [MODE-ARG]...' + +# Short help message in response to '-h'. +usage_message="Options: + --config show all configuration variables + --debug enable verbose shell tracing + -n, --dry-run display commands without modifying any files + --features display basic configuration information and exit + --mode=MODE use operation mode MODE + --no-warnings equivalent to '-Wnone' + --preserve-dup-deps don't remove duplicate dependency libraries + --quiet, --silent don't print informational messages + --tag=TAG use configuration variables from tag TAG + -v, --verbose print more informational messages than default + --version print version information + -W, --warnings=CATEGORY report the warnings falling in CATEGORY [all] + -h, --help, --help-all print short, long, or detailed help message +" -# func_lo2o object -func_lo2o () +# Additional text appended to 'usage_message' in response to '--help'. +func_help () { - func_lo2o_result=`$ECHO "${1}" | $SED "$lo2o"` -} # func_lo2o may be replaced by extended shell implementation + $debug_cmd + + func_usage_message + $ECHO "$long_help_message + +MODE must be one of the following: + + clean remove files from the build directory + compile compile a source file into a libtool object + execute automatically set library path, then run a program + finish complete the installation of libtool libraries + install install libraries or executables + link create a library or an executable + uninstall remove libraries from an installed directory + +MODE-ARGS vary depending on the MODE. When passed as first option, +'--mode=MODE' may be abbreviated as 'MODE' or a unique abbreviation of that. +Try '$progname --help --mode=MODE' for a more detailed description of MODE. + +When reporting a bug, please describe a test case to reproduce it and +include the following information: + + host-triplet: $host + shell: $SHELL + compiler: $LTCC + compiler flags: $LTCFLAGS + linker: $LD (gnu? $with_gnu_ld) + version: $progname (GNU libtool) 2.4.6 + automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q` + autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q` + +Report bugs to . +GNU libtool home page: . +General help using GNU software: ." + exit 0 +} -# func_xform libobj-or-source -func_xform () -{ - func_xform_result=`$ECHO "${1}" | $SED 's/\.[^.]*$/.lo/'` -} # func_xform may be replaced by extended shell implementation +# func_lo2o OBJECT-NAME +# --------------------- +# Transform OBJECT-NAME from a '.lo' suffix to the platform specific +# object suffix. + +lo2o=s/\\.lo\$/.$objext/ +o2lo=s/\\.$objext\$/.lo/ + +if test yes = "$_G_HAVE_XSI_OPS"; then + eval 'func_lo2o () + { + case $1 in + *.lo) func_lo2o_result=${1%.lo}.$objext ;; + * ) func_lo2o_result=$1 ;; + esac + }' + + # func_xform LIBOBJ-OR-SOURCE + # --------------------------- + # Transform LIBOBJ-OR-SOURCE from a '.o' or '.c' (or otherwise) + # suffix to a '.lo' libtool-object suffix. + eval 'func_xform () + { + func_xform_result=${1%.*}.lo + }' +else + # ...otherwise fall back to using sed. + func_lo2o () + { + func_lo2o_result=`$ECHO "$1" | $SED "$lo2o"` + } + + func_xform () + { + func_xform_result=`$ECHO "$1" | $SED 's|\.[^.]*$|.lo|'` + } +fi -# func_fatal_configuration arg... +# func_fatal_configuration ARG... +# ------------------------------- # Echo program name prefixed message to standard error, followed by # a configuration failure hint, and exit. func_fatal_configuration () { - func_error ${1+"$@"} - func_error "See the $PACKAGE documentation for more information." - func_fatal_error "Fatal configuration error." + func__fatal_error ${1+"$@"} \ + "See the $PACKAGE documentation for more information." \ + "Fatal configuration error." } # func_config +# ----------- # Display the configuration for all the tags in this script. func_config () { @@ -915,17 +2149,19 @@ func_config () exit $? } + # func_features +# ------------- # Display the features supported by this script. func_features () { echo "host: $host" - if test "$build_libtool_libs" = yes; then + if test yes = "$build_libtool_libs"; then echo "enable shared libraries" else echo "disable shared libraries" fi - if test "$build_old_libs" = yes; then + if test yes = "$build_old_libs"; then echo "enable static libraries" else echo "disable static libraries" @@ -934,314 +2170,350 @@ func_features () exit $? } -# func_enable_tag tagname + +# func_enable_tag TAGNAME +# ----------------------- # Verify that TAGNAME is valid, and either flag an error and exit, or # enable the TAGNAME tag. We also add TAGNAME to the global $taglist # variable here. func_enable_tag () { - # Global variable: - tagname="$1" + # Global variable: + tagname=$1 - re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$" - re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$" - sed_extractcf="/$re_begincf/,/$re_endcf/p" + re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$" + re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$" + sed_extractcf=/$re_begincf/,/$re_endcf/p - # Validate tagname. - case $tagname in - *[!-_A-Za-z0-9,/]*) - func_fatal_error "invalid tag name: $tagname" - ;; - esac + # Validate tagname. + case $tagname in + *[!-_A-Za-z0-9,/]*) + func_fatal_error "invalid tag name: $tagname" + ;; + esac - # Don't test for the "default" C tag, as we know it's - # there but not specially marked. - case $tagname in - CC) ;; + # Don't test for the "default" C tag, as we know it's + # there but not specially marked. + case $tagname in + CC) ;; *) - if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then - taglist="$taglist $tagname" - - # Evaluate the configuration. Be careful to quote the path - # and the sed script, to avoid splitting on whitespace, but - # also don't use non-portable quotes within backquotes within - # quotes we have to do it in 2 steps: - extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` - eval "$extractedcf" - else - func_error "ignoring unknown tag $tagname" - fi - ;; - esac + if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then + taglist="$taglist $tagname" + + # Evaluate the configuration. Be careful to quote the path + # and the sed script, to avoid splitting on whitespace, but + # also don't use non-portable quotes within backquotes within + # quotes we have to do it in 2 steps: + extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` + eval "$extractedcf" + else + func_error "ignoring unknown tag $tagname" + fi + ;; + esac } + # func_check_version_match +# ------------------------ # Ensure that we are using m4 macros, and libtool script from the same # release of libtool. func_check_version_match () { - if test "$package_revision" != "$macro_revision"; then - if test "$VERSION" != "$macro_version"; then - if test -z "$macro_version"; then - cat >&2 <<_LT_EOF + if test "$package_revision" != "$macro_revision"; then + if test "$VERSION" != "$macro_version"; then + if test -z "$macro_version"; then + cat >&2 <<_LT_EOF $progname: Version mismatch error. This is $PACKAGE $VERSION, but the $progname: definition of this LT_INIT comes from an older release. $progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION $progname: and run autoconf again. _LT_EOF - else - cat >&2 <<_LT_EOF + else + cat >&2 <<_LT_EOF $progname: Version mismatch error. This is $PACKAGE $VERSION, but the $progname: definition of this LT_INIT comes from $PACKAGE $macro_version. $progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION $progname: and run autoconf again. _LT_EOF - fi - else - cat >&2 <<_LT_EOF + fi + else + cat >&2 <<_LT_EOF $progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision, $progname: but the definition of this LT_INIT comes from revision $macro_revision. $progname: You should recreate aclocal.m4 with macros from revision $package_revision $progname: of $PACKAGE $VERSION and run autoconf again. _LT_EOF - fi + fi - exit $EXIT_MISMATCH - fi + exit $EXIT_MISMATCH + fi } -# Shorthand for --mode=foo, only valid as the first argument -case $1 in -clean|clea|cle|cl) - shift; set dummy --mode clean ${1+"$@"}; shift - ;; -compile|compil|compi|comp|com|co|c) - shift; set dummy --mode compile ${1+"$@"}; shift - ;; -execute|execut|execu|exec|exe|ex|e) - shift; set dummy --mode execute ${1+"$@"}; shift - ;; -finish|finis|fini|fin|fi|f) - shift; set dummy --mode finish ${1+"$@"}; shift - ;; -install|instal|insta|inst|ins|in|i) - shift; set dummy --mode install ${1+"$@"}; shift - ;; -link|lin|li|l) - shift; set dummy --mode link ${1+"$@"}; shift - ;; -uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) - shift; set dummy --mode uninstall ${1+"$@"}; shift - ;; -esac +# libtool_options_prep [ARG]... +# ----------------------------- +# Preparation for options parsed by libtool. +libtool_options_prep () +{ + $debug_mode + # Option defaults: + opt_config=false + opt_dlopen= + opt_dry_run=false + opt_help=false + opt_mode= + opt_preserve_dup_deps=false + opt_quiet=false + nonopt= + preserve_args= -# Option defaults: -opt_debug=: -opt_dry_run=false -opt_config=false -opt_preserve_dup_deps=false -opt_features=false -opt_finish=false -opt_help=false -opt_help_all=false -opt_silent=: -opt_warning=: -opt_verbose=: -opt_silent=false -opt_verbose=false + # Shorthand for --mode=foo, only valid as the first argument + case $1 in + clean|clea|cle|cl) + shift; set dummy --mode clean ${1+"$@"}; shift + ;; + compile|compil|compi|comp|com|co|c) + shift; set dummy --mode compile ${1+"$@"}; shift + ;; + execute|execut|execu|exec|exe|ex|e) + shift; set dummy --mode execute ${1+"$@"}; shift + ;; + finish|finis|fini|fin|fi|f) + shift; set dummy --mode finish ${1+"$@"}; shift + ;; + install|instal|insta|inst|ins|in|i) + shift; set dummy --mode install ${1+"$@"}; shift + ;; + link|lin|li|l) + shift; set dummy --mode link ${1+"$@"}; shift + ;; + uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) + shift; set dummy --mode uninstall ${1+"$@"}; shift + ;; + esac + + # Pass back the list of options. + func_quote_for_eval ${1+"$@"} + libtool_options_prep_result=$func_quote_for_eval_result +} +func_add_hook func_options_prep libtool_options_prep -# Parse options once, thoroughly. This comes as soon as possible in the -# script to make things like `--version' happen as quickly as we can. +# libtool_parse_options [ARG]... +# --------------------------------- +# Provide handling for libtool specific options. +libtool_parse_options () { - # this just eases exit handling - while test $# -gt 0; do - opt="$1" - shift - case $opt in - --debug|-x) opt_debug='set -x' - func_echo "enabling shell trace mode" - $opt_debug - ;; - --dry-run|--dryrun|-n) - opt_dry_run=: - ;; - --config) - opt_config=: -func_config - ;; - --dlopen|-dlopen) - optarg="$1" - opt_dlopen="${opt_dlopen+$opt_dlopen -}$optarg" - shift - ;; - --preserve-dup-deps) - opt_preserve_dup_deps=: - ;; - --features) - opt_features=: -func_features - ;; - --finish) - opt_finish=: -set dummy --mode finish ${1+"$@"}; shift - ;; - --help) - opt_help=: - ;; - --help-all) - opt_help_all=: -opt_help=': help-all' - ;; - --mode) - test $# = 0 && func_missing_arg $opt && break - optarg="$1" - opt_mode="$optarg" -case $optarg in - # Valid mode arguments: - clean|compile|execute|finish|install|link|relink|uninstall) ;; - - # Catch anything else as an error - *) func_error "invalid argument for $opt" - exit_cmd=exit - break - ;; -esac - shift - ;; - --no-silent|--no-quiet) - opt_silent=false -func_append preserve_args " $opt" - ;; - --no-warning|--no-warn) - opt_warning=false -func_append preserve_args " $opt" - ;; - --no-verbose) - opt_verbose=false -func_append preserve_args " $opt" - ;; - --silent|--quiet) - opt_silent=: -func_append preserve_args " $opt" - opt_verbose=false - ;; - --verbose|-v) - opt_verbose=: -func_append preserve_args " $opt" -opt_silent=false - ;; - --tag) - test $# = 0 && func_missing_arg $opt && break - optarg="$1" - opt_tag="$optarg" -func_append preserve_args " $opt $optarg" -func_enable_tag "$optarg" - shift - ;; - - -\?|-h) func_usage ;; - --help) func_help ;; - --version) func_version ;; - - # Separate optargs to long options: - --*=*) - func_split_long_opt "$opt" - set dummy "$func_split_long_opt_name" "$func_split_long_opt_arg" ${1+"$@"} - shift - ;; - - # Separate non-argument short options: - -\?*|-h*|-n*|-v*) - func_split_short_opt "$opt" - set dummy "$func_split_short_opt_name" "-$func_split_short_opt_arg" ${1+"$@"} - shift - ;; - - --) break ;; - -*) func_fatal_help "unrecognized option \`$opt'" ;; - *) set dummy "$opt" ${1+"$@"}; shift; break ;; - esac - done + $debug_cmd - # Validate options: + # Perform our own loop to consume as many options as possible in + # each iteration. + while test $# -gt 0; do + _G_opt=$1 + shift + case $_G_opt in + --dry-run|--dryrun|-n) + opt_dry_run=: + ;; + + --config) func_config ;; + + --dlopen|-dlopen) + opt_dlopen="${opt_dlopen+$opt_dlopen +}$1" + shift + ;; + + --preserve-dup-deps) + opt_preserve_dup_deps=: ;; + + --features) func_features ;; + + --finish) set dummy --mode finish ${1+"$@"}; shift ;; + + --help) opt_help=: ;; + + --help-all) opt_help=': help-all' ;; + + --mode) test $# = 0 && func_missing_arg $_G_opt && break + opt_mode=$1 + case $1 in + # Valid mode arguments: + clean|compile|execute|finish|install|link|relink|uninstall) ;; + + # Catch anything else as an error + *) func_error "invalid argument for $_G_opt" + exit_cmd=exit + break + ;; + esac + shift + ;; + + --no-silent|--no-quiet) + opt_quiet=false + func_append preserve_args " $_G_opt" + ;; + + --no-warnings|--no-warning|--no-warn) + opt_warning=false + func_append preserve_args " $_G_opt" + ;; + + --no-verbose) + opt_verbose=false + func_append preserve_args " $_G_opt" + ;; + + --silent|--quiet) + opt_quiet=: + opt_verbose=false + func_append preserve_args " $_G_opt" + ;; + + --tag) test $# = 0 && func_missing_arg $_G_opt && break + opt_tag=$1 + func_append preserve_args " $_G_opt $1" + func_enable_tag "$1" + shift + ;; + + --verbose|-v) opt_quiet=false + opt_verbose=: + func_append preserve_args " $_G_opt" + ;; + + # An option not handled by this hook function: + *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; + esac + done - # save first non-option argument - if test "$#" -gt 0; then - nonopt="$opt" - shift - fi - # preserve --debug - test "$opt_debug" = : || func_append preserve_args " --debug" + # save modified positional parameters for caller + func_quote_for_eval ${1+"$@"} + libtool_parse_options_result=$func_quote_for_eval_result +} +func_add_hook func_parse_options libtool_parse_options - case $host in - *cygwin* | *mingw* | *pw32* | *cegcc*) - # don't eliminate duplications in $postdeps and $predeps - opt_duplicate_compiler_generated_deps=: - ;; - *) - opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps - ;; - esac - $opt_help || { - # Sanity checks first: - func_check_version_match - if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then - func_fatal_configuration "not configured to build any kind of library" +# libtool_validate_options [ARG]... +# --------------------------------- +# Perform any sanity checks on option settings and/or unconsumed +# arguments. +libtool_validate_options () +{ + # save first non-option argument + if test 0 -lt $#; then + nonopt=$1 + shift fi - # Darwin sucks - eval std_shrext=\"$shrext_cmds\" + # preserve --debug + test : = "$debug_cmd" || func_append preserve_args " --debug" - # Only execute mode is allowed to have -dlopen flags. - if test -n "$opt_dlopen" && test "$opt_mode" != execute; then - func_error "unrecognized option \`-dlopen'" - $ECHO "$help" 1>&2 - exit $EXIT_FAILURE - fi + case $host in + # Solaris2 added to fix http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452 + # see also: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788 + *cygwin* | *mingw* | *pw32* | *cegcc* | *solaris2* | *os2*) + # don't eliminate duplications in $postdeps and $predeps + opt_duplicate_compiler_generated_deps=: + ;; + *) + opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps + ;; + esac - # Change the help message to a mode-specific one. - generic_help="$help" - help="Try \`$progname --help --mode=$opt_mode' for more information." - } + $opt_help || { + # Sanity checks first: + func_check_version_match + + test yes != "$build_libtool_libs" \ + && test yes != "$build_old_libs" \ + && func_fatal_configuration "not configured to build any kind of library" + + # Darwin sucks + eval std_shrext=\"$shrext_cmds\" + + # Only execute mode is allowed to have -dlopen flags. + if test -n "$opt_dlopen" && test execute != "$opt_mode"; then + func_error "unrecognized option '-dlopen'" + $ECHO "$help" 1>&2 + exit $EXIT_FAILURE + fi + # Change the help message to a mode-specific one. + generic_help=$help + help="Try '$progname --help --mode=$opt_mode' for more information." + } - # Bail if the options were screwed - $exit_cmd $EXIT_FAILURE + # Pass back the unparsed argument list + func_quote_for_eval ${1+"$@"} + libtool_validate_options_result=$func_quote_for_eval_result } +func_add_hook func_validate_options libtool_validate_options +# Process options as early as possible so that --help and --version +# can return quickly. +func_options ${1+"$@"} +eval set dummy "$func_options_result"; shift + ## ----------- ## ## Main. ## ## ----------- ## +magic='%%%MAGIC variable%%%' +magic_exe='%%%MAGIC EXE variable%%%' + +# Global variables. +extracted_archives= +extracted_serial=0 + +# If this variable is set in any of the actions, the command in it +# will be execed at the end. This prevents here-documents from being +# left over by shells. +exec_cmd= + + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +$1 +_LTECHO_EOF' +} + +# func_generated_by_libtool +# True iff stdin has been generated by Libtool. This function is only +# a basic sanity check; it will hardly flush out determined imposters. +func_generated_by_libtool_p () +{ + $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 +} + # func_lalib_p file -# True iff FILE is a libtool `.la' library or `.lo' object file. +# True iff FILE is a libtool '.la' library or '.lo' object file. # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_lalib_p () { test -f "$1" && - $SED -e 4q "$1" 2>/dev/null \ - | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 + $SED -e 4q "$1" 2>/dev/null | func_generated_by_libtool_p } # func_lalib_unsafe_p file -# True iff FILE is a libtool `.la' library or `.lo' object file. +# True iff FILE is a libtool '.la' library or '.lo' object file. # This function implements the same check as func_lalib_p without # resorting to external programs. To this end, it redirects stdin and # closes it afterwards, without saving the original file descriptor. # As a safety measure, use it only where a negative result would be -# fatal anyway. Works if `file' does not exist. +# fatal anyway. Works if 'file' does not exist. func_lalib_unsafe_p () { lalib_p=no @@ -1249,13 +2521,13 @@ func_lalib_unsafe_p () for lalib_p_l in 1 2 3 4 do read lalib_p_line - case "$lalib_p_line" in + case $lalib_p_line in \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;; esac done exec 0<&5 5<&- fi - test "$lalib_p" = yes + test yes = "$lalib_p" } # func_ltwrapper_script_p file @@ -1264,7 +2536,8 @@ func_lalib_unsafe_p () # determined imposters. func_ltwrapper_script_p () { - func_lalib_p "$1" + test -f "$1" && + $lt_truncate_bin < "$1" 2>/dev/null | func_generated_by_libtool_p } # func_ltwrapper_executable_p file @@ -1289,7 +2562,7 @@ func_ltwrapper_scriptname () { func_dirname_and_basename "$1" "" "." func_stripname '' '.exe' "$func_basename_result" - func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper" + func_ltwrapper_scriptname_result=$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper } # func_ltwrapper_p file @@ -1308,11 +2581,13 @@ func_ltwrapper_p () # FAIL_CMD may read-access the current command in variable CMD! func_execute_cmds () { - $opt_debug + $debug_cmd + save_ifs=$IFS; IFS='~' for cmd in $1; do - IFS=$save_ifs + IFS=$sp$nl eval cmd=\"$cmd\" + IFS=$save_ifs func_show_eval "$cmd" "${2-:}" done IFS=$save_ifs @@ -1324,10 +2599,11 @@ func_execute_cmds () # Note that it is not necessary on cygwin/mingw to append a dot to # FILE even if both FILE and FILE.exe exist: automatic-append-.exe # behavior happens only for exec(3), not for open(2)! Also, sourcing -# `FILE.' does not work on cygwin managed mounts. +# 'FILE.' does not work on cygwin managed mounts. func_source () { - $opt_debug + $debug_cmd + case $1 in */* | *\\*) . "$1" ;; *) . "./$1" ;; @@ -1354,10 +2630,10 @@ func_resolve_sysroot () # store the result into func_replace_sysroot_result. func_replace_sysroot () { - case "$lt_sysroot:$1" in + case $lt_sysroot:$1 in ?*:"$lt_sysroot"*) func_stripname "$lt_sysroot" '' "$1" - func_replace_sysroot_result="=$func_stripname_result" + func_replace_sysroot_result='='$func_stripname_result ;; *) # Including no sysroot. @@ -1374,7 +2650,8 @@ func_replace_sysroot () # arg is usually of the form 'gcc ...' func_infer_tag () { - $opt_debug + $debug_cmd + if test -n "$available_tags" && test -z "$tagname"; then CC_quoted= for arg in $CC; do @@ -1393,7 +2670,7 @@ func_infer_tag () for z in $available_tags; do if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then # Evaluate the configuration. - eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" + eval "`$SED -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" CC_quoted= for arg in $CC; do # Double-quote args containing other shell metacharacters. @@ -1418,7 +2695,7 @@ func_infer_tag () # line option must be used. if test -z "$tagname"; then func_echo "unable to infer tagged configuration" - func_fatal_error "specify a tag with \`--tag'" + func_fatal_error "specify a tag with '--tag'" # else # func_verbose "using $tagname tagged configuration" fi @@ -1434,15 +2711,15 @@ func_infer_tag () # but don't create it if we're doing a dry run. func_write_libtool_object () { - write_libobj=${1} - if test "$build_libtool_libs" = yes; then - write_lobj=\'${2}\' + write_libobj=$1 + if test yes = "$build_libtool_libs"; then + write_lobj=\'$2\' else write_lobj=none fi - if test "$build_old_libs" = yes; then - write_oldobj=\'${3}\' + if test yes = "$build_old_libs"; then + write_oldobj=\'$3\' else write_oldobj=none fi @@ -1450,7 +2727,7 @@ func_write_libtool_object () $opt_dry_run || { cat >${write_libobj}T </dev/null` - if test "$?" -eq 0 && test -n "${func_convert_core_file_wine_to_w32_tmp}"; then + if test "$?" -eq 0 && test -n "$func_convert_core_file_wine_to_w32_tmp"; then func_convert_core_file_wine_to_w32_result=`$ECHO "$func_convert_core_file_wine_to_w32_tmp" | - $SED -e "$lt_sed_naive_backslashify"` + $SED -e "$sed_naive_backslashify"` else func_convert_core_file_wine_to_w32_result= fi @@ -1514,18 +2792,19 @@ func_convert_core_file_wine_to_w32 () # are convertible, then the result may be empty. func_convert_core_path_wine_to_w32 () { - $opt_debug + $debug_cmd + # unfortunately, winepath doesn't convert paths, only file names - func_convert_core_path_wine_to_w32_result="" + func_convert_core_path_wine_to_w32_result= if test -n "$1"; then oldIFS=$IFS IFS=: for func_convert_core_path_wine_to_w32_f in $1; do IFS=$oldIFS func_convert_core_file_wine_to_w32 "$func_convert_core_path_wine_to_w32_f" - if test -n "$func_convert_core_file_wine_to_w32_result" ; then + if test -n "$func_convert_core_file_wine_to_w32_result"; then if test -z "$func_convert_core_path_wine_to_w32_result"; then - func_convert_core_path_wine_to_w32_result="$func_convert_core_file_wine_to_w32_result" + func_convert_core_path_wine_to_w32_result=$func_convert_core_file_wine_to_w32_result else func_append func_convert_core_path_wine_to_w32_result ";$func_convert_core_file_wine_to_w32_result" fi @@ -1554,7 +2833,8 @@ func_convert_core_path_wine_to_w32 () # environment variable; do not put it in $PATH. func_cygpath () { - $opt_debug + $debug_cmd + if test -n "$LT_CYGPATH" && test -f "$LT_CYGPATH"; then func_cygpath_result=`$LT_CYGPATH "$@" 2>/dev/null` if test "$?" -ne 0; then @@ -1563,7 +2843,7 @@ func_cygpath () fi else func_cygpath_result= - func_error "LT_CYGPATH is empty or specifies non-existent file: \`$LT_CYGPATH'" + func_error "LT_CYGPATH is empty or specifies non-existent file: '$LT_CYGPATH'" fi } #end: func_cygpath @@ -1574,10 +2854,11 @@ func_cygpath () # result in func_convert_core_msys_to_w32_result. func_convert_core_msys_to_w32 () { - $opt_debug + $debug_cmd + # awkward: cmd appends spaces to result func_convert_core_msys_to_w32_result=`( cmd //c echo "$1" ) 2>/dev/null | - $SED -e 's/[ ]*$//' -e "$lt_sed_naive_backslashify"` + $SED -e 's/[ ]*$//' -e "$sed_naive_backslashify"` } #end: func_convert_core_msys_to_w32 @@ -1588,13 +2869,14 @@ func_convert_core_msys_to_w32 () # func_to_host_file_result to ARG1). func_convert_file_check () { - $opt_debug - if test -z "$2" && test -n "$1" ; then + $debug_cmd + + if test -z "$2" && test -n "$1"; then func_error "Could not determine host file name corresponding to" - func_error " \`$1'" + func_error " '$1'" func_error "Continuing, but uninstalled executables may not work." # Fallback: - func_to_host_file_result="$1" + func_to_host_file_result=$1 fi } # end func_convert_file_check @@ -1606,10 +2888,11 @@ func_convert_file_check () # func_to_host_file_result to a simplistic fallback value (see below). func_convert_path_check () { - $opt_debug + $debug_cmd + if test -z "$4" && test -n "$3"; then func_error "Could not determine the host path corresponding to" - func_error " \`$3'" + func_error " '$3'" func_error "Continuing, but uninstalled executables may not work." # Fallback. This is a deliberately simplistic "conversion" and # should not be "improved". See libtool.info. @@ -1618,7 +2901,7 @@ func_convert_path_check () func_to_host_path_result=`echo "$3" | $SED -e "$lt_replace_pathsep_chars"` else - func_to_host_path_result="$3" + func_to_host_path_result=$3 fi fi } @@ -1630,9 +2913,10 @@ func_convert_path_check () # and appending REPL if ORIG matches BACKPAT. func_convert_path_front_back_pathsep () { - $opt_debug + $debug_cmd + case $4 in - $1 ) func_to_host_path_result="$3$func_to_host_path_result" + $1 ) func_to_host_path_result=$3$func_to_host_path_result ;; esac case $4 in @@ -1646,7 +2930,7 @@ func_convert_path_front_back_pathsep () ################################################## # $build to $host FILE NAME CONVERSION FUNCTIONS # ################################################## -# invoked via `$to_host_file_cmd ARG' +# invoked via '$to_host_file_cmd ARG' # # In each case, ARG is the path to be converted from $build to $host format. # Result will be available in $func_to_host_file_result. @@ -1657,7 +2941,8 @@ func_convert_path_front_back_pathsep () # in func_to_host_file_result. func_to_host_file () { - $opt_debug + $debug_cmd + $to_host_file_cmd "$1" } # end func_to_host_file @@ -1669,7 +2954,8 @@ func_to_host_file () # in (the comma separated) LAZY, no conversion takes place. func_to_tool_file () { - $opt_debug + $debug_cmd + case ,$2, in *,"$to_tool_file_cmd",*) func_to_tool_file_result=$1 @@ -1687,7 +2973,7 @@ func_to_tool_file () # Copy ARG to func_to_host_file_result. func_convert_file_noop () { - func_to_host_file_result="$1" + func_to_host_file_result=$1 } # end func_convert_file_noop @@ -1698,11 +2984,12 @@ func_convert_file_noop () # func_to_host_file_result. func_convert_file_msys_to_w32 () { - $opt_debug - func_to_host_file_result="$1" + $debug_cmd + + func_to_host_file_result=$1 if test -n "$1"; then func_convert_core_msys_to_w32 "$1" - func_to_host_file_result="$func_convert_core_msys_to_w32_result" + func_to_host_file_result=$func_convert_core_msys_to_w32_result fi func_convert_file_check "$1" "$func_to_host_file_result" } @@ -1714,8 +3001,9 @@ func_convert_file_msys_to_w32 () # func_to_host_file_result. func_convert_file_cygwin_to_w32 () { - $opt_debug - func_to_host_file_result="$1" + $debug_cmd + + func_to_host_file_result=$1 if test -n "$1"; then # because $build is cygwin, we call "the" cygpath in $PATH; no need to use # LT_CYGPATH in this case. @@ -1731,11 +3019,12 @@ func_convert_file_cygwin_to_w32 () # and a working winepath. Returns result in func_to_host_file_result. func_convert_file_nix_to_w32 () { - $opt_debug - func_to_host_file_result="$1" + $debug_cmd + + func_to_host_file_result=$1 if test -n "$1"; then func_convert_core_file_wine_to_w32 "$1" - func_to_host_file_result="$func_convert_core_file_wine_to_w32_result" + func_to_host_file_result=$func_convert_core_file_wine_to_w32_result fi func_convert_file_check "$1" "$func_to_host_file_result" } @@ -1747,12 +3036,13 @@ func_convert_file_nix_to_w32 () # Returns result in func_to_host_file_result. func_convert_file_msys_to_cygwin () { - $opt_debug - func_to_host_file_result="$1" + $debug_cmd + + func_to_host_file_result=$1 if test -n "$1"; then func_convert_core_msys_to_w32 "$1" func_cygpath -u "$func_convert_core_msys_to_w32_result" - func_to_host_file_result="$func_cygpath_result" + func_to_host_file_result=$func_cygpath_result fi func_convert_file_check "$1" "$func_to_host_file_result" } @@ -1765,13 +3055,14 @@ func_convert_file_msys_to_cygwin () # in func_to_host_file_result. func_convert_file_nix_to_cygwin () { - $opt_debug - func_to_host_file_result="$1" + $debug_cmd + + func_to_host_file_result=$1 if test -n "$1"; then # convert from *nix to w32, then use cygpath to convert from w32 to cygwin. func_convert_core_file_wine_to_w32 "$1" func_cygpath -u "$func_convert_core_file_wine_to_w32_result" - func_to_host_file_result="$func_cygpath_result" + func_to_host_file_result=$func_cygpath_result fi func_convert_file_check "$1" "$func_to_host_file_result" } @@ -1781,7 +3072,7 @@ func_convert_file_nix_to_cygwin () ############################################# # $build to $host PATH CONVERSION FUNCTIONS # ############################################# -# invoked via `$to_host_path_cmd ARG' +# invoked via '$to_host_path_cmd ARG' # # In each case, ARG is the path to be converted from $build to $host format. # The result will be available in $func_to_host_path_result. @@ -1805,10 +3096,11 @@ func_convert_file_nix_to_cygwin () to_host_path_cmd= func_init_to_host_path_cmd () { - $opt_debug + $debug_cmd + if test -z "$to_host_path_cmd"; then func_stripname 'func_convert_file_' '' "$to_host_file_cmd" - to_host_path_cmd="func_convert_path_${func_stripname_result}" + to_host_path_cmd=func_convert_path_$func_stripname_result fi } @@ -1818,7 +3110,8 @@ func_init_to_host_path_cmd () # in func_to_host_path_result. func_to_host_path () { - $opt_debug + $debug_cmd + func_init_to_host_path_cmd $to_host_path_cmd "$1" } @@ -1829,7 +3122,7 @@ func_to_host_path () # Copy ARG to func_to_host_path_result. func_convert_path_noop () { - func_to_host_path_result="$1" + func_to_host_path_result=$1 } # end func_convert_path_noop @@ -1840,8 +3133,9 @@ func_convert_path_noop () # func_to_host_path_result. func_convert_path_msys_to_w32 () { - $opt_debug - func_to_host_path_result="$1" + $debug_cmd + + func_to_host_path_result=$1 if test -n "$1"; then # Remove leading and trailing path separator characters from ARG. MSYS # behavior is inconsistent here; cygpath turns them into '.;' and ';.'; @@ -1849,7 +3143,7 @@ func_convert_path_msys_to_w32 () func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" - func_to_host_path_result="$func_convert_core_msys_to_w32_result" + func_to_host_path_result=$func_convert_core_msys_to_w32_result func_convert_path_check : ";" \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" @@ -1863,8 +3157,9 @@ func_convert_path_msys_to_w32 () # func_to_host_file_result. func_convert_path_cygwin_to_w32 () { - $opt_debug - func_to_host_path_result="$1" + $debug_cmd + + func_to_host_path_result=$1 if test -n "$1"; then # See func_convert_path_msys_to_w32: func_stripname : : "$1" @@ -1883,14 +3178,15 @@ func_convert_path_cygwin_to_w32 () # a working winepath. Returns result in func_to_host_file_result. func_convert_path_nix_to_w32 () { - $opt_debug - func_to_host_path_result="$1" + $debug_cmd + + func_to_host_path_result=$1 if test -n "$1"; then # See func_convert_path_msys_to_w32: func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" - func_to_host_path_result="$func_convert_core_path_wine_to_w32_result" + func_to_host_path_result=$func_convert_core_path_wine_to_w32_result func_convert_path_check : ";" \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" @@ -1904,15 +3200,16 @@ func_convert_path_nix_to_w32 () # Returns result in func_to_host_file_result. func_convert_path_msys_to_cygwin () { - $opt_debug - func_to_host_path_result="$1" + $debug_cmd + + func_to_host_path_result=$1 if test -n "$1"; then # See func_convert_path_msys_to_w32: func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" func_cygpath -u -p "$func_convert_core_msys_to_w32_result" - func_to_host_path_result="$func_cygpath_result" + func_to_host_path_result=$func_cygpath_result func_convert_path_check : : \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" : "$1" @@ -1927,8 +3224,9 @@ func_convert_path_msys_to_cygwin () # func_to_host_file_result. func_convert_path_nix_to_cygwin () { - $opt_debug - func_to_host_path_result="$1" + $debug_cmd + + func_to_host_path_result=$1 if test -n "$1"; then # Remove leading and trailing path separator characters from # ARG. msys behavior is inconsistent here, cygpath turns them @@ -1937,7 +3235,7 @@ func_convert_path_nix_to_cygwin () func_to_host_path_tmp1=$func_stripname_result func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" func_cygpath -u -p "$func_convert_core_path_wine_to_w32_result" - func_to_host_path_result="$func_cygpath_result" + func_to_host_path_result=$func_cygpath_result func_convert_path_check : : \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" : "$1" @@ -1946,13 +3244,31 @@ func_convert_path_nix_to_cygwin () # end func_convert_path_nix_to_cygwin +# func_dll_def_p FILE +# True iff FILE is a Windows DLL '.def' file. +# Keep in sync with _LT_DLL_DEF_P in libtool.m4 +func_dll_def_p () +{ + $debug_cmd + + func_dll_def_p_tmp=`$SED -n \ + -e 's/^[ ]*//' \ + -e '/^\(;.*\)*$/d' \ + -e 's/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p' \ + -e q \ + "$1"` + test DEF = "$func_dll_def_p_tmp" +} + + # func_mode_compile arg... func_mode_compile () { - $opt_debug + $debug_cmd + # Get the compilation command and the source file. base_compile= - srcfile="$nonopt" # always keep a non-empty value in "srcfile" + srcfile=$nonopt # always keep a non-empty value in "srcfile" suppress_opt=yes suppress_output= arg_mode=normal @@ -1965,12 +3281,12 @@ func_mode_compile () case $arg_mode in arg ) # do not "continue". Instead, add this to base_compile - lastarg="$arg" + lastarg=$arg arg_mode=normal ;; target ) - libobj="$arg" + libobj=$arg arg_mode=normal continue ;; @@ -1980,7 +3296,7 @@ func_mode_compile () case $arg in -o) test -n "$libobj" && \ - func_fatal_error "you cannot specify \`-o' more than once" + func_fatal_error "you cannot specify '-o' more than once" arg_mode=target continue ;; @@ -2009,12 +3325,12 @@ func_mode_compile () func_stripname '-Wc,' '' "$arg" args=$func_stripname_result lastarg= - save_ifs="$IFS"; IFS=',' + save_ifs=$IFS; IFS=, for arg in $args; do - IFS="$save_ifs" + IFS=$save_ifs func_append_quoted lastarg "$arg" done - IFS="$save_ifs" + IFS=$save_ifs func_stripname ' ' '' "$lastarg" lastarg=$func_stripname_result @@ -2027,8 +3343,8 @@ func_mode_compile () # Accept the current argument as the source file. # The previous "srcfile" becomes the current argument. # - lastarg="$srcfile" - srcfile="$arg" + lastarg=$srcfile + srcfile=$arg ;; esac # case $arg ;; @@ -2043,13 +3359,13 @@ func_mode_compile () func_fatal_error "you must specify an argument for -Xcompile" ;; target) - func_fatal_error "you must specify a target with \`-o'" + func_fatal_error "you must specify a target with '-o'" ;; *) # Get the name of the library object. test -z "$libobj" && { func_basename "$srcfile" - libobj="$func_basename_result" + libobj=$func_basename_result } ;; esac @@ -2069,7 +3385,7 @@ func_mode_compile () case $libobj in *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;; *) - func_fatal_error "cannot determine name of library object from \`$libobj'" + func_fatal_error "cannot determine name of library object from '$libobj'" ;; esac @@ -2078,8 +3394,8 @@ func_mode_compile () for arg in $later; do case $arg in -shared) - test "$build_libtool_libs" != yes && \ - func_fatal_configuration "can not build a shared library" + test yes = "$build_libtool_libs" \ + || func_fatal_configuration "cannot build a shared library" build_old_libs=no continue ;; @@ -2105,17 +3421,17 @@ func_mode_compile () func_quote_for_eval "$libobj" test "X$libobj" != "X$func_quote_for_eval_result" \ && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \ - && func_warning "libobj name \`$libobj' may not contain shell special characters." + && func_warning "libobj name '$libobj' may not contain shell special characters." func_dirname_and_basename "$obj" "/" "" - objname="$func_basename_result" - xdir="$func_dirname_result" - lobj=${xdir}$objdir/$objname + objname=$func_basename_result + xdir=$func_dirname_result + lobj=$xdir$objdir/$objname test -z "$base_compile" && \ func_fatal_help "you must specify a compilation command" # Delete any leftover library objects. - if test "$build_old_libs" = yes; then + if test yes = "$build_old_libs"; then removelist="$obj $lobj $libobj ${libobj}T" else removelist="$lobj $libobj ${libobj}T" @@ -2127,16 +3443,16 @@ func_mode_compile () pic_mode=default ;; esac - if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then + if test no = "$pic_mode" && test pass_all != "$deplibs_check_method"; then # non-PIC code in shared libraries is not supported pic_mode=default fi # Calculate the filename of the output object if compiler does # not support -o with -c - if test "$compiler_c_o" = no; then - output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.${objext} - lockfile="$output_obj.lock" + if test no = "$compiler_c_o"; then + output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.$objext + lockfile=$output_obj.lock else output_obj= need_locks=no @@ -2145,12 +3461,12 @@ func_mode_compile () # Lock this critical section if it is needed # We use this script file to make the link, it avoids creating a new file - if test "$need_locks" = yes; then + if test yes = "$need_locks"; then until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do func_echo "Waiting for $lockfile to be removed" sleep 2 done - elif test "$need_locks" = warn; then + elif test warn = "$need_locks"; then if test -f "$lockfile"; then $ECHO "\ *** ERROR, $lockfile exists and contains: @@ -2158,7 +3474,7 @@ func_mode_compile () This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because -your compiler does not support \`-c' and \`-o' together. If you +your compiler does not support '-c' and '-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." @@ -2180,11 +3496,11 @@ compiler." qsrcfile=$func_quote_for_eval_result # Only build a PIC object if we are building libtool libraries. - if test "$build_libtool_libs" = yes; then + if test yes = "$build_libtool_libs"; then # Without this assignment, base_compile gets emptied. fbsd_hideous_sh_bug=$base_compile - if test "$pic_mode" != no; then + if test no != "$pic_mode"; then command="$base_compile $qsrcfile $pic_flag" else # Don't build PIC code @@ -2201,7 +3517,7 @@ compiler." func_show_eval_locale "$command" \ 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE' - if test "$need_locks" = warn && + if test warn = "$need_locks" && test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then $ECHO "\ *** ERROR, $lockfile contains: @@ -2212,7 +3528,7 @@ $srcfile This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because -your compiler does not support \`-c' and \`-o' together. If you +your compiler does not support '-c' and '-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." @@ -2228,20 +3544,20 @@ compiler." fi # Allow error messages only from the first compilation. - if test "$suppress_opt" = yes; then + if test yes = "$suppress_opt"; then suppress_output=' >/dev/null 2>&1' fi fi # Only build a position-dependent object if we build old libraries. - if test "$build_old_libs" = yes; then - if test "$pic_mode" != yes; then + if test yes = "$build_old_libs"; then + if test yes != "$pic_mode"; then # Don't build PIC code command="$base_compile $qsrcfile$pie_flag" else command="$base_compile $qsrcfile $pic_flag" fi - if test "$compiler_c_o" = yes; then + if test yes = "$compiler_c_o"; then func_append command " -o $obj" fi @@ -2250,7 +3566,7 @@ compiler." func_show_eval_locale "$command" \ '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' - if test "$need_locks" = warn && + if test warn = "$need_locks" && test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then $ECHO "\ *** ERROR, $lockfile contains: @@ -2261,7 +3577,7 @@ $srcfile This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because -your compiler does not support \`-c' and \`-o' together. If you +your compiler does not support '-c' and '-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." @@ -2281,7 +3597,7 @@ compiler." func_write_libtool_object "$libobj" "$objdir/$objname" "$objname" # Unlock the critical section if it was locked - if test "$need_locks" != no; then + if test no != "$need_locks"; then removelist=$lockfile $RM "$lockfile" fi @@ -2291,7 +3607,7 @@ compiler." } $opt_help || { - test "$opt_mode" = compile && func_mode_compile ${1+"$@"} + test compile = "$opt_mode" && func_mode_compile ${1+"$@"} } func_mode_help () @@ -2311,7 +3627,7 @@ func_mode_help () Remove files from the build directory. RM is the name of the program to use to delete files associated with each FILE -(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed +(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed to RM. If FILE is a libtool library, object or program, all the files associated @@ -2330,16 +3646,16 @@ This mode accepts the following additional options: -no-suppress do not suppress compiler output for multiple passes -prefer-pic try to build PIC objects only -prefer-non-pic try to build non-PIC objects only - -shared do not build a \`.o' file suitable for static linking - -static only build a \`.o' file suitable for static linking + -shared do not build a '.o' file suitable for static linking + -static only build a '.o' file suitable for static linking -Wc,FLAG pass FLAG directly to the compiler -COMPILE-COMMAND is a command to be used in creating a \`standard' object file +COMPILE-COMMAND is a command to be used in creating a 'standard' object file from the given SOURCEFILE. The output file name is determined by removing the directory component from -SOURCEFILE, then substituting the C source code suffix \`.c' with the -library object suffix, \`.lo'." +SOURCEFILE, then substituting the C source code suffix '.c' with the +library object suffix, '.lo'." ;; execute) @@ -2352,7 +3668,7 @@ This mode accepts the following additional options: -dlopen FILE add the directory containing FILE to the library path -This mode sets the library path environment variable according to \`-dlopen' +This mode sets the library path environment variable according to '-dlopen' flags. If any of the ARGS are libtool executable wrappers, then they are translated @@ -2371,7 +3687,7 @@ Complete the installation of libtool libraries. Each LIBDIR is a directory that contains libtool libraries. The commands that this mode executes may require superuser privileges. Use -the \`--dry-run' option if you just want to see what would be executed." +the '--dry-run' option if you just want to see what would be executed." ;; install) @@ -2381,7 +3697,7 @@ the \`--dry-run' option if you just want to see what would be executed." Install executables or libraries. INSTALL-COMMAND is the installation command. The first component should be -either the \`install' or \`cp' program. +either the 'install' or 'cp' program. The following components of INSTALL-COMMAND are treated specially: @@ -2407,7 +3723,7 @@ The following components of LINK-COMMAND are treated specially: -avoid-version do not add a version suffix if possible -bindir BINDIR specify path to binaries directory (for systems where libraries must be found in the PATH setting at runtime) - -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime + -dlopen FILE '-dlpreopen' FILE if it cannot be dlopened at runtime -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) -export-symbols SYMFILE @@ -2421,7 +3737,8 @@ The following components of LINK-COMMAND are treated specially: -no-install link a not-installable executable -no-undefined declare that a library does not refer to external symbols -o OUTPUT-FILE create OUTPUT-FILE from the specified objects - -objectlist FILE Use a list of object files found in FILE to specify objects + -objectlist FILE use a list of object files found in FILE to specify objects + -os2dllname NAME force a short DLL name on OS/2 (no effect on other OSes) -precious-files-regex REGEX don't remove output files matching REGEX -release RELEASE specify package release information @@ -2441,20 +3758,20 @@ The following components of LINK-COMMAND are treated specially: -Xlinker FLAG pass linker-specific FLAG directly to the linker -XCClinker FLAG pass link-specific FLAG to the compiler driver (CC) -All other options (arguments beginning with \`-') are ignored. +All other options (arguments beginning with '-') are ignored. -Every other argument is treated as a filename. Files ending in \`.la' are +Every other argument is treated as a filename. Files ending in '.la' are treated as uninstalled libtool libraries, other files are standard or library object files. -If the OUTPUT-FILE ends in \`.la', then a libtool library is created, -only library objects (\`.lo' files) may be specified, and \`-rpath' is +If the OUTPUT-FILE ends in '.la', then a libtool library is created, +only library objects ('.lo' files) may be specified, and '-rpath' is required, except when creating a convenience library. -If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created -using \`ar' and \`ranlib', or on Windows using \`lib'. +If OUTPUT-FILE ends in '.a' or '.lib', then a standard library is created +using 'ar' and 'ranlib', or on Windows using 'lib'. -If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file +If OUTPUT-FILE ends in '.lo' or '.$objext', then a reloadable object file is created, otherwise an executable program is created." ;; @@ -2465,7 +3782,7 @@ is created, otherwise an executable program is created." Remove libraries from an installation directory. RM is the name of the program to use to delete files associated with each FILE -(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed +(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed to RM. If FILE is a libtool library, all the files associated with it are deleted. @@ -2473,17 +3790,17 @@ Otherwise, only FILE itself is deleted using RM." ;; *) - func_fatal_help "invalid operation mode \`$opt_mode'" + func_fatal_help "invalid operation mode '$opt_mode'" ;; esac echo - $ECHO "Try \`$progname --help' for more information about other modes." + $ECHO "Try '$progname --help' for more information about other modes." } # Now that we've collected a possible --mode arg, show help if necessary if $opt_help; then - if test "$opt_help" = :; then + if test : = "$opt_help"; then func_mode_help else { @@ -2491,7 +3808,7 @@ if $opt_help; then for opt_mode in compile link execute install finish uninstall clean; do func_mode_help done - } | sed -n '1p; 2,$s/^Usage:/ or: /p' + } | $SED -n '1p; 2,$s/^Usage:/ or: /p' { func_help noexit for opt_mode in compile link execute install finish uninstall clean; do @@ -2499,7 +3816,7 @@ if $opt_help; then func_mode_help done } | - sed '1d + $SED '1d /^When reporting/,/^Report/{ H d @@ -2516,16 +3833,17 @@ fi # func_mode_execute arg... func_mode_execute () { - $opt_debug + $debug_cmd + # The first argument is the command name. - cmd="$nonopt" + cmd=$nonopt test -z "$cmd" && \ func_fatal_help "you must specify a COMMAND" # Handle -dlopen flags immediately. for file in $opt_dlopen; do test -f "$file" \ - || func_fatal_help "\`$file' is not a file" + || func_fatal_help "'$file' is not a file" dir= case $file in @@ -2535,7 +3853,7 @@ func_mode_execute () # Check to see that this really is a libtool archive. func_lalib_unsafe_p "$file" \ - || func_fatal_help "\`$lib' is not a valid libtool archive" + || func_fatal_help "'$lib' is not a valid libtool archive" # Read the libtool library. dlname= @@ -2546,18 +3864,18 @@ func_mode_execute () if test -z "$dlname"; then # Warn if it was a shared library. test -n "$library_names" && \ - func_warning "\`$file' was not linked with \`-export-dynamic'" + func_warning "'$file' was not linked with '-export-dynamic'" continue fi func_dirname "$file" "" "." - dir="$func_dirname_result" + dir=$func_dirname_result if test -f "$dir/$objdir/$dlname"; then func_append dir "/$objdir" else if test ! -f "$dir/$dlname"; then - func_fatal_error "cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" + func_fatal_error "cannot find '$dlname' in '$dir' or '$dir/$objdir'" fi fi ;; @@ -2565,18 +3883,18 @@ func_mode_execute () *.lo) # Just add the directory containing the .lo file. func_dirname "$file" "" "." - dir="$func_dirname_result" + dir=$func_dirname_result ;; *) - func_warning "\`-dlopen' is ignored for non-libtool libraries and objects" + func_warning "'-dlopen' is ignored for non-libtool libraries and objects" continue ;; esac # Get the absolute pathname. absdir=`cd "$dir" && pwd` - test -n "$absdir" && dir="$absdir" + test -n "$absdir" && dir=$absdir # Now add the directory to shlibpath_var. if eval "test -z \"\$$shlibpath_var\""; then @@ -2588,7 +3906,7 @@ func_mode_execute () # This variable tells wrapper scripts just to set shlibpath_var # rather than running their programs. - libtool_execute_magic="$magic" + libtool_execute_magic=$magic # Check if any of the arguments is a wrapper script. args= @@ -2601,12 +3919,12 @@ func_mode_execute () if func_ltwrapper_script_p "$file"; then func_source "$file" # Transform arg to wrapped name. - file="$progdir/$program" + file=$progdir/$program elif func_ltwrapper_executable_p "$file"; then func_ltwrapper_scriptname "$file" func_source "$func_ltwrapper_scriptname_result" # Transform arg to wrapped name. - file="$progdir/$program" + file=$progdir/$program fi ;; esac @@ -2614,7 +3932,15 @@ func_mode_execute () func_append_quoted args "$file" done - if test "X$opt_dry_run" = Xfalse; then + if $opt_dry_run; then + # Display what would be done. + if test -n "$shlibpath_var"; then + eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\"" + echo "export $shlibpath_var" + fi + $ECHO "$cmd$args" + exit $EXIT_SUCCESS + else if test -n "$shlibpath_var"; then # Export the shlibpath_var. eval "export $shlibpath_var" @@ -2631,25 +3957,18 @@ func_mode_execute () done # Now prepare to actually exec the command. - exec_cmd="\$cmd$args" - else - # Display what would be done. - if test -n "$shlibpath_var"; then - eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\"" - echo "export $shlibpath_var" - fi - $ECHO "$cmd$args" - exit $EXIT_SUCCESS + exec_cmd=\$cmd$args fi } -test "$opt_mode" = execute && func_mode_execute ${1+"$@"} +test execute = "$opt_mode" && func_mode_execute ${1+"$@"} # func_mode_finish arg... func_mode_finish () { - $opt_debug + $debug_cmd + libs= libdirs= admincmds= @@ -2663,11 +3982,11 @@ func_mode_finish () if func_lalib_unsafe_p "$opt"; then func_append libs " $opt" else - func_warning "\`$opt' is not a valid libtool archive" + func_warning "'$opt' is not a valid libtool archive" fi else - func_fatal_error "invalid argument \`$opt'" + func_fatal_error "invalid argument '$opt'" fi done @@ -2682,12 +4001,12 @@ func_mode_finish () # Remove sysroot references if $opt_dry_run; then for lib in $libs; do - echo "removing references to $lt_sysroot and \`=' prefixes from $lib" + echo "removing references to $lt_sysroot and '=' prefixes from $lib" done else tmpdir=`func_mktempdir` for lib in $libs; do - sed -e "${sysroot_cmd} s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \ + $SED -e "$sysroot_cmd s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \ > $tmpdir/tmp-la mv -f $tmpdir/tmp-la $lib done @@ -2712,7 +4031,7 @@ func_mode_finish () fi # Exit here if they wanted silent mode. - $opt_silent && exit $EXIT_SUCCESS + $opt_quiet && exit $EXIT_SUCCESS if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then echo "----------------------------------------------------------------------" @@ -2723,27 +4042,27 @@ func_mode_finish () echo echo "If you ever happen to want to link against installed libraries" echo "in a given directory, LIBDIR, you must either use libtool, and" - echo "specify the full pathname of the library, or use the \`-LLIBDIR'" + echo "specify the full pathname of the library, or use the '-LLIBDIR'" echo "flag during linking and do at least one of the following:" if test -n "$shlibpath_var"; then - echo " - add LIBDIR to the \`$shlibpath_var' environment variable" + echo " - add LIBDIR to the '$shlibpath_var' environment variable" echo " during execution" fi if test -n "$runpath_var"; then - echo " - add LIBDIR to the \`$runpath_var' environment variable" + echo " - add LIBDIR to the '$runpath_var' environment variable" echo " during linking" fi if test -n "$hardcode_libdir_flag_spec"; then libdir=LIBDIR eval flag=\"$hardcode_libdir_flag_spec\" - $ECHO " - use the \`$flag' linker flag" + $ECHO " - use the '$flag' linker flag" fi if test -n "$admincmds"; then $ECHO " - have your system administrator run these commands:$admincmds" fi if test -f /etc/ld.so.conf; then - echo " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'" + echo " - have your system administrator add LIBDIR to '/etc/ld.so.conf'" fi echo @@ -2762,18 +4081,20 @@ func_mode_finish () exit $EXIT_SUCCESS } -test "$opt_mode" = finish && func_mode_finish ${1+"$@"} +test finish = "$opt_mode" && func_mode_finish ${1+"$@"} # func_mode_install arg... func_mode_install () { - $opt_debug + $debug_cmd + # There may be an optional sh(1) argument at the beginning of # install_prog (especially on Windows NT). - if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh || + if test "$SHELL" = "$nonopt" || test /bin/sh = "$nonopt" || # Allow the use of GNU shtool's install command. - case $nonopt in *shtool*) :;; *) false;; esac; then + case $nonopt in *shtool*) :;; *) false;; esac + then # Aesthetically quote it. func_quote_for_eval "$nonopt" install_prog="$func_quote_for_eval_result " @@ -2800,7 +4121,7 @@ func_mode_install () opts= prev= install_type= - isdir=no + isdir=false stripme= no_mode=: for arg @@ -2813,7 +4134,7 @@ func_mode_install () fi case $arg in - -d) isdir=yes ;; + -d) isdir=: ;; -f) if $install_cp; then :; else prev=$arg @@ -2831,7 +4152,7 @@ func_mode_install () *) # If the previous option needed an argument, then skip it. if test -n "$prev"; then - if test "x$prev" = x-m && test -n "$install_override_mode"; then + if test X-m = "X$prev" && test -n "$install_override_mode"; then arg2=$install_override_mode no_mode=false fi @@ -2856,7 +4177,7 @@ func_mode_install () func_fatal_help "you must specify an install program" test -n "$prev" && \ - func_fatal_help "the \`$prev' option requires an argument" + func_fatal_help "the '$prev' option requires an argument" if test -n "$install_override_mode" && $no_mode; then if $install_cp; then :; else @@ -2878,19 +4199,19 @@ func_mode_install () dest=$func_stripname_result # Check to see that the destination is a directory. - test -d "$dest" && isdir=yes - if test "$isdir" = yes; then - destdir="$dest" + test -d "$dest" && isdir=: + if $isdir; then + destdir=$dest destname= else func_dirname_and_basename "$dest" "" "." - destdir="$func_dirname_result" - destname="$func_basename_result" + destdir=$func_dirname_result + destname=$func_basename_result # Not a directory, so check to see that there is only one file specified. set dummy $files; shift test "$#" -gt 1 && \ - func_fatal_help "\`$dest' is not a directory" + func_fatal_help "'$dest' is not a directory" fi case $destdir in [\\/]* | [A-Za-z]:[\\/]*) ;; @@ -2899,7 +4220,7 @@ func_mode_install () case $file in *.lo) ;; *) - func_fatal_help "\`$destdir' must be an absolute directory name" + func_fatal_help "'$destdir' must be an absolute directory name" ;; esac done @@ -2908,7 +4229,7 @@ func_mode_install () # This variable tells wrapper scripts just to set variables rather # than running their programs. - libtool_install_magic="$magic" + libtool_install_magic=$magic staticlibs= future_libdirs= @@ -2928,7 +4249,7 @@ func_mode_install () # Check to see that this really is a libtool archive. func_lalib_unsafe_p "$file" \ - || func_fatal_help "\`$file' is not a valid libtool archive" + || func_fatal_help "'$file' is not a valid libtool archive" library_names= old_library= @@ -2950,7 +4271,7 @@ func_mode_install () fi func_dirname "$file" "/" "" - dir="$func_dirname_result" + dir=$func_dirname_result func_append dir "$objdir" if test -n "$relink_command"; then @@ -2964,7 +4285,7 @@ func_mode_install () # are installed into $libdir/../bin (currently, that works fine) # but it's something to keep an eye on. test "$inst_prefix_dir" = "$destdir" && \ - func_fatal_error "error: cannot install \`$file' to a directory not ending in $libdir" + func_fatal_error "error: cannot install '$file' to a directory not ending in $libdir" if test -n "$inst_prefix_dir"; then # Stick the inst_prefix_dir data into the link command. @@ -2973,29 +4294,36 @@ func_mode_install () relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"` fi - func_warning "relinking \`$file'" + func_warning "relinking '$file'" func_show_eval "$relink_command" \ - 'func_fatal_error "error: relink \`$file'\'' with the above command before installing it"' + 'func_fatal_error "error: relink '\''$file'\'' with the above command before installing it"' fi # See the names of the shared library. set dummy $library_names; shift if test -n "$1"; then - realname="$1" + realname=$1 shift - srcname="$realname" - test -n "$relink_command" && srcname="$realname"T + srcname=$realname + test -n "$relink_command" && srcname=${realname}T # Install the shared library and build the symlinks. func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \ 'exit $?' - tstripme="$stripme" + tstripme=$stripme case $host_os in cygwin* | mingw* | pw32* | cegcc*) case $realname in *.dll.a) - tstripme="" + tstripme= + ;; + esac + ;; + os2*) + case $realname in + *_dll.a) + tstripme= ;; esac ;; @@ -3006,7 +4334,7 @@ func_mode_install () if test "$#" -gt 0; then # Delete the old symlinks, and create new ones. - # Try `ln -sf' first, because the `ln' binary might depend on + # Try 'ln -sf' first, because the 'ln' binary might depend on # the symlink we replace! Solaris /bin/ln does not understand -f, # so we also need to try rm && ln -s. for linkname @@ -3017,14 +4345,14 @@ func_mode_install () fi # Do each command in the postinstall commands. - lib="$destdir/$realname" + lib=$destdir/$realname func_execute_cmds "$postinstall_cmds" 'exit $?' fi # Install the pseudo-library for information purposes. func_basename "$file" - name="$func_basename_result" - instname="$dir/$name"i + name=$func_basename_result + instname=$dir/${name}i func_show_eval "$install_prog $instname $destdir/$name" 'exit $?' # Maybe install the static library, too. @@ -3036,11 +4364,11 @@ func_mode_install () # Figure out destination file name, if it wasn't already specified. if test -n "$destname"; then - destfile="$destdir/$destname" + destfile=$destdir/$destname else func_basename "$file" - destfile="$func_basename_result" - destfile="$destdir/$destfile" + destfile=$func_basename_result + destfile=$destdir/$destfile fi # Deduce the name of the destination old-style object file. @@ -3050,11 +4378,11 @@ func_mode_install () staticdest=$func_lo2o_result ;; *.$objext) - staticdest="$destfile" + staticdest=$destfile destfile= ;; *) - func_fatal_help "cannot copy a libtool object to \`$destfile'" + func_fatal_help "cannot copy a libtool object to '$destfile'" ;; esac @@ -3063,7 +4391,7 @@ func_mode_install () func_show_eval "$install_prog $file $destfile" 'exit $?' # Install the old object if enabled. - if test "$build_old_libs" = yes; then + if test yes = "$build_old_libs"; then # Deduce the name of the old-style object file. func_lo2o "$file" staticobj=$func_lo2o_result @@ -3075,23 +4403,23 @@ func_mode_install () *) # Figure out destination file name, if it wasn't already specified. if test -n "$destname"; then - destfile="$destdir/$destname" + destfile=$destdir/$destname else func_basename "$file" - destfile="$func_basename_result" - destfile="$destdir/$destfile" + destfile=$func_basename_result + destfile=$destdir/$destfile fi # If the file is missing, and there is a .exe on the end, strip it # because it is most likely a libtool script we actually want to # install - stripped_ext="" + stripped_ext= case $file in *.exe) if test ! -f "$file"; then func_stripname '' '.exe' "$file" file=$func_stripname_result - stripped_ext=".exe" + stripped_ext=.exe fi ;; esac @@ -3119,19 +4447,19 @@ func_mode_install () # Check the variables that should have been set. test -z "$generated_by_libtool_version" && \ - func_fatal_error "invalid libtool wrapper script \`$wrapper'" + func_fatal_error "invalid libtool wrapper script '$wrapper'" - finalize=yes + finalize=: for lib in $notinst_deplibs; do # Check to see that each library is installed. libdir= if test -f "$lib"; then func_source "$lib" fi - libfile="$libdir/"`$ECHO "$lib" | $SED 's%^.*/%%g'` ### testsuite: skip nested quoting test + libfile=$libdir/`$ECHO "$lib" | $SED 's%^.*/%%g'` if test -n "$libdir" && test ! -f "$libfile"; then - func_warning "\`$lib' has not been installed in \`$libdir'" - finalize=no + func_warning "'$lib' has not been installed in '$libdir'" + finalize=false fi done @@ -3139,29 +4467,29 @@ func_mode_install () func_source "$wrapper" outputname= - if test "$fast_install" = no && test -n "$relink_command"; then + if test no = "$fast_install" && test -n "$relink_command"; then $opt_dry_run || { - if test "$finalize" = yes; then + if $finalize; then tmpdir=`func_mktempdir` func_basename "$file$stripped_ext" - file="$func_basename_result" - outputname="$tmpdir/$file" + file=$func_basename_result + outputname=$tmpdir/$file # Replace the output file specification. relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'` - $opt_silent || { + $opt_quiet || { func_quote_for_expand "$relink_command" eval "func_echo $func_quote_for_expand_result" } if eval "$relink_command"; then : else - func_error "error: relink \`$file' with the above command before installing it" + func_error "error: relink '$file' with the above command before installing it" $opt_dry_run || ${RM}r "$tmpdir" continue fi - file="$outputname" + file=$outputname else - func_warning "cannot relink \`$file'" + func_warning "cannot relink '$file'" fi } else @@ -3198,10 +4526,10 @@ func_mode_install () for file in $staticlibs; do func_basename "$file" - name="$func_basename_result" + name=$func_basename_result # Set up the ranlib parameters. - oldlib="$destdir/$name" + oldlib=$destdir/$name func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 tool_oldlib=$func_to_tool_file_result @@ -3216,18 +4544,18 @@ func_mode_install () done test -n "$future_libdirs" && \ - func_warning "remember to run \`$progname --finish$future_libdirs'" + func_warning "remember to run '$progname --finish$future_libdirs'" if test -n "$current_libdirs"; then # Maybe just do a dry run. $opt_dry_run && current_libdirs=" -n$current_libdirs" - exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs' + exec_cmd='$SHELL "$progpath" $preserve_args --finish$current_libdirs' else exit $EXIT_SUCCESS fi } -test "$opt_mode" = install && func_mode_install ${1+"$@"} +test install = "$opt_mode" && func_mode_install ${1+"$@"} # func_generate_dlsyms outputname originator pic_p @@ -3235,16 +4563,17 @@ test "$opt_mode" = install && func_mode_install ${1+"$@"} # a dlpreopen symbol table. func_generate_dlsyms () { - $opt_debug - my_outputname="$1" - my_originator="$2" - my_pic_p="${3-no}" - my_prefix=`$ECHO "$my_originator" | sed 's%[^a-zA-Z0-9]%_%g'` + $debug_cmd + + my_outputname=$1 + my_originator=$2 + my_pic_p=${3-false} + my_prefix=`$ECHO "$my_originator" | $SED 's%[^a-zA-Z0-9]%_%g'` my_dlsyms= - if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then + if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then if test -n "$NM" && test -n "$global_symbol_pipe"; then - my_dlsyms="${my_outputname}S.c" + my_dlsyms=${my_outputname}S.c else func_error "not configured to extract global symbols from dlpreopened files" fi @@ -3255,7 +4584,7 @@ func_generate_dlsyms () "") ;; *.c) # Discover the nlist of each of the dlfiles. - nlist="$output_objdir/${my_outputname}.nm" + nlist=$output_objdir/$my_outputname.nm func_show_eval "$RM $nlist ${nlist}S ${nlist}T" @@ -3263,34 +4592,36 @@ func_generate_dlsyms () func_verbose "creating $output_objdir/$my_dlsyms" $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\ -/* $my_dlsyms - symbol resolution table for \`$my_outputname' dlsym emulation. */ -/* Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION */ +/* $my_dlsyms - symbol resolution table for '$my_outputname' dlsym emulation. */ +/* Generated by $PROGRAM (GNU $PACKAGE) $VERSION */ #ifdef __cplusplus extern \"C\" { #endif -#if defined(__GNUC__) && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4)) +#if defined __GNUC__ && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4)) #pragma GCC diagnostic ignored \"-Wstrict-prototypes\" #endif /* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ -#if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) -/* DATA imports from DLLs on WIN32 con't be const, because runtime +#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE +/* DATA imports from DLLs on WIN32 can't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */ # define LT_DLSYM_CONST -#elif defined(__osf__) +#elif defined __osf__ /* This system does not cope well with relocations in const data. */ # define LT_DLSYM_CONST #else # define LT_DLSYM_CONST const #endif +#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0) + /* External symbol declarations for the compiler. */\ " - if test "$dlself" = yes; then - func_verbose "generating symbol list for \`$output'" + if test yes = "$dlself"; then + func_verbose "generating symbol list for '$output'" $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist" @@ -3298,7 +4629,7 @@ extern \"C\" { progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP` for progfile in $progfiles; do func_to_tool_file "$progfile" func_convert_file_msys_to_w32 - func_verbose "extracting global C symbols from \`$func_to_tool_file_result'" + func_verbose "extracting global C symbols from '$func_to_tool_file_result'" $opt_dry_run || eval "$NM $func_to_tool_file_result | $global_symbol_pipe >> '$nlist'" done @@ -3318,10 +4649,10 @@ extern \"C\" { # Prepare the list of exported symbols if test -z "$export_symbols"; then - export_symbols="$output_objdir/$outputname.exp" + export_symbols=$output_objdir/$outputname.exp $opt_dry_run || { $RM $export_symbols - eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' + eval "$SED -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' case $host in *cygwin* | *mingw* | *cegcc* ) eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' @@ -3331,7 +4662,7 @@ extern \"C\" { } else $opt_dry_run || { - eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' + eval "$SED -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' eval '$MV "$nlist"T "$nlist"' case $host in @@ -3345,22 +4676,22 @@ extern \"C\" { fi for dlprefile in $dlprefiles; do - func_verbose "extracting global C symbols from \`$dlprefile'" + func_verbose "extracting global C symbols from '$dlprefile'" func_basename "$dlprefile" - name="$func_basename_result" + name=$func_basename_result case $host in *cygwin* | *mingw* | *cegcc* ) # if an import library, we need to obtain dlname if func_win32_import_lib_p "$dlprefile"; then func_tr_sh "$dlprefile" eval "curr_lafile=\$libfile_$func_tr_sh_result" - dlprefile_dlbasename="" + dlprefile_dlbasename= if test -n "$curr_lafile" && func_lalib_p "$curr_lafile"; then # Use subshell, to avoid clobbering current variable values dlprefile_dlname=`source "$curr_lafile" && echo "$dlname"` - if test -n "$dlprefile_dlname" ; then + if test -n "$dlprefile_dlname"; then func_basename "$dlprefile_dlname" - dlprefile_dlbasename="$func_basename_result" + dlprefile_dlbasename=$func_basename_result else # no lafile. user explicitly requested -dlpreopen . $sharedlib_from_linklib_cmd "$dlprefile" @@ -3368,7 +4699,7 @@ extern \"C\" { fi fi $opt_dry_run || { - if test -n "$dlprefile_dlbasename" ; then + if test -n "$dlprefile_dlbasename"; then eval '$ECHO ": $dlprefile_dlbasename" >> "$nlist"' else func_warning "Could not compute DLL name from $name" @@ -3424,6 +4755,11 @@ extern \"C\" { echo '/* NONE */' >> "$output_objdir/$my_dlsyms" fi + func_show_eval '$RM "${nlist}I"' + if test -n "$global_symbol_to_import"; then + eval "$global_symbol_to_import"' < "$nlist"S > "$nlist"I' + fi + echo >> "$output_objdir/$my_dlsyms" "\ /* The mapping between symbol names and symbols. */ @@ -3432,11 +4768,30 @@ typedef struct { void *address; } lt_dlsymlist; extern LT_DLSYM_CONST lt_dlsymlist -lt_${my_prefix}_LTX_preloaded_symbols[]; +lt_${my_prefix}_LTX_preloaded_symbols[];\ +" + + if test -s "$nlist"I; then + echo >> "$output_objdir/$my_dlsyms" "\ +static void lt_syminit(void) +{ + LT_DLSYM_CONST lt_dlsymlist *symbol = lt_${my_prefix}_LTX_preloaded_symbols; + for (; symbol->name; ++symbol) + {" + $SED 's/.*/ if (STREQ (symbol->name, \"&\")) symbol->address = (void *) \&&;/' < "$nlist"I >> "$output_objdir/$my_dlsyms" + echo >> "$output_objdir/$my_dlsyms" "\ + } +}" + fi + echo >> "$output_objdir/$my_dlsyms" "\ LT_DLSYM_CONST lt_dlsymlist lt_${my_prefix}_LTX_preloaded_symbols[] = -{\ - { \"$my_originator\", (void *) 0 }," +{ {\"$my_originator\", (void *) 0}," + + if test -s "$nlist"I; then + echo >> "$output_objdir/$my_dlsyms" "\ + {\"@INIT@\", (void *) <_syminit}," + fi case $need_lib_prefix in no) @@ -3478,9 +4833,7 @@ static const void *lt_preloaded_setup() { *-*-hpux*) pic_flag_for_symtable=" $pic_flag" ;; *) - if test "X$my_pic_p" != Xno; then - pic_flag_for_symtable=" $pic_flag" - fi + $my_pic_p && pic_flag_for_symtable=" $pic_flag" ;; esac ;; @@ -3497,10 +4850,10 @@ static const void *lt_preloaded_setup() { func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?' # Clean up the generated files. - func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T"' + func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T" "${nlist}I"' # Transform the symbol file into the correct name. - symfileobj="$output_objdir/${my_outputname}S.$objext" + symfileobj=$output_objdir/${my_outputname}S.$objext case $host in *cygwin* | *mingw* | *cegcc* ) if test -f "$output_objdir/$my_outputname.def"; then @@ -3518,7 +4871,7 @@ static const void *lt_preloaded_setup() { esac ;; *) - func_fatal_error "unknown suffix for \`$my_dlsyms'" + func_fatal_error "unknown suffix for '$my_dlsyms'" ;; esac else @@ -3532,6 +4885,32 @@ static const void *lt_preloaded_setup() { fi } +# func_cygming_gnu_implib_p ARG +# This predicate returns with zero status (TRUE) if +# ARG is a GNU/binutils-style import library. Returns +# with nonzero status (FALSE) otherwise. +func_cygming_gnu_implib_p () +{ + $debug_cmd + + func_to_tool_file "$1" func_convert_file_msys_to_w32 + func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'` + test -n "$func_cygming_gnu_implib_tmp" +} + +# func_cygming_ms_implib_p ARG +# This predicate returns with zero status (TRUE) if +# ARG is an MS-style import library. Returns +# with nonzero status (FALSE) otherwise. +func_cygming_ms_implib_p () +{ + $debug_cmd + + func_to_tool_file "$1" func_convert_file_msys_to_w32 + func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'` + test -n "$func_cygming_ms_implib_tmp" +} + # func_win32_libid arg # return the library type of file 'arg' # @@ -3541,8 +4920,9 @@ static const void *lt_preloaded_setup() { # Despite the name, also deal with 64 bit binaries. func_win32_libid () { - $opt_debug - win32_libid_type="unknown" + $debug_cmd + + win32_libid_type=unknown win32_fileres=`file -L $1 2>/dev/null` case $win32_fileres in *ar\ archive\ import\ library*) # definitely import @@ -3552,16 +4932,29 @@ func_win32_libid () # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD. if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then - func_to_tool_file "$1" func_convert_file_msys_to_w32 - win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" | - $SED -n -e ' + case $nm_interface in + "MS dumpbin") + if func_cygming_ms_implib_p "$1" || + func_cygming_gnu_implib_p "$1" + then + win32_nmres=import + else + win32_nmres= + fi + ;; + *) + func_to_tool_file "$1" func_convert_file_msys_to_w32 + win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" | + $SED -n -e ' 1,100{ / I /{ - s,.*,import, + s|.*|import| p q } }'` + ;; + esac case $win32_nmres in import*) win32_libid_type="x86 archive import";; *) win32_libid_type="x86 archive static";; @@ -3593,7 +4986,8 @@ func_win32_libid () # $sharedlib_from_linklib_result func_cygming_dll_for_implib () { - $opt_debug + $debug_cmd + sharedlib_from_linklib_result=`$DLLTOOL --identify-strict --identify "$1"` } @@ -3610,7 +5004,8 @@ func_cygming_dll_for_implib () # specified import library. func_cygming_dll_for_implib_fallback_core () { - $opt_debug + $debug_cmd + match_literal=`$ECHO "$1" | $SED "$sed_make_literal_regex"` $OBJDUMP -s --section "$1" "$2" 2>/dev/null | $SED '/^Contents of section '"$match_literal"':/{ @@ -3646,8 +5041,8 @@ func_cygming_dll_for_implib_fallback_core () /./p' | # we now have a list, one entry per line, of the stringified # contents of the appropriate section of all members of the - # archive which possess that section. Heuristic: eliminate - # all those which have a first or second character that is + # archive that possess that section. Heuristic: eliminate + # all those that have a first or second character that is # a '.' (that is, objdump's representation of an unprintable # character.) This should work for all archives with less than # 0x302f exports -- but will fail for DLLs whose name actually @@ -3658,30 +5053,6 @@ func_cygming_dll_for_implib_fallback_core () $SED -e '/^\./d;/^.\./d;q' } -# func_cygming_gnu_implib_p ARG -# This predicate returns with zero status (TRUE) if -# ARG is a GNU/binutils-style import library. Returns -# with nonzero status (FALSE) otherwise. -func_cygming_gnu_implib_p () -{ - $opt_debug - func_to_tool_file "$1" func_convert_file_msys_to_w32 - func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'` - test -n "$func_cygming_gnu_implib_tmp" -} - -# func_cygming_ms_implib_p ARG -# This predicate returns with zero status (TRUE) if -# ARG is an MS-style import library. Returns -# with nonzero status (FALSE) otherwise. -func_cygming_ms_implib_p () -{ - $opt_debug - func_to_tool_file "$1" func_convert_file_msys_to_w32 - func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'` - test -n "$func_cygming_ms_implib_tmp" -} - # func_cygming_dll_for_implib_fallback ARG # Platform-specific function to extract the # name of the DLL associated with the specified @@ -3695,16 +5066,17 @@ func_cygming_ms_implib_p () # $sharedlib_from_linklib_result func_cygming_dll_for_implib_fallback () { - $opt_debug - if func_cygming_gnu_implib_p "$1" ; then + $debug_cmd + + if func_cygming_gnu_implib_p "$1"; then # binutils import library sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$7' "$1"` - elif func_cygming_ms_implib_p "$1" ; then + elif func_cygming_ms_implib_p "$1"; then # ms-generated import library sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$6' "$1"` else # unknown - sharedlib_from_linklib_result="" + sharedlib_from_linklib_result= fi } @@ -3712,10 +5084,11 @@ func_cygming_dll_for_implib_fallback () # func_extract_an_archive dir oldlib func_extract_an_archive () { - $opt_debug - f_ex_an_ar_dir="$1"; shift - f_ex_an_ar_oldlib="$1" - if test "$lock_old_archive_extraction" = yes; then + $debug_cmd + + f_ex_an_ar_dir=$1; shift + f_ex_an_ar_oldlib=$1 + if test yes = "$lock_old_archive_extraction"; then lockfile=$f_ex_an_ar_oldlib.lock until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do func_echo "Waiting for $lockfile to be removed" @@ -3724,7 +5097,7 @@ func_extract_an_archive () fi func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \ 'stat=$?; rm -f "$lockfile"; exit $stat' - if test "$lock_old_archive_extraction" = yes; then + if test yes = "$lock_old_archive_extraction"; then $opt_dry_run || rm -f "$lockfile" fi if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then @@ -3738,22 +5111,23 @@ func_extract_an_archive () # func_extract_archives gentop oldlib ... func_extract_archives () { - $opt_debug - my_gentop="$1"; shift + $debug_cmd + + my_gentop=$1; shift my_oldlibs=${1+"$@"} - my_oldobjs="" - my_xlib="" - my_xabs="" - my_xdir="" + my_oldobjs= + my_xlib= + my_xabs= + my_xdir= for my_xlib in $my_oldlibs; do # Extract the objects. case $my_xlib in - [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;; + [\\/]* | [A-Za-z]:[\\/]*) my_xabs=$my_xlib ;; *) my_xabs=`pwd`"/$my_xlib" ;; esac func_basename "$my_xlib" - my_xlib="$func_basename_result" + my_xlib=$func_basename_result my_xlib_u=$my_xlib while :; do case " $extracted_archives " in @@ -3765,7 +5139,7 @@ func_extract_archives () esac done extracted_archives="$extracted_archives $my_xlib_u" - my_xdir="$my_gentop/$my_xlib_u" + my_xdir=$my_gentop/$my_xlib_u func_mkdir_p "$my_xdir" @@ -3778,22 +5152,23 @@ func_extract_archives () cd $my_xdir || exit $? darwin_archive=$my_xabs darwin_curdir=`pwd` - darwin_base_archive=`basename "$darwin_archive"` + func_basename "$darwin_archive" + darwin_base_archive=$func_basename_result darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true` if test -n "$darwin_arches"; then darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'` darwin_arch= func_verbose "$darwin_base_archive has multiple architectures $darwin_arches" - for darwin_arch in $darwin_arches ; do - func_mkdir_p "unfat-$$/${darwin_base_archive}-${darwin_arch}" - $LIPO -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}" - cd "unfat-$$/${darwin_base_archive}-${darwin_arch}" - func_extract_an_archive "`pwd`" "${darwin_base_archive}" + for darwin_arch in $darwin_arches; do + func_mkdir_p "unfat-$$/$darwin_base_archive-$darwin_arch" + $LIPO -thin $darwin_arch -output "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" "$darwin_archive" + cd "unfat-$$/$darwin_base_archive-$darwin_arch" + func_extract_an_archive "`pwd`" "$darwin_base_archive" cd "$darwin_curdir" - $RM "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" + $RM "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" done # $darwin_arches ## Okay now we've a bunch of thin objects, gotta fatten them up :) - darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$basename" | sort -u` + darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$sed_basename" | sort -u` darwin_file= darwin_files= for darwin_file in $darwin_filelist; do @@ -3815,7 +5190,7 @@ func_extract_archives () my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP` done - func_extract_archives_result="$my_oldobjs" + func_extract_archives_result=$my_oldobjs } @@ -3830,7 +5205,7 @@ func_extract_archives () # # ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR # variable will take. If 'yes', then the emitted script -# will assume that the directory in which it is stored is +# will assume that the directory where it is stored is # the $objdir directory. This is a cygwin/mingw-specific # behavior. func_emit_wrapper () @@ -3841,7 +5216,7 @@ func_emit_wrapper () #! $SHELL # $output - temporary wrapper script for $objdir/$outputname -# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION +# Generated by $PROGRAM (GNU $PACKAGE) $VERSION # # The $output program cannot be directly executed until all the libtool # libraries that it depends on are installed. @@ -3898,9 +5273,9 @@ _LTECHO_EOF' # Very basic option parsing. These options are (a) specific to # the libtool wrapper, (b) are identical between the wrapper -# /script/ and the wrapper /executable/ which is used only on +# /script/ and the wrapper /executable/ that is used only on # windows platforms, and (c) all begin with the string "--lt-" -# (application programs are unlikely to have options which match +# (application programs are unlikely to have options that match # this pattern). # # There are only two supported options: --lt-debug and @@ -3933,7 +5308,7 @@ func_parse_lt_options () # Print the debug banner immediately: if test -n \"\$lt_option_debug\"; then - echo \"${outputname}:${output}:\${LINENO}: libtool wrapper (GNU $PACKAGE$TIMESTAMP) $VERSION\" 1>&2 + echo \"$outputname:$output:\$LINENO: libtool wrapper (GNU $PACKAGE) $VERSION\" 1>&2 fi } @@ -3944,7 +5319,7 @@ func_lt_dump_args () lt_dump_args_N=1; for lt_arg do - \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[\$lt_dump_args_N]: \$lt_arg\" + \$ECHO \"$outputname:$output:\$LINENO: newargv[\$lt_dump_args_N]: \$lt_arg\" lt_dump_args_N=\`expr \$lt_dump_args_N + 1\` done } @@ -3958,7 +5333,7 @@ func_exec_program_core () *-*-mingw | *-*-os2* | *-cegcc*) $ECHO "\ if test -n \"\$lt_option_debug\"; then - \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir\\\\\$program\" 1>&2 + \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir\\\\\$program\" 1>&2 func_lt_dump_args \${1+\"\$@\"} 1>&2 fi exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} @@ -3968,7 +5343,7 @@ func_exec_program_core () *) $ECHO "\ if test -n \"\$lt_option_debug\"; then - \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir/\$program\" 1>&2 + \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir/\$program\" 1>&2 func_lt_dump_args \${1+\"\$@\"} 1>&2 fi exec \"\$progdir/\$program\" \${1+\"\$@\"} @@ -4043,13 +5418,13 @@ func_exec_program () test -n \"\$absdir\" && thisdir=\"\$absdir\" " - if test "$fast_install" = yes; then + if test yes = "$fast_install"; then $ECHO "\ program=lt-'$outputname'$exeext progdir=\"\$thisdir/$objdir\" if test ! -f \"\$progdir/\$program\" || - { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\ + { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | $SED 1q\`; \\ test \"X\$file\" != \"X\$progdir/\$program\"; }; then file=\"\$\$-\$program\" @@ -4066,7 +5441,7 @@ func_exec_program () if test -n \"\$relink_command\"; then if relink_command_output=\`eval \$relink_command 2>&1\`; then : else - $ECHO \"\$relink_command_output\" >&2 + \$ECHO \"\$relink_command_output\" >&2 $RM \"\$progdir/\$file\" exit 1 fi @@ -4101,7 +5476,7 @@ func_exec_program () fi # Export our shlibpath_var if we have one. - if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then + if test yes = "$shlibpath_overrides_runpath" && test -n "$shlibpath_var" && test -n "$temp_rpath"; then $ECHO "\ # Add our own library path to $shlibpath_var $shlibpath_var=\"$temp_rpath\$$shlibpath_var\" @@ -4121,7 +5496,7 @@ func_exec_program () fi else # The program doesn't exist. - \$ECHO \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2 + \$ECHO \"\$0: error: '\$progdir/\$program' does not exist\" 1>&2 \$ECHO \"This script is just a wrapper for \$program.\" 1>&2 \$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2 exit 1 @@ -4140,7 +5515,7 @@ func_emit_cwrapperexe_src () cat < #include +#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0) + /* declarations of non-ANSI functions */ -#if defined(__MINGW32__) +#if defined __MINGW32__ # ifdef __STRICT_ANSI__ int _putenv (const char *); # endif -#elif defined(__CYGWIN__) +#elif defined __CYGWIN__ # ifdef __STRICT_ANSI__ char *realpath (const char *, char *); int putenv (char *); int setenv (const char *, const char *, int); # endif -/* #elif defined (other platforms) ... */ +/* #elif defined other_platform || defined ... */ #endif /* portability defines, excluding path handling macros */ -#if defined(_MSC_VER) +#if defined _MSC_VER # define setmode _setmode # define stat _stat # define chmod _chmod # define getcwd _getcwd # define putenv _putenv # define S_IXUSR _S_IEXEC -# ifndef _INTPTR_T_DEFINED -# define _INTPTR_T_DEFINED -# define intptr_t int -# endif -#elif defined(__MINGW32__) +#elif defined __MINGW32__ # define setmode _setmode # define stat _stat # define chmod _chmod # define getcwd _getcwd # define putenv _putenv -#elif defined(__CYGWIN__) +#elif defined __CYGWIN__ # define HAVE_SETENV # define FOPEN_WB "wb" -/* #elif defined (other platforms) ... */ +/* #elif defined other platforms ... */ #endif -#if defined(PATH_MAX) +#if defined PATH_MAX # define LT_PATHMAX PATH_MAX -#elif defined(MAXPATHLEN) +#elif defined MAXPATHLEN # define LT_PATHMAX MAXPATHLEN #else # define LT_PATHMAX 1024 @@ -4234,8 +5607,8 @@ int setenv (const char *, const char *, int); # define PATH_SEPARATOR ':' #endif -#if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \ - defined (__OS2__) +#if defined _WIN32 || defined __MSDOS__ || defined __DJGPP__ || \ + defined __OS2__ # define HAVE_DOS_BASED_FILE_SYSTEM # define FOPEN_WB "wb" # ifndef DIR_SEPARATOR_2 @@ -4268,10 +5641,10 @@ int setenv (const char *, const char *, int); #define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type))) #define XFREE(stale) do { \ - if (stale) { free ((void *) stale); stale = 0; } \ + if (stale) { free (stale); stale = 0; } \ } while (0) -#if defined(LT_DEBUGWRAPPER) +#if defined LT_DEBUGWRAPPER static int lt_debug = 1; #else static int lt_debug = 0; @@ -4300,11 +5673,16 @@ void lt_dump_script (FILE *f); EOF cat < 0) && IS_PATH_SEPARATOR (new_value[len-1])) + size_t len = strlen (new_value); + while ((len > 0) && IS_PATH_SEPARATOR (new_value[len-1])) { - new_value[len-1] = '\0'; + new_value[--len] = '\0'; } lt_setenv (name, new_value); XFREE (new_value); @@ -5082,27 +6460,47 @@ EOF # True if ARG is an import lib, as indicated by $file_magic_cmd func_win32_import_lib_p () { - $opt_debug + $debug_cmd + case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in *import*) : ;; *) false ;; esac } +# func_suncc_cstd_abi +# !!ONLY CALL THIS FOR SUN CC AFTER $compile_command IS FULLY EXPANDED!! +# Several compiler flags select an ABI that is incompatible with the +# Cstd library. Avoid specifying it if any are in CXXFLAGS. +func_suncc_cstd_abi () +{ + $debug_cmd + + case " $compile_command " in + *" -compat=g "*|*\ -std=c++[0-9][0-9]\ *|*" -library=stdcxx4 "*|*" -library=stlport4 "*) + suncc_use_cstd_abi=no + ;; + *) + suncc_use_cstd_abi=yes + ;; + esac +} + # func_mode_link arg... func_mode_link () { - $opt_debug + $debug_cmd + case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) # It is impossible to link a dll without this setting, and # we shouldn't force the makefile maintainer to figure out - # which system we are compiling for in order to pass an extra + # what system we are compiling for in order to pass an extra # flag for every libtool invocation. # allow_undefined=no # FIXME: Unfortunately, there are problems with the above when trying - # to make a dll which has undefined symbols, in which case not + # to make a dll that has undefined symbols, in which case not # even a static library is built. For now, we need to specify # -no-undefined on the libtool link line when we can be certain # that all symbols are satisfied, otherwise we get a static library. @@ -5146,10 +6544,11 @@ func_mode_link () module=no no_install=no objs= + os2dllname= non_pic_objects= precious_files_regex= prefer_static_libs=no - preload=no + preload=false prev= prevarg= release= @@ -5161,7 +6560,7 @@ func_mode_link () vinfo= vinfo_number=no weak_libs= - single_module="${wl}-single_module" + single_module=$wl-single_module func_infer_tag $base_compile # We need to know -static, to get the right output filenames. @@ -5169,15 +6568,15 @@ func_mode_link () do case $arg in -shared) - test "$build_libtool_libs" != yes && \ - func_fatal_configuration "can not build a shared library" + test yes != "$build_libtool_libs" \ + && func_fatal_configuration "cannot build a shared library" build_old_libs=no break ;; -all-static | -static | -static-libtool-libs) case $arg in -all-static) - if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then + if test yes = "$build_libtool_libs" && test -z "$link_static_flag"; then func_warning "complete static linking is impossible in this configuration" fi if test -n "$link_static_flag"; then @@ -5210,7 +6609,7 @@ func_mode_link () # Go through the arguments, transforming them on the way. while test "$#" -gt 0; do - arg="$1" + arg=$1 shift func_quote_for_eval "$arg" qarg=$func_quote_for_eval_unquoted_result @@ -5227,21 +6626,21 @@ func_mode_link () case $prev in bindir) - bindir="$arg" + bindir=$arg prev= continue ;; dlfiles|dlprefiles) - if test "$preload" = no; then + $preload || { # Add the symbol object into the linking commands. func_append compile_command " @SYMFILE@" func_append finalize_command " @SYMFILE@" - preload=yes - fi + preload=: + } case $arg in *.la | *.lo) ;; # We handle these cases below. force) - if test "$dlself" = no; then + if test no = "$dlself"; then dlself=needless export_dynamic=yes fi @@ -5249,9 +6648,9 @@ func_mode_link () continue ;; self) - if test "$prev" = dlprefiles; then + if test dlprefiles = "$prev"; then dlself=yes - elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then + elif test dlfiles = "$prev" && test yes != "$dlopen_self"; then dlself=yes else dlself=needless @@ -5261,7 +6660,7 @@ func_mode_link () continue ;; *) - if test "$prev" = dlfiles; then + if test dlfiles = "$prev"; then func_append dlfiles " $arg" else func_append dlprefiles " $arg" @@ -5272,14 +6671,14 @@ func_mode_link () esac ;; expsyms) - export_symbols="$arg" + export_symbols=$arg test -f "$arg" \ - || func_fatal_error "symbol file \`$arg' does not exist" + || func_fatal_error "symbol file '$arg' does not exist" prev= continue ;; expsyms_regex) - export_symbols_regex="$arg" + export_symbols_regex=$arg prev= continue ;; @@ -5297,7 +6696,13 @@ func_mode_link () continue ;; inst_prefix) - inst_prefix_dir="$arg" + inst_prefix_dir=$arg + prev= + continue + ;; + mllvm) + # Clang does not use LLVM to link, so we can simply discard any + # '-mllvm $arg' options when doing the link step. prev= continue ;; @@ -5321,21 +6726,21 @@ func_mode_link () if test -z "$pic_object" || test -z "$non_pic_object" || - test "$pic_object" = none && - test "$non_pic_object" = none; then - func_fatal_error "cannot find name of object for \`$arg'" + test none = "$pic_object" && + test none = "$non_pic_object"; then + func_fatal_error "cannot find name of object for '$arg'" fi # Extract subdirectory from the argument. func_dirname "$arg" "/" "" - xdir="$func_dirname_result" + xdir=$func_dirname_result - if test "$pic_object" != none; then + if test none != "$pic_object"; then # Prepend the subdirectory the object is found in. - pic_object="$xdir$pic_object" + pic_object=$xdir$pic_object - if test "$prev" = dlfiles; then - if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then + if test dlfiles = "$prev"; then + if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then func_append dlfiles " $pic_object" prev= continue @@ -5346,7 +6751,7 @@ func_mode_link () fi # CHECK ME: I think I busted this. -Ossama - if test "$prev" = dlprefiles; then + if test dlprefiles = "$prev"; then # Preload the old-style object. func_append dlprefiles " $pic_object" prev= @@ -5354,23 +6759,23 @@ func_mode_link () # A PIC object. func_append libobjs " $pic_object" - arg="$pic_object" + arg=$pic_object fi # Non-PIC object. - if test "$non_pic_object" != none; then + if test none != "$non_pic_object"; then # Prepend the subdirectory the object is found in. - non_pic_object="$xdir$non_pic_object" + non_pic_object=$xdir$non_pic_object # A standard non-PIC object func_append non_pic_objects " $non_pic_object" - if test -z "$pic_object" || test "$pic_object" = none ; then - arg="$non_pic_object" + if test -z "$pic_object" || test none = "$pic_object"; then + arg=$non_pic_object fi else # If the PIC object exists, use it instead. # $xdir was prepended to $pic_object above. - non_pic_object="$pic_object" + non_pic_object=$pic_object func_append non_pic_objects " $non_pic_object" fi else @@ -5378,7 +6783,7 @@ func_mode_link () if $opt_dry_run; then # Extract subdirectory from the argument. func_dirname "$arg" "/" "" - xdir="$func_dirname_result" + xdir=$func_dirname_result func_lo2o "$arg" pic_object=$xdir$objdir/$func_lo2o_result @@ -5386,24 +6791,29 @@ func_mode_link () func_append libobjs " $pic_object" func_append non_pic_objects " $non_pic_object" else - func_fatal_error "\`$arg' is not a valid libtool object" + func_fatal_error "'$arg' is not a valid libtool object" fi fi done else - func_fatal_error "link input file \`$arg' does not exist" + func_fatal_error "link input file '$arg' does not exist" fi arg=$save_arg prev= continue ;; + os2dllname) + os2dllname=$arg + prev= + continue + ;; precious_regex) - precious_files_regex="$arg" + precious_files_regex=$arg prev= continue ;; release) - release="-$arg" + release=-$arg prev= continue ;; @@ -5415,7 +6825,7 @@ func_mode_link () func_fatal_error "only absolute run-paths are allowed" ;; esac - if test "$prev" = rpath; then + if test rpath = "$prev"; then case "$rpath " in *" $arg "*) ;; *) func_append rpath " $arg" ;; @@ -5430,7 +6840,7 @@ func_mode_link () continue ;; shrext) - shrext_cmds="$arg" + shrext_cmds=$arg prev= continue ;; @@ -5470,7 +6880,7 @@ func_mode_link () esac fi # test -n "$prev" - prevarg="$arg" + prevarg=$arg case $arg in -all-static) @@ -5484,7 +6894,7 @@ func_mode_link () -allow-undefined) # FIXME: remove this flag sometime in the future. - func_fatal_error "\`-allow-undefined' must not be used because it is the default" + func_fatal_error "'-allow-undefined' must not be used because it is the default" ;; -avoid-version) @@ -5516,7 +6926,7 @@ func_mode_link () if test -n "$export_symbols" || test -n "$export_symbols_regex"; then func_fatal_error "more than one -exported-symbols argument is not allowed" fi - if test "X$arg" = "X-export-symbols"; then + if test X-export-symbols = "X$arg"; then prev=expsyms else prev=expsyms_regex @@ -5550,9 +6960,9 @@ func_mode_link () func_stripname "-L" '' "$arg" if test -z "$func_stripname_result"; then if test "$#" -gt 0; then - func_fatal_error "require no space between \`-L' and \`$1'" + func_fatal_error "require no space between '-L' and '$1'" else - func_fatal_error "need path for \`-L' option" + func_fatal_error "need path for '-L' option" fi fi func_resolve_sysroot "$func_stripname_result" @@ -5563,8 +6973,8 @@ func_mode_link () *) absdir=`cd "$dir" && pwd` test -z "$absdir" && \ - func_fatal_error "cannot determine absolute directory name of \`$dir'" - dir="$absdir" + func_fatal_error "cannot determine absolute directory name of '$dir'" + dir=$absdir ;; esac case "$deplibs " in @@ -5599,7 +7009,7 @@ func_mode_link () ;; -l*) - if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then + if test X-lc = "X$arg" || test X-lm = "X$arg"; then case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*) # These systems don't actually have a C or math library (as such) @@ -5607,11 +7017,11 @@ func_mode_link () ;; *-*-os2*) # These systems don't actually have a C library (as such) - test "X$arg" = "X-lc" && continue + test X-lc = "X$arg" && continue ;; - *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) # Do not include libc due to us having libc/libc_r. - test "X$arg" = "X-lc" && continue + test X-lc = "X$arg" && continue ;; *-*-rhapsody* | *-*-darwin1.[012]) # Rhapsody C and math libraries are in the System framework @@ -5620,16 +7030,16 @@ func_mode_link () ;; *-*-sco3.2v5* | *-*-sco5v6*) # Causes problems with __ctype - test "X$arg" = "X-lc" && continue + test X-lc = "X$arg" && continue ;; *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) # Compiler inserts libc in the correct place for threads to work - test "X$arg" = "X-lc" && continue + test X-lc = "X$arg" && continue ;; esac - elif test "X$arg" = "X-lc_r"; then + elif test X-lc_r = "X$arg"; then case $host in - *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) # Do not include libc_r directly, use -pthread flag. continue ;; @@ -5639,6 +7049,11 @@ func_mode_link () continue ;; + -mllvm) + prev=mllvm + continue + ;; + -module) module=yes continue @@ -5668,7 +7083,7 @@ func_mode_link () ;; -multi_module) - single_module="${wl}-multi_module" + single_module=$wl-multi_module continue ;; @@ -5682,8 +7097,8 @@ func_mode_link () *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*) # The PATH hackery in wrapper scripts is required on Windows # and Darwin in order for the loader to find any dlls it needs. - func_warning "\`-no-install' is ignored for $host" - func_warning "assuming \`-no-fast-install' instead" + func_warning "'-no-install' is ignored for $host" + func_warning "assuming '-no-fast-install' instead" fast_install=no ;; *) no_install=yes ;; @@ -5701,6 +7116,11 @@ func_mode_link () continue ;; + -os2dllname) + prev=os2dllname + continue + ;; + -o) prev=output ;; -precious-files-regex) @@ -5788,14 +7208,14 @@ func_mode_link () func_stripname '-Wc,' '' "$arg" args=$func_stripname_result arg= - save_ifs="$IFS"; IFS=',' + save_ifs=$IFS; IFS=, for flag in $args; do - IFS="$save_ifs" + IFS=$save_ifs func_quote_for_eval "$flag" func_append arg " $func_quote_for_eval_result" func_append compiler_flags " $func_quote_for_eval_result" done - IFS="$save_ifs" + IFS=$save_ifs func_stripname ' ' '' "$arg" arg=$func_stripname_result ;; @@ -5804,15 +7224,15 @@ func_mode_link () func_stripname '-Wl,' '' "$arg" args=$func_stripname_result arg= - save_ifs="$IFS"; IFS=',' + save_ifs=$IFS; IFS=, for flag in $args; do - IFS="$save_ifs" + IFS=$save_ifs func_quote_for_eval "$flag" func_append arg " $wl$func_quote_for_eval_result" func_append compiler_flags " $wl$func_quote_for_eval_result" func_append linker_flags " $func_quote_for_eval_result" done - IFS="$save_ifs" + IFS=$save_ifs func_stripname ' ' '' "$arg" arg=$func_stripname_result ;; @@ -5835,7 +7255,7 @@ func_mode_link () # -msg_* for osf cc -msg_*) func_quote_for_eval "$arg" - arg="$func_quote_for_eval_result" + arg=$func_quote_for_eval_result ;; # Flags to be passed through unchanged, with rationale: @@ -5847,25 +7267,49 @@ func_mode_link () # -m*, -t[45]*, -txscale* architecture-specific flags for GCC # -F/path path to uninstalled frameworks, gcc on darwin # -p, -pg, --coverage, -fprofile-* profiling flags for GCC + # -fstack-protector* stack protector flags for GCC # @file GCC response files # -tp=* Portland pgcc target processor selection # --sysroot=* for sysroot support - # -O*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization + # -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization + # -specs=* GCC specs files + # -stdlib=* select c++ std lib with clang + # -fsanitize=* Clang/GCC memory and address sanitizer -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ - -O*|-flto*|-fwhopr*|-fuse-linker-plugin) + -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \ + -specs=*|-fsanitize=*) func_quote_for_eval "$arg" - arg="$func_quote_for_eval_result" + arg=$func_quote_for_eval_result func_append compile_command " $arg" func_append finalize_command " $arg" func_append compiler_flags " $arg" continue ;; + -Z*) + if test os2 = "`expr $host : '.*\(os2\)'`"; then + # OS/2 uses -Zxxx to specify OS/2-specific options + compiler_flags="$compiler_flags $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + case $arg in + -Zlinker | -Zstack) + prev=xcompiler + ;; + esac + continue + else + # Otherwise treat like 'Some other compiler flag' below + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + fi + ;; + # Some other compiler flag. -* | +*) func_quote_for_eval "$arg" - arg="$func_quote_for_eval_result" + arg=$func_quote_for_eval_result ;; *.$objext) @@ -5886,21 +7330,21 @@ func_mode_link () if test -z "$pic_object" || test -z "$non_pic_object" || - test "$pic_object" = none && - test "$non_pic_object" = none; then - func_fatal_error "cannot find name of object for \`$arg'" + test none = "$pic_object" && + test none = "$non_pic_object"; then + func_fatal_error "cannot find name of object for '$arg'" fi # Extract subdirectory from the argument. func_dirname "$arg" "/" "" - xdir="$func_dirname_result" + xdir=$func_dirname_result - if test "$pic_object" != none; then + test none = "$pic_object" || { # Prepend the subdirectory the object is found in. - pic_object="$xdir$pic_object" + pic_object=$xdir$pic_object - if test "$prev" = dlfiles; then - if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then + if test dlfiles = "$prev"; then + if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then func_append dlfiles " $pic_object" prev= continue @@ -5911,7 +7355,7 @@ func_mode_link () fi # CHECK ME: I think I busted this. -Ossama - if test "$prev" = dlprefiles; then + if test dlprefiles = "$prev"; then # Preload the old-style object. func_append dlprefiles " $pic_object" prev= @@ -5919,23 +7363,23 @@ func_mode_link () # A PIC object. func_append libobjs " $pic_object" - arg="$pic_object" - fi + arg=$pic_object + } # Non-PIC object. - if test "$non_pic_object" != none; then + if test none != "$non_pic_object"; then # Prepend the subdirectory the object is found in. - non_pic_object="$xdir$non_pic_object" + non_pic_object=$xdir$non_pic_object # A standard non-PIC object func_append non_pic_objects " $non_pic_object" - if test -z "$pic_object" || test "$pic_object" = none ; then - arg="$non_pic_object" + if test -z "$pic_object" || test none = "$pic_object"; then + arg=$non_pic_object fi else # If the PIC object exists, use it instead. # $xdir was prepended to $pic_object above. - non_pic_object="$pic_object" + non_pic_object=$pic_object func_append non_pic_objects " $non_pic_object" fi else @@ -5943,7 +7387,7 @@ func_mode_link () if $opt_dry_run; then # Extract subdirectory from the argument. func_dirname "$arg" "/" "" - xdir="$func_dirname_result" + xdir=$func_dirname_result func_lo2o "$arg" pic_object=$xdir$objdir/$func_lo2o_result @@ -5951,7 +7395,7 @@ func_mode_link () func_append libobjs " $pic_object" func_append non_pic_objects " $non_pic_object" else - func_fatal_error "\`$arg' is not a valid libtool object" + func_fatal_error "'$arg' is not a valid libtool object" fi fi ;; @@ -5967,11 +7411,11 @@ func_mode_link () # A libtool-controlled library. func_resolve_sysroot "$arg" - if test "$prev" = dlfiles; then + if test dlfiles = "$prev"; then # This library was specified with -dlopen. func_append dlfiles " $func_resolve_sysroot_result" prev= - elif test "$prev" = dlprefiles; then + elif test dlprefiles = "$prev"; then # The library was specified with -dlpreopen. func_append dlprefiles " $func_resolve_sysroot_result" prev= @@ -5986,7 +7430,7 @@ func_mode_link () # Unknown arguments in both finalize_command and compile_command need # to be aesthetically quoted because they are evaled later. func_quote_for_eval "$arg" - arg="$func_quote_for_eval_result" + arg=$func_quote_for_eval_result ;; esac # arg @@ -5998,9 +7442,9 @@ func_mode_link () done # argument parsing loop test -n "$prev" && \ - func_fatal_help "the \`$prevarg' option requires an argument" + func_fatal_help "the '$prevarg' option requires an argument" - if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then + if test yes = "$export_dynamic" && test -n "$export_dynamic_flag_spec"; then eval arg=\"$export_dynamic_flag_spec\" func_append compile_command " $arg" func_append finalize_command " $arg" @@ -6009,20 +7453,23 @@ func_mode_link () oldlibs= # calculate the name of the file, without its directory func_basename "$output" - outputname="$func_basename_result" - libobjs_save="$libobjs" + outputname=$func_basename_result + libobjs_save=$libobjs if test -n "$shlibpath_var"; then # get the directories listed in $shlibpath_var - eval shlib_search_path=\`\$ECHO \"\${$shlibpath_var}\" \| \$SED \'s/:/ /g\'\` + eval shlib_search_path=\`\$ECHO \"\$$shlibpath_var\" \| \$SED \'s/:/ /g\'\` else shlib_search_path= fi eval sys_lib_search_path=\"$sys_lib_search_path_spec\" eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\" + # Definition is injected by LT_CONFIG during libtool generation. + func_munge_path_list sys_lib_dlsearch_path "$LT_SYS_LIBRARY_PATH" + func_dirname "$output" "/" "" - output_objdir="$func_dirname_result$objdir" + output_objdir=$func_dirname_result$objdir func_to_tool_file "$output_objdir/" tool_output_objdir=$func_to_tool_file_result # Create the object directory. @@ -6045,7 +7492,7 @@ func_mode_link () # Find all interdependent deplibs by searching for libraries # that are linked more than once (e.g. -la -lb -la) for deplib in $deplibs; do - if $opt_preserve_dup_deps ; then + if $opt_preserve_dup_deps; then case "$libs " in *" $deplib "*) func_append specialdeplibs " $deplib" ;; esac @@ -6053,7 +7500,7 @@ func_mode_link () func_append libs " $deplib" done - if test "$linkmode" = lib; then + if test lib = "$linkmode"; then libs="$predeps $libs $compiler_lib_search_path $postdeps" # Compute libraries that are listed more than once in $predeps @@ -6085,7 +7532,7 @@ func_mode_link () case $file in *.la) ;; *) - func_fatal_help "libraries can \`-dlopen' only libtool libraries: $file" + func_fatal_help "libraries can '-dlopen' only libtool libraries: $file" ;; esac done @@ -6093,7 +7540,7 @@ func_mode_link () prog) compile_deplibs= finalize_deplibs= - alldeplibs=no + alldeplibs=false newdlfiles= newdlprefiles= passes="conv scan dlopen dlpreopen link" @@ -6105,32 +7552,32 @@ func_mode_link () for pass in $passes; do # The preopen pass in lib mode reverses $deplibs; put it back here # so that -L comes before libs that need it for instance... - if test "$linkmode,$pass" = "lib,link"; then + if test lib,link = "$linkmode,$pass"; then ## FIXME: Find the place where the list is rebuilt in the wrong ## order, and fix it there properly tmp_deplibs= for deplib in $deplibs; do tmp_deplibs="$deplib $tmp_deplibs" done - deplibs="$tmp_deplibs" + deplibs=$tmp_deplibs fi - if test "$linkmode,$pass" = "lib,link" || - test "$linkmode,$pass" = "prog,scan"; then - libs="$deplibs" + if test lib,link = "$linkmode,$pass" || + test prog,scan = "$linkmode,$pass"; then + libs=$deplibs deplibs= fi - if test "$linkmode" = prog; then + if test prog = "$linkmode"; then case $pass in - dlopen) libs="$dlfiles" ;; - dlpreopen) libs="$dlprefiles" ;; + dlopen) libs=$dlfiles ;; + dlpreopen) libs=$dlprefiles ;; link) libs="$deplibs %DEPLIBS%" test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs" ;; esac fi - if test "$linkmode,$pass" = "lib,dlpreopen"; then + if test lib,dlpreopen = "$linkmode,$pass"; then # Collect and forward deplibs of preopened libtool libs for lib in $dlprefiles; do # Ignore non-libtool-libs @@ -6151,26 +7598,26 @@ func_mode_link () esac done done - libs="$dlprefiles" + libs=$dlprefiles fi - if test "$pass" = dlopen; then + if test dlopen = "$pass"; then # Collect dlpreopened libraries - save_deplibs="$deplibs" + save_deplibs=$deplibs deplibs= fi for deplib in $libs; do lib= - found=no + found=false case $deplib in -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) - if test "$linkmode,$pass" = "prog,link"; then + if test prog,link = "$linkmode,$pass"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else func_append compiler_flags " $deplib" - if test "$linkmode" = lib ; then + if test lib = "$linkmode"; then case "$new_inherited_linker_flags " in *" $deplib "*) ;; * ) func_append new_inherited_linker_flags " $deplib" ;; @@ -6180,13 +7627,13 @@ func_mode_link () continue ;; -l*) - if test "$linkmode" != lib && test "$linkmode" != prog; then - func_warning "\`-l' is ignored for archives/objects" + if test lib != "$linkmode" && test prog != "$linkmode"; then + func_warning "'-l' is ignored for archives/objects" continue fi func_stripname '-l' '' "$deplib" name=$func_stripname_result - if test "$linkmode" = lib; then + if test lib = "$linkmode"; then searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path" else searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path" @@ -6194,31 +7641,22 @@ func_mode_link () for searchdir in $searchdirs; do for search_ext in .la $std_shrext .so .a; do # Search the libtool library - lib="$searchdir/lib${name}${search_ext}" + lib=$searchdir/lib$name$search_ext if test -f "$lib"; then - if test "$search_ext" = ".la"; then - found=yes + if test .la = "$search_ext"; then + found=: else - found=no + found=false fi break 2 fi done done - if test "$found" != yes; then - # deplib doesn't seem to be a libtool library - if test "$linkmode,$pass" = "prog,link"; then - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - else - deplibs="$deplib $deplibs" - test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" - fi - continue - else # deplib is a libtool library + if $found; then + # deplib is a libtool library # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib, # We need to do some special things here, and not later. - if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + if test yes = "$allow_libtool_libs_with_static_runtimes"; then case " $predeps $postdeps " in *" $deplib "*) if func_lalib_p "$lib"; then @@ -6226,19 +7664,19 @@ func_mode_link () old_library= func_source "$lib" for l in $old_library $library_names; do - ll="$l" + ll=$l done - if test "X$ll" = "X$old_library" ; then # only static version available - found=no + if test "X$ll" = "X$old_library"; then # only static version available + found=false func_dirname "$lib" "" "." - ladir="$func_dirname_result" + ladir=$func_dirname_result lib=$ladir/$old_library - if test "$linkmode,$pass" = "prog,link"; then + if test prog,link = "$linkmode,$pass"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else deplibs="$deplib $deplibs" - test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" + test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs" fi continue fi @@ -6247,15 +7685,25 @@ func_mode_link () *) ;; esac fi + else + # deplib doesn't seem to be a libtool library + if test prog,link = "$linkmode,$pass"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs" + fi + continue fi ;; # -l *.ltframework) - if test "$linkmode,$pass" = "prog,link"; then + if test prog,link = "$linkmode,$pass"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else deplibs="$deplib $deplibs" - if test "$linkmode" = lib ; then + if test lib = "$linkmode"; then case "$new_inherited_linker_flags " in *" $deplib "*) ;; * ) func_append new_inherited_linker_flags " $deplib" ;; @@ -6268,18 +7716,18 @@ func_mode_link () case $linkmode in lib) deplibs="$deplib $deplibs" - test "$pass" = conv && continue + test conv = "$pass" && continue newdependency_libs="$deplib $newdependency_libs" func_stripname '-L' '' "$deplib" func_resolve_sysroot "$func_stripname_result" func_append newlib_search_path " $func_resolve_sysroot_result" ;; prog) - if test "$pass" = conv; then + if test conv = "$pass"; then deplibs="$deplib $deplibs" continue fi - if test "$pass" = scan; then + if test scan = "$pass"; then deplibs="$deplib $deplibs" else compile_deplibs="$deplib $compile_deplibs" @@ -6290,13 +7738,13 @@ func_mode_link () func_append newlib_search_path " $func_resolve_sysroot_result" ;; *) - func_warning "\`-L' is ignored for archives/objects" + func_warning "'-L' is ignored for archives/objects" ;; esac # linkmode continue ;; # -L -R*) - if test "$pass" = link; then + if test link = "$pass"; then func_stripname '-R' '' "$deplib" func_resolve_sysroot "$func_stripname_result" dir=$func_resolve_sysroot_result @@ -6314,7 +7762,7 @@ func_mode_link () lib=$func_resolve_sysroot_result ;; *.$libext) - if test "$pass" = conv; then + if test conv = "$pass"; then deplibs="$deplib $deplibs" continue fi @@ -6325,21 +7773,26 @@ func_mode_link () case " $dlpreconveniencelibs " in *" $deplib "*) ;; *) - valid_a_lib=no + valid_a_lib=false case $deplibs_check_method in match_pattern*) set dummy $deplibs_check_method; shift match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \ | $EGREP "$match_pattern_regex" > /dev/null; then - valid_a_lib=yes + valid_a_lib=: fi ;; pass_all) - valid_a_lib=yes + valid_a_lib=: ;; esac - if test "$valid_a_lib" != yes; then + if $valid_a_lib; then + echo + $ECHO "*** Warning: Linking the shared library $output against the" + $ECHO "*** static library $deplib is not portable!" + deplibs="$deplib $deplibs" + else echo $ECHO "*** Warning: Trying to link with static lib archive $deplib." echo "*** I have the capability to make that library automatically link in when" @@ -6347,18 +7800,13 @@ func_mode_link () echo "*** shared version of the library, which you do not appear to have" echo "*** because the file extensions .$libext of this argument makes me believe" echo "*** that it is just a static archive that I should not use here." - else - echo - $ECHO "*** Warning: Linking the shared library $output against the" - $ECHO "*** static library $deplib is not portable!" - deplibs="$deplib $deplibs" fi ;; esac continue ;; prog) - if test "$pass" != link; then + if test link != "$pass"; then deplibs="$deplib $deplibs" else compile_deplibs="$deplib $compile_deplibs" @@ -6369,10 +7817,10 @@ func_mode_link () esac # linkmode ;; # *.$libext *.lo | *.$objext) - if test "$pass" = conv; then + if test conv = "$pass"; then deplibs="$deplib $deplibs" - elif test "$linkmode" = prog; then - if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then + elif test prog = "$linkmode"; then + if test dlpreopen = "$pass" || test yes != "$dlopen_support" || test no = "$build_libtool_libs"; then # If there is no dlopen support or we're linking statically, # we need to preload. func_append newdlprefiles " $deplib" @@ -6385,22 +7833,20 @@ func_mode_link () continue ;; %DEPLIBS%) - alldeplibs=yes + alldeplibs=: continue ;; esac # case $deplib - if test "$found" = yes || test -f "$lib"; then : - else - func_fatal_error "cannot find the library \`$lib' or unhandled argument \`$deplib'" - fi + $found || test -f "$lib" \ + || func_fatal_error "cannot find the library '$lib' or unhandled argument '$deplib'" # Check to see that this really is a libtool archive. func_lalib_unsafe_p "$lib" \ - || func_fatal_error "\`$lib' is not a valid libtool archive" + || func_fatal_error "'$lib' is not a valid libtool archive" func_dirname "$lib" "" "." - ladir="$func_dirname_result" + ladir=$func_dirname_result dlname= dlopen= @@ -6430,19 +7876,19 @@ func_mode_link () done fi dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` - if test "$linkmode,$pass" = "lib,link" || - test "$linkmode,$pass" = "prog,scan" || - { test "$linkmode" != prog && test "$linkmode" != lib; }; then + if test lib,link = "$linkmode,$pass" || + test prog,scan = "$linkmode,$pass" || + { test prog != "$linkmode" && test lib != "$linkmode"; }; then test -n "$dlopen" && func_append dlfiles " $dlopen" test -n "$dlpreopen" && func_append dlprefiles " $dlpreopen" fi - if test "$pass" = conv; then + if test conv = "$pass"; then # Only check for convenience libraries deplibs="$lib $deplibs" if test -z "$libdir"; then if test -z "$old_library"; then - func_fatal_error "cannot find name of link library for \`$lib'" + func_fatal_error "cannot find name of link library for '$lib'" fi # It is a libtool convenience library, so add in its objects. func_append convenience " $ladir/$objdir/$old_library" @@ -6450,15 +7896,15 @@ func_mode_link () tmp_libs= for deplib in $dependency_libs; do deplibs="$deplib $deplibs" - if $opt_preserve_dup_deps ; then + if $opt_preserve_dup_deps; then case "$tmp_libs " in *" $deplib "*) func_append specialdeplibs " $deplib" ;; esac fi func_append tmp_libs " $deplib" done - elif test "$linkmode" != prog && test "$linkmode" != lib; then - func_fatal_error "\`$lib' is not a convenience library" + elif test prog != "$linkmode" && test lib != "$linkmode"; then + func_fatal_error "'$lib' is not a convenience library" fi continue fi # $pass = conv @@ -6467,26 +7913,26 @@ func_mode_link () # Get the name of the library we link against. linklib= if test -n "$old_library" && - { test "$prefer_static_libs" = yes || - test "$prefer_static_libs,$installed" = "built,no"; }; then + { test yes = "$prefer_static_libs" || + test built,no = "$prefer_static_libs,$installed"; }; then linklib=$old_library else for l in $old_library $library_names; do - linklib="$l" + linklib=$l done fi if test -z "$linklib"; then - func_fatal_error "cannot find name of link library for \`$lib'" + func_fatal_error "cannot find name of link library for '$lib'" fi # This library was specified with -dlopen. - if test "$pass" = dlopen; then - if test -z "$libdir"; then - func_fatal_error "cannot -dlopen a convenience library: \`$lib'" - fi + if test dlopen = "$pass"; then + test -z "$libdir" \ + && func_fatal_error "cannot -dlopen a convenience library: '$lib'" if test -z "$dlname" || - test "$dlopen_support" != yes || - test "$build_libtool_libs" = no; then + test yes != "$dlopen_support" || + test no = "$build_libtool_libs" + then # If there is no dlname, no dlopen support or we're linking # statically, we need to preload. We also need to preload any # dependent libraries so libltdl's deplib preloader doesn't @@ -6500,40 +7946,40 @@ func_mode_link () # We need an absolute path. case $ladir in - [\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;; + [\\/]* | [A-Za-z]:[\\/]*) abs_ladir=$ladir ;; *) abs_ladir=`cd "$ladir" && pwd` if test -z "$abs_ladir"; then - func_warning "cannot determine absolute directory name of \`$ladir'" + func_warning "cannot determine absolute directory name of '$ladir'" func_warning "passing it literally to the linker, although it might fail" - abs_ladir="$ladir" + abs_ladir=$ladir fi ;; esac func_basename "$lib" - laname="$func_basename_result" + laname=$func_basename_result # Find the relevant object directory and library name. - if test "X$installed" = Xyes; then + if test yes = "$installed"; then if test ! -f "$lt_sysroot$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then - func_warning "library \`$lib' was moved." - dir="$ladir" - absdir="$abs_ladir" - libdir="$abs_ladir" + func_warning "library '$lib' was moved." + dir=$ladir + absdir=$abs_ladir + libdir=$abs_ladir else - dir="$lt_sysroot$libdir" - absdir="$lt_sysroot$libdir" + dir=$lt_sysroot$libdir + absdir=$lt_sysroot$libdir fi - test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes + test yes = "$hardcode_automatic" && avoidtemprpath=yes else if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then - dir="$ladir" - absdir="$abs_ladir" + dir=$ladir + absdir=$abs_ladir # Remove this search path later func_append notinst_path " $abs_ladir" else - dir="$ladir/$objdir" - absdir="$abs_ladir/$objdir" + dir=$ladir/$objdir + absdir=$abs_ladir/$objdir # Remove this search path later func_append notinst_path " $abs_ladir" fi @@ -6542,11 +7988,11 @@ func_mode_link () name=$func_stripname_result # This library was specified with -dlpreopen. - if test "$pass" = dlpreopen; then - if test -z "$libdir" && test "$linkmode" = prog; then - func_fatal_error "only libraries may -dlpreopen a convenience library: \`$lib'" + if test dlpreopen = "$pass"; then + if test -z "$libdir" && test prog = "$linkmode"; then + func_fatal_error "only libraries may -dlpreopen a convenience library: '$lib'" fi - case "$host" in + case $host in # special handling for platforms with PE-DLLs. *cygwin* | *mingw* | *cegcc* ) # Linker will automatically link against shared library if both @@ -6590,9 +8036,9 @@ func_mode_link () if test -z "$libdir"; then # Link the convenience library - if test "$linkmode" = lib; then + if test lib = "$linkmode"; then deplibs="$dir/$old_library $deplibs" - elif test "$linkmode,$pass" = "prog,link"; then + elif test prog,link = "$linkmode,$pass"; then compile_deplibs="$dir/$old_library $compile_deplibs" finalize_deplibs="$dir/$old_library $finalize_deplibs" else @@ -6602,14 +8048,14 @@ func_mode_link () fi - if test "$linkmode" = prog && test "$pass" != link; then + if test prog = "$linkmode" && test link != "$pass"; then func_append newlib_search_path " $ladir" deplibs="$lib $deplibs" - linkalldeplibs=no - if test "$link_all_deplibs" != no || test -z "$library_names" || - test "$build_libtool_libs" = no; then - linkalldeplibs=yes + linkalldeplibs=false + if test no != "$link_all_deplibs" || test -z "$library_names" || + test no = "$build_libtool_libs"; then + linkalldeplibs=: fi tmp_libs= @@ -6621,14 +8067,14 @@ func_mode_link () ;; esac # Need to link against all dependency_libs? - if test "$linkalldeplibs" = yes; then + if $linkalldeplibs; then deplibs="$deplib $deplibs" else # Need to hardcode shared library paths # or/and link against static libraries newdependency_libs="$deplib $newdependency_libs" fi - if $opt_preserve_dup_deps ; then + if $opt_preserve_dup_deps; then case "$tmp_libs " in *" $deplib "*) func_append specialdeplibs " $deplib" ;; esac @@ -6638,15 +8084,15 @@ func_mode_link () continue fi # $linkmode = prog... - if test "$linkmode,$pass" = "prog,link"; then + if test prog,link = "$linkmode,$pass"; then if test -n "$library_names" && - { { test "$prefer_static_libs" = no || - test "$prefer_static_libs,$installed" = "built,yes"; } || + { { test no = "$prefer_static_libs" || + test built,yes = "$prefer_static_libs,$installed"; } || test -z "$old_library"; }; then # We need to hardcode the library path - if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then + if test -n "$shlibpath_var" && test -z "$avoidtemprpath"; then # Make sure the rpath contains only unique directories. - case "$temp_rpath:" in + case $temp_rpath: in *"$absdir:"*) ;; *) func_append temp_rpath "$absdir:" ;; esac @@ -6675,9 +8121,9 @@ func_mode_link () esac fi # $linkmode,$pass = prog,link... - if test "$alldeplibs" = yes && - { test "$deplibs_check_method" = pass_all || - { test "$build_libtool_libs" = yes && + if $alldeplibs && + { test pass_all = "$deplibs_check_method" || + { test yes = "$build_libtool_libs" && test -n "$library_names"; }; }; then # We only need to search for static libraries continue @@ -6686,19 +8132,19 @@ func_mode_link () link_static=no # Whether the deplib will be linked statically use_static_libs=$prefer_static_libs - if test "$use_static_libs" = built && test "$installed" = yes; then + if test built = "$use_static_libs" && test yes = "$installed"; then use_static_libs=no fi if test -n "$library_names" && - { test "$use_static_libs" = no || test -z "$old_library"; }; then + { test no = "$use_static_libs" || test -z "$old_library"; }; then case $host in - *cygwin* | *mingw* | *cegcc*) + *cygwin* | *mingw* | *cegcc* | *os2*) # No point in relinking DLLs because paths are not encoded func_append notinst_deplibs " $lib" need_relink=no ;; *) - if test "$installed" = no; then + if test no = "$installed"; then func_append notinst_deplibs " $lib" need_relink=yes fi @@ -6708,24 +8154,24 @@ func_mode_link () # Warn about portability, can't link against -module's on some # systems (darwin). Don't bleat about dlopened modules though! - dlopenmodule="" + dlopenmodule= for dlpremoduletest in $dlprefiles; do if test "X$dlpremoduletest" = "X$lib"; then - dlopenmodule="$dlpremoduletest" + dlopenmodule=$dlpremoduletest break fi done - if test -z "$dlopenmodule" && test "$shouldnotlink" = yes && test "$pass" = link; then + if test -z "$dlopenmodule" && test yes = "$shouldnotlink" && test link = "$pass"; then echo - if test "$linkmode" = prog; then + if test prog = "$linkmode"; then $ECHO "*** Warning: Linking the executable $output against the loadable module" else $ECHO "*** Warning: Linking the shared library $output against the loadable module" fi $ECHO "*** $linklib is not portable!" fi - if test "$linkmode" = lib && - test "$hardcode_into_libs" = yes; then + if test lib = "$linkmode" && + test yes = "$hardcode_into_libs"; then # Hardcode the library path. # Skip directories that are in the system default run-time # search path. @@ -6753,43 +8199,43 @@ func_mode_link () # figure out the soname set dummy $library_names shift - realname="$1" + realname=$1 shift libname=`eval "\\$ECHO \"$libname_spec\""` # use dlname if we got it. it's perfectly good, no? if test -n "$dlname"; then - soname="$dlname" + soname=$dlname elif test -n "$soname_spec"; then # bleh windows case $host in - *cygwin* | mingw* | *cegcc*) + *cygwin* | mingw* | *cegcc* | *os2*) func_arith $current - $age major=$func_arith_result - versuffix="-$major" + versuffix=-$major ;; esac eval soname=\"$soname_spec\" else - soname="$realname" + soname=$realname fi # Make a new name for the extract_expsyms_cmds to use - soroot="$soname" + soroot=$soname func_basename "$soroot" - soname="$func_basename_result" + soname=$func_basename_result func_stripname 'lib' '.dll' "$soname" newlib=libimp-$func_stripname_result.a # If the library has no export list, then create one now if test -f "$output_objdir/$soname-def"; then : else - func_verbose "extracting exported symbol list from \`$soname'" + func_verbose "extracting exported symbol list from '$soname'" func_execute_cmds "$extract_expsyms_cmds" 'exit $?' fi # Create $newlib if test -f "$output_objdir/$newlib"; then :; else - func_verbose "generating import library for \`$soname'" + func_verbose "generating import library for '$soname'" func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?' fi # make sure the library variables are pointing to the new library @@ -6797,58 +8243,58 @@ func_mode_link () linklib=$newlib fi # test -n "$old_archive_from_expsyms_cmds" - if test "$linkmode" = prog || test "$opt_mode" != relink; then + if test prog = "$linkmode" || test relink != "$opt_mode"; then add_shlibpath= add_dir= add= lib_linked=yes case $hardcode_action in immediate | unsupported) - if test "$hardcode_direct" = no; then - add="$dir/$linklib" + if test no = "$hardcode_direct"; then + add=$dir/$linklib case $host in - *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;; - *-*-sysv4*uw2*) add_dir="-L$dir" ;; + *-*-sco3.2v5.0.[024]*) add_dir=-L$dir ;; + *-*-sysv4*uw2*) add_dir=-L$dir ;; *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \ - *-*-unixware7*) add_dir="-L$dir" ;; + *-*-unixware7*) add_dir=-L$dir ;; *-*-darwin* ) - # if the lib is a (non-dlopened) module then we can not + # if the lib is a (non-dlopened) module then we cannot # link against it, someone is ignoring the earlier warnings if /usr/bin/file -L $add 2> /dev/null | - $GREP ": [^:]* bundle" >/dev/null ; then + $GREP ": [^:]* bundle" >/dev/null; then if test "X$dlopenmodule" != "X$lib"; then $ECHO "*** Warning: lib $linklib is a module, not a shared library" - if test -z "$old_library" ; then + if test -z "$old_library"; then echo echo "*** And there doesn't seem to be a static archive available" echo "*** The link will probably fail, sorry" else - add="$dir/$old_library" + add=$dir/$old_library fi elif test -n "$old_library"; then - add="$dir/$old_library" + add=$dir/$old_library fi fi esac - elif test "$hardcode_minus_L" = no; then + elif test no = "$hardcode_minus_L"; then case $host in - *-*-sunos*) add_shlibpath="$dir" ;; + *-*-sunos*) add_shlibpath=$dir ;; esac - add_dir="-L$dir" - add="-l$name" - elif test "$hardcode_shlibpath_var" = no; then - add_shlibpath="$dir" - add="-l$name" + add_dir=-L$dir + add=-l$name + elif test no = "$hardcode_shlibpath_var"; then + add_shlibpath=$dir + add=-l$name else lib_linked=no fi ;; relink) - if test "$hardcode_direct" = yes && - test "$hardcode_direct_absolute" = no; then - add="$dir/$linklib" - elif test "$hardcode_minus_L" = yes; then - add_dir="-L$absdir" + if test yes = "$hardcode_direct" && + test no = "$hardcode_direct_absolute"; then + add=$dir/$linklib + elif test yes = "$hardcode_minus_L"; then + add_dir=-L$absdir # Try looking first in the location we're being installed to. if test -n "$inst_prefix_dir"; then case $libdir in @@ -6857,10 +8303,10 @@ func_mode_link () ;; esac fi - add="-l$name" - elif test "$hardcode_shlibpath_var" = yes; then - add_shlibpath="$dir" - add="-l$name" + add=-l$name + elif test yes = "$hardcode_shlibpath_var"; then + add_shlibpath=$dir + add=-l$name else lib_linked=no fi @@ -6868,7 +8314,7 @@ func_mode_link () *) lib_linked=no ;; esac - if test "$lib_linked" != yes; then + if test yes != "$lib_linked"; then func_fatal_configuration "unsupported hardcode properties" fi @@ -6878,15 +8324,15 @@ func_mode_link () *) func_append compile_shlibpath "$add_shlibpath:" ;; esac fi - if test "$linkmode" = prog; then + if test prog = "$linkmode"; then test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs" test -n "$add" && compile_deplibs="$add $compile_deplibs" else test -n "$add_dir" && deplibs="$add_dir $deplibs" test -n "$add" && deplibs="$add $deplibs" - if test "$hardcode_direct" != yes && - test "$hardcode_minus_L" != yes && - test "$hardcode_shlibpath_var" = yes; then + if test yes != "$hardcode_direct" && + test yes != "$hardcode_minus_L" && + test yes = "$hardcode_shlibpath_var"; then case :$finalize_shlibpath: in *":$libdir:"*) ;; *) func_append finalize_shlibpath "$libdir:" ;; @@ -6895,33 +8341,33 @@ func_mode_link () fi fi - if test "$linkmode" = prog || test "$opt_mode" = relink; then + if test prog = "$linkmode" || test relink = "$opt_mode"; then add_shlibpath= add_dir= add= # Finalize command for both is simple: just hardcode it. - if test "$hardcode_direct" = yes && - test "$hardcode_direct_absolute" = no; then - add="$libdir/$linklib" - elif test "$hardcode_minus_L" = yes; then - add_dir="-L$libdir" - add="-l$name" - elif test "$hardcode_shlibpath_var" = yes; then + if test yes = "$hardcode_direct" && + test no = "$hardcode_direct_absolute"; then + add=$libdir/$linklib + elif test yes = "$hardcode_minus_L"; then + add_dir=-L$libdir + add=-l$name + elif test yes = "$hardcode_shlibpath_var"; then case :$finalize_shlibpath: in *":$libdir:"*) ;; *) func_append finalize_shlibpath "$libdir:" ;; esac - add="-l$name" - elif test "$hardcode_automatic" = yes; then + add=-l$name + elif test yes = "$hardcode_automatic"; then if test -n "$inst_prefix_dir" && - test -f "$inst_prefix_dir$libdir/$linklib" ; then - add="$inst_prefix_dir$libdir/$linklib" + test -f "$inst_prefix_dir$libdir/$linklib"; then + add=$inst_prefix_dir$libdir/$linklib else - add="$libdir/$linklib" + add=$libdir/$linklib fi else # We cannot seem to hardcode it, guess we'll fake it. - add_dir="-L$libdir" + add_dir=-L$libdir # Try looking first in the location we're being installed to. if test -n "$inst_prefix_dir"; then case $libdir in @@ -6930,10 +8376,10 @@ func_mode_link () ;; esac fi - add="-l$name" + add=-l$name fi - if test "$linkmode" = prog; then + if test prog = "$linkmode"; then test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs" test -n "$add" && finalize_deplibs="$add $finalize_deplibs" else @@ -6941,43 +8387,43 @@ func_mode_link () test -n "$add" && deplibs="$add $deplibs" fi fi - elif test "$linkmode" = prog; then + elif test prog = "$linkmode"; then # Here we assume that one of hardcode_direct or hardcode_minus_L # is not unsupported. This is valid on all known static and # shared platforms. - if test "$hardcode_direct" != unsupported; then - test -n "$old_library" && linklib="$old_library" + if test unsupported != "$hardcode_direct"; then + test -n "$old_library" && linklib=$old_library compile_deplibs="$dir/$linklib $compile_deplibs" finalize_deplibs="$dir/$linklib $finalize_deplibs" else compile_deplibs="-l$name -L$dir $compile_deplibs" finalize_deplibs="-l$name -L$dir $finalize_deplibs" fi - elif test "$build_libtool_libs" = yes; then + elif test yes = "$build_libtool_libs"; then # Not a shared library - if test "$deplibs_check_method" != pass_all; then + if test pass_all != "$deplibs_check_method"; then # We're trying link a shared library against a static one # but the system doesn't support it. # Just print a warning and add the library to dependency_libs so # that the program can be linked against the static library. echo - $ECHO "*** Warning: This system can not link to static lib archive $lib." + $ECHO "*** Warning: This system cannot link to static lib archive $lib." echo "*** I have the capability to make that library automatically link in when" echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have." - if test "$module" = yes; then + if test yes = "$module"; then echo "*** But as you try to build a module library, libtool will still create " echo "*** a static module, that should work as long as the dlopening application" echo "*** is linked with the -dlopen flag to resolve symbols at runtime." if test -z "$global_symbol_pipe"; then echo echo "*** However, this would only work if libtool was able to extract symbol" - echo "*** lists from a program, using \`nm' or equivalent, but libtool could" + echo "*** lists from a program, using 'nm' or equivalent, but libtool could" echo "*** not find such a program. So, this module is probably useless." - echo "*** \`nm' from GNU binutils and a full rebuild may help." + echo "*** 'nm' from GNU binutils and a full rebuild may help." fi - if test "$build_old_libs" = no; then + if test no = "$build_old_libs"; then build_libtool_libs=module build_old_libs=yes else @@ -6990,11 +8436,11 @@ func_mode_link () fi fi # link shared/static library? - if test "$linkmode" = lib; then + if test lib = "$linkmode"; then if test -n "$dependency_libs" && - { test "$hardcode_into_libs" != yes || - test "$build_old_libs" = yes || - test "$link_static" = yes; }; then + { test yes != "$hardcode_into_libs" || + test yes = "$build_old_libs" || + test yes = "$link_static"; }; then # Extract -R from dependency_libs temp_deplibs= for libdir in $dependency_libs; do @@ -7008,12 +8454,12 @@ func_mode_link () *) func_append temp_deplibs " $libdir";; esac done - dependency_libs="$temp_deplibs" + dependency_libs=$temp_deplibs fi func_append newlib_search_path " $absdir" # Link against this library - test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs" + test no = "$link_static" && newdependency_libs="$abs_ladir/$laname $newdependency_libs" # ... and its dependency_libs tmp_libs= for deplib in $dependency_libs; do @@ -7023,7 +8469,7 @@ func_mode_link () func_resolve_sysroot "$func_stripname_result";; *) func_resolve_sysroot "$deplib" ;; esac - if $opt_preserve_dup_deps ; then + if $opt_preserve_dup_deps; then case "$tmp_libs " in *" $func_resolve_sysroot_result "*) func_append specialdeplibs " $func_resolve_sysroot_result" ;; @@ -7032,12 +8478,12 @@ func_mode_link () func_append tmp_libs " $func_resolve_sysroot_result" done - if test "$link_all_deplibs" != no; then + if test no != "$link_all_deplibs"; then # Add the search paths of all dependency libraries for deplib in $dependency_libs; do path= case $deplib in - -L*) path="$deplib" ;; + -L*) path=$deplib ;; *.la) func_resolve_sysroot "$deplib" deplib=$func_resolve_sysroot_result @@ -7045,12 +8491,12 @@ func_mode_link () dir=$func_dirname_result # We need an absolute path. case $dir in - [\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;; + [\\/]* | [A-Za-z]:[\\/]*) absdir=$dir ;; *) absdir=`cd "$dir" && pwd` if test -z "$absdir"; then - func_warning "cannot determine absolute directory name of \`$dir'" - absdir="$dir" + func_warning "cannot determine absolute directory name of '$dir'" + absdir=$dir fi ;; esac @@ -7058,35 +8504,35 @@ func_mode_link () case $host in *-*-darwin*) depdepl= - eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` - if test -n "$deplibrary_names" ; then - for tmp in $deplibrary_names ; do + eval deplibrary_names=`$SED -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` + if test -n "$deplibrary_names"; then + for tmp in $deplibrary_names; do depdepl=$tmp done - if test -f "$absdir/$objdir/$depdepl" ; then - depdepl="$absdir/$objdir/$depdepl" - darwin_install_name=`${OTOOL} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` + if test -f "$absdir/$objdir/$depdepl"; then + depdepl=$absdir/$objdir/$depdepl + darwin_install_name=`$OTOOL -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` if test -z "$darwin_install_name"; then - darwin_install_name=`${OTOOL64} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` + darwin_install_name=`$OTOOL64 -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` fi - func_append compiler_flags " ${wl}-dylib_file ${wl}${darwin_install_name}:${depdepl}" - func_append linker_flags " -dylib_file ${darwin_install_name}:${depdepl}" + func_append compiler_flags " $wl-dylib_file $wl$darwin_install_name:$depdepl" + func_append linker_flags " -dylib_file $darwin_install_name:$depdepl" path= fi fi ;; *) - path="-L$absdir/$objdir" + path=-L$absdir/$objdir ;; esac else - eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` test -z "$libdir" && \ - func_fatal_error "\`$deplib' is not a valid libtool archive" + func_fatal_error "'$deplib' is not a valid libtool archive" test "$absdir" != "$libdir" && \ - func_warning "\`$deplib' seems to be moved" + func_warning "'$deplib' seems to be moved" - path="-L$absdir" + path=-L$absdir fi ;; esac @@ -7098,23 +8544,23 @@ func_mode_link () fi # link_all_deplibs != no fi # linkmode = lib done # for deplib in $libs - if test "$pass" = link; then - if test "$linkmode" = "prog"; then + if test link = "$pass"; then + if test prog = "$linkmode"; then compile_deplibs="$new_inherited_linker_flags $compile_deplibs" finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs" else compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` fi fi - dependency_libs="$newdependency_libs" - if test "$pass" = dlpreopen; then + dependency_libs=$newdependency_libs + if test dlpreopen = "$pass"; then # Link the dlpreopened libraries before other libraries for deplib in $save_deplibs; do deplibs="$deplib $deplibs" done fi - if test "$pass" != dlopen; then - if test "$pass" != conv; then + if test dlopen != "$pass"; then + test conv = "$pass" || { # Make sure lib_search_path contains only unique directories. lib_search_path= for dir in $newlib_search_path; do @@ -7124,12 +8570,12 @@ func_mode_link () esac done newlib_search_path= - fi + } - if test "$linkmode,$pass" != "prog,link"; then - vars="deplibs" - else + if test prog,link = "$linkmode,$pass"; then vars="compile_deplibs finalize_deplibs" + else + vars=deplibs fi for var in $vars dependency_libs; do # Add libraries to $var in reverse order @@ -7187,62 +8633,93 @@ func_mode_link () eval $var=\"$tmp_libs\" done # for var fi + + # Add Sun CC postdeps if required: + test CXX = "$tagname" && { + case $host_os in + linux*) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) # Sun C++ 5.9 + func_suncc_cstd_abi + + if test no != "$suncc_use_cstd_abi"; then + func_append postdeps ' -library=Cstd -library=Crun' + fi + ;; + esac + ;; + + solaris*) + func_cc_basename "$CC" + case $func_cc_basename_result in + CC* | sunCC*) + func_suncc_cstd_abi + + if test no != "$suncc_use_cstd_abi"; then + func_append postdeps ' -library=Cstd -library=Crun' + fi + ;; + esac + ;; + esac + } + # Last step: remove runtime libs from dependency_libs # (they stay in deplibs) tmp_libs= - for i in $dependency_libs ; do + for i in $dependency_libs; do case " $predeps $postdeps $compiler_lib_search_path " in *" $i "*) - i="" + i= ;; esac - if test -n "$i" ; then + if test -n "$i"; then func_append tmp_libs " $i" fi done dependency_libs=$tmp_libs done # for pass - if test "$linkmode" = prog; then - dlfiles="$newdlfiles" + if test prog = "$linkmode"; then + dlfiles=$newdlfiles fi - if test "$linkmode" = prog || test "$linkmode" = lib; then - dlprefiles="$newdlprefiles" + if test prog = "$linkmode" || test lib = "$linkmode"; then + dlprefiles=$newdlprefiles fi case $linkmode in oldlib) - if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then - func_warning "\`-dlopen' is ignored for archives" + if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then + func_warning "'-dlopen' is ignored for archives" fi case " $deplibs" in *\ -l* | *\ -L*) - func_warning "\`-l' and \`-L' are ignored for archives" ;; + func_warning "'-l' and '-L' are ignored for archives" ;; esac test -n "$rpath" && \ - func_warning "\`-rpath' is ignored for archives" + func_warning "'-rpath' is ignored for archives" test -n "$xrpath" && \ - func_warning "\`-R' is ignored for archives" + func_warning "'-R' is ignored for archives" test -n "$vinfo" && \ - func_warning "\`-version-info/-version-number' is ignored for archives" + func_warning "'-version-info/-version-number' is ignored for archives" test -n "$release" && \ - func_warning "\`-release' is ignored for archives" + func_warning "'-release' is ignored for archives" test -n "$export_symbols$export_symbols_regex" && \ - func_warning "\`-export-symbols' is ignored for archives" + func_warning "'-export-symbols' is ignored for archives" # Now set the variables for building old libraries. build_libtool_libs=no - oldlibs="$output" + oldlibs=$output func_append objs "$old_deplibs" ;; lib) - # Make sure we only generate libraries of the form `libNAME.la'. + # Make sure we only generate libraries of the form 'libNAME.la'. case $outputname in lib*) func_stripname 'lib' '.la' "$outputname" @@ -7251,10 +8728,10 @@ func_mode_link () eval libname=\"$libname_spec\" ;; *) - test "$module" = no && \ - func_fatal_help "libtool library \`$output' must begin with \`lib'" + test no = "$module" \ + && func_fatal_help "libtool library '$output' must begin with 'lib'" - if test "$need_lib_prefix" != no; then + if test no != "$need_lib_prefix"; then # Add the "lib" prefix for modules if required func_stripname '' '.la' "$outputname" name=$func_stripname_result @@ -7268,8 +8745,8 @@ func_mode_link () esac if test -n "$objs"; then - if test "$deplibs_check_method" != pass_all; then - func_fatal_error "cannot build libtool library \`$output' from non-libtool objects on this host:$objs" + if test pass_all != "$deplibs_check_method"; then + func_fatal_error "cannot build libtool library '$output' from non-libtool objects on this host:$objs" else echo $ECHO "*** Warning: Linking the shared library $output against the non-libtool" @@ -7278,21 +8755,21 @@ func_mode_link () fi fi - test "$dlself" != no && \ - func_warning "\`-dlopen self' is ignored for libtool libraries" + test no = "$dlself" \ + || func_warning "'-dlopen self' is ignored for libtool libraries" set dummy $rpath shift - test "$#" -gt 1 && \ - func_warning "ignoring multiple \`-rpath's for a libtool library" + test 1 -lt "$#" \ + && func_warning "ignoring multiple '-rpath's for a libtool library" - install_libdir="$1" + install_libdir=$1 oldlibs= if test -z "$rpath"; then - if test "$build_libtool_libs" = yes; then + if test yes = "$build_libtool_libs"; then # Building a libtool convenience library. - # Some compilers have problems with a `.al' extension so + # Some compilers have problems with a '.al' extension so # convenience libraries should have the same extension an # archive normally would. oldlibs="$output_objdir/$libname.$libext $oldlibs" @@ -7301,20 +8778,20 @@ func_mode_link () fi test -n "$vinfo" && \ - func_warning "\`-version-info/-version-number' is ignored for convenience libraries" + func_warning "'-version-info/-version-number' is ignored for convenience libraries" test -n "$release" && \ - func_warning "\`-release' is ignored for convenience libraries" + func_warning "'-release' is ignored for convenience libraries" else # Parse the version information argument. - save_ifs="$IFS"; IFS=':' + save_ifs=$IFS; IFS=: set dummy $vinfo 0 0 0 shift - IFS="$save_ifs" + IFS=$save_ifs test -n "$7" && \ - func_fatal_help "too many parameters to \`-version-info'" + func_fatal_help "too many parameters to '-version-info'" # convert absolute version numbers to libtool ages # this retains compatibility with .la files and attempts @@ -7322,45 +8799,45 @@ func_mode_link () case $vinfo_number in yes) - number_major="$1" - number_minor="$2" - number_revision="$3" + number_major=$1 + number_minor=$2 + number_revision=$3 # # There are really only two kinds -- those that # use the current revision as the major version # and those that subtract age and use age as # a minor version. But, then there is irix - # which has an extra 1 added just for fun + # that has an extra 1 added just for fun # case $version_type in # correct linux to gnu/linux during the next big refactor - darwin|linux|osf|windows|none) + darwin|freebsd-elf|linux|osf|windows|none) func_arith $number_major + $number_minor current=$func_arith_result - age="$number_minor" - revision="$number_revision" + age=$number_minor + revision=$number_revision ;; - freebsd-aout|freebsd-elf|qnx|sunos) - current="$number_major" - revision="$number_minor" - age="0" + freebsd-aout|qnx|sunos) + current=$number_major + revision=$number_minor + age=0 ;; irix|nonstopux) func_arith $number_major + $number_minor current=$func_arith_result - age="$number_minor" - revision="$number_minor" + age=$number_minor + revision=$number_minor lt_irix_increment=no ;; *) - func_fatal_configuration "$modename: unknown library version type \`$version_type'" + func_fatal_configuration "$modename: unknown library version type '$version_type'" ;; esac ;; no) - current="$1" - revision="$2" - age="$3" + current=$1 + revision=$2 + age=$3 ;; esac @@ -7368,30 +8845,30 @@ func_mode_link () case $current in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) - func_error "CURRENT \`$current' must be a nonnegative integer" - func_fatal_error "\`$vinfo' is not valid version information" + func_error "CURRENT '$current' must be a nonnegative integer" + func_fatal_error "'$vinfo' is not valid version information" ;; esac case $revision in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) - func_error "REVISION \`$revision' must be a nonnegative integer" - func_fatal_error "\`$vinfo' is not valid version information" + func_error "REVISION '$revision' must be a nonnegative integer" + func_fatal_error "'$vinfo' is not valid version information" ;; esac case $age in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) - func_error "AGE \`$age' must be a nonnegative integer" - func_fatal_error "\`$vinfo' is not valid version information" + func_error "AGE '$age' must be a nonnegative integer" + func_fatal_error "'$vinfo' is not valid version information" ;; esac if test "$age" -gt "$current"; then - func_error "AGE \`$age' is greater than the current interface number \`$current'" - func_fatal_error "\`$vinfo' is not valid version information" + func_error "AGE '$age' is greater than the current interface number '$current'" + func_fatal_error "'$vinfo' is not valid version information" fi # Calculate the version variables. @@ -7406,26 +8883,36 @@ func_mode_link () # verstring for coding it into the library header func_arith $current - $age major=.$func_arith_result - versuffix="$major.$age.$revision" + versuffix=$major.$age.$revision # Darwin ld doesn't like 0 for these options... func_arith $current + 1 minor_current=$func_arith_result - xlcverstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision" + xlcverstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision" verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" + # On Darwin other compilers + case $CC in + nagfor*) + verstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision" + ;; + *) + verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" + ;; + esac ;; freebsd-aout) - major=".$current" - versuffix=".$current.$revision"; + major=.$current + versuffix=.$current.$revision ;; freebsd-elf) - major=".$current" - versuffix=".$current" + func_arith $current - $age + major=.$func_arith_result + versuffix=$major.$age.$revision ;; irix | nonstopux) - if test "X$lt_irix_increment" = "Xno"; then + if test no = "$lt_irix_increment"; then func_arith $current - $age else func_arith $current - $age + 1 @@ -7436,69 +8923,74 @@ func_mode_link () nonstopux) verstring_prefix=nonstopux ;; *) verstring_prefix=sgi ;; esac - verstring="$verstring_prefix$major.$revision" + verstring=$verstring_prefix$major.$revision # Add in all the interfaces that we are compatible with. loop=$revision - while test "$loop" -ne 0; do + while test 0 -ne "$loop"; do func_arith $revision - $loop iface=$func_arith_result func_arith $loop - 1 loop=$func_arith_result - verstring="$verstring_prefix$major.$iface:$verstring" + verstring=$verstring_prefix$major.$iface:$verstring done - # Before this point, $major must not contain `.'. + # Before this point, $major must not contain '.'. major=.$major - versuffix="$major.$revision" + versuffix=$major.$revision ;; linux) # correct to gnu/linux during the next big refactor func_arith $current - $age major=.$func_arith_result - versuffix="$major.$age.$revision" + versuffix=$major.$age.$revision ;; osf) func_arith $current - $age major=.$func_arith_result - versuffix=".$current.$age.$revision" - verstring="$current.$age.$revision" + versuffix=.$current.$age.$revision + verstring=$current.$age.$revision # Add in all the interfaces that we are compatible with. loop=$age - while test "$loop" -ne 0; do + while test 0 -ne "$loop"; do func_arith $current - $loop iface=$func_arith_result func_arith $loop - 1 loop=$func_arith_result - verstring="$verstring:${iface}.0" + verstring=$verstring:$iface.0 done # Make executables depend on our current version. - func_append verstring ":${current}.0" + func_append verstring ":$current.0" ;; qnx) - major=".$current" - versuffix=".$current" + major=.$current + versuffix=.$current + ;; + + sco) + major=.$current + versuffix=.$current ;; sunos) - major=".$current" - versuffix=".$current.$revision" + major=.$current + versuffix=.$current.$revision ;; windows) # Use '-' rather than '.', since we only want one - # extension on DOS 8.3 filesystems. + # extension on DOS 8.3 file systems. func_arith $current - $age major=$func_arith_result - versuffix="-$major" + versuffix=-$major ;; *) - func_fatal_configuration "unknown library version type \`$version_type'" + func_fatal_configuration "unknown library version type '$version_type'" ;; esac @@ -7512,42 +9004,45 @@ func_mode_link () verstring= ;; *) - verstring="0.0" + verstring=0.0 ;; esac - if test "$need_version" = no; then + if test no = "$need_version"; then versuffix= else - versuffix=".0.0" + versuffix=.0.0 fi fi # Remove version info from name if versioning should be avoided - if test "$avoid_version" = yes && test "$need_version" = no; then + if test yes,no = "$avoid_version,$need_version"; then major= versuffix= - verstring="" + verstring= fi # Check to see if the archive will have undefined symbols. - if test "$allow_undefined" = yes; then - if test "$allow_undefined_flag" = unsupported; then - func_warning "undefined symbols not allowed in $host shared libraries" - build_libtool_libs=no - build_old_libs=yes + if test yes = "$allow_undefined"; then + if test unsupported = "$allow_undefined_flag"; then + if test yes = "$build_old_libs"; then + func_warning "undefined symbols not allowed in $host shared libraries; building static only" + build_libtool_libs=no + else + func_fatal_error "can't build $host shared library unless -no-undefined is specified" + fi fi else # Don't allow undefined symbols. - allow_undefined_flag="$no_undefined_flag" + allow_undefined_flag=$no_undefined_flag fi fi - func_generate_dlsyms "$libname" "$libname" "yes" + func_generate_dlsyms "$libname" "$libname" : func_append libobjs " $symfileobj" - test "X$libobjs" = "X " && libobjs= + test " " = "$libobjs" && libobjs= - if test "$opt_mode" != relink; then + if test relink != "$opt_mode"; then # Remove our outputs, but don't remove object files since they # may have been created when compiling PIC objects. removelist= @@ -7556,8 +9051,8 @@ func_mode_link () case $p in *.$objext | *.gcno) ;; - $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*) - if test "X$precious_files_regex" != "X"; then + $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/$libname$release.*) + if test -n "$precious_files_regex"; then if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1 then continue @@ -7573,11 +9068,11 @@ func_mode_link () fi # Now set the variables for building old libraries. - if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then + if test yes = "$build_old_libs" && test convenience != "$build_libtool_libs"; then func_append oldlibs " $output_objdir/$libname.$libext" # Transform .lo files to .o files. - oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; $lo2o" | $NL2SP` + oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; $lo2o" | $NL2SP` fi # Eliminate all temporary directories. @@ -7598,13 +9093,13 @@ func_mode_link () *) func_append finalize_rpath " $libdir" ;; esac done - if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then + if test yes != "$hardcode_into_libs" || test yes = "$build_old_libs"; then dependency_libs="$temp_xrpath $dependency_libs" fi fi # Make sure dlfiles contains only unique files that won't be dlpreopened - old_dlfiles="$dlfiles" + old_dlfiles=$dlfiles dlfiles= for lib in $old_dlfiles; do case " $dlprefiles $dlfiles " in @@ -7614,7 +9109,7 @@ func_mode_link () done # Make sure dlprefiles contains only unique files - old_dlprefiles="$dlprefiles" + old_dlprefiles=$dlprefiles dlprefiles= for lib in $old_dlprefiles; do case "$dlprefiles " in @@ -7623,7 +9118,7 @@ func_mode_link () esac done - if test "$build_libtool_libs" = yes; then + if test yes = "$build_libtool_libs"; then if test -n "$rpath"; then case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*) @@ -7647,7 +9142,7 @@ func_mode_link () ;; *) # Add libc to deplibs on all other systems if necessary. - if test "$build_libtool_need_lc" = "yes"; then + if test yes = "$build_libtool_need_lc"; then func_append deplibs " -lc" fi ;; @@ -7663,9 +9158,9 @@ func_mode_link () # I'm not sure if I'm treating the release correctly. I think # release should show up in the -l (ie -lgmp5) so we don't want to # add it in twice. Is that correct? - release="" - versuffix="" - major="" + release= + versuffix= + major= newdeplibs= droppeddeps=no case $deplibs_check_method in @@ -7694,20 +9189,20 @@ EOF -l*) func_stripname -l '' "$i" name=$func_stripname_result - if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + if test yes = "$allow_libtool_libs_with_static_runtimes"; then case " $predeps $postdeps " in *" $i "*) func_append newdeplibs " $i" - i="" + i= ;; esac fi - if test -n "$i" ; then + if test -n "$i"; then libname=`eval "\\$ECHO \"$libname_spec\""` deplib_matches=`eval "\\$ECHO \"$library_names_spec\""` set dummy $deplib_matches; shift deplib_match=$1 - if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then + if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0; then func_append newdeplibs " $i" else droppeddeps=yes @@ -7737,20 +9232,20 @@ EOF $opt_dry_run || $RM conftest if $LTCC $LTCFLAGS -o conftest conftest.c $i; then ldd_output=`ldd conftest` - if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + if test yes = "$allow_libtool_libs_with_static_runtimes"; then case " $predeps $postdeps " in *" $i "*) func_append newdeplibs " $i" - i="" + i= ;; esac fi - if test -n "$i" ; then + if test -n "$i"; then libname=`eval "\\$ECHO \"$libname_spec\""` deplib_matches=`eval "\\$ECHO \"$library_names_spec\""` set dummy $deplib_matches; shift deplib_match=$1 - if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then + if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0; then func_append newdeplibs " $i" else droppeddeps=yes @@ -7787,24 +9282,24 @@ EOF -l*) func_stripname -l '' "$a_deplib" name=$func_stripname_result - if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + if test yes = "$allow_libtool_libs_with_static_runtimes"; then case " $predeps $postdeps " in *" $a_deplib "*) func_append newdeplibs " $a_deplib" - a_deplib="" + a_deplib= ;; esac fi - if test -n "$a_deplib" ; then + if test -n "$a_deplib"; then libname=`eval "\\$ECHO \"$libname_spec\""` if test -n "$file_magic_glob"; then libnameglob=`func_echo_all "$libname" | $SED -e $file_magic_glob` else libnameglob=$libname fi - test "$want_nocaseglob" = yes && nocaseglob=`shopt -p nocaseglob` + test yes = "$want_nocaseglob" && nocaseglob=`shopt -p nocaseglob` for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do - if test "$want_nocaseglob" = yes; then + if test yes = "$want_nocaseglob"; then shopt -s nocaseglob potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null` $nocaseglob @@ -7822,25 +9317,25 @@ EOF # We might still enter an endless loop, since a link # loop can be closed while we follow links, # but so what? - potlib="$potent_lib" + potlib=$potent_lib while test -h "$potlib" 2>/dev/null; do - potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'` + potliblink=`ls -ld $potlib | $SED 's/.* -> //'` case $potliblink in - [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";; - *) potlib=`$ECHO "$potlib" | $SED 's,[^/]*$,,'`"$potliblink";; + [\\/]* | [A-Za-z]:[\\/]*) potlib=$potliblink;; + *) potlib=`$ECHO "$potlib" | $SED 's|[^/]*$||'`"$potliblink";; esac done if eval $file_magic_cmd \"\$potlib\" 2>/dev/null | $SED -e 10q | $EGREP "$file_magic_regex" > /dev/null; then func_append newdeplibs " $a_deplib" - a_deplib="" + a_deplib= break 2 fi done done fi - if test -n "$a_deplib" ; then + if test -n "$a_deplib"; then droppeddeps=yes echo $ECHO "*** Warning: linker path does not have real file for library $a_deplib." @@ -7848,7 +9343,7 @@ EOF echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have" echo "*** because I did check the linker path looking for a file starting" - if test -z "$potlib" ; then + if test -z "$potlib"; then $ECHO "*** with $libname but no candidates were found. (...for file magic test)" else $ECHO "*** with $libname and none of the candidates passed a file format test" @@ -7871,30 +9366,30 @@ EOF -l*) func_stripname -l '' "$a_deplib" name=$func_stripname_result - if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + if test yes = "$allow_libtool_libs_with_static_runtimes"; then case " $predeps $postdeps " in *" $a_deplib "*) func_append newdeplibs " $a_deplib" - a_deplib="" + a_deplib= ;; esac fi - if test -n "$a_deplib" ; then + if test -n "$a_deplib"; then libname=`eval "\\$ECHO \"$libname_spec\""` for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do potential_libs=`ls $i/$libname[.-]* 2>/dev/null` for potent_lib in $potential_libs; do - potlib="$potent_lib" # see symlink-check above in file_magic test + potlib=$potent_lib # see symlink-check above in file_magic test if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \ $EGREP "$match_pattern_regex" > /dev/null; then func_append newdeplibs " $a_deplib" - a_deplib="" + a_deplib= break 2 fi done done fi - if test -n "$a_deplib" ; then + if test -n "$a_deplib"; then droppeddeps=yes echo $ECHO "*** Warning: linker path does not have real file for library $a_deplib." @@ -7902,7 +9397,7 @@ EOF echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have" echo "*** because I did check the linker path looking for a file starting" - if test -z "$potlib" ; then + if test -z "$potlib"; then $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)" else $ECHO "*** with $libname and none of the candidates passed a file format test" @@ -7918,18 +9413,18 @@ EOF done # Gone through all deplibs. ;; none | unknown | *) - newdeplibs="" + newdeplibs= tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'` - if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then - for i in $predeps $postdeps ; do + if test yes = "$allow_libtool_libs_with_static_runtimes"; then + for i in $predeps $postdeps; do # can't use Xsed below, because $i might contain '/' - tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s,$i,,"` + tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s|$i||"` done fi case $tmp_deplibs in *[!\ \ ]*) echo - if test "X$deplibs_check_method" = "Xnone"; then + if test none = "$deplibs_check_method"; then echo "*** Warning: inter-library dependencies are not supported in this platform." else echo "*** Warning: inter-library dependencies are not known to be supported." @@ -7953,8 +9448,8 @@ EOF ;; esac - if test "$droppeddeps" = yes; then - if test "$module" = yes; then + if test yes = "$droppeddeps"; then + if test yes = "$module"; then echo echo "*** Warning: libtool could not satisfy all declared inter-library" $ECHO "*** dependencies of module $libname. Therefore, libtool will create" @@ -7963,12 +9458,12 @@ EOF if test -z "$global_symbol_pipe"; then echo echo "*** However, this would only work if libtool was able to extract symbol" - echo "*** lists from a program, using \`nm' or equivalent, but libtool could" + echo "*** lists from a program, using 'nm' or equivalent, but libtool could" echo "*** not find such a program. So, this module is probably useless." - echo "*** \`nm' from GNU binutils and a full rebuild may help." + echo "*** 'nm' from GNU binutils and a full rebuild may help." fi - if test "$build_old_libs" = no; then - oldlibs="$output_objdir/$libname.$libext" + if test no = "$build_old_libs"; then + oldlibs=$output_objdir/$libname.$libext build_libtool_libs=module build_old_libs=yes else @@ -7979,14 +9474,14 @@ EOF echo "*** automatically added whenever a program is linked with this library" echo "*** or is declared to -dlopen it." - if test "$allow_undefined" = no; then + if test no = "$allow_undefined"; then echo echo "*** Since this library must not contain undefined symbols," echo "*** because either the platform does not support them or" echo "*** it was explicitly requested with -no-undefined," echo "*** libtool will only create a static version of it." - if test "$build_old_libs" = no; then - oldlibs="$output_objdir/$libname.$libext" + if test no = "$build_old_libs"; then + oldlibs=$output_objdir/$libname.$libext build_libtool_libs=module build_old_libs=yes else @@ -8032,7 +9527,7 @@ EOF *) func_append new_libs " $deplib" ;; esac done - deplibs="$new_libs" + deplibs=$new_libs # All the library-specific variables (install_libdir is set above). library_names= @@ -8040,25 +9535,25 @@ EOF dlname= # Test again, we may have decided not to build it any more - if test "$build_libtool_libs" = yes; then - # Remove ${wl} instances when linking with ld. + if test yes = "$build_libtool_libs"; then + # Remove $wl instances when linking with ld. # FIXME: should test the right _cmds variable. case $archive_cmds in *\$LD\ *) wl= ;; esac - if test "$hardcode_into_libs" = yes; then + if test yes = "$hardcode_into_libs"; then # Hardcode the library paths hardcode_libdirs= dep_rpath= - rpath="$finalize_rpath" - test "$opt_mode" != relink && rpath="$compile_rpath$rpath" + rpath=$finalize_rpath + test relink = "$opt_mode" || rpath=$compile_rpath$rpath for libdir in $rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then func_replace_sysroot "$libdir" libdir=$func_replace_sysroot_result if test -z "$hardcode_libdirs"; then - hardcode_libdirs="$libdir" + hardcode_libdirs=$libdir else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in @@ -8083,7 +9578,7 @@ EOF # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then - libdir="$hardcode_libdirs" + libdir=$hardcode_libdirs eval "dep_rpath=\"$hardcode_libdir_flag_spec\"" fi if test -n "$runpath_var" && test -n "$perm_rpath"; then @@ -8097,8 +9592,8 @@ EOF test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs" fi - shlibpath="$finalize_shlibpath" - test "$opt_mode" != relink && shlibpath="$compile_shlibpath$shlibpath" + shlibpath=$finalize_shlibpath + test relink = "$opt_mode" || shlibpath=$compile_shlibpath$shlibpath if test -n "$shlibpath"; then eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var" fi @@ -8108,19 +9603,19 @@ EOF eval library_names=\"$library_names_spec\" set dummy $library_names shift - realname="$1" + realname=$1 shift if test -n "$soname_spec"; then eval soname=\"$soname_spec\" else - soname="$realname" + soname=$realname fi if test -z "$dlname"; then dlname=$soname fi - lib="$output_objdir/$realname" + lib=$output_objdir/$realname linknames= for link do @@ -8134,7 +9629,7 @@ EOF delfiles= if test -n "$export_symbols" && test -n "$include_expsyms"; then $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp" - export_symbols="$output_objdir/$libname.uexp" + export_symbols=$output_objdir/$libname.uexp func_append delfiles " $export_symbols" fi @@ -8143,31 +9638,31 @@ EOF cygwin* | mingw* | cegcc*) if test -n "$export_symbols" && test -z "$export_symbols_regex"; then # exporting using user supplied symfile - if test "x`$SED 1q $export_symbols`" != xEXPORTS; then + func_dll_def_p "$export_symbols" || { # and it's NOT already a .def file. Must figure out # which of the given symbols are data symbols and tag # them as such. So, trigger use of export_symbols_cmds. # export_symbols gets reassigned inside the "prepare # the list of exported symbols" if statement, so the # include_expsyms logic still works. - orig_export_symbols="$export_symbols" + orig_export_symbols=$export_symbols export_symbols= always_export_symbols=yes - fi + } fi ;; esac # Prepare the list of exported symbols if test -z "$export_symbols"; then - if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then - func_verbose "generating symbol list for \`$libname.la'" - export_symbols="$output_objdir/$libname.exp" + if test yes = "$always_export_symbols" || test -n "$export_symbols_regex"; then + func_verbose "generating symbol list for '$libname.la'" + export_symbols=$output_objdir/$libname.exp $opt_dry_run || $RM $export_symbols cmds=$export_symbols_cmds - save_ifs="$IFS"; IFS='~' + save_ifs=$IFS; IFS='~' for cmd1 in $cmds; do - IFS="$save_ifs" + IFS=$save_ifs # Take the normal branch if the nm_file_list_spec branch # doesn't work or if tool conversion is not needed. case $nm_file_list_spec~$to_tool_file_cmd in @@ -8181,7 +9676,7 @@ EOF try_normal_branch=no ;; esac - if test "$try_normal_branch" = yes \ + if test yes = "$try_normal_branch" \ && { test "$len" -lt "$max_cmd_len" \ || test "$max_cmd_len" -le -1; } then @@ -8192,7 +9687,7 @@ EOF output_la=$func_basename_result save_libobjs=$libobjs save_output=$output - output=${output_objdir}/${output_la}.nm + output=$output_objdir/$output_la.nm func_to_tool_file "$output" libobjs=$nm_file_list_spec$func_to_tool_file_result func_append delfiles " $output" @@ -8215,8 +9710,8 @@ EOF break fi done - IFS="$save_ifs" - if test -n "$export_symbols_regex" && test "X$skipped_export" != "X:"; then + IFS=$save_ifs + if test -n "$export_symbols_regex" && test : != "$skipped_export"; then func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' func_show_eval '$MV "${export_symbols}T" "$export_symbols"' fi @@ -8224,16 +9719,16 @@ EOF fi if test -n "$export_symbols" && test -n "$include_expsyms"; then - tmp_export_symbols="$export_symbols" - test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" + tmp_export_symbols=$export_symbols + test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' fi - if test "X$skipped_export" != "X:" && test -n "$orig_export_symbols"; then + if test : != "$skipped_export" && test -n "$orig_export_symbols"; then # The given exports_symbols file has to be filtered, so filter it. - func_verbose "filter symbol list for \`$libname.la' to tag DATA exports" + func_verbose "filter symbol list for '$libname.la' to tag DATA exports" # FIXME: $output_objdir/$libname.filter potentially contains lots of - # 's' commands which not all seds can handle. GNU sed should be fine + # 's' commands, which not all seds can handle. GNU sed should be fine # though. Also, the filter scales superlinearly with the number of # global variables. join(1) would be nice here, but unfortunately # isn't a blessed tool. @@ -8252,11 +9747,11 @@ EOF ;; esac done - deplibs="$tmp_deplibs" + deplibs=$tmp_deplibs if test -n "$convenience"; then if test -n "$whole_archive_flag_spec" && - test "$compiler_needs_object" = yes && + test yes = "$compiler_needs_object" && test -z "$libobjs"; then # extract the archives, so we have objects to list. # TODO: could optimize this to just extract one archive. @@ -8267,7 +9762,7 @@ EOF eval libobjs=\"\$libobjs $whole_archive_flag_spec\" test "X$libobjs" = "X " && libobjs= else - gentop="$output_objdir/${outputname}x" + gentop=$output_objdir/${outputname}x func_append generated " $gentop" func_extract_archives $gentop $convenience @@ -8276,18 +9771,18 @@ EOF fi fi - if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then + if test yes = "$thread_safe" && test -n "$thread_safe_flag_spec"; then eval flag=\"$thread_safe_flag_spec\" func_append linker_flags " $flag" fi # Make a backup of the uninstalled library when relinking - if test "$opt_mode" = relink; then + if test relink = "$opt_mode"; then $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $? fi # Do each of the archive commands. - if test "$module" = yes && test -n "$module_cmds" ; then + if test yes = "$module" && test -n "$module_cmds"; then if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then eval test_cmds=\"$module_expsym_cmds\" cmds=$module_expsym_cmds @@ -8305,7 +9800,7 @@ EOF fi fi - if test "X$skipped_export" != "X:" && + if test : != "$skipped_export" && func_len " $test_cmds" && len=$func_len_result && test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then @@ -8338,8 +9833,8 @@ EOF last_robj= k=1 - if test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "$with_gnu_ld" = yes; then - output=${output_objdir}/${output_la}.lnkscript + if test -n "$save_libobjs" && test : != "$skipped_export" && test yes = "$with_gnu_ld"; then + output=$output_objdir/$output_la.lnkscript func_verbose "creating GNU ld script: $output" echo 'INPUT (' > $output for obj in $save_libobjs @@ -8351,14 +9846,14 @@ EOF func_append delfiles " $output" func_to_tool_file "$output" output=$func_to_tool_file_result - elif test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "X$file_list_spec" != X; then - output=${output_objdir}/${output_la}.lnk + elif test -n "$save_libobjs" && test : != "$skipped_export" && test -n "$file_list_spec"; then + output=$output_objdir/$output_la.lnk func_verbose "creating linker input file list: $output" : > $output set x $save_libobjs shift firstobj= - if test "$compiler_needs_object" = yes; then + if test yes = "$compiler_needs_object"; then firstobj="$1 " shift fi @@ -8373,7 +9868,7 @@ EOF else if test -n "$save_libobjs"; then func_verbose "creating reloadable object files..." - output=$output_objdir/$output_la-${k}.$objext + output=$output_objdir/$output_la-$k.$objext eval test_cmds=\"$reload_cmds\" func_len " $test_cmds" len0=$func_len_result @@ -8385,13 +9880,13 @@ EOF func_len " $obj" func_arith $len + $func_len_result len=$func_arith_result - if test "X$objlist" = X || + if test -z "$objlist" || test "$len" -lt "$max_cmd_len"; then func_append objlist " $obj" else # The command $test_cmds is almost too long, add a # command to the queue. - if test "$k" -eq 1 ; then + if test 1 -eq "$k"; then # The first file doesn't have a previous command to add. reload_objs=$objlist eval concat_cmds=\"$reload_cmds\" @@ -8401,10 +9896,10 @@ EOF reload_objs="$objlist $last_robj" eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\" fi - last_robj=$output_objdir/$output_la-${k}.$objext + last_robj=$output_objdir/$output_la-$k.$objext func_arith $k + 1 k=$func_arith_result - output=$output_objdir/$output_la-${k}.$objext + output=$output_objdir/$output_la-$k.$objext objlist=" $obj" func_len " $last_robj" func_arith $len0 + $func_len_result @@ -8416,9 +9911,9 @@ EOF # files will link in the last one created. test -z "$concat_cmds" || concat_cmds=$concat_cmds~ reload_objs="$objlist $last_robj" - eval concat_cmds=\"\${concat_cmds}$reload_cmds\" + eval concat_cmds=\"\$concat_cmds$reload_cmds\" if test -n "$last_robj"; then - eval concat_cmds=\"\${concat_cmds}~\$RM $last_robj\" + eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" fi func_append delfiles " $output" @@ -8426,9 +9921,9 @@ EOF output= fi - if ${skipped_export-false}; then - func_verbose "generating symbol list for \`$libname.la'" - export_symbols="$output_objdir/$libname.exp" + ${skipped_export-false} && { + func_verbose "generating symbol list for '$libname.la'" + export_symbols=$output_objdir/$libname.exp $opt_dry_run || $RM $export_symbols libobjs=$output # Append the command to create the export file. @@ -8437,16 +9932,16 @@ EOF if test -n "$last_robj"; then eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" fi - fi + } test -n "$save_libobjs" && func_verbose "creating a temporary reloadable object file: $output" # Loop through the commands generated above and execute them. - save_ifs="$IFS"; IFS='~' + save_ifs=$IFS; IFS='~' for cmd in $concat_cmds; do - IFS="$save_ifs" - $opt_silent || { + IFS=$save_ifs + $opt_quiet || { func_quote_for_expand "$cmd" eval "func_echo $func_quote_for_expand_result" } @@ -8454,7 +9949,7 @@ EOF lt_exit=$? # Restore the uninstalled library and exit - if test "$opt_mode" = relink; then + if test relink = "$opt_mode"; then ( cd "$output_objdir" && \ $RM "${realname}T" && \ $MV "${realname}U" "$realname" ) @@ -8463,7 +9958,7 @@ EOF exit $lt_exit } done - IFS="$save_ifs" + IFS=$save_ifs if test -n "$export_symbols_regex" && ${skipped_export-false}; then func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' @@ -8471,18 +9966,18 @@ EOF fi fi - if ${skipped_export-false}; then + ${skipped_export-false} && { if test -n "$export_symbols" && test -n "$include_expsyms"; then - tmp_export_symbols="$export_symbols" - test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" + tmp_export_symbols=$export_symbols + test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' fi if test -n "$orig_export_symbols"; then # The given exports_symbols file has to be filtered, so filter it. - func_verbose "filter symbol list for \`$libname.la' to tag DATA exports" + func_verbose "filter symbol list for '$libname.la' to tag DATA exports" # FIXME: $output_objdir/$libname.filter potentially contains lots of - # 's' commands which not all seds can handle. GNU sed should be fine + # 's' commands, which not all seds can handle. GNU sed should be fine # though. Also, the filter scales superlinearly with the number of # global variables. join(1) would be nice here, but unfortunately # isn't a blessed tool. @@ -8491,7 +9986,7 @@ EOF export_symbols=$output_objdir/$libname.def $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols fi - fi + } libobjs=$output # Restore the value of output. @@ -8505,7 +10000,7 @@ EOF # value of $libobjs for piecewise linking. # Do each of the archive commands. - if test "$module" = yes && test -n "$module_cmds" ; then + if test yes = "$module" && test -n "$module_cmds"; then if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then cmds=$module_expsym_cmds else @@ -8527,7 +10022,7 @@ EOF # Add any objects from preloaded convenience libraries if test -n "$dlprefiles"; then - gentop="$output_objdir/${outputname}x" + gentop=$output_objdir/${outputname}x func_append generated " $gentop" func_extract_archives $gentop $dlprefiles @@ -8535,11 +10030,12 @@ EOF test "X$libobjs" = "X " && libobjs= fi - save_ifs="$IFS"; IFS='~' + save_ifs=$IFS; IFS='~' for cmd in $cmds; do - IFS="$save_ifs" + IFS=$sp$nl eval cmd=\"$cmd\" - $opt_silent || { + IFS=$save_ifs + $opt_quiet || { func_quote_for_expand "$cmd" eval "func_echo $func_quote_for_expand_result" } @@ -8547,7 +10043,7 @@ EOF lt_exit=$? # Restore the uninstalled library and exit - if test "$opt_mode" = relink; then + if test relink = "$opt_mode"; then ( cd "$output_objdir" && \ $RM "${realname}T" && \ $MV "${realname}U" "$realname" ) @@ -8556,10 +10052,10 @@ EOF exit $lt_exit } done - IFS="$save_ifs" + IFS=$save_ifs # Restore the uninstalled library and exit - if test "$opt_mode" = relink; then + if test relink = "$opt_mode"; then $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $? if test -n "$convenience"; then @@ -8579,39 +10075,39 @@ EOF done # If -module or -export-dynamic was specified, set the dlname. - if test "$module" = yes || test "$export_dynamic" = yes; then + if test yes = "$module" || test yes = "$export_dynamic"; then # On all known operating systems, these are identical. - dlname="$soname" + dlname=$soname fi fi ;; obj) - if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then - func_warning "\`-dlopen' is ignored for objects" + if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then + func_warning "'-dlopen' is ignored for objects" fi case " $deplibs" in *\ -l* | *\ -L*) - func_warning "\`-l' and \`-L' are ignored for objects" ;; + func_warning "'-l' and '-L' are ignored for objects" ;; esac test -n "$rpath" && \ - func_warning "\`-rpath' is ignored for objects" + func_warning "'-rpath' is ignored for objects" test -n "$xrpath" && \ - func_warning "\`-R' is ignored for objects" + func_warning "'-R' is ignored for objects" test -n "$vinfo" && \ - func_warning "\`-version-info' is ignored for objects" + func_warning "'-version-info' is ignored for objects" test -n "$release" && \ - func_warning "\`-release' is ignored for objects" + func_warning "'-release' is ignored for objects" case $output in *.lo) test -n "$objs$old_deplibs" && \ - func_fatal_error "cannot build library object \`$output' from non-libtool objects" + func_fatal_error "cannot build library object '$output' from non-libtool objects" libobj=$output func_lo2o "$libobj" @@ -8619,7 +10115,7 @@ EOF ;; *) libobj= - obj="$output" + obj=$output ;; esac @@ -8632,17 +10128,19 @@ EOF # the extraction. reload_conv_objs= gentop= - # reload_cmds runs $LD directly, so let us get rid of - # -Wl from whole_archive_flag_spec and hope we can get by with - # turning comma into space.. - wl= - + # if reload_cmds runs $LD directly, get rid of -Wl from + # whole_archive_flag_spec and hope we can get by with turning comma + # into space. + case $reload_cmds in + *\$LD[\ \$]*) wl= ;; + esac if test -n "$convenience"; then if test -n "$whole_archive_flag_spec"; then eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" - reload_conv_objs=$reload_objs\ `$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'` + test -n "$wl" || tmp_whole_archive_flags=`$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'` + reload_conv_objs=$reload_objs\ $tmp_whole_archive_flags else - gentop="$output_objdir/${obj}x" + gentop=$output_objdir/${obj}x func_append generated " $gentop" func_extract_archives $gentop $convenience @@ -8651,12 +10149,12 @@ EOF fi # If we're not building shared, we need to use non_pic_objs - test "$build_libtool_libs" != yes && libobjs="$non_pic_objects" + test yes = "$build_libtool_libs" || libobjs=$non_pic_objects # Create the old-style object. - reload_objs="$objs$old_deplibs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; /\.lib$/d; $lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test + reload_objs=$objs$old_deplibs' '`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; /\.lib$/d; $lo2o" | $NL2SP`' '$reload_conv_objs - output="$obj" + output=$obj func_execute_cmds "$reload_cmds" 'exit $?' # Exit if we aren't doing a library object file. @@ -8668,7 +10166,7 @@ EOF exit $EXIT_SUCCESS fi - if test "$build_libtool_libs" != yes; then + test yes = "$build_libtool_libs" || { if test -n "$gentop"; then func_show_eval '${RM}r "$gentop"' fi @@ -8678,12 +10176,12 @@ EOF # $show "echo timestamp > $libobj" # $opt_dry_run || eval "echo timestamp > $libobj" || exit $? exit $EXIT_SUCCESS - fi + } - if test -n "$pic_flag" || test "$pic_mode" != default; then + if test -n "$pic_flag" || test default != "$pic_mode"; then # Only do commands if we really have different PIC objects. reload_objs="$libobjs $reload_conv_objs" - output="$libobj" + output=$libobj func_execute_cmds "$reload_cmds" 'exit $?' fi @@ -8700,16 +10198,14 @@ EOF output=$func_stripname_result.exe;; esac test -n "$vinfo" && \ - func_warning "\`-version-info' is ignored for programs" + func_warning "'-version-info' is ignored for programs" test -n "$release" && \ - func_warning "\`-release' is ignored for programs" + func_warning "'-release' is ignored for programs" - test "$preload" = yes \ - && test "$dlopen_support" = unknown \ - && test "$dlopen_self" = unknown \ - && test "$dlopen_self_static" = unknown && \ - func_warning "\`LT_INIT([dlopen])' not used. Assuming no dlopen support." + $preload \ + && test unknown,unknown,unknown = "$dlopen_support,$dlopen_self,$dlopen_self_static" \ + && func_warning "'LT_INIT([dlopen])' not used. Assuming no dlopen support." case $host in *-*-rhapsody* | *-*-darwin1.[012]) @@ -8723,11 +10219,11 @@ EOF *-*-darwin*) # Don't allow lazy linking, it breaks C++ global constructors # But is supposedly fixed on 10.4 or later (yay!). - if test "$tagname" = CXX ; then + if test CXX = "$tagname"; then case ${MACOSX_DEPLOYMENT_TARGET-10.0} in 10.[0123]) - func_append compile_command " ${wl}-bind_at_load" - func_append finalize_command " ${wl}-bind_at_load" + func_append compile_command " $wl-bind_at_load" + func_append finalize_command " $wl-bind_at_load" ;; esac fi @@ -8763,7 +10259,7 @@ EOF *) func_append new_libs " $deplib" ;; esac done - compile_deplibs="$new_libs" + compile_deplibs=$new_libs func_append compile_command " $compile_deplibs" @@ -8787,7 +10283,7 @@ EOF if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then if test -z "$hardcode_libdirs"; then - hardcode_libdirs="$libdir" + hardcode_libdirs=$libdir else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in @@ -8810,7 +10306,7 @@ EOF fi case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) - testbindir=`${ECHO} "$libdir" | ${SED} -e 's*/lib$*/bin*'` + testbindir=`$ECHO "$libdir" | $SED -e 's*/lib$*/bin*'` case :$dllsearchpath: in *":$libdir:"*) ;; ::) dllsearchpath=$libdir;; @@ -8827,10 +10323,10 @@ EOF # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then - libdir="$hardcode_libdirs" + libdir=$hardcode_libdirs eval rpath=\" $hardcode_libdir_flag_spec\" fi - compile_rpath="$rpath" + compile_rpath=$rpath rpath= hardcode_libdirs= @@ -8838,7 +10334,7 @@ EOF if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then if test -z "$hardcode_libdirs"; then - hardcode_libdirs="$libdir" + hardcode_libdirs=$libdir else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in @@ -8863,45 +10359,43 @@ EOF # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then - libdir="$hardcode_libdirs" + libdir=$hardcode_libdirs eval rpath=\" $hardcode_libdir_flag_spec\" fi - finalize_rpath="$rpath" + finalize_rpath=$rpath - if test -n "$libobjs" && test "$build_old_libs" = yes; then + if test -n "$libobjs" && test yes = "$build_old_libs"; then # Transform all the library objects into standard objects. compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP` finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP` fi - func_generate_dlsyms "$outputname" "@PROGRAM@" "no" + func_generate_dlsyms "$outputname" "@PROGRAM@" false # template prelinking step if test -n "$prelink_cmds"; then func_execute_cmds "$prelink_cmds" 'exit $?' fi - wrappers_required=yes + wrappers_required=: case $host in *cegcc* | *mingw32ce*) # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway. - wrappers_required=no + wrappers_required=false ;; *cygwin* | *mingw* ) - if test "$build_libtool_libs" != yes; then - wrappers_required=no - fi + test yes = "$build_libtool_libs" || wrappers_required=false ;; *) - if test "$need_relink" = no || test "$build_libtool_libs" != yes; then - wrappers_required=no + if test no = "$need_relink" || test yes != "$build_libtool_libs"; then + wrappers_required=false fi ;; esac - if test "$wrappers_required" = no; then + $wrappers_required || { # Replace the output file specification. compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'` - link_command="$compile_command$compile_rpath" + link_command=$compile_command$compile_rpath # We have no uninstalled library dependencies, so finalize right now. exit_status=0 @@ -8914,12 +10408,12 @@ EOF fi # Delete the generated files. - if test -f "$output_objdir/${outputname}S.${objext}"; then - func_show_eval '$RM "$output_objdir/${outputname}S.${objext}"' + if test -f "$output_objdir/${outputname}S.$objext"; then + func_show_eval '$RM "$output_objdir/${outputname}S.$objext"' fi exit $exit_status - fi + } if test -n "$compile_shlibpath$finalize_shlibpath"; then compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command" @@ -8949,9 +10443,9 @@ EOF fi fi - if test "$no_install" = yes; then + if test yes = "$no_install"; then # We don't need to create a wrapper script. - link_command="$compile_var$compile_command$compile_rpath" + link_command=$compile_var$compile_command$compile_rpath # Replace the output file specification. link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'` # Delete the old output file. @@ -8968,27 +10462,28 @@ EOF exit $EXIT_SUCCESS fi - if test "$hardcode_action" = relink; then - # Fast installation is not supported - link_command="$compile_var$compile_command$compile_rpath" - relink_command="$finalize_var$finalize_command$finalize_rpath" + case $hardcode_action,$fast_install in + relink,*) + # Fast installation is not supported + link_command=$compile_var$compile_command$compile_rpath + relink_command=$finalize_var$finalize_command$finalize_rpath - func_warning "this platform does not like uninstalled shared libraries" - func_warning "\`$output' will be relinked during installation" - else - if test "$fast_install" != no; then - link_command="$finalize_var$compile_command$finalize_rpath" - if test "$fast_install" = yes; then - relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'` - else - # fast_install is set to needless - relink_command= - fi - else - link_command="$compile_var$compile_command$compile_rpath" - relink_command="$finalize_var$finalize_command$finalize_rpath" - fi - fi + func_warning "this platform does not like uninstalled shared libraries" + func_warning "'$output' will be relinked during installation" + ;; + *,yes) + link_command=$finalize_var$compile_command$finalize_rpath + relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'` + ;; + *,no) + link_command=$compile_var$compile_command$compile_rpath + relink_command=$finalize_var$finalize_command$finalize_rpath + ;; + *,needless) + link_command=$finalize_var$compile_command$finalize_rpath + relink_command= + ;; + esac # Replace the output file specification. link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` @@ -9045,8 +10540,8 @@ EOF func_dirname_and_basename "$output" "" "." output_name=$func_basename_result output_path=$func_dirname_result - cwrappersource="$output_path/$objdir/lt-$output_name.c" - cwrapper="$output_path/$output_name.exe" + cwrappersource=$output_path/$objdir/lt-$output_name.c + cwrapper=$output_path/$output_name.exe $RM $cwrappersource $cwrapper trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15 @@ -9067,7 +10562,7 @@ EOF trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15 $opt_dry_run || { # note: this script will not be executed, so do not chmod. - if test "x$build" = "x$host" ; then + if test "x$build" = "x$host"; then $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result else func_emit_wrapper no > $func_ltwrapper_scriptname_result @@ -9090,25 +10585,27 @@ EOF # See if we need to build an old-fashioned archive. for oldlib in $oldlibs; do - if test "$build_libtool_libs" = convenience; then - oldobjs="$libobjs_save $symfileobj" - addlibs="$convenience" - build_libtool_libs=no - else - if test "$build_libtool_libs" = module; then - oldobjs="$libobjs_save" + case $build_libtool_libs in + convenience) + oldobjs="$libobjs_save $symfileobj" + addlibs=$convenience build_libtool_libs=no - else + ;; + module) + oldobjs=$libobjs_save + addlibs=$old_convenience + build_libtool_libs=no + ;; + *) oldobjs="$old_deplibs $non_pic_objects" - if test "$preload" = yes && test -f "$symfileobj"; then - func_append oldobjs " $symfileobj" - fi - fi - addlibs="$old_convenience" - fi + $preload && test -f "$symfileobj" \ + && func_append oldobjs " $symfileobj" + addlibs=$old_convenience + ;; + esac if test -n "$addlibs"; then - gentop="$output_objdir/${outputname}x" + gentop=$output_objdir/${outputname}x func_append generated " $gentop" func_extract_archives $gentop $addlibs @@ -9116,13 +10613,13 @@ EOF fi # Do each command in the archive commands. - if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then + if test -n "$old_archive_from_new_cmds" && test yes = "$build_libtool_libs"; then cmds=$old_archive_from_new_cmds else # Add any objects from preloaded convenience libraries if test -n "$dlprefiles"; then - gentop="$output_objdir/${outputname}x" + gentop=$output_objdir/${outputname}x func_append generated " $gentop" func_extract_archives $gentop $dlprefiles @@ -9143,7 +10640,7 @@ EOF : else echo "copying selected object files to avoid basename conflicts..." - gentop="$output_objdir/${outputname}x" + gentop=$output_objdir/${outputname}x func_append generated " $gentop" func_mkdir_p "$gentop" save_oldobjs=$oldobjs @@ -9152,7 +10649,7 @@ EOF for obj in $save_oldobjs do func_basename "$obj" - objbase="$func_basename_result" + objbase=$func_basename_result case " $oldobjs " in " ") oldobjs=$obj ;; *[\ /]"$objbase "*) @@ -9221,18 +10718,18 @@ EOF else # the above command should be used before it gets too long oldobjs=$objlist - if test "$obj" = "$last_oldobj" ; then + if test "$obj" = "$last_oldobj"; then RANLIB=$save_RANLIB fi test -z "$concat_cmds" || concat_cmds=$concat_cmds~ - eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\" + eval concat_cmds=\"\$concat_cmds$old_archive_cmds\" objlist= len=$len0 fi done RANLIB=$save_RANLIB oldobjs=$objlist - if test "X$oldobjs" = "X" ; then + if test -z "$oldobjs"; then eval cmds=\"\$concat_cmds\" else eval cmds=\"\$concat_cmds~\$old_archive_cmds\" @@ -9249,7 +10746,7 @@ EOF case $output in *.la) old_library= - test "$build_old_libs" = yes && old_library="$libname.$libext" + test yes = "$build_old_libs" && old_library=$libname.$libext func_verbose "creating $output" # Preserve any variables that may affect compiler behavior @@ -9264,31 +10761,31 @@ EOF fi done # Quote the link command for shipping. - relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" + relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` - if test "$hardcode_automatic" = yes ; then + if test yes = "$hardcode_automatic"; then relink_command= fi # Only create the output if not a dry run. $opt_dry_run || { for installed in no yes; do - if test "$installed" = yes; then + if test yes = "$installed"; then if test -z "$install_libdir"; then break fi - output="$output_objdir/$outputname"i + output=$output_objdir/${outputname}i # Replace all uninstalled libtool libraries with the installed ones newdependency_libs= for deplib in $dependency_libs; do case $deplib in *.la) func_basename "$deplib" - name="$func_basename_result" + name=$func_basename_result func_resolve_sysroot "$deplib" - eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result` + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result` test -z "$libdir" && \ - func_fatal_error "\`$deplib' is not a valid libtool archive" + func_fatal_error "'$deplib' is not a valid libtool archive" func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name" ;; -L*) @@ -9304,23 +10801,23 @@ EOF *) func_append newdependency_libs " $deplib" ;; esac done - dependency_libs="$newdependency_libs" + dependency_libs=$newdependency_libs newdlfiles= for lib in $dlfiles; do case $lib in *.la) func_basename "$lib" - name="$func_basename_result" - eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + name=$func_basename_result + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib` test -z "$libdir" && \ - func_fatal_error "\`$lib' is not a valid libtool archive" + func_fatal_error "'$lib' is not a valid libtool archive" func_append newdlfiles " ${lt_sysroot:+=}$libdir/$name" ;; *) func_append newdlfiles " $lib" ;; esac done - dlfiles="$newdlfiles" + dlfiles=$newdlfiles newdlprefiles= for lib in $dlprefiles; do case $lib in @@ -9330,34 +10827,34 @@ EOF # didn't already link the preopened objects directly into # the library: func_basename "$lib" - name="$func_basename_result" - eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + name=$func_basename_result + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib` test -z "$libdir" && \ - func_fatal_error "\`$lib' is not a valid libtool archive" + func_fatal_error "'$lib' is not a valid libtool archive" func_append newdlprefiles " ${lt_sysroot:+=}$libdir/$name" ;; esac done - dlprefiles="$newdlprefiles" + dlprefiles=$newdlprefiles else newdlfiles= for lib in $dlfiles; do case $lib in - [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; + [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;; *) abs=`pwd`"/$lib" ;; esac func_append newdlfiles " $abs" done - dlfiles="$newdlfiles" + dlfiles=$newdlfiles newdlprefiles= for lib in $dlprefiles; do case $lib in - [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; + [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;; *) abs=`pwd`"/$lib" ;; esac func_append newdlprefiles " $abs" done - dlprefiles="$newdlprefiles" + dlprefiles=$newdlprefiles fi $RM $output # place dlname in correct position for cygwin @@ -9373,10 +10870,9 @@ EOF case $host,$output,$installed,$module,$dlname in *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) # If a -bindir argument was supplied, place the dll there. - if test "x$bindir" != x ; - then + if test -n "$bindir"; then func_relative_path "$install_libdir" "$bindir" - tdlname=$func_relative_path_result$dlname + tdlname=$func_relative_path_result/$dlname else # Otherwise fall back on heuristic. tdlname=../bin/$dlname @@ -9385,7 +10881,7 @@ EOF esac $ECHO > $output "\ # $outputname - a libtool library file -# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION +# Generated by $PROGRAM (GNU $PACKAGE) $VERSION # # Please DO NOT delete this file! # It is necessary for linking the library. @@ -9399,7 +10895,7 @@ library_names='$library_names' # The name of the static archive. old_library='$old_library' -# Linker flags that can not go in dependency_libs. +# Linker flags that cannot go in dependency_libs. inherited_linker_flags='$new_inherited_linker_flags' # Libraries that this one depends upon. @@ -9425,7 +10921,7 @@ dlpreopen='$dlprefiles' # Directory that this library needs to be installed in: libdir='$install_libdir'" - if test "$installed" = no && test "$need_relink" = yes; then + if test no,yes = "$installed,$need_relink"; then $ECHO >> $output "\ relink_command=\"$relink_command\"" fi @@ -9440,27 +10936,29 @@ relink_command=\"$relink_command\"" exit $EXIT_SUCCESS } -{ test "$opt_mode" = link || test "$opt_mode" = relink; } && - func_mode_link ${1+"$@"} +if test link = "$opt_mode" || test relink = "$opt_mode"; then + func_mode_link ${1+"$@"} +fi # func_mode_uninstall arg... func_mode_uninstall () { - $opt_debug - RM="$nonopt" + $debug_cmd + + RM=$nonopt files= - rmforce= + rmforce=false exit_status=0 # This variable tells wrapper scripts just to set variables rather # than running their programs. - libtool_install_magic="$magic" + libtool_install_magic=$magic for arg do case $arg in - -f) func_append RM " $arg"; rmforce=yes ;; + -f) func_append RM " $arg"; rmforce=: ;; -*) func_append RM " $arg" ;; *) func_append files " $arg" ;; esac @@ -9473,18 +10971,18 @@ func_mode_uninstall () for file in $files; do func_dirname "$file" "" "." - dir="$func_dirname_result" - if test "X$dir" = X.; then - odir="$objdir" + dir=$func_dirname_result + if test . = "$dir"; then + odir=$objdir else - odir="$dir/$objdir" + odir=$dir/$objdir fi func_basename "$file" - name="$func_basename_result" - test "$opt_mode" = uninstall && odir="$dir" + name=$func_basename_result + test uninstall = "$opt_mode" && odir=$dir # Remember odir for removal later, being careful to avoid duplicates - if test "$opt_mode" = clean; then + if test clean = "$opt_mode"; then case " $rmdirs " in *" $odir "*) ;; *) func_append rmdirs " $odir" ;; @@ -9499,11 +10997,11 @@ func_mode_uninstall () elif test -d "$file"; then exit_status=1 continue - elif test "$rmforce" = yes; then + elif $rmforce; then continue fi - rmfiles="$file" + rmfiles=$file case $name in *.la) @@ -9517,7 +11015,7 @@ func_mode_uninstall () done test -n "$old_library" && func_append rmfiles " $odir/$old_library" - case "$opt_mode" in + case $opt_mode in clean) case " $library_names " in *" $dlname "*) ;; @@ -9528,12 +11026,12 @@ func_mode_uninstall () uninstall) if test -n "$library_names"; then # Do each command in the postuninstall commands. - func_execute_cmds "$postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1' + func_execute_cmds "$postuninstall_cmds" '$rmforce || exit_status=1' fi if test -n "$old_library"; then # Do each command in the old_postuninstall commands. - func_execute_cmds "$old_postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1' + func_execute_cmds "$old_postuninstall_cmds" '$rmforce || exit_status=1' fi # FIXME: should reinstall the best remaining shared library. ;; @@ -9549,21 +11047,19 @@ func_mode_uninstall () func_source $dir/$name # Add PIC object to the list of files to remove. - if test -n "$pic_object" && - test "$pic_object" != none; then + if test -n "$pic_object" && test none != "$pic_object"; then func_append rmfiles " $dir/$pic_object" fi # Add non-PIC object to the list of files to remove. - if test -n "$non_pic_object" && - test "$non_pic_object" != none; then + if test -n "$non_pic_object" && test none != "$non_pic_object"; then func_append rmfiles " $dir/$non_pic_object" fi fi ;; *) - if test "$opt_mode" = clean ; then + if test clean = "$opt_mode"; then noexename=$name case $file in *.exe) @@ -9590,12 +11086,12 @@ func_mode_uninstall () # note $name still contains .exe if it was in $file originally # as does the version of $file that was added into $rmfiles - func_append rmfiles " $odir/$name $odir/${name}S.${objext}" - if test "$fast_install" = yes && test -n "$relink_command"; then + func_append rmfiles " $odir/$name $odir/${name}S.$objext" + if test yes = "$fast_install" && test -n "$relink_command"; then func_append rmfiles " $odir/lt-$name" fi - if test "X$noexename" != "X$name" ; then - func_append rmfiles " $odir/lt-${noexename}.c" + if test "X$noexename" != "X$name"; then + func_append rmfiles " $odir/lt-$noexename.c" fi fi fi @@ -9604,7 +11100,7 @@ func_mode_uninstall () func_show_eval "$RM $rmfiles" 'exit_status=1' done - # Try to remove the ${objdir}s in the directories where we deleted files + # Try to remove the $objdir's in the directories where we deleted files for dir in $rmdirs; do if test -d "$dir"; then func_show_eval "rmdir $dir >/dev/null 2>&1" @@ -9614,16 +11110,17 @@ func_mode_uninstall () exit $exit_status } -{ test "$opt_mode" = uninstall || test "$opt_mode" = clean; } && - func_mode_uninstall ${1+"$@"} +if test uninstall = "$opt_mode" || test clean = "$opt_mode"; then + func_mode_uninstall ${1+"$@"} +fi test -z "$opt_mode" && { - help="$generic_help" + help=$generic_help func_fatal_help "you must specify a MODE" } test -z "$exec_cmd" && \ - func_fatal_help "invalid operation mode \`$opt_mode'" + func_fatal_help "invalid operation mode '$opt_mode'" if test -n "$exec_cmd"; then eval exec "$exec_cmd" @@ -9634,7 +11131,7 @@ exit $exit_status # The TAGs below are defined such that we never get into a situation -# in which we disable both kinds of libraries. Given conflicting +# where we disable both kinds of libraries. Given conflicting # choices, we go for a static library, that is the most portable, # since we can't tell whether shared libraries were disabled because # the user asked for that or because the platform doesn't support @@ -9657,5 +11154,3 @@ build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` # mode:shell-script # sh-indentation:2 # End: -# vi:sw=2 - diff --git a/m4/config/libtool.m4 b/m4/config/libtool.m4 index 02b4bbec5..10ab2844c 100644 --- a/m4/config/libtool.m4 +++ b/m4/config/libtool.m4 @@ -1,8 +1,6 @@ # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- # -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, -# 2006, 2007, 2008, 2009, 2010, 2011 Free Software -# Foundation, Inc. +# Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is free software; the Free Software Foundation gives @@ -10,36 +8,30 @@ # modifications, as long as this notice is preserved. m4_define([_LT_COPYING], [dnl -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, -# 2006, 2007, 2008, 2009, 2010, 2011 Free Software -# Foundation, Inc. -# Written by Gordon Matzigkeit, 1996 -# -# This file is part of GNU Libtool. -# -# GNU Libtool is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. +# Copyright (C) 2014 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# GNU Libtool is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of of the License, or +# (at your option) any later version. # -# As a special exception to the GNU General Public License, -# if you distribute this file as part of a program or library that -# is built using GNU Libtool, you may include this file under the -# same distribution terms that you use for the rest of that program. +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program or library that is built +# using GNU Libtool, you may include this file under the same +# distribution terms that you use for the rest of that program. # -# GNU Libtool is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of +# GNU Libtool is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with GNU Libtool; see the file COPYING. If not, a copy -# can be downloaded from http://www.gnu.org/licenses/gpl.html, or -# obtained by writing to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# along with this program. If not, see . ]) -# serial 57 LT_INIT +# serial 58 LT_INIT # LT_PREREQ(VERSION) @@ -67,7 +59,7 @@ esac # LT_INIT([OPTIONS]) # ------------------ AC_DEFUN([LT_INIT], -[AC_PREREQ([2.58])dnl We use AC_INCLUDES_DEFAULT +[AC_PREREQ([2.62])dnl We use AC_PATH_PROGS_FEATURE_CHECK AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl AC_BEFORE([$0], [LT_LANG])dnl AC_BEFORE([$0], [LT_OUTPUT])dnl @@ -91,7 +83,7 @@ dnl Parse OPTIONS _LT_SET_OPTIONS([$0], [$1]) # This can be used to rebuild libtool when needed -LIBTOOL_DEPS="$ltmain" +LIBTOOL_DEPS=$ltmain # Always use our own libtool. LIBTOOL='$(SHELL) $(top_builddir)/libtool' @@ -111,26 +103,43 @@ dnl AC_DEFUN([AC_PROG_LIBTOOL], []) dnl AC_DEFUN([AM_PROG_LIBTOOL], []) +# _LT_PREPARE_CC_BASENAME +# ----------------------- +m4_defun([_LT_PREPARE_CC_BASENAME], [ +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +func_cc_basename () +{ + for cc_temp in @S|@*""; do + case $cc_temp in + compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; + distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; + \-*) ;; + *) break;; + esac + done + func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +} +])# _LT_PREPARE_CC_BASENAME + + # _LT_CC_BASENAME(CC) # ------------------- -# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +# It would be clearer to call AC_REQUIREs from _LT_PREPARE_CC_BASENAME, +# but that macro is also expanded into generated libtool script, which +# arranges for $SED and $ECHO to be set by different means. m4_defun([_LT_CC_BASENAME], -[for cc_temp in $1""; do - case $cc_temp in - compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; - distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; - \-*) ;; - *) break;; - esac -done -cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +[m4_require([_LT_PREPARE_CC_BASENAME])dnl +AC_REQUIRE([_LT_DECL_SED])dnl +AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl +func_cc_basename $1 +cc_basename=$func_cc_basename_result ]) # _LT_FILEUTILS_DEFAULTS # ---------------------- # It is okay to use these file commands and assume they have been set -# sensibly after `m4_require([_LT_FILEUTILS_DEFAULTS])'. +# sensibly after 'm4_require([_LT_FILEUTILS_DEFAULTS])'. m4_defun([_LT_FILEUTILS_DEFAULTS], [: ${CP="cp -f"} : ${MV="mv -f"} @@ -177,15 +186,16 @@ m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl m4_require([_LT_CMD_OLD_ARCHIVE])dnl m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl m4_require([_LT_WITH_SYSROOT])dnl +m4_require([_LT_CMD_TRUNCATE])dnl _LT_CONFIG_LIBTOOL_INIT([ -# See if we are running on zsh, and set the options which allow our +# See if we are running on zsh, and set the options that allow our # commands through without removal of \ escapes INIT. -if test -n "\${ZSH_VERSION+set}" ; then +if test -n "\${ZSH_VERSION+set}"; then setopt NO_GLOB_SUBST fi ]) -if test -n "${ZSH_VERSION+set}" ; then +if test -n "${ZSH_VERSION+set}"; then setopt NO_GLOB_SUBST fi @@ -198,7 +208,7 @@ aix3*) # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. - if test "X${COLLECT_NAMES+set}" != Xset; then + if test set != "${COLLECT_NAMES+set}"; then COLLECT_NAMES= export COLLECT_NAMES fi @@ -209,14 +219,14 @@ esac ofile=libtool can_build_shared=yes -# All known linkers require a `.a' archive for static linking (except MSVC, +# All known linkers require a '.a' archive for static linking (except MSVC, # which needs '.lib'). libext=a -with_gnu_ld="$lt_cv_prog_gnu_ld" +with_gnu_ld=$lt_cv_prog_gnu_ld -old_CC="$CC" -old_CFLAGS="$CFLAGS" +old_CC=$CC +old_CFLAGS=$CFLAGS # Set sane defaults for various variables test -z "$CC" && CC=cc @@ -269,14 +279,14 @@ no_glob_subst='s/\*/\\\*/g' # _LT_PROG_LTMAIN # --------------- -# Note that this code is called both from `configure', and `config.status' +# Note that this code is called both from 'configure', and 'config.status' # now that we use AC_CONFIG_COMMANDS to generate libtool. Notably, -# `config.status' has no value for ac_aux_dir unless we are using Automake, +# 'config.status' has no value for ac_aux_dir unless we are using Automake, # so we pass a copy along to make sure it has a sensible value anyway. m4_defun([_LT_PROG_LTMAIN], [m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl _LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir']) -ltmain="$ac_aux_dir/ltmain.sh" +ltmain=$ac_aux_dir/ltmain.sh ])# _LT_PROG_LTMAIN @@ -286,7 +296,7 @@ ltmain="$ac_aux_dir/ltmain.sh" # So that we can recreate a full libtool script including additional # tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS -# in macros and then make a single call at the end using the `libtool' +# in macros and then make a single call at the end using the 'libtool' # label. @@ -421,8 +431,8 @@ m4_define([_lt_decl_all_varnames], # _LT_CONFIG_STATUS_DECLARE([VARNAME]) # ------------------------------------ -# Quote a variable value, and forward it to `config.status' so that its -# declaration there will have the same value as in `configure'. VARNAME +# Quote a variable value, and forward it to 'config.status' so that its +# declaration there will have the same value as in 'configure'. VARNAME # must have a single quote delimited value for this to work. m4_define([_LT_CONFIG_STATUS_DECLARE], [$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`']) @@ -446,7 +456,7 @@ m4_defun([_LT_CONFIG_STATUS_DECLARATIONS], # Output comment and list of tags supported by the script m4_defun([_LT_LIBTOOL_TAGS], [_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl -available_tags="_LT_TAGS"dnl +available_tags='_LT_TAGS'dnl ]) @@ -474,7 +484,7 @@ m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl # _LT_LIBTOOL_CONFIG_VARS # ----------------------- # Produce commented declarations of non-tagged libtool config variables -# suitable for insertion in the LIBTOOL CONFIG section of the `libtool' +# suitable for insertion in the LIBTOOL CONFIG section of the 'libtool' # script. Tagged libtool config variables (even for the LIBTOOL CONFIG # section) are produced by _LT_LIBTOOL_TAG_VARS. m4_defun([_LT_LIBTOOL_CONFIG_VARS], @@ -500,8 +510,8 @@ m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])]) # Send accumulated output to $CONFIG_STATUS. Thanks to the lists of # variables for single and double quote escaping we saved from calls # to _LT_DECL, we can put quote escaped variables declarations -# into `config.status', and then the shell code to quote escape them in -# for loops in `config.status'. Finally, any additional code accumulated +# into 'config.status', and then the shell code to quote escape them in +# for loops in 'config.status'. Finally, any additional code accumulated # from calls to _LT_CONFIG_LIBTOOL_INIT is expanded. m4_defun([_LT_CONFIG_COMMANDS], [AC_PROVIDE_IFELSE([LT_OUTPUT], @@ -547,7 +557,7 @@ for var in lt_decl_all_varnames([[ \ ]], lt_decl_quote_varnames); do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[[\\\\\\\`\\"\\\$]]*) - eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" @@ -560,7 +570,7 @@ for var in lt_decl_all_varnames([[ \ ]], lt_decl_dquote_varnames); do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[[\\\\\\\`\\"\\\$]]*) - eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" @@ -576,7 +586,7 @@ _LT_OUTPUT_LIBTOOL_INIT # Generate a child script FILE with all initialization necessary to # reuse the environment learned by the parent script, and make the # file executable. If COMMENT is supplied, it is inserted after the -# `#!' sequence but before initialization text begins. After this +# '#!' sequence but before initialization text begins. After this # macro, additional text can be appended to FILE to form the body of # the child script. The macro ends with non-zero status if the # file could not be fully written (such as if the disk is full). @@ -598,7 +608,7 @@ AS_SHELL_SANITIZE _AS_PREPARE exec AS_MESSAGE_FD>&1 _ASEOF -test $lt_write_fail = 0 && chmod +x $1[]dnl +test 0 = "$lt_write_fail" && chmod +x $1[]dnl m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT # LT_OUTPUT @@ -621,7 +631,7 @@ exec AS_MESSAGE_LOG_FD>>config.log } >&AS_MESSAGE_LOG_FD lt_cl_help="\ -\`$as_me' creates a local libtool stub from the current configuration, +'$as_me' creates a local libtool stub from the current configuration, for use in further configure time tests before the real libtool is generated. @@ -643,7 +653,7 @@ Copyright (C) 2011 Free Software Foundation, Inc. This config.lt script is free software; the Free Software Foundation gives unlimited permision to copy, distribute and modify it." -while test $[#] != 0 +while test 0 != $[#] do case $[1] in --version | --v* | -V ) @@ -656,10 +666,10 @@ do lt_cl_silent=: ;; -*) AC_MSG_ERROR([unrecognized option: $[1] -Try \`$[0] --help' for more information.]) ;; +Try '$[0] --help' for more information.]) ;; *) AC_MSG_ERROR([unrecognized argument: $[1] -Try \`$[0] --help' for more information.]) ;; +Try '$[0] --help' for more information.]) ;; esac shift done @@ -685,7 +695,7 @@ chmod +x "$CONFIG_LT" # open by configure. Here we exec the FD to /dev/null, effectively closing # config.log, so it can be properly (re)opened and appended to by config.lt. lt_cl_success=: -test "$silent" = yes && +test yes = "$silent" && lt_config_lt_args="$lt_config_lt_args --quiet" exec AS_MESSAGE_LOG_FD>/dev/null $SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false @@ -705,32 +715,47 @@ m4_defun([_LT_CONFIG], _LT_CONFIG_SAVE_COMMANDS([ m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl m4_if(_LT_TAG, [C], [ - # See if we are running on zsh, and set the options which allow our + # See if we are running on zsh, and set the options that allow our # commands through without removal of \ escapes. - if test -n "${ZSH_VERSION+set}" ; then + if test -n "${ZSH_VERSION+set}"; then setopt NO_GLOB_SUBST fi - cfgfile="${ofile}T" + cfgfile=${ofile}T trap "$RM \"$cfgfile\"; exit 1" 1 2 15 $RM "$cfgfile" cat <<_LT_EOF >> "$cfgfile" #! $SHELL - -# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. -# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION +# Generated automatically by $as_me ($PACKAGE) $VERSION # Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # NOTE: Changes made to this file will be lost: look at ltmain.sh. -# + +# Provide generalized library-building support services. +# Written by Gordon Matzigkeit, 1996 + _LT_COPYING _LT_LIBTOOL_TAGS +# Configured defaults for sys_lib_dlsearch_path munging. +: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"} + # ### BEGIN LIBTOOL CONFIG _LT_LIBTOOL_CONFIG_VARS _LT_LIBTOOL_TAG_VARS # ### END LIBTOOL CONFIG +_LT_EOF + + cat <<'_LT_EOF' >> "$cfgfile" + +# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE + +_LT_PREPARE_MUNGE_PATH_LIST +_LT_PREPARE_CC_BASENAME + +# ### END FUNCTIONS SHARED WITH CONFIGURE + _LT_EOF case $host_os in @@ -739,7 +764,7 @@ _LT_EOF # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. -if test "X${COLLECT_NAMES+set}" != Xset; then +if test set != "${COLLECT_NAMES+set}"; then COLLECT_NAMES= export COLLECT_NAMES fi @@ -756,8 +781,6 @@ _LT_EOF sed '$q' "$ltmain" >> "$cfgfile" \ || (rm -f "$cfgfile"; exit 1) - _LT_PROG_REPLACE_SHELLFNS - mv -f "$cfgfile" "$ofile" || (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") chmod +x "$ofile" @@ -775,7 +798,6 @@ _LT_EOF [m4_if([$1], [], [ PACKAGE='$PACKAGE' VERSION='$VERSION' - TIMESTAMP='$TIMESTAMP' RM='$RM' ofile='$ofile'], []) ])dnl /_LT_CONFIG_SAVE_COMMANDS @@ -974,7 +996,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod], [lt_cv_apple_cc_single_mod=no - if test -z "${LT_MULTI_MODULE}"; then + if test -z "$LT_MULTI_MODULE"; then # By default we will add the -single_module flag. You can override # by either setting the environment variable LT_MULTI_MODULE # non-empty at configure time, or by adding -multi_module to the @@ -992,7 +1014,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ cat conftest.err >&AS_MESSAGE_LOG_FD # Otherwise, if the output was created with a 0 exit code from # the compiler, it worked. - elif test -f libconftest.dylib && test $_lt_result -eq 0; then + elif test -f libconftest.dylib && test 0 = "$_lt_result"; then lt_cv_apple_cc_single_mod=yes else cat conftest.err >&AS_MESSAGE_LOG_FD @@ -1010,7 +1032,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], [lt_cv_ld_exported_symbols_list=yes], [lt_cv_ld_exported_symbols_list=no]) - LDFLAGS="$save_LDFLAGS" + LDFLAGS=$save_LDFLAGS ]) AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load], @@ -1032,7 +1054,7 @@ _LT_EOF _lt_result=$? if test -s conftest.err && $GREP force_load conftest.err; then cat conftest.err >&AS_MESSAGE_LOG_FD - elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then + elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then lt_cv_ld_force_load=yes else cat conftest.err >&AS_MESSAGE_LOG_FD @@ -1042,32 +1064,32 @@ _LT_EOF ]) case $host_os in rhapsody* | darwin1.[[012]]) - _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; + _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;; darwin1.*) - _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; darwin*) # darwin 5.x on # if running on 10.5 or later, the deployment target defaults # to the OS version, if on x86, and 10.4, the deployment # target defaults to 10.4. Don't you love it? case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*) - _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; - 10.[[012]]*) - _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; + 10.[[012]][[,.]]*) + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; 10.*) - _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; esac ;; esac - if test "$lt_cv_apple_cc_single_mod" = "yes"; then + if test yes = "$lt_cv_apple_cc_single_mod"; then _lt_dar_single_mod='$single_module' fi - if test "$lt_cv_ld_exported_symbols_list" = "yes"; then - _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' + if test yes = "$lt_cv_ld_exported_symbols_list"; then + _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' else - _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' + _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib' fi - if test "$DSYMUTIL" != ":" && test "$lt_cv_ld_force_load" = "no"; then + if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then _lt_dsymutil='~$DSYMUTIL $lib || :' else _lt_dsymutil= @@ -1087,29 +1109,29 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES], _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported - if test "$lt_cv_ld_force_load" = "yes"; then - _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + if test yes = "$lt_cv_ld_force_load"; then + _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes], [FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes]) else _LT_TAGVAR(whole_archive_flag_spec, $1)='' fi _LT_TAGVAR(link_all_deplibs, $1)=yes - _LT_TAGVAR(allow_undefined_flag, $1)="$_lt_dar_allow_undefined" + _LT_TAGVAR(allow_undefined_flag, $1)=$_lt_dar_allow_undefined case $cc_basename in - ifort*) _lt_dar_can_shared=yes ;; + ifort*|nagfor*) _lt_dar_can_shared=yes ;; *) _lt_dar_can_shared=$GCC ;; esac - if test "$_lt_dar_can_shared" = "yes"; then + if test yes = "$_lt_dar_can_shared"; then output_verbose_link_cmd=func_echo_all - _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" - _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" - _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" - _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" + _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil" + _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil" + _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil" + _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil" m4_if([$1], [CXX], -[ if test "$lt_cv_apple_cc_single_mod" != "yes"; then - _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}" - _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}" +[ if test yes != "$lt_cv_apple_cc_single_mod"; then + _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil" + _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil" fi ],[]) else @@ -1129,7 +1151,7 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES], # Allow to override them for all tags through lt_cv_aix_libpath. m4_defun([_LT_SYS_MODULE_PATH_AIX], [m4_require([_LT_DECL_SED])dnl -if test "${lt_cv_aix_libpath+set}" = set; then +if test set = "${lt_cv_aix_libpath+set}"; then aix_libpath=$lt_cv_aix_libpath else AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])], @@ -1147,7 +1169,7 @@ else _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi],[]) if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then - _LT_TAGVAR([lt_cv_aix_libpath_], [$1])="/usr/lib:/lib" + _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=/usr/lib:/lib fi ]) aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1]) @@ -1167,8 +1189,8 @@ m4_define([_LT_SHELL_INIT], # ----------------------- # Find how we can fake an echo command that does not interpret backslash. # In particular, with Autoconf 2.60 or later we add some code to the start -# of the generated configure script which will find a shell with a builtin -# printf (which we can use as an echo command). +# of the generated configure script that will find a shell with a builtin +# printf (that we can use as an echo command). m4_defun([_LT_PROG_ECHO_BACKSLASH], [ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO @@ -1196,10 +1218,10 @@ fi # Invoke $ECHO with all args, space-separated. func_echo_all () { - $ECHO "$*" + $ECHO "$*" } -case "$ECHO" in +case $ECHO in printf*) AC_MSG_RESULT([printf]) ;; print*) AC_MSG_RESULT([print -r]) ;; *) AC_MSG_RESULT([cat]) ;; @@ -1225,16 +1247,17 @@ _LT_DECL([], [ECHO], [1], [An echo program that protects backslashes]) AC_DEFUN([_LT_WITH_SYSROOT], [AC_MSG_CHECKING([for sysroot]) AC_ARG_WITH([sysroot], -[ --with-sysroot[=DIR] Search for dependent libraries within DIR - (or the compiler's sysroot if not specified).], +[AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@], + [Search for dependent libraries within DIR (or the compiler's sysroot + if not specified).])], [], [with_sysroot=no]) dnl lt_sysroot will always be passed unquoted. We quote it here dnl in case the user passed a directory name. lt_sysroot= -case ${with_sysroot} in #( +case $with_sysroot in #( yes) - if test "$GCC" = yes; then + if test yes = "$GCC"; then lt_sysroot=`$CC --print-sysroot 2>/dev/null` fi ;; #( @@ -1244,14 +1267,14 @@ case ${with_sysroot} in #( no|'') ;; #( *) - AC_MSG_RESULT([${with_sysroot}]) + AC_MSG_RESULT([$with_sysroot]) AC_MSG_ERROR([The sysroot must be an absolute path.]) ;; esac AC_MSG_RESULT([${lt_sysroot:-no}]) _LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl -[dependent libraries, and in which our libraries should be installed.])]) +[dependent libraries, and where our libraries should be installed.])]) # _LT_ENABLE_LOCK # --------------- @@ -1259,31 +1282,33 @@ m4_defun([_LT_ENABLE_LOCK], [AC_ARG_ENABLE([libtool-lock], [AS_HELP_STRING([--disable-libtool-lock], [avoid locking (might break parallel builds)])]) -test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes +test no = "$enable_libtool_lock" || enable_libtool_lock=yes # Some flags need to be propagated to the compiler or linker for good # libtool support. case $host in ia64-*-hpux*) - # Find out which ABI we are using. + # Find out what ABI is being produced by ac_compile, and set mode + # options accordingly. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.$ac_objext` in *ELF-32*) - HPUX_IA64_MODE="32" + HPUX_IA64_MODE=32 ;; *ELF-64*) - HPUX_IA64_MODE="64" + HPUX_IA64_MODE=64 ;; esac fi rm -rf conftest* ;; *-*-irix6*) - # Find out which ABI we are using. + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then - if test "$lt_cv_prog_gnu_ld" = yes; then + if test yes = "$lt_cv_prog_gnu_ld"; then case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -melf32bsmip" @@ -1312,9 +1337,46 @@ ia64-*-hpux*) rm -rf conftest* ;; -x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ +mips64*-*linux*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. + echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + emul=elf + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + emul="${emul}32" + ;; + *64-bit*) + emul="${emul}64" + ;; + esac + case `/usr/bin/file conftest.$ac_objext` in + *MSB*) + emul="${emul}btsmip" + ;; + *LSB*) + emul="${emul}ltsmip" + ;; + esac + case `/usr/bin/file conftest.$ac_objext` in + *N32*) + emul="${emul}n32" + ;; + esac + LD="${LD-ld} -m $emul" + fi + rm -rf conftest* + ;; + +x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) - # Find out which ABI we are using. + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. Note that the listed cases only cover the + # situations where additional linker options are needed (such as when + # doing 32-bit compilation for a host where ld defaults to 64-bit, or + # vice versa); the common cases where no linker options are needed do + # not appear in the list. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.o` in @@ -1333,7 +1395,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) ;; esac ;; - ppc64-*linux*|powerpc64-*linux*) + powerpc64le-*linux*) + LD="${LD-ld} -m elf32lppclinux" + ;; + powerpc64-*linux*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) @@ -1352,7 +1417,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; - ppc*-*linux*|powerpc*-*linux*) + powerpcle-*linux*) + LD="${LD-ld} -m elf64lppc" + ;; + powerpc-*linux*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) @@ -1370,19 +1438,20 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) *-*-sco3.2v5*) # On SCO OpenServer 5, we need -belf to get full-featured binaries. - SAVE_CFLAGS="$CFLAGS" + SAVE_CFLAGS=$CFLAGS CFLAGS="$CFLAGS -belf" AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf, [AC_LANG_PUSH(C) AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no]) AC_LANG_POP]) - if test x"$lt_cv_cc_needs_belf" != x"yes"; then + if test yes != "$lt_cv_cc_needs_belf"; then # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf - CFLAGS="$SAVE_CFLAGS" + CFLAGS=$SAVE_CFLAGS fi ;; *-*solaris*) - # Find out which ABI we are using. + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.o` in @@ -1390,7 +1459,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) case $lt_cv_prog_gnu_ld in yes*) case $host in - i?86-*-solaris*) + i?86-*-solaris*|x86_64-*-solaris*) LD="${LD-ld} -m elf_x86_64" ;; sparc*-*-solaris*) @@ -1399,7 +1468,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) esac # GNU ld 2.21 introduced _sol2 emulations. Use them if available. if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then - LD="${LD-ld}_sol2" + LD=${LD-ld}_sol2 fi ;; *) @@ -1415,7 +1484,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) ;; esac -need_locks="$enable_libtool_lock" +need_locks=$enable_libtool_lock ])# _LT_ENABLE_LOCK @@ -1434,11 +1503,11 @@ AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file], [echo conftest.$ac_objext > conftest.lst lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD' AC_TRY_EVAL([lt_ar_try]) - if test "$ac_status" -eq 0; then + if test 0 -eq "$ac_status"; then # Ensure the archiver fails upon bogus file names. rm -f conftest.$ac_objext libconftest.a AC_TRY_EVAL([lt_ar_try]) - if test "$ac_status" -ne 0; then + if test 0 -ne "$ac_status"; then lt_cv_ar_at_file=@ fi fi @@ -1446,7 +1515,7 @@ AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file], ]) ]) -if test "x$lt_cv_ar_at_file" = xno; then +if test no = "$lt_cv_ar_at_file"; then archiver_list_spec= else archiver_list_spec=$lt_cv_ar_at_file @@ -1477,7 +1546,7 @@ old_postuninstall_cmds= if test -n "$RANLIB"; then case $host_os in - openbsd*) + bitrig* | openbsd*) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" ;; *) @@ -1513,7 +1582,7 @@ AC_CACHE_CHECK([$1], [$2], [$2=no m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4]) echo "$lt_simple_compile_test_code" > conftest.$ac_ext - lt_compiler_flag="$3" + lt_compiler_flag="$3" ## exclude from sc_useless_quotes_in_assignment # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins @@ -1540,7 +1609,7 @@ AC_CACHE_CHECK([$1], [$2], $RM conftest* ]) -if test x"[$]$2" = xyes; then +if test yes = "[$]$2"; then m4_if([$5], , :, [$5]) else m4_if([$6], , :, [$6]) @@ -1562,7 +1631,7 @@ AC_DEFUN([_LT_LINKER_OPTION], m4_require([_LT_DECL_SED])dnl AC_CACHE_CHECK([$1], [$2], [$2=no - save_LDFLAGS="$LDFLAGS" + save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS $3" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then @@ -1581,10 +1650,10 @@ AC_CACHE_CHECK([$1], [$2], fi fi $RM -r conftest* - LDFLAGS="$save_LDFLAGS" + LDFLAGS=$save_LDFLAGS ]) -if test x"[$]$2" = xyes; then +if test yes = "[$]$2"; then m4_if([$4], , :, [$4]) else m4_if([$5], , :, [$5]) @@ -1605,7 +1674,7 @@ AC_DEFUN([LT_CMD_MAX_LEN], AC_MSG_CHECKING([the maximum length of command line arguments]) AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl i=0 - teststring="ABCD" + teststring=ABCD case $build_os in msdosdjgpp*) @@ -1645,7 +1714,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl lt_cv_sys_max_cmd_len=8192; ;; - netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) + bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*) # This has been around since 386BSD, at least. Likely further. if test -x /sbin/sysctl; then lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` @@ -1696,22 +1765,22 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl *) lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` if test -n "$lt_cv_sys_max_cmd_len" && \ - test undefined != "$lt_cv_sys_max_cmd_len"; then + test undefined != "$lt_cv_sys_max_cmd_len"; then lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` else # Make teststring a little bigger before we do anything with it. # a 1K string should be a reasonable start. - for i in 1 2 3 4 5 6 7 8 ; do + for i in 1 2 3 4 5 6 7 8; do teststring=$teststring$teststring done SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} # If test is not a shell built-in, we'll probably end up computing a # maximum length that is only half of the actual maximum length, but # we can't tell. - while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \ + while { test X`env echo "$teststring$teststring" 2>/dev/null` \ = "X$teststring$teststring"; } >/dev/null 2>&1 && - test $i != 17 # 1/2 MB should be enough + test 17 != "$i" # 1/2 MB should be enough do i=`expr $i + 1` teststring=$teststring$teststring @@ -1727,7 +1796,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl ;; esac ]) -if test -n $lt_cv_sys_max_cmd_len ; then +if test -n "$lt_cv_sys_max_cmd_len"; then AC_MSG_RESULT($lt_cv_sys_max_cmd_len) else AC_MSG_RESULT(none) @@ -1755,7 +1824,7 @@ m4_defun([_LT_HEADER_DLFCN], # ---------------------------------------------------------------- m4_defun([_LT_TRY_DLOPEN_SELF], [m4_require([_LT_HEADER_DLFCN])dnl -if test "$cross_compiling" = yes; then : +if test yes = "$cross_compiling"; then : [$4] else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 @@ -1802,9 +1871,9 @@ else # endif #endif -/* When -fvisbility=hidden is used, assume the code has been annotated +/* When -fvisibility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ -#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) int fnord () __attribute__((visibility("default"))); #endif @@ -1830,7 +1899,7 @@ int main () return status; }] _LT_EOF - if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then + if AC_TRY_EVAL(ac_link) && test -s "conftest$ac_exeext" 2>/dev/null; then (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null lt_status=$? case x$lt_status in @@ -1851,7 +1920,7 @@ rm -fr conftest* # ------------------ AC_DEFUN([LT_SYS_DLOPEN_SELF], [m4_require([_LT_HEADER_DLFCN])dnl -if test "x$enable_dlopen" != xyes; then +if test yes != "$enable_dlopen"; then enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown @@ -1861,44 +1930,52 @@ else case $host_os in beos*) - lt_cv_dlopen="load_add_on" + lt_cv_dlopen=load_add_on lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ;; mingw* | pw32* | cegcc*) - lt_cv_dlopen="LoadLibrary" + lt_cv_dlopen=LoadLibrary lt_cv_dlopen_libs= ;; cygwin*) - lt_cv_dlopen="dlopen" + lt_cv_dlopen=dlopen lt_cv_dlopen_libs= ;; darwin*) - # if libdl is installed we need to link against it + # if libdl is installed we need to link against it AC_CHECK_LIB([dl], [dlopen], - [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[ - lt_cv_dlopen="dyld" + [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],[ + lt_cv_dlopen=dyld lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ]) ;; + tpf*) + # Don't try to run any link tests for TPF. We know it's impossible + # because TPF is a cross-compiler, and we know how we open DSOs. + lt_cv_dlopen=dlopen + lt_cv_dlopen_libs= + lt_cv_dlopen_self=no + ;; + *) AC_CHECK_FUNC([shl_load], - [lt_cv_dlopen="shl_load"], + [lt_cv_dlopen=shl_load], [AC_CHECK_LIB([dld], [shl_load], - [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"], + [lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld], [AC_CHECK_FUNC([dlopen], - [lt_cv_dlopen="dlopen"], + [lt_cv_dlopen=dlopen], [AC_CHECK_LIB([dl], [dlopen], - [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"], + [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl], [AC_CHECK_LIB([svld], [dlopen], - [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"], + [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld], [AC_CHECK_LIB([dld], [dld_link], - [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"]) + [lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld]) ]) ]) ]) @@ -1907,21 +1984,21 @@ else ;; esac - if test "x$lt_cv_dlopen" != xno; then - enable_dlopen=yes - else + if test no = "$lt_cv_dlopen"; then enable_dlopen=no + else + enable_dlopen=yes fi case $lt_cv_dlopen in dlopen) - save_CPPFLAGS="$CPPFLAGS" - test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" + save_CPPFLAGS=$CPPFLAGS + test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" - save_LDFLAGS="$LDFLAGS" + save_LDFLAGS=$LDFLAGS wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" - save_LIBS="$LIBS" + save_LIBS=$LIBS LIBS="$lt_cv_dlopen_libs $LIBS" AC_CACHE_CHECK([whether a program can dlopen itself], @@ -1931,7 +2008,7 @@ else lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross) ]) - if test "x$lt_cv_dlopen_self" = xyes; then + if test yes = "$lt_cv_dlopen_self"; then wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" AC_CACHE_CHECK([whether a statically linked program can dlopen itself], lt_cv_dlopen_self_static, [dnl @@ -1941,9 +2018,9 @@ else ]) fi - CPPFLAGS="$save_CPPFLAGS" - LDFLAGS="$save_LDFLAGS" - LIBS="$save_LIBS" + CPPFLAGS=$save_CPPFLAGS + LDFLAGS=$save_LDFLAGS + LIBS=$save_LIBS ;; esac @@ -2035,8 +2112,8 @@ m4_defun([_LT_COMPILER_FILE_LOCKS], m4_require([_LT_FILEUTILS_DEFAULTS])dnl _LT_COMPILER_C_O([$1]) -hard_links="nottested" -if test "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then +hard_links=nottested +if test no = "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" && test no != "$need_locks"; then # do not overwrite the value of need_locks provided by the user AC_MSG_CHECKING([if we can lock with hard links]) hard_links=yes @@ -2046,8 +2123,8 @@ if test "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no AC_MSG_RESULT([$hard_links]) - if test "$hard_links" = no; then - AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe]) + if test no = "$hard_links"; then + AC_MSG_WARN(['$CC' does not support '-c -o', so 'make -j' may be unsafe]) need_locks=warn fi else @@ -2074,8 +2151,8 @@ objdir=$lt_cv_objdir _LT_DECL([], [objdir], [0], [The name of the directory that contains temporary libtool files])dnl m4_pattern_allow([LT_OBJDIR])dnl -AC_DEFINE_UNQUOTED(LT_OBJDIR, "$lt_cv_objdir/", - [Define to the sub-directory in which libtool stores uninstalled libraries.]) +AC_DEFINE_UNQUOTED([LT_OBJDIR], "$lt_cv_objdir/", + [Define to the sub-directory where libtool stores uninstalled libraries.]) ])# _LT_CHECK_OBJDIR @@ -2087,15 +2164,15 @@ m4_defun([_LT_LINKER_HARDCODE_LIBPATH], _LT_TAGVAR(hardcode_action, $1)= if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" || test -n "$_LT_TAGVAR(runpath_var, $1)" || - test "X$_LT_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then + test yes = "$_LT_TAGVAR(hardcode_automatic, $1)"; then # We can hardcode non-existent directories. - if test "$_LT_TAGVAR(hardcode_direct, $1)" != no && + if test no != "$_LT_TAGVAR(hardcode_direct, $1)" && # If the only mechanism to avoid hardcoding is shlibpath_var, we # have to relink, otherwise we might link with an installed library # when we should be linking with a yet-to-be-installed one - ## test "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" != no && - test "$_LT_TAGVAR(hardcode_minus_L, $1)" != no; then + ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" && + test no != "$_LT_TAGVAR(hardcode_minus_L, $1)"; then # Linking always hardcodes the temporary library directory. _LT_TAGVAR(hardcode_action, $1)=relink else @@ -2109,12 +2186,12 @@ else fi AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)]) -if test "$_LT_TAGVAR(hardcode_action, $1)" = relink || - test "$_LT_TAGVAR(inherit_rpath, $1)" = yes; then +if test relink = "$_LT_TAGVAR(hardcode_action, $1)" || + test yes = "$_LT_TAGVAR(inherit_rpath, $1)"; then # Fast installation is not supported enable_fast_install=no -elif test "$shlibpath_overrides_runpath" = yes || - test "$enable_shared" = no; then +elif test yes = "$shlibpath_overrides_runpath" || + test no = "$enable_shared"; then # Fast installation is not necessary enable_fast_install=needless fi @@ -2138,7 +2215,7 @@ else # FIXME - insert some real tests, host_os isn't really good enough case $host_os in darwin*) - if test -n "$STRIP" ; then + if test -n "$STRIP"; then striplib="$STRIP -x" old_striplib="$STRIP -S" AC_MSG_RESULT([yes]) @@ -2156,6 +2233,47 @@ _LT_DECL([], [striplib], [1]) ])# _LT_CMD_STRIPLIB +# _LT_PREPARE_MUNGE_PATH_LIST +# --------------------------- +# Make sure func_munge_path_list() is defined correctly. +m4_defun([_LT_PREPARE_MUNGE_PATH_LIST], +[[# func_munge_path_list VARIABLE PATH +# ----------------------------------- +# VARIABLE is name of variable containing _space_ separated list of +# directories to be munged by the contents of PATH, which is string +# having a format: +# "DIR[:DIR]:" +# string "DIR[ DIR]" will be prepended to VARIABLE +# ":DIR[:DIR]" +# string "DIR[ DIR]" will be appended to VARIABLE +# "DIRP[:DIRP]::[DIRA:]DIRA" +# string "DIRP[ DIRP]" will be prepended to VARIABLE and string +# "DIRA[ DIRA]" will be appended to VARIABLE +# "DIR[:DIR]" +# VARIABLE will be replaced by "DIR[ DIR]" +func_munge_path_list () +{ + case x@S|@2 in + x) + ;; + *:) + eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\" + ;; + x:*) + eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\" + ;; + *::*) + eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" + eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\" + ;; + *) + eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\" + ;; + esac +} +]])# _LT_PREPARE_PATH_LIST + + # _LT_SYS_DYNAMIC_LINKER([TAG]) # ----------------------------- # PORTME Fill in your ld.so characteristics @@ -2166,17 +2284,18 @@ m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_OBJDUMP])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_CHECK_SHELL_FEATURES])dnl +m4_require([_LT_PREPARE_MUNGE_PATH_LIST])dnl AC_MSG_CHECKING([dynamic linker characteristics]) m4_if([$1], [], [ -if test "$GCC" = yes; then +if test yes = "$GCC"; then case $host_os in - darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; - *) lt_awk_arg="/^libraries:/" ;; + darwin*) lt_awk_arg='/^libraries:/,/LR/' ;; + *) lt_awk_arg='/^libraries:/' ;; esac case $host_os in - mingw* | cegcc*) lt_sed_strip_eq="s,=\([[A-Za-z]]:\),\1,g" ;; - *) lt_sed_strip_eq="s,=/,/,g" ;; + mingw* | cegcc*) lt_sed_strip_eq='s|=\([[A-Za-z]]:\)|\1|g' ;; + *) lt_sed_strip_eq='s|=/|/|g' ;; esac lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` case $lt_search_path_spec in @@ -2192,28 +2311,35 @@ if test "$GCC" = yes; then ;; esac # Ok, now we have the path, separated by spaces, we can step through it - # and add multilib dir if necessary. + # and add multilib dir if necessary... lt_tmp_lt_search_path_spec= - lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` + lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` + # ...but if some path component already ends with the multilib dir we assume + # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer). + case "$lt_multi_os_dir; $lt_search_path_spec " in + "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*) + lt_multi_os_dir= + ;; + esac for lt_sys_path in $lt_search_path_spec; do - if test -d "$lt_sys_path/$lt_multi_os_dir"; then - lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" - else + if test -d "$lt_sys_path$lt_multi_os_dir"; then + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir" + elif test -n "$lt_multi_os_dir"; then test -d "$lt_sys_path" && \ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" fi done lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' -BEGIN {RS=" "; FS="/|\n";} { - lt_foo=""; - lt_count=0; +BEGIN {RS = " "; FS = "/|\n";} { + lt_foo = ""; + lt_count = 0; for (lt_i = NF; lt_i > 0; lt_i--) { if ($lt_i != "" && $lt_i != ".") { if ($lt_i == "..") { lt_count++; } else { if (lt_count == 0) { - lt_foo="/" $lt_i lt_foo; + lt_foo = "/" $lt_i lt_foo; } else { lt_count--; } @@ -2227,7 +2353,7 @@ BEGIN {RS=" "; FS="/|\n";} { # for these hosts. case $host_os in mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ - $SED 's,/\([[A-Za-z]]:\),\1,g'` ;; + $SED 's|/\([[A-Za-z]]:\)|\1|g'` ;; esac sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` else @@ -2236,7 +2362,7 @@ fi]) library_names_spec= libname_spec='lib$name' soname_spec= -shrext_cmds=".so" +shrext_cmds=.so postinstall_cmds= postuninstall_cmds= finish_cmds= @@ -2253,14 +2379,17 @@ hardcode_into_libs=no # flags to be left without arguments need_version=unknown +AC_ARG_VAR([LT_SYS_LIBRARY_PATH], +[User-defined run-time library search path.]) + case $host_os in aix3*) version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' + library_names_spec='$libname$release$shared_ext$versuffix $libname.a' shlibpath_var=LIBPATH # AIX 3 has no versioning support, so we append a major version to the name. - soname_spec='${libname}${release}${shared_ext}$major' + soname_spec='$libname$release$shared_ext$major' ;; aix[[4-9]]*) @@ -2268,41 +2397,91 @@ aix[[4-9]]*) need_lib_prefix=no need_version=no hardcode_into_libs=yes - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # AIX 5 supports IA64 - library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' + library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH else # With GCC up to 2.95.x, collect2 would create an import file # for dependence libraries. The import file would start with - # the line `#! .'. This would cause the generated library to - # depend on `.', always an invalid library. This was fixed in + # the line '#! .'. This would cause the generated library to + # depend on '.', always an invalid library. This was fixed in # development snapshots of GCC prior to 3.0. case $host_os in aix4 | aix4.[[01]] | aix4.[[01]].*) if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' echo ' yes ' - echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then + echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then : else can_build_shared=no fi ;; esac - # AIX (on Power*) has no versioning support, so currently we can not hardcode correct + # Using Import Files as archive members, it is possible to support + # filename-based versioning of shared library archives on AIX. While + # this would work for both with and without runtime linking, it will + # prevent static linking of such archives. So we do filename-based + # shared library versioning with .so extension only, which is used + # when both runtime linking and shared linking is enabled. + # Unfortunately, runtime linking may impact performance, so we do + # not want this to be the default eventually. Also, we use the + # versioned .so libs for executables only if there is the -brtl + # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only. + # To allow for filename-based versioning support, we need to create + # libNAME.so.V as an archive file, containing: + # *) an Import File, referring to the versioned filename of the + # archive as well as the shared archive member, telling the + # bitwidth (32 or 64) of that shared object, and providing the + # list of exported symbols of that shared object, eventually + # decorated with the 'weak' keyword + # *) the shared object with the F_LOADONLY flag set, to really avoid + # it being seen by the linker. + # At run time we better use the real file rather than another symlink, + # but for link time we create the symlink libNAME.so -> libNAME.so.V + + case $with_aix_soname,$aix_use_runtimelinking in + # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. - if test "$aix_use_runtimelinking" = yes; then + aix,yes) # traditional libtool + dynamic_linker='AIX unversionable lib.so' # If using run time linking (on AIX 4.2 or later) use lib.so # instead of lib.a to let people know that these are not # typical AIX shared libraries. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - else + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + ;; + aix,no) # traditional AIX only + dynamic_linker='AIX lib.a[(]lib.so.V[)]' # We preserve .a as extension for shared libraries through AIX4.2 # and later when we are not doing run time linking. - library_names_spec='${libname}${release}.a $libname.a' - soname_spec='${libname}${release}${shared_ext}$major' - fi + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + ;; + svr4,*) # full svr4 only + dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)]" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,yes) # both, prefer svr4 + dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)], lib.a[(]lib.so.V[)]" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # unpreferred sharedlib libNAME.a needs extra handling + postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"' + postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,no) # both, prefer aix + dynamic_linker="AIX lib.a[(]lib.so.V[)], lib.so.V[(]$shared_archive_member_spec.o[)]" + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling + postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)' + postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"' + ;; + esac shlibpath_var=LIBPATH fi ;; @@ -2312,18 +2491,18 @@ amigaos*) powerpc) # Since July 2007 AmigaOS4 officially supports .so libraries. # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' ;; m68k) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. - finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' ;; esac ;; beos*) - library_names_spec='${libname}${shared_ext}' + library_names_spec='$libname$shared_ext' dynamic_linker="$host_os ld.so" shlibpath_var=LIBRARY_PATH ;; @@ -2331,8 +2510,8 @@ beos*) bsdi[[45]]*) version_type=linux # correct to gnu/linux during the next big refactor need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" @@ -2344,7 +2523,7 @@ bsdi[[45]]*) cygwin* | mingw* | pw32* | cegcc*) version_type=windows - shrext_cmds=".dll" + shrext_cmds=.dll need_version=no need_lib_prefix=no @@ -2353,8 +2532,8 @@ cygwin* | mingw* | pw32* | cegcc*) # gcc library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds - postinstall_cmds='base_file=`basename \${file}`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname~ @@ -2370,17 +2549,17 @@ cygwin* | mingw* | pw32* | cegcc*) case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' - soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' + soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' m4_if([$1], [],[ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"]) ;; mingw* | cegcc*) # MinGW DLLs use traditional 'lib' prefix - soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' + soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' - library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' + library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' ;; esac dynamic_linker='Win32 ld.exe' @@ -2389,8 +2568,8 @@ m4_if([$1], [],[ *,cl*) # Native MSVC libname_spec='$name' - soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' - library_names_spec='${libname}.dll.lib' + soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' + library_names_spec='$libname.dll.lib' case $build_os in mingw*) @@ -2417,7 +2596,7 @@ m4_if([$1], [],[ sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` ;; *) - sys_lib_search_path_spec="$LIB" + sys_lib_search_path_spec=$LIB if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then # It is most probably a Windows format PATH. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` @@ -2430,8 +2609,8 @@ m4_if([$1], [],[ esac # DLL is installed to $(libdir)/../bin by postinstall_cmds - postinstall_cmds='base_file=`basename \${file}`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname' @@ -2444,7 +2623,7 @@ m4_if([$1], [],[ *) # Assume MSVC wrapper - library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib' + library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib' dynamic_linker='Win32 ld.exe' ;; esac @@ -2457,8 +2636,8 @@ darwin* | rhapsody*) version_type=darwin need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext' - soname_spec='${libname}${release}${major}$shared_ext' + library_names_spec='$libname$release$major$shared_ext $libname$shared_ext' + soname_spec='$libname$release$major$shared_ext' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' @@ -2471,8 +2650,8 @@ dgux*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH ;; @@ -2490,12 +2669,13 @@ freebsd* | dragonfly*) version_type=freebsd-$objformat case $version_type in freebsd-elf*) - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' need_version=no need_lib_prefix=no ;; freebsd-*) - library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' need_version=yes ;; esac @@ -2525,10 +2705,10 @@ haiku*) need_lib_prefix=no need_version=no dynamic_linker="$host_os runtime_loader" - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LIBRARY_PATH - shlibpath_overrides_runpath=yes + shlibpath_overrides_runpath=no sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' hardcode_into_libs=yes ;; @@ -2546,14 +2726,15 @@ hpux9* | hpux10* | hpux11*) dynamic_linker="$host_os dld.so" shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - if test "X$HPUX_IA64_MODE" = X32; then + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + if test 32 = "$HPUX_IA64_MODE"; then sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + sys_lib_dlsearch_path_spec=/usr/lib/hpux32 else sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + sys_lib_dlsearch_path_spec=/usr/lib/hpux64 fi - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; hppa*64*) shrext_cmds='.sl' @@ -2561,8 +2742,8 @@ hpux9* | hpux10* | hpux11*) dynamic_linker="$host_os dld.sl" shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; @@ -2571,8 +2752,8 @@ hpux9* | hpux10* | hpux11*) dynamic_linker="$host_os dld.sl" shlibpath_var=SHLIB_PATH shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' ;; esac # HP-UX runs *really* slowly unless shared libraries are mode 555, ... @@ -2585,8 +2766,8 @@ interix[[3-9]]*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no @@ -2597,7 +2778,7 @@ irix5* | irix6* | nonstopux*) case $host_os in nonstopux*) version_type=nonstopux ;; *) - if test "$lt_cv_prog_gnu_ld" = yes; then + if test yes = "$lt_cv_prog_gnu_ld"; then version_type=linux # correct to gnu/linux during the next big refactor else version_type=irix @@ -2605,8 +2786,8 @@ irix5* | irix6* | nonstopux*) esac need_lib_prefix=no need_version=no - soname_spec='${libname}${release}${shared_ext}$major' - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext' case $host_os in irix5* | nonstopux*) libsuff= shlibsuff= @@ -2625,8 +2806,8 @@ irix5* | irix6* | nonstopux*) esac shlibpath_var=LD_LIBRARY${shlibsuff}_PATH shlibpath_overrides_runpath=no - sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" - sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" + sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" + sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" hardcode_into_libs=yes ;; @@ -2635,13 +2816,33 @@ linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; +linux*android*) + version_type=none # Android doesn't support versioned libraries. + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext' + soname_spec='$libname$release$shared_ext' + finish_cmds= + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + ;; + # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no @@ -2666,7 +2867,12 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) # before this can be enabled. hardcode_into_libs=yes - # Append ld.so.conf contents to the search path + # Ideally, we could use ldconfig to report *all* directores which are + # searched for libraries, however this is still not possible. Aside from not + # being certain /sbin/ldconfig is available, command + # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64, + # even though it is searched at run-time. Try to do the best guess by + # appending ld.so.conf contents (and includes) to the search path. if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" @@ -2698,12 +2904,12 @@ netbsd*) need_lib_prefix=no need_version=no if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' dynamic_linker='NetBSD (a.out) ld.so' else - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' dynamic_linker='NetBSD ld.elf_so' fi shlibpath_var=LD_LIBRARY_PATH @@ -2713,7 +2919,7 @@ netbsd*) newsos6) version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; @@ -2722,58 +2928,68 @@ newsos6) version_type=qnx need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes dynamic_linker='ldqnx.so' ;; -openbsd*) +openbsd* | bitrig*) version_type=sunos - sys_lib_dlsearch_path_spec="/usr/lib" + sys_lib_dlsearch_path_spec=/usr/lib need_lib_prefix=no - # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. - case $host_os in - openbsd3.3 | openbsd3.3.*) need_version=yes ;; - *) need_version=no ;; - esac - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' - shlibpath_var=LD_LIBRARY_PATH - if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - case $host_os in - openbsd2.[[89]] | openbsd2.[[89]].*) - shlibpath_overrides_runpath=no - ;; - *) - shlibpath_overrides_runpath=yes - ;; - esac + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + need_version=no else - shlibpath_overrides_runpath=yes + need_version=yes fi + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes ;; os2*) libname_spec='$name' - shrext_cmds=".dll" + version_type=windows + shrext_cmds=.dll + need_version=no need_lib_prefix=no - library_names_spec='$libname${shared_ext} $libname.a' + # OS/2 can only load a DLL with a base name of 8 characters or less. + soname_spec='`test -n "$os2dllname" && libname="$os2dllname"; + v=$($ECHO $release$versuffix | tr -d .-); + n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _); + $ECHO $n$v`$shared_ext' + library_names_spec='${libname}_dll.$libext' dynamic_linker='OS/2 ld.exe' - shlibpath_var=LIBPATH + shlibpath_var=BEGINLIBPATH + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' ;; osf3* | osf4* | osf5*) version_type=osf need_lib_prefix=no need_version=no - soname_spec='${libname}${release}${shared_ext}$major' - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" - sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; rdos*) @@ -2784,8 +3000,8 @@ solaris*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes @@ -2795,11 +3011,11 @@ solaris*) sunos4*) version_type=sunos - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes - if test "$with_gnu_ld" = yes; then + if test yes = "$with_gnu_ld"; then need_lib_prefix=no fi need_version=yes @@ -2807,8 +3023,8 @@ sunos4*) sysv4 | sysv4.3*) version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH case $host_vendor in sni) @@ -2829,24 +3045,24 @@ sysv4 | sysv4.3*) ;; sysv4*MP*) - if test -d /usr/nec ;then + if test -d /usr/nec; then version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' - soname_spec='$libname${shared_ext}.$major' + library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext' + soname_spec='$libname$shared_ext.$major' shlibpath_var=LD_LIBRARY_PATH fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) - version_type=freebsd-elf + version_type=sco need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes - if test "$with_gnu_ld" = yes; then + if test yes = "$with_gnu_ld"; then sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' else sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' @@ -2864,7 +3080,7 @@ tpf*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes @@ -2872,8 +3088,8 @@ tpf*) uts4*) version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH ;; @@ -2882,20 +3098,30 @@ uts4*) ;; esac AC_MSG_RESULT([$dynamic_linker]) -test "$dynamic_linker" = no && can_build_shared=no +test no = "$dynamic_linker" && can_build_shared=no variables_saved_for_relink="PATH $shlibpath_var $runpath_var" -if test "$GCC" = yes; then +if test yes = "$GCC"; then variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" fi -if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then - sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" +if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then + sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec fi -if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then - sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" + +if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then + sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec fi +# remember unaugmented sys_lib_dlsearch_path content for libtool script decls... +configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec + +# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code +func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH" + +# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool +configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH + _LT_DECL([], [variables_saved_for_relink], [1], [Variables whose values should be saved in libtool wrapper scripts and restored at link time]) @@ -2928,39 +3154,41 @@ _LT_DECL([], [hardcode_into_libs], [0], [Whether we should hardcode library paths into libraries]) _LT_DECL([], [sys_lib_search_path_spec], [2], [Compile-time system search path for libraries]) -_LT_DECL([], [sys_lib_dlsearch_path_spec], [2], - [Run-time system search path for libraries]) +_LT_DECL([sys_lib_dlsearch_path_spec], [configure_time_dlsearch_path], [2], + [Detected run-time system search path for libraries]) +_LT_DECL([], [configure_time_lt_sys_library_path], [2], + [Explicit LT_SYS_LIBRARY_PATH set during ./configure time]) ])# _LT_SYS_DYNAMIC_LINKER # _LT_PATH_TOOL_PREFIX(TOOL) # -------------------------- -# find a file program which can recognize shared library +# find a file program that can recognize shared library AC_DEFUN([_LT_PATH_TOOL_PREFIX], [m4_require([_LT_DECL_EGREP])dnl AC_MSG_CHECKING([for $1]) AC_CACHE_VAL(lt_cv_path_MAGIC_CMD, [case $MAGIC_CMD in [[\\/*] | ?:[\\/]*]) - lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. + lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. ;; *) - lt_save_MAGIC_CMD="$MAGIC_CMD" - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + lt_save_MAGIC_CMD=$MAGIC_CMD + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR dnl $ac_dummy forces splitting on constant user-supplied paths. dnl POSIX.2 word splitting is done only on the output of word expansions, dnl not every word. This closes a longstanding sh security hole. ac_dummy="m4_if([$2], , $PATH, [$2])" for ac_dir in $ac_dummy; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$1; then - lt_cv_path_MAGIC_CMD="$ac_dir/$1" + if test -f "$ac_dir/$1"; then + lt_cv_path_MAGIC_CMD=$ac_dir/"$1" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` - MAGIC_CMD="$lt_cv_path_MAGIC_CMD" + MAGIC_CMD=$lt_cv_path_MAGIC_CMD if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : @@ -2983,11 +3211,11 @@ _LT_EOF break fi done - IFS="$lt_save_ifs" - MAGIC_CMD="$lt_save_MAGIC_CMD" + IFS=$lt_save_ifs + MAGIC_CMD=$lt_save_MAGIC_CMD ;; esac]) -MAGIC_CMD="$lt_cv_path_MAGIC_CMD" +MAGIC_CMD=$lt_cv_path_MAGIC_CMD if test -n "$MAGIC_CMD"; then AC_MSG_RESULT($MAGIC_CMD) else @@ -3005,7 +3233,7 @@ dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], []) # _LT_PATH_MAGIC # -------------- -# find a file program which can recognize a shared library +# find a file program that can recognize a shared library m4_defun([_LT_PATH_MAGIC], [_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH) if test -z "$lt_cv_path_MAGIC_CMD"; then @@ -3032,16 +3260,16 @@ m4_require([_LT_PROG_ECHO_BACKSLASH])dnl AC_ARG_WITH([gnu-ld], [AS_HELP_STRING([--with-gnu-ld], [assume the C compiler uses GNU ld @<:@default=no@:>@])], - [test "$withval" = no || with_gnu_ld=yes], + [test no = "$withval" || with_gnu_ld=yes], [with_gnu_ld=no])dnl ac_prog=ld -if test "$GCC" = yes; then +if test yes = "$GCC"; then # Check if gcc -print-prog-name=ld gives a path. AC_MSG_CHECKING([for ld used by $CC]) case $host in *-*-mingw*) - # gcc leaves a trailing carriage return which upsets mingw + # gcc leaves a trailing carriage return, which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; @@ -3055,7 +3283,7 @@ if test "$GCC" = yes; then while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` done - test -z "$LD" && LD="$ac_prog" + test -z "$LD" && LD=$ac_prog ;; "") # If it fails, then pretend we aren't using GCC. @@ -3066,37 +3294,37 @@ if test "$GCC" = yes; then with_gnu_ld=unknown ;; esac -elif test "$with_gnu_ld" = yes; then +elif test yes = "$with_gnu_ld"; then AC_MSG_CHECKING([for GNU ld]) else AC_MSG_CHECKING([for non-GNU ld]) fi AC_CACHE_VAL(lt_cv_path_LD, [if test -z "$LD"; then - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then - lt_cv_path_LD="$ac_dir/$ac_prog" + lt_cv_path_LD=$ac_dir/$ac_prog # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some variants of GNU ld only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$lt_cv_path_LD" -v 2>&1 conftest.i +cat conftest.i conftest.i >conftest2.i +: ${lt_DD:=$DD} +AC_PATH_PROGS_FEATURE_CHECK([lt_DD], [dd], +[if "$ac_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=: +fi]) +rm -f conftest.i conftest2.i conftest.out]) +])# _LT_PATH_DD + + +# _LT_CMD_TRUNCATE +# ---------------- +# find command to truncate a binary pipe +m4_defun([_LT_CMD_TRUNCATE], +[m4_require([_LT_PATH_DD]) +AC_CACHE_CHECK([how to truncate binary pipes], [lt_cv_truncate_bin], +[printf 0123456789abcdef0123456789abcdef >conftest.i +cat conftest.i conftest.i >conftest2.i +lt_cv_truncate_bin= +if "$ac_cv_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1" +fi +rm -f conftest.i conftest2.i conftest.out +test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"]) +_LT_DECL([lt_truncate_bin], [lt_cv_truncate_bin], [1], + [Command to truncate a binary pipe]) +])# _LT_CMD_TRUNCATE + + # _LT_CHECK_MAGIC_METHOD # ---------------------- # how to check for library dependencies @@ -3182,13 +3447,13 @@ lt_cv_deplibs_check_method='unknown' # Need to set the preceding variable on all platforms that support # interlibrary dependencies. # 'none' -- dependencies not supported. -# `unknown' -- same as none, but documents that we really don't know. +# 'unknown' -- same as none, but documents that we really don't know. # 'pass_all' -- all dependencies passed with no checks. # 'test_compile' -- check by making test program. # 'file_magic [[regex]]' -- check by looking for files in library path -# which responds to the $file_magic_cmd with a given extended regex. -# If you have `file' or equivalent on your system and you're not sure -# whether `pass_all' will *always* work, you probably want this one. +# that responds to the $file_magic_cmd with a given extended regex. +# If you have 'file' or equivalent on your system and you're not sure +# whether 'pass_all' will *always* work, you probably want this one. case $host_os in aix[[4-9]]*) @@ -3215,8 +3480,7 @@ mingw* | pw32*) # Base MSYS/MinGW do not provide the 'file' command needed by # func_win32_libid shell function, so use a weaker test based on 'objdump', # unless we find 'file', for example because we are cross-compiling. - # func_win32_libid assumes BSD nm, so disallow it if using MS dumpbin. - if ( test "$lt_cv_nm_interface" = "BSD nm" && file / ) >/dev/null 2>&1; then + if ( file / ) >/dev/null 2>&1; then lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' else @@ -3312,8 +3576,8 @@ newos6*) lt_cv_deplibs_check_method=pass_all ;; -openbsd*) - if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then +openbsd* | bitrig*) + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' @@ -3366,6 +3630,9 @@ sysv4 | sysv4.3*) tpf*) lt_cv_deplibs_check_method=pass_all ;; +os2*) + lt_cv_deplibs_check_method=pass_all + ;; esac ]) @@ -3406,33 +3673,38 @@ AC_DEFUN([LT_PATH_NM], AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM, [if test -n "$NM"; then # Let the user override the test. - lt_cv_path_NM="$NM" + lt_cv_path_NM=$NM else - lt_nm_to_check="${ac_tool_prefix}nm" + lt_nm_to_check=${ac_tool_prefix}nm if test -n "$ac_tool_prefix" && test "$build" = "$host"; then lt_nm_to_check="$lt_nm_to_check nm" fi for lt_tmp_nm in $lt_nm_to_check; do - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs test -z "$ac_dir" && ac_dir=. - tmp_nm="$ac_dir/$lt_tmp_nm" - if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then + tmp_nm=$ac_dir/$lt_tmp_nm + if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then # Check to see if the nm accepts a BSD-compat flag. - # Adding the `sed 1q' prevents false positives on HP-UX, which says: + # Adding the 'sed 1q' prevents false positives on HP-UX, which says: # nm: unknown option "B" ignored # Tru64's nm complains that /dev/null is an invalid object file - case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in - */dev/null* | *'Invalid file or object type'*) + # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty + case $build_os in + mingw*) lt_bad_file=conftest.nm/nofile ;; + *) lt_bad_file=/dev/null ;; + esac + case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in + *$lt_bad_file* | *'Invalid file or object type'*) lt_cv_path_NM="$tmp_nm -B" - break + break 2 ;; *) case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in */dev/null*) lt_cv_path_NM="$tmp_nm -p" - break + break 2 ;; *) lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but @@ -3443,21 +3715,21 @@ else esac fi done - IFS="$lt_save_ifs" + IFS=$lt_save_ifs done : ${lt_cv_path_NM=no} fi]) -if test "$lt_cv_path_NM" != "no"; then - NM="$lt_cv_path_NM" +if test no != "$lt_cv_path_NM"; then + NM=$lt_cv_path_NM else # Didn't find any BSD compatible name lister, look for dumpbin. if test -n "$DUMPBIN"; then : # Let the user override the test. else AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :) - case `$DUMPBIN -symbols /dev/null 2>&1 | sed '1q'` in + case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in *COFF*) - DUMPBIN="$DUMPBIN -symbols" + DUMPBIN="$DUMPBIN -symbols -headers" ;; *) DUMPBIN=: @@ -3465,8 +3737,8 @@ else esac fi AC_SUBST([DUMPBIN]) - if test "$DUMPBIN" != ":"; then - NM="$DUMPBIN" + if test : != "$DUMPBIN"; then + NM=$DUMPBIN fi fi test -z "$NM" && NM=nm @@ -3512,8 +3784,8 @@ lt_cv_sharedlib_from_linklib_cmd, case $host_os in cygwin* | mingw* | pw32* | cegcc*) - # two different shell functions defined in ltmain.sh - # decide which to use based on capabilities of $DLLTOOL + # two different shell functions defined in ltmain.sh; + # decide which one to use based on capabilities of $DLLTOOL case `$DLLTOOL --help 2>&1` in *--identify-strict*) lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib @@ -3525,7 +3797,7 @@ cygwin* | mingw* | pw32* | cegcc*) ;; *) # fallback: assume linklib IS sharedlib - lt_cv_sharedlib_from_linklib_cmd="$ECHO" + lt_cv_sharedlib_from_linklib_cmd=$ECHO ;; esac ]) @@ -3552,13 +3824,28 @@ AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool lt_cv_path_mainfest_tool=yes fi rm -f conftest*]) -if test "x$lt_cv_path_mainfest_tool" != xyes; then +if test yes != "$lt_cv_path_mainfest_tool"; then MANIFEST_TOOL=: fi _LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl ])# _LT_PATH_MANIFEST_TOOL +# _LT_DLL_DEF_P([FILE]) +# --------------------- +# True iff FILE is a Windows DLL '.def' file. +# Keep in sync with func_dll_def_p in the libtool script +AC_DEFUN([_LT_DLL_DEF_P], +[dnl + test DEF = "`$SED -n dnl + -e '\''s/^[[ ]]*//'\'' dnl Strip leading whitespace + -e '\''/^\(;.*\)*$/d'\'' dnl Delete empty lines and comments + -e '\''s/^\(EXPORTS\|LIBRARY\)\([[ ]].*\)*$/DEF/p'\'' dnl + -e q dnl Only consider the first "real" line + $1`" dnl +])# _LT_DLL_DEF_P + + # LT_LIB_M # -------- # check for math library @@ -3570,11 +3857,11 @@ case $host in # These system don't have libm, or don't need it ;; *-ncr-sysv4.3*) - AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw") + AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM=-lmw) AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm") ;; *) - AC_CHECK_LIB(m, cos, LIBM="-lm") + AC_CHECK_LIB(m, cos, LIBM=-lm) ;; esac AC_SUBST([LIBM]) @@ -3593,7 +3880,7 @@ m4_defun([_LT_COMPILER_NO_RTTI], _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= -if test "$GCC" = yes; then +if test yes = "$GCC"; then case $cc_basename in nvcc*) _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;; @@ -3645,7 +3932,7 @@ cygwin* | mingw* | pw32* | cegcc*) symcode='[[ABCDGISTW]]' ;; hpux*) - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then symcode='[[ABCDEGRST]]' fi ;; @@ -3678,14 +3965,44 @@ case `$NM -V 2>&1` in symcode='[[ABCDGIRSTW]]' ;; esac +if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Gets list of data symbols to import. + lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'" + # Adjust the below global symbol transforms to fixup imported variables. + lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'" + lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'" + lt_c_name_lib_hook="\ + -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\ + -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'" +else + # Disable hooks by default. + lt_cv_sys_global_symbol_to_import= + lt_cdecl_hook= + lt_c_name_hook= + lt_c_name_lib_hook= +fi + # Transform an extracted symbol line into a proper C declaration. # Some systems (esp. on ia64) link data and code symbols differently, # so use this general approach. -lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" +lt_cv_sys_global_symbol_to_cdecl="sed -n"\ +$lt_cdecl_hook\ +" -e 's/^T .* \(.*\)$/extern int \1();/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'" # Transform an extracted symbol line into symbol name and symbol address -lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\)[[ ]]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p'" -lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([[^ ]]*\)[[ ]]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \(lib[[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"lib\2\", (void *) \&\2},/p'" +lt_cv_sys_global_symbol_to_c_name_address="sed -n"\ +$lt_c_name_hook\ +" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'" + +# Transform an extracted symbol line into symbol name with lib prefix and +# symbol address. +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\ +$lt_c_name_lib_hook\ +" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ +" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'" # Handle CRLF in mingw tool chain opt_cr= @@ -3703,21 +4020,24 @@ for ac_symprfx in "" "_"; do # Write the raw and C identifiers. if test "$lt_cv_nm_interface" = "MS dumpbin"; then - # Fake it for dumpbin and say T for any non-static function - # and D for any global variable. + # Fake it for dumpbin and say T for any non-static function, + # D for any global variable and I for any imported variable. # Also find C++ and __fastcall symbols from MSVC++, # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK ['"\ " {last_section=section; section=\$ 3};"\ " /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ " /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ +" /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\ +" /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\ +" /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\ " \$ 0!~/External *\|/{next};"\ " / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ " {if(hide[section]) next};"\ -" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\ -" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\ -" s[1]~/^[@?]/{print s[1], s[1]; next};"\ -" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\ +" {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\ +" {split(\$ 0,a,/\||\r/); split(a[2],s)};"\ +" s[1]~/^[@?]/{print f,s[1],s[1]; next};"\ +" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\ " ' prfx=^$ac_symprfx]" else lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" @@ -3757,11 +4077,11 @@ _LT_EOF if $GREP ' nm_test_func$' "$nlist" >/dev/null; then cat <<_LT_EOF > conftest.$ac_ext /* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ -#if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) -/* DATA imports from DLLs on WIN32 con't be const, because runtime +#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE +/* DATA imports from DLLs on WIN32 can't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */ # define LT@&t@_DLSYM_CONST -#elif defined(__osf__) +#elif defined __osf__ /* This system does not cope well with relocations in const data. */ # define LT@&t@_DLSYM_CONST #else @@ -3787,7 +4107,7 @@ lt__PROGRAM__LTX_preloaded_symbols[[]] = { { "@PROGRAM@", (void *) 0 }, _LT_EOF - $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext + $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext cat <<\_LT_EOF >> conftest.$ac_ext {0, (void *) 0} }; @@ -3807,9 +4127,9 @@ _LT_EOF mv conftest.$ac_objext conftstm.$ac_objext lt_globsym_save_LIBS=$LIBS lt_globsym_save_CFLAGS=$CFLAGS - LIBS="conftstm.$ac_objext" + LIBS=conftstm.$ac_objext CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)" - if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then + if AC_TRY_EVAL(ac_link) && test -s conftest$ac_exeext; then pipe_works=yes fi LIBS=$lt_globsym_save_LIBS @@ -3830,7 +4150,7 @@ _LT_EOF rm -rf conftest* conftst* # Do not use the global_symbol_pipe unless it works. - if test "$pipe_works" = yes; then + if test yes = "$pipe_works"; then break else lt_cv_sys_global_symbol_pipe= @@ -3857,12 +4177,16 @@ _LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1], [Take the output of nm and produce a listing of raw symbols and C names]) _LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1], [Transform the output of nm in a proper C declaration]) +_LT_DECL([global_symbol_to_import], [lt_cv_sys_global_symbol_to_import], [1], + [Transform the output of nm into a list of symbols to manually relocate]) _LT_DECL([global_symbol_to_c_name_address], [lt_cv_sys_global_symbol_to_c_name_address], [1], [Transform the output of nm in a C name address pair]) _LT_DECL([global_symbol_to_c_name_address_lib_prefix], [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1], [Transform the output of nm in a C name address pair when lib prefix is needed]) +_LT_DECL([nm_interface], [lt_cv_nm_interface], [1], + [The name lister interface]) _LT_DECL([], [nm_file_list_spec], [1], [Specify filename containing input files for $NM]) ]) # _LT_CMD_GLOBAL_SYMBOLS @@ -3878,17 +4202,18 @@ _LT_TAGVAR(lt_prog_compiler_static, $1)= m4_if([$1], [CXX], [ # C++ specific cases for pic, static, wl, etc. - if test "$GXX" = yes; then + if test yes = "$GXX"; then _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' case $host_os in aix*) # All AIX code is PIC. - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; amigaos*) @@ -3899,8 +4224,8 @@ m4_if([$1], [CXX], [ ;; m68k) # FIXME: we need at least 68020 code to build shared libraries, but - # adding the `-m68020' flag to GCC prevents building anything better, - # like `-m68040'. + # adding the '-m68020' flag to GCC prevents building anything better, + # like '-m68040'. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' ;; esac @@ -3916,6 +4241,11 @@ m4_if([$1], [CXX], [ # (--disable-auto-import) libraries m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + case $host_os in + os2*) + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static' + ;; + esac ;; darwin* | rhapsody*) # PIC is the default on this platform @@ -3965,7 +4295,7 @@ m4_if([$1], [CXX], [ case $host_os in aix[[4-9]]*) # All AIX code is PIC. - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' else @@ -4006,14 +4336,14 @@ m4_if([$1], [CXX], [ case $cc_basename in CC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' - if test "$host_cpu" != ia64; then + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive' + if test ia64 != "$host_cpu"; then _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' fi ;; aCC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive' case $host_cpu in hppa*64*|ia64*) # +Z the default @@ -4050,7 +4380,7 @@ m4_if([$1], [CXX], [ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; ecpc* ) - # old Intel C++ for x86_64 which still supported -KPIC. + # old Intel C++ for x86_64, which still supported -KPIC. _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' @@ -4195,17 +4525,18 @@ m4_if([$1], [CXX], [ fi ], [ - if test "$GCC" = yes; then + if test yes = "$GCC"; then _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' case $host_os in aix*) # All AIX code is PIC. - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; amigaos*) @@ -4216,8 +4547,8 @@ m4_if([$1], [CXX], [ ;; m68k) # FIXME: we need at least 68020 code to build shared libraries, but - # adding the `-m68020' flag to GCC prevents building anything better, - # like `-m68040'. + # adding the '-m68020' flag to GCC prevents building anything better, + # like '-m68040'. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' ;; esac @@ -4234,6 +4565,11 @@ m4_if([$1], [CXX], [ # (--disable-auto-import) libraries m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + case $host_os in + os2*) + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static' + ;; + esac ;; darwin* | rhapsody*) @@ -4304,7 +4640,7 @@ m4_if([$1], [CXX], [ case $host_os in aix*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' else @@ -4312,11 +4648,30 @@ m4_if([$1], [CXX], [ fi ;; + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' + case $cc_basename in + nagfor*) + # NAG Fortran compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + esac + ;; + mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + case $host_os in + os2*) + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static' + ;; + esac ;; hpux9* | hpux10* | hpux11*) @@ -4332,7 +4687,7 @@ m4_if([$1], [CXX], [ ;; esac # Is there a better lt_prog_compiler_static that works with the bundled CC? - _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive' ;; irix5* | irix6* | nonstopux*) @@ -4343,7 +4698,7 @@ m4_if([$1], [CXX], [ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) case $cc_basename in - # old Intel for x86_64 which still supported -KPIC. + # old Intel for x86_64, which still supported -KPIC. ecc*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' @@ -4368,6 +4723,12 @@ m4_if([$1], [CXX], [ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group compilers (*not* the Pentium gcc compiler, # which looks to be a dead project) @@ -4465,7 +4826,7 @@ m4_if([$1], [CXX], [ ;; sysv4*MP*) - if test -d /usr/nec ;then + if test -d /usr/nec; then _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi @@ -4494,7 +4855,7 @@ m4_if([$1], [CXX], [ fi ]) case $host_os in - # For platforms which do not support PIC, -DPIC is meaningless: + # For platforms that do not support PIC, -DPIC is meaningless: *djgpp*) _LT_TAGVAR(lt_prog_compiler_pic, $1)= ;; @@ -4560,17 +4921,21 @@ m4_if([$1], [CXX], [ case $host_os in aix[[4-9]]*) # If we're using GNU nm, then we don't want the "-C" option. - # -C means demangle to AIX nm, but means don't demangle with GNU nm - # Also, AIX nm treats weak defined symbols like other global defined - # symbols, whereas GNU nm marks them as "W". + # -C means demangle to GNU nm, but means don't demangle to AIX nm. + # Without the "-l" option, or with the "-B" option, AIX nm treats + # weak defined symbols like other global defined symbols, whereas + # GNU nm marks them as "W". + # While the 'weak' keyword is ignored in the Export File, we need + # it in the Import File for the 'aix-soname' feature, so we have + # to replace the "-B" option with "-P" for AIX nm. if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' else - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' fi ;; pw32*) - _LT_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds" + _LT_TAGVAR(export_symbols_cmds, $1)=$ltdll_cmds ;; cygwin* | mingw* | cegcc*) case $cc_basename in @@ -4619,9 +4984,9 @@ m4_if([$1], [CXX], [ # included in the symbol list _LT_TAGVAR(include_expsyms, $1)= # exclude_expsyms can be an extended regexp of symbols to exclude - # it will be wrapped by ` (' and `)$', so one must not match beginning or - # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', - # as well as any symbol that contains `d'. + # it will be wrapped by ' (' and ')$', so one must not match beginning or + # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc', + # as well as any symbol that contains 'd'. _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out # platforms (ab)use it in PIC code, but their linkers get confused if @@ -4637,7 +5002,7 @@ dnl Note also adjust exclude_expsyms for C++ above. # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. - if test "$GCC" != yes; then + if test yes != "$GCC"; then with_gnu_ld=no fi ;; @@ -4645,7 +5010,7 @@ dnl Note also adjust exclude_expsyms for C++ above. # we just hope/assume this is gcc and not c89 (= MSVC++) with_gnu_ld=yes ;; - openbsd*) + openbsd* | bitrig*) with_gnu_ld=no ;; linux* | k*bsd*-gnu | gnu*) @@ -4658,7 +5023,7 @@ dnl Note also adjust exclude_expsyms for C++ above. # On some targets, GNU ld is compatible enough with the native linker # that we're better off using the native interface for both. lt_use_gnu_ld_interface=no - if test "$with_gnu_ld" = yes; then + if test yes = "$with_gnu_ld"; then case $host_os in aix*) # The AIX port of GNU ld has always aspired to compatibility @@ -4680,24 +5045,24 @@ dnl Note also adjust exclude_expsyms for C++ above. esac fi - if test "$lt_use_gnu_ld_interface" = yes; then + if test yes = "$lt_use_gnu_ld_interface"; then # If archive_cmds runs LD, not CC, wlarc should be empty - wlarc='${wl}' + wlarc='$wl' # Set some defaults for GNU ld with shared library support. These # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. runpath_var=LD_RUN_PATH - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' # ancient GNU ld didn't support --whole-archive et. al. if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then - _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' else _LT_TAGVAR(whole_archive_flag_spec, $1)= fi supports_anon_versioning=no - case `$LD -v 2>&1` in + case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in *GNU\ gold*) supports_anon_versioning=yes ;; *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... @@ -4710,7 +5075,7 @@ dnl Note also adjust exclude_expsyms for C++ above. case $host_os in aix[[3-9]]*) # On AIX/PPC, the GNU linker is very broken - if test "$host_cpu" != ia64; then + if test ia64 != "$host_cpu"; then _LT_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 @@ -4729,7 +5094,7 @@ _LT_EOF case $host_cpu in powerpc) # see comment about AmigaOS4 .so support - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='' ;; m68k) @@ -4745,7 +5110,7 @@ _LT_EOF _LT_TAGVAR(allow_undefined_flag, $1)=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME - _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi @@ -4755,7 +5120,7 @@ _LT_EOF # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, # as there is no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes @@ -4763,61 +5128,89 @@ _LT_EOF _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then - cp $export_symbols $output_objdir/$soname.def; - else - echo EXPORTS > $output_objdir/$soname.def; - cat $export_symbols >> $output_objdir/$soname.def; - fi~ - $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file, use it as + # is; otherwise, prepend EXPORTS... + _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; haiku*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(link_all_deplibs, $1)=yes ;; + os2*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + shrext_cmds=.dll + _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + ;; + interix[[3-9]]*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) tmp_diet=no - if test "$host_os" = linux-dietlibc; then + if test linux-dietlibc = "$host_os"; then case $cc_basename in diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) esac fi if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ - && test "$tmp_diet" = no + && test no = "$tmp_diet" then tmp_addflag=' $pic_flag' tmp_sharedflag='-shared' case $cc_basename,$host_cpu in pgcc*) # Portland Group C compiler - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' tmp_addflag=' $pic_flag' ;; pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group f77 and f90 compilers - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' tmp_addflag=' $pic_flag -Mnomain' ;; ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 tmp_addflag=' -i_dynamic' ;; @@ -4828,42 +5221,47 @@ _LT_EOF lf95*) # Lahey Fortran 8.1 _LT_TAGVAR(whole_archive_flag_spec, $1)= tmp_sharedflag='--shared' ;; + nagfor*) # NAGFOR 5.3 + tmp_sharedflag='-Wl,-shared' ;; xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below) tmp_sharedflag='-qmkshrobj' tmp_addflag= ;; nvcc*) # Cuda Compiler Driver 2.2 - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes ;; esac case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes tmp_sharedflag='-G' ;; *Sun\ F*) # Sun Fortran 8.3 tmp_sharedflag='-G' ;; esac - _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - if test "x$supports_anon_versioning" = xyes; then + if test yes = "$supports_anon_versioning"; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - echo "local: *; };" >> $output_objdir/$libname.ver~ - $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' fi case $cc_basename in + tcc*) + _LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic' + ;; xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' - if test "x$supports_anon_versioning" = xyes; then + if test yes = "$supports_anon_versioning"; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - echo "local: *; };" >> $output_objdir/$libname.ver~ - $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' fi ;; esac @@ -4877,8 +5275,8 @@ _LT_EOF _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= else - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' fi ;; @@ -4896,8 +5294,8 @@ _LT_EOF _LT_EOF elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi @@ -4909,7 +5307,7 @@ _LT_EOF _LT_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 -*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not +*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot *** reliably create shared libraries on SCO systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.16.91.0.3 or newer. Another option is to modify @@ -4924,9 +5322,9 @@ _LT_EOF # DT_RUNPATH tag from executables and libraries. But doing so # requires that you compile everything twice, which is a pain. if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi @@ -4943,15 +5341,15 @@ _LT_EOF *) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac - if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then + if test no = "$_LT_TAGVAR(ld_shlibs, $1)"; then runpath_var= _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(export_dynamic_flag_spec, $1)= @@ -4967,7 +5365,7 @@ _LT_EOF # Note: this linker hardcodes the directories in LIBPATH if there # are no directories specified by -L. _LT_TAGVAR(hardcode_minus_L, $1)=yes - if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then + if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then # Neither direct hardcoding nor static linking is supported with a # broken collect2. _LT_TAGVAR(hardcode_direct, $1)=unsupported @@ -4975,34 +5373,57 @@ _LT_EOF ;; aix[[4-9]]*) - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' - no_entry_flag="" + no_entry_flag= else # If we're using GNU nm, then we don't want the "-C" option. - # -C means demangle to AIX nm, but means don't demangle with GNU nm - # Also, AIX nm treats weak defined symbols like other global - # defined symbols, whereas GNU nm marks them as "W". + # -C means demangle to GNU nm, but means don't demangle to AIX nm. + # Without the "-l" option, or with the "-B" option, AIX nm treats + # weak defined symbols like other global defined symbols, whereas + # GNU nm marks them as "W". + # While the 'weak' keyword is ignored in the Export File, we need + # it in the Import File for the 'aix-soname' feature, so we have + # to replace the "-B" option with "-P" for AIX nm. if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' else - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we - # need to do runtime linking. + # have runtime linking enabled, and use it for executables. + # For shared libraries, we enable/disable runtime linking + # depending on the kind of the shared library created - + # when "with_aix_soname,aix_use_runtimelinking" is: + # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables + # "aix,yes" lib.so shared, rtl:yes, for executables + # lib.a static archive + # "both,no" lib.so.V(shr.o) shared, rtl:yes + # lib.a(lib.so.V) shared, rtl:no, for executables + # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a(lib.so.V) shared, rtl:no + # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a static archive case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) for ld_flag in $LDFLAGS; do - if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then + if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then aix_use_runtimelinking=yes break fi done + if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then + # With aix-soname=svr4, we create the lib.so.V shared archives only, + # so we don't have lib.a shared libs to link our executables. + # We have to force runtime linking in this case. + aix_use_runtimelinking=yes + LDFLAGS="$LDFLAGS -Wl,-brtl" + fi ;; esac @@ -5021,13 +5442,21 @@ _LT_EOF _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes - _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' + _LT_TAGVAR(file_list_spec, $1)='$wl-f,' + case $with_aix_soname,$aix_use_runtimelinking in + aix,*) ;; # traditional, no import file + svr4,* | *,yes) # use import file + # The Import File defines what to hardcode. + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=no + ;; + esac - if test "$GCC" = yes; then + if test yes = "$GCC"; then case $host_os in aix4.[[012]]|aix4.[[012]].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ - collect2name=`${CC} -print-prog-name=collect2` + collect2name=`$CC -print-prog-name=collect2` if test -f "$collect2name" && strings "$collect2name" | $GREP resolve_lib_name >/dev/null then @@ -5046,62 +5475,80 @@ _LT_EOF ;; esac shared_flag='-shared' - if test "$aix_use_runtimelinking" = yes; then - shared_flag="$shared_flag "'${wl}-G' + if test yes = "$aix_use_runtimelinking"; then + shared_flag="$shared_flag "'$wl-G' fi - _LT_TAGVAR(link_all_deplibs, $1)=no + # Need to ensure runtime linking is disabled for the traditional + # shared library, or the linker may eventually find shared libraries + # /with/ Import File - we do not want to mix them. + shared_flag_aix='-shared' + shared_flag_svr4='-shared $wl-G' else # not using gcc - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else - if test "$aix_use_runtimelinking" = yes; then - shared_flag='${wl}-G' + if test yes = "$aix_use_runtimelinking"; then + shared_flag='$wl-G' else - shared_flag='${wl}-bM:SRE' + shared_flag='$wl-bM:SRE' fi + shared_flag_aix='$wl-bM:SRE' + shared_flag_svr4='$wl-G' fi fi - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. _LT_TAGVAR(always_export_symbols, $1)=yes - if test "$aix_use_runtimelinking" = yes; then + if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. _LT_TAGVAR(allow_undefined_flag, $1)='-berok' # Determine the default libpath from the value encoded in an # empty executable. _LT_SYS_MODULE_PATH_AIX([$1]) - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag else - if test "$host_cpu" = ia64; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' + if test ia64 = "$host_cpu"; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib' _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" - _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an # empty executable. _LT_SYS_MODULE_PATH_AIX([$1]) - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. - _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' - _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' - if test "$with_gnu_ld" = yes; then + _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok' + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok' + if test yes = "$with_gnu_ld"; then # We only use this code for GNU lds that support --whole-archive. - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive' else # Exported symbols can be pulled into shared objects from archives _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' fi _LT_TAGVAR(archive_cmds_need_lc, $1)=yes - # This is similar to how AIX traditionally builds its shared libraries. - _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d' + # -brtl affects multiple linker settings, -berok does not and is overridden later + compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`' + if test svr4 != "$with_aix_soname"; then + # This is similar to how AIX traditionally builds its shared libraries. + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname' + fi + if test aix != "$with_aix_soname"; then + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp' + else + # used by -dlpreopen to get the symbols + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV $output_objdir/$realname.d/$soname $output_objdir' + fi + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d' fi fi ;; @@ -5110,7 +5557,7 @@ _LT_EOF case $host_cpu in powerpc) # see comment about AmigaOS4 .so support - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='' ;; m68k) @@ -5140,16 +5587,17 @@ _LT_EOF # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. - shrext_cmds=".dll" + shrext_cmds=.dll # FIXME: Setting linknames here is a bad hack. - _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' - _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then - sed -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; - else - sed -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; - fi~ - $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ - linknames=' + _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' + _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then + cp "$export_symbols" "$output_objdir/$soname.def"; + echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; + else + $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes @@ -5158,18 +5606,18 @@ _LT_EOF # Don't use ranlib _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ - lt_tool_outputfile="@TOOL_OUTPUT@"~ - case $lt_outputfile in - *.exe|*.EXE) ;; - *) - lt_outputfile="$lt_outputfile.exe" - lt_tool_outputfile="$lt_tool_outputfile.exe" - ;; - esac~ - if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then - $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; - $RM "$lt_outputfile.manifest"; - fi' + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile=$lt_outputfile.exe + lt_tool_outputfile=$lt_tool_outputfile.exe + ;; + esac~ + if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' ;; *) # Assume MSVC wrapper @@ -5178,7 +5626,7 @@ _LT_EOF # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. - shrext_cmds=".dll" + shrext_cmds=.dll # FIXME: Setting linknames here is a bad hack. _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' # The linker will automatically build a .lib file if we build a DLL. @@ -5228,33 +5676,33 @@ _LT_EOF ;; hpux9*) - if test "$GCC" = yes; then - _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + if test yes = "$GCC"; then + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' else - _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' fi - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_direct, $1)=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_TAGVAR(hardcode_minus_L, $1)=yes - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' ;; hpux10*) - if test "$GCC" = yes && test "$with_gnu_ld" = no; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + if test yes,no = "$GCC,$with_gnu_ld"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi - if test "$with_gnu_ld" = no; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + if test no = "$with_gnu_ld"; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_TAGVAR(hardcode_minus_L, $1)=yes @@ -5262,25 +5710,25 @@ _LT_EOF ;; hpux11*) - if test "$GCC" = yes && test "$with_gnu_ld" = no; then + if test yes,no = "$GCC,$with_gnu_ld"; then case $host_cpu in hppa*64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac else case $host_cpu in hppa*64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) m4_if($1, [], [ @@ -5288,14 +5736,14 @@ _LT_EOF # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) _LT_LINKER_OPTION([if $CC understands -b], _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b], - [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'], + [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'], [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])], - [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags']) + [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags']) ;; esac fi - if test "$with_gnu_ld" = no; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + if test no = "$with_gnu_ld"; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: case $host_cpu in @@ -5306,7 +5754,7 @@ _LT_EOF *) _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. @@ -5317,16 +5765,16 @@ _LT_EOF ;; irix5* | irix6* | nonstopux*) - if test "$GCC" = yes; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + if test yes = "$GCC"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' # Try to use the -exported_symbol ld option, if it does not # work, assume that -exports_file does not work either and # implicitly export all symbols. # This should be the same for all languages, so no per-tag cache variable. AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol], [lt_cv_irix_exported_symbol], - [save_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" + [save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null" AC_LINK_IFELSE( [AC_LANG_SOURCE( [AC_LANG_CASE([C], [[int foo (void) { return 0; }]], @@ -5339,21 +5787,32 @@ _LT_EOF end]])])], [lt_cv_irix_exported_symbol=yes], [lt_cv_irix_exported_symbol=no]) - LDFLAGS="$save_LDFLAGS"]) - if test "$lt_cv_irix_exported_symbol" = yes; then - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' + LDFLAGS=$save_LDFLAGS]) + if test yes = "$lt_cv_irix_exported_symbol"; then + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' fi + _LT_TAGVAR(link_all_deplibs, $1)=no else - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(inherit_rpath, $1)=yes _LT_TAGVAR(link_all_deplibs, $1)=yes ;; + linux*) + case $cc_basename in + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + _LT_TAGVAR(ld_shlibs, $1)=yes + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out @@ -5368,7 +5827,7 @@ _LT_EOF newsos6) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; @@ -5376,27 +5835,19 @@ _LT_EOF *nto* | *qnx*) ;; - openbsd*) + openbsd* | bitrig*) if test -f /usr/libexec/ld.so; then _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=yes - if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' else - case $host_os in - openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*) - _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - ;; - *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - ;; - esac + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' fi else _LT_TAGVAR(ld_shlibs, $1)=no @@ -5407,33 +5858,53 @@ _LT_EOF _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' - _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' + shrext_cmds=.dll + _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes ;; osf3*) - if test "$GCC" = yes; then - _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + if test yes = "$GCC"; then + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' else _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: ;; osf4* | osf5*) # as osf3* with the addition of -msym flag - if test "$GCC" = yes; then - _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $pic_flag $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + if test yes = "$GCC"; then + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' else _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ - $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' + $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp' # Both c and cxx compiler support -rpath directly _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' @@ -5444,24 +5915,24 @@ _LT_EOF solaris*) _LT_TAGVAR(no_undefined_flag, $1)=' -z defs' - if test "$GCC" = yes; then - wlarc='${wl}' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + if test yes = "$GCC"; then + wlarc='$wl' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' else case `$CC -V 2>&1` in *"Compilers 5.0"*) wlarc='' - _LT_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(archive_cmds, $1)='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' + $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' ;; *) - wlarc='${wl}' - _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags' + wlarc='$wl' + _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' ;; esac fi @@ -5471,11 +5942,11 @@ _LT_EOF solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) # The compiler driver will combine and reorder linker options, - # but understands `-z linker_flag'. GCC discards it without `$wl', + # but understands '-z linker_flag'. GCC discards it without '$wl', # but is careful enough not to reorder. # Supported since Solaris 2.6 (maybe 2.5.1?) - if test "$GCC" = yes; then - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' + if test yes = "$GCC"; then + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract' else _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' fi @@ -5485,10 +5956,10 @@ _LT_EOF ;; sunos4*) - if test "x$host_vendor" = xsequent; then + if test sequent = "$host_vendor"; then # Use $CC to link under sequent, because it throws in some extra .o # files that make .init and .fini sections work. - _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' fi @@ -5537,43 +6008,43 @@ _LT_EOF ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) - _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var='LD_RUN_PATH' - if test "$GCC" = yes; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + if test yes = "$GCC"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else - _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; sysv5* | sco3.2v5* | sco5v6*) - # Note: We can NOT use -z defs as we might desire, because we do not + # Note: We CANNOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. - _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' - _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' + _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' + _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport' runpath_var='LD_RUN_PATH' - if test "$GCC" = yes; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + if test yes = "$GCC"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else - _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; @@ -5588,17 +6059,17 @@ _LT_EOF ;; esac - if test x$host_vendor = xsni; then + if test sni = "$host_vendor"; then case $host in sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Blargedynsym' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Blargedynsym' ;; esac fi fi ]) AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) -test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no +test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no _LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld @@ -5615,7 +6086,7 @@ x|xyes) # Assume -lc should be added _LT_TAGVAR(archive_cmds_need_lc, $1)=yes - if test "$enable_shared" = yes && test "$GCC" = yes; then + if test yes,yes = "$GCC,$enable_shared"; then case $_LT_TAGVAR(archive_cmds, $1) in *'~'*) # FIXME: we may have to deal with multi-command sequences. @@ -5695,12 +6166,12 @@ _LT_TAGDECL([], [hardcode_libdir_flag_spec], [1], _LT_TAGDECL([], [hardcode_libdir_separator], [1], [Whether we need a single "-rpath" flag with a separated argument]) _LT_TAGDECL([], [hardcode_direct], [0], - [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes + [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes DIR into the resulting binary]) _LT_TAGDECL([], [hardcode_direct_absolute], [0], - [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes + [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes DIR into the resulting binary and the resulting library dependency is - "absolute", i.e impossible to change by setting ${shlibpath_var} if the + "absolute", i.e impossible to change by setting $shlibpath_var if the library is relocated]) _LT_TAGDECL([], [hardcode_minus_L], [0], [Set to "yes" if using the -LDIR flag during linking hardcodes DIR @@ -5741,10 +6212,10 @@ dnl [Compiler flag to generate thread safe objects]) # ------------------------ # Ensure that the configuration variables for a C compiler are suitably # defined. These variables are subsequently used by _LT_CONFIG to write -# the compiler configuration to `libtool'. +# the compiler configuration to 'libtool'. m4_defun([_LT_LANG_C_CONFIG], [m4_require([_LT_DECL_EGREP])dnl -lt_save_CC="$CC" +lt_save_CC=$CC AC_LANG_PUSH(C) # Source file extension for C test sources. @@ -5784,18 +6255,18 @@ if test -n "$compiler"; then LT_SYS_DLOPEN_SELF _LT_CMD_STRIPLIB - # Report which library types will actually be built + # Report what library types will actually be built AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) - test "$can_build_shared" = "no" && enable_shared=no + test no = "$can_build_shared" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) - test "$enable_shared" = yes && enable_static=no + test yes = "$enable_shared" && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' @@ -5803,8 +6274,12 @@ if test -n "$compiler"; then ;; aix[[4-9]]*) - if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then - test "$enable_shared" = yes && enable_static=no + if test ia64 != "$host_cpu"; then + case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in + yes,aix,yes) ;; # shared object as lib.so file only + yes,svr4,*) ;; # shared object as lib.so archive member only + yes,*) enable_static=no ;; # shared object in lib.a archive as well + esac fi ;; esac @@ -5812,13 +6287,13 @@ if test -n "$compiler"; then AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. - test "$enable_shared" = yes || enable_static=yes + test yes = "$enable_shared" || enable_static=yes AC_MSG_RESULT([$enable_static]) _LT_CONFIG($1) fi AC_LANG_POP -CC="$lt_save_CC" +CC=$lt_save_CC ])# _LT_LANG_C_CONFIG @@ -5826,14 +6301,14 @@ CC="$lt_save_CC" # -------------------------- # Ensure that the configuration variables for a C++ compiler are suitably # defined. These variables are subsequently used by _LT_CONFIG to write -# the compiler configuration to `libtool'. +# the compiler configuration to 'libtool'. m4_defun([_LT_LANG_CXX_CONFIG], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_PATH_MANIFEST_TOOL])dnl -if test -n "$CXX" && ( test "X$CXX" != "Xno" && - ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || - (test "X$CXX" != "Xg++"))) ; then +if test -n "$CXX" && ( test no != "$CXX" && + ( (test g++ = "$CXX" && `g++ -v >/dev/null 2>&1` ) || + (test g++ != "$CXX"))); then AC_PROG_CXXCPP else _lt_caught_CXX_error=yes @@ -5875,7 +6350,7 @@ _LT_TAGVAR(objext, $1)=$objext # the CXX compiler isn't working. Some variables (like enable_shared) # are currently assumed to apply to all compilers on this platform, # and will be corrupted by setting them based on a non-working compiler. -if test "$_lt_caught_CXX_error" != yes; then +if test yes != "$_lt_caught_CXX_error"; then # Code to be used in simple compile tests lt_simple_compile_test_code="int some_variable = 0;" @@ -5917,35 +6392,35 @@ if test "$_lt_caught_CXX_error" != yes; then if test -n "$compiler"; then # We don't want -fno-exception when compiling C++ code, so set the # no_builtin_flag separately - if test "$GXX" = yes; then + if test yes = "$GXX"; then _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' else _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= fi - if test "$GXX" = yes; then + if test yes = "$GXX"; then # Set up default GNU C++ configuration LT_PATH_LD # Check if GNU C++ uses GNU ld as the underlying linker, since the # archiving commands below assume that GNU ld is being used. - if test "$with_gnu_ld" = yes; then - _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + if test yes = "$with_gnu_ld"; then + _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' # If archive_cmds runs LD, not CC, wlarc should be empty # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to # investigate it a little bit more. (MM) - wlarc='${wl}' + wlarc='$wl' # ancient GNU ld didn't support --whole-archive et. al. if eval "`$CC -print-prog-name=ld` --help 2>&1" | $GREP 'no-whole-archive' > /dev/null; then - _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' else _LT_TAGVAR(whole_archive_flag_spec, $1)= fi @@ -5981,18 +6456,30 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_TAGVAR(ld_shlibs, $1)=no ;; aix[[4-9]]*) - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' - no_entry_flag="" + no_entry_flag= else aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we - # need to do runtime linking. + # have runtime linking enabled, and use it for executables. + # For shared libraries, we enable/disable runtime linking + # depending on the kind of the shared library created - + # when "with_aix_soname,aix_use_runtimelinking" is: + # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables + # "aix,yes" lib.so shared, rtl:yes, for executables + # lib.a static archive + # "both,no" lib.so.V(shr.o) shared, rtl:yes + # lib.a(lib.so.V) shared, rtl:no, for executables + # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a(lib.so.V) shared, rtl:no + # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a static archive case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) for ld_flag in $LDFLAGS; do case $ld_flag in @@ -6002,6 +6489,13 @@ if test "$_lt_caught_CXX_error" != yes; then ;; esac done + if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then + # With aix-soname=svr4, we create the lib.so.V shared archives only, + # so we don't have lib.a shared libs to link our executables. + # We have to force runtime linking in this case. + aix_use_runtimelinking=yes + LDFLAGS="$LDFLAGS -Wl,-brtl" + fi ;; esac @@ -6020,13 +6514,21 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes - _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' + _LT_TAGVAR(file_list_spec, $1)='$wl-f,' + case $with_aix_soname,$aix_use_runtimelinking in + aix,*) ;; # no import file + svr4,* | *,yes) # use import file + # The Import File defines what to hardcode. + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=no + ;; + esac - if test "$GXX" = yes; then + if test yes = "$GXX"; then case $host_os in aix4.[[012]]|aix4.[[012]].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ - collect2name=`${CC} -print-prog-name=collect2` + collect2name=`$CC -print-prog-name=collect2` if test -f "$collect2name" && strings "$collect2name" | $GREP resolve_lib_name >/dev/null then @@ -6044,64 +6546,84 @@ if test "$_lt_caught_CXX_error" != yes; then fi esac shared_flag='-shared' - if test "$aix_use_runtimelinking" = yes; then - shared_flag="$shared_flag "'${wl}-G' + if test yes = "$aix_use_runtimelinking"; then + shared_flag=$shared_flag' $wl-G' fi + # Need to ensure runtime linking is disabled for the traditional + # shared library, or the linker may eventually find shared libraries + # /with/ Import File - we do not want to mix them. + shared_flag_aix='-shared' + shared_flag_svr4='-shared $wl-G' else # not using gcc - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else - if test "$aix_use_runtimelinking" = yes; then - shared_flag='${wl}-G' + if test yes = "$aix_use_runtimelinking"; then + shared_flag='$wl-G' else - shared_flag='${wl}-bM:SRE' + shared_flag='$wl-bM:SRE' fi + shared_flag_aix='$wl-bM:SRE' + shared_flag_svr4='$wl-G' fi fi - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to # export. _LT_TAGVAR(always_export_symbols, $1)=yes - if test "$aix_use_runtimelinking" = yes; then + if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. - _LT_TAGVAR(allow_undefined_flag, $1)='-berok' + # The "-G" linker flag allows undefined symbols. + _LT_TAGVAR(no_undefined_flag, $1)='-bernotok' # Determine the default libpath from the value encoded in an empty # executable. _LT_SYS_MODULE_PATH_AIX([$1]) - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag else - if test "$host_cpu" = ia64; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' + if test ia64 = "$host_cpu"; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib' _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" - _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an # empty executable. _LT_SYS_MODULE_PATH_AIX([$1]) - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. - _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' - _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' - if test "$with_gnu_ld" = yes; then + _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok' + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok' + if test yes = "$with_gnu_ld"; then # We only use this code for GNU lds that support --whole-archive. - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive' else # Exported symbols can be pulled into shared objects from archives _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' fi _LT_TAGVAR(archive_cmds_need_lc, $1)=yes - # This is similar to how AIX traditionally builds its shared - # libraries. - _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d' + # -brtl affects multiple linker settings, -berok does not and is overridden later + compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`' + if test svr4 != "$with_aix_soname"; then + # This is similar to how AIX traditionally builds its shared + # libraries. Need -bnortl late, we may have -brtl in LDFLAGS. + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname' + fi + if test aix != "$with_aix_soname"; then + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp' + else + # used by -dlpreopen to get the symbols + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV $output_objdir/$realname.d/$soname $output_objdir' + fi + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d' fi fi ;; @@ -6111,7 +6633,7 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_TAGVAR(allow_undefined_flag, $1)=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME - _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi @@ -6139,57 +6661,58 @@ if test "$_lt_caught_CXX_error" != yes; then # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. - shrext_cmds=".dll" + shrext_cmds=.dll # FIXME: Setting linknames here is a bad hack. - _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' - _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then - $SED -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; - else - $SED -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; - fi~ - $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ - linknames=' + _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' + _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then + cp "$export_symbols" "$output_objdir/$soname.def"; + echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; + else + $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes # Don't use ranlib _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ - lt_tool_outputfile="@TOOL_OUTPUT@"~ - case $lt_outputfile in - *.exe|*.EXE) ;; - *) - lt_outputfile="$lt_outputfile.exe" - lt_tool_outputfile="$lt_tool_outputfile.exe" - ;; - esac~ - func_to_tool_file "$lt_outputfile"~ - if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then - $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; - $RM "$lt_outputfile.manifest"; - fi' + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile=$lt_outputfile.exe + lt_tool_outputfile=$lt_tool_outputfile.exe + ;; + esac~ + func_to_tool_file "$lt_outputfile"~ + if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' ;; *) # g++ # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, # as there is no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then - cp $export_symbols $output_objdir/$soname.def; - else - echo EXPORTS > $output_objdir/$soname.def; - cat $export_symbols >> $output_objdir/$soname.def; - fi~ - $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file, use it as + # is; otherwise, prepend EXPORTS... + _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi @@ -6200,6 +6723,34 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_DARWIN_LINKER_FEATURES($1) ;; + os2*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + shrext_cmds=.dll + _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + ;; + dgux*) case $cc_basename in ec++*) @@ -6235,14 +6786,14 @@ if test "$_lt_caught_CXX_error" != yes; then ;; haiku*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(link_all_deplibs, $1)=yes ;; hpux9*) - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, # but as the default @@ -6254,7 +6805,7 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_TAGVAR(ld_shlibs, $1)=no ;; aCC*) - _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. @@ -6263,11 +6814,11 @@ if test "$_lt_caught_CXX_error" != yes; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) - if test "$GXX" = yes; then - _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + if test yes = "$GXX"; then + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' else # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no @@ -6277,15 +6828,15 @@ if test "$_lt_caught_CXX_error" != yes; then ;; hpux10*|hpux11*) - if test $with_gnu_ld = no; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + if test no = "$with_gnu_ld"; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: case $host_cpu in hppa*64*|ia64*) ;; *) - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' ;; esac fi @@ -6311,13 +6862,13 @@ if test "$_lt_caught_CXX_error" != yes; then aCC*) case $host_cpu in hppa*64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; ia64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; *) - _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; esac # Commands to make compiler produce verbose output that lists @@ -6328,20 +6879,20 @@ if test "$_lt_caught_CXX_error" != yes; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) - if test "$GXX" = yes; then - if test $with_gnu_ld = no; then + if test yes = "$GXX"; then + if test no = "$with_gnu_ld"; then case $host_cpu in hppa*64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; ia64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; esac fi @@ -6356,22 +6907,22 @@ if test "$_lt_caught_CXX_error" != yes; then interix[[3-9]]*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; irix5* | irix6*) case $cc_basename in CC*) # SGI C++ - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' # Archives containing C++ object files must be created using # "CC -ar", where "CC" is the IRIX C++ compiler. This is @@ -6380,17 +6931,17 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs' ;; *) - if test "$GXX" = yes; then - if test "$with_gnu_ld" = no; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + if test yes = "$GXX"; then + if test no = "$with_gnu_ld"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' else - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` -o $lib' fi fi _LT_TAGVAR(link_all_deplibs, $1)=yes ;; esac - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(inherit_rpath, $1)=yes ;; @@ -6403,8 +6954,8 @@ if test "$_lt_caught_CXX_error" != yes; then # KCC will only create a shared library if the output file # ends with ".so" (or ".sl" for HP-UX), so rename the library # to its proper name (with version) after linking. - _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib' + _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib $wl-retain-symbols-file,$export_symbols; mv \$templib $lib' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. @@ -6413,10 +6964,10 @@ if test "$_lt_caught_CXX_error" != yes; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' # Archives containing C++ object files must be created using # "CC -Bstatic", where "CC" is the KAI C++ compiler. @@ -6430,59 +6981,59 @@ if test "$_lt_caught_CXX_error" != yes; then # earlier do not add the objects themselves. case `$CC -V 2>&1` in *"Version 7."*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' ;; *) # Version 8.0 or newer tmp_idyn= case $host_cpu in ia64*) tmp_idyn=' -i_dynamic';; esac - _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' ;; esac _LT_TAGVAR(archive_cmds_need_lc, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive' ;; pgCC* | pgcpp*) # Portland Group C++ compiler case `$CC -V` in *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*) _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~ - rm -rf $tpldir~ - $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ - compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ + compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~ - rm -rf $tpldir~ - $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ - $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ - $RANLIB $oldlib' + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ + $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ + $RANLIB $oldlib' _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~ - rm -rf $tpldir~ - $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ - $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~ - rm -rf $tpldir~ - $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ - $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' ;; *) # Version 6 and above use weak symbols - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' ;; esac - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl--rpath $wl$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' ;; cxx*) # Compaq C++ - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib $wl-retain-symbols-file $wl$export_symbols' runpath_var=LD_RUN_PATH _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' @@ -6496,18 +7047,18 @@ if test "$_lt_caught_CXX_error" != yes; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed' + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed' ;; xl* | mpixl* | bgxl*) # IBM XL 8.0 on PPC, with GNU ld - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' - _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - if test "x$supports_anon_versioning" = xyes; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' + _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + if test yes = "$supports_anon_versioning"; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - echo "local: *; };" >> $output_objdir/$libname.ver~ - $CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' fi ;; *) @@ -6515,10 +7066,10 @@ if test "$_lt_caught_CXX_error" != yes; then *Sun\ C*) # Sun C++ 5.9 _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' - _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols' + _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file $wl$export_symbols' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes # Not sure whether something based on @@ -6576,22 +7127,17 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_TAGVAR(ld_shlibs, $1)=yes ;; - openbsd2*) - # C++ shared libraries are fairly broken - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - - openbsd*) + openbsd* | bitrig*) if test -f /usr/libexec/ld.so; then _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' - _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`"; then + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file,$export_symbols -o $lib' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' + _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' fi output_verbose_link_cmd=func_echo_all else @@ -6607,9 +7153,9 @@ if test "$_lt_caught_CXX_error" != yes; then # KCC will only create a shared library if the output file # ends with ".so" (or ".sl" for HP-UX), so rename the library # to its proper name (with version) after linking. - _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Archives containing C++ object files must be created using @@ -6627,17 +7173,17 @@ if test "$_lt_caught_CXX_error" != yes; then cxx*) case $host in osf3*) - _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && func_echo_all "${wl}-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $soname `test -n "$verstring" && func_echo_all "$wl-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' ;; *) _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ - echo "-hidden">> $lib.exp~ - $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~ - $RM $lib.exp' + echo "-hidden">> $lib.exp~ + $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname $wl-input $wl$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~ + $RM $lib.exp' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' ;; esac @@ -6652,21 +7198,21 @@ if test "$_lt_caught_CXX_error" != yes; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) - if test "$GXX" = yes && test "$with_gnu_ld" = no; then - _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + if test yes,no = "$GXX,$with_gnu_ld"; then + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' case $host in osf3*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' ;; *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' ;; esac - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists @@ -6712,9 +7258,9 @@ if test "$_lt_caught_CXX_error" != yes; then # Sun C++ 4.2, 5.x and Centerline C++ _LT_TAGVAR(archive_cmds_need_lc,$1)=yes _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' - _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + $CC -G$allow_undefined_flag $wl-M $wl$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no @@ -6722,7 +7268,7 @@ if test "$_lt_caught_CXX_error" != yes; then solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) # The compiler driver will combine and reorder linker options, - # but understands `-z linker_flag'. + # but understands '-z linker_flag'. # Supported since Solaris 2.6 (maybe 2.5.1?) _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' ;; @@ -6739,30 +7285,30 @@ if test "$_lt_caught_CXX_error" != yes; then ;; gcx*) # Green Hills C++ Compiler - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' # The C++ compiler must be used to create the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs' ;; *) # GNU C++ compiler with Solaris linker - if test "$GXX" = yes && test "$with_gnu_ld" = no; then - _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs' + if test yes,no = "$GXX,$with_gnu_ld"; then + _LT_TAGVAR(no_undefined_flag, $1)=' $wl-z ${wl}defs' if $CC --version | $GREP -v '^2\.7' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -shared $pic_flag -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + $CC -shared $pic_flag -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' else - # g++ 2.7 appears to require `-G' NOT `-shared' on this + # g++ 2.7 appears to require '-G' NOT '-shared' on this # platform. - _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + $CC -G -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when @@ -6770,11 +7316,11 @@ if test "$_lt_caught_CXX_error" != yes; then output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' fi - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir' case $host_os in solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract' ;; esac fi @@ -6783,52 +7329,52 @@ if test "$_lt_caught_CXX_error" != yes; then ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) - _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var='LD_RUN_PATH' case $cc_basename in CC*) - _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; esac ;; sysv5* | sco3.2v5* | sco5v6*) - # Note: We can NOT use -z defs as we might desire, because we do not + # Note: We CANNOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. - _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' - _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' + _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' + _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport' runpath_var='LD_RUN_PATH' case $cc_basename in CC*) - _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~ - '"$_LT_TAGVAR(old_archive_cmds, $1)" + '"$_LT_TAGVAR(old_archive_cmds, $1)" _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~ - '"$_LT_TAGVAR(reload_cmds, $1)" + '"$_LT_TAGVAR(reload_cmds, $1)" ;; *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; esac ;; @@ -6859,10 +7405,10 @@ if test "$_lt_caught_CXX_error" != yes; then esac AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) - test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no + test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no - _LT_TAGVAR(GCC, $1)="$GXX" - _LT_TAGVAR(LD, $1)="$LD" + _LT_TAGVAR(GCC, $1)=$GXX + _LT_TAGVAR(LD, $1)=$LD ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change @@ -6889,7 +7435,7 @@ if test "$_lt_caught_CXX_error" != yes; then lt_cv_path_LD=$lt_save_path_LD lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld -fi # test "$_lt_caught_CXX_error" != yes +fi # test yes != "$_lt_caught_CXX_error" AC_LANG_POP ])# _LT_LANG_CXX_CONFIG @@ -6911,13 +7457,14 @@ AC_REQUIRE([_LT_DECL_SED]) AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH]) func_stripname_cnf () { - case ${2} in - .*) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%\\\\${2}\$%%"`;; - *) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%${2}\$%%"`;; + case @S|@2 in + .*) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%\\\\@S|@2\$%%"`;; + *) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%@S|@2\$%%"`;; esac } # func_stripname_cnf ])# _LT_FUNC_STRIPNAME_CNF + # _LT_SYS_HIDDEN_LIBDEPS([TAGNAME]) # --------------------------------- # Figure out "hidden" library dependencies from verbose @@ -7001,13 +7548,13 @@ if AC_TRY_EVAL(ac_compile); then pre_test_object_deps_done=no for p in `eval "$output_verbose_link_cmd"`; do - case ${prev}${p} in + case $prev$p in -L* | -R* | -l*) # Some compilers place space between "-{L,R}" and the path. # Remove the space. - if test $p = "-L" || - test $p = "-R"; then + if test x-L = "$p" || + test x-R = "$p"; then prev=$p continue fi @@ -7023,16 +7570,16 @@ if AC_TRY_EVAL(ac_compile); then case $p in =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;; esac - if test "$pre_test_object_deps_done" = no; then - case ${prev} in + if test no = "$pre_test_object_deps_done"; then + case $prev in -L | -R) # Internal compiler library paths should come after those # provided the user. The postdeps already come after the # user supplied libs so there is no need to process them. if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then - _LT_TAGVAR(compiler_lib_search_path, $1)="${prev}${p}" + _LT_TAGVAR(compiler_lib_search_path, $1)=$prev$p else - _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} ${prev}${p}" + _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} $prev$p" fi ;; # The "-l" case would never come before the object being @@ -7040,9 +7587,9 @@ if AC_TRY_EVAL(ac_compile); then esac else if test -z "$_LT_TAGVAR(postdeps, $1)"; then - _LT_TAGVAR(postdeps, $1)="${prev}${p}" + _LT_TAGVAR(postdeps, $1)=$prev$p else - _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} ${prev}${p}" + _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} $prev$p" fi fi prev= @@ -7057,15 +7604,15 @@ if AC_TRY_EVAL(ac_compile); then continue fi - if test "$pre_test_object_deps_done" = no; then + if test no = "$pre_test_object_deps_done"; then if test -z "$_LT_TAGVAR(predep_objects, $1)"; then - _LT_TAGVAR(predep_objects, $1)="$p" + _LT_TAGVAR(predep_objects, $1)=$p else _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p" fi else if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then - _LT_TAGVAR(postdep_objects, $1)="$p" + _LT_TAGVAR(postdep_objects, $1)=$p else _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p" fi @@ -7096,51 +7643,6 @@ interix[[3-9]]*) _LT_TAGVAR(postdep_objects,$1)= _LT_TAGVAR(postdeps,$1)= ;; - -linux*) - case `$CC -V 2>&1 | sed 5q` in - *Sun\ C*) - # Sun C++ 5.9 - - # The more standards-conforming stlport4 library is - # incompatible with the Cstd library. Avoid specifying - # it if it's in CXXFLAGS. Ignore libCrun as - # -library=stlport4 depends on it. - case " $CXX $CXXFLAGS " in - *" -library=stlport4 "*) - solaris_use_stlport4=yes - ;; - esac - - if test "$solaris_use_stlport4" != yes; then - _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' - fi - ;; - esac - ;; - -solaris*) - case $cc_basename in - CC* | sunCC*) - # The more standards-conforming stlport4 library is - # incompatible with the Cstd library. Avoid specifying - # it if it's in CXXFLAGS. Ignore libCrun as - # -library=stlport4 depends on it. - case " $CXX $CXXFLAGS " in - *" -library=stlport4 "*) - solaris_use_stlport4=yes - ;; - esac - - # Adding this requires a known-good setup of shared libraries for - # Sun compiler versions before 5.6, else PIC objects from an old - # archive will be linked into the output, leading to subtle bugs. - if test "$solaris_use_stlport4" != yes; then - _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' - fi - ;; - esac - ;; esac ]) @@ -7149,7 +7651,7 @@ case " $_LT_TAGVAR(postdeps, $1) " in esac _LT_TAGVAR(compiler_lib_search_dirs, $1)= if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then - _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | ${SED} -e 's! -L! !g' -e 's!^ !!'` + _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | $SED -e 's! -L! !g' -e 's!^ !!'` fi _LT_TAGDECL([], [compiler_lib_search_dirs], [1], [The directories searched by this compiler when creating a shared library]) @@ -7169,10 +7671,10 @@ _LT_TAGDECL([], [compiler_lib_search_path], [1], # -------------------------- # Ensure that the configuration variables for a Fortran 77 compiler are # suitably defined. These variables are subsequently used by _LT_CONFIG -# to write the compiler configuration to `libtool'. +# to write the compiler configuration to 'libtool'. m4_defun([_LT_LANG_F77_CONFIG], [AC_LANG_PUSH(Fortran 77) -if test -z "$F77" || test "X$F77" = "Xno"; then +if test -z "$F77" || test no = "$F77"; then _lt_disable_F77=yes fi @@ -7209,7 +7711,7 @@ _LT_TAGVAR(objext, $1)=$objext # the F77 compiler isn't working. Some variables (like enable_shared) # are currently assumed to apply to all compilers on this platform, # and will be corrupted by setting them based on a non-working compiler. -if test "$_lt_disable_F77" != yes; then +if test yes != "$_lt_disable_F77"; then # Code to be used in simple compile tests lt_simple_compile_test_code="\ subroutine t @@ -7231,7 +7733,7 @@ if test "$_lt_disable_F77" != yes; then _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. - lt_save_CC="$CC" + lt_save_CC=$CC lt_save_GCC=$GCC lt_save_CFLAGS=$CFLAGS CC=${F77-"f77"} @@ -7245,21 +7747,25 @@ if test "$_lt_disable_F77" != yes; then AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) - test "$can_build_shared" = "no" && enable_shared=no + test no = "$can_build_shared" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) - test "$enable_shared" = yes && enable_static=no + test yes = "$enable_shared" && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[[4-9]]*) - if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then - test "$enable_shared" = yes && enable_static=no + if test ia64 != "$host_cpu"; then + case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in + yes,aix,yes) ;; # shared object as lib.so file only + yes,svr4,*) ;; # shared object as lib.so archive member only + yes,*) enable_static=no ;; # shared object in lib.a archive as well + esac fi ;; esac @@ -7267,11 +7773,11 @@ if test "$_lt_disable_F77" != yes; then AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. - test "$enable_shared" = yes || enable_static=yes + test yes = "$enable_shared" || enable_static=yes AC_MSG_RESULT([$enable_static]) - _LT_TAGVAR(GCC, $1)="$G77" - _LT_TAGVAR(LD, $1)="$LD" + _LT_TAGVAR(GCC, $1)=$G77 + _LT_TAGVAR(LD, $1)=$LD ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change @@ -7288,9 +7794,9 @@ if test "$_lt_disable_F77" != yes; then fi # test -n "$compiler" GCC=$lt_save_GCC - CC="$lt_save_CC" - CFLAGS="$lt_save_CFLAGS" -fi # test "$_lt_disable_F77" != yes + CC=$lt_save_CC + CFLAGS=$lt_save_CFLAGS +fi # test yes != "$_lt_disable_F77" AC_LANG_POP ])# _LT_LANG_F77_CONFIG @@ -7300,11 +7806,11 @@ AC_LANG_POP # ------------------------- # Ensure that the configuration variables for a Fortran compiler are # suitably defined. These variables are subsequently used by _LT_CONFIG -# to write the compiler configuration to `libtool'. +# to write the compiler configuration to 'libtool'. m4_defun([_LT_LANG_FC_CONFIG], [AC_LANG_PUSH(Fortran) -if test -z "$FC" || test "X$FC" = "Xno"; then +if test -z "$FC" || test no = "$FC"; then _lt_disable_FC=yes fi @@ -7341,7 +7847,7 @@ _LT_TAGVAR(objext, $1)=$objext # the FC compiler isn't working. Some variables (like enable_shared) # are currently assumed to apply to all compilers on this platform, # and will be corrupted by setting them based on a non-working compiler. -if test "$_lt_disable_FC" != yes; then +if test yes != "$_lt_disable_FC"; then # Code to be used in simple compile tests lt_simple_compile_test_code="\ subroutine t @@ -7363,7 +7869,7 @@ if test "$_lt_disable_FC" != yes; then _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. - lt_save_CC="$CC" + lt_save_CC=$CC lt_save_GCC=$GCC lt_save_CFLAGS=$CFLAGS CC=${FC-"f95"} @@ -7379,21 +7885,25 @@ if test "$_lt_disable_FC" != yes; then AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) - test "$can_build_shared" = "no" && enable_shared=no + test no = "$can_build_shared" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) - test "$enable_shared" = yes && enable_static=no + test yes = "$enable_shared" && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[[4-9]]*) - if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then - test "$enable_shared" = yes && enable_static=no + if test ia64 != "$host_cpu"; then + case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in + yes,aix,yes) ;; # shared object as lib.so file only + yes,svr4,*) ;; # shared object as lib.so archive member only + yes,*) enable_static=no ;; # shared object in lib.a archive as well + esac fi ;; esac @@ -7401,11 +7911,11 @@ if test "$_lt_disable_FC" != yes; then AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. - test "$enable_shared" = yes || enable_static=yes + test yes = "$enable_shared" || enable_static=yes AC_MSG_RESULT([$enable_static]) - _LT_TAGVAR(GCC, $1)="$ac_cv_fc_compiler_gnu" - _LT_TAGVAR(LD, $1)="$LD" + _LT_TAGVAR(GCC, $1)=$ac_cv_fc_compiler_gnu + _LT_TAGVAR(LD, $1)=$LD ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change @@ -7425,7 +7935,7 @@ if test "$_lt_disable_FC" != yes; then GCC=$lt_save_GCC CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS -fi # test "$_lt_disable_FC" != yes +fi # test yes != "$_lt_disable_FC" AC_LANG_POP ])# _LT_LANG_FC_CONFIG @@ -7435,7 +7945,7 @@ AC_LANG_POP # -------------------------- # Ensure that the configuration variables for the GNU Java Compiler compiler # are suitably defined. These variables are subsequently used by _LT_CONFIG -# to write the compiler configuration to `libtool'. +# to write the compiler configuration to 'libtool'. m4_defun([_LT_LANG_GCJ_CONFIG], [AC_REQUIRE([LT_PROG_GCJ])dnl AC_LANG_SAVE @@ -7469,7 +7979,7 @@ CC=${GCJ-"gcj"} CFLAGS=$GCJFLAGS compiler=$CC _LT_TAGVAR(compiler, $1)=$CC -_LT_TAGVAR(LD, $1)="$LD" +_LT_TAGVAR(LD, $1)=$LD _LT_CC_BASENAME([$compiler]) # GCJ did not exist at the time GCC didn't implicitly link libc in. @@ -7506,7 +8016,7 @@ CFLAGS=$lt_save_CFLAGS # -------------------------- # Ensure that the configuration variables for the GNU Go compiler # are suitably defined. These variables are subsequently used by _LT_CONFIG -# to write the compiler configuration to `libtool'. +# to write the compiler configuration to 'libtool'. m4_defun([_LT_LANG_GO_CONFIG], [AC_REQUIRE([LT_PROG_GO])dnl AC_LANG_SAVE @@ -7540,7 +8050,7 @@ CC=${GOC-"gccgo"} CFLAGS=$GOFLAGS compiler=$CC _LT_TAGVAR(compiler, $1)=$CC -_LT_TAGVAR(LD, $1)="$LD" +_LT_TAGVAR(LD, $1)=$LD _LT_CC_BASENAME([$compiler]) # Go did not exist at the time GCC didn't implicitly link libc in. @@ -7577,7 +8087,7 @@ CFLAGS=$lt_save_CFLAGS # ------------------------- # Ensure that the configuration variables for the Windows resource compiler # are suitably defined. These variables are subsequently used by _LT_CONFIG -# to write the compiler configuration to `libtool'. +# to write the compiler configuration to 'libtool'. m4_defun([_LT_LANG_RC_CONFIG], [AC_REQUIRE([LT_PROG_RC])dnl AC_LANG_SAVE @@ -7593,7 +8103,7 @@ _LT_TAGVAR(objext, $1)=$objext lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }' # Code to be used in simple link tests -lt_simple_link_test_code="$lt_simple_compile_test_code" +lt_simple_link_test_code=$lt_simple_compile_test_code # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER @@ -7603,7 +8113,7 @@ _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. -lt_save_CC="$CC" +lt_save_CC=$CC lt_save_CFLAGS=$CFLAGS lt_save_GCC=$GCC GCC= @@ -7632,7 +8142,7 @@ AC_DEFUN([LT_PROG_GCJ], [m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ], [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ], [AC_CHECK_TOOL(GCJ, gcj,) - test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2" + test set = "${GCJFLAGS+set}" || GCJFLAGS="-g -O2" AC_SUBST(GCJFLAGS)])])[]dnl ]) @@ -7743,7 +8253,7 @@ lt_ac_count=0 # Add /usr/xpg4/bin/sed as it is typically found on Solaris # along with /bin/sed that truncates output. for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do - test ! -f $lt_ac_sed && continue + test ! -f "$lt_ac_sed" && continue cat /dev/null > conftest.in lt_ac_count=0 echo $ECHO_N "0123456789$ECHO_C" >conftest.in @@ -7760,9 +8270,9 @@ for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break cmp -s conftest.out conftest.nl || break # 10000 chars as input seems more than enough - test $lt_ac_count -gt 10 && break + test 10 -lt "$lt_ac_count" && break lt_ac_count=`expr $lt_ac_count + 1` - if test $lt_ac_count -gt $lt_ac_max; then + if test "$lt_ac_count" -gt "$lt_ac_max"; then lt_ac_max=$lt_ac_count lt_cv_path_SED=$lt_ac_sed fi @@ -7786,27 +8296,7 @@ dnl AC_DEFUN([LT_AC_PROG_SED], []) # Find out whether the shell is Bourne or XSI compatible, # or has some other useful features. m4_defun([_LT_CHECK_SHELL_FEATURES], -[AC_MSG_CHECKING([whether the shell understands some XSI constructs]) -# Try some XSI features -xsi_shell=no -( _lt_dummy="a/b/c" - test "${_lt_dummy##*/},${_lt_dummy%/*},${_lt_dummy#??}"${_lt_dummy%"$_lt_dummy"}, \ - = c,a/b,b/c, \ - && eval 'test $(( 1 + 1 )) -eq 2 \ - && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ - && xsi_shell=yes -AC_MSG_RESULT([$xsi_shell]) -_LT_CONFIG_LIBTOOL_INIT([xsi_shell='$xsi_shell']) - -AC_MSG_CHECKING([whether the shell understands "+="]) -lt_shell_append=no -( foo=bar; set foo baz; eval "$[1]+=\$[2]" && test "$foo" = barbaz ) \ - >/dev/null 2>&1 \ - && lt_shell_append=yes -AC_MSG_RESULT([$lt_shell_append]) -_LT_CONFIG_LIBTOOL_INIT([lt_shell_append='$lt_shell_append']) - -if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then +[if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then lt_unset=unset else lt_unset=false @@ -7830,102 +8320,9 @@ _LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl ])# _LT_CHECK_SHELL_FEATURES -# _LT_PROG_FUNCTION_REPLACE (FUNCNAME, REPLACEMENT-BODY) -# ------------------------------------------------------ -# In `$cfgfile', look for function FUNCNAME delimited by `^FUNCNAME ()$' and -# '^} FUNCNAME ', and replace its body with REPLACEMENT-BODY. -m4_defun([_LT_PROG_FUNCTION_REPLACE], -[dnl { -sed -e '/^$1 ()$/,/^} # $1 /c\ -$1 ()\ -{\ -m4_bpatsubsts([$2], [$], [\\], [^\([ ]\)], [\\\1]) -} # Extended-shell $1 implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: -]) - - -# _LT_PROG_REPLACE_SHELLFNS -# ------------------------- -# Replace existing portable implementations of several shell functions with -# equivalent extended shell implementations where those features are available.. -m4_defun([_LT_PROG_REPLACE_SHELLFNS], -[if test x"$xsi_shell" = xyes; then - _LT_PROG_FUNCTION_REPLACE([func_dirname], [dnl - case ${1} in - */*) func_dirname_result="${1%/*}${2}" ;; - * ) func_dirname_result="${3}" ;; - esac]) - - _LT_PROG_FUNCTION_REPLACE([func_basename], [dnl - func_basename_result="${1##*/}"]) - - _LT_PROG_FUNCTION_REPLACE([func_dirname_and_basename], [dnl - case ${1} in - */*) func_dirname_result="${1%/*}${2}" ;; - * ) func_dirname_result="${3}" ;; - esac - func_basename_result="${1##*/}"]) - - _LT_PROG_FUNCTION_REPLACE([func_stripname], [dnl - # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are - # positional parameters, so assign one to ordinary parameter first. - func_stripname_result=${3} - func_stripname_result=${func_stripname_result#"${1}"} - func_stripname_result=${func_stripname_result%"${2}"}]) - - _LT_PROG_FUNCTION_REPLACE([func_split_long_opt], [dnl - func_split_long_opt_name=${1%%=*} - func_split_long_opt_arg=${1#*=}]) - - _LT_PROG_FUNCTION_REPLACE([func_split_short_opt], [dnl - func_split_short_opt_arg=${1#??} - func_split_short_opt_name=${1%"$func_split_short_opt_arg"}]) - - _LT_PROG_FUNCTION_REPLACE([func_lo2o], [dnl - case ${1} in - *.lo) func_lo2o_result=${1%.lo}.${objext} ;; - *) func_lo2o_result=${1} ;; - esac]) - - _LT_PROG_FUNCTION_REPLACE([func_xform], [ func_xform_result=${1%.*}.lo]) - - _LT_PROG_FUNCTION_REPLACE([func_arith], [ func_arith_result=$(( $[*] ))]) - - _LT_PROG_FUNCTION_REPLACE([func_len], [ func_len_result=${#1}]) -fi - -if test x"$lt_shell_append" = xyes; then - _LT_PROG_FUNCTION_REPLACE([func_append], [ eval "${1}+=\\${2}"]) - - _LT_PROG_FUNCTION_REPLACE([func_append_quoted], [dnl - func_quote_for_eval "${2}" -dnl m4 expansion turns \\\\ into \\, and then the shell eval turns that into \ - eval "${1}+=\\\\ \\$func_quote_for_eval_result"]) - - # Save a `func_append' function call where possible by direct use of '+=' - sed -e 's%func_append \([[a-zA-Z_]]\{1,\}\) "%\1+="%g' $cfgfile > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") - test 0 -eq $? || _lt_function_replace_fail=: -else - # Save a `func_append' function call even when '+=' is not available - sed -e 's%func_append \([[a-zA-Z_]]\{1,\}\) "%\1="$\1%g' $cfgfile > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") - test 0 -eq $? || _lt_function_replace_fail=: -fi - -if test x"$_lt_function_replace_fail" = x":"; then - AC_MSG_WARN([Unable to substitute extended shell functions in $ofile]) -fi -]) - # _LT_PATH_CONVERSION_FUNCTIONS # ----------------------------- -# Determine which file name conversion functions should be used by +# Determine what file name conversion functions should be used by # func_to_host_file (and, implicitly, by func_to_host_path). These are needed # for certain cross-compile configurations and native mingw. m4_defun([_LT_PATH_CONVERSION_FUNCTIONS], diff --git a/m4/config/ltoptions.m4 b/m4/config/ltoptions.m4 index 5d9acd8e2..94b082976 100644 --- a/m4/config/ltoptions.m4 +++ b/m4/config/ltoptions.m4 @@ -1,14 +1,14 @@ # Helper functions for option handling. -*- Autoconf -*- # -# Copyright (C) 2004, 2005, 2007, 2008, 2009 Free Software Foundation, -# Inc. +# Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software +# Foundation, Inc. # Written by Gary V. Vaughan, 2004 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. -# serial 7 ltoptions.m4 +# serial 8 ltoptions.m4 # This is to help aclocal find these macros, as it can't see m4_define. AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])]) @@ -29,7 +29,7 @@ m4_define([_LT_SET_OPTION], [m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]), _LT_MANGLE_DEFUN([$1], [$2]), - [m4_warning([Unknown $1 option `$2'])])[]dnl + [m4_warning([Unknown $1 option '$2'])])[]dnl ]) @@ -75,13 +75,15 @@ m4_if([$1],[LT_INIT],[ dnl dnl If no reference was made to various pairs of opposing options, then dnl we run the default mode handler for the pair. For example, if neither - dnl `shared' nor `disable-shared' was passed, we enable building of shared + dnl 'shared' nor 'disable-shared' was passed, we enable building of shared dnl archives by default: _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED]) _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC]) _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC]) _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install], - [_LT_ENABLE_FAST_INSTALL]) + [_LT_ENABLE_FAST_INSTALL]) + _LT_UNLESS_OPTIONS([LT_INIT], [aix-soname=aix aix-soname=both aix-soname=svr4], + [_LT_WITH_AIX_SONAME([aix])]) ]) ])# _LT_SET_OPTIONS @@ -112,7 +114,7 @@ AU_DEFUN([AC_LIBTOOL_DLOPEN], [_LT_SET_OPTION([LT_INIT], [dlopen]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you -put the `dlopen' option into LT_INIT's first parameter.]) +put the 'dlopen' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: @@ -148,7 +150,7 @@ AU_DEFUN([AC_LIBTOOL_WIN32_DLL], _LT_SET_OPTION([LT_INIT], [win32-dll]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you -put the `win32-dll' option into LT_INIT's first parameter.]) +put the 'win32-dll' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: @@ -157,9 +159,9 @@ dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], []) # _LT_ENABLE_SHARED([DEFAULT]) # ---------------------------- -# implement the --enable-shared flag, and supports the `shared' and -# `disable-shared' LT_INIT options. -# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. +# implement the --enable-shared flag, and supports the 'shared' and +# 'disable-shared' LT_INIT options. +# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'. m4_define([_LT_ENABLE_SHARED], [m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl AC_ARG_ENABLE([shared], @@ -172,14 +174,14 @@ AC_ARG_ENABLE([shared], *) enable_shared=no # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for pkg in $enableval; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs if test "X$pkg" = "X$p"; then enable_shared=yes fi done - IFS="$lt_save_ifs" + IFS=$lt_save_ifs ;; esac], [enable_shared=]_LT_ENABLE_SHARED_DEFAULT) @@ -211,9 +213,9 @@ dnl AC_DEFUN([AM_DISABLE_SHARED], []) # _LT_ENABLE_STATIC([DEFAULT]) # ---------------------------- -# implement the --enable-static flag, and support the `static' and -# `disable-static' LT_INIT options. -# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. +# implement the --enable-static flag, and support the 'static' and +# 'disable-static' LT_INIT options. +# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'. m4_define([_LT_ENABLE_STATIC], [m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl AC_ARG_ENABLE([static], @@ -226,14 +228,14 @@ AC_ARG_ENABLE([static], *) enable_static=no # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for pkg in $enableval; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs if test "X$pkg" = "X$p"; then enable_static=yes fi done - IFS="$lt_save_ifs" + IFS=$lt_save_ifs ;; esac], [enable_static=]_LT_ENABLE_STATIC_DEFAULT) @@ -265,9 +267,9 @@ dnl AC_DEFUN([AM_DISABLE_STATIC], []) # _LT_ENABLE_FAST_INSTALL([DEFAULT]) # ---------------------------------- -# implement the --enable-fast-install flag, and support the `fast-install' -# and `disable-fast-install' LT_INIT options. -# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. +# implement the --enable-fast-install flag, and support the 'fast-install' +# and 'disable-fast-install' LT_INIT options. +# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'. m4_define([_LT_ENABLE_FAST_INSTALL], [m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl AC_ARG_ENABLE([fast-install], @@ -280,14 +282,14 @@ AC_ARG_ENABLE([fast-install], *) enable_fast_install=no # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for pkg in $enableval; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs if test "X$pkg" = "X$p"; then enable_fast_install=yes fi done - IFS="$lt_save_ifs" + IFS=$lt_save_ifs ;; esac], [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT) @@ -304,14 +306,14 @@ AU_DEFUN([AC_ENABLE_FAST_INSTALL], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put -the `fast-install' option into LT_INIT's first parameter.]) +the 'fast-install' option into LT_INIT's first parameter.]) ]) AU_DEFUN([AC_DISABLE_FAST_INSTALL], [_LT_SET_OPTION([LT_INIT], [disable-fast-install]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put -the `disable-fast-install' option into LT_INIT's first parameter.]) +the 'disable-fast-install' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: @@ -319,11 +321,64 @@ dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], []) dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], []) +# _LT_WITH_AIX_SONAME([DEFAULT]) +# ---------------------------------- +# implement the --with-aix-soname flag, and support the `aix-soname=aix' +# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT +# is either `aix', `both' or `svr4'. If omitted, it defaults to `aix'. +m4_define([_LT_WITH_AIX_SONAME], +[m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl +shared_archive_member_spec= +case $host,$enable_shared in +power*-*-aix[[5-9]]*,yes) + AC_MSG_CHECKING([which variant of shared library versioning to provide]) + AC_ARG_WITH([aix-soname], + [AS_HELP_STRING([--with-aix-soname=aix|svr4|both], + [shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])], + [case $withval in + aix|svr4|both) + ;; + *) + AC_MSG_ERROR([Unknown argument to --with-aix-soname]) + ;; + esac + lt_cv_with_aix_soname=$with_aix_soname], + [AC_CACHE_VAL([lt_cv_with_aix_soname], + [lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT) + with_aix_soname=$lt_cv_with_aix_soname]) + AC_MSG_RESULT([$with_aix_soname]) + if test aix != "$with_aix_soname"; then + # For the AIX way of multilib, we name the shared archive member + # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o', + # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File. + # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag, + # the AIX toolchain works better with OBJECT_MODE set (default 32). + if test 64 = "${OBJECT_MODE-32}"; then + shared_archive_member_spec=shr_64 + else + shared_archive_member_spec=shr + fi + fi + ;; +*) + with_aix_soname=aix + ;; +esac + +_LT_DECL([], [shared_archive_member_spec], [0], + [Shared archive member basename, for filename based shared library versioning on AIX])dnl +])# _LT_WITH_AIX_SONAME + +LT_OPTION_DEFINE([LT_INIT], [aix-soname=aix], [_LT_WITH_AIX_SONAME([aix])]) +LT_OPTION_DEFINE([LT_INIT], [aix-soname=both], [_LT_WITH_AIX_SONAME([both])]) +LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])]) + + # _LT_WITH_PIC([MODE]) # -------------------- -# implement the --with-pic flag, and support the `pic-only' and `no-pic' +# implement the --with-pic flag, and support the 'pic-only' and 'no-pic' # LT_INIT options. -# MODE is either `yes' or `no'. If omitted, it defaults to `both'. +# MODE is either 'yes' or 'no'. If omitted, it defaults to 'both'. m4_define([_LT_WITH_PIC], [AC_ARG_WITH([pic], [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@], @@ -334,19 +389,17 @@ m4_define([_LT_WITH_PIC], *) pic_mode=default # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for lt_pkg in $withval; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs if test "X$lt_pkg" = "X$lt_p"; then pic_mode=yes fi done - IFS="$lt_save_ifs" + IFS=$lt_save_ifs ;; esac], - [pic_mode=default]) - -test -z "$pic_mode" && pic_mode=m4_default([$1], [default]) + [pic_mode=m4_default([$1], [default])]) _LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl ])# _LT_WITH_PIC @@ -359,7 +412,7 @@ AU_DEFUN([AC_LIBTOOL_PICMODE], [_LT_SET_OPTION([LT_INIT], [pic-only]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you -put the `pic-only' option into LT_INIT's first parameter.]) +put the 'pic-only' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: diff --git a/m4/config/ltsugar.m4 b/m4/config/ltsugar.m4 index 9000a057d..48bc9344a 100644 --- a/m4/config/ltsugar.m4 +++ b/m4/config/ltsugar.m4 @@ -1,6 +1,7 @@ # ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*- # -# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc. +# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software +# Foundation, Inc. # Written by Gary V. Vaughan, 2004 # # This file is free software; the Free Software Foundation gives @@ -33,7 +34,7 @@ m4_define([_lt_join], # ------------ # Manipulate m4 lists. # These macros are necessary as long as will still need to support -# Autoconf-2.59 which quotes differently. +# Autoconf-2.59, which quotes differently. m4_define([lt_car], [[$1]]) m4_define([lt_cdr], [m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])], @@ -44,7 +45,7 @@ m4_define([lt_unquote], $1) # lt_append(MACRO-NAME, STRING, [SEPARATOR]) # ------------------------------------------ -# Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'. +# Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'. # Note that neither SEPARATOR nor STRING are expanded; they are appended # to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked). # No SEPARATOR is output if MACRO-NAME was previously undefined (different diff --git a/m4/config/ltversion.m4 b/m4/config/ltversion.m4 index 07a8602d4..fa04b52a3 100644 --- a/m4/config/ltversion.m4 +++ b/m4/config/ltversion.m4 @@ -1,6 +1,6 @@ # ltversion.m4 -- version numbers -*- Autoconf -*- # -# Copyright (C) 2004 Free Software Foundation, Inc. +# Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc. # Written by Scott James Remnant, 2004 # # This file is free software; the Free Software Foundation gives @@ -9,15 +9,15 @@ # @configure_input@ -# serial 3337 ltversion.m4 +# serial 4179 ltversion.m4 # This file is part of GNU Libtool -m4_define([LT_PACKAGE_VERSION], [2.4.2]) -m4_define([LT_PACKAGE_REVISION], [1.3337]) +m4_define([LT_PACKAGE_VERSION], [2.4.6]) +m4_define([LT_PACKAGE_REVISION], [2.4.6]) AC_DEFUN([LTVERSION_VERSION], -[macro_version='2.4.2' -macro_revision='1.3337' +[macro_version='2.4.6' +macro_revision='2.4.6' _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) _LT_DECL(, macro_revision, 0) ]) diff --git a/m4/config/lt~obsolete.m4 b/m4/config/lt~obsolete.m4 index c573da90c..c6b26f88f 100644 --- a/m4/config/lt~obsolete.m4 +++ b/m4/config/lt~obsolete.m4 @@ -1,6 +1,7 @@ # lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*- # -# Copyright (C) 2004, 2005, 2007, 2009 Free Software Foundation, Inc. +# Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software +# Foundation, Inc. # Written by Scott James Remnant, 2004. # # This file is free software; the Free Software Foundation gives @@ -11,7 +12,7 @@ # These exist entirely to fool aclocal when bootstrapping libtool. # -# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN) +# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN), # which have later been changed to m4_define as they aren't part of the # exported API, or moved to Autoconf or Automake where they belong. # @@ -25,7 +26,7 @@ # included after everything else. This provides aclocal with the # AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything # because those macros already exist, or will be overwritten later. -# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6. +# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6. # # Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here. # Yes, that means every name once taken will need to remain here until diff --git a/man/Makefile.in b/man/Makefile.in index 5f621c201..a473efdfb 100644 --- a/man/Makefile.in +++ b/man/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -82,8 +92,6 @@ host_triplet = @host@ @USE_FILE_CONFIG_TRUE@ ipsec.secrets.5 subdir = man -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/ipsec.conf.5.in $(srcdir)/ipsec.secrets.5.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -97,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = ipsec.conf.5 ipsec.secrets.5 @@ -152,12 +161,15 @@ am__installdirs = "$(DESTDIR)$(man5dir)" NROFF = nroff MANS = $(man_MANS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/ipsec.conf.5.in \ + $(srcdir)/ipsec.secrets.5.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -207,6 +219,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -241,6 +254,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -352,6 +366,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -397,7 +412,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu man/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu man/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -626,6 +640,8 @@ uninstall-man: uninstall-man5 ps ps-am tags-am uninstall uninstall-am uninstall-man \ uninstall-man5 +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/missing b/missing index cdea51493..f62bbae30 100755 --- a/missing +++ b/missing @@ -1,9 +1,9 @@ #! /bin/sh # Common wrapper for a few potentially missing GNU programs. -scriptversion=2012-06-26.16; # UTC +scriptversion=2013-10-28.13; # UTC -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify @@ -160,7 +160,7 @@ give_advice () ;; autom4te*) echo "You might have modified some maintainer files that require" - echo "the 'automa4te' program to be rebuilt." + echo "the 'autom4te' program to be rebuilt." program_details 'autom4te' ;; bison*|yacc*) diff --git a/scripts/Makefile.in b/scripts/Makefile.in index 15e90064c..0c73dfac9 100644 --- a/scripts/Makefile.in +++ b/scripts/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -87,8 +97,6 @@ noinst_PROGRAMS = bin2array$(EXEEXT) bin2sql$(EXEEXT) id2sql$(EXEEXT) \ $(am__EXEEXT_1) @USE_TLS_TRUE@am__append_1 = tls_test subdir = scripts -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -102,6 +110,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -261,12 +270,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -316,6 +327,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -350,6 +362,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -461,6 +474,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -543,7 +557,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu scripts/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu scripts/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -901,6 +914,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + key2keyid.o : $(top_builddir)/config.status diff --git a/scripts/timeattack.c b/scripts/timeattack.c index ef00e8c4e..e3505dd9a 100644 --- a/scripts/timeattack.c +++ b/scripts/timeattack.c @@ -10,7 +10,7 @@ static void start_timing(struct timespec *start) clock_gettime(CLOCK_PROCESS_CPUTIME_ID, start); } -static u_int64_t end_timing(struct timespec *start) +static uint64_t end_timing(struct timespec *start) { struct timespec end; @@ -21,12 +21,12 @@ static u_int64_t end_timing(struct timespec *start) static int intcmp(const void *a, const void *b) { - return *(u_int64_t*)a - *(u_int64_t*)b; + return *(uint64_t*)a - *(uint64_t*)b; } -static u_int64_t median(u_int64_t *m, int count) +static uint64_t median(uint64_t *m, int count) { - qsort(m, count, sizeof(u_int64_t), intcmp); + qsort(m, count, sizeof(uint64_t), intcmp); return m[count / 2]; } @@ -35,7 +35,7 @@ static bool timeattack(attackfn_t attackfn, void *subj, size_t dlen, { struct timespec start; u_char test[dlen]; - u_int64_t mini, maxi, t[256], m[256][10]; + uint64_t mini, maxi, t[256], m[256][10]; float fastdist = 0, slowdist = 0; int i, j, k, l, byte, limit, retry = 0; int fastest = 0, slowest = 0; diff --git a/src/Makefile.am b/src/Makefile.am index a9df10cc6..938335e78 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -32,6 +32,10 @@ if USE_LIBPTTLS SUBDIRS += libpttls endif +if USE_LIBTPMTSS + SUBDIRS += libtpmtss +endif + if USE_IMCV SUBDIRS += libimcv endif @@ -131,3 +135,7 @@ endif if USE_AIKGEN SUBDIRS += aikgen endif + +if USE_AIKPUB2 + SUBDIRS += aikpub2 +endif diff --git a/src/Makefile.in b/src/Makefile.in index 1d012fb22..51317383f 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -85,33 +95,34 @@ host_triplet = @host@ @USE_LIBTNCIF_TRUE@am__append_6 = libtncif @USE_LIBTNCCS_TRUE@am__append_7 = libtnccs @USE_LIBPTTLS_TRUE@am__append_8 = libpttls -@USE_IMCV_TRUE@am__append_9 = libimcv -@USE_LIBCHARON_TRUE@am__append_10 = libcharon -@USE_FILE_CONFIG_TRUE@am__append_11 = starter -@USE_IPSEC_SCRIPT_TRUE@am__append_12 = ipsec _copyright -@USE_CHARON_TRUE@am__append_13 = charon -@USE_SYSTEMD_TRUE@am__append_14 = charon-systemd -@USE_NM_TRUE@am__append_15 = charon-nm -@USE_STROKE_TRUE@am__append_16 = stroke -@USE_UPDOWN_TRUE@am__append_17 = _updown -@USE_SCEPCLIENT_TRUE@am__append_18 = scepclient -@USE_PKI_TRUE@am__append_19 = pki -@USE_SWANCTL_TRUE@am__append_20 = swanctl -@USE_CONFTEST_TRUE@am__append_21 = conftest -@USE_DUMM_TRUE@am__append_22 = dumm -@USE_FAST_TRUE@am__append_23 = libfast -@USE_MANAGER_TRUE@am__append_24 = manager -@USE_MEDSRV_TRUE@am__append_25 = medsrv -@USE_ATTR_SQL_TRUE@am__append_26 = pool -@USE_ATTR_SQL_FALSE@@USE_SQL_TRUE@am__append_27 = pool -@USE_TKM_TRUE@am__append_28 = charon-tkm -@USE_CMD_TRUE@am__append_29 = charon-cmd -@USE_SVC_TRUE@am__append_30 = charon-svc -@USE_LIBPTTLS_TRUE@am__append_31 = pt-tls-client -@USE_INTEGRITY_TEST_TRUE@am__append_32 = checksum -@USE_AIKGEN_TRUE@am__append_33 = aikgen +@USE_LIBTPMTSS_TRUE@am__append_9 = libtpmtss +@USE_IMCV_TRUE@am__append_10 = libimcv +@USE_LIBCHARON_TRUE@am__append_11 = libcharon +@USE_FILE_CONFIG_TRUE@am__append_12 = starter +@USE_IPSEC_SCRIPT_TRUE@am__append_13 = ipsec _copyright +@USE_CHARON_TRUE@am__append_14 = charon +@USE_SYSTEMD_TRUE@am__append_15 = charon-systemd +@USE_NM_TRUE@am__append_16 = charon-nm +@USE_STROKE_TRUE@am__append_17 = stroke +@USE_UPDOWN_TRUE@am__append_18 = _updown +@USE_SCEPCLIENT_TRUE@am__append_19 = scepclient +@USE_PKI_TRUE@am__append_20 = pki +@USE_SWANCTL_TRUE@am__append_21 = swanctl +@USE_CONFTEST_TRUE@am__append_22 = conftest +@USE_DUMM_TRUE@am__append_23 = dumm +@USE_FAST_TRUE@am__append_24 = libfast +@USE_MANAGER_TRUE@am__append_25 = manager +@USE_MEDSRV_TRUE@am__append_26 = medsrv +@USE_ATTR_SQL_TRUE@am__append_27 = pool +@USE_ATTR_SQL_FALSE@@USE_SQL_TRUE@am__append_28 = pool +@USE_TKM_TRUE@am__append_29 = charon-tkm +@USE_CMD_TRUE@am__append_30 = charon-cmd +@USE_SVC_TRUE@am__append_31 = charon-svc +@USE_LIBPTTLS_TRUE@am__append_32 = pt-tls-client +@USE_INTEGRITY_TEST_TRUE@am__append_33 = checksum +@USE_AIKGEN_TRUE@am__append_34 = aikgen +@USE_AIKPUB2_TRUE@am__append_35 = aikpub2 subdir = src -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -125,6 +136,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -184,11 +196,12 @@ am__define_uniq_tagged_files = \ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = . include libstrongswan libipsec libsimaka libtls \ - libradius libtncif libtnccs libpttls libimcv libcharon starter \ - ipsec _copyright charon charon-systemd charon-nm stroke \ - _updown scepclient pki swanctl conftest dumm libfast manager \ - medsrv pool charon-tkm charon-cmd charon-svc pt-tls-client \ - checksum aikgen + libradius libtncif libtnccs libpttls libtpmtss libimcv \ + libcharon starter ipsec _copyright charon charon-systemd \ + charon-nm stroke _updown scepclient pki swanctl conftest dumm \ + libfast manager medsrv pool charon-tkm charon-cmd charon-svc \ + pt-tls-client checksum aikgen aikpub2 +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -220,6 +233,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -269,6 +283,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -303,6 +318,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -414,6 +430,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -452,7 +469,8 @@ SUBDIRS = . include $(am__append_1) $(am__append_2) $(am__append_3) \ $(am__append_22) $(am__append_23) $(am__append_24) \ $(am__append_25) $(am__append_26) $(am__append_27) \ $(am__append_28) $(am__append_29) $(am__append_30) \ - $(am__append_31) $(am__append_32) $(am__append_33) + $(am__append_31) $(am__append_32) $(am__append_33) \ + $(am__append_34) $(am__append_35) all: all-recursive .SUFFIXES: @@ -468,7 +486,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -763,6 +780,8 @@ uninstall-am: mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ ps ps-am tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in index 432bde59b..5f7d50fd9 100644 --- a/src/_copyright/Makefile.in +++ b/src/_copyright/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = _copyright$(EXEEXT) subdir = src/_copyright -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -169,12 +178,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -224,6 +235,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -258,6 +270,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -369,6 +382,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -418,7 +432,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/_copyright/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/_copyright/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -734,6 +747,8 @@ uninstall-am: uninstall-ipsecPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in index 08fce3e2c..1d15c0c93 100644 --- a/src/_updown/Makefile.in +++ b/src/_updown/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,7 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/_updown -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -93,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -146,12 +156,14 @@ am__can_run_installinfo = \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -201,6 +213,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -235,6 +248,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -346,6 +360,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -392,7 +407,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/_updown/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/_updown/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -607,6 +621,8 @@ uninstall-am: uninstall-ipsecSCRIPTS mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \ uninstall-am uninstall-ipsecSCRIPTS +.PRECIOUS: Makefile + _updown : _updown.in $(AM_V_GEN) \ diff --git a/src/aikgen/Makefile.am b/src/aikgen/Makefile.am index dc59d20cf..860a8f7a6 100644 --- a/src/aikgen/Makefile.am +++ b/src/aikgen/Makefile.am @@ -2,14 +2,13 @@ bin_PROGRAMS = aikgen aikgen_SOURCES = aikgen.c -aikgen_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -aikgen.o : $(top_builddir)/config.status +aikgen_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la -if USE_TROUSERS - aikgen_LDADD += -ltspi -endif +aikgen.o : $(top_builddir)/config.status AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtpmtss \ -DIPSEC_CONFDIR=\"${sysconfdir}\" \ -DPLUGINS=\""${aikgen_plugins}\"" diff --git a/src/aikgen/Makefile.in b/src/aikgen/Makefile.in index 8fb9126e5..1e2b7dd8b 100644 --- a/src/aikgen/Makefile.in +++ b/src/aikgen/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,10 +89,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ bin_PROGRAMS = aikgen$(EXEEXT) -@USE_TROUSERS_TRUE@am__append_1 = -ltspi subdir = src/aikgen -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -104,10 +112,9 @@ am__installdirs = "$(DESTDIR)$(bindir)" PROGRAMS = $(bin_PROGRAMS) am_aikgen_OBJECTS = aikgen.$(OBJEXT) aikgen_OBJECTS = $(am_aikgen_OBJECTS) -am__DEPENDENCIES_1 = aikgen_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(am__DEPENDENCIES_1) + $(top_builddir)/src/libtpmtss/libtpmtss.la AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -172,12 +179,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -227,6 +236,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -261,6 +271,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -372,6 +383,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -402,9 +414,11 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ aikgen_SOURCES = aikgen.c aikgen_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(am__append_1) + $(top_builddir)/src/libtpmtss/libtpmtss.la + AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtpmtss \ -DIPSEC_CONFDIR=\"${sysconfdir}\" \ -DPLUGINS=\""${aikgen_plugins}\"" @@ -424,7 +438,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/aikgen/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/aikgen/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -739,6 +752,9 @@ uninstall-am: uninstall-binPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-binPROGRAMS +.PRECIOUS: Makefile + + aikgen.o : $(top_builddir)/config.status # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/aikgen/aikgen.c b/src/aikgen/aikgen.c index 192636afc..3e2d44477 100644 --- a/src/aikgen/aikgen.c +++ b/src/aikgen/aikgen.c @@ -1,38 +1,25 @@ /* - * Copyright (C) 2014 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * - * Copyright (c) 2008 Hal Finney + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. */ +#include "tpm_tss.h" + #include #include #include #include #include -#include -#include - -#include -#include #include #include @@ -44,12 +31,9 @@ /* default name of AIK private key blob */ #define DEFAULT_FILENAME_AIKBLOB AIK_DIR "aikBlob.bin" -/* default name of AIK private key blob */ +/* default name of AIK public key */ #define DEFAULT_FILENAME_AIKPUBKEY AIK_DIR "aikPub.der" -/* size in bytes of a TSS AIK public key blob */ -#define AIK_PUBKEY_BLOB_SIZE 284 - /* logging */ static bool log_to_stderr = TRUE; static bool log_to_syslog = TRUE; @@ -64,9 +48,7 @@ public_key_t *ca_pubkey; chunk_t ca_modulus; chunk_t aik_pubkey; chunk_t aik_keyid; - -/* TPM context */ -TSS_HCONTEXT hContext; +tpm_tss_t *tpm; /** * logging function for aikgen @@ -128,12 +110,13 @@ static void init_log(const char *program) /** * @brief exit aikgen * - * @param status 0 = OK, 1 = general discomfort + * @param status 0 = OK, -1 = general discomfort */ static void exit_aikgen(err_t message, ...) { int status = 0; + DESTROY_IF(tpm); DESTROY_IF(cacert); DESTROY_IF(ca_pubkey); free(ca_modulus.ptr); @@ -141,13 +124,6 @@ static void exit_aikgen(err_t message, ...) free(aik_keyid.ptr); options->destroy(options); - /* clean up TPM context */ - if (hContext) - { - Tspi_Context_FreeMemory(hContext, NULL); - Tspi_Context_Close(hContext); - } - /* print any error message to stderr */ if (message != NULL && *message != '\0') { @@ -158,7 +134,7 @@ static void exit_aikgen(err_t message, ...) vsnprintf(m, sizeof(m), message, args); va_end(args); - fprintf(stderr, "error: %s\n", m); + fprintf(stderr, "aikgen error: %s\n", m); status = -1; } library_deinit(); @@ -178,7 +154,7 @@ static void usage(const char *message) " [--aikblob ] [--aikpubkey ] \n" " [--idreq ] [--force]" " [--quiet] [--debug ]\n" - " aikgen --help\n" + " aikgen --help\n" "\n" "Options:\n" " --cacert (-c) certificate of [privacy] CA\n" @@ -216,24 +192,7 @@ int main(int argc, char *argv[]) bool force = FALSE; chunk_t identity_req; chunk_t aik_blob; - chunk_t aik_pubkey_blob; - chunk_t aik_modulus; - chunk_t aik_exponent; - - /* TPM variables */ - TSS_RESULT result; - TSS_HTPM hTPM; - TSS_HKEY hSRK; - TSS_HKEY hPCAKey; - TSS_HPOLICY hSrkPolicy; - TSS_HPOLICY hTPMPolicy; - TSS_HKEY hIdentKey; - TSS_UUID SRK_UUID = TSS_UUID_SRK; - BYTE secret[] = TSS_WELL_KNOWN_SECRET; - BYTE *IdentityReq; - UINT32 IdentityReqLen; - BYTE *blob; - UINT32 blobLen; + hasher_t *hasher; atexit(library_deinit); if (!library_init(NULL, "aikgen")) @@ -370,105 +329,29 @@ int main(int argc, char *argv[]) if (ca_pubkey->get_type(ca_pubkey) != KEY_RSA || ca_pubkey->get_keysize(ca_pubkey) != 2048) { - exit_aikgen("ca public key must be RSA 2048 but is %N %d", + exit_aikgen("CA public key must be RSA 2048 but is %N %d", key_type_names, ca_pubkey->get_type(ca_pubkey), ca_pubkey->get_keysize(ca_pubkey)); } if (!ca_pubkey->get_encoding(ca_pubkey, PUBKEY_RSA_MODULUS, &ca_modulus)) { - exit_aikgen("could not extract RSA modulus from ca public key"); - } - - /* initialize TSS context and connect to it */ - result = Tspi_Context_Create(&hContext); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_Context_Create", result); - } - result = Tspi_Context_Connect(hContext, NULL); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_Context_Connect", result); - } - - /* get SRK plus SRK policy and set SRK secret */ - result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, - SRK_UUID, &hSRK); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_Context_LoadKeyByUUID for SRK", result); - } - result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSrkPolicy); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_GetPolicyObject for SRK", result); - } - result = Tspi_Policy_SetSecret(hSrkPolicy, TSS_SECRET_MODE_SHA1, 20, secret); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_Policy_SetSecret for SRK", result); - } - - /* get TPM plus TPM policy and set TPM secret */ - result = Tspi_Context_GetTpmObject (hContext, &hTPM); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_Context_GetTpmObject", result); - } - result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hTPMPolicy); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_GetPolicyObject for TPM", result); - } - result = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_SHA1, 20, secret); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_Policy_SetSecret for TPM", result); - } - - /* create context for a 2048 bit AIK */ - result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, - TSS_KEY_TYPE_IDENTITY | TSS_KEY_SIZE_2048 | - TSS_KEY_VOLATILE | TSS_KEY_NOT_MIGRATABLE, &hIdentKey); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_Context_CreateObject for key", result); + exit_aikgen("could not extract RSA modulus from CA public key"); } - /* create context for the Privacy CA public key and assign modulus */ - result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, - TSS_KEY_TYPE_LEGACY|TSS_KEY_SIZE_2048, &hPCAKey); - if (result != TSS_SUCCESS) + /* try to find a TPM 1.2 */ + tpm = tpm_tss_probe(TPM_VERSION_1_2); + if (!tpm) { - exit_aikgen("tss 0x%x on Tspi_Context_CreateObject for PCA", result); - } - result = Tspi_SetAttribData (hPCAKey, TSS_TSPATTRIB_RSAKEY_INFO, - TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, ca_modulus.len, - ca_modulus.ptr); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_SetAttribData for PCA modulus", result); - } - result = Tspi_SetAttribUint32(hPCAKey, TSS_TSPATTRIB_KEY_INFO, - TSS_TSPATTRIB_KEYINFO_ENCSCHEME, TSS_ES_RSAESPKCSV15); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_SetAttribUint32 for PCA " - "encryption scheme", result); + exit_aikgen("no TPM 1.2 found"); } - /* generate AIK */ - DBG1(DBG_LIB, "Generating identity key..."); - result = Tspi_TPM_CollateIdentityRequest(hTPM, hSRK, hPCAKey, 0, NULL, - hIdentKey, TSS_ALG_AES, &IdentityReqLen, &IdentityReq); - if (result != TSS_SUCCESS) + if (!tpm->generate_aik(tpm, ca_modulus, &aik_blob, &aik_pubkey, + &identity_req)) { - exit_aikgen("tss 0x%x on Tspi_TPM_CollateIdentityRequest", result); + exit_aikgen("could not generate AIK"); } - identity_req = chunk_create(IdentityReq, IdentityReqLen); - DBG3(DBG_LIB, "Identity Request: %B", &identity_req); - /* optionally output identity request encrypted with ca public key */ + /* optionally output identity request encrypted with CA public key */ if (idreq_filename) { if (!chunk_write(identity_req, idreq_filename, 0022, force)) @@ -480,24 +363,7 @@ int main(int argc, char *argv[]) idreq_filename, identity_req.len); } - /* load identity key */ - result = Tspi_Key_LoadKey (hIdentKey, hSRK); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_Key_LoadKey for AIK\n", result); - } - - /* output AIK private key in TSS blob format */ - result = Tspi_GetAttribData (hIdentKey, TSS_TSPATTRIB_KEY_BLOB, - TSS_TSPATTRIB_KEYBLOB_BLOB, &blobLen, &blob); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_GetAttribData for private key blob", - result); - } - aik_blob = chunk_create(blob, blobLen); - DBG3(DBG_LIB, "AIK private key blob: %B", &aik_blob); - + /* output AIK private key blob */ if (!chunk_write(aik_blob, aikblob_filename, 0022, force)) { exit_aikgen("could not write AIK blob file '%s': %s", @@ -506,32 +372,7 @@ int main(int argc, char *argv[]) DBG1(DBG_LIB, "AIK private key blob written to '%s' (%u bytes)", aikblob_filename, aik_blob.len); - /* output AIK Public Key in TSS blob format */ - result = Tspi_GetAttribData (hIdentKey, TSS_TSPATTRIB_KEY_BLOB, - TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobLen, &blob); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_GetAttribData for public key blob", - result); - } - aik_pubkey_blob = chunk_create(blob, blobLen); - DBG3(DBG_LIB, "AIK public key blob: %B", &aik_pubkey_blob); - - /* create a trusted AIK public key */ - if (aik_pubkey_blob.len != AIK_PUBKEY_BLOB_SIZE) - { - exit_aikgen("AIK public key is not in TSS blob format"); - } - aik_modulus = chunk_skip(aik_pubkey_blob, AIK_PUBKEY_BLOB_SIZE - 256); - aik_exponent = chunk_from_chars(0x01, 0x00, 0x01); - - /* output subjectPublicKeyInfo encoding of AIK public key */ - if (!lib->encoding->encode(lib->encoding, PUBKEY_SPKI_ASN1_DER, NULL, - &aik_pubkey, CRED_PART_RSA_MODULUS, aik_modulus, - CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END)) - { - exit_aikgen("subjectPublicKeyInfo encoding of AIK key failed"); - } + /* output AIK public key */ if (!chunk_write(aik_pubkey, aikpubkey_filename, 0022, force)) { exit_aikgen("could not write AIK public key file '%s': %s", @@ -541,12 +382,14 @@ int main(int argc, char *argv[]) aikpubkey_filename, aik_pubkey.len); /* display AIK keyid derived from subjectPublicKeyInfo encoding */ - if (!lib->encoding->encode(lib->encoding, KEYID_PUBKEY_INFO_SHA1, NULL, - &aik_keyid, CRED_PART_RSA_MODULUS, aik_modulus, - CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END)) + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (!hasher || !hasher->allocate_hash(hasher, aik_pubkey, &aik_keyid)) { - exit_aikgen("computation of AIK keyid failed"); + DESTROY_IF(hasher); + exit_aikgen("SHA1 hash algorithm not supported, computation of AIK " + "keyid failed"); } + hasher->destroy(hasher); DBG1(DBG_LIB, "AIK keyid: %#B", &aik_keyid); exit_aikgen(NULL); diff --git a/src/aikpub2/Makefile.am b/src/aikpub2/Makefile.am new file mode 100644 index 000000000..a9ab13870 --- /dev/null +++ b/src/aikpub2/Makefile.am @@ -0,0 +1,15 @@ +bin_PROGRAMS = aikpub2 + +aikpub2_SOURCES = aikpub2.c + +aikpub2_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la + +aikpub2.o : $(top_builddir)/config.status + +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtpmtss \ + -DIPSEC_CONFDIR=\"${sysconfdir}\" \ + -DPLUGINS=\""${aikgen_plugins}\"" diff --git a/src/aikpub2/Makefile.in b/src/aikpub2/Makefile.in new file mode 100644 index 000000000..adb40e415 --- /dev/null +++ b/src/aikpub2/Makefile.in @@ -0,0 +1,763 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +bin_PROGRAMS = aikpub2$(EXEEXT) +subdir = src/aikpub2 +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__installdirs = "$(DESTDIR)$(bindir)" +PROGRAMS = $(bin_PROGRAMS) +am_aikpub2_OBJECTS = aikpub2.$(OBJEXT) +aikpub2_OBJECTS = $(am_aikpub2_OBJECTS) +aikpub2_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(aikpub2_SOURCES) +DIST_SOURCES = $(aikpub2_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATOMICLIB = @ATOMICLIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +RUBYINCLUDE = @RUBYINCLUDE@ +RUBYLIB = @RUBYLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +aikpub2_SOURCES = aikpub2.c +aikpub2_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la + +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtpmtss \ + -DIPSEC_CONFDIR=\"${sysconfdir}\" \ + -DPLUGINS=\""${aikgen_plugins}\"" + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/aikpub2/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/aikpub2/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-binPROGRAMS: $(bin_PROGRAMS) + @$(NORMAL_INSTALL) + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \ + fi; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p \ + || test -f $$p1 \ + ; then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' \ + -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-binPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' \ + `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files + +clean-binPROGRAMS: + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +aikpub2$(EXEEXT): $(aikpub2_OBJECTS) $(aikpub2_DEPENDENCIES) $(EXTRA_aikpub2_DEPENDENCIES) + @rm -f aikpub2$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(aikpub2_OBJECTS) $(aikpub2_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aikpub2.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(PROGRAMS) +installdirs: + for dir in "$(DESTDIR)$(bindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-binPROGRAMS + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-binPROGRAMS + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean \ + clean-binPROGRAMS clean-generic clean-libtool cscopelist-am \ + ctags ctags-am distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-binPROGRAMS \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags tags-am uninstall uninstall-am uninstall-binPROGRAMS + +.PRECIOUS: Makefile + + +aikpub2.o : $(top_builddir)/config.status + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/aikpub2/aikpub2.c b/src/aikpub2/aikpub2.c new file mode 100644 index 000000000..fea58ed27 --- /dev/null +++ b/src/aikpub2/aikpub2.c @@ -0,0 +1,305 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tpm_tss.h" + +#include +#include +#include + +#include +#include +#include + +/* default directory where AIK keys are stored */ +#define AIK_DIR IPSEC_CONFDIR "/pts/" + +/* default name of AIK public key blob */ +#define DEFAULT_FILENAME_AIKPUBKEY AIK_DIR "aikPub.der" + +/* logging */ +static bool log_to_stderr = TRUE; +static bool log_to_syslog = TRUE; +static level_t default_loglevel = 1; + +/* options read by optionsfrom */ +options_t *options; + +chunk_t aik_pubkey; +chunk_t aik_keyid; + +/** + * logging function for aikpub2 + */ +static void aikpub2_dbg(debug_t group, level_t level, char *fmt, ...) +{ + char buffer[8192]; + char *current = buffer, *next; + va_list args; + + if (level <= default_loglevel) + { + if (log_to_stderr) + { + va_start(args, fmt); + vfprintf(stderr, fmt, args); + va_end(args); + fprintf(stderr, "\n"); + } + if (log_to_syslog) + { + /* write in memory buffer first */ + va_start(args, fmt); + vsnprintf(buffer, sizeof(buffer), fmt, args); + va_end(args); + + /* do a syslog with every line */ + while (current) + { + next = strchr(current, '\n'); + if (next) + { + *(next++) = '\0'; + } + syslog(LOG_INFO, "%s\n", current); + current = next; + } + } + } +} + +/** + * Initialize logging to stderr/syslog + */ +static void init_log(const char *program) +{ + dbg = aikpub2_dbg; + + if (log_to_stderr) + { + setbuf(stderr, NULL); + } + if (log_to_syslog) + { + openlog(program, LOG_CONS | LOG_NDELAY | LOG_PID, LOG_AUTHPRIV); + } +} + +/** + * @brief exit aikgen + * + * @param status 0 = OK, -1 = general discomfort + */ +static void exit_aikpub2(err_t message, ...) +{ + int status = 0; + + free(aik_pubkey.ptr); + free(aik_keyid.ptr); + options->destroy(options); + + /* print any error message to stderr */ + if (message != NULL && *message != '\0') + { + va_list args; + char m[8192]; + + va_start(args, message); + vsnprintf(m, sizeof(m), message, args); + va_end(args); + + fprintf(stderr, "aikpub2 error: %s\n", m); + status = -1; + } + library_deinit(); + exit(status); +} + +/** + * @brief prints the usage of the program to the stderr output + * + * If message is set, program is exited with 1 (error) + * @param message message in case of an error + */ +static void usage(const char *message) +{ + fprintf(stderr, + "Usage: aikpub2 --handle --out \n" + " [--force] [--quiet] [--debug ]\n" + " aikpub2 --help\n" + "\n" + "Options:\n" + " --handle (-H) TSS 2.0 AIK object handle\n" + " --out (-o) AIK public key in PKCS #1 format\n" + " --force (-f) force to overwrite existing files\n" + " --help (-h) show usage and exit\n" + "\n" + "Debugging output:\n" + " --debug (-l) changes the log level (-1..4, default: 1)\n" + " --quiet (-q) do not write log output to stderr\n" + ); + exit_aikpub2(message); +} + + +/** + * @brief main of aikpub2 which extracts an Attestation Identity Key (AIK) + * + * @param argc number of arguments + * @param argv pointer to the argument values + */ +int main(int argc, char *argv[]) +{ + /* external values */ + extern char * optarg; + extern int optind; + + char *aik_out_filename = DEFAULT_FILENAME_AIKPUBKEY; + uint32_t aik_handle = 0; + bool force = FALSE; + hasher_t *hasher; + tpm_tss_t *tpm; + + atexit(library_deinit); + if (!library_init(NULL, "aikpub2")) + { + exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); + } + if (lib->integrity && + !lib->integrity->check_file(lib->integrity, "aikpub2", argv[0])) + { + fprintf(stderr, "integrity check of aikpub2 failed\n"); + exit(SS_RC_DAEMON_INTEGRITY); + } + + /* initialize global variables */ + options = options_create(); + + for (;;) + { + static const struct option long_opts[] = { + /* name, has_arg, flag, val */ + { "help", no_argument, NULL, 'h' }, + { "optionsfrom", required_argument, NULL, '+' }, + { "handle", required_argument, NULL, 'H' }, + { "in", required_argument, NULL, 'i' }, + { "out", required_argument, NULL, 'o' }, + { "force", no_argument, NULL, 'f' }, + { "quiet", no_argument, NULL, 'q' }, + { "debug", required_argument, NULL, 'l' }, + { 0,0,0,0 } + }; + + /* parse next option */ + int c = getopt_long(argc, argv, "h+:H:i:o:fql:", long_opts, NULL); + + switch (c) + { + case EOF: /* end of flags */ + break; + + case 'h': /* --help */ + usage(NULL); + + case '+': /* --optionsfrom */ + if (!options->from(options, optarg, &argc, &argv, optind)) + { + exit_aikpub2("optionsfrom failed"); + } + continue; + + case 'H': /* --handle */ + aik_handle = strtoll(optarg, NULL, 16); + continue; + + case 'o': /* --out */ + aik_out_filename = optarg; + continue; + + case 'f': /* --force */ + force = TRUE; + continue; + + case 'q': /* --quiet */ + log_to_stderr = FALSE; + continue; + + case 'l': /* --debug */ + default_loglevel = atoi(optarg); + continue; + + default: + usage("unknown option"); + } + /* break from loop */ + break; + } + + init_log("aikpub2"); + + if (!lib->plugins->load(lib->plugins, + lib->settings->get_str(lib->settings, "aikpub2.load", PLUGINS))) + { + exit_aikpub2("plugin loading failed"); + } + if (!aik_handle) + { + usage("--handle option is required"); + } + + /* try to find a TPM 2.0 */ + tpm = tpm_tss_probe(TPM_VERSION_2_0); + if (!tpm) + { + exit_aikpub2("no TPM 2.0 found"); + } + + /* get AIK public key from TPM */ + aik_pubkey = tpm->get_public(tpm, aik_handle); + tpm->destroy(tpm); + + /* exit if AIK public key retrieval failed */ + if (aik_pubkey.len == 0) + { + exit_aikpub2("retrieval of AIK public key failed"); + } + + /* store AIK subjectPublicKeyInfo to file */ + if (!chunk_write(aik_pubkey, aik_out_filename, 0022, force)) + { + exit_aikpub2("could not write AIK public key file '%s': %s", + aik_out_filename, strerror(errno)); + } + DBG1(DBG_LIB, "AIK public key written to '%s' (%u bytes)", + aik_out_filename, aik_pubkey.len); + + /* AIK keyid derived from subjectPublicKeyInfo encoding */ + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (!hasher) + { + exit_aikpub2("SHA1 hash algorithm not supported"); + } + if (!hasher->allocate_hash(hasher, aik_pubkey, &aik_keyid)) + { + hasher->destroy(hasher); + exit_aikpub2("computing SHA1 fingerprint failed"); + } + hasher->destroy(hasher); + + DBG1(DBG_LIB, "AIK keyid: %#B", &aik_keyid); + + exit_aikpub2(NULL); + return -1; /* should never be reached */ +} diff --git a/src/charon-cmd/Makefile.am b/src/charon-cmd/Makefile.am index 1f4033aad..1d4bf70cc 100644 --- a/src/charon-cmd/Makefile.am +++ b/src/charon-cmd/Makefile.am @@ -20,4 +20,4 @@ AM_CPPFLAGS = \ charon_cmd_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - -lm $(PTHREADLIB) $(DLLIB) + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) diff --git a/src/charon-cmd/Makefile.in b/src/charon-cmd/Makefile.in index f48410270..098eb9474 100644 --- a/src/charon-cmd/Makefile.in +++ b/src/charon-cmd/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ sbin_PROGRAMS = charon-cmd$(EXEEXT) subdir = src/charon-cmd -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/charon-cmd.8.in $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = charon-cmd.8 @@ -110,7 +119,8 @@ am__DEPENDENCIES_1 = charon_cmd_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -205,12 +215,15 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/charon-cmd.8.in \ + $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +273,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +308,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +420,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -451,7 +467,7 @@ AM_CPPFLAGS = \ charon_cmd_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - -lm $(PTHREADLIB) $(DLLIB) + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) all: all-am @@ -469,7 +485,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon-cmd/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/charon-cmd/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -850,6 +865,8 @@ uninstall-man: uninstall-man8 pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-man uninstall-man8 uninstall-sbinPROGRAMS +.PRECIOUS: Makefile + charon-cmd.o : $(top_builddir)/config.status diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c index 0c6a504e9..71df92f7e 100644 --- a/src/charon-cmd/cmd/cmd_connection.c +++ b/src/charon-cmd/cmd/cmd_connection.c @@ -142,10 +142,18 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this) { ike_cfg_t *ike_cfg; peer_cfg_t *peer_cfg; - u_int16_t local_port, remote_port = IKEV2_UDP_PORT; + uint16_t local_port, remote_port = IKEV2_UDP_PORT; ike_version_t version = IKE_ANY; - bool aggressive = FALSE; proposal_t *proposal; + peer_cfg_create_t peer = { + .cert_policy = CERT_SEND_IF_ASKED, + .unique = UNIQUE_REPLACE, + .keyingtries = 1, + .rekey_time = 36000, /* 10h */ + .jitter_time = 600, /* 10min */ + .over_time = 600, /* 10min */ + .dpd = 30, + }; switch (this->profile) { @@ -159,7 +167,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this) case PROF_V1_XAUTH_AM: case PROF_V1_XAUTH_PSK_AM: case PROF_V1_HYBRID_AM: - aggressive = TRUE; + peer.aggressive = TRUE; /* FALL */ case PROF_V1_PUB: case PROF_V1_XAUTH: @@ -189,13 +197,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this) ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE)); } - peer_cfg = peer_cfg_create("cmd", ike_cfg, - CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */ - 36000, 0, /* rekey 10h, reauth none */ - 600, 600, /* jitter, over 10min */ - TRUE, aggressive, TRUE, /* mobike, aggressive, pull */ - 30, 0, /* DPD delay, timeout */ - FALSE, NULL, NULL); /* mediation */ + peer_cfg = peer_cfg_create("cmd", ike_cfg, &peer); return peer_cfg; } @@ -335,18 +337,18 @@ static child_cfg_t* create_child_cfg(private_cmd_connection_t *this, traffic_selector_t *ts; proposal_t *proposal; bool has_v4 = FALSE, has_v6 = FALSE; - lifetime_cfg_t lifetime = { - .time = { - .life = 10800 /* 3h */, - .rekey = 10200 /* 2h50min */, - .jitter = 300 /* 5min */ - } + child_cfg_create_t child = { + .lifetime = { + .time = { + .life = 10800 /* 3h */, + .rekey = 10200 /* 2h50min */, + .jitter = 300 /* 5min */ + } + }, + .mode = MODE_TUNNEL, }; - child_cfg = child_cfg_create("cmd", &lifetime, - NULL, FALSE, MODE_TUNNEL, /* updown, hostaccess */ - ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, - 0, 0, NULL, NULL, 0); + child_cfg = child_cfg_create("cmd", &child); if (this->child_proposals->get_count(this->child_proposals)) { while (this->child_proposals->remove_first(this->child_proposals, diff --git a/src/charon-nm/Makefile.am b/src/charon-nm/Makefile.am index b6f0c8b54..6ab7f27c5 100644 --- a/src/charon-nm/Makefile.am +++ b/src/charon-nm/Makefile.am @@ -21,4 +21,4 @@ AM_CFLAGS = \ charon_nm_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - -lm $(PTHREADLIB) $(DLLIB) ${nm_LIBS} + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) ${nm_LIBS} diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in index 490a08023..715412ad2 100644 --- a/src/charon-nm/Makefile.in +++ b/src/charon-nm/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = charon-nm$(EXEEXT) subdir = src/charon-nm -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -111,7 +120,7 @@ charon_nm_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -176,12 +185,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -231,6 +242,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -265,6 +277,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -376,6 +389,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -425,7 +439,7 @@ AM_CFLAGS = \ charon_nm_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - -lm $(PTHREADLIB) $(DLLIB) ${nm_LIBS} + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) ${nm_LIBS} all: all-am @@ -443,7 +457,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon-nm/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/charon-nm/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -779,6 +792,8 @@ uninstall-am: uninstall-ipsecPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c index fc7e89958..5991c2465 100644 --- a/src/charon-nm/nm/nm_service.c +++ b/src/charon-nm/nm/nm_service.c @@ -68,7 +68,7 @@ static GValue* handler_to_val(nm_handler_t *handler, array = g_array_new (FALSE, TRUE, sizeof (guint32)); while (enumerator->enumerate(enumerator, &chunk)) { - g_array_append_val (array, *(u_int32_t*)chunk.ptr); + g_array_append_val (array, *(uint32_t*)chunk.ptr); } enumerator->destroy(enumerator); val = g_slice_new0 (GValue); @@ -113,7 +113,7 @@ static void signal_ipv4_config(NMVPNPlugin *plugin, enumerator->destroy(enumerator); val = g_slice_new0(GValue); g_value_init(val, G_TYPE_UINT); - g_value_set_uint(val, *(u_int32_t*)me->get_address(me).ptr); + g_value_set_uint(val, *(uint32_t*)me->get_address(me).ptr); g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS, val); val = g_slice_new0(GValue); @@ -289,7 +289,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, NMSettingVPN *vpn; identification_t *user = NULL, *gateway = NULL; const char *address, *str; - bool virtual, encap, ipcomp; + bool virtual, encap; ike_cfg_t *ike_cfg; peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; @@ -300,12 +300,23 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, certificate_t *cert = NULL; x509_t *x509; bool agent = FALSE, smartcard = FALSE, loose_gateway_id = FALSE; - lifetime_cfg_t lifetime = { - .time = { - .life = 10800 /* 3h */, - .rekey = 10200 /* 2h50min */, - .jitter = 300 /* 5min */ - } + peer_cfg_create_t peer = { + .cert_policy = CERT_SEND_IF_ASKED, + .unique = UNIQUE_REPLACE, + .keyingtries = 1, + .rekey_time = 36000, /* 10h */ + .jitter_time = 600, /* 10min */ + .over_time = 600, /* 10min */ + }; + child_cfg_create_t child = { + .lifetime = { + .time = { + .life = 10800 /* 3h */, + .rekey = 10200 /* 2h50min */, + .jitter = 300 /* 5min */ + }, + }, + .mode = MODE_TUNNEL, }; /** @@ -339,32 +350,29 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, return FALSE; } str = nm_setting_vpn_get_data_item(vpn, "virtual"); - virtual = str && streq(str, "yes"); + virtual = streq(str, "yes"); str = nm_setting_vpn_get_data_item(vpn, "encap"); - encap = str && streq(str, "yes"); + encap = streq(str, "yes"); str = nm_setting_vpn_get_data_item(vpn, "ipcomp"); - ipcomp = str && streq(str, "yes"); + child.ipcomp = streq(str, "yes"); str = nm_setting_vpn_get_data_item(vpn, "method"); - if (str) + if (streq(str, "psk")) { - if (streq(str, "psk")) - { - auth_class = AUTH_CLASS_PSK; - } - else if (streq(str, "agent")) - { - auth_class = AUTH_CLASS_PUBKEY; - agent = TRUE; - } - else if (streq(str, "key")) - { - auth_class = AUTH_CLASS_PUBKEY; - } - else if (streq(str, "smartcard")) - { - auth_class = AUTH_CLASS_PUBKEY; - smartcard = TRUE; - } + auth_class = AUTH_CLASS_PSK; + } + else if (streq(str, "agent")) + { + auth_class = AUTH_CLASS_PUBKEY; + agent = TRUE; + } + else if (streq(str, "key")) + { + auth_class = AUTH_CLASS_PUBKEY; + } + else if (streq(str, "smartcard")) + { + auth_class = AUTH_CLASS_PUBKEY; + smartcard = TRUE; } /** @@ -533,13 +541,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, FRAGMENTATION_NO, 0); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE)); - peer_cfg = peer_cfg_create(priv->name, ike_cfg, - CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */ - 36000, 0, /* rekey 10h, reauth none */ - 600, 600, /* jitter, over 10min */ - TRUE, FALSE, TRUE, /* mobike, aggressive, pull */ - 0, 0, /* DPD delay, timeout */ - FALSE, NULL, NULL); /* mediation */ + + peer_cfg = peer_cfg_create(priv->name, ike_cfg, &peer); if (virtual) { peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0)); @@ -561,10 +564,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, loose_gateway_id); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); - child_cfg = child_cfg_create(priv->name, &lifetime, - NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */ - ACTION_NONE, ACTION_NONE, ACTION_NONE, ipcomp, - 0, 0, NULL, NULL, 0); + child_cfg = child_cfg_create(priv->name, &child); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); diff --git a/src/charon-svc/Makefile.in b/src/charon-svc/Makefile.in index 4f9143d9b..4afa62507 100644 --- a/src/charon-svc/Makefile.in +++ b/src/charon-svc/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ bin_PROGRAMS = charon-svc$(EXEEXT) subdir = src/charon-svc -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -170,12 +179,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -225,6 +236,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -259,6 +271,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -370,6 +383,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -424,7 +438,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon-svc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/charon-svc/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -739,6 +752,8 @@ uninstall-am: uninstall-binPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-binPROGRAMS +.PRECIOUS: Makefile + charon-svc.o : $(top_builddir)/config.status diff --git a/src/charon-systemd/Makefile.am b/src/charon-systemd/Makefile.am index 9942a3682..6dd7e2726 100644 --- a/src/charon-systemd/Makefile.am +++ b/src/charon-systemd/Makefile.am @@ -14,4 +14,5 @@ charon_systemd_CPPFLAGS = \ charon_systemd_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - $(systemd_LIBS) $(systemd_daemon_LIBS) $(systemd_journal_LIBS) -lm $(PTHREADLIB) $(DLLIB) + $(systemd_LIBS) $(systemd_daemon_LIBS) $(systemd_journal_LIBS) \ + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) diff --git a/src/charon-systemd/Makefile.in b/src/charon-systemd/Makefile.in index b4f624d45..3dcf3d75a 100644 --- a/src/charon-systemd/Makefile.in +++ b/src/charon-systemd/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ sbin_PROGRAMS = charon-systemd$(EXEEXT) subdir = src/charon-systemd -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -109,7 +118,7 @@ charon_systemd_DEPENDENCIES = \ $(top_builddir)/src/libcharon/libcharon.la \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -174,12 +183,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -229,6 +240,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -263,6 +275,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -374,6 +387,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -414,7 +428,8 @@ charon_systemd_CPPFLAGS = \ charon_systemd_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - $(systemd_LIBS) $(systemd_daemon_LIBS) $(systemd_journal_LIBS) -lm $(PTHREADLIB) $(DLLIB) + $(systemd_LIBS) $(systemd_daemon_LIBS) $(systemd_journal_LIBS) \ + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) all: all-am @@ -432,7 +447,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon-systemd/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/charon-systemd/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -762,6 +776,8 @@ uninstall-am: uninstall-sbinPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-sbinPROGRAMS +.PRECIOUS: Makefile + charon-systemd.o : $(top_builddir)/config.status diff --git a/src/charon-tkm/Makefile.in b/src/charon-tkm/Makefile.in index 81afd4de5..1eaf46a89 100644 --- a/src/charon-tkm/Makefile.in +++ b/src/charon-tkm/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,7 +88,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/charon-tkm -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -92,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -116,12 +126,14 @@ am__can_run_installinfo = \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -171,6 +183,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -205,6 +218,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -316,6 +330,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -391,7 +406,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon-tkm/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/charon-tkm/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -563,6 +577,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags-am uninstall uninstall-am +.PRECIOUS: Makefile + all: build_charon diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c index c4953b6aa..5f2cbfe0c 100644 --- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c +++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c @@ -123,7 +123,7 @@ int register_dh_mapping() int count, i; char *iana_id_str, *tkm_id_str; diffie_hellman_group_t *iana_id; - u_int64_t *tkm_id; + uint64_t *tkm_id; hashtable_t *map; enumerator_t *enumerator; @@ -138,7 +138,7 @@ int register_dh_mapping() { iana_id = malloc_thing(diffie_hellman_group_t); *iana_id = settings_value_as_int(iana_id_str, 0); - tkm_id = malloc_thing(u_int64_t); + tkm_id = malloc_thing(uint64_t); *tkm_id = settings_value_as_int(tkm_id_str, 0); map->put(map, iana_id, tkm_id); @@ -227,7 +227,7 @@ tkm_diffie_hellman_t *tkm_diffie_hellman_create(diffie_hellman_group_t group) return NULL; } - u_int64_t *dha_id = group_map->get(group_map, &group); + uint64_t *dha_id = group_map->get(group_map, &group); if (!dha_id) { free(this); diff --git a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c index 2d22fbdc3..c9be8989a 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c +++ b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c @@ -54,7 +54,7 @@ struct private_tkm_kernel_ipsec_t { METHOD(kernel_ipsec_t, get_spi, status_t, private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi) + uint8_t protocol, uint32_t *spi) { bool result; @@ -68,26 +68,21 @@ METHOD(kernel_ipsec_t, get_spi, status_t, } } - result = this->rng->get_bytes(this->rng, sizeof(u_int32_t), - (u_int8_t *)spi); + result = this->rng->get_bytes(this->rng, sizeof(uint32_t), + (uint8_t *)spi); return result ? SUCCESS : FAILED; } METHOD(kernel_ipsec_t, get_cpi, status_t, private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int16_t *cpi) + uint16_t *cpi) { return NOT_SUPPORTED; } METHOD(kernel_ipsec_t, add_sa, status_t, - private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, - u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, - u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, - bool initiator, bool encap, bool esn, bool inbound, bool update, - linked_list_t* src_ts, linked_list_t* dst_ts) + private_tkm_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data) { esa_info_t esa; esp_spi_type spi_loc, spi_rem; @@ -97,43 +92,43 @@ METHOD(kernel_ipsec_t, add_sa, status_t, esa_id_type esa_id; nonce_type nc_rem; - if (enc_key.ptr == NULL) + if (data->enc_key.ptr == NULL) { DBG1(DBG_KNL, "Unable to get ESA information"); return FAILED; } - esa = *(esa_info_t *)(enc_key.ptr); + esa = *(esa_info_t *)(data->enc_key.ptr); /* only handle the case where we have both distinct ESP spi's available */ - if (esa.spi_r == spi) + if (esa.spi_r == id->spi) { chunk_free(&esa.nonce_i); chunk_free(&esa.nonce_r); return SUCCESS; } - if (initiator) + if (data->initiator) { - spi_loc = spi; + spi_loc = id->spi; spi_rem = esa.spi_r; - local = dst; - peer = src; + local = id->dst; + peer = id->src; nonce_loc = &esa.nonce_i; nonce_rem = &esa.nonce_r; } else { spi_loc = esa.spi_r; - spi_rem = spi; - local = src; - peer = dst; + spi_rem = id->spi; + local = id->src; + peer = id->dst; nonce_loc = &esa.nonce_r; nonce_rem = &esa.nonce_i; } esa_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_ESA); - if (!tkm->sad->insert(tkm->sad, esa_id, reqid, local, peer, spi_loc, spi_rem, - protocol)) + if (!tkm->sad->insert(tkm->sad, esa_id, data->reqid, local, peer, + spi_loc, spi_rem, id->proto)) { DBG1(DBG_KNL, "unable to add entry (%llu) to SAD", esa_id); goto sad_failure; @@ -146,8 +141,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t, nonce_loc_id = tkm->chunk_map->get_id(tkm->chunk_map, nonce_loc); if (nonce_loc_id == 0 && esa.dh_id == 0) { - if (ike_esa_create_first(esa_id, esa.isa_id, reqid, 1, spi_loc, spi_rem) - != TKM_OK) + if (ike_esa_create_first(esa_id, esa.isa_id, data->reqid, 1, spi_loc, + spi_rem) != TKM_OK) { DBG1(DBG_KNL, "child SA (%llu, first) creation failed", esa_id); goto failure; @@ -157,9 +152,9 @@ METHOD(kernel_ipsec_t, add_sa, status_t, else if (nonce_loc_id != 0 && esa.dh_id == 0) { chunk_to_sequence(nonce_rem, &nc_rem, sizeof(nonce_type)); - if (ike_esa_create_no_pfs(esa_id, esa.isa_id, reqid, 1, nonce_loc_id, - nc_rem, initiator, spi_loc, spi_rem) - != TKM_OK) + if (ike_esa_create_no_pfs(esa_id, esa.isa_id, data->reqid, 1, + nonce_loc_id, nc_rem, data->initiator, + spi_loc, spi_rem) != TKM_OK) { DBG1(DBG_KNL, "child SA (%llu, no PFS) creation failed", esa_id); goto failure; @@ -171,8 +166,9 @@ METHOD(kernel_ipsec_t, add_sa, status_t, else { chunk_to_sequence(nonce_rem, &nc_rem, sizeof(nonce_type)); - if (ike_esa_create(esa_id, esa.isa_id, reqid, 1, esa.dh_id, nonce_loc_id, - nc_rem, initiator, spi_loc, spi_rem) != TKM_OK) + if (ike_esa_create(esa_id, esa.isa_id, data->reqid, 1, esa.dh_id, + nonce_loc_id, nc_rem, data->initiator, spi_loc, + spi_rem) != TKM_OK) { DBG1(DBG_KNL, "child SA (%llu) creation failed", esa_id); goto failure; @@ -192,7 +188,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, DBG1(DBG_KNL, "added child SA (esa: %llu, isa: %llu, esp_spi_loc: %x, " "esp_spi_rem: %x, role: %s)", esa_id, esa.isa_id, ntohl(spi_loc), - ntohl(spi_rem), initiator ? "initiator" : "responder"); + ntohl(spi_rem), data->initiator ? "initiator" : "responder"); chunk_free(&esa.nonce_i); chunk_free(&esa.nonce_r); @@ -208,20 +204,21 @@ sad_failure: } METHOD(kernel_ipsec_t, query_sa, status_t, - private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes, - u_int64_t *packets, time_t *time) + private_tkm_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets, + time_t *time) { return NOT_SUPPORTED; } METHOD(kernel_ipsec_t, del_sa, status_t, - private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark) + private_tkm_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data) { esa_id_type esa_id, other_esa_id; - esa_id = tkm->sad->get_esa_id(tkm->sad, src, dst, spi, protocol); + esa_id = tkm->sad->get_esa_id(tkm->sad, id->src, id->dst, + id->spi, id->proto); if (esa_id) { other_esa_id = tkm->sad->get_other_esa_id(tkm->sad, esa_id); @@ -236,7 +233,7 @@ METHOD(kernel_ipsec_t, del_sa, status_t, } DBG1(DBG_KNL, "deleting child SA (esa: %llu, spi: %x)", esa_id, - ntohl(spi)); + ntohl(id->spi)); if (ike_esa_reset(esa_id) != TKM_OK) { DBG1(DBG_KNL, "child SA (%llu) deletion failed", esa_id); @@ -249,9 +246,8 @@ METHOD(kernel_ipsec_t, del_sa, status_t, } METHOD(kernel_ipsec_t, update_sa, status_t, - private_tkm_kernel_ipsec_t *this, u_int32_t spi, u_int8_t protocol, - u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, - bool old_encap, bool new_encap, mark_t mark) + private_tkm_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data) { return NOT_SUPPORTED; } @@ -264,27 +260,22 @@ METHOD(kernel_ipsec_t, flush_sas, status_t, } METHOD(kernel_ipsec_t, add_policy, status_t, - private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_tkm_kernel_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { return SUCCESS; } METHOD(kernel_ipsec_t, query_policy, status_t, - private_tkm_kernel_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - time_t *use_time) + private_tkm_kernel_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, time_t *use_time) { return NOT_SUPPORTED; } METHOD(kernel_ipsec_t, del_policy, status_t, - private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_tkm_kernel_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { return SUCCESS; } @@ -338,7 +329,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool, } METHOD(kernel_ipsec_t, enable_udp_decap, bool, - private_tkm_kernel_ipsec_t *this, int fd, int family, u_int16_t port) + private_tkm_kernel_ipsec_t *this, int fd, int family, uint16_t port) { int type = UDP_ENCAP_ESPINUDP; diff --git a/src/charon-tkm/src/tkm/tkm_kernel_sad.c b/src/charon-tkm/src/tkm/tkm_kernel_sad.c index 2556f6b8b..22d2aac13 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_sad.c +++ b/src/charon-tkm/src/tkm/tkm_kernel_sad.c @@ -59,7 +59,7 @@ struct sad_entry_t { /** * Reqid. */ - u_int32_t reqid; + uint32_t reqid; /** * Source address of CHILD SA. @@ -74,17 +74,17 @@ struct sad_entry_t { /** * Local SPI of CHILD SA. */ - u_int32_t spi_loc; + uint32_t spi_loc; /** * Remote SPI of CHILD SA. */ - u_int32_t spi_rem; + uint32_t spi_rem; /** * Protocol of CHILD SA (ESP/AH). */ - u_int8_t proto; + uint8_t proto; }; @@ -105,8 +105,8 @@ static void sad_entry_destroy(sad_entry_t *entry) * Find a list entry with given src, dst, (remote) spi and proto values. */ static bool sad_entry_match(sad_entry_t * const entry, const host_t * const src, - const host_t * const dst, const u_int32_t * const spi, - const u_int8_t * const proto) + const host_t * const dst, const uint32_t * const spi, + const uint8_t * const proto) { if (entry->src == NULL || entry->dst == NULL) { @@ -122,9 +122,9 @@ static bool sad_entry_match(sad_entry_t * const entry, const host_t * const src, * Find a list entry with given reqid, spi and proto values. */ static bool sad_entry_match_dst(sad_entry_t * const entry, - const u_int32_t * const reqid, - const u_int32_t * const spi, - const u_int8_t * const proto) + const uint32_t * const reqid, + const uint32_t * const spi, + const uint8_t * const proto) { return entry->reqid == *reqid && entry->spi_rem == *spi && @@ -145,7 +145,7 @@ static bool sad_entry_match_esa_id(sad_entry_t * const entry, */ static bool sad_entry_match_other_esa(sad_entry_t * const entry, const esa_id_type * const esa_id, - const u_int32_t * const reqid) + const uint32_t * const reqid) { return entry->reqid == *reqid && entry->esa_id != *esa_id; @@ -172,8 +172,8 @@ static bool sad_entry_equal(sad_entry_t * const left, sad_entry_t * const right) METHOD(tkm_kernel_sad_t, insert, bool, private_tkm_kernel_sad_t * const this, const esa_id_type esa_id, - const u_int32_t reqid, const host_t * const src, const host_t * const dst, - const u_int32_t spi_loc, const u_int32_t spi_rem, const u_int8_t proto) + const uint32_t reqid, const host_t * const src, const host_t * const dst, + const uint32_t spi_loc, const uint32_t spi_rem, const uint8_t proto) { status_t result; sad_entry_t *new_entry; @@ -212,7 +212,7 @@ METHOD(tkm_kernel_sad_t, insert, bool, METHOD(tkm_kernel_sad_t, get_esa_id, esa_id_type, private_tkm_kernel_sad_t * const this, const host_t * const src, - const host_t * const dst, const u_int32_t spi, const u_int8_t proto) + const host_t * const dst, const uint32_t spi, const uint8_t proto) { esa_id_type id = 0; sad_entry_t *entry = NULL; @@ -242,7 +242,7 @@ METHOD(tkm_kernel_sad_t, get_other_esa_id, esa_id_type, { esa_id_type id = 0; sad_entry_t *entry = NULL; - u_int32_t reqid; + uint32_t reqid; status_t res; this->mutex->lock(this->mutex); @@ -274,8 +274,8 @@ METHOD(tkm_kernel_sad_t, get_other_esa_id, esa_id_type, } METHOD(tkm_kernel_sad_t, get_dst_host, host_t *, - private_tkm_kernel_sad_t * const this, const u_int32_t reqid, - const u_int32_t spi, const u_int8_t proto) + private_tkm_kernel_sad_t * const this, const uint32_t reqid, + const uint32_t spi, const uint8_t proto) { host_t *dst = NULL; sad_entry_t *entry = NULL; diff --git a/src/charon-tkm/src/tkm/tkm_kernel_sad.h b/src/charon-tkm/src/tkm/tkm_kernel_sad.h index 3a84deffc..ba6462192 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_sad.h +++ b/src/charon-tkm/src/tkm/tkm_kernel_sad.h @@ -46,9 +46,9 @@ struct tkm_kernel_sad_t { * @return TRUE if entry was inserted, FALSE otherwise */ bool (*insert)(tkm_kernel_sad_t * const this, const esa_id_type esa_id, - const u_int32_t reqid, const host_t * const src, - const host_t * const dst, const u_int32_t spi_loc, - const u_int32_t spi_rem, const u_int8_t proto); + const uint32_t reqid, const host_t * const src, + const host_t * const dst, const uint32_t spi_loc, + const uint32_t spi_rem, const uint8_t proto); /** * Get ESA id for entry with given parameters. @@ -61,7 +61,7 @@ struct tkm_kernel_sad_t { */ esa_id_type (*get_esa_id)(tkm_kernel_sad_t * const this, const host_t * const src, const host_t * const dst, - const u_int32_t spi, const u_int8_t proto); + const uint32_t spi, const uint8_t proto); /** * Get ESA id for entry associated with same security policy as the @@ -82,7 +82,7 @@ struct tkm_kernel_sad_t { * @return destination host of entry if found, NULL otherwise */ host_t * (*get_dst_host)(tkm_kernel_sad_t * const this, - const u_int32_t reqid, const u_int32_t spi, const u_int8_t proto); + const uint32_t reqid, const uint32_t spi, const uint8_t proto); /** * Remove entry with given ESA id from SAD. diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c index 1e1fa4f30..a7cce0f62 100644 --- a/src/charon-tkm/src/tkm/tkm_keymat.c +++ b/src/charon-tkm/src/tkm/tkm_keymat.c @@ -96,8 +96,8 @@ struct private_tkm_keymat_t { static void aead_create_from_keys(aead_t **in, aead_t **out, const chunk_t * const sk_ai, const chunk_t * const sk_ar, const chunk_t * const sk_ei, const chunk_t * const sk_er, - const u_int16_t enc_alg, const u_int16_t int_alg, - const u_int16_t key_size, bool initiator) + const uint16_t enc_alg, const uint16_t int_alg, + const uint16_t key_size, bool initiator) { *in = *out = NULL; signer_t *signer_i, *signer_r; @@ -187,8 +187,8 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id, pseudo_random_function_t rekey_function, chunk_t rekey_skd) { - u_int16_t enc_alg, int_alg, key_size; - u_int64_t nc_id, spi_loc, spi_rem; + uint16_t enc_alg, int_alg, key_size; + uint64_t nc_id, spi_loc, spi_rem; chunk_t *nonce, c_ai, c_ar, c_ei, c_er; tkm_diffie_hellman_t *tkm_dh; dh_id_type dh_id; diff --git a/src/charon-tkm/src/tkm/tkm_nonceg.c b/src/charon-tkm/src/tkm/tkm_nonceg.c index 336f16ecd..493ea2922 100644 --- a/src/charon-tkm/src/tkm/tkm_nonceg.c +++ b/src/charon-tkm/src/tkm/tkm_nonceg.c @@ -39,7 +39,7 @@ struct private_tkm_nonceg_t { }; METHOD(nonce_gen_t, get_nonce, bool, - private_tkm_nonceg_t *this, size_t size, u_int8_t *buffer) + private_tkm_nonceg_t *this, size_t size, uint8_t *buffer) { nonce_type nonce; uint64_t nc_id; diff --git a/src/charon-tkm/src/tkm/tkm_spi_generator.c b/src/charon-tkm/src/tkm/tkm_spi_generator.c index eff0ca91e..b9ce83727 100644 --- a/src/charon-tkm/src/tkm/tkm_spi_generator.c +++ b/src/charon-tkm/src/tkm/tkm_spi_generator.c @@ -25,8 +25,8 @@ */ typedef struct { rng_t *rng; - u_int64_t spi_mask; - u_int64_t spi_label; + uint64_t spi_mask; + uint64_t spi_label; } get_spi_args_t; static get_spi_args_t *spi_args; @@ -37,12 +37,12 @@ static get_spi_args_t *spi_args; * @param this Callback args containing rng_t and spi mask & label * @return labeled SPI */ -CALLBACK(tkm_get_spi, u_int64_t, +CALLBACK(tkm_get_spi, uint64_t, const get_spi_args_t const *this) { - u_int64_t spi; + uint64_t spi; - if (!this->rng->get_bytes(this->rng, sizeof(spi), (u_int8_t*)&spi)) + if (!this->rng->get_bytes(this->rng, sizeof(spi), (uint8_t*)&spi)) { return 0; } @@ -54,7 +54,7 @@ bool tkm_spi_generator_register(plugin_t *plugin, plugin_feature_t *feature, bool reg, void *cb_data) { - u_int64_t spi_mask, spi_label; + uint64_t spi_mask, spi_label; char *spi_val; rng_t *rng; diff --git a/src/charon-tkm/tests/nonceg_tests.c b/src/charon-tkm/tests/nonceg_tests.c index d150891eb..67c1635ef 100644 --- a/src/charon-tkm/tests/nonceg_tests.c +++ b/src/charon-tkm/tests/nonceg_tests.c @@ -37,7 +37,7 @@ START_TEST(test_nonceg_allocate_nonce) tkm_nonceg_t *ng = tkm_nonceg_create(); const size_t length = 256; - u_int8_t zero[length]; + uint8_t zero[length]; memset(zero, 0, length); chunk_t nonce; @@ -61,10 +61,10 @@ START_TEST(test_nonceg_get_nonce) tkm_nonceg_t *ng = tkm_nonceg_create(); const size_t length = 128; - u_int8_t zero[length]; + uint8_t zero[length]; memset(zero, 0, length); - u_int8_t *buf = malloc(length + 1); + uint8_t *buf = malloc(length + 1); memset(buf, 0, length); /* set end marker */ buf[length] = 255; diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am index c6a6f40f9..b78bbd757 100644 --- a/src/charon/Makefile.am +++ b/src/charon/Makefile.am @@ -15,6 +15,6 @@ AM_CPPFLAGS = \ charon_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - -lm $(PTHREADLIB) $(DLLIB) + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) EXTRA_DIST = Android.mk diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in index b4abeff25..51f62fc37 100644 --- a/src/charon/Makefile.in +++ b/src/charon/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = charon$(EXEEXT) subdir = src/charon -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -107,7 +116,8 @@ am__DEPENDENCIES_1 = charon_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -172,12 +182,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -227,6 +239,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -261,6 +274,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -372,6 +386,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -413,7 +428,7 @@ AM_CPPFLAGS = \ charon_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - -lm $(PTHREADLIB) $(DLLIB) + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) EXTRA_DIST = Android.mk all: all-am @@ -432,7 +447,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/charon/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -748,6 +762,8 @@ uninstall-am: uninstall-ipsecPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS +.PRECIOUS: Makefile + charon.o : $(top_builddir)/config.status diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am index 9cc5fb6b2..87bbf9f28 100644 --- a/src/checksum/Makefile.am +++ b/src/checksum/Makefile.am @@ -53,6 +53,11 @@ if USE_LIBPTTLS libs += $(DESTDIR)$(ipseclibdir)/libpttls.so endif +if USE_LIBTPMTSS + deps += $(top_builddir)/src/libtpmtss/libtpmtss.la + libs += $(DESTDIR)$(ipseclibdir)/libtpmtss.so +endif + if USE_LIBTNCCS deps += $(top_builddir)/src/libtnccs/libtnccs.la libs += $(DESTDIR)$(ipseclibdir)/libtnccs.so diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in index 2584beb76..ef14d1236 100644 --- a/src/checksum/Makefile.in +++ b/src/checksum/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -88,26 +98,26 @@ EXTRA_PROGRAMS = checksum_builder$(EXEEXT) @USE_RADIUS_TRUE@am__append_7 = $(DESTDIR)$(ipseclibdir)/libradius.so @USE_LIBPTTLS_TRUE@am__append_8 = $(top_builddir)/src/libpttls/libpttls.la @USE_LIBPTTLS_TRUE@am__append_9 = $(DESTDIR)$(ipseclibdir)/libpttls.so -@USE_LIBTNCCS_TRUE@am__append_10 = $(top_builddir)/src/libtnccs/libtnccs.la -@USE_LIBTNCCS_TRUE@am__append_11 = $(DESTDIR)$(ipseclibdir)/libtnccs.so -@MONOLITHIC_FALSE@@USE_LIBTNCCS_TRUE@am__append_12 = -DT_PLUGINS=\""${t_plugins}\"" -@USE_SIMAKA_TRUE@am__append_13 = $(top_builddir)/src/libsimaka/libsimaka.la -@USE_SIMAKA_TRUE@am__append_14 = $(DESTDIR)$(ipseclibdir)/libsimaka.so -@USE_IMCV_TRUE@am__append_15 = $(top_builddir)/src/libimcv/libimcv.la -@USE_IMCV_TRUE@am__append_16 = $(DESTDIR)$(ipseclibdir)/libimcv.so -@USE_CHARON_TRUE@am__append_17 = $(top_builddir)/src/libcharon/libcharon.la -@USE_CHARON_TRUE@am__append_18 = $(DESTDIR)$(ipseclibdir)/libcharon.so -@USE_CHARON_TRUE@am__append_19 = $(DESTDIR)$(ipsecdir)/charon -@MONOLITHIC_FALSE@@USE_CHARON_TRUE@am__append_20 = -DC_PLUGINS=\""${c_plugins}\"" -@USE_CMD_TRUE@am__append_21 = $(DESTDIR)$(sbindir)/charon-cmd -@USE_SCEPCLIENT_TRUE@am__append_22 = $(DESTDIR)$(ipsecdir)/scepclient -@USE_PKI_TRUE@am__append_23 = $(DESTDIR)$(bindir)/pki -@USE_SWANCTL_TRUE@am__append_24 = $(DESTDIR)$(sbindir)/swanctl -@USE_ATTR_SQL_TRUE@am__append_25 = $(DESTDIR)$(ipsecdir)/pool -@USE_IMV_ATTESTATION_TRUE@am__append_26 = $(DESTDIR)$(ipsecdir)/attest +@USE_LIBTPMTSS_TRUE@am__append_10 = $(top_builddir)/src/libtpmtss/libtpmtss.la +@USE_LIBTPMTSS_TRUE@am__append_11 = $(DESTDIR)$(ipseclibdir)/libtpmtss.so +@USE_LIBTNCCS_TRUE@am__append_12 = $(top_builddir)/src/libtnccs/libtnccs.la +@USE_LIBTNCCS_TRUE@am__append_13 = $(DESTDIR)$(ipseclibdir)/libtnccs.so +@MONOLITHIC_FALSE@@USE_LIBTNCCS_TRUE@am__append_14 = -DT_PLUGINS=\""${t_plugins}\"" +@USE_SIMAKA_TRUE@am__append_15 = $(top_builddir)/src/libsimaka/libsimaka.la +@USE_SIMAKA_TRUE@am__append_16 = $(DESTDIR)$(ipseclibdir)/libsimaka.so +@USE_IMCV_TRUE@am__append_17 = $(top_builddir)/src/libimcv/libimcv.la +@USE_IMCV_TRUE@am__append_18 = $(DESTDIR)$(ipseclibdir)/libimcv.so +@USE_CHARON_TRUE@am__append_19 = $(top_builddir)/src/libcharon/libcharon.la +@USE_CHARON_TRUE@am__append_20 = $(DESTDIR)$(ipseclibdir)/libcharon.so +@USE_CHARON_TRUE@am__append_21 = $(DESTDIR)$(ipsecdir)/charon +@MONOLITHIC_FALSE@@USE_CHARON_TRUE@am__append_22 = -DC_PLUGINS=\""${c_plugins}\"" +@USE_CMD_TRUE@am__append_23 = $(DESTDIR)$(sbindir)/charon-cmd +@USE_SCEPCLIENT_TRUE@am__append_24 = $(DESTDIR)$(ipsecdir)/scepclient +@USE_PKI_TRUE@am__append_25 = $(DESTDIR)$(bindir)/pki +@USE_SWANCTL_TRUE@am__append_26 = $(DESTDIR)$(sbindir)/swanctl +@USE_ATTR_SQL_TRUE@am__append_27 = $(DESTDIR)$(ipsecdir)/pool +@USE_IMV_ATTESTATION_TRUE@am__append_28 = $(DESTDIR)$(ipsecdir)/attest subdir = src/checksum -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -121,6 +131,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -236,12 +247,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -291,6 +304,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -325,6 +339,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -436,6 +451,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -481,7 +497,7 @@ CLEANFILES = checksum.c $(EXTRA_PROGRAMS) AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libcharon \ -DPLUGINDIR=\"${DESTDIR}${plugindir}\" $(am__append_1) \ - $(am__append_12) $(am__append_20) + $(am__append_14) $(am__append_22) AM_CFLAGS = \ $(PLUGIN_CFLAGS) @@ -491,15 +507,15 @@ AM_CFLAGS = \ # as these are not relinked during installation. deps = $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(am__append_2) $(am__append_4) $(am__append_6) \ - $(am__append_8) $(am__append_10) $(am__append_13) \ - $(am__append_15) $(am__append_17) + $(am__append_8) $(am__append_10) $(am__append_12) \ + $(am__append_15) $(am__append_17) $(am__append_19) libs = $(DESTDIR)$(ipseclibdir)/libstrongswan.so $(am__append_3) \ $(am__append_5) $(am__append_7) $(am__append_9) \ - $(am__append_11) $(am__append_14) $(am__append_16) \ - $(am__append_18) -exes = $(am__append_19) $(am__append_21) $(am__append_22) \ - $(am__append_23) $(am__append_24) $(am__append_25) \ - $(am__append_26) + $(am__append_11) $(am__append_13) $(am__append_16) \ + $(am__append_18) $(am__append_20) +exes = $(am__append_21) $(am__append_23) $(am__append_24) \ + $(am__append_25) $(am__append_26) $(am__append_27) \ + $(am__append_28) all: all-am .SUFFIXES: @@ -516,7 +532,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/checksum/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/checksum/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -827,6 +842,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES tags tags-am uninstall uninstall-am uninstall-hook \ uninstall-ipseclibLTLIBRARIES +.PRECIOUS: Makefile + checksum.c : checksum_builder $(deps) $(exes) ./checksum_builder $(libs) $(exes) > checksum.c diff --git a/src/checksum/checksum_builder.c b/src/checksum/checksum_builder.c index 65399f5bc..e8998d5a7 100644 --- a/src/checksum/checksum_builder.c +++ b/src/checksum/checksum_builder.c @@ -33,7 +33,7 @@ integrity_checker_t *integrity; static void build_checksum(char *path, char *name, char *sname) { void *handle, *symbol; - u_int32_t fsum, ssum; + uint32_t fsum, ssum; size_t fsize = 0; size_t ssize = 0; diff --git a/src/conftest/Makefile.am b/src/conftest/Makefile.am index 2d4e439da..4e4e0beff 100644 --- a/src/conftest/Makefile.am +++ b/src/conftest/Makefile.am @@ -20,6 +20,6 @@ conftest_SOURCES = conftest.c conftest.h config.c config.h actions.c actions.h \ conftest_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - -lm $(PTHREADLIB) $(DLLIB) + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) EXTRA_DIST = README diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in index f5647f9d9..7b499897c 100644 --- a/src/conftest/Makefile.in +++ b/src/conftest/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = conftest$(EXEEXT) subdir = src/conftest -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp README ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -121,7 +130,8 @@ am__DEPENDENCIES_1 = conftest_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -186,12 +196,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp README DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -241,6 +253,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -275,6 +288,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -386,6 +400,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -433,7 +448,7 @@ conftest_SOURCES = conftest.c conftest.h config.c config.h actions.c actions.h \ conftest_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - -lm $(PTHREADLIB) $(DLLIB) + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) EXTRA_DIST = README all: all-am @@ -452,7 +467,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/conftest/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/conftest/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -848,6 +862,8 @@ uninstall-am: uninstall-ipsecPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/conftest/actions.c b/src/conftest/actions.c index 256b63d1b..36c3c8e74 100644 --- a/src/conftest/actions.c +++ b/src/conftest/actions.c @@ -117,7 +117,7 @@ static job_requeue_t rekey_child(char *config) enumerator_t *enumerator, *children; ike_sa_t *ike_sa; child_sa_t *child_sa; - u_int32_t spi, proto; + uint32_t spi, proto; host_t *dst = NULL; enumerator = charon->controller->create_ike_sa_enumerator( diff --git a/src/conftest/config.c b/src/conftest/config.c index c83db7ecd..06a685047 100644 --- a/src/conftest/config.c +++ b/src/conftest/config.c @@ -139,25 +139,23 @@ static ike_cfg_t *load_ike_config(private_config_t *this, static child_cfg_t *load_child_config(private_config_t *this, settings_t *settings, char *config, char *child) { + child_cfg_create_t data = { + .mode = MODE_TUNNEL, + }; child_cfg_t *child_cfg; - lifetime_cfg_t lifetime = {}; enumerator_t *enumerator; proposal_t *proposal; traffic_selector_t *ts; - ipsec_mode_t mode = MODE_TUNNEL; char *token; - u_int32_t tfc; if (settings->get_bool(settings, "configs.%s.%s.transport", FALSE, config, child)) { - mode = MODE_TRANSPORT; + data.mode = MODE_TRANSPORT; } - tfc = settings->get_int(settings, "configs.%s.%s.tfc_padding", - 0, config, child); - child_cfg = child_cfg_create(child, &lifetime, NULL, FALSE, mode, - ACTION_NONE, ACTION_NONE, ACTION_NONE, - FALSE, 0, 0, NULL, NULL, tfc); + data.tfc = settings->get_int(settings, "configs.%s.%s.tfc_padding", + 0, config, child); + child_cfg = child_cfg_create(child, &data); token = settings->get_str(settings, "configs.%s.%s.proposal", NULL, config, child); @@ -249,11 +247,15 @@ static peer_cfg_t *load_peer_config(private_config_t *this, identification_t *lid, *rid; char *child, *policy, *pool; uintptr_t strength; + peer_cfg_create_t peer = { + .cert_policy = CERT_ALWAYS_SEND, + .unique = UNIQUE_NO, + .keyingtries = 1, + .no_mobike = TRUE, + }; ike_cfg = load_ike_config(this, settings, config); - peer_cfg = peer_cfg_create(config, ike_cfg, CERT_ALWAYS_SEND, - UNIQUE_NO, 1, 0, 0, 0, 0, FALSE, FALSE, TRUE, - 0, 0, FALSE, NULL, NULL); + peer_cfg = peer_cfg_create(config, ike_cfg, &peer); auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); diff --git a/src/conftest/hooks/custom_proposal.c b/src/conftest/hooks/custom_proposal.c index ee4404575..c4f8385c0 100644 --- a/src/conftest/hooks/custom_proposal.c +++ b/src/conftest/hooks/custom_proposal.c @@ -52,7 +52,7 @@ struct private_custom_proposal_t { * Load custom proposal configuration to proposal list */ static linked_list_t* load_proposals(private_custom_proposal_t *this, - protocol_id_t proto, u_int64_t spi) + protocol_id_t proto, uint64_t spi) { enumerator_t *props, *algs; char *number, *key, *value; @@ -65,7 +65,7 @@ static linked_list_t* load_proposals(private_custom_proposal_t *this, { const proposal_token_t *token = NULL; proposal_t *proposal; - u_int16_t type, alg, keysize = 0; + uint16_t type, alg, keysize = 0; char *end; proposal = proposal_create(proto, atoi(number)); diff --git a/src/conftest/hooks/log_proposals.c b/src/conftest/hooks/log_proposals.c index c0d458eae..40629014b 100644 --- a/src/conftest/hooks/log_proposals.c +++ b/src/conftest/hooks/log_proposals.c @@ -54,7 +54,7 @@ METHOD(listener_t, message, bool, proposals = list->create_enumerator(list); while (proposals->enumerate(proposals, &proposal)) { - u_int64_t spi = proposal->get_spi(proposal); + uint64_t spi = proposal->get_spi(proposal); if (proposal->get_protocol(proposal) != PROTO_IKE) { diff --git a/src/conftest/hooks/rebuild_auth.c b/src/conftest/hooks/rebuild_auth.c index bc2f00071..42a9cb4e1 100644 --- a/src/conftest/hooks/rebuild_auth.c +++ b/src/conftest/hooks/rebuild_auth.c @@ -67,7 +67,7 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa, char reserved[3]; generator_t *generator; chunk_t data; - u_int32_t *lenpos; + uint32_t *lenpos; payload = message->get_payload(message, message->get_request(message) ? PLV2_ID_INITIATOR : PLV2_ID_RESPONDER); diff --git a/src/conftest/hooks/reset_seq.c b/src/conftest/hooks/reset_seq.c index 717bcdbb9..93c61438e 100644 --- a/src/conftest/hooks/reset_seq.c +++ b/src/conftest/hooks/reset_seq.c @@ -154,7 +154,7 @@ static job_requeue_t reset_cb(struct reset_cb_data_t *data) * Schedule sequence number reset job */ static void schedule_reset_job(private_reset_seq_t *this, host_t *dst, - u_int32_t spi) + uint32_t spi) { struct reset_cb_data_t *data; chunk_t chunk; diff --git a/src/conftest/hooks/set_ike_spi.c b/src/conftest/hooks/set_ike_spi.c index bda02580d..cc4d5afe4 100644 --- a/src/conftest/hooks/set_ike_spi.c +++ b/src/conftest/hooks/set_ike_spi.c @@ -42,12 +42,12 @@ struct private_set_ike_spi_t { /** * Initiator SPI */ - u_int64_t spii; + uint64_t spii; /** * Responder SPI */ - u_int64_t spir; + uint64_t spir; }; METHOD(listener_t, message, bool, diff --git a/src/conftest/hooks/set_length.c b/src/conftest/hooks/set_length.c index b1a1a4723..7f6415841 100644 --- a/src/conftest/hooks/set_length.c +++ b/src/conftest/hooks/set_length.c @@ -75,7 +75,7 @@ METHOD(listener_t, message, bool, if (type == payload->get_type(payload)) { encoding_rule_t *rules; - u_int16_t *len; + uint16_t *len; int i, count; count = payload->get_encoding_rules(payload, &rules); @@ -83,7 +83,7 @@ METHOD(listener_t, message, bool, { if (rules[i].type == PAYLOAD_LENGTH) { - len = (u_int16_t*)(((void*)payload) + rules[i].offset); + len = (uint16_t*)(((void*)payload) + rules[i].offset); DBG1(DBG_CFG, "adjusting length of %N payload " "from %d to %d", payload_type_short_names, type, *len, *len + this->diff); diff --git a/src/conftest/hooks/set_proposal_number.c b/src/conftest/hooks/set_proposal_number.c index 4e572d608..dd814ad15 100644 --- a/src/conftest/hooks/set_proposal_number.c +++ b/src/conftest/hooks/set_proposal_number.c @@ -57,7 +57,7 @@ static void copy_proposal_algs(proposal_t *from, proposal_t *to, transform_type_t type) { enumerator_t *enumerator; - u_int16_t alg, key_size; + uint16_t alg, key_size; enumerator = from->create_enumerator(from, type); while (enumerator->enumerate(enumerator, &alg, &key_size)) diff --git a/src/conftest/hooks/set_reserved.c b/src/conftest/hooks/set_reserved.c index 488e8df1c..7ce6f1b88 100644 --- a/src/conftest/hooks/set_reserved.c +++ b/src/conftest/hooks/set_reserved.c @@ -85,11 +85,11 @@ static void set_bit(private_set_reserved_t *this, message_t *message, * Set reserved byte of a payload */ static void set_byte(private_set_reserved_t *this, message_t *message, - payload_type_t type, u_int nr, u_int8_t byteval) + payload_type_t type, u_int nr, uint8_t byteval) { enumerator_t *payloads; payload_t *payload; - u_int8_t *byte; + uint8_t *byte; if (type == PLV2_TRANSFORM_SUBSTRUCTURE || type == PLV2_PROPOSAL_SUBSTRUCTURE) { @@ -172,7 +172,7 @@ METHOD(listener_t, message, bool, enumerator_t *bits, *bytes, *types; payload_type_t type; char *nr, *name; - u_int8_t byteval; + uint8_t byteval; types = conftest->test->create_section_enumerator(conftest->test, "hooks.%s", this->name); diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in index 6525fbcb4..d3bb11f61 100644 --- a/src/dumm/Makefile.in +++ b/src/dumm/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = dumm$(EXEEXT) irdumm$(EXEEXT) subdir = src/dumm -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -208,12 +217,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -263,6 +274,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -297,6 +309,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -408,6 +421,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -472,7 +486,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/dumm/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/dumm/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -841,6 +854,8 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-ipseclibLTLIBRARIES tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS \ uninstall-ipseclibLTLIBRARIES +.PRECIOUS: Makefile + all-local: ext diff --git a/src/dumm/mconsole.c b/src/dumm/mconsole.c index 54c4fe395..4563d6f9e 100644 --- a/src/dumm/mconsole.c +++ b/src/dumm/mconsole.c @@ -54,9 +54,9 @@ struct private_mconsole_t { typedef struct mconsole_request mconsole_request; /** mconsole request message */ struct mconsole_request { - u_int32_t magic; - u_int32_t version; - u_int32_t len; + uint32_t magic; + uint32_t version; + uint32_t len; char data[MCONSOLE_MAX_DATA]; }; @@ -64,24 +64,24 @@ struct mconsole_request { typedef struct mconsole_reply mconsole_reply; /** mconsole reply message */ struct mconsole_reply { - u_int32_t err; - u_int32_t more; - u_int32_t len; + uint32_t err; + uint32_t more; + uint32_t len; char data[MCONSOLE_MAX_DATA]; }; typedef struct mconsole_notify mconsole_notify; /** mconsole notify message */ struct mconsole_notify { - u_int32_t magic; - u_int32_t version; + uint32_t magic; + uint32_t version; enum { MCONSOLE_SOCKET, MCONSOLE_PANIC, MCONSOLE_HANG, MCONSOLE_USER_NOTIFY, } type; - u_int32_t len; + uint32_t len; char data[MCONSOLE_MAX_DATA]; }; diff --git a/src/include/Makefile.in b/src/include/Makefile.in index 9f4becb40..c909af9a1 100644 --- a/src/include/Makefile.in +++ b/src/include/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,7 +88,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/include -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -92,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -116,12 +126,14 @@ am__can_run_installinfo = \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -171,6 +183,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -205,6 +218,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -316,6 +330,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -362,7 +377,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/include/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/include/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -537,6 +551,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/include/linux/pfkeyv2.h b/src/include/linux/pfkeyv2.h index 7379d1a94..7a1e995a3 100644 --- a/src/include/linux/pfkeyv2.h +++ b/src/include/linux/pfkeyv2.h @@ -159,7 +159,7 @@ struct sadb_spirange { struct sadb_x_kmprivate { uint16_t sadb_x_kmprivate_len; uint16_t sadb_x_kmprivate_exttype; - u_int32_t sadb_x_kmprivate_reserved; + uint32_t sadb_x_kmprivate_reserved; } __attribute__((packed)); /* sizeof(struct sadb_x_kmprivate) == 8 */ diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in index 72022ed56..c4cb5af4c 100644 --- a/src/ipsec/Makefile.in +++ b/src/ipsec/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/ipsec -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(dist_man8_MANS) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -150,12 +159,14 @@ man8dir = $(mandir)/man8 NROFF = nroff MANS = $(dist_man8_MANS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(dist_man8_MANS) $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -205,6 +216,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -239,6 +251,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -350,6 +363,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -397,7 +411,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/ipsec/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/ipsec/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -660,6 +673,8 @@ uninstall-man: uninstall-man8 ps ps-am tags-am uninstall uninstall-am uninstall-hook \ uninstall-man uninstall-man8 uninstall-sbinSCRIPTS +.PRECIOUS: Makefile + _ipsec.8 : _ipsec.8.in $(AM_V_GEN) \ diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8 index 686c1ce80..b0acc6c0c 100644 --- a/src/ipsec/_ipsec.8 +++ b/src/ipsec/_ipsec.8 @@ -1,4 +1,4 @@ -.TH IPSEC 8 "2013-10-29" "5.4.0rc1" "strongSwan" +.TH IPSEC 8 "2013-10-29" "5.5.0rc1" "strongSwan" . .SH NAME . diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk index 55e6bc58b..4f3d78c6d 100644 --- a/src/libcharon/Android.mk +++ b/src/libcharon/Android.mk @@ -10,6 +10,7 @@ attributes/mem_pool.c attributes/mem_pool.h \ bus/bus.c bus/bus.h \ bus/listeners/listener.h \ bus/listeners/logger.h \ +bus/listeners/custom_logger.h \ bus/listeners/file_logger.c bus/listeners/file_logger.h \ config/backend_manager.c config/backend_manager.h config/backend.h \ config/child_cfg.c config/child_cfg.h \ diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index 9f0707813..550f6eb9c 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -154,12 +154,15 @@ AM_CPPFLAGS = \ -DIPSEC_DIR=\"${ipsecdir}\" \ -DIPSEC_PIDDIR=\"${piddir}\" +AM_CFLAGS = \ + @COVERAGE_CFLAGS@ + AM_LDFLAGS = \ -no-undefined libcharon_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - -lm $(PTHREADLIB) $(DLLIB) $(SOCKLIB) + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) $(SOCKLIB) if USE_WINDOWS libcharon_la_LIBADD += -lws2_32 diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in index 2ccae216e..3ea9b8089 100644 --- a/src/libcharon/Makefile.in +++ b/src/libcharon/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -284,8 +294,6 @@ host_triplet = @host@ @USE_ATTR_SQL_TRUE@am__append_146 = plugins/attr_sql @MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE@am__append_147 = plugins/attr_sql/libstrongswan-attr-sql.la subdir = src/libcharon -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -299,6 +307,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -336,31 +345,32 @@ am__DEPENDENCIES_1 = libcharon_la_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_7) \ - $(am__append_9) $(am__append_11) $(am__append_13) \ - $(am__append_15) $(am__append_17) $(am__append_19) \ - $(am__append_21) $(am__append_23) $(am__append_25) \ - $(am__append_27) $(am__append_29) $(am__append_31) \ - $(am__append_33) $(am__append_35) $(am__append_37) \ - $(am__append_39) $(am__append_41) $(am__append_43) \ - $(am__append_45) $(am__append_47) $(am__append_49) \ - $(am__append_51) $(am__append_53) $(am__append_54) \ - $(am__append_56) $(am__append_58) $(am__append_60) \ - $(am__append_62) $(am__append_64) $(am__append_66) \ - $(am__append_68) $(am__append_70) $(am__append_72) \ - $(am__append_73) $(am__append_74) $(am__append_76) \ - $(am__append_78) $(am__append_79) $(am__append_81) \ - $(am__append_83) $(am__append_85) $(am__append_87) \ - $(am__append_89) $(am__append_91) $(am__append_93) \ - $(am__append_95) $(am__append_97) $(am__append_99) \ - $(am__append_101) $(am__append_103) $(am__append_105) \ - $(am__append_107) $(am__append_109) $(am__append_111) \ - $(am__append_113) $(am__append_115) $(am__append_117) \ - $(am__append_119) $(am__append_121) $(am__append_123) \ - $(am__append_125) $(am__append_127) $(am__append_129) \ - $(am__append_131) $(am__append_133) $(am__append_135) \ - $(am__append_137) $(am__append_139) $(am__append_141) \ - $(am__append_143) $(am__append_145) $(am__append_147) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__append_7) $(am__append_9) \ + $(am__append_11) $(am__append_13) $(am__append_15) \ + $(am__append_17) $(am__append_19) $(am__append_21) \ + $(am__append_23) $(am__append_25) $(am__append_27) \ + $(am__append_29) $(am__append_31) $(am__append_33) \ + $(am__append_35) $(am__append_37) $(am__append_39) \ + $(am__append_41) $(am__append_43) $(am__append_45) \ + $(am__append_47) $(am__append_49) $(am__append_51) \ + $(am__append_53) $(am__append_54) $(am__append_56) \ + $(am__append_58) $(am__append_60) $(am__append_62) \ + $(am__append_64) $(am__append_66) $(am__append_68) \ + $(am__append_70) $(am__append_72) $(am__append_73) \ + $(am__append_74) $(am__append_76) $(am__append_78) \ + $(am__append_79) $(am__append_81) $(am__append_83) \ + $(am__append_85) $(am__append_87) $(am__append_89) \ + $(am__append_91) $(am__append_93) $(am__append_95) \ + $(am__append_97) $(am__append_99) $(am__append_101) \ + $(am__append_103) $(am__append_105) $(am__append_107) \ + $(am__append_109) $(am__append_111) $(am__append_113) \ + $(am__append_115) $(am__append_117) $(am__append_119) \ + $(am__append_121) $(am__append_123) $(am__append_125) \ + $(am__append_127) $(am__append_129) $(am__append_131) \ + $(am__append_133) $(am__append_135) $(am__append_137) \ + $(am__append_139) $(am__append_141) $(am__append_143) \ + $(am__append_145) $(am__append_147) am__libcharon_la_SOURCES_DIST = attributes/attributes.c \ attributes/attributes.h attributes/attribute_provider.h \ attributes/attribute_handler.h attributes/attribute_manager.c \ @@ -747,6 +757,7 @@ DIST_SUBDIRS = . plugins/load_tester plugins/socket_default \ plugins/xauth_generic plugins/xauth_eap plugins/xauth_pam \ plugins/xauth_noauth plugins/resolve plugins/attr \ plugins/attr_sql tests +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -778,6 +789,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -827,6 +839,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -861,6 +874,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -972,6 +986,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -1112,12 +1127,15 @@ AM_CPPFLAGS = \ -DIPSEC_DIR=\"${ipsecdir}\" \ -DIPSEC_PIDDIR=\"${piddir}\" +AM_CFLAGS = \ + @COVERAGE_CFLAGS@ + AM_LDFLAGS = \ -no-undefined libcharon_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la -lm \ - $(PTHREADLIB) $(DLLIB) $(SOCKLIB) $(am__append_4) \ + $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) $(SOCKLIB) $(am__append_4) \ $(am__append_7) $(am__append_9) $(am__append_11) \ $(am__append_13) $(am__append_15) $(am__append_17) \ $(am__append_19) $(am__append_21) $(am__append_23) \ @@ -1233,7 +1251,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -2231,6 +2248,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipseclibLTLIBRARIES +.PRECIOUS: Makefile + daemon.lo : $(top_builddir)/config.status diff --git a/src/libcharon/attributes/mem_pool.c b/src/libcharon/attributes/mem_pool.c index 833c3e950..a2b7c2803 100644 --- a/src/libcharon/attributes/mem_pool.c +++ b/src/libcharon/attributes/mem_pool.c @@ -142,7 +142,7 @@ static host_t* offset2host(private_mem_pool_t *pool, int offset) { chunk_t addr; host_t *host; - u_int32_t *pos; + uint32_t *pos; offset--; if (offset > pool->size) @@ -153,11 +153,11 @@ static host_t* offset2host(private_mem_pool_t *pool, int offset) addr = chunk_clone(pool->base->get_address(pool->base)); if (pool->base->get_family(pool->base) == AF_INET6) { - pos = (u_int32_t*)(addr.ptr + 12); + pos = (uint32_t*)(addr.ptr + 12); } else { - pos = (u_int32_t*)addr.ptr; + pos = (uint32_t*)addr.ptr; } *pos = htonl(offset + ntohl(*pos)); host = host_create_from_chunk(pool->base->get_family(pool->base), addr, 0); @@ -171,7 +171,7 @@ static host_t* offset2host(private_mem_pool_t *pool, int offset) static int host2offset(private_mem_pool_t *pool, host_t *addr) { chunk_t host, base; - u_int32_t hosti, basei; + uint32_t hosti, basei; if (addr->get_family(addr) != pool->base->get_family(pool->base)) { @@ -189,8 +189,8 @@ static int host2offset(private_mem_pool_t *pool, host_t *addr) host = chunk_skip(host, 12); base = chunk_skip(base, 12); } - hosti = ntohl(*(u_int32_t*)(host.ptr)); - basei = ntohl(*(u_int32_t*)(base.ptr)); + hosti = ntohl(*(uint32_t*)(host.ptr)); + basei = ntohl(*(uint32_t*)(base.ptr)); if (hosti > basei + pool->size) { return -1; @@ -634,7 +634,7 @@ static private_mem_pool_t *create_generic(char *name) */ static u_int network_id_diff(host_t *host, int hostbits) { - u_int32_t last; + uint32_t last; chunk_t addr; if (!hostbits) @@ -705,7 +705,7 @@ mem_pool_t *mem_pool_create_range(char *name, host_t *from, host_t *to) { private_mem_pool_t *this; chunk_t fromaddr, toaddr; - u_int32_t diff; + uint32_t diff; fromaddr = from->get_address(from); toaddr = to->get_address(to); diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c index 53ded6be7..e17d629d2 100644 --- a/src/libcharon/bus/bus.c +++ b/src/libcharon/bus/bus.c @@ -688,7 +688,7 @@ METHOD(bus_t, child_rekey, void, } METHOD(bus_t, children_migrate, void, - private_bus_t *this, ike_sa_id_t *new, u_int32_t unique) + private_bus_t *this, ike_sa_id_t *new, uint32_t unique) { enumerator_t *enumerator; ike_sa_t *ike_sa; diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h index b6757b140..305cbe4ae 100644 --- a/src/libcharon/bus/bus.h +++ b/src/libcharon/bus/bus.h @@ -101,9 +101,13 @@ enum alert_t { /** received IKE message with invalid body, argument is message_t*, * followed by a status_t result returned by message_t.parse_body(). */ ALERT_PARSE_ERROR_BODY, - /** sending a retransmit for a message, argument is packet_t, if the message - * got fragmented only the first fragment is passed */ + /** sending a retransmit for a message, arguments are packet_t and number + * of the retransmit, if the message got fragmented only the first fragment + * is passed */ ALERT_RETRANSMIT_SEND, + /** received response for retransmitted request, argument is packet_t, if + * the message got fragmented only the first fragment is passed */ + ALERT_RETRANSMIT_SEND_CLEARED, /** sending retransmits timed out, argument is packet_t, if available and if * the message got fragmented only the first fragment is passed */ ALERT_RETRANSMIT_SEND_TIMEOUT, @@ -432,7 +436,7 @@ struct bus_t { * @param new ID of new SA when called for the old, NULL otherwise * @param uniue unique ID of new SA when called for the old, 0 otherwise */ - void (*children_migrate)(bus_t *this, ike_sa_id_t *new, u_int32_t unique); + void (*children_migrate)(bus_t *this, ike_sa_id_t *new, uint32_t unique); /** * Virtual IP assignment hook. diff --git a/src/libcharon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h index c7a8d8d1e..be2726ede 100644 --- a/src/libcharon/bus/listeners/listener.h +++ b/src/libcharon/bus/listeners/listener.h @@ -200,7 +200,7 @@ struct listener_t { * @return TRUE to stay registered, FALSE to unregister */ bool (*children_migrate)(listener_t *this, ike_sa_t *ike_sa, - ike_sa_id_t *new, u_int32_t unique); + ike_sa_id_t *new, uint32_t unique); /** * Hook called to invoke additional authorization rules. diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index 3d3c7419b..76d7f2c58 100644 --- a/src/libcharon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c @@ -1,8 +1,9 @@ /* - * Copyright (C) 2008-2015 Tobias Brunner + * Copyright (C) 2016 Andreas Steffen + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -110,12 +111,12 @@ struct private_child_cfg_t { /** * Inactivity timeout */ - u_int32_t inactivity; + uint32_t inactivity; /** * Reqid to install CHILD_SA with */ - u_int32_t reqid; + uint32_t reqid; /** * Optional mark to install inbound CHILD_SA with @@ -130,7 +131,17 @@ struct private_child_cfg_t { /** * Traffic Flow Confidentiality padding, if enabled */ - u_int32_t tfc; + uint32_t tfc; + + /** + * Optional manually-set IPsec policy priorities + */ + uint32_t manual_prio; + + /** + * Optional restriction of IPsec policy to a given network interface + */ + char *interface; /** * set up IPsec transport SA in MIPv6 proxy mode @@ -145,7 +156,7 @@ struct private_child_cfg_t { /** * anti-replay window size */ - u_int32_t replay_window; + uint32_t replay_window; }; METHOD(child_cfg_t, get_name, char*, @@ -200,25 +211,40 @@ METHOD(child_cfg_t, get_proposals, linked_list_t*, METHOD(child_cfg_t, select_proposal, proposal_t*, private_child_cfg_t*this, linked_list_t *proposals, bool strip_dh, - bool private) + bool private, bool prefer_self) { - enumerator_t *stored_enum, *supplied_enum; - proposal_t *stored, *supplied, *selected = NULL; + enumerator_t *prefer_enum, *match_enum; + proposal_t *proposal, *match, *selected = NULL; - stored_enum = this->proposals->create_enumerator(this->proposals); - supplied_enum = proposals->create_enumerator(proposals); + if (prefer_self) + { + prefer_enum = this->proposals->create_enumerator(this->proposals); + match_enum = proposals->create_enumerator(proposals); + } + else + { + prefer_enum = proposals->create_enumerator(proposals); + match_enum = this->proposals->create_enumerator(this->proposals); + } - /* compare all stored proposals with all supplied. Stored ones are preferred. */ - while (stored_enum->enumerate(stored_enum, &stored)) + while (prefer_enum->enumerate(prefer_enum, &proposal)) { - stored = stored->clone(stored); - while (supplied_enum->enumerate(supplied_enum, &supplied)) + proposal = proposal->clone(proposal); + if (prefer_self) + { + proposals->reset_enumerator(proposals, match_enum); + } + else + { + this->proposals->reset_enumerator(this->proposals, match_enum); + } + while (match_enum->enumerate(match_enum, &match)) { if (strip_dh) { - stored->strip_dh(stored, MODP_NONE); + proposal->strip_dh(proposal, MODP_NONE); } - selected = stored->select(stored, supplied, private); + selected = proposal->select(proposal, match, private); if (selected) { DBG2(DBG_CFG, "received proposals: %#P", proposals); @@ -227,17 +253,15 @@ METHOD(child_cfg_t, select_proposal, proposal_t*, break; } } - stored->destroy(stored); + proposal->destroy(proposal); if (selected) { break; } - supplied_enum->destroy(supplied_enum); - supplied_enum = proposals->create_enumerator(proposals); } - stored_enum->destroy(stored_enum); - supplied_enum->destroy(supplied_enum); - if (selected == NULL) + prefer_enum->destroy(prefer_enum); + match_enum->destroy(match_enum); + if (!selected) { DBG1(DBG_CFG, "received proposals: %#P", proposals); DBG1(DBG_CFG, "configured proposals: %#P", this->proposals); @@ -405,7 +429,7 @@ METHOD(child_cfg_t, get_hostaccess, bool, * Note: The distribution of random values is not perfect, but it * should get the job done. */ -static u_int64_t apply_jitter(u_int64_t rekey, u_int64_t jitter) +static uint64_t apply_jitter(uint64_t rekey, uint64_t jitter) { if (jitter == 0) { @@ -417,10 +441,14 @@ static u_int64_t apply_jitter(u_int64_t rekey, u_int64_t jitter) #define APPLY_JITTER(l) l.rekey = apply_jitter(l.rekey, l.jitter) METHOD(child_cfg_t, get_lifetime, lifetime_cfg_t*, - private_child_cfg_t *this) + private_child_cfg_t *this, bool jitter) { lifetime_cfg_t *lft = malloc_thing(lifetime_cfg_t); memcpy(lft, &this->lifetime, sizeof(lifetime_cfg_t)); + if (!jitter) + { + lft->time.jitter = lft->bytes.jitter = lft->packets.jitter = 0; + } APPLY_JITTER(lft->time); APPLY_JITTER(lft->bytes); APPLY_JITTER(lft->packets); @@ -456,7 +484,7 @@ METHOD(child_cfg_t, get_dh_group, diffie_hellman_group_t, { enumerator_t *enumerator; proposal_t *proposal; - u_int16_t dh_group = MODP_NONE; + uint16_t dh_group = MODP_NONE; enumerator = this->proposals->create_enumerator(this->proposals); while (enumerator->enumerate(enumerator, &proposal)) @@ -476,13 +504,13 @@ METHOD(child_cfg_t, use_ipcomp, bool, return this->use_ipcomp; } -METHOD(child_cfg_t, get_inactivity, u_int32_t, +METHOD(child_cfg_t, get_inactivity, uint32_t, private_child_cfg_t *this) { return this->inactivity; } -METHOD(child_cfg_t, get_reqid, u_int32_t, +METHOD(child_cfg_t, get_reqid, uint32_t, private_child_cfg_t *this) { return this->reqid; @@ -494,29 +522,34 @@ METHOD(child_cfg_t, get_mark, mark_t, return inbound ? this->mark_in : this->mark_out; } -METHOD(child_cfg_t, get_tfc, u_int32_t, +METHOD(child_cfg_t, get_tfc, uint32_t, private_child_cfg_t *this) { return this->tfc; } -METHOD(child_cfg_t, get_replay_window, u_int32_t, +METHOD(child_cfg_t, get_manual_prio, uint32_t, private_child_cfg_t *this) { - return this->replay_window; + return this->manual_prio; } -METHOD(child_cfg_t, set_replay_window, void, - private_child_cfg_t *this, u_int32_t replay_window) +METHOD(child_cfg_t, get_interface, char*, + private_child_cfg_t *this) { - this->replay_window = replay_window; + return this->interface; +} + +METHOD(child_cfg_t, get_replay_window, uint32_t, + private_child_cfg_t *this) +{ + return this->replay_window; } -METHOD(child_cfg_t, set_mipv6_options, void, - private_child_cfg_t *this, bool proxy_mode, bool install_policy) +METHOD(child_cfg_t, set_replay_window, void, + private_child_cfg_t *this, uint32_t replay_window) { - this->proxy_mode = proxy_mode; - this->install_policy = install_policy; + this->replay_window = replay_window; } METHOD(child_cfg_t, use_proxy_mode, bool, @@ -532,7 +565,7 @@ METHOD(child_cfg_t, install_policy, bool, } #define LT_PART_EQUALS(a, b) ({ a.life == b.life && a.rekey == b.rekey && a.jitter == b.jitter; }) -#define LIFETIME_EQUALS(a, b) ({ LT_PART_EQUALS(a.time, b.time) && LT_PART_EQUALS(a.bytes, b.bytes) && LT_PART_EQUALS(a.packets, b.packets); }) +#define LIFETIME_EQUALS(a, b) ({ LT_PART_EQUALS(a.time, b.time) && LT_PART_EQUALS(a.bytes, b.bytes) && LT_PART_EQUALS(a.packets, b.packets); }) METHOD(child_cfg_t, equals, bool, private_child_cfg_t *this, child_cfg_t *other_pub) @@ -576,10 +609,12 @@ METHOD(child_cfg_t, equals, bool, this->mark_out.value == other->mark_out.value && this->mark_out.mask == other->mark_out.mask && this->tfc == other->tfc && + this->manual_prio == other->manual_prio && this->replay_window == other->replay_window && this->proxy_mode == other->proxy_mode && this->install_policy == other->install_policy && - streq(this->updown, other->updown); + streq(this->updown, other->updown) && + streq(this->interface, other->interface); } METHOD(child_cfg_t, get_ref, child_cfg_t*, @@ -597,10 +632,8 @@ METHOD(child_cfg_t, destroy, void, this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy)); this->my_ts->destroy_offset(this->my_ts, offsetof(traffic_selector_t, destroy)); this->other_ts->destroy_offset(this->other_ts, offsetof(traffic_selector_t, destroy)); - if (this->updown) - { - free(this->updown); - } + free(this->updown); + free(this->interface); free(this->name); free(this); } @@ -609,12 +642,7 @@ METHOD(child_cfg_t, destroy, void, /* * Described in header-file */ -child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, - char *updown, bool hostaccess, - ipsec_mode_t mode, action_t start_action, - action_t dpd_action, action_t close_action, - bool ipcomp, u_int32_t inactivity, u_int32_t reqid, - mark_t *mark_in, mark_t *mark_out, u_int32_t tfc) +child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data) { private_child_cfg_t *this; @@ -634,12 +662,13 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, .get_close_action = _get_close_action, .get_lifetime = _get_lifetime, .get_dh_group = _get_dh_group, - .set_mipv6_options = _set_mipv6_options, .use_ipcomp = _use_ipcomp, .get_inactivity = _get_inactivity, .get_reqid = _get_reqid, .get_mark = _get_mark, .get_tfc = _get_tfc, + .get_manual_prio = _get_manual_prio, + .get_interface = _get_interface, .get_replay_window = _get_replay_window, .set_replay_window = _set_replay_window, .use_proxy_mode = _use_proxy_mode, @@ -649,35 +678,30 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, .destroy = _destroy, }, .name = strdup(name), - .updown = strdupnull(updown), - .hostaccess = hostaccess, - .mode = mode, - .start_action = start_action, - .dpd_action = dpd_action, - .close_action = close_action, - .use_ipcomp = ipcomp, - .inactivity = inactivity, - .reqid = reqid, - .proxy_mode = FALSE, - .install_policy = TRUE, + .updown = strdupnull(data->updown), + .hostaccess = data->hostaccess, + .reqid = data->reqid, + .mode = data->mode, + .proxy_mode = data->proxy_mode, + .start_action = data->start_action, + .dpd_action = data->dpd_action, + .close_action = data->close_action, + .mark_in = data->mark_in, + .mark_out = data->mark_out, + .lifetime = data->lifetime, + .inactivity = data->inactivity, + .use_ipcomp = data->ipcomp, + .tfc = data->tfc, + .manual_prio = data->priority, + .interface = strdupnull(data->interface), + .install_policy = !data->suppress_policies, .refcount = 1, .proposals = linked_list_create(), .my_ts = linked_list_create(), .other_ts = linked_list_create(), - .tfc = tfc, .replay_window = lib->settings->get_int(lib->settings, - "%s.replay_window", DEFAULT_REPLAY_WINDOW, lib->ns), + "%s.replay_window", DEFAULT_REPLAY_WINDOW, lib->ns), ); - if (mark_in) - { - this->mark_in = *mark_in; - } - if (mark_out) - { - this->mark_out = *mark_out; - } - memcpy(&this->lifetime, lifetime, sizeof(lifetime_cfg_t)); - return &this->public; } diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index 22641f77e..e736b2737 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -1,8 +1,9 @@ /* - * Copyright (C) 2008-2015 Tobias Brunner + * Copyright (C) 2016 Andreas Steffen + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -25,6 +26,7 @@ typedef enum action_t action_t; typedef struct child_cfg_t child_cfg_t; +typedef struct child_cfg_create_t child_cfg_create_t; #include #include @@ -98,10 +100,12 @@ struct child_cfg_t { * @param proposals list from which proposals are selected * @param strip_dh TRUE strip out diffie hellman groups * @param private accept algorithms from a private range + * @param prefer_self whether to prefer configured or supplied proposals * @return selected proposal, or NULL if nothing matches */ proposal_t* (*select_proposal)(child_cfg_t*this, linked_list_t *proposals, - bool strip_dh, bool private); + bool strip_dh, bool private, + bool prefer_self); /** * Add a traffic selector to the config. @@ -155,9 +159,10 @@ struct child_cfg_t { * The rekey limits automatically contain a jitter to avoid simultaneous * rekeying. These values will change with each call to this function. * + * @param jitter subtract jitter value to randomize lifetimes * @return lifetime_cfg_t (has to be freed) */ - lifetime_cfg_t* (*get_lifetime) (child_cfg_t *this); + lifetime_cfg_t* (*get_lifetime) (child_cfg_t *this, bool jitter); /** * Get the mode to use for the CHILD_SA. @@ -210,14 +215,14 @@ struct child_cfg_t { * * @return inactivity timeout in s */ - u_int32_t (*get_inactivity)(child_cfg_t *this); + uint32_t (*get_inactivity)(child_cfg_t *this); /** * Specific reqid to use for CHILD_SA. * * @return reqid */ - u_int32_t (*get_reqid)(child_cfg_t *this); + uint32_t (*get_reqid)(child_cfg_t *this); /** * Optional mark for CHILD_SA. @@ -232,30 +237,35 @@ struct child_cfg_t { * * @return TFC padding, 0 to disable, -1 for MTU */ - u_int32_t (*get_tfc)(child_cfg_t *this); + uint32_t (*get_tfc)(child_cfg_t *this); /** - * Get anti-replay window size + * Get optional manually-set IPsec policy priority * - * @return anti-replay window size + * @return manually-set IPsec policy priority (automatic if 0) */ - u_int32_t (*get_replay_window)(child_cfg_t *this); + uint32_t (*get_manual_prio)(child_cfg_t *this); /** - * Set anti-replay window size + * Get optional network interface restricting IPsec policy * - * @param window anti-replay window size + * @return network interface) */ - void (*set_replay_window)(child_cfg_t *this, u_int32_t window); + char* (*get_interface)(child_cfg_t *this); /** - * Sets two options needed for Mobile IPv6 interoperability. + * Get anti-replay window size * - * @param proxy_mode use IPsec transport proxy mode (default FALSE) - * @param install_policy install IPsec kernel policies (default TRUE) + * @return anti-replay window size */ - void (*set_mipv6_options)(child_cfg_t *this, bool proxy_mode, - bool install_policy); + uint32_t (*get_replay_window)(child_cfg_t *this); + + /** + * Set anti-replay window size + * + * @param window anti-replay window size + */ + void (*set_replay_window)(child_cfg_t *this, uint32_t window); /** * Check whether IPsec transport SA should be set up in proxy mode. @@ -297,38 +307,56 @@ struct child_cfg_t { void (*destroy) (child_cfg_t *this); }; + +/** + * Data passed to the constructor of a child_cfg_t object. + */ +struct child_cfg_create_t { + /** Specific reqid to use for CHILD_SA, 0 for auto assignment */ + uint32_t reqid; + /** Optional inbound mark */ + mark_t mark_in; + /** Optional outbound mark */ + mark_t mark_out; + /** Mode to propose for CHILD_SA */ + ipsec_mode_t mode; + /** Use IPsec transport proxy mode */ + bool proxy_mode; + /** Use IPComp, if peer supports it */ + bool ipcomp; + /** TFC padding size, 0 to disable, -1 to pad to PMTU */ + uint32_t tfc; + /** Optional manually-set IPsec policy priority */ + uint32_t priority; + /** Optional network interface restricting IPsec policy (cloned) */ + char *interface; + /** lifetime_cfg_t for this child_cfg */ + lifetime_cfg_t lifetime; + /** Inactivity timeout in s before closing a CHILD_SA */ + uint32_t inactivity; + /** Start action */ + action_t start_action; + /** DPD action */ + action_t dpd_action; + /** Close action */ + action_t close_action; + /** updown script to execute on up/down event (cloned) */ + char *updown; + /** TRUE to allow access to the local host */ + bool hostaccess; + /** Don't install IPsec policies */ + bool suppress_policies; +}; + /** * Create a configuration template for CHILD_SA setup. * - * The "name" string gets cloned. - * - * The lifetime_cfg_t object gets cloned. - * To prevent two peers to start rekeying at the same time, a jitter may be - * specified. Rekeying of an SA starts at (x.rekey - random(0, x.jitter)). - * * After a call to create, a reference is obtained (refcount = 1). * - * @param name name of the child_cfg - * @param lifetime lifetime_cfg_t for this child_cfg - * @param updown updown script to execute on up/down event - * @param hostaccess TRUE to allow access to the local host - * @param mode mode to propose for CHILD_SA, transport, tunnel or BEET - * @param start_action start action - * @param dpd_action DPD action - * @param close_action close action - * @param ipcomp use IPComp, if peer supports it - * @param inactivity inactivity timeout in s before closing a CHILD_SA - * @param reqid specific reqid to use for CHILD_SA, 0 for auto assign - * @param mark_in optional inbound mark (can be NULL) - * @param mark_out optional outbound mark (can be NULL) - * @param tfc TFC padding size, 0 to disable, -1 to pad to PMTU + * @param name name of the child_cfg (cloned) + * @param data data for this child_cfg * @return child_cfg_t object */ -child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, - char *updown, bool hostaccess, - ipsec_mode_t mode, action_t start_action, - action_t dpd_action, action_t close_action, - bool ipcomp, u_int32_t inactivity, u_int32_t reqid, - mark_t *mark_in, mark_t *mark_out, u_int32_t tfc); +child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data); #endif /** CHILD_CFG_H_ @}*/ diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c index a720e1493..7d52ac88f 100644 --- a/src/libcharon/config/ike_cfg.c +++ b/src/libcharon/config/ike_cfg.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012-2015 Tobias Brunner + * Copyright (C) 2012-2016 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -83,12 +83,12 @@ struct private_ike_cfg_t { /** * our source port */ - u_int16_t my_port; + uint16_t my_port; /** * destination port */ - u_int16_t other_port; + uint16_t other_port; /** * should we send a certificate request? @@ -108,7 +108,7 @@ struct private_ike_cfg_t { /** * DSCP value to use on sent IKE packets */ - u_int8_t dscp; + uint8_t dscp; /** * List of proposals to use @@ -143,7 +143,7 @@ METHOD(ike_cfg_t, fragmentation, fragmentation_t, /** * Common function for resolve_me/other */ -static host_t* resolve(linked_list_t *hosts, int family, u_int16_t port) +static host_t* resolve(linked_list_t *hosts, int family, uint16_t port) { enumerator_t *enumerator; host_t *host = NULL; @@ -192,7 +192,7 @@ static u_int match(linked_list_t *hosts, linked_list_t *ranges, host_t *cand) traffic_selector_t *ts; char *str; host_t *host; - u_int8_t mask; + uint8_t mask; u_int quality = 0; /* try single hosts first */ @@ -261,19 +261,19 @@ METHOD(ike_cfg_t, get_other_addr, char*, return this->other; } -METHOD(ike_cfg_t, get_my_port, u_int16_t, +METHOD(ike_cfg_t, get_my_port, uint16_t, private_ike_cfg_t *this) { return this->my_port; } -METHOD(ike_cfg_t, get_other_port, u_int16_t, +METHOD(ike_cfg_t, get_other_port, uint16_t, private_ike_cfg_t *this) { return this->other_port; } -METHOD(ike_cfg_t, get_dscp, u_int8_t, +METHOD(ike_cfg_t, get_dscp, uint8_t, private_ike_cfg_t *this) { return this->dscp; @@ -310,42 +310,57 @@ METHOD(ike_cfg_t, get_proposals, linked_list_t*, } METHOD(ike_cfg_t, select_proposal, proposal_t*, - private_ike_cfg_t *this, linked_list_t *proposals, bool private) + private_ike_cfg_t *this, linked_list_t *proposals, bool private, + bool prefer_self) { - enumerator_t *stored_enum, *supplied_enum; - proposal_t *stored, *supplied, *selected; + enumerator_t *prefer_enum, *match_enum; + proposal_t *proposal, *match, *selected = NULL; - stored_enum = this->proposals->create_enumerator(this->proposals); - supplied_enum = proposals->create_enumerator(proposals); - - - /* compare all stored proposals with all supplied. Stored ones are preferred.*/ - while (stored_enum->enumerate(stored_enum, (void**)&stored)) + if (prefer_self) + { + prefer_enum = this->proposals->create_enumerator(this->proposals); + match_enum = proposals->create_enumerator(proposals); + } + else { - proposals->reset_enumerator(proposals, supplied_enum); + prefer_enum = proposals->create_enumerator(proposals); + match_enum = this->proposals->create_enumerator(this->proposals); + } - while (supplied_enum->enumerate(supplied_enum, (void**)&supplied)) + while (prefer_enum->enumerate(prefer_enum, (void**)&proposal)) + { + if (prefer_self) + { + proposals->reset_enumerator(proposals, match_enum); + } + else { - selected = stored->select(stored, supplied, private); + this->proposals->reset_enumerator(this->proposals, match_enum); + } + while (match_enum->enumerate(match_enum, (void**)&match)) + { + selected = proposal->select(proposal, match, private); if (selected) { - /* they match, return */ - stored_enum->destroy(stored_enum); - supplied_enum->destroy(supplied_enum); DBG2(DBG_CFG, "received proposals: %#P", proposals); DBG2(DBG_CFG, "configured proposals: %#P", this->proposals); DBG2(DBG_CFG, "selected proposal: %P", selected); - return selected; + break; } } + if (selected) + { + break; + } } - /* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */ - stored_enum->destroy(stored_enum); - supplied_enum->destroy(supplied_enum); - DBG1(DBG_CFG, "received proposals: %#P", proposals); - DBG1(DBG_CFG, "configured proposals: %#P", this->proposals); - - return NULL; + prefer_enum->destroy(prefer_enum); + match_enum->destroy(match_enum); + if (!selected) + { + DBG1(DBG_CFG, "received proposals: %#P", proposals); + DBG1(DBG_CFG, "configured proposals: %#P", this->proposals); + } + return selected; } METHOD(ike_cfg_t, get_dh_group, diffie_hellman_group_t, @@ -353,7 +368,7 @@ METHOD(ike_cfg_t, get_dh_group, diffie_hellman_group_t, { enumerator_t *enumerator; proposal_t *proposal; - u_int16_t dh_group = MODP_NONE; + uint16_t dh_group = MODP_NONE; enumerator = this->proposals->create_enumerator(this->proposals); while (enumerator->enumerate(enumerator, &proposal)) @@ -545,9 +560,9 @@ int ike_cfg_get_family(ike_cfg_t *cfg, bool local) * Described in header. */ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap, - char *me, u_int16_t my_port, - char *other, u_int16_t other_port, - fragmentation_t fragmentation, u_int8_t dscp) + char *me, uint16_t my_port, + char *other, uint16_t other_port, + fragmentation_t fragmentation, uint8_t dscp) { private_ike_cfg_t *this; diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h index a72960f4f..5655a3497 100644 --- a/src/libcharon/config/ike_cfg.h +++ b/src/libcharon/config/ike_cfg.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012-2015 Tobias Brunner + * Copyright (C) 2012-2016 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -128,21 +128,21 @@ struct ike_cfg_t { * * @return source address port, host order */ - u_int16_t (*get_my_port)(ike_cfg_t *this); + uint16_t (*get_my_port)(ike_cfg_t *this); /** * Get the port to use as destination port. * * @return destination address, host order */ - u_int16_t (*get_other_port)(ike_cfg_t *this); + uint16_t (*get_other_port)(ike_cfg_t *this); /** * Get the DSCP value to use for IKE packets send from connections. * * @return DSCP value */ - u_int8_t (*get_dscp)(ike_cfg_t *this); + uint8_t (*get_dscp)(ike_cfg_t *this); /** * Adds a proposal to the list. @@ -165,16 +165,17 @@ struct ike_cfg_t { linked_list_t* (*get_proposals) (ike_cfg_t *this); /** - * Select a proposed from suggested proposals. + * Select a proposal from a list of supplied proposals. * * Returned proposal must be destroyed after use. * * @param proposals list of proposals to select from * @param private accept algorithms from a private range + * @param prefer_self whether to prefer configured or supplied proposals * @return selected proposal, or NULL if none matches. */ proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals, - bool private); + bool private, bool prefer_self); /** * Should we send a certificate request in IKE_SA_INIT? @@ -250,9 +251,9 @@ struct ike_cfg_t { * @return ike_cfg_t object. */ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap, - char *me, u_int16_t my_port, - char *other, u_int16_t other_port, - fragmentation_t fragmentation, u_int8_t dscp); + char *me, uint16_t my_port, + char *other, uint16_t other_port, + fragmentation_t fragmentation, uint8_t dscp); /** * Determine the address family of the local or remtoe address(es). If multiple diff --git a/src/libcharon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c index d28a79507..6463c7a36 100644 --- a/src/libcharon/config/peer_cfg.c +++ b/src/libcharon/config/peer_cfg.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2007-2015 Tobias Brunner + * Copyright (C) 2007-2016 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -88,7 +88,7 @@ struct private_peer_cfg_t { /** * number of tries after giving up if peer does not respond */ - u_int32_t keyingtries; + uint32_t keyingtries; /** * enable support for MOBIKE @@ -108,32 +108,32 @@ struct private_peer_cfg_t { /** * Time before starting rekeying */ - u_int32_t rekey_time; + uint32_t rekey_time; /** * Time before starting reauthentication */ - u_int32_t reauth_time; + uint32_t reauth_time; /** * Time, which specifies the range of a random value subtracted from above. */ - u_int32_t jitter_time; + uint32_t jitter_time; /** * Delay before deleting a rekeying/reauthenticating SA */ - u_int32_t over_time; + uint32_t over_time; /** * DPD check intervall */ - u_int32_t dpd; + uint32_t dpd; /** * DPD timeout intervall (used for IKEv1 only) */ - u_int32_t dpd_timeout; + uint32_t dpd_timeout; /** * List of virtual IPs (host_t*) to request @@ -455,13 +455,13 @@ METHOD(peer_cfg_t, get_unique_policy, unique_policy_t, return this->unique; } -METHOD(peer_cfg_t, get_keyingtries, u_int32_t, +METHOD(peer_cfg_t, get_keyingtries, uint32_t, private_peer_cfg_t *this) { return this->keyingtries; } -METHOD(peer_cfg_t, get_rekey_time, u_int32_t, +METHOD(peer_cfg_t, get_rekey_time, uint32_t, private_peer_cfg_t *this, bool jitter) { if (this->rekey_time == 0) @@ -475,7 +475,7 @@ METHOD(peer_cfg_t, get_rekey_time, u_int32_t, return this->rekey_time - (random() % this->jitter_time); } -METHOD(peer_cfg_t, get_reauth_time, u_int32_t, +METHOD(peer_cfg_t, get_reauth_time, uint32_t, private_peer_cfg_t *this, bool jitter) { if (this->reauth_time == 0) @@ -489,7 +489,7 @@ METHOD(peer_cfg_t, get_reauth_time, u_int32_t, return this->reauth_time - (random() % this->jitter_time); } -METHOD(peer_cfg_t, get_over_time, u_int32_t, +METHOD(peer_cfg_t, get_over_time, uint32_t, private_peer_cfg_t *this) { return this->over_time; @@ -513,13 +513,13 @@ METHOD(peer_cfg_t, use_pull_mode, bool, return this->pull_mode; } -METHOD(peer_cfg_t, get_dpd, u_int32_t, +METHOD(peer_cfg_t, get_dpd, uint32_t, private_peer_cfg_t *this) { return this->dpd; } -METHOD(peer_cfg_t, get_dpd_timeout, u_int32_t, +METHOD(peer_cfg_t, get_dpd_timeout, uint32_t, private_peer_cfg_t *this) { return this->dpd_timeout; @@ -724,29 +724,22 @@ METHOD(peer_cfg_t, destroy, void, /* * Described in header-file */ -peer_cfg_t *peer_cfg_create(char *name, - ike_cfg_t *ike_cfg, cert_policy_t cert_policy, - unique_policy_t unique, u_int32_t keyingtries, - u_int32_t rekey_time, u_int32_t reauth_time, - u_int32_t jitter_time, u_int32_t over_time, - bool mobike, bool aggressive, bool pull_mode, - u_int32_t dpd, u_int32_t dpd_timeout, - bool mediation, peer_cfg_t *mediated_by, - identification_t *peer_id) +peer_cfg_t *peer_cfg_create(char *name, ike_cfg_t *ike_cfg, + peer_cfg_create_t *data) { private_peer_cfg_t *this; - if (rekey_time && jitter_time > rekey_time) + if (data->rekey_time && data->jitter_time > data->rekey_time) { - jitter_time = rekey_time; + data->jitter_time = data->rekey_time; } - if (reauth_time && jitter_time > reauth_time) + if (data->reauth_time && data->jitter_time > data->reauth_time) { - jitter_time = reauth_time; + data->jitter_time = data->reauth_time; } - if (dpd && dpd_timeout && dpd > dpd_timeout) + if (data->dpd && data->dpd_timeout && data->dpd > data->dpd_timeout) { - dpd_timeout = dpd; + data->dpd_timeout = data->dpd; } INIT(this, @@ -789,33 +782,29 @@ peer_cfg_t *peer_cfg_create(char *name, .ike_cfg = ike_cfg, .child_cfgs = linked_list_create(), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), - .cert_policy = cert_policy, - .unique = unique, - .keyingtries = keyingtries, - .rekey_time = rekey_time, - .reauth_time = reauth_time, - .jitter_time = jitter_time, - .over_time = over_time, - .use_mobike = mobike, - .aggressive = aggressive, - .pull_mode = pull_mode, - .dpd = dpd, - .dpd_timeout = dpd_timeout, + .cert_policy = data->cert_policy, + .unique = data->unique, + .keyingtries = data->keyingtries, + .rekey_time = data->rekey_time, + .reauth_time = data->reauth_time, + .jitter_time = data->jitter_time, + .over_time = data->over_time, + .use_mobike = !data->no_mobike, + .aggressive = data->aggressive, + .pull_mode = !data->push_mode, + .dpd = data->dpd, + .dpd_timeout = data->dpd_timeout, .vips = linked_list_create(), .pools = linked_list_create(), .local_auth = linked_list_create(), .remote_auth = linked_list_create(), .refcount = 1, - ); - #ifdef ME - this->mediation = mediation; - this->mediated_by = mediated_by; - this->peer_id = peer_id; -#else /* ME */ - DESTROY_IF(mediated_by); - DESTROY_IF(peer_id); + .mediation = data->mediation, + .mediated_by = data->mediated_by, + .peer_id = data->peer_id, #endif /* ME */ + ); return &this->public; } diff --git a/src/libcharon/config/peer_cfg.h b/src/libcharon/config/peer_cfg.h index b612a2ef1..8e4d5331c 100644 --- a/src/libcharon/config/peer_cfg.h +++ b/src/libcharon/config/peer_cfg.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2007-2015 Tobias Brunner + * Copyright (C) 2007-2016 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -26,6 +26,7 @@ typedef enum cert_policy_t cert_policy_t; typedef enum unique_policy_t unique_policy_t; typedef struct peer_cfg_t peer_cfg_t; +typedef struct peer_cfg_create_t peer_cfg_create_t; #include #include @@ -222,30 +223,30 @@ struct peer_cfg_t { * * @return max number retries */ - u_int32_t (*get_keyingtries) (peer_cfg_t *this); + uint32_t (*get_keyingtries) (peer_cfg_t *this); /** * Get a time to start rekeying. * - * @param jitter remove a jitter value to randomize time + * @param jitter subtract a jitter value to randomize time * @return time in s when to start rekeying, 0 disables rekeying */ - u_int32_t (*get_rekey_time)(peer_cfg_t *this, bool jitter); + uint32_t (*get_rekey_time)(peer_cfg_t *this, bool jitter); /** * Get a time to start reauthentication. * - * @param jitter remove a jitter value to randomize time + * @param jitter subtract a jitter value to randomize time * @return time in s when to start reauthentication, 0 disables it */ - u_int32_t (*get_reauth_time)(peer_cfg_t *this, bool jitter); + uint32_t (*get_reauth_time)(peer_cfg_t *this, bool jitter); /** * Get the timeout of a rekeying/reauthenticating SA. * * @return timeout in s */ - u_int32_t (*get_over_time)(peer_cfg_t *this); + uint32_t (*get_over_time)(peer_cfg_t *this); /** * Use MOBIKE (RFC4555) if peer supports it? @@ -273,14 +274,14 @@ struct peer_cfg_t { * * @return dpd_delay in seconds */ - u_int32_t (*get_dpd) (peer_cfg_t *this); + uint32_t (*get_dpd) (peer_cfg_t *this); /** * Get the DPD timeout interval (IKEv1 only) * * @return dpd_timeout in seconds */ - u_int32_t (*get_dpd_timeout) (peer_cfg_t *this); + uint32_t (*get_dpd_timeout) (peer_cfg_t *this); /** * Add a virtual IP to request as initiator. @@ -366,43 +367,53 @@ struct peer_cfg_t { void (*destroy) (peer_cfg_t *this); }; +/** + * Data passed to the constructor of a peer_cfg_t object. + */ +struct peer_cfg_create_t { + /** Whether to send a certificate payload */ + cert_policy_t cert_policy; + /** Uniqueness of an IKE_SA */ + unique_policy_t unique; + /** How many keying tries should be done before giving up */ + uint32_t keyingtries; + /** Timeout in seconds before starting rekeying */ + uint32_t rekey_time; + /** Timeout in seconds before starting reauthentication */ + uint32_t reauth_time; + /** Time range in seconds to randomly subtract from rekey/reauth time */ + uint32_t jitter_time; + /** Maximum overtime in seconds before closing a rekeying/reauth SA */ + uint32_t over_time; + /** Disable MOBIKE (RFC4555) */ + bool no_mobike; + /** Use/accept aggressive mode with IKEv1 */ + bool aggressive; + /** TRUE to use modeconfig push, FALSE for pull */ + bool push_mode; + /** DPD check interval, 0 to disable */ + uint32_t dpd; + /** DPD timeout interval (IKEv1 only), if 0 default applies */ + uint32_t dpd_timeout; +#ifdef ME + /** TRUE if this is a mediation connection */ + bool mediation; + /** peer_cfg_t of the mediation connection to mediate through (adopted) */ + peer_cfg_t *mediated_by; + /** ID that identifies our peer at the mediation server (adopted) */ + identification_t *peer_id; +#endif /* ME */ +}; + /** * Create a configuration object for IKE_AUTH and later. * - * name-string gets cloned, ID's not. - * Virtual IPs are used if they are != NULL. A %any host means the virtual - * IP should be obtained from the other peer. - * Lifetimes are in seconds. To prevent to peers to start rekeying at the - * same time, a jitter may be specified. Rekeying of an SA starts at - * (rekeylifetime - random(0, jitter)). - * - * @param name name of the peer_cfg - * @param ike_cfg IKE config to use when acting as initiator - * @param cert_policy should we send a certificate payload? - * @param unique uniqueness of an IKE_SA - * @param keyingtries how many keying tries should be done before giving up - * @param rekey_time timeout before starting rekeying - * @param reauth_time timeout before starting reauthentication - * @param jitter_time timerange to randomly subtract from rekey/reauth time - * @param over_time maximum overtime before closing a rekeying/reauth SA - * @param mobike use MOBIKE (RFC4555) if peer supports it - * @param aggressive use/accept aggressive mode with IKEv1 - * @param pull_mode TRUE to use modeconfig pull, FALSE for push - * @param dpd DPD check interval, 0 to disable - * @param dpd_timeout DPD timeout interval (IKEv1 only), if 0 default applies - * @param mediation TRUE if this is a mediation connection - * @param mediated_by peer_cfg_t of the mediation connection to mediate through - * @param peer_id ID that identifies our peer at the mediation server + * @param name name of the peer_cfg (cloned) + * @param ike_cfg IKE config to use when acting as initiator (adopted) + * @param data data for this peer_cfg * @return peer_cfg_t object */ -peer_cfg_t *peer_cfg_create(char *name, - ike_cfg_t *ike_cfg, cert_policy_t cert_policy, - unique_policy_t unique, u_int32_t keyingtries, - u_int32_t rekey_time, u_int32_t reauth_time, - u_int32_t jitter_time, u_int32_t over_time, - bool mobike, bool aggressive, bool pull_mode, - u_int32_t dpd, u_int32_t dpd_timeout, - bool mediation, peer_cfg_t *mediated_by, - identification_t *peer_id); +peer_cfg_t *peer_cfg_create(char *name, ike_cfg_t *ike_cfg, + peer_cfg_create_t *data); #endif /** PEER_CFG_H_ @}*/ diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c index 95b6a00ea..a83acec23 100644 --- a/src/libcharon/config/proposal.c +++ b/src/libcharon/config/proposal.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2014 Tobias Brunner + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2006-2010 Martin Willi * Copyright (C) 2013-2015 Andreas Steffen * Hochschule fuer Technik Rapperswil @@ -61,7 +61,7 @@ struct private_proposal_t { /** * senders SPI */ - u_int64_t spi; + uint64_t spi; /** * Proposal number @@ -76,14 +76,14 @@ typedef struct { /** Type of the transform */ transform_type_t type; /** algorithm identifier */ - u_int16_t alg; + uint16_t alg; /** key size in bits, or zero if not needed */ - u_int16_t key_size; + uint16_t key_size; } entry_t; METHOD(proposal_t, add_algorithm, void, private_proposal_t *this, transform_type_t type, - u_int16_t alg, u_int16_t key_size) + uint16_t alg, uint16_t key_size) { entry_t entry = { .type = type, @@ -97,8 +97,8 @@ METHOD(proposal_t, add_algorithm, void, /** * filter function for peer configs */ -static bool alg_filter(uintptr_t type, entry_t **in, u_int16_t *alg, - void **unused, u_int16_t *key_size) +static bool alg_filter(uintptr_t type, entry_t **in, uint16_t *alg, + void **unused, uint16_t *key_size) { entry_t *entry = *in; @@ -127,7 +127,7 @@ METHOD(proposal_t, create_enumerator, enumerator_t*, METHOD(proposal_t, get_algorithm, bool, private_proposal_t *this, transform_type_t type, - u_int16_t *alg, u_int16_t *key_size) + uint16_t *alg, uint16_t *key_size) { enumerator_t *enumerator; bool found = FALSE; @@ -147,7 +147,7 @@ METHOD(proposal_t, has_dh_group, bool, { bool found = FALSE, any = FALSE; enumerator_t *enumerator; - u_int16_t current; + uint16_t current; enumerator = create_enumerator(this, DIFFIE_HELLMAN_GROUP); while (enumerator->enumerate(enumerator, ¤t, NULL)) @@ -193,7 +193,7 @@ static bool select_algo(private_proposal_t *this, proposal_t *other, proposal_t *selected, transform_type_t type, bool priv) { enumerator_t *e1, *e2; - u_int16_t alg1, alg2, ks1, ks2; + uint16_t alg1, alg2, ks1, ks2; bool found = FALSE, optional = FALSE; if (type == INTEGRITY_ALGORITHM && @@ -210,7 +210,7 @@ static bool select_algo(private_proposal_t *this, proposal_t *other, e1 = create_enumerator(this, type); e2 = other->create_enumerator(other, type); - if (!e1->enumerate(e1, NULL, NULL)) + if (!e1->enumerate(e1, &alg1, NULL)) { if (!e2->enumerate(e2, &alg2, NULL)) { @@ -219,12 +219,23 @@ static bool select_algo(private_proposal_t *this, proposal_t *other, else if (optional) { do - { /* if the other peer proposes NONE, we accept the proposal */ + { /* if NONE is proposed, we accept the proposal */ found = !alg2; } while (!found && e2->enumerate(e2, &alg2, NULL)); } } + else if (!e2->enumerate(e2, NULL, NULL)) + { + if (optional) + { + do + { /* if NONE is proposed, we accept the proposal */ + found = !alg1; + } + while (!found && e1->enumerate(e1, &alg1, NULL)); + } + } e1->destroy(e1); e1 = create_enumerator(this, type); @@ -244,7 +255,6 @@ static bool select_algo(private_proposal_t *this, proposal_t *other, "but peer implementation is unknown, skipped"); continue; } - /* ok, we have an algorithm */ selected->add_algorithm(selected, type, alg1, ks1); found = TRUE; break; @@ -288,9 +298,7 @@ METHOD(proposal_t, select_proposal, proposal_t*, } DBG2(DBG_CFG, " proposal matches"); - selected->set_spi(selected, other->get_spi(other)); - return selected; } @@ -301,12 +309,12 @@ METHOD(proposal_t, get_protocol, protocol_id_t, } METHOD(proposal_t, set_spi, void, - private_proposal_t *this, u_int64_t spi) + private_proposal_t *this, uint64_t spi) { this->spi = spi; } -METHOD(proposal_t, get_spi, u_int64_t, +METHOD(proposal_t, get_spi, uint64_t, private_proposal_t *this) { return this->spi; @@ -319,7 +327,7 @@ static bool algo_list_equals(private_proposal_t *this, proposal_t *other, transform_type_t type) { enumerator_t *e1, *e2; - u_int16_t alg1, alg2, ks1, ks2; + uint16_t alg1, alg2, ks1, ks2; bool equals = TRUE; e1 = create_enumerator(this, type); @@ -418,7 +426,7 @@ static void check_proposal(private_proposal_t *this) { enumerator_t *e; entry_t *entry; - u_int16_t alg, ks; + uint16_t alg, ks; bool all_aead = TRUE; int i; @@ -445,6 +453,16 @@ static void check_proposal(private_proposal_t *this) } } e->destroy(e); + /* remove MODP_NONE from IKE proposal */ + e = array_create_enumerator(this->transforms); + while (e->enumerate(e, &entry)) + { + if (entry->type == DIFFIE_HELLMAN_GROUP && !entry->alg) + { + array_remove_at(this->transforms, e); + } + } + e->destroy(e); } if (this->protocol == PROTO_ESP) @@ -516,7 +534,7 @@ static int print_alg(private_proposal_t *this, printf_hook_data_t *data, { enumerator_t *enumerator; size_t written = 0; - u_int16_t alg, size; + uint16_t alg, size; enumerator = create_enumerator(this, kind); while (enumerator->enumerate(enumerator, &alg, &size)) @@ -861,16 +879,18 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) case MODP_768_BIT: /* weak */ break; - case MODP_2048_BIT: - case MODP_2048_256: case MODP_2048_224: case MODP_1536_BIT: - case MODP_1024_BIT: case MODP_1024_160: case ECP_224_BIT: case ECP_224_BP: case ECP_192_BIT: case NTRU_112_BIT: + /* rarely used */ + break; + case MODP_2048_BIT: + case MODP_2048_256: + case MODP_1024_BIT: add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0); break; default: diff --git a/src/libcharon/config/proposal.h b/src/libcharon/config/proposal.h index 78b868868..f9f277820 100644 --- a/src/libcharon/config/proposal.h +++ b/src/libcharon/config/proposal.h @@ -78,13 +78,13 @@ struct proposal_t { * @param key_size key size to use */ void (*add_algorithm) (proposal_t *this, transform_type_t type, - u_int16_t alg, u_int16_t key_size); + uint16_t alg, uint16_t key_size); /** * Get an enumerator over algorithms for a specifc algo type. * * @param type kind of algorithm - * @return enumerator over u_int16_t alg, u_int16_t key_size + * @return enumerator over uint16_t alg, uint16_t key_size */ enumerator_t *(*create_enumerator) (proposal_t *this, transform_type_t type); @@ -99,7 +99,7 @@ struct proposal_t { * @return TRUE if algorithm of this kind available */ bool (*get_algorithm) (proposal_t *this, transform_type_t type, - u_int16_t *alg, u_int16_t *key_size); + uint16_t *alg, uint16_t *key_size); /** * Check if the proposal has a specific DH group. @@ -141,14 +141,14 @@ struct proposal_t { * * @return spi for proto */ - u_int64_t (*get_spi) (proposal_t *this); + uint64_t (*get_spi) (proposal_t *this); /** * Set the SPI of the proposal. * * @param spi spi to set for proto */ - void (*set_spi) (proposal_t *this, u_int64_t spi); + void (*set_spi) (proposal_t *this, uint64_t spi); /** * Get the proposal number, as encoded in SA payload diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c index 6dd54b473..93ff70bf3 100644 --- a/src/libcharon/control/controller.c +++ b/src/libcharon/control/controller.c @@ -105,7 +105,7 @@ struct interface_listener_t { /** * unique ID, used for various methods */ - u_int32_t id; + uint32_t id; /** * semaphore to implement wait_for_listener() @@ -271,6 +271,28 @@ METHOD(listener_t, ike_state_change, bool, break; } #endif /* ME */ + case IKE_DESTROYING: + return listener_done(this); + default: + break; + } + } + return TRUE; +} + +METHOD(listener_t, ike_state_change_terminate, bool, + interface_listener_t *this, ike_sa_t *ike_sa, ike_sa_state_t state) +{ + ike_sa_t *target; + + this->lock->lock(this->lock); + target = this->ike_sa; + this->lock->unlock(this->lock); + + if (target == ike_sa) + { + switch (state) + { case IKE_DESTROYING: if (ike_sa->get_state(ike_sa) == IKE_DELETING) { /* proper termination */ @@ -304,10 +326,6 @@ METHOD(listener_t, child_state_change, bool, case CHILD_DESTROYING: switch (child_sa->get_state(child_sa)) { - case CHILD_DELETING: - /* proper delete */ - this->status = SUCCESS; - break; case CHILD_RETRYING: /* retrying with a different DH group; survive another * initiation round */ @@ -331,6 +349,38 @@ METHOD(listener_t, child_state_change, bool, return TRUE; } +METHOD(listener_t, child_state_change_terminate, bool, + interface_listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, + child_sa_state_t state) +{ + ike_sa_t *target; + + this->lock->lock(this->lock); + target = this->ike_sa; + this->lock->unlock(this->lock); + + if (target == ike_sa) + { + switch (state) + { + case CHILD_DESTROYING: + switch (child_sa->get_state(child_sa)) + { + case CHILD_DELETING: + /* proper delete */ + this->status = SUCCESS; + break; + default: + break; + } + return listener_done(this); + default: + break; + } + } + return TRUE; +} + METHOD(job_t, destroy_job, void, interface_job_t *this) { @@ -493,7 +543,7 @@ METHOD(job_t, terminate_ike_execute, job_requeue_t, interface_job_t *job) { interface_listener_t *listener = &job->listener; - u_int32_t unique_id = listener->id; + uint32_t unique_id = listener->id; ike_sa_t *ike_sa; ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, @@ -528,7 +578,7 @@ METHOD(job_t, terminate_ike_execute, job_requeue_t, } METHOD(controller_t, terminate_ike, status_t, - controller_t *this, u_int32_t unique_id, + controller_t *this, uint32_t unique_id, controller_cb_t callback, void *param, u_int timeout) { interface_job_t *job; @@ -537,8 +587,8 @@ METHOD(controller_t, terminate_ike, status_t, INIT(job, .listener = { .public = { - .ike_state_change = _ike_state_change, - .child_state_change = _child_state_change, + .ike_state_change = _ike_state_change_terminate, + .child_state_change = _child_state_change_terminate, }, .logger = { .public = { @@ -582,7 +632,7 @@ METHOD(job_t, terminate_child_execute, job_requeue_t, interface_job_t *job) { interface_listener_t *listener = &job->listener; - u_int32_t id = listener->id; + uint32_t id = listener->id; child_sa_t *child_sa; ike_sa_t *ike_sa; @@ -630,7 +680,7 @@ METHOD(job_t, terminate_child_execute, job_requeue_t, } METHOD(controller_t, terminate_child, status_t, - controller_t *this, u_int32_t unique_id, + controller_t *this, uint32_t unique_id, controller_cb_t callback, void *param, u_int timeout) { interface_job_t *job; @@ -639,8 +689,8 @@ METHOD(controller_t, terminate_child, status_t, INIT(job, .listener = { .public = { - .ike_state_change = _ike_state_change, - .child_state_change = _child_state_change, + .ike_state_change = _ike_state_change_terminate, + .child_state_change = _child_state_change_terminate, }, .logger = { .public = { diff --git a/src/libcharon/control/controller.h b/src/libcharon/control/controller.h index 5ffeac522..9524f53b9 100644 --- a/src/libcharon/control/controller.h +++ b/src/libcharon/control/controller.h @@ -111,7 +111,7 @@ struct controller_t { * - NEED_MORE, if callback returned FALSE * - OUT_OF_RES if timed out */ - status_t (*terminate_ike)(controller_t *this, u_int32_t unique_id, + status_t (*terminate_ike)(controller_t *this, uint32_t unique_id, controller_cb_t callback, void *param, u_int timeout); @@ -131,7 +131,7 @@ struct controller_t { * - NEED_MORE, if callback returned FALSE * - OUT_OF_RES if timed out */ - status_t (*terminate_child)(controller_t *this, u_int32_t unique_id, + status_t (*terminate_child)(controller_t *this, uint32_t unique_id, controller_cb_t callback, void *param, u_int timeout); diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c index cef8b8992..532d0812e 100644 --- a/src/libcharon/daemon.c +++ b/src/libcharon/daemon.c @@ -1,9 +1,9 @@ /* - * Copyright (C) 2006-2015 Tobias Brunner + * Copyright (C) 2006-2016 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -54,6 +54,7 @@ #include #include #include +#include #include #include #include @@ -701,46 +702,68 @@ static void destroy(private_daemon_t *this) */ static void run_scripts(private_daemon_t *this, char *verb) { + struct { + char *name; + char *path; + } *script; + array_t *scripts = NULL; enumerator_t *enumerator; char *key, *value, *pos, buf[1024]; FILE *cmd; + /* copy the scripts so we don't hold any locks while executing them */ enumerator = lib->settings->create_key_value_enumerator(lib->settings, "%s.%s-scripts", lib->ns, verb); while (enumerator->enumerate(enumerator, &key, &value)) { - DBG1(DBG_DMN, "executing %s script '%s' (%s):", verb, key, value); - cmd = popen(value, "r"); + INIT(script, + .name = key, + .path = value, + ); + array_insert_create(&scripts, ARRAY_TAIL, script); + } + enumerator->destroy(enumerator); + + enumerator = array_create_enumerator(scripts); + while (enumerator->enumerate(enumerator, &script)) + { + DBG1(DBG_DMN, "executing %s script '%s' (%s)", verb, script->name, + script->path); + cmd = popen(script->path, "r"); if (!cmd) { DBG1(DBG_DMN, "executing %s script '%s' (%s) failed: %s", - verb, key, value, strerror(errno)); - continue; + verb, script->name, script->path, strerror(errno)); } - while (TRUE) + else { - if (!fgets(buf, sizeof(buf), cmd)) + while (TRUE) { - if (ferror(cmd)) + if (!fgets(buf, sizeof(buf), cmd)) { - DBG1(DBG_DMN, "reading from %s script '%s' (%s) failed", - verb, key, value); + if (ferror(cmd)) + { + DBG1(DBG_DMN, "reading from %s script '%s' (%s) failed", + verb, script->name, script->path); + } + break; } - break; - } - else - { - pos = buf + strlen(buf); - if (pos > buf && pos[-1] == '\n') + else { - pos[-1] = '\0'; + pos = buf + strlen(buf); + if (pos > buf && pos[-1] == '\n') + { + pos[-1] = '\0'; + } + DBG1(DBG_DMN, "%s: %s", script->name, buf); } - DBG1(DBG_DMN, "%s: %s", key, buf); } + pclose(cmd); } - pclose(cmd); + free(script); } enumerator->destroy(enumerator); + array_destroy(scripts); } METHOD(daemon_t, start, void, diff --git a/src/libcharon/encoding/generator.c b/src/libcharon/encoding/generator.c index a0a508f53..41aacd4ed 100644 --- a/src/libcharon/encoding/generator.c +++ b/src/libcharon/encoding/generator.c @@ -68,22 +68,22 @@ struct private_generator_t { /** * Buffer used to generate the data into. */ - u_int8_t *buffer; + uint8_t *buffer; /** * Current write position in buffer (one byte aligned). */ - u_int8_t *out_position; + uint8_t *out_position; /** * Position of last byte in buffer. */ - u_int8_t *roof_position; + uint8_t *roof_position; /** * Current bit writing to in current byte (between 0 and 7). */ - u_int8_t current_bit; + uint8_t current_bit; /** * Associated data struct to read informations from. @@ -93,7 +93,7 @@ struct private_generator_t { /** * Offset of the header length field in the buffer. */ - u_int32_t header_length_offset; + uint32_t header_length_offset; /** * Attribute format of the last generated transform attribute. @@ -107,7 +107,7 @@ struct private_generator_t { * Depending on the value of attribute_format this field is used * to hold the length of the transform attribute in bytes. */ - u_int16_t attribute_length; + uint16_t attribute_length; /** * TRUE, if debug messages should be logged during generation. @@ -142,7 +142,7 @@ static int get_length(private_generator_t *this) /** * Get current offset in buffer (in bytes). */ -static u_int32_t get_offset(private_generator_t *this) +static uint32_t get_offset(private_generator_t *this) { return this->out_position - this->buffer; } @@ -179,7 +179,7 @@ static void write_bytes_to_buffer(private_generator_t *this, void *bytes, int number_of_bytes) { int i; - u_int8_t *read_position = (u_int8_t *)bytes; + uint8_t *read_position = (uint8_t *)bytes; make_space_available(this, number_of_bytes * 8); @@ -195,7 +195,7 @@ static void write_bytes_to_buffer(private_generator_t *this, void *bytes, * Generates a U_INT-Field type and writes it to buffer. */ static void generate_u_int_type(private_generator_t *this, - encoding_type_t int_type,u_int32_t offset) + encoding_type_t int_type,uint32_t offset) { int number_of_bits = 0; @@ -242,12 +242,12 @@ static void generate_u_int_type(private_generator_t *this, { case U_INT_4: { - u_int8_t high, low; + uint8_t high, low; if (this->current_bit == 0) { /* high of current byte in buffer has to be set to the new value*/ - high = *((u_int8_t *)(this->data_struct + offset)) << 4; + high = *((uint8_t *)(this->data_struct + offset)) << 4; /* low in buffer is not changed */ low = *(this->out_position) & 0x0F; /* high is set, low_val is not changed */ @@ -264,7 +264,7 @@ static void generate_u_int_type(private_generator_t *this, /* high in buffer is not changed */ high = *(this->out_position) & 0xF0; /* low of current byte in buffer has to be set to the new value*/ - low = *((u_int8_t *)(this->data_struct + offset)) & 0x0F; + low = *((uint8_t *)(this->data_struct + offset)) & 0x0F; *(this->out_position) = high | low; if (this->debug) { @@ -287,7 +287,7 @@ static void generate_u_int_type(private_generator_t *this, case U_INT_8: { /* 8 bit values are written as they are */ - *this->out_position = *((u_int8_t *)(this->data_struct + offset)); + *this->out_position = *((uint8_t *)(this->data_struct + offset)); if (this->debug) { DBG3(DBG_ENC, " => %d", *(this->out_position)); @@ -297,8 +297,8 @@ static void generate_u_int_type(private_generator_t *this, } case ATTRIBUTE_TYPE: { - u_int8_t attribute_format_flag; - u_int16_t val; + uint8_t attribute_format_flag; + uint16_t val; /* attribute type must not change first bit of current byte */ if (this->current_bit != 1) @@ -308,7 +308,7 @@ static void generate_u_int_type(private_generator_t *this, } attribute_format_flag = *(this->out_position) & 0x80; /* get attribute type value as 16 bit integer*/ - val = *((u_int16_t*)(this->data_struct + offset)); + val = *((uint16_t*)(this->data_struct + offset)); /* unset most significant bit */ val &= 0x7FFF; if (attribute_format_flag) @@ -321,7 +321,7 @@ static void generate_u_int_type(private_generator_t *this, DBG3(DBG_ENC, " => %d", val); } /* write bytes to buffer (set bit is overwritten) */ - write_bytes_to_buffer(this, &val, sizeof(u_int16_t)); + write_bytes_to_buffer(this, &val, sizeof(uint16_t)); this->current_bit = 0; break; @@ -330,33 +330,33 @@ static void generate_u_int_type(private_generator_t *this, case PAYLOAD_LENGTH: case ATTRIBUTE_LENGTH: { - u_int16_t val = htons(*((u_int16_t*)(this->data_struct + offset))); + uint16_t val = htons(*((uint16_t*)(this->data_struct + offset))); if (this->debug) { - DBG3(DBG_ENC, " %b", &val, sizeof(u_int16_t)); + DBG3(DBG_ENC, " %b", &val, sizeof(uint16_t)); } - write_bytes_to_buffer(this, &val, sizeof(u_int16_t)); + write_bytes_to_buffer(this, &val, sizeof(uint16_t)); break; } case U_INT_32: { - u_int32_t val = htonl(*((u_int32_t*)(this->data_struct + offset))); + uint32_t val = htonl(*((uint32_t*)(this->data_struct + offset))); if (this->debug) { - DBG3(DBG_ENC, " %b", &val, sizeof(u_int32_t)); + DBG3(DBG_ENC, " %b", &val, sizeof(uint32_t)); } - write_bytes_to_buffer(this, &val, sizeof(u_int32_t)); + write_bytes_to_buffer(this, &val, sizeof(uint32_t)); break; } case IKE_SPI: { /* 64 bit are written as-is, no host order conversion */ write_bytes_to_buffer(this, this->data_struct + offset, - sizeof(u_int64_t)); + sizeof(uint64_t)); if (this->debug) { DBG3(DBG_ENC, " %b", this->data_struct + offset, - sizeof(u_int64_t)); + sizeof(uint64_t)); } break; } @@ -372,10 +372,10 @@ static void generate_u_int_type(private_generator_t *this, /** * Generate a FLAG filed */ -static void generate_flag(private_generator_t *this, u_int32_t offset) +static void generate_flag(private_generator_t *this, uint32_t offset) { - u_int8_t flag_value; - u_int8_t flag; + uint8_t flag_value; + uint8_t flag; flag_value = (*((bool *) (this->data_struct + offset))) ? 1 : 0; /* get flag position */ @@ -406,7 +406,7 @@ static void generate_flag(private_generator_t *this, u_int32_t offset) /** * Generates a bytestream from a chunk_t. */ -static void generate_from_chunk(private_generator_t *this, u_int32_t offset) +static void generate_from_chunk(private_generator_t *this, uint32_t offset) { chunk_t *value; @@ -427,11 +427,11 @@ static void generate_from_chunk(private_generator_t *this, u_int32_t offset) } METHOD(generator_t, get_chunk, chunk_t, - private_generator_t *this, u_int32_t **lenpos) + private_generator_t *this, uint32_t **lenpos) { chunk_t data; - *lenpos = (u_int32_t*)(this->buffer + this->header_length_offset); + *lenpos = (uint32_t*)(this->buffer + this->header_length_offset); data = chunk_create(this->buffer, get_length(this)); if (this->debug) { @@ -537,7 +537,7 @@ METHOD(generator_t, generate_payload, void, generate_u_int_type(this, U_INT_16, rules[i].offset); /* this field hold the length of the attribute */ this->attribute_length = - *((u_int16_t *)(this->data_struct + rules[i].offset)); + *((uint16_t *)(this->data_struct + rules[i].offset)); } break; case ATTRIBUTE_VALUE: diff --git a/src/libcharon/encoding/generator.h b/src/libcharon/encoding/generator.h index c2c0aad2a..375530776 100644 --- a/src/libcharon/encoding/generator.h +++ b/src/libcharon/encoding/generator.h @@ -57,7 +57,7 @@ struct generator_t { * @param lenpos receives a pointer to fill in length value * @param return chunk to internal buffer. */ - chunk_t (*get_chunk) (generator_t *this, u_int32_t **lenpos); + chunk_t (*get_chunk) (generator_t *this, uint32_t **lenpos); /** * Destroys a generator_t object. diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index bbdc4629d..1fd644203 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -829,7 +829,7 @@ typedef struct { * fragments we expect. * For IKEv2 we store the total number of fragment we received last. */ - u_int16_t last; + uint16_t last; /** * Length of all currently received fragments. @@ -858,12 +858,12 @@ struct private_message_t { /** * Minor version of message. */ - u_int8_t major_version; + uint8_t major_version; /** * Major version of message. */ - u_int8_t minor_version; + uint8_t minor_version; /** * First Payload in message. @@ -903,7 +903,7 @@ struct private_message_t { /** * Message ID of this message. */ - u_int32_t message_id; + uint32_t message_id; /** * ID of assigned IKE_SA. @@ -953,7 +953,7 @@ struct private_message_t { typedef struct { /** fragment number */ - u_int8_t num; + uint8_t num; /** fragment data */ chunk_t data; @@ -1024,48 +1024,48 @@ METHOD(message_t, get_ike_sa_id, ike_sa_id_t*, } METHOD(message_t, set_message_id, void, - private_message_t *this,u_int32_t message_id) + private_message_t *this,uint32_t message_id) { this->message_id = message_id; } -METHOD(message_t, get_message_id, u_int32_t, +METHOD(message_t, get_message_id, uint32_t, private_message_t *this) { return this->message_id; } -METHOD(message_t, get_initiator_spi, u_int64_t, +METHOD(message_t, get_initiator_spi, uint64_t, private_message_t *this) { return (this->ike_sa_id->get_initiator_spi(this->ike_sa_id)); } -METHOD(message_t, get_responder_spi, u_int64_t, +METHOD(message_t, get_responder_spi, uint64_t, private_message_t *this) { return (this->ike_sa_id->get_responder_spi(this->ike_sa_id)); } METHOD(message_t, set_major_version, void, - private_message_t *this, u_int8_t major_version) + private_message_t *this, uint8_t major_version) { this->major_version = major_version; } -METHOD(message_t, get_major_version, u_int8_t, +METHOD(message_t, get_major_version, uint8_t, private_message_t *this) { return this->major_version; } METHOD(message_t, set_minor_version, void, - private_message_t *this,u_int8_t minor_version) + private_message_t *this,uint8_t minor_version) { this->minor_version = minor_version; } -METHOD(message_t, get_minor_version, u_int8_t, +METHOD(message_t, get_minor_version, uint8_t, private_message_t *this) { return this->minor_version; @@ -1331,7 +1331,7 @@ static char* get_string(private_message_t *this, char *buf, int len) if (payload->get_type(payload) == PLV2_EAP) { eap_payload_t *eap = (eap_payload_t*)payload; - u_int32_t vendor; + uint32_t vendor; eap_type_t type; char method[64] = ""; @@ -1790,7 +1790,7 @@ static status_t finalize_message(private_message_t *this, keymat_t *keymat, { keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat; chunk_t chunk; - u_int32_t *lenpos; + uint32_t *lenpos; if (encrypted) { @@ -1893,7 +1893,7 @@ static message_t *clone_message(private_message_t *this) * Create a single fragment with the given data */ static message_t *create_fragment(private_message_t *this, payload_type_t next, - u_int16_t num, u_int16_t count, chunk_t data) + uint16_t num, uint16_t count, chunk_t data) { enumerator_t *enumerator; payload_t *fragment, *payload; @@ -1972,11 +1972,11 @@ METHOD(message_t, fragment, status_t, message_t *fragment; packet_t *packet; payload_type_t next = PL_NONE; - u_int16_t num, count; + uint16_t num, count; host_t *src, *dst; chunk_t data; status_t status; - u_int32_t *lenpos; + uint32_t *lenpos; size_t len; src = this->packet->get_source(this->packet); @@ -2703,7 +2703,7 @@ METHOD(message_t, parse_body, status_t, /** * Store the fragment data for the fragment with the given fragment number. */ -static status_t add_fragment(private_message_t *this, u_int16_t num, +static status_t add_fragment(private_message_t *this, uint16_t num, chunk_t data) { fragment_t *fragment; @@ -2777,7 +2777,7 @@ METHOD(message_t, add_fragment_v1, status_t, { fragment_payload_t *payload; chunk_t data; - u_int8_t num; + uint8_t num; status_t status; if (!this->frag) @@ -2840,7 +2840,7 @@ METHOD(message_t, add_fragment_v2, status_t, payload_t *payload; enumerator_t *enumerator; chunk_t data; - u_int16_t total, num; + uint16_t total, num; status_t status; if (!this->frag) diff --git a/src/libcharon/encoding/message.h b/src/libcharon/encoding/message.h index a03aa8e96..8c4372974 100644 --- a/src/libcharon/encoding/message.h +++ b/src/libcharon/encoding/message.h @@ -49,56 +49,56 @@ struct message_t { * * @param major_version major version to set */ - void (*set_major_version) (message_t *this, u_int8_t major_version); + void (*set_major_version) (message_t *this, uint8_t major_version); /** * Gets the IKE major version of the message. * * @return major version of the message */ - u_int8_t (*get_major_version) (message_t *this); + uint8_t (*get_major_version) (message_t *this); /** * Sets the IKE minor version of the message. * * @param minor_version minor version to set */ - void (*set_minor_version) (message_t *this, u_int8_t minor_version); + void (*set_minor_version) (message_t *this, uint8_t minor_version); /** * Gets the IKE minor version of the message. * * @return minor version of the message */ - u_int8_t (*get_minor_version) (message_t *this); + uint8_t (*get_minor_version) (message_t *this); /** * Sets the Message ID of the message. * * @param message_id message_id to set */ - void (*set_message_id) (message_t *this, u_int32_t message_id); + void (*set_message_id) (message_t *this, uint32_t message_id); /** * Gets the Message ID of the message. * * @return message_id type of the message */ - u_int32_t (*get_message_id) (message_t *this); + uint32_t (*get_message_id) (message_t *this); /** * Gets the initiator SPI of the message. * * @return initiator spi of the message */ - u_int64_t (*get_initiator_spi) (message_t *this); + uint64_t (*get_initiator_spi) (message_t *this); /** * Gets the responder SPI of the message. * * @return responder spi of the message */ - u_int64_t (*get_responder_spi) (message_t *this); + uint64_t (*get_responder_spi) (message_t *this); /** * Sets the IKE_SA ID of the message. diff --git a/src/libcharon/encoding/parser.c b/src/libcharon/encoding/parser.c index f8340367e..c9d6b0d8f 100644 --- a/src/libcharon/encoding/parser.c +++ b/src/libcharon/encoding/parser.c @@ -61,27 +61,27 @@ struct private_parser_t { /** * major IKE version */ - u_int8_t major_version; + uint8_t major_version; /** * Current bit for reading in input data. */ - u_int8_t bit_pos; + uint8_t bit_pos; /** * Current byte for reading in input data. */ - u_int8_t *byte_pos; + uint8_t *byte_pos; /** * Input data to parse. */ - u_int8_t *input; + uint8_t *input; /** * Roof of input, used for length-checking. */ - u_int8_t *input_roof; + uint8_t *input_roof; /** * Set of encoding rules for this parsing session. @@ -113,9 +113,9 @@ static bool bad_bitpos(private_parser_t *this, int number) * Parse a 4-Bit unsigned integer from the current parsing position. */ static bool parse_uint4(private_parser_t *this, int rule_number, - u_int8_t *output_pos) + uint8_t *output_pos) { - if (this->byte_pos + sizeof(u_int8_t) > this->input_roof) + if (this->byte_pos + sizeof(uint8_t) > this->input_roof) { return short_input(this, rule_number); } @@ -150,9 +150,9 @@ static bool parse_uint4(private_parser_t *this, int rule_number, * Parse a 8-Bit unsigned integer from the current parsing position. */ static bool parse_uint8(private_parser_t *this, int rule_number, - u_int8_t *output_pos) + uint8_t *output_pos) { - if (this->byte_pos + sizeof(u_int8_t) > this->input_roof) + if (this->byte_pos + sizeof(uint8_t) > this->input_roof) { return short_input(this, rule_number); } @@ -173,9 +173,9 @@ static bool parse_uint8(private_parser_t *this, int rule_number, * Parse a 15-Bit unsigned integer from the current parsing position. */ static bool parse_uint15(private_parser_t *this, int rule_number, - u_int16_t *output_pos) + uint16_t *output_pos) { - if (this->byte_pos + sizeof(u_int16_t) > this->input_roof) + if (this->byte_pos + sizeof(uint16_t) > this->input_roof) { return short_input(this, rule_number); } @@ -185,11 +185,11 @@ static bool parse_uint15(private_parser_t *this, int rule_number, } if (output_pos) { - memcpy(output_pos, this->byte_pos, sizeof(u_int16_t)); + memcpy(output_pos, this->byte_pos, sizeof(uint16_t)); *output_pos = ntohs(*output_pos) & ~0x8000; DBG3(DBG_ENC, " => %hu", *output_pos); } - this->byte_pos += sizeof(u_int16_t); + this->byte_pos += sizeof(uint16_t); this->bit_pos = 0; return TRUE; } @@ -198,9 +198,9 @@ static bool parse_uint15(private_parser_t *this, int rule_number, * Parse a 16-Bit unsigned integer from the current parsing position. */ static bool parse_uint16(private_parser_t *this, int rule_number, - u_int16_t *output_pos) + uint16_t *output_pos) { - if (this->byte_pos + sizeof(u_int16_t) > this->input_roof) + if (this->byte_pos + sizeof(uint16_t) > this->input_roof) { return short_input(this, rule_number); } @@ -210,20 +210,20 @@ static bool parse_uint16(private_parser_t *this, int rule_number, } if (output_pos) { - memcpy(output_pos, this->byte_pos, sizeof(u_int16_t)); + memcpy(output_pos, this->byte_pos, sizeof(uint16_t)); *output_pos = ntohs(*output_pos); DBG3(DBG_ENC, " => %hu", *output_pos); } - this->byte_pos += sizeof(u_int16_t); + this->byte_pos += sizeof(uint16_t); return TRUE; } /** * Parse a 32-Bit unsigned integer from the current parsing position. */ static bool parse_uint32(private_parser_t *this, int rule_number, - u_int32_t *output_pos) + uint32_t *output_pos) { - if (this->byte_pos + sizeof(u_int32_t) > this->input_roof) + if (this->byte_pos + sizeof(uint32_t) > this->input_roof) { return short_input(this, rule_number); } @@ -233,11 +233,11 @@ static bool parse_uint32(private_parser_t *this, int rule_number, } if (output_pos) { - memcpy(output_pos, this->byte_pos, sizeof(u_int32_t)); + memcpy(output_pos, this->byte_pos, sizeof(uint32_t)); *output_pos = ntohl(*output_pos); DBG3(DBG_ENC, " => %u", *output_pos); } - this->byte_pos += sizeof(u_int32_t); + this->byte_pos += sizeof(uint32_t); return TRUE; } @@ -245,7 +245,7 @@ static bool parse_uint32(private_parser_t *this, int rule_number, * Parse a given amount of bytes and writes them to a specific location */ static bool parse_bytes(private_parser_t *this, int rule_number, - u_int8_t *output_pos, int bytes) + uint8_t *output_pos, int bytes) { if (this->byte_pos + bytes > this->input_roof) { @@ -270,13 +270,13 @@ static bool parse_bytes(private_parser_t *this, int rule_number, static bool parse_bit(private_parser_t *this, int rule_number, bool *output_pos) { - if (this->byte_pos + sizeof(u_int8_t) > this->input_roof) + if (this->byte_pos + sizeof(uint8_t) > this->input_roof) { return short_input(this, rule_number); } if (output_pos) { - u_int8_t mask; + uint8_t mask; mask = 0x01 << (7 - this->bit_pos); *output_pos = *this->byte_pos & mask; @@ -312,7 +312,7 @@ static bool parse_list(private_parser_t *this, int rule_number, } while (length > 0) { - u_int8_t *pos_before = this->byte_pos; + uint8_t *pos_before = this->byte_pos; payload_t *payload; DBG2(DBG_ENC, " %d bytes left, parsing recursively %N", @@ -368,7 +368,7 @@ METHOD(parser_t, parse_payload, status_t, payload_t *pld; void *output; int payload_length = 0, spi_size = 0, attribute_length = 0, header_length; - u_int16_t ts_type = 0; + uint16_t ts_type = 0; bool attribute_format = FALSE; int rule_number, rule_count; encoding_rule_t *rule; @@ -468,7 +468,7 @@ METHOD(parser_t, parse_payload, status_t, return PARSE_ERROR; } /* parsed u_int16 should be aligned */ - payload_length = *(u_int16_t*)(output + rule->offset); + payload_length = *(uint16_t*)(output + rule->offset); /* all payloads must have at least 4 bytes header */ if (payload_length < 4) { @@ -484,7 +484,7 @@ METHOD(parser_t, parse_payload, status_t, pld->destroy(pld); return PARSE_ERROR; } - spi_size = *(u_int8_t*)(output + rule->offset); + spi_size = *(uint8_t*)(output + rule->offset); break; } case SPI: @@ -564,7 +564,7 @@ METHOD(parser_t, parse_payload, status_t, pld->destroy(pld); return PARSE_ERROR; } - attribute_length = *(u_int16_t*)(output + rule->offset); + attribute_length = *(uint16_t*)(output + rule->offset); break; } case ATTRIBUTE_LENGTH_OR_VALUE: @@ -574,7 +574,7 @@ METHOD(parser_t, parse_payload, status_t, pld->destroy(pld); return PARSE_ERROR; } - attribute_length = *(u_int16_t*)(output + rule->offset); + attribute_length = *(uint16_t*)(output + rule->offset); break; } case ATTRIBUTE_VALUE: @@ -595,7 +595,7 @@ METHOD(parser_t, parse_payload, status_t, pld->destroy(pld); return PARSE_ERROR; } - ts_type = *(u_int8_t*)(output + rule->offset); + ts_type = *(uint8_t*)(output + rule->offset); break; } case ADDRESS: @@ -642,7 +642,7 @@ METHOD(parser_t, reset_context, void, } METHOD(parser_t, set_major_version, void, - private_parser_t *this, u_int8_t major_version) + private_parser_t *this, uint8_t major_version) { this->major_version = major_version; } diff --git a/src/libcharon/encoding/parser.h b/src/libcharon/encoding/parser.h index 5fd3e86ee..8f073556e 100644 --- a/src/libcharon/encoding/parser.h +++ b/src/libcharon/encoding/parser.h @@ -68,7 +68,7 @@ struct parser_t { * * @param major_version the major IKE version */ - void (*set_major_version) (parser_t *this, u_int8_t major_version); + void (*set_major_version) (parser_t *this, uint8_t major_version); /** * Destroys a parser_t object. diff --git a/src/libcharon/encoding/payloads/auth_payload.c b/src/libcharon/encoding/payloads/auth_payload.c index ee3ed54fd..9d03bb694 100644 --- a/src/libcharon/encoding/payloads/auth_payload.c +++ b/src/libcharon/encoding/payloads/auth_payload.c @@ -35,7 +35,7 @@ struct private_auth_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -50,17 +50,17 @@ struct private_auth_payload_t { /** * Reserved bytes */ - u_int8_t reserved_byte[3]; + uint8_t reserved_byte[3]; /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * Method of the AUTH Data. */ - u_int8_t auth_method; + uint8_t auth_method; /** * The contained auth data value. diff --git a/src/libcharon/encoding/payloads/cert_payload.c b/src/libcharon/encoding/payloads/cert_payload.c index 43993ae48..ea25ca73c 100644 --- a/src/libcharon/encoding/payloads/cert_payload.c +++ b/src/libcharon/encoding/payloads/cert_payload.c @@ -55,7 +55,7 @@ struct private_cert_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -70,12 +70,12 @@ struct private_cert_payload_t { /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * Encoding of the CERT Data. */ - u_int8_t encoding; + uint8_t encoding; /** * The contained cert data value. diff --git a/src/libcharon/encoding/payloads/certreq_payload.c b/src/libcharon/encoding/payloads/certreq_payload.c index 6ac90a2a0..09bfa2458 100644 --- a/src/libcharon/encoding/payloads/certreq_payload.c +++ b/src/libcharon/encoding/payloads/certreq_payload.c @@ -38,7 +38,7 @@ struct private_certreq_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -53,12 +53,12 @@ struct private_certreq_payload_t { /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * Encoding of the CERT Data. */ - u_int8_t encoding; + uint8_t encoding; /** * The contained certreq data value. diff --git a/src/libcharon/encoding/payloads/configuration_attribute.c b/src/libcharon/encoding/payloads/configuration_attribute.c index 4ecdf569d..32e4828ba 100644 --- a/src/libcharon/encoding/payloads/configuration_attribute.c +++ b/src/libcharon/encoding/payloads/configuration_attribute.c @@ -48,12 +48,12 @@ struct private_configuration_attribute_t { /** * Type of the attribute. */ - u_int16_t attr_type; + uint16_t attr_type; /** * Length of the attribute, value if af_flag set. */ - u_int16_t length_or_value; + uint16_t length_or_value; /** * Attribute value as chunk. @@ -272,7 +272,7 @@ METHOD(configuration_attribute_t, get_chunk, chunk_t, return this->value; } -METHOD(configuration_attribute_t, get_value, u_int16_t, +METHOD(configuration_attribute_t, get_value, uint16_t, private_configuration_attribute_t *this) { if (this->af_flag) @@ -328,7 +328,7 @@ configuration_attribute_t *configuration_attribute_create_chunk( this = (private_configuration_attribute_t*) configuration_attribute_create(type); - this->attr_type = ((u_int16_t)attr_type) & 0x7FFF; + this->attr_type = ((uint16_t)attr_type) & 0x7FFF; this->value = chunk_clone(chunk); this->length_or_value = chunk.len; @@ -339,13 +339,13 @@ configuration_attribute_t *configuration_attribute_create_chunk( * Described in header. */ configuration_attribute_t *configuration_attribute_create_value( - configuration_attribute_type_t attr_type, u_int16_t value) + configuration_attribute_type_t attr_type, uint16_t value) { private_configuration_attribute_t *this; this = (private_configuration_attribute_t*) configuration_attribute_create(PLV1_CONFIGURATION_ATTRIBUTE); - this->attr_type = ((u_int16_t)attr_type) & 0x7FFF; + this->attr_type = ((uint16_t)attr_type) & 0x7FFF; this->length_or_value = value; this->af_flag = TRUE; diff --git a/src/libcharon/encoding/payloads/configuration_attribute.h b/src/libcharon/encoding/payloads/configuration_attribute.h index 946c1b500..417ba731b 100644 --- a/src/libcharon/encoding/payloads/configuration_attribute.h +++ b/src/libcharon/encoding/payloads/configuration_attribute.h @@ -57,7 +57,7 @@ struct configuration_attribute_t { * * @return attribute value */ - u_int16_t (*get_value) (configuration_attribute_t *this); + uint16_t (*get_value) (configuration_attribute_t *this); /** * Destroys an configuration_attribute_t object. @@ -92,6 +92,6 @@ configuration_attribute_t *configuration_attribute_create_chunk( * @return created PLV1_CONFIGURATION_ATTRIBUTE configuration attribute */ configuration_attribute_t *configuration_attribute_create_value( - configuration_attribute_type_t attr_type, u_int16_t value); + configuration_attribute_type_t attr_type, uint16_t value); #endif /** CONFIGURATION_ATTRIBUTE_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/cp_payload.c b/src/libcharon/encoding/payloads/cp_payload.c index ef9df84f7..d86693ee2 100644 --- a/src/libcharon/encoding/payloads/cp_payload.c +++ b/src/libcharon/encoding/payloads/cp_payload.c @@ -44,7 +44,7 @@ struct private_cp_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -59,17 +59,17 @@ struct private_cp_payload_t { /** * Reserved bytes */ - u_int8_t reserved_byte[3]; + uint8_t reserved_byte[3]; /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * Identifier field, IKEv1 only */ - u_int16_t identifier; + uint16_t identifier; /** * List of attributes, as configuration_attribute_t @@ -79,7 +79,7 @@ struct private_cp_payload_t { /** * Config Type. */ - u_int8_t cfg_type; + uint8_t cfg_type; /** * PLV2_CONFIGURATION or PLV1_CONFIGURATION @@ -269,13 +269,13 @@ METHOD(cp_payload_t, get_config_type, config_type_t, return this->cfg_type; } -METHOD(cp_payload_t, get_identifier, u_int16_t, +METHOD(cp_payload_t, get_identifier, uint16_t, private_cp_payload_t *this) { return this->identifier; } METHOD(cp_payload_t, set_identifier, void, - private_cp_payload_t *this, u_int16_t identifier) + private_cp_payload_t *this, uint16_t identifier) { this->identifier = identifier; } diff --git a/src/libcharon/encoding/payloads/cp_payload.h b/src/libcharon/encoding/payloads/cp_payload.h index d466989d6..3e4763fb6 100644 --- a/src/libcharon/encoding/payloads/cp_payload.h +++ b/src/libcharon/encoding/payloads/cp_payload.h @@ -82,14 +82,14 @@ struct cp_payload_t { * @param identifier identifier to set */ - void (*set_identifier) (cp_payload_t *this, u_int16_t identifier); + void (*set_identifier) (cp_payload_t *this, uint16_t identifier); /** * Get the configuration payload identifier (IKEv1 only). * * @return identifier */ - u_int16_t (*get_identifier) (cp_payload_t *this); + uint16_t (*get_identifier) (cp_payload_t *this); /** * Destroys an cp_payload_t object. diff --git a/src/libcharon/encoding/payloads/delete_payload.c b/src/libcharon/encoding/payloads/delete_payload.c index f11ea485c..584e6f22b 100644 --- a/src/libcharon/encoding/payloads/delete_payload.c +++ b/src/libcharon/encoding/payloads/delete_payload.c @@ -36,7 +36,7 @@ struct private_delete_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -51,27 +51,27 @@ struct private_delete_payload_t { /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * IKEv1 Domain of Interpretation */ - u_int32_t doi; + uint32_t doi; /** * Protocol ID. */ - u_int8_t protocol_id; + uint8_t protocol_id; /** * SPI Size. */ - u_int8_t spi_size; + uint8_t spi_size; /** * Number of SPI's. */ - u_int16_t spi_count; + uint16_t spi_count; /** * The contained SPI's. @@ -257,7 +257,7 @@ METHOD(delete_payload_t, get_protocol_id, protocol_id_t, } METHOD(delete_payload_t, add_spi, void, - private_delete_payload_t *this, u_int32_t spi) + private_delete_payload_t *this, uint32_t spi) { switch (this->protocol_id) { @@ -273,7 +273,7 @@ METHOD(delete_payload_t, add_spi, void, } METHOD(delete_payload_t, set_ike_spi, void, - private_delete_payload_t *this, u_int64_t spi_i, u_int64_t spi_r) + private_delete_payload_t *this, uint64_t spi_i, uint64_t spi_r) { free(this->spis.ptr); this->spis = chunk_cat("cc", chunk_from_thing(spi_i), @@ -283,15 +283,15 @@ METHOD(delete_payload_t, set_ike_spi, void, } METHOD(delete_payload_t, get_ike_spi, bool, - private_delete_payload_t *this, u_int64_t *spi_i, u_int64_t *spi_r) + private_delete_payload_t *this, uint64_t *spi_i, uint64_t *spi_r) { if (this->protocol_id != PROTO_IKE || - this->spis.len < 2 * sizeof(u_int64_t)) + this->spis.len < 2 * sizeof(uint64_t)) { return FALSE; } - memcpy(spi_i, this->spis.ptr, sizeof(u_int64_t)); - memcpy(spi_r, this->spis.ptr + sizeof(u_int64_t), sizeof(u_int64_t)); + memcpy(spi_i, this->spis.ptr, sizeof(uint64_t)); + memcpy(spi_r, this->spis.ptr + sizeof(uint64_t), sizeof(uint64_t)); return TRUE; } @@ -306,7 +306,7 @@ typedef struct { } spi_enumerator_t; METHOD(enumerator_t, spis_enumerate, bool, - spi_enumerator_t *this, u_int32_t *spi) + spi_enumerator_t *this, uint32_t *spi) { if (this->spis.len >= sizeof(*spi)) { @@ -322,7 +322,7 @@ METHOD(delete_payload_t, create_spi_enumerator, enumerator_t*, { spi_enumerator_t *e; - if (this->spi_size != sizeof(u_int32_t)) + if (this->spi_size != sizeof(uint32_t)) { return enumerator_create_empty(); } diff --git a/src/libcharon/encoding/payloads/delete_payload.h b/src/libcharon/encoding/payloads/delete_payload.h index 6728718cd..06ed76c2e 100644 --- a/src/libcharon/encoding/payloads/delete_payload.h +++ b/src/libcharon/encoding/payloads/delete_payload.h @@ -51,7 +51,7 @@ struct delete_payload_t { * * @param spi spi to add */ - void (*add_spi) (delete_payload_t *this, u_int32_t spi); + void (*add_spi) (delete_payload_t *this, uint32_t spi); /** * Set the IKE SPIs for an IKEv1 delete. @@ -59,7 +59,7 @@ struct delete_payload_t { * @param spi_i initiator SPI * @param spi_r responder SPI */ - void (*set_ike_spi)(delete_payload_t *this, u_int64_t spi_i, u_int64_t spi_r); + void (*set_ike_spi)(delete_payload_t *this, uint64_t spi_i, uint64_t spi_r); /** * Get the IKE SPIs from an IKEv1 delete. @@ -68,12 +68,12 @@ struct delete_payload_t { * @param spi_r responder SPI * @return TRUE if SPIs extracted successfully */ - bool (*get_ike_spi)(delete_payload_t *this, u_int64_t *spi_i, u_int64_t *spi_r); + bool (*get_ike_spi)(delete_payload_t *this, uint64_t *spi_i, uint64_t *spi_r); /** * Get an enumerator over the SPIs in network order. * - * @return enumerator over SPIs, u_int32_t + * @return enumerator over SPIs, uint32_t */ enumerator_t *(*create_spi_enumerator) (delete_payload_t *this); diff --git a/src/libcharon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c index ebdf8a3fe..8c3fc5933 100644 --- a/src/libcharon/encoding/payloads/eap_payload.c +++ b/src/libcharon/encoding/payloads/eap_payload.c @@ -38,7 +38,7 @@ struct private_eap_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -53,7 +53,7 @@ struct private_eap_payload_t { /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * EAP message data, if available @@ -102,8 +102,8 @@ static encoding_rule_t encodings[] = { METHOD(payload_t, verify, status_t, private_eap_payload_t *this) { - u_int16_t length; - u_int8_t code; + uint16_t length; + uint8_t code; if (this->data.len < 4) { @@ -208,7 +208,7 @@ METHOD(eap_payload_t, get_code, eap_code_t, return 0; } -METHOD(eap_payload_t, get_identifier, u_int8_t, +METHOD(eap_payload_t, get_identifier, uint8_t, private_eap_payload_t *this) { if (this->data.len > 1) @@ -224,7 +224,7 @@ METHOD(eap_payload_t, get_identifier, u_int8_t, * @return the new offset or 0 if failed */ static size_t extract_type(private_eap_payload_t *this, size_t offset, - eap_type_t *type, u_int32_t *vendor) + eap_type_t *type, uint32_t *vendor) { if (this->data.len > offset) { @@ -245,7 +245,7 @@ static size_t extract_type(private_eap_payload_t *this, size_t offset, } METHOD(eap_payload_t, get_type, eap_type_t, - private_eap_payload_t *this, u_int32_t *vendor) + private_eap_payload_t *this, uint32_t *vendor) { eap_type_t type; @@ -270,7 +270,7 @@ typedef struct { } type_enumerator_t; METHOD(enumerator_t, enumerate_types, bool, - type_enumerator_t *this, eap_type_t *type, u_int32_t *vendor) + type_enumerator_t *this, eap_type_t *type, uint32_t *vendor) { this->offset = extract_type(this->payload, this->offset, type, vendor); return this->offset; @@ -281,7 +281,7 @@ METHOD(eap_payload_t, get_types, enumerator_t*, { type_enumerator_t *enumerator; eap_type_t type; - u_int32_t vendor; + uint32_t vendor; size_t offset; offset = extract_type(this, 4, &type, &vendor); @@ -373,7 +373,7 @@ eap_payload_t *eap_payload_create_data_own(chunk_t data) /* * Described in header */ -eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier) +eap_payload_t *eap_payload_create_code(eap_code_t code, uint8_t identifier) { chunk_t data; @@ -385,7 +385,7 @@ eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier) /** * Write the given type either expanded or not */ -static void write_type(bio_writer_t *writer, eap_type_t type, u_int32_t vendor, +static void write_type(bio_writer_t *writer, eap_type_t type, uint32_t vendor, bool expanded) { if (expanded) @@ -403,12 +403,12 @@ static void write_type(bio_writer_t *writer, eap_type_t type, u_int32_t vendor, /* * Described in header */ -eap_payload_t *eap_payload_create_nak(u_int8_t identifier, eap_type_t type, - u_int32_t vendor, bool expanded) +eap_payload_t *eap_payload_create_nak(uint8_t identifier, eap_type_t type, + uint32_t vendor, bool expanded) { enumerator_t *enumerator; eap_type_t reg_type; - u_int32_t reg_vendor; + uint32_t reg_vendor; bio_writer_t *writer; chunk_t data; bool added_any = FALSE, found_vendor = FALSE; diff --git a/src/libcharon/encoding/payloads/eap_payload.h b/src/libcharon/encoding/payloads/eap_payload.h index e8ed1c5e7..abaefde28 100644 --- a/src/libcharon/encoding/payloads/eap_payload.h +++ b/src/libcharon/encoding/payloads/eap_payload.h @@ -72,7 +72,7 @@ struct eap_payload_t { * * @return unique identifier */ - u_int8_t (*get_identifier) (eap_payload_t *this); + uint8_t (*get_identifier) (eap_payload_t *this); /** * Get the EAP method type. @@ -80,13 +80,13 @@ struct eap_payload_t { * @param vendor pointer receiving vendor identifier * @return EAP method type, vendor specific if vendor != 0 */ - eap_type_t (*get_type) (eap_payload_t *this, u_int32_t *vendor); + eap_type_t (*get_type) (eap_payload_t *this, uint32_t *vendor); /** * Enumerate the EAP method types contained in an EAP-Nak (i.e. get_type() * returns EAP_NAK). * - * @return enumerator over (eap_type_t type, u_int32_t vendor) + * @return enumerator over (eap_type_t type, uint32_t vendor) */ enumerator_t* (*get_types) (eap_payload_t *this); @@ -136,7 +136,7 @@ eap_payload_t *eap_payload_create_data_own(chunk_t data); * @param identifier EAP identifier to use in payload * @return eap_payload_t object */ -eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier); +eap_payload_t *eap_payload_create_code(eap_code_t code, uint8_t identifier); /** * Creates an eap_payload_t EAP_RESPONSE containing an EAP_NAK. @@ -147,7 +147,7 @@ eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier); * @param expanded TRUE to send an expanded Nak * @return eap_payload_t object */ -eap_payload_t *eap_payload_create_nak(u_int8_t identifier, eap_type_t type, - u_int32_t vendor, bool expanded); +eap_payload_t *eap_payload_create_nak(uint8_t identifier, eap_type_t type, + uint32_t vendor, bool expanded); #endif /** EAP_PAYLOAD_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/encodings.h b/src/libcharon/encoding/payloads/encodings.h index 54830bc8c..442bf7489 100644 --- a/src/libcharon/encoding/payloads/encodings.h +++ b/src/libcharon/encoding/payloads/encodings.h @@ -289,10 +289,10 @@ enum encoding_type_t { /** * Representating an IKE_SPI field in an IKEv2 Header. * - * When generating the value of the u_int64_t pointing to + * When generating the value of the uint64_t pointing to * is written (host and networ order is not changed). * - * When parsing 8 bytes are read and written into the u_int64_t pointing to. + * When parsing 8 bytes are read and written into the uint64_t pointing to. */ IKE_SPI, @@ -342,7 +342,7 @@ struct encoding_rule_t { * When generating, data are read from this offset in the * data struct. */ - u_int32_t offset; + uint32_t offset; }; #endif /** ENCODINGS_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/encrypted_fragment_payload.h b/src/libcharon/encoding/payloads/encrypted_fragment_payload.h index 1c2cc379f..6ff61dd65 100644 --- a/src/libcharon/encoding/payloads/encrypted_fragment_payload.h +++ b/src/libcharon/encoding/payloads/encrypted_fragment_payload.h @@ -42,14 +42,14 @@ struct encrypted_fragment_payload_t { * * @return fragment number */ - u_int16_t (*get_fragment_number)(encrypted_fragment_payload_t *this); + uint16_t (*get_fragment_number)(encrypted_fragment_payload_t *this); /** * Get the total number of fragments. * * @return total number of fragments */ - u_int16_t (*get_total_fragments)(encrypted_fragment_payload_t *this); + uint16_t (*get_total_fragments)(encrypted_fragment_payload_t *this); /** * Get the (decrypted) content of this payload. @@ -80,6 +80,6 @@ encrypted_fragment_payload_t *encrypted_fragment_payload_create(); * @return encrypted_fragment_payload_t object */ encrypted_fragment_payload_t *encrypted_fragment_payload_create_from_data( - u_int16_t num, u_int16_t total, chunk_t data); + uint16_t num, uint16_t total, chunk_t data); #endif /** ENCRYPTED_FRAGMENT_PAYLOAD_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/encrypted_payload.c b/src/libcharon/encoding/payloads/encrypted_payload.c index d1a267836..a033f6081 100644 --- a/src/libcharon/encoding/payloads/encrypted_payload.c +++ b/src/libcharon/encoding/payloads/encrypted_payload.c @@ -43,17 +43,17 @@ struct private_encrypted_payload_t { * next_payload means here the first payload of the * contained, encrypted payload. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Flags, including reserved bits */ - u_int8_t flags; + uint8_t flags; /** * Length of this payload */ - u_int16_t payload_length; + uint16_t payload_length; /** * Chunk containing the IV, plain, padding and ICV. @@ -88,17 +88,17 @@ struct private_encrypted_fragment_payload_t { * the original encrypted payload, for all other fragments it MUST be set * to zero. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Flags, including reserved bits */ - u_int8_t flags; + uint8_t flags; /** * Length of this payload */ - u_int16_t payload_length; + uint16_t payload_length; /** * Chunk containing the IV, plain, padding and ICV. @@ -108,12 +108,12 @@ struct private_encrypted_fragment_payload_t { /** * Fragment number */ - u_int16_t fragment_number; + uint16_t fragment_number; /** * Total fragments */ - u_int16_t total_fragments; + uint16_t total_fragments; /** * AEAD transform to use @@ -366,7 +366,7 @@ static chunk_t generate(private_encrypted_payload_t *this, { payload_t *current, *next; enumerator_t *enumerator; - u_int32_t *lenpos; + uint32_t *lenpos; chunk_t chunk = chunk_empty; enumerator = this->payloads->create_enumerator(this->payloads); @@ -402,9 +402,9 @@ METHOD(encrypted_payload_t, generate_payloads, void, static chunk_t append_header(private_encrypted_payload_t *this, chunk_t assoc) { struct { - u_int8_t next_payload; - u_int8_t flags; - u_int16_t length; + uint8_t next_payload; + uint8_t flags; + uint16_t length; } __attribute__((packed)) header = { .next_payload = this->next_payload, .flags = this->flags, @@ -416,7 +416,7 @@ static chunk_t append_header(private_encrypted_payload_t *this, chunk_t assoc) /** * Encrypts the data in plain and returns it in an allocated chunk. */ -static status_t encrypt_content(char *label, aead_t *aead, u_int64_t mid, +static status_t encrypt_content(char *label, aead_t *aead, uint64_t mid, chunk_t plain, chunk_t assoc, chunk_t *encrypted) { chunk_t iv, padding, icv, crypt; @@ -486,7 +486,7 @@ static status_t encrypt_content(char *label, aead_t *aead, u_int64_t mid, } METHOD(encrypted_payload_t, encrypt, status_t, - private_encrypted_payload_t *this, u_int64_t mid, chunk_t assoc) + private_encrypted_payload_t *this, uint64_t mid, chunk_t assoc) { generator_t *generator; chunk_t plain; @@ -512,7 +512,7 @@ METHOD(encrypted_payload_t, encrypt, status_t, } METHOD(encrypted_payload_t, encrypt_v1, status_t, - private_encrypted_payload_t *this, u_int64_t mid, chunk_t iv) + private_encrypted_payload_t *this, uint64_t mid, chunk_t iv) { generator_t *generator; chunk_t plain, padding; @@ -869,13 +869,13 @@ METHOD2(payload_t, encrypted_payload_t, frag_get_length, size_t, return this->payload_length; } -METHOD(encrypted_fragment_payload_t, get_fragment_number, u_int16_t, +METHOD(encrypted_fragment_payload_t, get_fragment_number, uint16_t, private_encrypted_fragment_payload_t *this) { return this->fragment_number; } -METHOD(encrypted_fragment_payload_t, get_total_fragments, u_int16_t, +METHOD(encrypted_fragment_payload_t, get_total_fragments, uint16_t, private_encrypted_fragment_payload_t *this) { return this->total_fragments; @@ -906,11 +906,11 @@ static chunk_t append_header_frag(private_encrypted_fragment_payload_t *this, chunk_t assoc) { struct { - u_int8_t next_payload; - u_int8_t flags; - u_int16_t length; - u_int16_t fragment_number; - u_int16_t total_fragments; + uint8_t next_payload; + uint8_t flags; + uint16_t length; + uint16_t fragment_number; + uint16_t total_fragments; } __attribute__((packed)) header = { .next_payload = this->next_payload, .flags = this->flags, @@ -922,7 +922,7 @@ static chunk_t append_header_frag(private_encrypted_fragment_payload_t *this, } METHOD(encrypted_payload_t, frag_encrypt, status_t, - private_encrypted_fragment_payload_t *this, u_int64_t mid, chunk_t assoc) + private_encrypted_fragment_payload_t *this, uint64_t mid, chunk_t assoc) { status_t status; @@ -1015,7 +1015,7 @@ encrypted_fragment_payload_t *encrypted_fragment_payload_create() * Described in header */ encrypted_fragment_payload_t *encrypted_fragment_payload_create_from_data( - u_int16_t num, u_int16_t total, chunk_t plain) + uint16_t num, uint16_t total, chunk_t plain) { private_encrypted_fragment_payload_t *this; diff --git a/src/libcharon/encoding/payloads/encrypted_payload.h b/src/libcharon/encoding/payloads/encrypted_payload.h index be59e3c2d..19c60c5be 100644 --- a/src/libcharon/encoding/payloads/encrypted_payload.h +++ b/src/libcharon/encoding/payloads/encrypted_payload.h @@ -88,7 +88,7 @@ struct encrypted_payload_t { * - FAILED if encryption failed * - INVALID_STATE if aead not supplied, but needed */ - status_t (*encrypt) (encrypted_payload_t *this, u_int64_t mid, + status_t (*encrypt) (encrypted_payload_t *this, uint64_t mid, chunk_t assoc); /** diff --git a/src/libcharon/encoding/payloads/endpoint_notify.c b/src/libcharon/encoding/payloads/endpoint_notify.c index ebe5f32f7..afeee72e4 100644 --- a/src/libcharon/encoding/payloads/endpoint_notify.c +++ b/src/libcharon/encoding/payloads/endpoint_notify.c @@ -33,7 +33,7 @@ struct private_endpoint_notify_t { /** * Priority */ - u_int32_t priority; + uint32_t priority; /** * Family @@ -83,36 +83,36 @@ static private_endpoint_notify_t *endpoint_notify_create(); /** * Helper functions to parse integer values */ -static status_t parse_uint8(u_int8_t **cur, u_int8_t *top, u_int8_t *val) +static status_t parse_uint8(uint8_t **cur, uint8_t *top, uint8_t *val) { - if (*cur + sizeof(u_int8_t) > top) + if (*cur + sizeof(uint8_t) > top) { return FAILED; } - *val = *(u_int8_t*)*cur; - *cur += sizeof(u_int8_t); + *val = *(uint8_t*)*cur; + *cur += sizeof(uint8_t); return SUCCESS; } -static status_t parse_uint16(u_int8_t **cur, u_int8_t *top, u_int16_t *val) +static status_t parse_uint16(uint8_t **cur, uint8_t *top, uint16_t *val) { - if (*cur + sizeof(u_int16_t) > top) + if (*cur + sizeof(uint16_t) > top) { return FAILED; } - *val = ntohs(*(u_int16_t*)*cur); - *cur += sizeof(u_int16_t); + *val = ntohs(*(uint16_t*)*cur); + *cur += sizeof(uint16_t); return SUCCESS; } -static status_t parse_uint32(u_int8_t **cur, u_int8_t *top, u_int32_t *val) +static status_t parse_uint32(uint8_t **cur, uint8_t *top, uint32_t *val) { - if (*cur + sizeof(u_int32_t) > top) + if (*cur + sizeof(uint32_t) > top) { return FAILED; } - *val = ntohl(*(u_int32_t*)*cur); - *cur += sizeof(u_int32_t); + *val = ntohl(*(uint32_t*)*cur); + *cur += sizeof(uint32_t); return SUCCESS; } @@ -121,11 +121,11 @@ static status_t parse_uint32(u_int8_t **cur, u_int8_t *top, u_int32_t *val) */ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t data) { - u_int8_t family, type, addr_family; - u_int16_t port; + uint8_t family, type, addr_family; + uint16_t port; chunk_t addr; - u_int8_t *cur = data.ptr; - u_int8_t *top = data.ptr + data.len; + uint8_t *cur = data.ptr; + uint8_t *top = data.ptr + data.len; DBG3(DBG_IKE, "me_endpoint_data %B", &data); @@ -191,9 +191,9 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this) { chunk_t prio_chunk, family_chunk, type_chunk, port_chunk, addr_chunk; chunk_t data; - u_int32_t prio; - u_int16_t port; - u_int8_t family, type; + uint32_t prio; + uint16_t port; + uint8_t family, type; prio = htonl(this->priority); prio_chunk = chunk_from_thing(prio); @@ -237,14 +237,14 @@ METHOD(endpoint_notify_t, build_notify, notify_payload_t*, } -METHOD(endpoint_notify_t, get_priority, u_int32_t, +METHOD(endpoint_notify_t, get_priority, uint32_t, private_endpoint_notify_t *this) { return this->priority; } METHOD(endpoint_notify_t, set_priority, void, - private_endpoint_notify_t *this, u_int32_t priority) + private_endpoint_notify_t *this, uint32_t priority) { this->priority = priority; } diff --git a/src/libcharon/encoding/payloads/endpoint_notify.h b/src/libcharon/encoding/payloads/endpoint_notify.h index 853aadf3d..f4cf89fd7 100644 --- a/src/libcharon/encoding/payloads/endpoint_notify.h +++ b/src/libcharon/encoding/payloads/endpoint_notify.h @@ -82,14 +82,14 @@ struct endpoint_notify_t { * * @return priority */ - u_int32_t (*get_priority) (endpoint_notify_t *this); + uint32_t (*get_priority) (endpoint_notify_t *this); /** * Sets the priority of this endpoint. * * @param priority priority */ - void (*set_priority) (endpoint_notify_t *this, u_int32_t priority); + void (*set_priority) (endpoint_notify_t *this, uint32_t priority); /** * Returns the endpoint type of this endpoint. diff --git a/src/libcharon/encoding/payloads/fragment_payload.c b/src/libcharon/encoding/payloads/fragment_payload.c index 7f158f548..fecd05f05 100644 --- a/src/libcharon/encoding/payloads/fragment_payload.c +++ b/src/libcharon/encoding/payloads/fragment_payload.c @@ -35,32 +35,32 @@ struct private_fragment_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Reserved byte */ - u_int8_t reserved; + uint8_t reserved; /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * Fragment ID. */ - u_int16_t fragment_id; + uint16_t fragment_id; /** * Fragment number. */ - u_int8_t fragment_number; + uint8_t fragment_number; /** * Flags */ - u_int8_t flags; + uint8_t flags; /** * The contained fragment data. @@ -145,13 +145,13 @@ METHOD(payload_t, get_length, size_t, return this->payload_length; } -METHOD(fragment_payload_t, get_id, u_int16_t, +METHOD(fragment_payload_t, get_id, uint16_t, private_fragment_payload_t *this) { return this->fragment_id; } -METHOD(fragment_payload_t, get_number, u_int8_t, +METHOD(fragment_payload_t, get_number, uint8_t, private_fragment_payload_t *this) { return this->fragment_number; @@ -210,7 +210,7 @@ fragment_payload_t *fragment_payload_create() /* * Described in header */ -fragment_payload_t *fragment_payload_create_from_data(u_int8_t num, bool last, +fragment_payload_t *fragment_payload_create_from_data(uint8_t num, bool last, chunk_t data) { private_fragment_payload_t *this; diff --git a/src/libcharon/encoding/payloads/fragment_payload.h b/src/libcharon/encoding/payloads/fragment_payload.h index a49cf32dd..a756601a0 100644 --- a/src/libcharon/encoding/payloads/fragment_payload.h +++ b/src/libcharon/encoding/payloads/fragment_payload.h @@ -42,14 +42,14 @@ struct fragment_payload_t { * * @return fragment ID */ - u_int16_t (*get_id)(fragment_payload_t *this); + uint16_t (*get_id)(fragment_payload_t *this); /** * Get the fragment number. Defines the order of the fragments. * * @return fragment number */ - u_int8_t (*get_number)(fragment_payload_t *this); + uint8_t (*get_number)(fragment_payload_t *this); /** * Check if this is the last fragment. @@ -88,7 +88,7 @@ fragment_payload_t *fragment_payload_create(); * @param data fragment data (gets cloned) * @return fragment_payload_t object */ -fragment_payload_t *fragment_payload_create_from_data(u_int8_t num, bool last, +fragment_payload_t *fragment_payload_create_from_data(uint8_t num, bool last, chunk_t data); #endif /** FRAGMENT_PAYLOAD_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/hash_payload.c b/src/libcharon/encoding/payloads/hash_payload.c index a12b018e5..eac820742 100644 --- a/src/libcharon/encoding/payloads/hash_payload.c +++ b/src/libcharon/encoding/payloads/hash_payload.c @@ -34,17 +34,17 @@ struct private_hash_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Reserved byte */ - u_int8_t reserved; + uint8_t reserved; /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * The contained hash value. diff --git a/src/libcharon/encoding/payloads/id_payload.c b/src/libcharon/encoding/payloads/id_payload.c index bb8aab748..ae0b19a9d 100644 --- a/src/libcharon/encoding/payloads/id_payload.c +++ b/src/libcharon/encoding/payloads/id_payload.c @@ -38,7 +38,7 @@ struct private_id_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -53,17 +53,17 @@ struct private_id_payload_t { /** * Reserved bytes */ - u_int8_t reserved_byte[3]; + uint8_t reserved_byte[3]; /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * Type of the ID Data. */ - u_int8_t id_type; + uint8_t id_type; /** * The contained id data value. @@ -73,12 +73,12 @@ struct private_id_payload_t { /** * Tunneled protocol ID for IKEv1 quick modes. */ - u_int8_t protocol_id; + uint8_t protocol_id; /** * Tunneled port for IKEv1 quick modes. */ - u_int16_t port; + uint16_t port; /** * one of PLV2_ID_INITIATOR, PLV2_ID_RESPONDER, IDv1 and PLV1_NAT_OA @@ -334,7 +334,7 @@ METHOD(id_payload_t, get_ts, traffic_selector_t*, METHOD(id_payload_t, get_encoded, chunk_t, private_id_payload_t *this) { - u_int16_t port = htons(this->port); + uint16_t port = htons(this->port); return chunk_cat("cccc", chunk_from_thing(this->id_type), chunk_from_thing(this->protocol_id), chunk_from_thing(port), this->id_data); @@ -400,7 +400,7 @@ id_payload_t *id_payload_create_from_identification(payload_type_t type, id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts) { private_id_payload_t *this; - u_int8_t mask; + uint8_t mask; host_t *net; this = (private_id_payload_t*)id_payload_create(PLV1_ID); @@ -419,7 +419,7 @@ id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts) } else if (ts->to_subnet(ts, &net, &mask)) { - u_int8_t netmask[16], len, byte; + uint8_t netmask[16], len, byte; if (ts->get_type(ts) == TS_IPV4_ADDR_RANGE) { diff --git a/src/libcharon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c index c96738a34..61a0424e3 100644 --- a/src/libcharon/encoding/payloads/ike_header.c +++ b/src/libcharon/encoding/payloads/ike_header.c @@ -37,31 +37,31 @@ struct private_ike_header_t { /** * SPI of the initiator. */ - u_int64_t initiator_spi; + uint64_t initiator_spi; /** * SPI of the responder. */ - u_int64_t responder_spi; + uint64_t responder_spi; /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * IKE major version. */ - u_int8_t maj_version; + uint8_t maj_version; /** * IKE minor version. */ - u_int8_t min_version; + uint8_t min_version; /** * Exchange type . */ - u_int8_t exchange_type; + uint8_t exchange_type; /** * Flags of the Message. @@ -106,12 +106,12 @@ struct private_ike_header_t { /** * Associated Message-ID. */ - u_int32_t message_id; + uint32_t message_id; /** * Length of the whole IKEv2-Message (header and all payloads). */ - u_int32_t length; + uint32_t length; }; ENUM_BEGIN(exchange_type_names, ID_PROT, TRANSACTION, @@ -290,50 +290,50 @@ METHOD(payload_t, get_length, size_t, return this->length; } -METHOD(ike_header_t, get_initiator_spi, u_int64_t, +METHOD(ike_header_t, get_initiator_spi, uint64_t, private_ike_header_t *this) { return this->initiator_spi; } METHOD(ike_header_t, set_initiator_spi, void, - private_ike_header_t *this, u_int64_t initiator_spi) + private_ike_header_t *this, uint64_t initiator_spi) { this->initiator_spi = initiator_spi; } -METHOD(ike_header_t, get_responder_spi, u_int64_t, +METHOD(ike_header_t, get_responder_spi, uint64_t, private_ike_header_t *this) { return this->responder_spi; } METHOD(ike_header_t, set_responder_spi, void, - private_ike_header_t *this, u_int64_t responder_spi) + private_ike_header_t *this, uint64_t responder_spi) { this->responder_spi = responder_spi; } -METHOD(ike_header_t, get_maj_version, u_int8_t, +METHOD(ike_header_t, get_maj_version, uint8_t, private_ike_header_t *this) { return this->maj_version; } METHOD(ike_header_t, set_maj_version, void, - private_ike_header_t *this, u_int8_t major) + private_ike_header_t *this, uint8_t major) { this->maj_version = major; } -METHOD(ike_header_t, get_min_version, u_int8_t, +METHOD(ike_header_t, get_min_version, uint8_t, private_ike_header_t *this) { return this->min_version; } METHOD(ike_header_t, set_min_version, void, - private_ike_header_t *this, u_int8_t minor) + private_ike_header_t *this, uint8_t minor) { this->min_version = minor; } @@ -411,26 +411,26 @@ METHOD(ike_header_t, set_authonly_flag, void, this->flags.authonly = authonly; } -METHOD(ike_header_t, get_exchange_type, u_int8_t, +METHOD(ike_header_t, get_exchange_type, uint8_t, private_ike_header_t *this) { return this->exchange_type; } METHOD(ike_header_t, set_exchange_type, void, - private_ike_header_t *this, u_int8_t exchange_type) + private_ike_header_t *this, uint8_t exchange_type) { this->exchange_type = exchange_type; } -METHOD(ike_header_t, get_message_id, u_int32_t, +METHOD(ike_header_t, get_message_id, uint32_t, private_ike_header_t *this) { return this->message_id; } METHOD(ike_header_t, set_message_id, void, - private_ike_header_t *this, u_int32_t message_id) + private_ike_header_t *this, uint32_t message_id) { this->message_id = message_id; } diff --git a/src/libcharon/encoding/payloads/ike_header.h b/src/libcharon/encoding/payloads/ike_header.h index d9a44dd0c..fa89c3939 100644 --- a/src/libcharon/encoding/payloads/ike_header.h +++ b/src/libcharon/encoding/payloads/ike_header.h @@ -153,56 +153,56 @@ struct ike_header_t { * * @return initiator_spi */ - u_int64_t (*get_initiator_spi) (ike_header_t *this); + uint64_t (*get_initiator_spi) (ike_header_t *this); /** * Set the initiator spi. * * @param initiator_spi initiator_spi */ - void (*set_initiator_spi) (ike_header_t *this, u_int64_t initiator_spi); + void (*set_initiator_spi) (ike_header_t *this, uint64_t initiator_spi); /** * Get the responder spi. * * @return responder_spi */ - u_int64_t (*get_responder_spi) (ike_header_t *this); + uint64_t (*get_responder_spi) (ike_header_t *this); /** * Set the responder spi. * * @param responder_spi responder_spi */ - void (*set_responder_spi) (ike_header_t *this, u_int64_t responder_spi); + void (*set_responder_spi) (ike_header_t *this, uint64_t responder_spi); /** * Get the major version. * * @return major version */ - u_int8_t (*get_maj_version) (ike_header_t *this); + uint8_t (*get_maj_version) (ike_header_t *this); /** * Set the major version. * * @param major major version */ - void (*set_maj_version) (ike_header_t *this, u_int8_t major); + void (*set_maj_version) (ike_header_t *this, uint8_t major); /** * Get the minor version. * * @return minor version */ - u_int8_t (*get_min_version) (ike_header_t *this); + uint8_t (*get_min_version) (ike_header_t *this); /** * Set the minor version. * * @param minor minor version */ - void (*set_min_version) (ike_header_t *this, u_int8_t minor); + void (*set_min_version) (ike_header_t *this, uint8_t minor); /** * Get the response flag. @@ -293,28 +293,28 @@ struct ike_header_t { * * @return exchange type */ - u_int8_t (*get_exchange_type) (ike_header_t *this); + uint8_t (*get_exchange_type) (ike_header_t *this); /** * Set the exchange type. * * @param exchange_type exchange type */ - void (*set_exchange_type) (ike_header_t *this, u_int8_t exchange_type); + void (*set_exchange_type) (ike_header_t *this, uint8_t exchange_type); /** * Get the message id. * * @return message id */ - u_int32_t (*get_message_id) (ike_header_t *this); + uint32_t (*get_message_id) (ike_header_t *this); /** * Set the message id. * * @param initiator_spi message id */ - void (*set_message_id) (ike_header_t *this, u_int32_t message_id); + void (*set_message_id) (ike_header_t *this, uint32_t message_id); /** * Destroys a ike_header_t object. diff --git a/src/libcharon/encoding/payloads/ke_payload.c b/src/libcharon/encoding/payloads/ke_payload.c index 50fd73f90..37f3adf88 100644 --- a/src/libcharon/encoding/payloads/ke_payload.c +++ b/src/libcharon/encoding/payloads/ke_payload.c @@ -36,7 +36,7 @@ struct private_ke_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -51,17 +51,17 @@ struct private_ke_payload_t { /** * Reserved bytes */ - u_int8_t reserved_byte[2]; + uint8_t reserved_byte[2]; /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * DH Group Number. */ - u_int16_t dh_group_number; + uint16_t dh_group_number; /** * Key Exchange Data of this KE payload. diff --git a/src/libcharon/encoding/payloads/nonce_payload.c b/src/libcharon/encoding/payloads/nonce_payload.c index b0d1c601a..17a0417dc 100644 --- a/src/libcharon/encoding/payloads/nonce_payload.c +++ b/src/libcharon/encoding/payloads/nonce_payload.c @@ -37,7 +37,7 @@ struct private_nonce_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -52,7 +52,7 @@ struct private_nonce_payload_t { /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * The contained nonce value. diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c index f32a1273f..ca7ef3a45 100644 --- a/src/libcharon/encoding/payloads/notify_payload.c +++ b/src/libcharon/encoding/payloads/notify_payload.c @@ -260,7 +260,7 @@ struct private_notify_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -275,27 +275,27 @@ struct private_notify_payload_t { /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * Domain of interpretation, IKEv1 only. */ - u_int32_t doi; + uint32_t doi; /** * Protocol id. */ - u_int8_t protocol_id; + uint8_t protocol_id; /** * Spi size. */ - u_int8_t spi_size; + uint8_t spi_size; /** * Notify message type. */ - u_int16_t notify_type; + uint16_t notify_type; /** * Security parameter index (spi). @@ -596,14 +596,14 @@ METHOD(payload_t, get_length, size_t, return this->payload_length; } -METHOD(notify_payload_t, get_protocol_id, u_int8_t, +METHOD(notify_payload_t, get_protocol_id, uint8_t, private_notify_payload_t *this) { return this->protocol_id; } METHOD(notify_payload_t, set_protocol_id, void, - private_notify_payload_t *this, u_int8_t protocol_id) + private_notify_payload_t *this, uint8_t protocol_id) { this->protocol_id = protocol_id; } @@ -620,7 +620,7 @@ METHOD(notify_payload_t, set_notify_type, void, this->notify_type = notify_type; } -METHOD(notify_payload_t, get_spi, u_int32_t, +METHOD(notify_payload_t, get_spi, uint32_t, private_notify_payload_t *this) { switch (this->protocol_id) @@ -629,7 +629,7 @@ METHOD(notify_payload_t, get_spi, u_int32_t, case PROTO_ESP: if (this->spi.len == 4) { - return *((u_int32_t*)this->spi.ptr); + return *((uint32_t*)this->spi.ptr); } default: break; @@ -638,7 +638,7 @@ METHOD(notify_payload_t, get_spi, u_int32_t, } METHOD(notify_payload_t, set_spi, void, - private_notify_payload_t *this, u_int32_t spi) + private_notify_payload_t *this, uint32_t spi) { chunk_free(&this->spi); switch (this->protocol_id) @@ -646,7 +646,7 @@ METHOD(notify_payload_t, set_spi, void, case PROTO_AH: case PROTO_ESP: this->spi = chunk_alloc(4); - *((u_int32_t*)this->spi.ptr) = spi; + *((uint32_t*)this->spi.ptr) = spi; break; default: break; diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h index 690757383..04160bbfc 100644 --- a/src/libcharon/encoding/payloads/notify_payload.h +++ b/src/libcharon/encoding/payloads/notify_payload.h @@ -200,14 +200,14 @@ struct notify_payload_t { * * @return protocol id of this payload */ - u_int8_t (*get_protocol_id) (notify_payload_t *this); + uint8_t (*get_protocol_id) (notify_payload_t *this); /** * Sets the protocol id of this payload. * * @param protocol_id protocol id to set */ - void (*set_protocol_id) (notify_payload_t *this, u_int8_t protocol_id); + void (*set_protocol_id) (notify_payload_t *this, uint8_t protocol_id); /** * Gets the notify message type of this payload. @@ -230,7 +230,7 @@ struct notify_payload_t { * * @return SPI value */ - u_int32_t (*get_spi) (notify_payload_t *this); + uint32_t (*get_spi) (notify_payload_t *this); /** * Sets the spi of this payload. @@ -239,7 +239,7 @@ struct notify_payload_t { * * @param spi SPI value */ - void (*set_spi) (notify_payload_t *this, u_int32_t spi); + void (*set_spi) (notify_payload_t *this, uint32_t spi); /** * Returns the currently set spi of this payload. diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c index f7c2754e0..6d1894edb 100644 --- a/src/libcharon/encoding/payloads/payload.c +++ b/src/libcharon/encoding/payloads/payload.c @@ -268,7 +268,7 @@ payload_t *payload_create(payload_type_t type) /** * See header. */ -bool payload_is_known(payload_type_t type, u_int8_t maj_ver) +bool payload_is_known(payload_type_t type, uint8_t maj_ver) { if (type >= PL_HEADER) { diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index 72003894f..8ba1ef9f5 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -413,7 +413,7 @@ payload_t *payload_create(payload_type_t type); * @param maj_ver major IKE version (use 0 to skip version check) * @return FALSE if payload type handled as unknown payload */ -bool payload_is_known(payload_type_t type, u_int8_t maj_ver); +bool payload_is_known(payload_type_t type, uint8_t maj_ver); /** * Get the value field in a payload using encoding rules. diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c index 65ce667c7..1a435a823 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.c +++ b/src/libcharon/encoding/payloads/proposal_substructure.c @@ -45,37 +45,37 @@ struct private_proposal_substructure_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * reserved byte */ - u_int8_t reserved; + uint8_t reserved; /** * Length of this payload. */ - u_int16_t proposal_length; + uint16_t proposal_length; /** * Proposal number. */ - u_int8_t proposal_number; + uint8_t proposal_number; /** * Protocol ID. */ - u_int8_t protocol_id; + uint8_t protocol_id; /** * SPI size of the following SPI. */ - u_int8_t spi_size; + uint8_t spi_size; /** * Number of transforms. */ - u_int8_t transforms_count; + uint8_t transforms_count; /** * SPI is stored as chunk. @@ -479,24 +479,24 @@ METHOD(proposal_substructure_t, set_is_last_proposal, void, } METHOD(proposal_substructure_t, set_proposal_number, void, - private_proposal_substructure_t *this,u_int8_t proposal_number) + private_proposal_substructure_t *this,uint8_t proposal_number) { this->proposal_number = proposal_number; } -METHOD(proposal_substructure_t, get_proposal_number, u_int8_t, +METHOD(proposal_substructure_t, get_proposal_number, uint8_t, private_proposal_substructure_t *this) { return this->proposal_number; } METHOD(proposal_substructure_t, set_protocol_id, void, - private_proposal_substructure_t *this,u_int8_t protocol_id) + private_proposal_substructure_t *this,uint8_t protocol_id) { this->protocol_id = protocol_id; } -METHOD(proposal_substructure_t, get_protocol_id, u_int8_t, +METHOD(proposal_substructure_t, get_protocol_id, uint8_t, private_proposal_substructure_t *this) { return this->protocol_id; @@ -518,7 +518,7 @@ METHOD(proposal_substructure_t, get_spi, chunk_t, } METHOD(proposal_substructure_t, get_cpi, bool, - private_proposal_substructure_t *this, u_int16_t *cpi) + private_proposal_substructure_t *this, uint16_t *cpi) { transform_substructure_t *transform; @@ -554,7 +554,7 @@ static void add_to_proposal_v2(proposal_t *proposal, { transform_attribute_t *tattr; enumerator_t *enumerator; - u_int16_t key_length = 0; + uint16_t key_length = 0; enumerator = transform->create_attribute_enumerator(transform); while (enumerator->enumerate(enumerator, &tattr)) @@ -576,8 +576,8 @@ static void add_to_proposal_v2(proposal_t *proposal, * Map IKEv1 to IKEv2 algorithms */ typedef struct { - u_int16_t ikev1; - u_int16_t ikev2; + uint16_t ikev1; + uint16_t ikev2; } algo_map_t; /** @@ -681,8 +681,8 @@ static algo_map_t map_auth[] = { /** * Map an IKEv1 to an IKEv2 identifier */ -static u_int16_t ikev2_from_ikev1(algo_map_t *map, int count, u_int16_t def, - u_int16_t value) +static uint16_t ikev2_from_ikev1(algo_map_t *map, int count, uint16_t def, + uint16_t value) { int i; @@ -699,7 +699,7 @@ static u_int16_t ikev2_from_ikev1(algo_map_t *map, int count, u_int16_t def, /** * Map an IKEv2 to an IKEv1 identifier */ -static u_int16_t ikev1_from_ikev2(algo_map_t *map, int count, u_int16_t value) +static uint16_t ikev1_from_ikev2(algo_map_t *map, int count, uint16_t value) { int i; @@ -716,7 +716,7 @@ static u_int16_t ikev1_from_ikev2(algo_map_t *map, int count, u_int16_t value) /** * Get IKEv2 algorithm from IKEv1 identifier */ -static u_int16_t get_alg_from_ikev1(transform_type_t type, u_int16_t value) +static uint16_t get_alg_from_ikev1(transform_type_t type, uint16_t value) { switch (type) { @@ -737,7 +737,7 @@ static u_int16_t get_alg_from_ikev1(transform_type_t type, u_int16_t value) /** * Get IKEv1 algorithm from IKEv2 identifier */ -static u_int16_t get_ikev1_from_alg(transform_type_t type, u_int16_t value) +static uint16_t get_ikev1_from_alg(transform_type_t type, uint16_t value) { switch (type) { @@ -755,8 +755,8 @@ static u_int16_t get_ikev1_from_alg(transform_type_t type, u_int16_t value) /** * Get IKEv2 algorithm from IKEv1 ESP/AH transform ID */ -static u_int16_t get_alg_from_ikev1_transid(transform_type_t type, - u_int16_t value) +static uint16_t get_alg_from_ikev1_transid(transform_type_t type, + uint16_t value) { switch (type) { @@ -774,8 +774,8 @@ static u_int16_t get_alg_from_ikev1_transid(transform_type_t type, /** * Get IKEv1 ESP/AH transform ID from IKEv2 identifier */ -static u_int16_t get_ikev1_transid_from_alg(transform_type_t type, - u_int16_t value) +static uint16_t get_ikev1_transid_from_alg(transform_type_t type, + uint16_t value) { switch (type) { @@ -791,7 +791,7 @@ static u_int16_t get_ikev1_transid_from_alg(transform_type_t type, /** * Get IKEv1 authentication algorithm from IKEv2 identifier */ -static u_int16_t get_alg_from_ikev1_auth(u_int16_t value) +static uint16_t get_alg_from_ikev1_auth(uint16_t value) { return ikev2_from_ikev1(map_auth, countof(map_auth), AUTH_UNDEFINED, value); } @@ -799,7 +799,7 @@ static u_int16_t get_alg_from_ikev1_auth(u_int16_t value) /** * Get IKEv1 authentication algorithm from IKEv2 identifier */ -static u_int16_t get_ikev1_auth_from_alg(u_int16_t value) +static uint16_t get_ikev1_auth_from_alg(uint16_t value) { return ikev1_from_ikev2(map_auth, countof(map_auth), value); } @@ -807,7 +807,7 @@ static u_int16_t get_ikev1_auth_from_alg(u_int16_t value) /** * Get IKEv1 authentication attribute from auth_method_t */ -static u_int16_t get_ikev1_auth(auth_method_t method) +static uint16_t get_ikev1_auth(auth_method_t method) { switch (method) { @@ -842,7 +842,7 @@ static u_int16_t get_ikev1_auth(auth_method_t method) /** * Get IKEv1 encapsulation mode */ -static u_int16_t get_ikev1_mode(ipsec_mode_t mode, encap_t udp) +static uint16_t get_ikev1_mode(ipsec_mode_t mode, encap_t udp) { switch (mode) { @@ -880,8 +880,8 @@ static void add_to_proposal_v1_ike(proposal_t *proposal, transform_attribute_type_t type; transform_attribute_t *tattr; enumerator_t *enumerator; - u_int16_t value, key_length = 0; - u_int16_t encr = ENCR_UNDEFINED; + uint16_t value, key_length = 0; + uint16_t encr = ENCR_UNDEFINED; enumerator = transform->create_attribute_enumerator(transform); while (enumerator->enumerate(enumerator, &tattr)) @@ -932,7 +932,8 @@ static void add_to_proposal_v1(proposal_t *proposal, transform_attribute_type_t type; transform_attribute_t *tattr; enumerator_t *enumerator; - u_int16_t encr, value, key_length = 0; + uint16_t encr, value, key_length = 0; + extended_sequence_numbers_t esn = NO_EXT_SEQ_NUMBERS; enumerator = transform->create_attribute_enumerator(transform); while (enumerator->enumerate(enumerator, &tattr)) @@ -952,15 +953,16 @@ static void add_to_proposal_v1(proposal_t *proposal, proposal->add_algorithm(proposal, DIFFIE_HELLMAN_GROUP, value, 0); break; + case TATTR_PH2_EXT_SEQ_NUMBER: + esn = EXT_SEQ_NUMBERS; + break; default: break; } } enumerator->destroy(enumerator); - /* TODO-IKEv1: handle ESN attribute */ - proposal->add_algorithm(proposal, EXTENDED_SEQUENCE_NUMBERS, - NO_EXT_SEQ_NUMBERS, 0); + proposal->add_algorithm(proposal, EXTENDED_SEQUENCE_NUMBERS, esn, 0); if (proto == PROTO_ESP) { encr = get_alg_from_ikev1_transid(ENCRYPTION_ALGORITHM, @@ -985,15 +987,15 @@ METHOD(proposal_substructure_t, get_proposals, void, transform_substructure_t *transform; enumerator_t *enumerator; proposal_t *proposal = NULL; - u_int64_t spi = 0; + uint64_t spi = 0; switch (this->spi.len) { case 4: - spi = *((u_int32_t*)this->spi.ptr); + spi = *((uint32_t*)this->spi.ptr); break; case 8: - spi = *((u_int64_t*)this->spi.ptr); + spi = *((uint64_t*)this->spi.ptr); break; default: break; @@ -1042,7 +1044,7 @@ METHOD(proposal_substructure_t, create_substructure_enumerator, enumerator_t*, /** * Get an attribute from any transform, 0 if not found */ -static u_int64_t get_attr(private_proposal_substructure_t *this, +static uint64_t get_attr(private_proposal_substructure_t *this, transform_attribute_type_t type) { enumerator_t *transforms, *attributes; @@ -1071,7 +1073,7 @@ static u_int64_t get_attr(private_proposal_substructure_t *this, /** * Look up a lifetime duration of a given kind in all transforms */ -static u_int64_t get_life_duration(private_proposal_substructure_t *this, +static uint64_t get_life_duration(private_proposal_substructure_t *this, transform_attribute_type_t type_attr, ikev1_life_type_t type, transform_attribute_type_t dur_attr) { @@ -1105,10 +1107,10 @@ static u_int64_t get_life_duration(private_proposal_substructure_t *this, return 0; } -METHOD(proposal_substructure_t, get_lifetime, u_int32_t, +METHOD(proposal_substructure_t, get_lifetime, uint32_t, private_proposal_substructure_t *this) { - u_int32_t duration; + uint32_t duration; switch (this->protocol_id) { @@ -1129,7 +1131,7 @@ METHOD(proposal_substructure_t, get_lifetime, u_int32_t, } } -METHOD(proposal_substructure_t, get_lifebytes, u_int64_t, +METHOD(proposal_substructure_t, get_lifebytes, uint64_t, private_proposal_substructure_t *this) { switch (this->protocol_id) @@ -1259,11 +1261,11 @@ proposal_substructure_t *proposal_substructure_create(payload_type_t type) * Add an IKEv1 IKE proposal to the substructure */ static void set_from_proposal_v1_ike(private_proposal_substructure_t *this, - proposal_t *proposal, u_int32_t lifetime, + proposal_t *proposal, uint32_t lifetime, auth_method_t method, int number) { transform_substructure_t *transform; - u_int16_t alg, key_size; + uint16_t alg, key_size; enumerator_t *enumerator; transform = transform_substructure_create_type(PLV1_TRANSFORM_SUBSTRUCTURE, @@ -1330,11 +1332,11 @@ static void set_from_proposal_v1_ike(private_proposal_substructure_t *this, * Add an IKEv1 ESP/AH proposal to the substructure */ static void set_from_proposal_v1(private_proposal_substructure_t *this, - proposal_t *proposal, u_int32_t lifetime, u_int64_t lifebytes, + proposal_t *proposal, uint32_t lifetime, uint64_t lifebytes, ipsec_mode_t mode, encap_t udp, int number) { transform_substructure_t *transform = NULL; - u_int16_t alg, transid, key_size; + uint16_t alg, transid, key_size; enumerator_t *enumerator; enumerator = proposal->create_enumerator(proposal, ENCRYPTION_ALGORITHM); @@ -1410,6 +1412,18 @@ static void set_from_proposal_v1(private_proposal_substructure_t *this, TATTR_PH2_SA_LIFE_DURATION, lifebytes / 1000)); } + enumerator = proposal->create_enumerator(proposal, + EXTENDED_SEQUENCE_NUMBERS); + while (enumerator->enumerate(enumerator, &alg, NULL)) + { + if (alg == EXT_SEQ_NUMBERS) + { + transform->add_transform_attribute(transform, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, + TATTR_PH2_EXT_SEQ_NUMBER, alg)); + } + } + enumerator->destroy(enumerator); add_transform_substructure(this, transform); } @@ -1420,7 +1434,7 @@ static void set_from_proposal_v2(private_proposal_substructure_t *this, proposal_t *proposal) { transform_substructure_t *transform; - u_int16_t alg, key_size; + uint16_t alg, key_size; enumerator_t *enumerator; /* encryption algorithm is only available in ESP */ @@ -1485,8 +1499,8 @@ static void set_from_proposal_v2(private_proposal_substructure_t *this, */ static void set_data(private_proposal_substructure_t *this, proposal_t *proposal) { - u_int64_t spi64; - u_int32_t spi32; + uint64_t spi64; + uint32_t spi32; /* add SPI, if necessary */ switch (proposal->get_protocol(proposal)) @@ -1533,7 +1547,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v2( * See header. */ proposal_substructure_t *proposal_substructure_create_from_proposal_v1( - proposal_t *proposal, u_int32_t lifetime, u_int64_t lifebytes, + proposal_t *proposal, uint32_t lifetime, uint64_t lifebytes, auth_method_t auth, ipsec_mode_t mode, encap_t udp) { private_proposal_substructure_t *this; @@ -1562,7 +1576,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v1( * See header. */ proposal_substructure_t *proposal_substructure_create_from_proposals_v1( - linked_list_t *proposals, u_int32_t lifetime, u_int64_t lifebytes, + linked_list_t *proposals, uint32_t lifetime, uint64_t lifebytes, auth_method_t auth, ipsec_mode_t mode, encap_t udp) { private_proposal_substructure_t *this = NULL; @@ -1607,8 +1621,8 @@ proposal_substructure_t *proposal_substructure_create_from_proposals_v1( * See header. */ proposal_substructure_t *proposal_substructure_create_for_ipcomp_v1( - u_int32_t lifetime, u_int64_t lifebytes, u_int16_t cpi, - ipsec_mode_t mode, encap_t udp, u_int8_t proposal_number) + uint32_t lifetime, uint64_t lifebytes, uint16_t cpi, + ipsec_mode_t mode, encap_t udp, uint8_t proposal_number) { private_proposal_substructure_t *this; transform_substructure_t *transform; diff --git a/src/libcharon/encoding/payloads/proposal_substructure.h b/src/libcharon/encoding/payloads/proposal_substructure.h index c4614b88f..796c10890 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.h +++ b/src/libcharon/encoding/payloads/proposal_substructure.h @@ -59,13 +59,13 @@ struct proposal_substructure_t { * @param id proposal number to set */ void (*set_proposal_number) (proposal_substructure_t *this, - u_int8_t proposal_number); + uint8_t proposal_number); /** * get proposal number of current proposal. * * @return proposal number of current proposal substructure. */ - u_int8_t (*get_proposal_number) (proposal_substructure_t *this); + uint8_t (*get_proposal_number) (proposal_substructure_t *this); /** * Sets the protocol id of current proposal. @@ -73,14 +73,14 @@ struct proposal_substructure_t { * @param id protocol id to set */ void (*set_protocol_id) (proposal_substructure_t *this, - u_int8_t protocol_id); + uint8_t protocol_id); /** * get protocol id of current proposal. * * @return protocol id of current proposal substructure. */ - u_int8_t (*get_protocol_id) (proposal_substructure_t *this); + uint8_t (*get_protocol_id) (proposal_substructure_t *this); /** * Sets the next_payload field of this substructure @@ -114,7 +114,7 @@ struct proposal_substructure_t { * @param cpi the CPI if a supported algorithm is proposed * @return TRUE if a supported algorithm is proposed */ - bool (*get_cpi) (proposal_substructure_t *this, u_int16_t *cpi); + bool (*get_cpi) (proposal_substructure_t *this, uint16_t *cpi); /** * Get proposals contained in a propsal_substructure_t. @@ -135,14 +135,14 @@ struct proposal_substructure_t { * * @return lifetime, in seconds */ - u_int32_t (*get_lifetime)(proposal_substructure_t *this); + uint32_t (*get_lifetime)(proposal_substructure_t *this); /** * Get the (shortest) life duration of a proposal (IKEv1 only). * * @return life duration, in bytes */ - u_int64_t (*get_lifebytes)(proposal_substructure_t *this); + uint64_t (*get_lifebytes)(proposal_substructure_t *this); /** * Get the first authentication method from the proposal (IKEv1 only). @@ -193,7 +193,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v2( * @return proposal_substructure_t object PLV1_PROPOSAL_SUBSTRUCTURE */ proposal_substructure_t *proposal_substructure_create_from_proposal_v1( - proposal_t *proposal, u_int32_t lifetime, u_int64_t lifebytes, + proposal_t *proposal, uint32_t lifetime, uint64_t lifebytes, auth_method_t auth, ipsec_mode_t mode, encap_t udp); /** @@ -208,7 +208,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v1( * @return IKEv1 proposal_substructure_t PLV1_PROPOSAL_SUBSTRUCTURE */ proposal_substructure_t *proposal_substructure_create_from_proposals_v1( - linked_list_t *proposals, u_int32_t lifetime, u_int64_t lifebytes, + linked_list_t *proposals, uint32_t lifetime, uint64_t lifebytes, auth_method_t auth, ipsec_mode_t mode, encap_t udp); /** @@ -224,7 +224,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposals_v1( * @return IKEv1 proposal_substructure_t PLV1_PROPOSAL_SUBSTRUCTURE */ proposal_substructure_t *proposal_substructure_create_for_ipcomp_v1( - u_int32_t lifetime, u_int64_t lifebytes, u_int16_t cpi, - ipsec_mode_t mode, encap_t udp, u_int8_t proposal_number); + uint32_t lifetime, uint64_t lifebytes, uint16_t cpi, + ipsec_mode_t mode, encap_t udp, uint8_t proposal_number); #endif /** PROPOSAL_SUBSTRUCTURE_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/sa_payload.c b/src/libcharon/encoding/payloads/sa_payload.c index 407038a2d..9c0b071da 100644 --- a/src/libcharon/encoding/payloads/sa_payload.c +++ b/src/libcharon/encoding/payloads/sa_payload.c @@ -41,7 +41,7 @@ struct private_sa_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -56,7 +56,7 @@ struct private_sa_payload_t { /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * Proposals in this payload are stored in a linked_list_t. @@ -71,12 +71,12 @@ struct private_sa_payload_t { /** * IKEv1 DOI */ - u_int32_t doi; + uint32_t doi; /** * IKEv1 situation */ - u_int32_t situation; + uint32_t situation; }; /** @@ -342,7 +342,7 @@ METHOD(sa_payload_t, get_proposals, linked_list_t*, } METHOD(sa_payload_t, get_ipcomp_proposals, linked_list_t*, - private_sa_payload_t *this, u_int16_t *cpi) + private_sa_payload_t *this, uint16_t *cpi) { int current_proposal = -1, unsupported_proposal = -1; enumerator_t *enumerator; @@ -353,8 +353,8 @@ METHOD(sa_payload_t, get_ipcomp_proposals, linked_list_t*, enumerator = this->proposals->create_enumerator(this->proposals); while (enumerator->enumerate(enumerator, &substruct)) { - u_int8_t proposal_number = substruct->get_proposal_number(substruct); - u_int8_t protocol_id = substruct->get_protocol_id(substruct); + uint8_t proposal_number = substruct->get_proposal_number(substruct); + uint8_t protocol_id = substruct->get_protocol_id(substruct); if (proposal_number == unsupported_proposal) { @@ -403,12 +403,12 @@ METHOD(sa_payload_t, create_substructure_enumerator, enumerator_t*, return this->proposals->create_enumerator(this->proposals); } -METHOD(sa_payload_t, get_lifetime, u_int32_t, +METHOD(sa_payload_t, get_lifetime, uint32_t, private_sa_payload_t *this) { proposal_substructure_t *substruct; enumerator_t *enumerator; - u_int32_t lifetime = 0; + uint32_t lifetime = 0; enumerator = this->proposals->create_enumerator(this->proposals); if (enumerator->enumerate(enumerator, &substruct)) @@ -420,12 +420,12 @@ METHOD(sa_payload_t, get_lifetime, u_int32_t, return lifetime; } -METHOD(sa_payload_t, get_lifebytes, u_int64_t, +METHOD(sa_payload_t, get_lifebytes, uint64_t, private_sa_payload_t *this) { proposal_substructure_t *substruct; enumerator_t *enumerator; - u_int64_t lifebytes = 0; + uint64_t lifebytes = 0; enumerator = this->proposals->create_enumerator(this->proposals); if (enumerator->enumerate(enumerator, &substruct)) @@ -558,9 +558,9 @@ sa_payload_t *sa_payload_create_from_proposal_v2(proposal_t *proposal) * Described in header. */ sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals, - u_int32_t lifetime, u_int64_t lifebytes, + uint32_t lifetime, uint64_t lifebytes, auth_method_t auth, ipsec_mode_t mode, - encap_t udp, u_int16_t cpi) + encap_t udp, uint16_t cpi) { proposal_substructure_t *substruct; private_sa_payload_t *this; @@ -580,7 +580,7 @@ sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals, substruct->set_is_last_proposal(substruct, FALSE); if (cpi) { - u_int8_t proposal_number = substruct->get_proposal_number(substruct); + uint8_t proposal_number = substruct->get_proposal_number(substruct); substruct = proposal_substructure_create_for_ipcomp_v1(lifetime, lifebytes, cpi, mode, udp, proposal_number); @@ -602,9 +602,9 @@ sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals, * Described in header. */ sa_payload_t *sa_payload_create_from_proposal_v1(proposal_t *proposal, - u_int32_t lifetime, u_int64_t lifebytes, + uint32_t lifetime, uint64_t lifebytes, auth_method_t auth, ipsec_mode_t mode, - encap_t udp, u_int16_t cpi) + encap_t udp, uint16_t cpi) { private_sa_payload_t *this; linked_list_t *proposals; diff --git a/src/libcharon/encoding/payloads/sa_payload.h b/src/libcharon/encoding/payloads/sa_payload.h index 0ddf3619c..f01c45130 100644 --- a/src/libcharon/encoding/payloads/sa_payload.h +++ b/src/libcharon/encoding/payloads/sa_payload.h @@ -57,21 +57,21 @@ struct sa_payload_t { * @param cpi the CPI of the first IPComp (sub)proposal * @return a list containing proposal_ts */ - linked_list_t *(*get_ipcomp_proposals) (sa_payload_t *this, u_int16_t *cpi); + linked_list_t *(*get_ipcomp_proposals) (sa_payload_t *this, uint16_t *cpi); /** * Get the (shortest) lifetime of a proposal (IKEv1 only). * * @return lifetime, in seconds */ - u_int32_t (*get_lifetime)(sa_payload_t *this); + uint32_t (*get_lifetime)(sa_payload_t *this); /** * Get the (shortest) life duration of a proposal (IKEv1 only). * * @return life duration, in bytes */ - u_int64_t (*get_lifebytes)(sa_payload_t *this); + uint64_t (*get_lifebytes)(sa_payload_t *this); /** * Get the first authentication method from the proposal (IKEv1 only). @@ -138,9 +138,9 @@ sa_payload_t *sa_payload_create_from_proposal_v2(proposal_t *proposal); * @return sa_payload_t object */ sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals, - u_int32_t lifetime, u_int64_t lifebytes, + uint32_t lifetime, uint64_t lifebytes, auth_method_t auth, ipsec_mode_t mode, encap_t udp, - u_int16_t cpi); + uint16_t cpi); /** * Creates an IKEv1 sa_payload_t object from a single proposal. @@ -155,8 +155,8 @@ sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals, * @return sa_payload_t object */ sa_payload_t *sa_payload_create_from_proposal_v1(proposal_t *proposal, - u_int32_t lifetime, u_int64_t lifebytes, + uint32_t lifetime, uint64_t lifebytes, auth_method_t auth, ipsec_mode_t mode, encap_t udp, - u_int16_t cpi); + uint16_t cpi); #endif /** SA_PAYLOAD_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.c b/src/libcharon/encoding/payloads/traffic_selector_substructure.c index 83618ff5d..f69fee3ae 100644 --- a/src/libcharon/encoding/payloads/traffic_selector_substructure.c +++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.c @@ -35,27 +35,27 @@ struct private_traffic_selector_substructure_t { /** * Type of traffic selector. */ - u_int8_t ts_type; + uint8_t ts_type; /** * IP Protocol ID. */ - u_int8_t ip_protocol_id; + uint8_t ip_protocol_id; /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * Start port number. */ - u_int16_t start_port; + uint16_t start_port; /** * End port number. */ - u_int16_t end_port; + uint16_t end_port; /** * Starting address. diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.h b/src/libcharon/encoding/payloads/traffic_selector_substructure.h index d3fbe8476..c7a54435b 100644 --- a/src/libcharon/encoding/payloads/traffic_selector_substructure.h +++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.h @@ -62,7 +62,7 @@ struct traffic_selector_substructure_t { * @return type of traffic selector * */ - u_int8_t (*get_protocol_id) (traffic_selector_substructure_t *this); + uint8_t (*get_protocol_id) (traffic_selector_substructure_t *this); /** * Set the IP protocol ID of Traffic selector @@ -70,7 +70,7 @@ struct traffic_selector_substructure_t { * @param protocol_id protocol ID of traffic selector */ void (*set_protocol_id) (traffic_selector_substructure_t *this, - u_int8_t protocol_id); + uint8_t protocol_id); /** * Get the start port and address as host_t object. diff --git a/src/libcharon/encoding/payloads/transform_attribute.c b/src/libcharon/encoding/payloads/transform_attribute.c index 4a5b52dcf..860607faf 100644 --- a/src/libcharon/encoding/payloads/transform_attribute.c +++ b/src/libcharon/encoding/payloads/transform_attribute.c @@ -85,12 +85,12 @@ struct private_transform_attribute_t { /** * Type of the attribute. */ - u_int16_t attribute_type; + uint16_t attribute_type; /** * Attribute Length if attribute_format is 0, attribute Value otherwise. */ - u_int16_t attribute_length_or_value; + uint16_t attribute_length_or_value; /** * Attribute value as chunk if attribute_format is 0 (FALSE). @@ -185,10 +185,10 @@ METHOD(transform_attribute_t, get_value_chunk, chunk_t, return this->attribute_value; } -METHOD(transform_attribute_t, get_value, u_int64_t, +METHOD(transform_attribute_t, get_value, uint64_t, private_transform_attribute_t *this) { - u_int64_t value = 0; + uint64_t value = 0; if (this->attribute_format) { @@ -203,7 +203,7 @@ METHOD(transform_attribute_t, get_value, u_int64_t, return untoh64((char*)&value); } -METHOD(transform_attribute_t, get_attribute_type, u_int16_t, +METHOD(transform_attribute_t, get_attribute_type, uint16_t, private_transform_attribute_t *this) { return this->attribute_type; @@ -250,7 +250,7 @@ transform_attribute_t *transform_attribute_create(payload_type_t type) * Described in header. */ transform_attribute_t *transform_attribute_create_value(payload_type_t type, - transform_attribute_type_t kind, u_int64_t value) + transform_attribute_type_t kind, uint64_t value) { private_transform_attribute_t *this; @@ -265,7 +265,7 @@ transform_attribute_t *transform_attribute_create_value(payload_type_t type, } else if (value <= UINT32_MAX) { - u_int32_t val32; + uint32_t val32; val32 = htonl(value); this->attribute_value = chunk_clone(chunk_from_thing(val32)); diff --git a/src/libcharon/encoding/payloads/transform_attribute.h b/src/libcharon/encoding/payloads/transform_attribute.h index 87e283b18..2e86a409c 100644 --- a/src/libcharon/encoding/payloads/transform_attribute.h +++ b/src/libcharon/encoding/payloads/transform_attribute.h @@ -109,14 +109,14 @@ struct transform_attribute_t { * * @return value */ - u_int64_t (*get_value) (transform_attribute_t *this); + uint64_t (*get_value) (transform_attribute_t *this); /** * get the type of the attribute. * * @return type of the value */ - u_int16_t (*get_attribute_type) (transform_attribute_t *this); + uint16_t (*get_attribute_type) (transform_attribute_t *this); /** * Destroys an transform_attribute_t object. @@ -141,6 +141,6 @@ transform_attribute_t *transform_attribute_create(payload_type_t type); * @return transform_attribute_t object */ transform_attribute_t *transform_attribute_create_value(payload_type_t type, - transform_attribute_type_t kind, u_int64_t value); + transform_attribute_type_t kind, uint64_t value); #endif /** TRANSFORM_ATTRIBUTE_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/transform_substructure.c b/src/libcharon/encoding/payloads/transform_substructure.c index 6885d6181..11e4b462d 100644 --- a/src/libcharon/encoding/payloads/transform_substructure.c +++ b/src/libcharon/encoding/payloads/transform_substructure.c @@ -40,32 +40,32 @@ struct private_transform_substructure_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Reserved byte */ - u_int8_t reserved[3]; + uint8_t reserved[3]; /** * Length of this payload. */ - u_int16_t transform_length; + uint16_t transform_length; /** * Type or number, Type of the transform in IKEv2, number in IKEv2. */ - u_int8_t transform_ton; + uint8_t transform_ton; /** * Transform ID, as encoded in IKEv1. */ - u_int8_t transform_id_v1; + uint8_t transform_id_v1; /** * Transform ID, as encoded in IKEv2. */ - u_int16_t transform_id_v2; + uint16_t transform_id_v2; /** * Transforms Attributes are stored in a linked_list_t. @@ -235,13 +235,13 @@ METHOD(payload_t, set_next_type, void, { } -METHOD(transform_substructure_t, get_transform_type_or_number, u_int8_t, +METHOD(transform_substructure_t, get_transform_type_or_number, uint8_t, private_transform_substructure_t *this) { return this->transform_ton; } -METHOD(transform_substructure_t, get_transform_id, u_int16_t, +METHOD(transform_substructure_t, get_transform_id, uint16_t, private_transform_substructure_t *this) { if (this->type == PLV2_TRANSFORM_SUBSTRUCTURE) @@ -303,7 +303,7 @@ transform_substructure_t *transform_substructure_create(payload_type_t type) * Described in header */ transform_substructure_t *transform_substructure_create_type(payload_type_t type, - u_int8_t type_or_number, u_int16_t id) + uint8_t type_or_number, uint16_t id) { private_transform_substructure_t *this; diff --git a/src/libcharon/encoding/payloads/transform_substructure.h b/src/libcharon/encoding/payloads/transform_substructure.h index ba821d3bd..e75dc27bb 100644 --- a/src/libcharon/encoding/payloads/transform_substructure.h +++ b/src/libcharon/encoding/payloads/transform_substructure.h @@ -72,14 +72,14 @@ struct transform_substructure_t { * * @return Transform type of current transform substructure. */ - u_int8_t (*get_transform_type_or_number) (transform_substructure_t *this); + uint8_t (*get_transform_type_or_number) (transform_substructure_t *this); /** * Get transform id of the current transform. * * @return Transform id of current transform substructure. */ - u_int16_t (*get_transform_id) (transform_substructure_t *this); + uint16_t (*get_transform_id) (transform_substructure_t *this); /** * Create an enumerator over transform attributes. @@ -111,6 +111,6 @@ transform_substructure_t *transform_substructure_create(payload_type_t type); * @return transform_substructure_t object */ transform_substructure_t *transform_substructure_create_type(payload_type_t type, - u_int8_t type_or_number, u_int16_t id); + uint8_t type_or_number, uint16_t id); #endif /** TRANSFORM_SUBSTRUCTURE_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/ts_payload.c b/src/libcharon/encoding/payloads/ts_payload.c index e74b9ae1b..0b2d4de57 100644 --- a/src/libcharon/encoding/payloads/ts_payload.c +++ b/src/libcharon/encoding/payloads/ts_payload.c @@ -42,7 +42,7 @@ struct private_ts_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -62,12 +62,12 @@ struct private_ts_payload_t { /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * Number of traffic selectors */ - u_int8_t ts_num; + uint8_t ts_num; /** * Contains the traffic selectors of type traffic_selector_substructure_t. diff --git a/src/libcharon/encoding/payloads/unknown_payload.c b/src/libcharon/encoding/payloads/unknown_payload.c index c69254fc0..adbf2c8f2 100644 --- a/src/libcharon/encoding/payloads/unknown_payload.c +++ b/src/libcharon/encoding/payloads/unknown_payload.c @@ -39,7 +39,7 @@ struct private_unknown_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -54,7 +54,7 @@ struct private_unknown_payload_t { /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * The contained data. diff --git a/src/libcharon/encoding/payloads/vendor_id_payload.c b/src/libcharon/encoding/payloads/vendor_id_payload.c index 400e0640d..7db9a69d3 100644 --- a/src/libcharon/encoding/payloads/vendor_id_payload.c +++ b/src/libcharon/encoding/payloads/vendor_id_payload.c @@ -34,7 +34,7 @@ struct private_vendor_id_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -49,7 +49,7 @@ struct private_vendor_id_payload_t { /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * The contained data. diff --git a/src/libcharon/kernel/kernel_handler.c b/src/libcharon/kernel/kernel_handler.c index be37d30e5..71121908b 100644 --- a/src/libcharon/kernel/kernel_handler.c +++ b/src/libcharon/kernel/kernel_handler.c @@ -39,7 +39,7 @@ struct private_kernel_handler_t { /** * convert an IP protocol identifier to the IKEv2 specific protocol identifier. */ -static inline protocol_id_t proto_ip2ike(u_int8_t protocol) +static inline protocol_id_t proto_ip2ike(uint8_t protocol) { switch (protocol) { @@ -53,7 +53,7 @@ static inline protocol_id_t proto_ip2ike(u_int8_t protocol) } METHOD(kernel_listener_t, acquire, bool, - private_kernel_handler_t *this, u_int32_t reqid, + private_kernel_handler_t *this, uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts) { if (src_ts && dst_ts) @@ -71,7 +71,7 @@ METHOD(kernel_listener_t, acquire, bool, } METHOD(kernel_listener_t, expire, bool, - private_kernel_handler_t *this, u_int8_t protocol, u_int32_t spi, + private_kernel_handler_t *this, uint8_t protocol, uint32_t spi, host_t *dst, bool hard) { protocol_id_t proto = proto_ip2ike(protocol); @@ -93,7 +93,7 @@ METHOD(kernel_listener_t, expire, bool, } METHOD(kernel_listener_t, mapping, bool, - private_kernel_handler_t *this, u_int8_t protocol, u_int32_t spi, + private_kernel_handler_t *this, uint8_t protocol, uint32_t spi, host_t *dst, host_t *remote) { protocol_id_t proto = proto_ip2ike(protocol); @@ -108,7 +108,7 @@ METHOD(kernel_listener_t, mapping, bool, } METHOD(kernel_listener_t, migrate, bool, - private_kernel_handler_t *this, u_int32_t reqid, + private_kernel_handler_t *this, uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, host_t *local, host_t *remote) { diff --git a/src/libcharon/kernel/kernel_interface.c b/src/libcharon/kernel/kernel_interface.c index 40c4ee589..7b39a020c 100644 --- a/src/libcharon/kernel/kernel_interface.c +++ b/src/libcharon/kernel/kernel_interface.c @@ -1,6 +1,7 @@ /* - * Copyright (C) 2008-2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2008-2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -62,12 +63,12 @@ struct kernel_algorithm_t { /** * Identifier specified in IKE */ - u_int16_t ike; + uint16_t ike; /** * Identifier as defined in pfkeyv2.h */ - u_int16_t kernel; + uint16_t kernel; /** * Name of the algorithm in linux crypto API @@ -166,7 +167,7 @@ METHOD(kernel_interface_t, get_features, kernel_feature_t, METHOD(kernel_interface_t, get_spi, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi) + uint8_t protocol, uint32_t *spi) { if (!this->ipsec) { @@ -177,7 +178,7 @@ METHOD(kernel_interface_t, get_spi, status_t, METHOD(kernel_interface_t, get_cpi, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, - u_int16_t *cpi) + uint16_t *cpi) { if (!this->ipsec) { @@ -191,7 +192,7 @@ METHOD(kernel_interface_t, get_cpi, status_t, */ typedef struct { /** allocated reqid */ - u_int32_t reqid; + uint32_t reqid; /** references to this entry */ u_int refs; /** inbound mark used for SA */ @@ -327,9 +328,9 @@ static array_t *array_from_ts_list(linked_list_t *list) METHOD(kernel_interface_t, alloc_reqid, status_t, private_kernel_interface_t *this, linked_list_t *local_ts, linked_list_t *remote_ts, - mark_t mark_in, mark_t mark_out, u_int32_t *reqid) + mark_t mark_in, mark_t mark_out, uint32_t *reqid) { - static u_int32_t counter = 0; + static uint32_t counter = 0; reqid_entry_t *entry = NULL, *tmpl; status_t status = SUCCESS; @@ -379,7 +380,7 @@ METHOD(kernel_interface_t, alloc_reqid, status_t, } METHOD(kernel_interface_t, release_reqid, status_t, - private_kernel_interface_t *this, u_int32_t reqid, + private_kernel_interface_t *this, uint32_t reqid, mark_t mark_in, mark_t mark_out) { reqid_entry_t *entry, tmpl = { @@ -415,59 +416,48 @@ METHOD(kernel_interface_t, release_reqid, status_t, } METHOD(kernel_interface_t, add_sa, status_t, - private_kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, - u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, - u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, - bool initiator, bool encap, bool esn, bool inbound, bool update, - linked_list_t *src_ts, linked_list_t *dst_ts) + private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid, - mark, tfc, lifetime, enc_alg, enc_key, int_alg, int_key, mode, - ipcomp, cpi, replay_window, initiator, encap, esn, inbound, - update, src_ts, dst_ts); + return this->ipsec->add_sa(this->ipsec, id, data); } METHOD(kernel_interface_t, update_sa, status_t, - private_kernel_interface_t *this, u_int32_t spi, u_int8_t protocol, - u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, - bool encap, bool new_encap, mark_t mark) + private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->update_sa(this->ipsec, spi, protocol, cpi, src, dst, - new_src, new_dst, encap, new_encap, mark); + return this->ipsec->update_sa(this->ipsec, id, data); } METHOD(kernel_interface_t, query_sa, status_t, - private_kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes, u_int64_t *packets, time_t *time) + private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets, + time_t *time) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, mark, - bytes, packets, time); + return this->ipsec->query_sa(this->ipsec, id, data, bytes, packets, time); } METHOD(kernel_interface_t, del_sa, status_t, - private_kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, - u_int8_t protocol, u_int16_t cpi, mark_t mark) + private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->del_sa(this->ipsec, src, dst, spi, protocol, cpi, mark); + return this->ipsec->del_sa(this->ipsec, id, data); } METHOD(kernel_interface_t, flush_sas, status_t, @@ -481,44 +471,36 @@ METHOD(kernel_interface_t, flush_sas, status_t, } METHOD(kernel_interface_t, add_policy, status_t, - private_kernel_interface_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_kernel_interface_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->add_policy(this->ipsec, src, dst, src_ts, dst_ts, - direction, type, sa, mark, priority); + return this->ipsec->add_policy(this->ipsec, id, data); } METHOD(kernel_interface_t, query_policy, status_t, - private_kernel_interface_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - time_t *use_time) + private_kernel_interface_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, time_t *use_time) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->query_policy(this->ipsec, src_ts, dst_ts, - direction, mark, use_time); + return this->ipsec->query_policy(this->ipsec, id, data, use_time); } METHOD(kernel_interface_t, del_policy, status_t, - private_kernel_interface_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_kernel_interface_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->del_policy(this->ipsec, src, dst, src_ts, dst_ts, - direction, type, sa, mark, priority); + return this->ipsec->del_policy(this->ipsec, id, data); } METHOD(kernel_interface_t, flush_policies, status_t, @@ -542,13 +524,14 @@ METHOD(kernel_interface_t, get_source_addr, host_t*, } METHOD(kernel_interface_t, get_nexthop, host_t*, - private_kernel_interface_t *this, host_t *dest, int prefix, host_t *src) + private_kernel_interface_t *this, host_t *dest, int prefix, host_t *src, + char **iface) { if (!this->net) { return NULL; } - return this->net->get_nexthop(this->net, dest, prefix, src); + return this->net->get_nexthop(this->net, dest, prefix, src, iface); } METHOD(kernel_interface_t, get_interface, bool, @@ -594,7 +577,7 @@ METHOD(kernel_interface_t, del_ip, status_t, METHOD(kernel_interface_t, add_route, status_t, private_kernel_interface_t *this, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) + uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) { if (!this->net) { @@ -606,7 +589,7 @@ METHOD(kernel_interface_t, add_route, status_t, METHOD(kernel_interface_t, del_route, status_t, private_kernel_interface_t *this, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) + uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) { if (!this->net) { @@ -627,7 +610,7 @@ METHOD(kernel_interface_t, bypass_socket, bool, } METHOD(kernel_interface_t, enable_udp_decap, bool, - private_kernel_interface_t *this, int fd, int family, u_int16_t port) + private_kernel_interface_t *this, int fd, int family, uint16_t port) { if (!this->ipsec) { @@ -683,6 +666,10 @@ METHOD(kernel_interface_t, get_address_by_ts, status_t, if (ts->includes(ts, host)) { *ip = host_create_any(family); + if (vip) + { + *vip = FALSE; + } host->destroy(host); DBG2(DBG_KNL, "using host %H", *ip); return SUCCESS; @@ -803,7 +790,7 @@ METHOD(kernel_interface_t, remove_listener, void, } METHOD(kernel_interface_t, acquire, void, - private_kernel_interface_t *this, u_int32_t reqid, + private_kernel_interface_t *this, uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts) { kernel_listener_t *listener; @@ -823,7 +810,7 @@ METHOD(kernel_interface_t, acquire, void, } METHOD(kernel_interface_t, expire, void, - private_kernel_interface_t *this, u_int8_t protocol, u_int32_t spi, + private_kernel_interface_t *this, uint8_t protocol, uint32_t spi, host_t *dst, bool hard) { kernel_listener_t *listener; @@ -844,7 +831,7 @@ METHOD(kernel_interface_t, expire, void, } METHOD(kernel_interface_t, mapping, void, - private_kernel_interface_t *this, u_int8_t protocol, u_int32_t spi, + private_kernel_interface_t *this, uint8_t protocol, uint32_t spi, host_t *dst, host_t *remote) { kernel_listener_t *listener; @@ -865,7 +852,7 @@ METHOD(kernel_interface_t, mapping, void, } METHOD(kernel_interface_t, migrate, void, - private_kernel_interface_t *this, u_int32_t reqid, + private_kernel_interface_t *this, uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, host_t *local, host_t *remote) { @@ -919,8 +906,8 @@ METHOD(kernel_interface_t, tun, void, } METHOD(kernel_interface_t, register_algorithm, void, - private_kernel_interface_t *this, u_int16_t alg_id, transform_type_t type, - u_int16_t kernel_id, char *kernel_name) + private_kernel_interface_t *this, uint16_t alg_id, transform_type_t type, + uint16_t kernel_id, char *kernel_name) { kernel_algorithm_t *algorithm; @@ -937,8 +924,8 @@ METHOD(kernel_interface_t, register_algorithm, void, } METHOD(kernel_interface_t, lookup_algorithm, bool, - private_kernel_interface_t *this, u_int16_t alg_id, transform_type_t type, - u_int16_t *kernel_id, char **kernel_name) + private_kernel_interface_t *this, uint16_t alg_id, transform_type_t type, + uint16_t *kernel_id, char **kernel_name) { kernel_algorithm_t *algorithm; enumerator_t *enumerator; diff --git a/src/libcharon/kernel/kernel_interface.h b/src/libcharon/kernel/kernel_interface.h index 6793c6cc6..225b40932 100644 --- a/src/libcharon/kernel/kernel_interface.h +++ b/src/libcharon/kernel/kernel_interface.h @@ -1,9 +1,9 @@ /* - * Copyright (C) 2006-2015 Tobias Brunner + * Copyright (C) 2006-2016 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -108,7 +108,7 @@ struct kernel_interface_t { * @return SUCCESS if operation completed */ status_t (*get_spi)(kernel_interface_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi); + uint8_t protocol, uint32_t *spi); /** * Get a Compression Parameter Index (CPI) from the kernel. @@ -119,7 +119,7 @@ struct kernel_interface_t { * @return SUCCESS if operation completed */ status_t (*get_cpi)(kernel_interface_t *this, host_t *src, host_t *dst, - u_int16_t *cpi); + uint16_t *cpi); /** * Allocate or confirm a reqid to use for a given SA pair. @@ -141,7 +141,7 @@ struct kernel_interface_t { status_t (*alloc_reqid)(kernel_interface_t *this, linked_list_t *local_ts, linked_list_t *remote_ts, mark_t mark_in, mark_t mark_out, - u_int32_t *reqid); + uint32_t *reqid); /** * Release a previously allocated reqid. @@ -151,7 +151,7 @@ struct kernel_interface_t { * @param mark_out outbound mark on SA * @return SUCCESS if reqid released */ - status_t (*release_reqid)(kernel_interface_t *this, u_int32_t reqid, + status_t (*release_reqid)(kernel_interface_t *this, uint32_t reqid, mark_t mark_in, mark_t mark_out); /** @@ -160,41 +160,12 @@ struct kernel_interface_t { * This function does install a single SA for a single protocol in one * direction. * - * @param src source address for this SA - * @param dst destination address for this SA - * @param spi SPI allocated by us or remote peer - * @param protocol protocol for this SA (ESP/AH) - * @param reqid reqid for this SA - * @param mark optional mark for this SA - * @param tfc Traffic Flow Confidentiality padding for this SA - * @param lifetime lifetime_cfg_t for this SA - * @param enc_alg Algorithm to use for encryption (ESP only) - * @param enc_key key to use for encryption - * @param int_alg Algorithm to use for integrity protection - * @param int_key key to use for integrity protection - * @param mode mode of the SA (tunnel, transport) - * @param ipcomp IPComp transform to use - * @param cpi CPI for IPComp - * @param replay_window anti-replay window size - * @param initiator TRUE if initiator of the exchange creating this SA - * @param encap enable UDP encapsulation for NAT traversal - * @param esn TRUE to use Extended Sequence Numbers - * @param inbound TRUE if this is an inbound SA - * @param update TRUE if an SPI has already been allocated for SA - * @param src_ts list of source traffic selectors - * @param dst_ts list of destination traffic selectors + * @param id data identifying this SA + * @param data data for this SA * @return SUCCESS if operation completed */ - status_t (*add_sa) (kernel_interface_t *this, - host_t *src, host_t *dst, u_int32_t spi, - u_int8_t protocol, u_int32_t reqid, mark_t mark, - u_int32_t tfc, lifetime_cfg_t *lifetime, - u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, - ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - u_int32_t replay_window, bool initiator, bool encap, - bool esn, bool inbound, bool update, - linked_list_t *src_ts, linked_list_t *dst_ts); + status_t (*add_sa)(kernel_interface_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data); /** * Update the hosts on an installed SA. @@ -204,85 +175,55 @@ struct kernel_interface_t { * to identify SAs. Therefore if the destination address changed we * create a new SA and delete the old one. * - * @param spi SPI of the SA - * @param protocol protocol for this SA (ESP/AH) - * @param cpi CPI for IPComp, 0 if no IPComp is used - * @param src current source address - * @param dst current destination address - * @param new_src new source address - * @param new_dst new destination address - * @param encap current use of UDP encapsulation - * @param new_encap new use of UDP encapsulation - * @param mark optional mark for this SA + * @param id data identifying this SA + * @param data updated data for this SA * @return SUCCESS if operation completed, NOT_SUPPORTED if - * the kernel interface can't update the SA + * the kernel interface can't update the SA */ - status_t (*update_sa)(kernel_interface_t *this, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, - host_t *src, host_t *dst, - host_t *new_src, host_t *new_dst, - bool encap, bool new_encap, mark_t mark); + status_t (*update_sa)(kernel_interface_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data); /** * Query the number of bytes processed by an SA from the SAD. * - * @param src source address for this SA - * @param dst destination address for this SA - * @param spi SPI allocated by us or remote peer - * @param protocol protocol for this SA (ESP/AH) - * @param mark optional mark for this SA + * @param id data identifying this SA + * @param data data to query the SA * @param[out] bytes the number of bytes processed by SA * @param[out] packets number of packets processed by SA * @param[out] time last (monotonic) time of SA use * @return SUCCESS if operation completed */ - status_t (*query_sa) (kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes, u_int64_t *packets, time_t *time); + status_t (*query_sa)(kernel_interface_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, + uint64_t *packets, time_t *time); /** * Delete a previously installed SA from the SAD. * - * @param src source address for this SA - * @param dst destination address for this SA - * @param spi SPI allocated by us or remote peer - * @param protocol protocol for this SA (ESP/AH) - * @param cpi CPI for IPComp or 0 - * @param mark optional mark for this SA + * @param id data identifying this SA + * @param data data to delete the SA * @return SUCCESS if operation completed */ - status_t (*del_sa) (kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, - mark_t mark); + status_t (*del_sa)(kernel_interface_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data); /** * Flush all SAs from the SAD. * * @return SUCCESS if operation completed */ - status_t (*flush_sas) (kernel_interface_t *this); + status_t (*flush_sas)(kernel_interface_t *this); /** * Add a policy to the SPD. * - * @param src source address of SA - * @param dst dest address of SA - * @param src_ts traffic selector to match traffic source - * @param dst_ts traffic selector to match traffic dest - * @param direction direction of traffic, POLICY_(IN|OUT|FWD) - * @param type type of policy, POLICY_(IPSEC|PASS|DROP) - * @param sa details about the SA(s) tied to this policy - * @param mark mark for this policy - * @param priority priority of this policy + * @param id data identifying this policy + * @param data data for this policy * @return SUCCESS if operation completed */ - status_t (*add_policy) (kernel_interface_t *this, - host_t *src, host_t *dst, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, - ipsec_sa_cfg_t *sa, mark_t mark, - policy_priority_t priority); + status_t (*add_policy)(kernel_interface_t *this, + kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data); /** * Query the use time of a policy. @@ -290,47 +231,33 @@ struct kernel_interface_t { * The use time of a policy is the time the policy was used * for the last time. * - * @param src_ts traffic selector to match traffic source - * @param dst_ts traffic selector to match traffic dest - * @param direction direction of traffic, POLICY_(IN|OUT|FWD) - * @param mark optional mark - * @param[out] use_time the (monotonic) time of this SA's last use + * @param id data identifying this policy + * @param data data to query the policy + * @param[out] use_time the monotonic timestamp of this SA's last use * @return SUCCESS if operation completed */ - status_t (*query_policy) (kernel_interface_t *this, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t direction, mark_t mark, - time_t *use_time); + status_t (*query_policy)(kernel_interface_t *this, + kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, + time_t *use_time); /** * Remove a policy from the SPD. * - * @param src source address of SA - * @param dst dest address of SA - * @param src_ts traffic selector to match traffic source - * @param dst_ts traffic selector to match traffic dest - * @param direction direction of traffic, POLICY_(IN|OUT|FWD) - * @param type type of policy, POLICY_(IPSEC|PASS|DROP) - * @param sa details about the SA(s) tied to this policy - * @param mark mark for this policy - * @param priority priority of the policy + * @param id data identifying this policy + * @param data data for this policy * @return SUCCESS if operation completed */ - status_t (*del_policy) (kernel_interface_t *this, - host_t *src, host_t *dst, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, - ipsec_sa_cfg_t *sa, mark_t mark, - policy_priority_t priority); + status_t (*del_policy)(kernel_interface_t *this, + kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data); /** * Flush all policies from the SPD. * * @return SUCCESS if operation completed */ - status_t (*flush_policies) (kernel_interface_t *this); + status_t (*flush_policies)(kernel_interface_t *this); /** * Get our outgoing source address for a destination. @@ -358,10 +285,12 @@ struct kernel_interface_t { * @param dest target destination address * @param prefix prefix length if dest is a subnet, -1 for auto * @param src source address to check, or NULL + * @param[out] iface allocated name of the interface to reach dest, if + * available (optional) * @return next hop address, NULL if unreachable */ host_t* (*get_nexthop)(kernel_interface_t *this, host_t *dest, - int prefix, host_t *src); + int prefix, host_t *src, char **iface); /** * Get the interface name of a local address. Interfaces that are down or @@ -426,7 +355,7 @@ struct kernel_interface_t { * ALREADY_DONE if the route already exists */ status_t (*add_route) (kernel_interface_t *this, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, host_t *src_ip, + uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name); /** @@ -440,7 +369,7 @@ struct kernel_interface_t { * @return SUCCESS if operation completed */ status_t (*del_route) (kernel_interface_t *this, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, host_t *src_ip, + uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name); /** @@ -461,7 +390,7 @@ struct kernel_interface_t { * @return TRUE if UDP decapsulation was enabled successfully */ bool (*enable_udp_decap)(kernel_interface_t *this, int fd, int family, - u_int16_t port); + uint16_t port); /** @@ -561,7 +490,7 @@ struct kernel_interface_t { * @param src_ts source traffic selector * @param dst_ts destination traffic selector */ - void (*acquire)(kernel_interface_t *this, u_int32_t reqid, + void (*acquire)(kernel_interface_t *this, uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts); /** @@ -572,7 +501,7 @@ struct kernel_interface_t { * @param dst destination address of expired SA * @param hard TRUE if it is a hard expire, FALSE otherwise */ - void (*expire)(kernel_interface_t *this, u_int8_t protocol, u_int32_t spi, + void (*expire)(kernel_interface_t *this, uint8_t protocol, uint32_t spi, host_t *dst, bool hard); /** @@ -583,7 +512,7 @@ struct kernel_interface_t { * @param dst original destination address of SA * @param remote new remote host */ - void (*mapping)(kernel_interface_t *this, u_int8_t protocol, u_int32_t spi, + void (*mapping)(kernel_interface_t *this, uint8_t protocol, uint32_t spi, host_t *dst, host_t *remote); /** @@ -596,7 +525,7 @@ struct kernel_interface_t { * @param local local host address to be used in the IKE_SA * @param remote remote host address to be used in the IKE_SA */ - void (*migrate)(kernel_interface_t *this, u_int32_t reqid, + void (*migrate)(kernel_interface_t *this, uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, host_t *local, host_t *remote); @@ -623,8 +552,8 @@ struct kernel_interface_t { * @param kernel_id the kernel id of the algorithm * @param kernel_name the kernel name of the algorithm */ - void (*register_algorithm)(kernel_interface_t *this, u_int16_t alg_id, - transform_type_t type, u_int16_t kernel_id, + void (*register_algorithm)(kernel_interface_t *this, uint16_t alg_id, + transform_type_t type, uint16_t kernel_id, char *kernel_name); /** @@ -637,8 +566,8 @@ struct kernel_interface_t { * @param kernel_name the kernel name of the algorithm (optional) * @return TRUE if algorithm was found */ - bool (*lookup_algorithm)(kernel_interface_t *this, u_int16_t alg_id, - transform_type_t type, u_int16_t *kernel_id, + bool (*lookup_algorithm)(kernel_interface_t *this, uint16_t alg_id, + transform_type_t type, uint16_t *kernel_id, char **kernel_name); /** diff --git a/src/libcharon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h index 31e06308e..0ad566068 100644 --- a/src/libcharon/kernel/kernel_ipsec.h +++ b/src/libcharon/kernel/kernel_ipsec.h @@ -1,9 +1,10 @@ /* - * Copyright (C) 2006-2015 Tobias Brunner + * Copyright (C) 2016 Andreas Steffen + * Copyright (C) 2006-2016 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -25,6 +26,14 @@ #define KERNEL_IPSEC_H_ typedef struct kernel_ipsec_t kernel_ipsec_t; +typedef struct kernel_ipsec_sa_id_t kernel_ipsec_sa_id_t; +typedef struct kernel_ipsec_add_sa_t kernel_ipsec_add_sa_t; +typedef struct kernel_ipsec_update_sa_t kernel_ipsec_update_sa_t; +typedef struct kernel_ipsec_query_sa_t kernel_ipsec_query_sa_t; +typedef struct kernel_ipsec_del_sa_t kernel_ipsec_del_sa_t; +typedef struct kernel_ipsec_policy_id_t kernel_ipsec_policy_id_t; +typedef struct kernel_ipsec_manage_policy_t kernel_ipsec_manage_policy_t; +typedef struct kernel_ipsec_query_policy_t kernel_ipsec_query_policy_t; #include #include @@ -32,6 +41,137 @@ typedef struct kernel_ipsec_t kernel_ipsec_t; #include #include +/** + * Data required to identify an SA in the kernel + */ +struct kernel_ipsec_sa_id_t { + /** Source address */ + host_t *src; + /** Destination address */ + host_t *dst; + /** SPI */ + uint32_t spi; + /** Protocol (ESP/AH) */ + uint8_t proto; + /** Optional mark */ + mark_t mark; +}; + +/** + * Data required to add an SA to the kernel + */ +struct kernel_ipsec_add_sa_t { + /** Reqid */ + uint32_t reqid; + /** Mode (tunnel, transport...) */ + ipsec_mode_t mode; + /** List of source traffic selectors */ + linked_list_t *src_ts; + /** List of destination traffic selectors */ + linked_list_t *dst_ts; + /** Network interface restricting policy */ + char *interface; + /** Lifetime configuration */ + lifetime_cfg_t *lifetime; + /** Encryption algorithm */ + uint16_t enc_alg; + /** Encryption key */ + chunk_t enc_key; + /** Integrity protection algorithm */ + uint16_t int_alg; + /** Integrity protection key */ + chunk_t int_key; + /** Anti-replay window size */ + uint32_t replay_window; + /** Traffic Flow Confidentiality padding */ + uint32_t tfc; + /** IPComp transform */ + uint16_t ipcomp; + /** CPI for IPComp */ + uint16_t cpi; + /** TRUE to enable UDP encapsulation for NAT traversal */ + bool encap; + /** TRUE to use Extended Sequence Numbers */ + bool esn; + /** TRUE if initiator of the exchange creating the SA */ + bool initiator; + /** TRUE if this is an inbound SA */ + bool inbound; + /** TRUE if an SPI has already been allocated for this SA */ + bool update; +}; + +/** + * Data required to update the hosts of an SA in the kernel + */ +struct kernel_ipsec_update_sa_t { + /** CPI in case IPComp is used */ + uint16_t cpi; + /** New source address */ + host_t *new_src; + /** New destination address */ + host_t *new_dst; + /** TRUE if UDP encapsulation is currently enabled */ + bool encap; + /** TRUE to enable UDP encapsulation */ + bool new_encap; +}; + +/** + * Data required to query an SA in the kernel + */ +struct kernel_ipsec_query_sa_t { + uint16_t cpi; +}; + +/** + * Data required to delete an SA in the kernel + */ +struct kernel_ipsec_del_sa_t { + /** CPI in case IPComp is used */ + uint16_t cpi; +}; + +/** + * Data identifying a policy in the kernel + */ +struct kernel_ipsec_policy_id_t { + /** Direction of traffic */ + policy_dir_t dir; + /** Source traffic selector */ + traffic_selector_t *src_ts; + /** Destination traffic selector */ + traffic_selector_t *dst_ts; + /** Optional mark */ + mark_t mark; + /** Network interface restricting policy */ + char *interface; +}; + +/** + * Data required to add/delete a policy to/from the kernel + */ +struct kernel_ipsec_manage_policy_t { + /** Type of policy */ + policy_type_t type; + /** Priority class */ + policy_priority_t prio; + /** Manually-set priority (automatic if set to 0) */ + uint32_t manual_prio; + /** Source address of the SA(s) tied to this policy */ + host_t *src; + /** Destination address of the SA(s) tied to this policy */ + host_t *dst; + /** Details about the SA(s) tied to this policy */ + ipsec_sa_cfg_t *sa; +}; + +/** + * Data required to query a policy in the kernel + */ +struct kernel_ipsec_query_policy_t { +}; + /** * Interface to the ipsec subsystem of the kernel. * @@ -62,7 +202,7 @@ struct kernel_ipsec_t { * @return SUCCESS if operation completed */ status_t (*get_spi)(kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi); + uint8_t protocol, uint32_t *spi); /** * Get a Compression Parameter Index (CPI) from the kernel. @@ -73,7 +213,7 @@ struct kernel_ipsec_t { * @return SUCCESS if operation completed */ status_t (*get_cpi)(kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int16_t *cpi); + uint16_t *cpi); /** * Add an SA to the SAD. @@ -81,41 +221,12 @@ struct kernel_ipsec_t { * This function does install a single SA for a single protocol in one * direction. * - * @param src source address for this SA - * @param dst destination address for this SA - * @param spi SPI allocated by us or remote peer - * @param protocol protocol for this SA (ESP/AH) - * @param reqid unique ID for this SA - * @param mark mark for this SA - * @param tfc Traffic Flow Confidentiality padding for this SA - * @param lifetime lifetime_cfg_t for this SA - * @param enc_alg Algorithm to use for encryption (ESP only) - * @param enc_key key to use for encryption - * @param int_alg Algorithm to use for integrity protection - * @param int_key key to use for integrity protection - * @param mode mode of the SA (tunnel, transport) - * @param ipcomp IPComp transform to use - * @param cpi CPI for IPComp - * @param replay_window anti-replay window size - * @param initiator TRUE if initiator of the exchange creating this SA - * @param encap enable UDP encapsulation for NAT traversal - * @param esn TRUE to use Extended Sequence Numbers - * @param inbound TRUE if this is an inbound SA - * @param update TRUE if an SPI has already been allocated for SA - * @param src_ts list of source traffic selectors - * @param dst_ts list of destination traffic selectors + * @param id data identifying this SA + * @param data data for this SA * @return SUCCESS if operation completed */ - status_t (*add_sa) (kernel_ipsec_t *this, - host_t *src, host_t *dst, u_int32_t spi, - u_int8_t protocol, u_int32_t reqid, - mark_t mark, u_int32_t tfc, lifetime_cfg_t *lifetime, - u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, - ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - u_int32_t replay_window, bool initiator, bool encap, - bool esn, bool inbound, bool update, - linked_list_t *src_ts, linked_list_t *dst_ts); + status_t (*add_sa)(kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data); /** * Update the hosts on an installed SA. @@ -125,85 +236,55 @@ struct kernel_ipsec_t { * to identify SAs. Therefore if the destination address changed we * create a new SA and delete the old one. * - * @param spi SPI of the SA - * @param protocol protocol for this SA (ESP/AH) - * @param cpi CPI for IPComp, 0 if no IPComp is used - * @param src current source address - * @param dst current destination address - * @param new_src new source address - * @param new_dst new destination address - * @param encap current use of UDP encapsulation - * @param new_encap new use of UDP encapsulation - * @param mark optional mark for this SA + * @param id data identifying this SA + * @param data updated data for this SA * @return SUCCESS if operation completed, NOT_SUPPORTED if - * the kernel interface can't update the SA + * the kernel interface can't update the SA */ - status_t (*update_sa)(kernel_ipsec_t *this, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, - host_t *src, host_t *dst, - host_t *new_src, host_t *new_dst, - bool encap, bool new_encap, mark_t mark); + status_t (*update_sa)(kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data); /** * Query the number of bytes processed by an SA from the SAD. * - * @param src source address for this SA - * @param dst destination address for this SA - * @param spi SPI allocated by us or remote peer - * @param protocol protocol for this SA (ESP/AH) - * @param mark optional mark for this SA + * @param id data identifying this SA + * @param data data to query the SA * @param[out] bytes the number of bytes processed by SA * @param[out] packets number of packets processed by SA * @param[out] time last (monotonic) time of SA use * @return SUCCESS if operation completed */ - status_t (*query_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes, u_int64_t *packets, time_t *time); + status_t (*query_sa)(kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, + uint64_t *packets, time_t *time); /** - * Delete a previusly installed SA from the SAD. + * Delete a previously installed SA from the SAD. * - * @param src source address for this SA - * @param dst destination address for this SA - * @param spi SPI allocated by us or remote peer - * @param protocol protocol for this SA (ESP/AH) - * @param cpi CPI for IPComp or 0 - * @param mark optional mark for this SA + * @param id data identifying this SA + * @param data data to delete the SA * @return SUCCESS if operation completed */ - status_t (*del_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, - mark_t mark); + status_t (*del_sa)(kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data); /** * Flush all SAs from the SAD. * * @return SUCCESS if operation completed */ - status_t (*flush_sas) (kernel_ipsec_t *this); + status_t (*flush_sas)(kernel_ipsec_t *this); /** * Add a policy to the SPD. * - * @param src source address of SA - * @param dst dest address of SA - * @param src_ts traffic selector to match traffic source - * @param dst_ts traffic selector to match traffic dest - * @param direction direction of traffic, POLICY_(IN|OUT|FWD) - * @param type type of policy, POLICY_(IPSEC|PASS|DROP) - * @param sa details about the SA(s) tied to this policy - * @param mark mark for this policy - * @param priority priority of this policy + * @param id data identifying this policy + * @param data data for this policy * @return SUCCESS if operation completed */ - status_t (*add_policy) (kernel_ipsec_t *this, - host_t *src, host_t *dst, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, - ipsec_sa_cfg_t *sa, mark_t mark, - policy_priority_t priority); + status_t (*add_policy)(kernel_ipsec_t *this, + kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data); /** * Query the use time of a policy. @@ -212,47 +293,33 @@ struct kernel_ipsec_t { * time. It is not the system time, but a monotonic timestamp as returned * by time_monotonic. * - * @param src_ts traffic selector to match traffic source - * @param dst_ts traffic selector to match traffic dest - * @param direction direction of traffic, POLICY_(IN|OUT|FWD) - * @param mark optional mark + * @param id data identifying this policy + * @param data data to query the policy * @param[out] use_time the monotonic timestamp of this SA's last use * @return SUCCESS if operation completed */ - status_t (*query_policy) (kernel_ipsec_t *this, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t direction, mark_t mark, - time_t *use_time); + status_t (*query_policy)(kernel_ipsec_t *this, + kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, + time_t *use_time); /** * Remove a policy from the SPD. * - * @param src source address of SA - * @param dst dest address of SA - * @param src_ts traffic selector to match traffic source - * @param dst_ts traffic selector to match traffic dest - * @param direction direction of traffic, POLICY_(IN|OUT|FWD) - * @param type type of policy, POLICY_(IPSEC|PASS|DROP) - * @param sa details about the SA(s) tied to this policy - * @param mark mark for this policy - * @param priority priority of the policy + * @param id data identifying this policy + * @param data data for this policy * @return SUCCESS if operation completed */ - status_t (*del_policy) (kernel_ipsec_t *this, - host_t *src, host_t *dst, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, - ipsec_sa_cfg_t *sa, mark_t mark, - policy_priority_t priority); + status_t (*del_policy)(kernel_ipsec_t *this, + kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data); /** * Flush all policies from the SPD. * * @return SUCCESS if operation completed */ - status_t (*flush_policies) (kernel_ipsec_t *this); + status_t (*flush_policies)(kernel_ipsec_t *this); /** * Install a bypass policy for the given socket. @@ -272,12 +339,12 @@ struct kernel_ipsec_t { * @return TRUE if UDP decapsulation was enabled successfully */ bool (*enable_udp_decap)(kernel_ipsec_t *this, int fd, int family, - u_int16_t port); + uint16_t port); /** * Destroy the implementation. */ - void (*destroy) (kernel_ipsec_t *this); + void (*destroy)(kernel_ipsec_t *this); }; /** diff --git a/src/libcharon/kernel/kernel_listener.h b/src/libcharon/kernel/kernel_listener.h index 6426fae2a..aaeb4f5b7 100644 --- a/src/libcharon/kernel/kernel_listener.h +++ b/src/libcharon/kernel/kernel_listener.h @@ -43,7 +43,7 @@ struct kernel_listener_t { * @param dst_ts destination traffic selector * @return TRUE to remain registered, FALSE to unregister */ - bool (*acquire)(kernel_listener_t *this, u_int32_t reqid, + bool (*acquire)(kernel_listener_t *this, uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts); /** @@ -55,7 +55,7 @@ struct kernel_listener_t { * @param hard TRUE if it is a hard expire, FALSE otherwise * @return TRUE to remain registered, FALSE to unregister */ - bool (*expire)(kernel_listener_t *this, u_int8_t protocol, u_int32_t spi, + bool (*expire)(kernel_listener_t *this, uint8_t protocol, uint32_t spi, host_t *dst, bool hard); /** @@ -67,7 +67,7 @@ struct kernel_listener_t { * @param remote new remote host * @return TRUE to remain registered, FALSE to unregister */ - bool (*mapping)(kernel_listener_t *this, u_int8_t protocol, u_int32_t spi, + bool (*mapping)(kernel_listener_t *this, uint8_t protocol, uint32_t spi, host_t *dst, host_t *remote); /** @@ -81,7 +81,7 @@ struct kernel_listener_t { * @param remote remote host address to be used in the IKE_SA * @return TRUE to remain registered, FALSE to unregister */ - bool (*migrate)(kernel_listener_t *this, u_int32_t reqid, + bool (*migrate)(kernel_listener_t *this, uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, host_t *local, host_t *remote); diff --git a/src/libcharon/kernel/kernel_net.h b/src/libcharon/kernel/kernel_net.h index 7fc644a7e..1d78d6edd 100644 --- a/src/libcharon/kernel/kernel_net.h +++ b/src/libcharon/kernel/kernel_net.h @@ -1,7 +1,7 @@ /* - * Copyright (C) 2008-2012 Tobias Brunner + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -88,10 +88,12 @@ struct kernel_net_t { * @param dest target destination address * @param prefix prefix length if dest is a subnet, -1 for auto * @param src source address to check, or NULL + * @param[out] iface allocated name of the interface to reach dest, if + * available (optional) * @return next hop address, NULL if unreachable */ host_t* (*get_nexthop)(kernel_net_t *this, host_t *dest, int prefix, - host_t *src); + host_t *src, char **iface); /** * Get the interface name of a local address. Interfaces that are down or @@ -156,7 +158,7 @@ struct kernel_net_t { * ALREADY_DONE if the route already exists */ status_t (*add_route) (kernel_net_t *this, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, host_t *src_ip, + uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name); /** @@ -170,7 +172,7 @@ struct kernel_net_t { * @return SUCCESS if operation completed */ status_t (*del_route) (kernel_net_t *this, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, host_t *src_ip, + uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name); /** diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c index ee357ca4d..1bf93ad40 100644 --- a/src/libcharon/network/receiver.c +++ b/src/libcharon/network/receiver.c @@ -81,17 +81,17 @@ struct private_receiver_t { /** * how many times we have used "secret" so far */ - u_int32_t secret_used; + uint32_t secret_used; /** * time we did the cookie switch */ - u_int32_t secret_switch; + uint32_t secret_switch; /** * time offset to use, hides our system time */ - u_int32_t secret_offset; + uint32_t secret_offset; /** * the RNG to use for secret generation @@ -106,7 +106,7 @@ struct private_receiver_t { /** * require cookies after this many half open IKE_SAs */ - u_int32_t cookie_threshold; + uint32_t cookie_threshold; /** * timestamp of last cookie requested @@ -116,7 +116,7 @@ struct private_receiver_t { /** * how many half open IKE_SAs per peer before blocking */ - u_int32_t block_threshold; + uint32_t block_threshold; /** * Drop IKE_SA_INIT requests if processor job load exceeds this limit @@ -192,9 +192,9 @@ static void send_notify(message_t *request, int major, exchange_type_t exchange, * build a cookie */ static bool cookie_build(private_receiver_t *this, message_t *message, - u_int32_t t, chunk_t secret, chunk_t *cookie) + uint32_t t, chunk_t secret, chunk_t *cookie) { - u_int64_t spi = message->get_initiator_spi(message); + uint64_t spi = message->get_initiator_spi(message); host_t *ip = message->get_source(message); chunk_t input, hash; @@ -216,14 +216,14 @@ static bool cookie_build(private_receiver_t *this, message_t *message, static bool cookie_verify(private_receiver_t *this, message_t *message, chunk_t cookie) { - u_int32_t t, now; + uint32_t t, now; chunk_t reference; chunk_t secret; now = time_monotonic(NULL); - t = *(u_int32_t*)cookie.ptr; + t = *(uint32_t*)cookie.ptr; - if (cookie.len != sizeof(u_int32_t) + + if (cookie.len != sizeof(uint32_t) + this->hasher->get_hash_size(this->hasher) || t < now - this->secret_offset - COOKIE_LIFETIME) { @@ -269,15 +269,15 @@ static bool check_cookie(private_receiver_t *this, message_t *message) data = message->get_packet_data(message); if (data.len < IKE_HEADER_LENGTH + NOTIFY_PAYLOAD_HEADER_LENGTH + - sizeof(u_int32_t) + this->hasher->get_hash_size(this->hasher) || + sizeof(uint32_t) + this->hasher->get_hash_size(this->hasher) || *(data.ptr + 16) != PLV2_NOTIFY || - *(u_int16_t*)(data.ptr + IKE_HEADER_LENGTH + 6) != htons(COOKIE)) + *(uint16_t*)(data.ptr + IKE_HEADER_LENGTH + 6) != htons(COOKIE)) { /* no cookie found */ return FALSE; } data.ptr += IKE_HEADER_LENGTH + NOTIFY_PAYLOAD_HEADER_LENGTH; - data.len = sizeof(u_int32_t) + this->hasher->get_hash_size(this->hasher); + data.len = sizeof(uint32_t) + this->hasher->get_hash_size(this->hasher); if (!cookie_verify(this, message, data)) { DBG2(DBG_NET, "found cookie, but content invalid"); @@ -290,7 +290,7 @@ static bool check_cookie(private_receiver_t *this, message_t *message) * Check if we currently require cookies */ static bool cookie_required(private_receiver_t *this, - u_int half_open, u_int32_t now) + u_int half_open, uint32_t now) { if (this->cookie_threshold && half_open >= this->cookie_threshold) { @@ -322,7 +322,7 @@ static bool cookie_required(private_receiver_t *this, static bool drop_ike_sa_init(private_receiver_t *this, message_t *message) { u_int half_open, half_open_r; - u_int32_t now; + uint32_t now; now = time_monotonic(NULL); half_open = charon->ike_sa_manager->get_half_open_count( @@ -620,7 +620,7 @@ METHOD(receiver_t, destroy, void, receiver_t *receiver_create() { private_receiver_t *this; - u_int32_t now = time_monotonic(NULL); + uint32_t now = time_monotonic(NULL); INIT(this, .public = { diff --git a/src/libcharon/network/socket.h b/src/libcharon/network/socket.h index e3cda3bea..b084d96a2 100644 --- a/src/libcharon/network/socket.h +++ b/src/libcharon/network/socket.h @@ -99,7 +99,7 @@ struct socket_t { * @param nat_t TRUE to get the port used to float in case of NAT-T * @return the port */ - u_int16_t (*get_port)(socket_t *this, bool nat_t); + uint16_t (*get_port)(socket_t *this, bool nat_t); /** * Get the address families this socket is listening on. diff --git a/src/libcharon/network/socket_manager.c b/src/libcharon/network/socket_manager.c index 2a07e503c..564608d77 100644 --- a/src/libcharon/network/socket_manager.c +++ b/src/libcharon/network/socket_manager.c @@ -89,10 +89,10 @@ METHOD(socket_manager_t, sender, status_t, return status; } -METHOD(socket_manager_t, get_port, u_int16_t, +METHOD(socket_manager_t, get_port, uint16_t, private_socket_manager_t *this, bool nat_t) { - u_int16_t port = 0; + uint16_t port = 0; this->lock->read_lock(this->lock); if (this->socket) { diff --git a/src/libcharon/network/socket_manager.h b/src/libcharon/network/socket_manager.h index a07d0804c..cde7859c2 100644 --- a/src/libcharon/network/socket_manager.h +++ b/src/libcharon/network/socket_manager.h @@ -58,7 +58,7 @@ struct socket_manager_t { * @param nat_t TRUE to get the port used to float in case of NAT-T * @return the port, or 0, if no socket is registered */ - u_int16_t (*get_port)(socket_manager_t *this, bool nat_t); + uint16_t (*get_port)(socket_manager_t *this, bool nat_t); /** * Get the address families the registered socket is listening on. diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in index b4ae6fa3e..3b49a8582 100644 --- a/src/libcharon/plugins/addrblock/Makefile.in +++ b/src/libcharon/plugins/addrblock/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/addrblock -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/addrblock/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/addrblock/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in index d90149827..5f6ecbf14 100644 --- a/src/libcharon/plugins/android_dns/Makefile.in +++ b/src/libcharon/plugins/android_dns/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/android_dns -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/android_dns/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/android_dns/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in index 64fecd9e3..bee30d9a9 100644 --- a/src/libcharon/plugins/android_log/Makefile.in +++ b/src/libcharon/plugins/android_log/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/android_log -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/android_log/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/android_log/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/attr/Makefile.in b/src/libcharon/plugins/attr/Makefile.in index acb7d07c0..607fe3f87 100644 --- a/src/libcharon/plugins/attr/Makefile.in +++ b/src/libcharon/plugins/attr/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/attr -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/attr/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/attr/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -772,6 +785,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/attr/attr_provider.c b/src/libcharon/plugins/attr/attr_provider.c index 1de571c3f..f4c143641 100644 --- a/src/libcharon/plugins/attr/attr_provider.c +++ b/src/libcharon/plugins/attr/attr_provider.c @@ -272,10 +272,10 @@ static void load_entries(private_attr_provider_t *this) { if (family == AF_INET) { /* IPv4 attributes contain a subnet mask */ - u_int32_t netmask = 0; + uint32_t netmask = 0; if (mask) - { /* shifting u_int32_t by 32 or more is undefined */ + { /* shifting uint32_t by 32 or more is undefined */ mask = 32 - mask; netmask = htonl((0xFFFFFFFF >> mask) << mask); } diff --git a/src/libcharon/plugins/attr_sql/Makefile.in b/src/libcharon/plugins/attr_sql/Makefile.in index 8ee9f3f92..d533a56b5 100644 --- a/src/libcharon/plugins/attr_sql/Makefile.in +++ b/src/libcharon/plugins/attr_sql/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/attr_sql -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/attr_sql/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/attr_sql/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in index be19d615e..31e786158 100644 --- a/src/libcharon/plugins/certexpire/Makefile.in +++ b/src/libcharon/plugins/certexpire/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/certexpire -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -463,7 +477,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/certexpire/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/certexpire/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -779,6 +792,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/connmark/Makefile.in b/src/libcharon/plugins/connmark/Makefile.in index eaf4f1ec9..c312821aa 100644 --- a/src/libcharon/plugins/connmark/Makefile.in +++ b/src/libcharon/plugins/connmark/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/connmark -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -463,7 +477,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/connmark/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/connmark/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/connmark/connmark_listener.c b/src/libcharon/plugins/connmark/connmark_listener.c index 607316f7b..29f7cac42 100644 --- a/src/libcharon/plugins/connmark/connmark_listener.c +++ b/src/libcharon/plugins/connmark/connmark_listener.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include @@ -56,7 +57,7 @@ struct private_connmark_listener_t { static bool ts2in(traffic_selector_t *ts, struct in_addr *addr, struct in_addr *mask) { - u_int8_t bits; + uint8_t bits; host_t *net; if (ts->get_type(ts) == TS_IPV4_ADDR_RANGE && @@ -119,15 +120,15 @@ static bool manage_rule(struct iptc_handle *ipth, const char *chain, */ static bool manage_pre_esp_in_udp(private_connmark_listener_t *this, struct iptc_handle *ipth, bool add, - u_int mark, u_int32_t spi, + u_int mark, uint32_t spi, host_t *dst, host_t *src) { - u_int16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + + uint16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + XT_ALIGN(sizeof(struct xt_udp)); - u_int16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; - u_int16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + + uint16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; + uint16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + XT_ALIGN(sizeof(struct xt_mark_tginfo2)); - u_int16_t entry_size = target_offset + target_size; + uint16_t entry_size = target_offset + target_size; u_char ipt[entry_size], *pos = ipt; struct ipt_entry *e; @@ -177,15 +178,15 @@ static bool manage_pre_esp_in_udp(private_connmark_listener_t *this, */ static bool manage_pre_esp(private_connmark_listener_t *this, struct iptc_handle *ipth, bool add, - u_int mark, u_int32_t spi, + u_int mark, uint32_t spi, host_t *dst, host_t *src) { - u_int16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + + uint16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + XT_ALIGN(sizeof(struct xt_esp)); - u_int16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; - u_int16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + + uint16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; + uint16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + XT_ALIGN(sizeof(struct xt_mark_tginfo2)); - u_int16_t entry_size = target_offset + target_size; + uint16_t entry_size = target_offset + target_size; u_char ipt[entry_size], *pos = ipt; struct ipt_entry *e; @@ -234,7 +235,7 @@ static bool manage_pre_esp(private_connmark_listener_t *this, */ static bool manage_pre(private_connmark_listener_t *this, struct iptc_handle *ipth, bool add, - u_int mark, u_int32_t spi, bool encap, + u_int mark, uint32_t spi, bool encap, host_t *dst, host_t *src) { if (encap) @@ -249,15 +250,15 @@ static bool manage_pre(private_connmark_listener_t *this, */ static bool manage_in(private_connmark_listener_t *this, struct iptc_handle *ipth, bool add, - u_int mark, u_int32_t spi, + u_int mark, uint32_t spi, traffic_selector_t *dst, traffic_selector_t *src) { - u_int16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + + uint16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + XT_ALIGN(sizeof(struct xt_policy_info)); - u_int16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; - u_int16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + + uint16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; + uint16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + XT_ALIGN(sizeof(struct xt_connmark_tginfo1)); - u_int16_t entry_size = target_offset + target_size; + uint16_t entry_size = target_offset + target_size; u_char ipt[entry_size], *pos = ipt; struct ipt_entry *e; @@ -315,12 +316,12 @@ static bool manage_out(private_connmark_listener_t *this, struct iptc_handle *ipth, bool add, traffic_selector_t *dst, traffic_selector_t *src) { - u_int16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + + uint16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + XT_ALIGN(sizeof(struct xt_mark_mtinfo1)); - u_int16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; - u_int16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + + uint16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; + uint16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + XT_ALIGN(sizeof(struct xt_connmark_tginfo1)); - u_int16_t entry_size = target_offset + target_size; + uint16_t entry_size = target_offset + target_size; u_char ipt[entry_size], *pos = ipt; struct ipt_entry *e; @@ -401,7 +402,7 @@ static bool manage_policies(private_connmark_listener_t *this, { traffic_selector_t *local, *remote; enumerator_t *enumerator; - u_int32_t spi; + uint32_t spi; u_int mark; bool done = TRUE; diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in index 44598c3ea..a71d75518 100644 --- a/src/libcharon/plugins/coupling/Makefile.in +++ b/src/libcharon/plugins/coupling/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/coupling -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/coupling/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/coupling/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in index 3d39fda29..843d05eae 100644 --- a/src/libcharon/plugins/dhcp/Makefile.in +++ b/src/libcharon/plugins/dhcp/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/dhcp -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/dhcp/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/dhcp/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c index 0fd1d33fd..807c68274 100644 --- a/src/libcharon/plugins/dhcp/dhcp_socket.c +++ b/src/libcharon/plugins/dhcp/dhcp_socket.c @@ -151,8 +151,8 @@ typedef enum { * DHCP option encoding, a TLV */ typedef struct __attribute__((packed)) { - u_int8_t type; - u_int8_t len; + uint8_t type; + uint8_t len; char data[]; } dhcp_option_t; @@ -160,22 +160,22 @@ typedef struct __attribute__((packed)) { * DHCP message format, with a maximum size options buffer */ typedef struct __attribute__((packed)) { - u_int8_t opcode; - u_int8_t hw_type; - u_int8_t hw_addr_len; - u_int8_t hop_count; - u_int32_t transaction_id; - u_int16_t number_of_seconds; - u_int16_t flags; - u_int32_t client_address; - u_int32_t your_address; - u_int32_t server_address; - u_int32_t gateway_address; + uint8_t opcode; + uint8_t hw_type; + uint8_t hw_addr_len; + uint8_t hop_count; + uint32_t transaction_id; + uint16_t number_of_seconds; + uint16_t flags; + uint32_t client_address; + uint32_t your_address; + uint32_t server_address; + uint32_t gateway_address; char client_hw_addr[6]; char client_hw_padding[10]; char server_hostname[64]; char boot_filename[128]; - u_int32_t magic_cookie; + uint32_t magic_cookie; char options[252]; } dhcp_t; @@ -191,7 +191,7 @@ static int prepare_dhcp(private_dhcp_socket_t *this, dhcp_option_t *option; int optlen = 0; host_t *src; - u_int32_t id; + uint32_t id; memset(dhcp, 0, sizeof(*dhcp)); dhcp->opcode = BOOTREQUEST; @@ -366,10 +366,10 @@ METHOD(dhcp_socket_t, enroll, dhcp_transaction_t*, private_dhcp_socket_t *this, identification_t *identity) { dhcp_transaction_t *transaction; - u_int32_t id; + uint32_t id; int try; - if (!this->rng->get_bytes(this->rng, sizeof(id), (u_int8_t*)&id)) + if (!this->rng->get_bytes(this->rng, sizeof(id), (uint8_t*)&id)) { DBG1(DBG_CFG, "DHCP DISCOVER failed, no transaction ID"); return NULL; diff --git a/src/libcharon/plugins/dhcp/dhcp_transaction.c b/src/libcharon/plugins/dhcp/dhcp_transaction.c index 22d3f3fdf..3ee88a698 100644 --- a/src/libcharon/plugins/dhcp/dhcp_transaction.c +++ b/src/libcharon/plugins/dhcp/dhcp_transaction.c @@ -32,7 +32,7 @@ struct private_dhcp_transaction_t { /** * DHCP transaction ID */ - u_int32_t id; + uint32_t id; /** * Peer identity @@ -63,7 +63,7 @@ typedef struct { chunk_t data; } attribute_entry_t; -METHOD(dhcp_transaction_t, get_id, u_int32_t, +METHOD(dhcp_transaction_t, get_id, uint32_t, private_dhcp_transaction_t *this) { return this->id; @@ -157,7 +157,7 @@ METHOD(dhcp_transaction_t, destroy, void, /** * See header */ -dhcp_transaction_t *dhcp_transaction_create(u_int32_t id, +dhcp_transaction_t *dhcp_transaction_create(uint32_t id, identification_t *identity) { private_dhcp_transaction_t *this; diff --git a/src/libcharon/plugins/dhcp/dhcp_transaction.h b/src/libcharon/plugins/dhcp/dhcp_transaction.h index 35f08e836..0c614f7b1 100644 --- a/src/libcharon/plugins/dhcp/dhcp_transaction.h +++ b/src/libcharon/plugins/dhcp/dhcp_transaction.h @@ -37,7 +37,7 @@ struct dhcp_transaction_t { * * @return DHCP transaction identifier */ - u_int32_t (*get_id)(dhcp_transaction_t *this); + uint32_t (*get_id)(dhcp_transaction_t *this); /** * Get the peer identity this transaction is used for. @@ -103,7 +103,7 @@ struct dhcp_transaction_t { * @param identity peer identity this transaction is used for * @return transaction instance */ -dhcp_transaction_t *dhcp_transaction_create(u_int32_t id, +dhcp_transaction_t *dhcp_transaction_create(uint32_t id, identification_t *identity); #endif /** DHCP_TRANSACTION_H_ @}*/ diff --git a/src/libcharon/plugins/dnscert/Makefile.in b/src/libcharon/plugins/dnscert/Makefile.in index 04fc31a3a..5f035ba35 100644 --- a/src/libcharon/plugins/dnscert/Makefile.in +++ b/src/libcharon/plugins/dnscert/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/dnscert -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/dnscert/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/dnscert/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/dnscert/dnscert.c b/src/libcharon/plugins/dnscert/dnscert.c index 882ad9f0c..b360eac34 100644 --- a/src/libcharon/plugins/dnscert/dnscert.c +++ b/src/libcharon/plugins/dnscert/dnscert.c @@ -41,17 +41,17 @@ struct private_dnscert_t { /** * Certificate type */ - u_int16_t cert_type; + uint16_t cert_type; /** * Key tag */ - u_int16_t key_tag; + uint16_t key_tag; /** * Algorithm */ - u_int8_t algorithm; + uint8_t algorithm; /** * Certificate @@ -65,7 +65,7 @@ METHOD(dnscert_t, get_cert_type, dnscert_type_t, return this->cert_type; } -METHOD(dnscert_t, get_key_tag, u_int16_t, +METHOD(dnscert_t, get_key_tag, uint16_t, private_dnscert_t *this) { return this->key_tag; diff --git a/src/libcharon/plugins/dnscert/dnscert.h b/src/libcharon/plugins/dnscert/dnscert.h index 567a9dfac..31a26ff76 100644 --- a/src/libcharon/plugins/dnscert/dnscert.h +++ b/src/libcharon/plugins/dnscert/dnscert.h @@ -119,7 +119,7 @@ struct dnscert_t { * * @return keytag */ - u_int16_t (*get_key_tag)(dnscert_t *this); + uint16_t (*get_key_tag)(dnscert_t *this); /** * Get the algorithm. diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in index da4534c21..9e3133b1d 100644 --- a/src/libcharon/plugins/duplicheck/Makefile.in +++ b/src/libcharon/plugins/duplicheck/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = duplicheck$(EXEEXT) subdir = src/libcharon/plugins/duplicheck -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -210,12 +219,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -265,6 +276,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -299,6 +311,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -410,6 +423,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -471,7 +485,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/duplicheck/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/duplicheck/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -841,6 +854,8 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/duplicheck/duplicheck.c b/src/libcharon/plugins/duplicheck/duplicheck.c index 7c4cd5ce1..442fa4a99 100644 --- a/src/libcharon/plugins/duplicheck/duplicheck.c +++ b/src/libcharon/plugins/duplicheck/duplicheck.c @@ -71,7 +71,7 @@ int main(int argc, char *argv[]) { char buf[128]; int fd, len; - u_int16_t msglen; + uint16_t msglen; fd = make_connection(); if (fd < 0) diff --git a/src/libcharon/plugins/duplicheck/duplicheck_msg.h b/src/libcharon/plugins/duplicheck/duplicheck_msg.h index 99e297104..0f405746e 100644 --- a/src/libcharon/plugins/duplicheck/duplicheck_msg.h +++ b/src/libcharon/plugins/duplicheck/duplicheck_msg.h @@ -35,7 +35,7 @@ typedef struct duplicheck_msg_t duplicheck_msg_t; */ struct duplicheck_msg_t { /** length of the identity following, in network order (excluding len). */ - u_int16_t len; + uint16_t len; /** identity string, not null terminated */ char identity[]; } __attribute__((__packed__)); diff --git a/src/libcharon/plugins/duplicheck/duplicheck_notify.c b/src/libcharon/plugins/duplicheck/duplicheck_notify.c index f77b48b09..501d1229f 100644 --- a/src/libcharon/plugins/duplicheck/duplicheck_notify.c +++ b/src/libcharon/plugins/duplicheck/duplicheck_notify.c @@ -75,7 +75,7 @@ METHOD(duplicheck_notify_t, send_, void, { enumerator_t *enumerator; stream_t *stream; - u_int16_t nlen; + uint16_t nlen; char buf[512]; int len; diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in index b5ffd8c24..8ac12c1f2 100644 --- a/src/libcharon/plugins/eap_aka/Makefile.in +++ b/src/libcharon/plugins/eap_aka/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_aka -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -465,7 +479,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -780,6 +793,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_aka/eap_aka_peer.c b/src/libcharon/plugins/eap_aka/eap_aka_peer.c index 810a19c55..3ab053ba6 100644 --- a/src/libcharon/plugins/eap_aka/eap_aka_peer.c +++ b/src/libcharon/plugins/eap_aka/eap_aka_peer.c @@ -62,7 +62,7 @@ struct private_eap_aka_peer_t { /** * EAP message identifier */ - u_int8_t identifier; + uint8_t identifier; /** * MSK @@ -77,7 +77,7 @@ struct private_eap_aka_peer_t { /** * Counter value if reauthentication is used */ - u_int16_t counter; + uint16_t counter; }; /** @@ -105,7 +105,7 @@ static bool create_client_error(private_eap_aka_peer_t *this, eap_payload_t **out) { simaka_message_t *message; - u_int16_t encoded; + uint16_t encoded; DBG1(DBG_IKE, "sending client error '%N'", simaka_client_error_names, AKA_UNABLE_TO_PROCESS); @@ -347,7 +347,7 @@ static status_t process_challenge(private_eap_aka_peer_t *this, */ static bool counter_too_small(private_eap_aka_peer_t *this, chunk_t chunk) { - u_int16_t counter; + uint16_t counter; memcpy(&counter, chunk.ptr, sizeof(counter)); counter = htons(counter); @@ -483,7 +483,7 @@ static status_t process_notification(private_eap_aka_peer_t *this, { if (type == AT_NOTIFICATION) { - u_int16_t code; + uint16_t code; memcpy(&code, data.ptr, sizeof(code)); code = ntohs(code); @@ -594,7 +594,7 @@ METHOD(eap_method_t, initiate, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_aka_peer_t *this, u_int32_t *vendor) + private_eap_aka_peer_t *this, uint32_t *vendor) { *vendor = 0; return EAP_AKA; @@ -611,14 +611,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_aka_peer_t *this) { return this->identifier; } METHOD(eap_method_t, set_identifier, void, - private_eap_aka_peer_t *this, u_int8_t identifier) + private_eap_aka_peer_t *this, uint8_t identifier) { this->identifier = identifier; } diff --git a/src/libcharon/plugins/eap_aka/eap_aka_server.c b/src/libcharon/plugins/eap_aka/eap_aka_server.c index 04bfc170b..1ede56757 100644 --- a/src/libcharon/plugins/eap_aka/eap_aka_server.c +++ b/src/libcharon/plugins/eap_aka/eap_aka_server.c @@ -65,7 +65,7 @@ struct private_eap_aka_server_t { /** * EAP message identifier */ - u_int8_t identifier; + uint8_t identifier; /** * Expected Result XRES @@ -238,7 +238,7 @@ static status_t challenge(private_eap_aka_server_t *this, eap_payload_t **out) * Initiate EAP-AKA/Request/Re-authentication message */ static status_t reauthenticate(private_eap_aka_server_t *this, - char mk[HASH_SIZE_SHA1], u_int16_t counter, + char mk[HASH_SIZE_SHA1], uint16_t counter, eap_payload_t **out) { simaka_message_t *message; @@ -341,7 +341,7 @@ static status_t process_identity(private_eap_aka_server_t *this, if (this->use_reauth) { char mk[HASH_SIZE_SHA1]; - u_int16_t counter; + uint16_t counter; permanent = this->mgr->provider_is_reauth(this->mgr, id, mk, &counter); if (permanent) @@ -564,7 +564,7 @@ static status_t process_client_error(private_eap_aka_server_t *this, { if (type == AT_CLIENT_ERROR_CODE) { - u_int16_t code; + uint16_t code; memcpy(&code, data.ptr, sizeof(code)); DBG1(DBG_IKE, "received EAP-AKA client error '%N'", @@ -637,7 +637,7 @@ METHOD(eap_method_t, process, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_aka_server_t *this, u_int32_t *vendor) + private_eap_aka_server_t *this, uint32_t *vendor) { *vendor = 0; return EAP_AKA; @@ -654,14 +654,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_aka_server_t *this) { return this->identifier; } METHOD(eap_method_t, set_identifier, void, - private_eap_aka_server_t *this, u_int8_t identifier) + private_eap_aka_server_t *this, uint8_t identifier) { this->identifier = identifier; } diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in index e0ad6fe2e..7dc9003c9 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in +++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ @MONOLITHIC_FALSE@am__append_1 = $(top_builddir)/src/libsimaka/libsimaka.la subdir = src/libcharon/plugins/eap_aka_3gpp2 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -467,7 +481,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka_3gpp2/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka_3gpp2/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -783,6 +796,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c index 93ea8d08c..cfe6407b0 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c +++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c @@ -54,7 +54,7 @@ static chunk_t fmk = chunk_from_chars(0x41, 0x48, 0x41, 0x47); /** * Binary represnation of the polynom T^160 + T^5 + T^3 + T^2 + 1 */ -static u_int8_t g[] = { +static uint8_t g[] = { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2d @@ -63,7 +63,7 @@ static u_int8_t g[] = { /** * Predefined random bits from the RAND Corporation book */ -static u_int8_t a[] = { +static uint8_t a[] = { 0x9d, 0xe9, 0xc9, 0xc8, 0xef, 0xd5, 0x78, 0x11, 0x48, 0x23, 0x14, 0x01, 0x90, 0x1f, 0x2d, 0x49, 0x3f, 0x4c, 0x63, 0x65 @@ -72,7 +72,7 @@ static u_int8_t a[] = { /** * Predefined random bits from the RAND Corporation book */ -static u_int8_t b[] = { +static uint8_t b[] = { 0x75, 0xef, 0xd1, 0x5c, 0x4b, 0x8f, 0x8f, 0x51, 0x4e, 0xf3, 0xbc, 0xc3, 0x79, 0x4a, 0x76, 0x5e, 0x7e, 0xec, 0x45, 0xe0 @@ -171,7 +171,7 @@ static void mpz_mod_poly(mpz_t r, mpz_t a, mpz_t b) * XOR the key into the SHA1 IV */ static bool step3(prf_t *prf, u_char k[AKA_K_LEN], - u_char payload[AKA_PAYLOAD_LEN], u_int8_t h[HASH_SIZE_SHA1]) + u_char payload[AKA_PAYLOAD_LEN], uint8_t h[HASH_SIZE_SHA1]) { /* use the keyed hasher to build the hash */ return prf->set_key(prf, chunk_create(k, AKA_K_LEN)) && @@ -243,7 +243,7 @@ static bool fx(prf_t *prf, u_char f, u_char k[AKA_K_LEN], /** * Calculation function of f1() and f1star() */ -static bool f1x(prf_t *prf, u_int8_t f, u_char k[AKA_K_LEN], +static bool f1x(prf_t *prf, uint8_t f, u_char k[AKA_K_LEN], u_char rand[AKA_RAND_LEN], u_char sqn[AKA_SQN_LEN], u_char amf[AKA_AMF_LEN], u_char mac[AKA_MAC_LEN]) { diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in index 821f6de6c..f81d54fc2 100644 --- a/src/libcharon/plugins/eap_dynamic/Makefile.in +++ b/src/libcharon/plugins/eap_dynamic/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_dynamic -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_dynamic/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_dynamic/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c index 3216446af..d0f0595de 100644 --- a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c +++ b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c @@ -73,7 +73,7 @@ static bool entry_matches(eap_vendor_type_t *item, eap_vendor_type_t *other) * Load the given EAP method */ static eap_method_t *load_method(private_eap_dynamic_t *this, - eap_type_t type, u_int32_t vendor) + eap_type_t type, uint32_t vendor) { eap_method_t *method; @@ -171,7 +171,7 @@ METHOD(eap_method_t, process, status_t, private_eap_dynamic_t *this, eap_payload_t *in, eap_payload_t **out) { eap_type_t received_type, type; - u_int32_t received_vendor, vendor; + uint32_t received_vendor, vendor; received_type = in->get_type(in, &received_vendor); if (received_vendor == 0 && received_type == EAP_NAK) @@ -225,7 +225,7 @@ METHOD(eap_method_t, process, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_dynamic_t *this, u_int32_t *vendor) + private_eap_dynamic_t *this, uint32_t *vendor) { if (this->method) { @@ -245,7 +245,7 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_dynamic_t *this) { if (this->method) @@ -256,7 +256,7 @@ METHOD(eap_method_t, get_identifier, u_int8_t, } METHOD(eap_method_t, set_identifier, void, - private_eap_dynamic_t *this, u_int8_t identifier) + private_eap_dynamic_t *this, uint8_t identifier) { if (this->method) { @@ -335,7 +335,7 @@ static void get_supported_eap_types(private_eap_dynamic_t *this) { enumerator_t *enumerator; eap_type_t type; - u_int32_t vendor; + uint32_t vendor; enumerator = charon->eap->create_enumerator(charon->eap, EAP_SERVER); while (enumerator->enumerate(enumerator, &type, &vendor)) diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in index cfd7c4e24..f11d86051 100644 --- a/src/libcharon/plugins/eap_gtc/Makefile.in +++ b/src/libcharon/plugins/eap_gtc/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_gtc -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_gtc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_gtc/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc.c b/src/libcharon/plugins/eap_gtc/eap_gtc.c index 5fcd9ebc9..6f5c38edd 100644 --- a/src/libcharon/plugins/eap_gtc/eap_gtc.c +++ b/src/libcharon/plugins/eap_gtc/eap_gtc.c @@ -46,7 +46,7 @@ struct private_eap_gtc_t { /** * EAP message identififier */ - u_int8_t identifier; + uint8_t identifier; }; typedef struct eap_gtc_header_t eap_gtc_header_t; @@ -56,15 +56,15 @@ typedef struct eap_gtc_header_t eap_gtc_header_t; */ struct eap_gtc_header_t { /** EAP code (REQUEST/RESPONSE) */ - u_int8_t code; + uint8_t code; /** unique message identifier */ - u_int8_t identifier; + uint8_t identifier; /** length of whole message */ - u_int16_t length; + uint16_t length; /** EAP type */ - u_int8_t type; + uint8_t type; /** type data */ - u_int8_t data[]; + uint8_t data[]; } __attribute__((__packed__)); METHOD(eap_method_t, initiate_peer, status_t, @@ -186,7 +186,7 @@ METHOD(eap_method_t, process_server, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_gtc_t *this, u_int32_t *vendor) + private_eap_gtc_t *this, uint32_t *vendor) { *vendor = 0; return EAP_GTC; @@ -198,14 +198,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_gtc_t *this) { return this->identifier; } METHOD(eap_method_t, set_identifier, void, - private_eap_gtc_t *this, u_int8_t identifier) + private_eap_gtc_t *this, uint8_t identifier) { this->identifier = identifier; } diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in index 1c544f360..e9755aa71 100644 --- a/src/libcharon/plugins/eap_identity/Makefile.in +++ b/src/libcharon/plugins/eap_identity/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_identity -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_identity/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_identity/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_identity/eap_identity.c b/src/libcharon/plugins/eap_identity/eap_identity.c index 6ecde065c..7d6dc4add 100644 --- a/src/libcharon/plugins/eap_identity/eap_identity.c +++ b/src/libcharon/plugins/eap_identity/eap_identity.c @@ -43,7 +43,7 @@ struct private_eap_identity_t { /** * EAP identifier */ - u_int8_t identifier; + uint8_t identifier; }; typedef struct eap_identity_header_t eap_identity_header_t; @@ -53,15 +53,15 @@ typedef struct eap_identity_header_t eap_identity_header_t; */ struct eap_identity_header_t { /** EAP code (REQUEST/RESPONSE) */ - u_int8_t code; + uint8_t code; /** unique message identifier */ - u_int8_t identifier; + uint8_t identifier; /** length of whole message */ - u_int16_t length; + uint16_t length; /** EAP type */ - u_int8_t type; + uint8_t type; /** identity data */ - u_int8_t data[]; + uint8_t data[]; } __attribute__((__packed__)); METHOD(eap_method_t, process_peer, status_t, @@ -124,7 +124,7 @@ METHOD(eap_method_t, initiate_server, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_identity_t *this, u_int32_t *vendor) + private_eap_identity_t *this, uint32_t *vendor) { *vendor = 0; return EAP_IDENTITY; @@ -141,14 +141,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_identity_t *this) { return this->identifier; } METHOD(eap_method_t, set_identifier, void, - private_eap_identity_t *this, u_int8_t identifier) + private_eap_identity_t *this, uint8_t identifier) { this->identifier = identifier; } diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in index e967262b6..82ba96d26 100644 --- a/src/libcharon/plugins/eap_md5/Makefile.in +++ b/src/libcharon/plugins/eap_md5/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_md5 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_md5/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_md5/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_md5/eap_md5.c b/src/libcharon/plugins/eap_md5/eap_md5.c index d314e7a9e..2cb0db466 100644 --- a/src/libcharon/plugins/eap_md5/eap_md5.c +++ b/src/libcharon/plugins/eap_md5/eap_md5.c @@ -49,7 +49,7 @@ struct private_eap_md5_t { /** * EAP message identifier */ - u_int8_t identifier; + uint8_t identifier; }; typedef struct eap_md5_header_t eap_md5_header_t; @@ -59,17 +59,17 @@ typedef struct eap_md5_header_t eap_md5_header_t; */ struct eap_md5_header_t { /** EAP code (REQUEST/RESPONSE) */ - u_int8_t code; + uint8_t code; /** unique message identifier */ - u_int8_t identifier; + uint8_t identifier; /** length of whole message */ - u_int16_t length; + uint16_t length; /** EAP type */ - u_int8_t type; + uint8_t type; /** length of value (challenge) */ - u_int8_t value_size; + uint8_t value_size; /** actual value */ - u_int8_t value[]; + uint8_t value[]; } __attribute__((__packed__)); #define CHALLENGE_LEN 16 @@ -204,7 +204,7 @@ METHOD(eap_method_t, process_server, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_md5_t *this, u_int32_t *vendor) + private_eap_md5_t *this, uint32_t *vendor) { *vendor = 0; return EAP_MD5; @@ -222,14 +222,14 @@ METHOD(eap_method_t, is_mutual, bool, return FALSE; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_md5_t *this) { return this->identifier; } METHOD(eap_method_t, set_identifier, void, - private_eap_md5_t *this, u_int8_t identifier) + private_eap_md5_t *this, uint8_t identifier) { this->identifier = identifier; } diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in index d96343a5c..c3b31cd9a 100644 --- a/src/libcharon/plugins/eap_mschapv2/Makefile.in +++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_mschapv2 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_mschapv2/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_mschapv2/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c index 16978f486..12f61f7f8 100644 --- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c +++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c @@ -70,12 +70,12 @@ struct private_eap_mschapv2_t /** * EAP message identifier */ - u_int8_t identifier; + uint8_t identifier; /** * MS-CHAPv2-ID (session ID, increases with each retry) */ - u_int8_t mschapv2id; + uint8_t mschapv2id; /** * Number of retries @@ -179,21 +179,21 @@ typedef struct eap_mschapv2_response_t eap_mschapv2_response_t; struct eap_mschapv2_header_t { /** EAP code (REQUEST/RESPONSE) */ - u_int8_t code; + uint8_t code; /** unique message identifier */ - u_int8_t identifier; + uint8_t identifier; /** length of whole message */ - u_int16_t length; + uint16_t length; /** EAP type */ - u_int8_t type; + uint8_t type; /** MS-CHAPv2 OpCode */ - u_int8_t opcode; + uint8_t opcode; /** MS-CHAPv2-ID (equals identifier) */ - u_int8_t ms_chapv2_id; + uint8_t ms_chapv2_id; /** MS-Length (defined as length - 5) */ - u_int16_t ms_length; + uint16_t ms_length; /** packet data (determined by OpCode) */ - u_int8_t data[]; + uint8_t data[]; }__attribute__((__packed__)); /** @@ -202,11 +202,11 @@ struct eap_mschapv2_header_t struct eap_mschapv2_challenge_t { /** Value-Size */ - u_int8_t value_size; + uint8_t value_size; /** Challenge */ - u_int8_t challenge[CHALLENGE_LEN]; + uint8_t challenge[CHALLENGE_LEN]; /** Name */ - u_int8_t name[]; + uint8_t name[]; }__attribute__((__packed__)); /** @@ -215,21 +215,21 @@ struct eap_mschapv2_challenge_t struct eap_mschapv2_response_t { /** Value-Size */ - u_int8_t value_size; + uint8_t value_size; /** Response */ struct { /* Peer-Challenge*/ - u_int8_t peer_challenge[CHALLENGE_LEN]; + uint8_t peer_challenge[CHALLENGE_LEN]; /* Reserved (=zero) */ - u_int8_t peer_reserved[8]; + uint8_t peer_reserved[8]; /* NT-Response */ - u_int8_t nt_response[24]; + uint8_t nt_response[24]; /* Flags (=zero) */ - u_int8_t flags; + uint8_t flags; } response; /** Name */ - u_int8_t name[]; + uint8_t name[]; }__attribute__((__packed__)); /** @@ -597,10 +597,10 @@ static chunk_t extract_username(chunk_t id) /** * Set the ms_length field using aligned write */ -static void set_ms_length(eap_mschapv2_header_t *eap, u_int16_t len) +static void set_ms_length(eap_mschapv2_header_t *eap, uint16_t len) { len = htons(len - 5); - memcpy(&eap->ms_length, &len, sizeof(u_int16_t)); + memcpy(&eap->ms_length, &len, sizeof(uint16_t)); } METHOD(eap_method_t, initiate_peer, status_t, @@ -617,7 +617,7 @@ METHOD(eap_method_t, initiate_server, status_t, eap_mschapv2_header_t *eap; eap_mschapv2_challenge_t *cha; const char *name = MSCHAPV2_HOST_NAME; - u_int16_t len = CHALLENGE_PAYLOAD_LEN + sizeof(MSCHAPV2_HOST_NAME) - 1; + uint16_t len = CHALLENGE_PAYLOAD_LEN + sizeof(MSCHAPV2_HOST_NAME) - 1; rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng || !rng->allocate_bytes(rng, CHALLENGE_LEN, &this->challenge)) @@ -690,7 +690,7 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, eap_mschapv2_challenge_t *cha; eap_mschapv2_response_t *res; chunk_t data, peer_challenge, userid, username, nt_hash; - u_int16_t len = RESPONSE_PAYLOAD_LEN; + uint16_t len = RESPONSE_PAYLOAD_LEN; data = in->get_data(in); eap = (eap_mschapv2_header_t*)data.ptr; @@ -779,7 +779,7 @@ static status_t process_peer_success(private_eap_mschapv2_t *this, chunk_t data, auth_string = chunk_empty; char *message, *token, *msg = NULL; int message_len; - u_int16_t len = SHORT_HEADER_LEN; + uint16_t len = SHORT_HEADER_LEN; data = in->get_data(in); eap = (eap_mschapv2_header_t*)data.ptr; @@ -1011,7 +1011,7 @@ static status_t process_server_retry(private_eap_mschapv2_t *this, rng_t *rng; chunk_t hex; char msg[FAILURE_MESSAGE_LEN]; - u_int16_t len = HEADER_LEN + FAILURE_MESSAGE_LEN - 1; /* no null byte */ + uint16_t len = HEADER_LEN + FAILURE_MESSAGE_LEN - 1; /* no null byte */ if (++this->retries > MAX_RETRIES) { @@ -1127,7 +1127,7 @@ static status_t process_server_response(private_eap_mschapv2_t *this, { chunk_t hex; char msg[AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE)]; - u_int16_t len = HEADER_LEN + AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE); + uint16_t len = HEADER_LEN + AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE); eap = alloca(len); eap->code = EAP_REQUEST; @@ -1213,7 +1213,7 @@ METHOD(eap_method_t, process_server, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_mschapv2_t *this, u_int32_t *vendor) + private_eap_mschapv2_t *this, uint32_t *vendor) { *vendor = 0; return EAP_MSCHAPV2; @@ -1230,14 +1230,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_mschapv2_t *this) { return this->identifier; } METHOD(eap_method_t, set_identifier, void, - private_eap_mschapv2_t *this, u_int8_t identifier) + private_eap_mschapv2_t *this, uint8_t identifier) { this->identifier = identifier; } diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in index 0f920fef8..2a01a369f 100644 --- a/src/libcharon/plugins/eap_peap/Makefile.in +++ b/src/libcharon/plugins/eap_peap/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_peap -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -467,7 +481,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_peap/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_peap/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -784,6 +797,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_peap/eap_peap.c b/src/libcharon/plugins/eap_peap/eap_peap.c index c24dd578c..4778a0977 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap.c +++ b/src/libcharon/plugins/eap_peap/eap_peap.c @@ -76,7 +76,7 @@ METHOD(eap_method_t, process, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_peap_t *this, u_int32_t *vendor) + private_eap_peap_t *this, uint32_t *vendor) { *vendor = 0; return EAP_PEAP; @@ -93,14 +93,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_peap_t *this) { return this->tls_eap->get_identifier(this->tls_eap); } METHOD(eap_method_t, set_identifier, void, - private_eap_peap_t *this, u_int8_t identifier) + private_eap_peap_t *this, uint8_t identifier) { this->tls_eap->set_identifier(this->tls_eap, identifier); } diff --git a/src/libcharon/plugins/eap_peap/eap_peap_avp.c b/src/libcharon/plugins/eap_peap/eap_peap_avp.c index 3f541ba23..d5ce5fbc1 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap_avp.c +++ b/src/libcharon/plugins/eap_peap/eap_peap_avp.c @@ -47,7 +47,7 @@ struct private_eap_peap_avp_t { METHOD(eap_peap_avp_t, build, void, private_eap_peap_avp_t *this, bio_writer_t *writer, chunk_t data) { - u_int8_t code; + uint8_t code; eap_packet_t *pkt; chunk_t avp_data; @@ -71,10 +71,10 @@ METHOD(eap_peap_avp_t, build, void, METHOD(eap_peap_avp_t, process, status_t, private_eap_peap_avp_t* this, bio_reader_t *reader, chunk_t *data, - u_int8_t identifier) + uint8_t identifier) { - u_int8_t code; - u_int16_t len; + uint8_t code; + uint16_t len; eap_packet_t *pkt; chunk_t avp_data; diff --git a/src/libcharon/plugins/eap_peap/eap_peap_avp.h b/src/libcharon/plugins/eap_peap/eap_peap_avp.h index 98c5f1912..cc5930b62 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap_avp.h +++ b/src/libcharon/plugins/eap_peap/eap_peap_avp.h @@ -45,7 +45,7 @@ struct eap_peap_avp_t { * - NEED_MORE if another invocation of process/build needed */ status_t (*process)(eap_peap_avp_t *this, bio_reader_t *reader, - chunk_t *data, u_int8_t identifier); + chunk_t *data, uint8_t identifier); /** * Build EAP-PEAP Message AVP to send out. diff --git a/src/libcharon/plugins/eap_peap/eap_peap_peer.c b/src/libcharon/plugins/eap_peap/eap_peap_peer.c index f482c5b54..2668ac432 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap_peer.c +++ b/src/libcharon/plugins/eap_peap/eap_peap_peer.c @@ -71,7 +71,7 @@ METHOD(tls_application_t, process, status_t, eap_payload_t *in; eap_code_t code; eap_type_t type, received_type; - u_int32_t vendor, received_vendor; + uint32_t vendor, received_vendor; status = this->avp->process(this->avp, reader, &data, this->ph1_method->get_identifier(this->ph1_method)); @@ -191,7 +191,7 @@ METHOD(tls_application_t, build, status_t, chunk_t data; eap_code_t code; eap_type_t type; - u_int32_t vendor; + uint32_t vendor; if (this->out) { diff --git a/src/libcharon/plugins/eap_peap/eap_peap_server.c b/src/libcharon/plugins/eap_peap/eap_peap_server.c index 33b01e95e..7f8348e06 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap_server.c +++ b/src/libcharon/plugins/eap_peap/eap_peap_server.c @@ -167,7 +167,7 @@ METHOD(tls_application_t, process, status_t, eap_payload_t *in; eap_code_t code; eap_type_t type = EAP_NAK, received_type; - u_int32_t vendor, received_vendor; + uint32_t vendor, received_vendor; status = this->avp->process(this->avp, reader, &data, this->ph1_method->get_identifier(this->ph1_method)); @@ -336,7 +336,7 @@ METHOD(tls_application_t, build, status_t, chunk_t data; eap_code_t code; eap_type_t type; - u_int32_t vendor; + uint32_t vendor; if (this->ph2_method == NULL && this->start_phase2 && this->start_phase2_id) { diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in index 881a5b7e3..cdba38cde 100644 --- a/src/libcharon/plugins/eap_radius/Makefile.in +++ b/src/libcharon/plugins/eap_radius/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_radius -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -470,7 +484,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_radius/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_radius/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -789,6 +802,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c index 237f065fa..a2530e653 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius.c +++ b/src/libcharon/plugins/eap_radius/eap_radius.c @@ -55,12 +55,12 @@ struct private_eap_radius_t { /** * EAP vendor, if any */ - u_int32_t vendor; + uint32_t vendor; /** * EAP message identifier */ - u_int8_t identifier; + uint8_t identifier; /** * RADIUS client instance @@ -86,15 +86,15 @@ static void add_eap_identity(private_eap_radius_t *this, { struct { /** EAP code (REQUEST/RESPONSE) */ - u_int8_t code; + uint8_t code; /** unique message identifier */ - u_int8_t identifier; + uint8_t identifier; /** length of whole message */ - u_int16_t length; + uint16_t length; /** EAP type */ - u_int8_t type; + uint8_t type; /** identity data */ - u_int8_t data[]; + uint8_t data[]; } __attribute__((__packed__)) *hdr; chunk_t id, prefix; size_t len; @@ -156,7 +156,7 @@ void eap_radius_build_attributes(radius_message_t *request) ike_sa_t *ike_sa; host_t *host; char buf[40], *station_id_fmt;; - u_int32_t value; + uint32_t value; chunk_t chunk; /* virtual NAS-Port-Type */ @@ -314,8 +314,8 @@ static void process_filter_id(radius_message_t *msg) { enumerator_t *enumerator; int type; - u_int8_t tunnel_tag; - u_int32_t tunnel_type; + uint8_t tunnel_tag; + uint32_t tunnel_type; chunk_t filter_id = chunk_empty, data; bool is_esp_tunnel = FALSE; @@ -395,7 +395,7 @@ static void process_timeout(radius_message_t *msg) /** * Add a Cisco Unity configuration attribute */ -static void add_unity_attribute(eap_radius_provider_t *provider, u_int32_t id, +static void add_unity_attribute(eap_radius_provider_t *provider, uint32_t id, int type, chunk_t data) { switch (type) @@ -417,7 +417,7 @@ static void add_unity_attribute(eap_radius_provider_t *provider, u_int32_t id, * Add a DNS/NBNS configuration attribute */ static void add_nameserver_attribute(eap_radius_provider_t *provider, - u_int32_t id, int type, chunk_t data) + uint32_t id, int type, chunk_t data) { /* these are from different vendors, but there is currently no conflict */ switch (type) @@ -444,7 +444,7 @@ static void add_nameserver_attribute(eap_radius_provider_t *provider, * Add a UNITY_LOCAL_LAN or UNITY_SPLIT_INCLUDE attribute */ static void add_unity_split_attribute(eap_radius_provider_t *provider, - u_int32_t id, configuration_attribute_type_t type, + uint32_t id, configuration_attribute_type_t type, chunk_t data) { enumerator_t *enumerator; @@ -701,7 +701,7 @@ METHOD(eap_method_t, process, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_radius_t *this, u_int32_t *vendor) + private_eap_radius_t *this, uint32_t *vendor) { *vendor = this->vendor; return this->type; @@ -721,14 +721,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_radius_t *this) { return this->identifier; } METHOD(eap_method_t, set_identifier, void, - private_eap_radius_t *this, u_int8_t identifier) + private_eap_radius_t *this, uint8_t identifier) { this->identifier = identifier; } diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c index 4b7260349..0c302af51 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c @@ -54,7 +54,7 @@ struct private_eap_radius_accounting_t { /** * Session ID prefix */ - u_int32_t prefix; + uint32_t prefix; /** * Format string we use for Called/Calling-Station-Id for a host @@ -101,8 +101,8 @@ typedef enum { */ typedef struct { struct { - u_int64_t sent; - u_int64_t received; + uint64_t sent; + uint64_t received; } bytes, packets; } usage_t; @@ -133,7 +133,7 @@ static inline void sub_usage(usage_t *a, usage_t b) */ typedef struct { /** unique CHILD_SA identifier */ - u_int32_t id; + uint32_t id; /** usage stats for this SA */ usage_t usage; } sa_entry_t; @@ -172,7 +172,7 @@ typedef struct { radius_acct_terminate_cause_t cause; /* interim interval and timestamp of last update */ struct { - u_int32_t interval; + uint32_t interval; time_t last; } interim; /** did we send Accounting-Start */ @@ -237,7 +237,7 @@ static int sa_find(const void *a, const void *b) /** * Update or create usage counters of a cached SA */ -static void update_sa(entry_t *entry, u_int32_t id, usage_t usage) +static void update_sa(entry_t *entry, uint32_t id, usage_t usage) { sa_entry_t *sa, lookup; @@ -402,7 +402,7 @@ static void add_ike_sa_parameters(private_eap_radius_accounting_t *this, host_t *vip, *host; char buf[MAX_RADIUS_ATTRIBUTE_SIZE + 1]; chunk_t data; - u_int32_t value; + uint32_t value; /* virtual NAS-Port-Type */ value = htonl(5); @@ -461,7 +461,7 @@ static void add_ike_sa_parameters(private_eap_radius_accounting_t *this, * Get an existing or create a new entry from the locked session table */ static entry_t* get_or_create_entry(private_eap_radius_accounting_t *this, - ike_sa_id_t *id, u_int32_t unique) + ike_sa_id_t *id, uint32_t unique) { entry_t *entry; time_t now; @@ -520,7 +520,7 @@ static job_requeue_t send_interim(interim_data_t *data) enumerator_t *enumerator; ike_sa_t *ike_sa; entry_t *entry; - u_int32_t value; + uint32_t value; array_t *stats; sa_entry_t *sa, *found; @@ -681,7 +681,7 @@ static void send_start(private_eap_radius_accounting_t *this, ike_sa_t *ike_sa) { radius_message_t *message; entry_t *entry; - u_int32_t value; + uint32_t value; if (this->acct_req_vip && !has_vip(ike_sa)) { @@ -735,7 +735,7 @@ static void send_stop(private_eap_radius_accounting_t *this, ike_sa_t *ike_sa) enumerator_t *enumerator; entry_t *entry; sa_entry_t *sa; - u_int32_t value; + uint32_t value; this->mutex->lock(this->mutex); entry = this->sessions->remove(this->sessions, ike_sa->get_id(ike_sa)); @@ -931,7 +931,7 @@ METHOD(listener_t, child_rekey, bool, METHOD(listener_t, children_migrate, bool, private_eap_radius_accounting_t *this, ike_sa_t *ike_sa, ike_sa_id_t *new, - u_int32_t unique) + uint32_t unique) { enumerator_t *enumerator; sa_entry_t *sa, *sa_new, *cached; @@ -1020,7 +1020,7 @@ eap_radius_accounting_t *eap_radius_accounting_create() .destroy = _destroy, }, /* use system time as Session ID prefix */ - .prefix = (u_int32_t)time(NULL), + .prefix = (uint32_t)time(NULL), .sessions = hashtable_create((hashtable_hash_t)hash, (hashtable_equals_t)equals, 32), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), @@ -1050,7 +1050,7 @@ eap_radius_accounting_t *eap_radius_accounting_create() /** * See header */ -void eap_radius_accounting_start_interim(ike_sa_t *ike_sa, u_int32_t interval) +void eap_radius_accounting_start_interim(ike_sa_t *ike_sa, uint32_t interval) { if (singleton) { diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.h b/src/libcharon/plugins/eap_radius/eap_radius_accounting.h index 8d4f9a0e1..f7a19c9b5 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.h +++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.h @@ -52,6 +52,6 @@ eap_radius_accounting_t *eap_radius_accounting_create(); * @param ike_sa IKE_SA to send updates for * @param interval interval for interim updates */ -void eap_radius_accounting_start_interim(ike_sa_t *ike_sa, u_int32_t interval); +void eap_radius_accounting_start_interim(ike_sa_t *ike_sa, uint32_t interval); #endif /** EAP_RADIUS_ACCOUNTING_H_ @}*/ diff --git a/src/libcharon/plugins/eap_radius/eap_radius_dae.c b/src/libcharon/plugins/eap_radius/eap_radius_dae.c index a0bf99efd..fc9b39c3e 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_dae.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_dae.c @@ -293,7 +293,7 @@ static void process_disconnect(private_eap_radius_dae_t *this, * Apply a new lifetime to an IKE_SA */ static void apply_lifetime(private_eap_radius_dae_t *this, ike_sa_id_t *id, - u_int32_t lifetime) + uint32_t lifetime) { ike_sa_t *ike_sa; @@ -323,7 +323,7 @@ static void process_coa(private_eap_radius_dae_t *this, ike_sa_id_t *id; chunk_t data; int type; - u_int32_t lifetime = 0; + uint32_t lifetime = 0; bool lifetime_seen = FALSE; ids = get_matching_ike_sas(this, request, client); diff --git a/src/libcharon/plugins/eap_radius/eap_radius_forward.c b/src/libcharon/plugins/eap_radius/eap_radius_forward.c index 52ea84070..919e861be 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_forward.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_forward.c @@ -63,9 +63,9 @@ struct private_eap_radius_forward_t { */ typedef struct { /** vendor ID, 0 for standard attributes */ - u_int32_t vendor; + uint32_t vendor; /** attribute type */ - u_int8_t type; + uint8_t type; } attr_t; /** @@ -132,7 +132,7 @@ static bool is_attribute_selected(linked_list_t *selector, radius_attribute_type_t type, chunk_t data) { enumerator_t *enumerator; - u_int32_t vendor = 0; + uint32_t vendor = 0; attr_t *sel; bool found = FALSE; diff --git a/src/libcharon/plugins/eap_radius/eap_radius_provider.c b/src/libcharon/plugins/eap_radius/eap_radius_provider.c index 0f207fbe6..9a87ad38d 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_provider.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_provider.c @@ -469,7 +469,7 @@ METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, } METHOD(eap_radius_provider_t, add_framed_ip, void, - private_eap_radius_provider_t *this, u_int32_t id, host_t *ip) + private_eap_radius_provider_t *this, uint32_t id, host_t *ip) { this->listener.mutex->lock(this->listener.mutex); add_addr(this, this->listener.unclaimed, id, ip); @@ -477,7 +477,7 @@ METHOD(eap_radius_provider_t, add_framed_ip, void, } METHOD(eap_radius_provider_t, add_attribute, void, - private_eap_radius_provider_t *this, u_int32_t id, + private_eap_radius_provider_t *this, uint32_t id, configuration_attribute_type_t type, chunk_t data) { attr_t *attr; diff --git a/src/libcharon/plugins/eap_radius/eap_radius_provider.h b/src/libcharon/plugins/eap_radius/eap_radius_provider.h index 5a62f4a38..80971bddb 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_provider.h +++ b/src/libcharon/plugins/eap_radius/eap_radius_provider.h @@ -42,7 +42,7 @@ struct eap_radius_provider_t { * @param id IKE_SA unique identifier * @param ip IP address received from RADIUS server, gets owned */ - void (*add_framed_ip)(eap_radius_provider_t *this, u_int32_t id, + void (*add_framed_ip)(eap_radius_provider_t *this, uint32_t id, host_t *ip); /** @@ -52,7 +52,7 @@ struct eap_radius_provider_t { * @param type attribute type * @param data attribute data */ - void (*add_attribute)(eap_radius_provider_t *this, u_int32_t id, + void (*add_attribute)(eap_radius_provider_t *this, uint32_t id, configuration_attribute_type_t type, chunk_t data); /** diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in index aaa24bb17..f1b8adb71 100644 --- a/src/libcharon/plugins/eap_sim/Makefile.in +++ b/src/libcharon/plugins/eap_sim/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_sim -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -465,7 +479,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -780,6 +793,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_sim/eap_sim_peer.c b/src/libcharon/plugins/eap_sim/eap_sim_peer.c index 2637b4314..37f8a879e 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_peer.c +++ b/src/libcharon/plugins/eap_sim/eap_sim_peer.c @@ -64,7 +64,7 @@ struct private_eap_sim_peer_t { /** * EAP message identifier */ - u_int8_t identifier; + uint8_t identifier; /** * EAP-SIM crypto helper @@ -99,7 +99,7 @@ struct private_eap_sim_peer_t { /** * Counter value if reauthentication is used */ - u_int16_t counter; + uint16_t counter; }; /* version of SIM protocol we speak */ @@ -130,7 +130,7 @@ static bool create_client_error(private_eap_sim_peer_t *this, simaka_client_error_t code, eap_payload_t **out) { simaka_message_t *message; - u_int16_t encoded; + uint16_t encoded; DBG1(DBG_IKE, "sending client error '%N'", simaka_client_error_names, code); @@ -404,7 +404,7 @@ static status_t process_challenge(private_eap_sim_peer_t *this, */ static bool counter_too_small(private_eap_sim_peer_t *this, chunk_t chunk) { - u_int16_t counter; + uint16_t counter; memcpy(&counter, chunk.ptr, sizeof(counter)); counter = htons(counter); @@ -540,7 +540,7 @@ static status_t process_notification(private_eap_sim_peer_t *this, { if (type == AT_NOTIFICATION) { - u_int16_t code; + uint16_t code; memcpy(&code, data.ptr, sizeof(code)); code = ntohs(code); @@ -650,7 +650,7 @@ METHOD(eap_method_t, initiate, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_sim_peer_t *this, u_int32_t *vendor) + private_eap_sim_peer_t *this, uint32_t *vendor) { *vendor = 0; return EAP_SIM; @@ -667,14 +667,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_sim_peer_t *this) { return this->identifier; } METHOD(eap_method_t, set_identifier, void, - private_eap_sim_peer_t *this, u_int8_t identifier) + private_eap_sim_peer_t *this, uint8_t identifier) { this->identifier = identifier; } diff --git a/src/libcharon/plugins/eap_sim/eap_sim_server.c b/src/libcharon/plugins/eap_sim/eap_sim_server.c index 5aa54db3e..3b413cfc6 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_server.c +++ b/src/libcharon/plugins/eap_sim/eap_sim_server.c @@ -67,7 +67,7 @@ struct private_eap_sim_server_t { /** * unique EAP identifier */ - u_int8_t identifier; + uint8_t identifier; /** * concatenated SRES values @@ -163,7 +163,7 @@ METHOD(eap_method_t, initiate, status_t, * Initiate EAP-SIM/Request/Re-authentication message */ static status_t reauthenticate(private_eap_sim_server_t *this, - char mk[HASH_SIZE_SHA1], u_int16_t counter, + char mk[HASH_SIZE_SHA1], uint16_t counter, eap_payload_t **out) { simaka_message_t *message; @@ -328,7 +328,7 @@ static status_t process_start(private_eap_sim_server_t *this, if (this->use_reauth && !nonce.len) { char mk[HASH_SIZE_SHA1]; - u_int16_t counter; + uint16_t counter; permanent = this->mgr->provider_is_reauth(this->mgr, id, mk, &counter); @@ -495,7 +495,7 @@ static status_t process_client_error(private_eap_sim_server_t *this, { if (type == AT_CLIENT_ERROR_CODE) { - u_int16_t code; + uint16_t code; memcpy(&code, data.ptr, sizeof(code)); DBG1(DBG_IKE, "received EAP-SIM client error '%N'", @@ -551,7 +551,7 @@ METHOD(eap_method_t, process, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_sim_server_t *this, u_int32_t *vendor) + private_eap_sim_server_t *this, uint32_t *vendor) { *vendor = 0; return EAP_SIM; @@ -568,14 +568,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_sim_server_t *this) { return this->identifier; } METHOD(eap_method_t, set_identifier, void, - private_eap_sim_server_t *this, u_int8_t identifier) + private_eap_sim_server_t *this, uint8_t identifier) { this->identifier = identifier; } diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in index 6e61f99de..40ff9f245 100644 --- a/src/libcharon/plugins/eap_sim_file/Makefile.in +++ b/src/libcharon/plugins/eap_sim_file/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_sim_file -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -468,7 +482,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim_file/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim_file/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -784,6 +797,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in index e821e3ee2..354c7a12d 100644 --- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in +++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ @MONOLITHIC_FALSE@am__append_1 = $(top_builddir)/src/libsimaka/libsimaka.la subdir = src/libcharon/plugins/eap_sim_pcsc -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -206,12 +215,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -261,6 +272,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -295,6 +307,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -406,6 +419,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -468,7 +482,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim_pcsc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim_pcsc/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -782,6 +795,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in index b883f0abd..4e3105ffd 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_simaka_pseudonym -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -206,12 +215,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -261,6 +272,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -295,6 +307,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -406,6 +419,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -467,7 +481,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_pseudonym/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_pseudonym/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -782,6 +795,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c index b5bbdd60f..758bce4d9 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c +++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c @@ -1,6 +1,7 @@ /* + * Copyright (C) 2016 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -31,16 +32,31 @@ struct private_eap_simaka_pseudonym_card_t { eap_simaka_pseudonym_card_t public; /** - * Permanent -> pseudonym mappings + * Permanent -> pseudonym mappings (entry_t*) */ hashtable_t *pseudonym; - - /** - * Reverse pseudonym -> permanent mappings - */ - hashtable_t *permanent; }; +/** + * Mapping between real and pseudonym identity + */ +typedef struct { + + /** Real identity */ + identification_t *id; + + /** Pseudonym */ + identification_t *pseudonym; + +} entry_t; + +static void destroy_entry(entry_t *this) +{ + this->id->destroy(this->id); + this->pseudonym->destroy(this->pseudonym); + free(this); +} + /** * hashtable hash function */ @@ -60,12 +76,12 @@ static bool equals(identification_t *key1, identification_t *key2) METHOD(simaka_card_t, get_pseudonym, identification_t*, private_eap_simaka_pseudonym_card_t *this, identification_t *id) { - identification_t *pseudonym; + entry_t *entry; - pseudonym = this->pseudonym->get(this->pseudonym, id); - if (pseudonym) + entry = this->pseudonym->get(this->pseudonym, id); + if (entry) { - return pseudonym->clone(pseudonym); + return entry->pseudonym->clone(entry->pseudonym); } return NULL; } @@ -74,17 +90,17 @@ METHOD(simaka_card_t, set_pseudonym, void, private_eap_simaka_pseudonym_card_t *this, identification_t *id, identification_t *pseudonym) { - identification_t *permanent; - - /* create new entries */ - id = id->clone(id); - pseudonym = pseudonym->clone(pseudonym); - permanent = this->permanent->put(this->permanent, pseudonym, id); - pseudonym = this->pseudonym->put(this->pseudonym, id, pseudonym); + entry_t *entry; - /* delete old entries */ - DESTROY_IF(permanent); - DESTROY_IF(pseudonym); + INIT(entry, + .id = id->clone(id), + .pseudonym = pseudonym->clone(pseudonym), + ); + entry = this->pseudonym->put(this->pseudonym, entry->id, entry); + if (entry) + { + destroy_entry(entry); + } } METHOD(simaka_card_t, get_quintuplet, status_t, @@ -98,26 +114,7 @@ METHOD(simaka_card_t, get_quintuplet, status_t, METHOD(eap_simaka_pseudonym_card_t, destroy, void, private_eap_simaka_pseudonym_card_t *this) { - enumerator_t *enumerator; - identification_t *id; - void *key; - - enumerator = this->pseudonym->create_enumerator(this->pseudonym); - while (enumerator->enumerate(enumerator, &key, &id)) - { - id->destroy(id); - } - enumerator->destroy(enumerator); - - enumerator = this->permanent->create_enumerator(this->permanent); - while (enumerator->enumerate(enumerator, &key, &id)) - { - id->destroy(id); - } - enumerator->destroy(enumerator); - - this->pseudonym->destroy(this->pseudonym); - this->permanent->destroy(this->permanent); + this->pseudonym->destroy_function(this->pseudonym, (void*)destroy_entry); free(this); } @@ -142,9 +139,6 @@ eap_simaka_pseudonym_card_t *eap_simaka_pseudonym_card_create() .destroy = _destroy, }, .pseudonym = hashtable_create((void*)hash, (void*)equals, 0), - .permanent = hashtable_create((void*)hash, (void*)equals, 0), ); - return &this->public; } - diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in index 5417f9639..2d5747e01 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_simaka_reauth -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -466,7 +480,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_reauth/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_reauth/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -781,6 +794,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c index 5bc5fd382..153ec0f0d 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c +++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c @@ -45,7 +45,7 @@ typedef struct { /** associated permanent identity */ identification_t *permanent; /** counter value */ - u_int16_t counter; + uint16_t counter; /** master key */ char mk[HASH_SIZE_SHA1]; } reauth_data_t; @@ -68,7 +68,7 @@ static bool equals(identification_t *key1, identification_t *key2) METHOD(simaka_card_t, get_reauth, identification_t*, private_eap_simaka_reauth_card_t *this, identification_t *id, - char mk[HASH_SIZE_SHA1], u_int16_t *counter) + char mk[HASH_SIZE_SHA1], uint16_t *counter) { reauth_data_t *data; identification_t *reauth; @@ -89,7 +89,7 @@ METHOD(simaka_card_t, get_reauth, identification_t*, METHOD(simaka_card_t, set_reauth, void, private_eap_simaka_reauth_card_t *this, identification_t *id, - identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter) + identification_t* next, char mk[HASH_SIZE_SHA1], uint16_t counter) { reauth_data_t *data; diff --git a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c index 937095ec1..543b5579b 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c +++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c @@ -53,7 +53,7 @@ typedef struct { /** currently used reauthentication identity */ identification_t *id; /** counter value */ - u_int16_t counter; + uint16_t counter; /** master key */ char mk[HASH_SIZE_SHA1]; } reauth_data_t; @@ -92,7 +92,7 @@ static identification_t *gen_identity(private_eap_simaka_reauth_provider_t *this METHOD(simaka_provider_t, is_reauth, identification_t*, private_eap_simaka_reauth_provider_t *this, identification_t *id, - char mk[HASH_SIZE_SHA1], u_int16_t *counter) + char mk[HASH_SIZE_SHA1], uint16_t *counter) { identification_t *permanent; reauth_data_t *data; diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in index c858e467c..a491899ac 100644 --- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_simaka_sql -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -466,7 +480,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_sql/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_sql/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -781,6 +794,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in index c953d0e9c..c912f9ff4 100644 --- a/src/libcharon/plugins/eap_tls/Makefile.in +++ b/src/libcharon/plugins/eap_tls/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_tls -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_tls/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_tls/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_tls/eap_tls.c b/src/libcharon/plugins/eap_tls/eap_tls.c index bc01ba5df..79e87dc89 100644 --- a/src/libcharon/plugins/eap_tls/eap_tls.c +++ b/src/libcharon/plugins/eap_tls/eap_tls.c @@ -74,7 +74,7 @@ METHOD(eap_method_t, process, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_tls_t *this, u_int32_t *vendor) + private_eap_tls_t *this, uint32_t *vendor) { *vendor = 0; return EAP_TLS; @@ -91,14 +91,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_tls_t *this) { return this->tls_eap->get_identifier(this->tls_eap); } METHOD(eap_method_t, set_identifier, void, - private_eap_tls_t *this, u_int8_t identifier) + private_eap_tls_t *this, uint8_t identifier) { this->tls_eap->set_identifier(this->tls_eap, identifier); } diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in index 2f197ed33..efef3af20 100644 --- a/src/libcharon/plugins/eap_tnc/Makefile.in +++ b/src/libcharon/plugins/eap_tnc/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_tnc -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -468,7 +482,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_tnc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_tnc/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -782,6 +795,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in index b563acdda..6f39b8455 100644 --- a/src/libcharon/plugins/eap_ttls/Makefile.in +++ b/src/libcharon/plugins/eap_ttls/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_ttls -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -469,7 +483,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_ttls/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_ttls/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -786,6 +799,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls.c b/src/libcharon/plugins/eap_ttls/eap_ttls.c index c99d47f8d..9987c43d4 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls.c @@ -76,7 +76,7 @@ METHOD(eap_method_t, process, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_ttls_t *this, u_int32_t *vendor) + private_eap_ttls_t *this, uint32_t *vendor) { *vendor = 0; return EAP_TTLS; @@ -93,14 +93,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_ttls_t *this) { return this->tls_eap->get_identifier(this->tls_eap); } METHOD(eap_method_t, set_identifier, void, - private_eap_ttls_t *this, u_int8_t identifier) + private_eap_ttls_t *this, uint8_t identifier) { this->tls_eap->set_identifier(this->tls_eap, identifier); } diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c b/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c index 47e0f8afb..f75e3e0a6 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c @@ -58,8 +58,8 @@ METHOD(eap_ttls_avp_t, build, void, { char zero_padding[] = { 0x00, 0x00, 0x00 }; chunk_t avp_padding; - u_int8_t avp_flags; - u_int32_t avp_len; + uint8_t avp_flags; + uint32_t avp_len; avp_flags = 0x40; avp_len = 8 + data.len; @@ -81,9 +81,9 @@ METHOD(eap_ttls_avp_t, process, status_t, if (this->process_header) { bio_reader_t *header; - u_int32_t avp_code; - u_int8_t avp_flags; - u_int32_t avp_len; + uint32_t avp_code; + uint8_t avp_flags; + uint32_t avp_len; bool success; len = min(reader->remaining(reader), AVP_HEADER_LEN - this->inpos); diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c index e0b59a681..be6a0812e 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c @@ -75,8 +75,8 @@ METHOD(tls_application_t, process, status_t, eap_packet_t *pkt; eap_code_t code; eap_type_t type, received_type; - u_int32_t vendor, received_vendor; - u_int16_t eap_len; + uint32_t vendor, received_vendor; + uint16_t eap_len; size_t eap_pos = 0; bool concatenated = FALSE; @@ -240,7 +240,7 @@ METHOD(tls_application_t, build, status_t, chunk_t data; eap_code_t code; eap_type_t type; - u_int32_t vendor; + uint32_t vendor; if (this->method == NULL && this->start_phase2) { diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in index 03dfe3d60..d3fd2a198 100644 --- a/src/libcharon/plugins/error_notify/Makefile.in +++ b/src/libcharon/plugins/error_notify/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = error-notify$(EXEEXT) subdir = src/libcharon/plugins/error_notify -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -211,12 +220,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -266,6 +277,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -300,6 +312,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -411,6 +424,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -473,7 +487,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/error_notify/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/error_notify/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -843,6 +856,8 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/error_notify/error_notify_listener.c b/src/libcharon/plugins/error_notify/error_notify_listener.c index ce577c62c..be84ec05b 100644 --- a/src/libcharon/plugins/error_notify/error_notify_listener.c +++ b/src/libcharon/plugins/error_notify/error_notify_listener.c @@ -83,6 +83,11 @@ METHOD(listener_t, alert, bool, snprintf(msg.str, sizeof(msg.str), "parsing IKE message from " "%#H failed", message->get_source(message)); break; + case ALERT_RETRANSMIT_SEND: + msg.type = htonl(ERROR_NOTIFY_RETRANSMIT_SEND); + snprintf(msg.str, sizeof(msg.str), "IKE message retransmission " + "number %u", va_arg(args, u_int)); + break; case ALERT_RETRANSMIT_SEND_TIMEOUT: msg.type = htonl(ERROR_NOTIFY_RETRANSMIT_SEND_TIMEOUT); snprintf(msg.str, sizeof(msg.str), diff --git a/src/libcharon/plugins/error_notify/error_notify_msg.h b/src/libcharon/plugins/error_notify/error_notify_msg.h index c66080276..74b590800 100644 --- a/src/libcharon/plugins/error_notify/error_notify_msg.h +++ b/src/libcharon/plugins/error_notify/error_notify_msg.h @@ -48,6 +48,7 @@ enum { ERROR_NOTIFY_CERT_EXPIRED = 17, ERROR_NOTIFY_CERT_REVOKED = 18, ERROR_NOTIFY_NO_ISSUER_CERT = 19, + ERROR_NOTIFY_RETRANSMIT_SEND = 20, }; /** diff --git a/src/libcharon/plugins/ext_auth/Makefile.in b/src/libcharon/plugins/ext_auth/Makefile.in index fce2e8e63..c49c55fdb 100644 --- a/src/libcharon/plugins/ext_auth/Makefile.in +++ b/src/libcharon/plugins/ext_auth/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/ext_auth -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/ext_auth/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/ext_auth/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in index 2afc5ad76..4674a78b4 100644 --- a/src/libcharon/plugins/farp/Makefile.in +++ b/src/libcharon/plugins/farp/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/farp -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/farp/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/farp/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/farp/farp_listener.c b/src/libcharon/plugins/farp/farp_listener.c index 87c84359c..e19fc5972 100644 --- a/src/libcharon/plugins/farp/farp_listener.c +++ b/src/libcharon/plugins/farp/farp_listener.c @@ -50,7 +50,7 @@ typedef struct { /** list of remote selectors */ linked_list_t *remote; /** reqid of CHILD_SA */ - u_int32_t reqid; + uint32_t reqid; } entry_t; METHOD(listener_t, child_updown, bool, diff --git a/src/libcharon/plugins/farp/farp_spoofer.c b/src/libcharon/plugins/farp/farp_spoofer.c index 9f66d7407..c2715bd5a 100644 --- a/src/libcharon/plugins/farp/farp_spoofer.c +++ b/src/libcharon/plugins/farp/farp_spoofer.c @@ -54,15 +54,15 @@ struct private_farp_spoofer_t { * IP over Ethernet ARP message */ typedef struct __attribute__((packed)) { - u_int16_t hardware_type; - u_int16_t protocol_type; - u_int8_t hardware_size; - u_int8_t protocol_size; - u_int16_t opcode; - u_int8_t sender_mac[6]; - u_int8_t sender_ip[4]; - u_int8_t target_mac[6]; - u_int8_t target_ip[4]; + uint16_t hardware_type; + uint16_t protocol_type; + uint8_t hardware_size; + uint8_t protocol_size; + uint16_t opcode; + uint8_t sender_mac[6]; + uint8_t sender_ip[4]; + uint8_t target_mac[6]; + uint8_t target_ip[4]; } arp_t; /** diff --git a/src/libcharon/plugins/forecast/Makefile.in b/src/libcharon/plugins/forecast/Makefile.in index 4f2a407b4..d29134f33 100644 --- a/src/libcharon/plugins/forecast/Makefile.in +++ b/src/libcharon/plugins/forecast/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/forecast -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -464,7 +478,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/forecast/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/forecast/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -779,6 +792,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/forecast/forecast_forwarder.c b/src/libcharon/plugins/forecast/forecast_forwarder.c index 40aaa7f25..ce3909737 100644 --- a/src/libcharon/plugins/forecast/forecast_forwarder.c +++ b/src/libcharon/plugins/forecast/forecast_forwarder.c @@ -55,7 +55,7 @@ struct private_kernel_listener_t { /** * current broadcast address of internal network */ - u_int32_t broadcast; + uint32_t broadcast; /** * LAN interface index @@ -105,7 +105,7 @@ static void send_net(private_forecast_forwarder_t *this, /** * Send a broadcast/multicast packet to a peer */ -static void send_peer(private_forecast_forwarder_t *this, u_int32_t dst, +static void send_peer(private_forecast_forwarder_t *this, uint32_t dst, void *buf, size_t len, int mark) { struct sockaddr_in addr = { @@ -317,7 +317,7 @@ static void join_groups(private_kernel_listener_t *this, struct sockaddr *addr) /** * Attach the socket filter to the socket */ -static bool attach_filter(int fd, u_int32_t broadcast) +static bool attach_filter(int fd, uint32_t broadcast) { struct sock_filter filter_code[] = { /* destination address: is ... */ diff --git a/src/libcharon/plugins/forecast/forecast_listener.c b/src/libcharon/plugins/forecast/forecast_listener.c index 8f7f2600c..3f252db2d 100644 --- a/src/libcharon/plugins/forecast/forecast_listener.c +++ b/src/libcharon/plugins/forecast/forecast_listener.c @@ -67,7 +67,7 @@ struct private_forecast_listener_t { /** * Broadcast address on LAN interface, network order */ - u_int32_t broadcast; + uint32_t broadcast; }; /** @@ -85,13 +85,13 @@ typedef struct { /** remote IKE_SA endpoint */ host_t *rhost; /** inbound SPI */ - u_int32_t spi; + uint32_t spi; /** use UDP encapsulation */ bool encap; /** whether we should allow reencapsulation of IPsec received forecasts */ bool reinject; /** broadcast address used for that entry */ - u_int32_t broadcast; + uint32_t broadcast; } entry_t; /** @@ -115,7 +115,7 @@ static void entry_destroy(entry_t *entry) static bool ts2in(traffic_selector_t *ts, struct in_addr *addr, struct in_addr *mask) { - u_int8_t bits; + uint8_t bits; host_t *net; if (ts->get_type(ts) == TS_IPV4_ADDR_RANGE && @@ -179,12 +179,12 @@ static bool manage_rule(struct iptc_handle *ipth, const char *chain, static bool manage_pre_esp_in_udp(struct iptc_handle *ipth, entry_t *entry, bool add) { - u_int16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + + uint16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + XT_ALIGN(sizeof(struct xt_udp)); - u_int16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; - u_int16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + + uint16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; + uint16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + XT_ALIGN(sizeof(struct xt_mark_tginfo2)); - u_int16_t entry_size = target_offset + target_size; + uint16_t entry_size = target_offset + target_size; u_char ipt[entry_size], *pos = ipt; struct ipt_entry *e; @@ -240,12 +240,12 @@ static bool manage_pre_esp_in_udp(struct iptc_handle *ipth, */ static bool manage_pre_esp(struct iptc_handle *ipth, entry_t *entry, bool add) { - u_int16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + + uint16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + XT_ALIGN(sizeof(struct xt_esp)); - u_int16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; - u_int16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + + uint16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; + uint16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + XT_ALIGN(sizeof(struct xt_mark_tginfo2)); - u_int16_t entry_size = target_offset + target_size; + uint16_t entry_size = target_offset + target_size; u_char ipt[entry_size], *pos = ipt; struct ipt_entry *e; @@ -306,10 +306,10 @@ static bool manage_pre(struct iptc_handle *ipth, entry_t *entry, bool add) */ static bool manage_out(struct iptc_handle *ipth, entry_t *entry, bool add) { - u_int16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)); - u_int16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + + uint16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)); + uint16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + XT_ALIGN(sizeof(struct xt_mark_tginfo2)); - u_int16_t entry_size = target_offset + target_size; + uint16_t entry_size = target_offset + target_size; u_char ipt[entry_size], *pos = ipt; struct ipt_entry *e; @@ -617,7 +617,7 @@ METHOD(listener_t, ike_update, bool, * Filter to map entries to ts/mark */ static bool ts_filter(entry_t *entry, traffic_selector_t **ts, - traffic_selector_t **out, void *dummy, u_int32_t *mark, + traffic_selector_t **out, void *dummy, uint32_t *mark, void *dummy2, bool *reinject) { *out = *ts; diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in index 677c36afe..420b8bdb7 100644 --- a/src/libcharon/plugins/ha/Makefile.in +++ b/src/libcharon/plugins/ha/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/ha -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -472,7 +486,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/ha/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/ha/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -796,6 +809,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/ha/ha_attribute.c b/src/libcharon/plugins/ha/ha_attribute.c index 2b271a8e7..b20ef876a 100644 --- a/src/libcharon/plugins/ha/ha_attribute.c +++ b/src/libcharon/plugins/ha/ha_attribute.c @@ -83,7 +83,7 @@ static host_t* offset2host(pool_t *pool, int offset) { chunk_t addr; host_t *host; - u_int32_t *pos; + uint32_t *pos; if (offset > pool->size) { @@ -93,11 +93,11 @@ static host_t* offset2host(pool_t *pool, int offset) addr = chunk_clone(pool->base->get_address(pool->base)); if (pool->base->get_family(pool->base) == AF_INET6) { - pos = (u_int32_t*)(addr.ptr + 12); + pos = (uint32_t*)(addr.ptr + 12); } else { - pos = (u_int32_t*)addr.ptr; + pos = (uint32_t*)addr.ptr; } *pos = htonl(offset + ntohl(*pos)); host = host_create_from_chunk(pool->base->get_family(pool->base), addr, 0); @@ -111,7 +111,7 @@ static host_t* offset2host(pool_t *pool, int offset) static int host2offset(pool_t *pool, host_t *addr) { chunk_t host, base; - u_int32_t hosti, basei; + uint32_t hosti, basei; if (addr->get_family(addr) != pool->base->get_family(pool->base)) { @@ -129,8 +129,8 @@ static int host2offset(pool_t *pool, host_t *addr) host = chunk_skip(host, 12); base = chunk_skip(base, 12); } - hosti = ntohl(*(u_int32_t*)(host.ptr)); - basei = ntohl(*(u_int32_t*)(base.ptr)); + hosti = ntohl(*(uint32_t*)(host.ptr)); + basei = ntohl(*(uint32_t*)(base.ptr)); if (hosti > basei + pool->size) { return -1; diff --git a/src/libcharon/plugins/ha/ha_cache.c b/src/libcharon/plugins/ha/ha_cache.c index 0650f7fd9..8394eb722 100644 --- a/src/libcharon/plugins/ha/ha_cache.c +++ b/src/libcharon/plugins/ha/ha_cache.c @@ -186,11 +186,13 @@ METHOD(ha_cache_t, delete_, void, { entry_t *entry; + this->mutex->lock(this->mutex); entry = this->cache->remove(this->cache, ike_sa); if (entry) { entry_destroy(entry); } + this->mutex->unlock(this->mutex); } /** @@ -204,7 +206,7 @@ static status_t rekey_children(ike_sa_t *ike_sa) linked_list_t *children; struct { protocol_id_t protocol; - u_int32_t spi; + uint32_t spi; } *info; children = linked_list_create(); diff --git a/src/libcharon/plugins/ha/ha_child.c b/src/libcharon/plugins/ha/ha_child.c index 7dafb1693..8c9f66aa7 100644 --- a/src/libcharon/plugins/ha/ha_child.c +++ b/src/libcharon/plugins/ha/ha_child.c @@ -55,7 +55,7 @@ METHOD(listener_t, child_keys, bool, ha_message_t *m; chunk_t secret; proposal_t *proposal; - u_int16_t alg, len; + uint16_t alg, len; linked_list_t *local_ts, *remote_ts; enumerator_t *enumerator; traffic_selector_t *ts; @@ -69,7 +69,7 @@ METHOD(listener_t, child_keys, bool, m = ha_message_create(HA_CHILD_ADD); m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa)); - m->add_attribute(m, HA_INITIATOR, (u_int8_t)initiator); + m->add_attribute(m, HA_INITIATOR, (uint8_t)initiator); m->add_attribute(m, HA_INBOUND_SPI, child_sa->get_spi(child_sa, TRUE)); m->add_attribute(m, HA_OUTBOUND_SPI, child_sa->get_spi(child_sa, FALSE)); m->add_attribute(m, HA_INBOUND_CPI, child_sa->get_cpi(child_sa, TRUE)); diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c index ce90f5bfe..ee66b8442 100644 --- a/src/libcharon/plugins/ha/ha_dispatcher.c +++ b/src/libcharon/plugins/ha/ha_dispatcher.c @@ -131,8 +131,8 @@ static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message enumerator_t *enumerator; ike_sa_t *ike_sa = NULL, *old_sa = NULL; ike_version_t version = IKEV2; - u_int16_t encr = 0, len = 0, integ = 0, prf = 0, old_prf = PRF_UNDEFINED; - u_int16_t dh_grp = 0; + uint16_t encr = 0, len = 0, integ = 0, prf = 0, old_prf = PRF_UNDEFINED; + uint16_t dh_grp = 0; chunk_t nonce_i = chunk_empty, nonce_r = chunk_empty; chunk_t secret = chunk_empty, old_skd = chunk_empty; chunk_t dh_local = chunk_empty, dh_remote = chunk_empty, psk = chunk_empty; @@ -486,7 +486,7 @@ static void process_ike_mid(private_ha_dispatcher_t *this, ha_message_value_t value; enumerator_t *enumerator; ike_sa_t *ike_sa = NULL; - u_int32_t mid = 0; + uint32_t mid = 0; enumerator = message->create_attribute_enumerator(message); while (enumerator->enumerate(enumerator, &attribute, &value)) @@ -652,11 +652,11 @@ static void process_child_add(private_ha_dispatcher_t *this, child_sa_t *child_sa; proposal_t *proposal; bool initiator = FALSE, failed = FALSE, ok = FALSE; - u_int32_t inbound_spi = 0, outbound_spi = 0; - u_int16_t inbound_cpi = 0, outbound_cpi = 0; - u_int8_t mode = MODE_TUNNEL, ipcomp = 0; - u_int16_t encr = 0, integ = 0, len = 0, dh_grp = 0; - u_int16_t esn = NO_EXT_SEQ_NUMBERS; + uint32_t inbound_spi = 0, outbound_spi = 0; + uint16_t inbound_cpi = 0, outbound_cpi = 0; + uint8_t mode = MODE_TUNNEL, ipcomp = 0; + uint16_t encr = 0, integ = 0, len = 0, dh_grp = 0; + uint16_t esn = NO_EXT_SEQ_NUMBERS; u_int seg_i, seg_o; chunk_t nonce_i = chunk_empty, nonce_r = chunk_empty, secret = chunk_empty; chunk_t encr_i, integ_i, encr_r, integ_r; @@ -777,7 +777,7 @@ static void process_child_add(private_ha_dispatcher_t *this, if (ike_sa->get_version(ike_sa) == IKEV1) { keymat_v1_t *keymat_v1 = (keymat_v1_t*)ike_sa->get_keymat(ike_sa); - u_int32_t spi_i, spi_r; + uint32_t spi_i, spi_r; spi_i = initiator ? inbound_spi : outbound_spi; spi_r = initiator ? outbound_spi : inbound_spi; @@ -889,7 +889,7 @@ static void process_child_delete(private_ha_dispatcher_t *this, enumerator_t *enumerator; ike_sa_t *ike_sa = NULL; child_sa_t *child_sa; - u_int32_t spi = 0; + uint32_t spi = 0; enumerator = message->create_attribute_enumerator(message); while (enumerator->enumerate(enumerator, &attribute, &value)) diff --git a/src/libcharon/plugins/ha/ha_ike.c b/src/libcharon/plugins/ha/ha_ike.c index 3ffcaee6b..992ccb06c 100644 --- a/src/libcharon/plugins/ha/ha_ike.c +++ b/src/libcharon/plugins/ha/ha_ike.c @@ -78,7 +78,7 @@ METHOD(listener_t, ike_keys, bool, ha_message_t *m; chunk_t secret; proposal_t *proposal; - u_int16_t alg, len; + uint16_t alg, len; if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa)) { /* do not sync SA between nodes */ @@ -168,7 +168,7 @@ METHOD(listener_t, ike_updown, bool, { enumerator_t *enumerator; peer_cfg_t *peer_cfg; - u_int32_t extension, condition; + uint32_t extension, condition; host_t *addr; ike_sa_id_t *id; identification_t *eap_id; @@ -349,7 +349,7 @@ METHOD(listener_t, message_hook, bool, ha_message_t *m; notify_payload_t *notify; chunk_t data; - u_int32_t seq; + uint32_t seq; notify = message->get_notify(message, DPD_R_U_THERE); if (notify) diff --git a/src/libcharon/plugins/ha/ha_kernel.c b/src/libcharon/plugins/ha/ha_kernel.c index bd43dc351..061741eb7 100644 --- a/src/libcharon/plugins/ha/ha_kernel.c +++ b/src/libcharon/plugins/ha/ha_kernel.c @@ -15,8 +15,8 @@ #include "ha_kernel.h" -typedef u_int32_t u32; -typedef u_int8_t u8; +typedef uint32_t u32; +typedef uint8_t u8; #include #include @@ -115,9 +115,9 @@ static jhash_version_t get_jhash_version() /** * jhash algorithm of two words, as used in kernel (using 0 as initval) */ -static u_int32_t jhash(jhash_version_t version, u_int32_t a, u_int32_t b) +static uint32_t jhash(jhash_version_t version, uint32_t a, uint32_t b) { - u_int32_t c = 0; + uint32_t c = 0; switch (version) { @@ -162,7 +162,7 @@ static u_int32_t jhash(jhash_version_t version, u_int32_t a, u_int32_t b) /** * Segmentate a calculated hash */ -static u_int hash2segment(private_ha_kernel_t *this, u_int64_t hash) +static u_int hash2segment(private_ha_kernel_t *this, uint64_t hash) { return ((hash * this->count) >> 32) + 1; } @@ -170,11 +170,11 @@ static u_int hash2segment(private_ha_kernel_t *this, u_int64_t hash) /** * Get a host as an integer for hashing */ -static u_int32_t host2int(host_t *host) +static uint32_t host2int(host_t *host) { if (host->get_family(host) == AF_INET) { - return *(u_int32_t*)host->get_address(host).ptr; + return *(uint32_t*)host->get_address(host).ptr; } return 0; } @@ -183,7 +183,7 @@ METHOD(ha_kernel_t, get_segment, u_int, private_ha_kernel_t *this, host_t *host) { unsigned long hash; - u_int32_t addr; + uint32_t addr; addr = host2int(host); hash = jhash(this->version, ntohl(addr), 0); @@ -192,10 +192,10 @@ METHOD(ha_kernel_t, get_segment, u_int, } METHOD(ha_kernel_t, get_segment_spi, u_int, - private_ha_kernel_t *this, host_t *host, u_int32_t spi) + private_ha_kernel_t *this, host_t *host, uint32_t spi) { unsigned long hash; - u_int32_t addr; + uint32_t addr; addr = host2int(host); hash = jhash(this->version, ntohl(addr), ntohl(spi)); diff --git a/src/libcharon/plugins/ha/ha_kernel.h b/src/libcharon/plugins/ha/ha_kernel.h index 7b56f1e3a..bd0a3825b 100644 --- a/src/libcharon/plugins/ha/ha_kernel.h +++ b/src/libcharon/plugins/ha/ha_kernel.h @@ -45,7 +45,7 @@ struct ha_kernel_t { * @param spi SPI to include in hash * @return segment number */ - u_int (*get_segment_spi)(ha_kernel_t *this, host_t *host, u_int32_t spi); + u_int (*get_segment_spi)(ha_kernel_t *this, host_t *host, uint32_t spi); /** * Get the segment an arbitrary integer is in. diff --git a/src/libcharon/plugins/ha/ha_message.c b/src/libcharon/plugins/ha/ha_message.c index b40219ce1..42dfaf0e2 100644 --- a/src/libcharon/plugins/ha/ha_message.c +++ b/src/libcharon/plugins/ha/ha_message.c @@ -67,10 +67,10 @@ typedef struct ike_sa_id_encoding_t ike_sa_id_encoding_t; * Encoding if an ike_sa_id_t */ struct ike_sa_id_encoding_t { - u_int8_t ike_version; - u_int64_t initiator_spi; - u_int64_t responder_spi; - u_int8_t initiator; + uint8_t ike_version; + uint64_t initiator_spi; + uint64_t responder_spi; + uint8_t initiator; } __attribute__((packed)); typedef struct identification_encoding_t identification_encoding_t; @@ -79,8 +79,8 @@ typedef struct identification_encoding_t identification_encoding_t; * Encoding of a identification_t */ struct identification_encoding_t { - u_int8_t type; - u_int8_t len; + uint8_t type; + uint8_t len; char encoding[]; } __attribute__((packed)); @@ -90,8 +90,8 @@ typedef struct host_encoding_t host_encoding_t; * encoding of a host_t */ struct host_encoding_t { - u_int16_t port; - u_int8_t family; + uint16_t port; + uint8_t family; char encoding[]; } __attribute__((packed)); @@ -101,11 +101,11 @@ typedef struct ts_encoding_t ts_encoding_t; * encoding of a traffic_selector_t */ struct ts_encoding_t { - u_int8_t type; - u_int8_t protocol; - u_int16_t from_port; - u_int16_t to_port; - u_int8_t dynamic; + uint8_t type; + uint8_t protocol; + uint16_t from_port; + uint16_t to_port; + uint8_t dynamic; char encoding[]; } __attribute__((packed)); @@ -139,9 +139,9 @@ METHOD(ha_message_t, add_attribute, void, size_t len; va_list args; - check_buf(this, sizeof(u_int8_t)); + check_buf(this, sizeof(uint8_t)); this->buf.ptr[this->buf.len] = attribute; - this->buf.len += sizeof(u_int8_t); + this->buf.len += sizeof(uint8_t); va_start(args, attribute); switch (attribute) @@ -215,13 +215,13 @@ METHOD(ha_message_t, add_attribute, void, this->buf.len += len; break; } - /* u_int8_t */ + /* uint8_t */ case HA_IKE_VERSION: case HA_INITIATOR: case HA_IPSEC_MODE: case HA_IPCOMP: { - u_int8_t val; + uint8_t val; val = va_arg(args, u_int); check_buf(this, sizeof(val)); @@ -229,7 +229,7 @@ METHOD(ha_message_t, add_attribute, void, this->buf.len += sizeof(val); break; } - /* u_int16_t */ + /* uint16_t */ case HA_ALG_DH: case HA_ALG_PRF: case HA_ALG_OLD_PRF: @@ -241,26 +241,26 @@ METHOD(ha_message_t, add_attribute, void, case HA_SEGMENT: case HA_ESN: { - u_int16_t val; + uint16_t val; val = va_arg(args, u_int); check_buf(this, sizeof(val)); - *(u_int16_t*)(this->buf.ptr + this->buf.len) = htons(val); + *(uint16_t*)(this->buf.ptr + this->buf.len) = htons(val); this->buf.len += sizeof(val); break; } - /** u_int32_t */ + /** uint32_t */ case HA_CONDITIONS: case HA_EXTENSIONS: case HA_INBOUND_SPI: case HA_OUTBOUND_SPI: case HA_MID: { - u_int32_t val; + uint32_t val; val = va_arg(args, u_int); check_buf(this, sizeof(val)); - *(u_int32_t*)(this->buf.ptr + this->buf.len) = htonl(val); + *(uint32_t*)(this->buf.ptr + this->buf.len) = htonl(val); this->buf.len += sizeof(val); break; } @@ -277,11 +277,11 @@ METHOD(ha_message_t, add_attribute, void, chunk_t chunk; chunk = va_arg(args, chunk_t); - check_buf(this, chunk.len + sizeof(u_int16_t)); - *(u_int16_t*)(this->buf.ptr + this->buf.len) = htons(chunk.len); - memcpy(this->buf.ptr + this->buf.len + sizeof(u_int16_t), + check_buf(this, chunk.len + sizeof(uint16_t)); + *(uint16_t*)(this->buf.ptr + this->buf.len) = htons(chunk.len); + memcpy(this->buf.ptr + this->buf.len + sizeof(uint16_t), chunk.ptr, chunk.len); - this->buf.len += chunk.len + sizeof(u_int16_t);; + this->buf.len += chunk.len + sizeof(uint16_t);; break; } /** traffic_selector_t */ @@ -309,7 +309,7 @@ METHOD(ha_message_t, add_attribute, void, default: { DBG1(DBG_CFG, "unable to encode, attribute %d unknown", attribute); - this->buf.len -= sizeof(u_int8_t); + this->buf.len -= sizeof(uint8_t); break; } } @@ -435,22 +435,22 @@ METHOD(enumerator_t, attribute_enumerate, bool, this->buf = chunk_skip(this->buf, len + 1); return TRUE; } - /* u_int8_t */ + /* uint8_t */ case HA_IKE_VERSION: case HA_INITIATOR: case HA_IPSEC_MODE: case HA_IPCOMP: { - if (this->buf.len < sizeof(u_int8_t)) + if (this->buf.len < sizeof(uint8_t)) { return FALSE; } - value->u8 = *(u_int8_t*)this->buf.ptr; + value->u8 = *(uint8_t*)this->buf.ptr; *attr_out = attr; - this->buf = chunk_skip(this->buf, sizeof(u_int8_t)); + this->buf = chunk_skip(this->buf, sizeof(uint8_t)); return TRUE; } - /** u_int16_t */ + /** uint16_t */ case HA_ALG_DH: case HA_ALG_PRF: case HA_ALG_OLD_PRF: @@ -462,29 +462,29 @@ METHOD(enumerator_t, attribute_enumerate, bool, case HA_SEGMENT: case HA_ESN: { - if (this->buf.len < sizeof(u_int16_t)) + if (this->buf.len < sizeof(uint16_t)) { return FALSE; } - value->u16 = ntohs(*(u_int16_t*)this->buf.ptr); + value->u16 = ntohs(*(uint16_t*)this->buf.ptr); *attr_out = attr; - this->buf = chunk_skip(this->buf, sizeof(u_int16_t)); + this->buf = chunk_skip(this->buf, sizeof(uint16_t)); return TRUE; } - /** u_int32_t */ + /** uint32_t */ case HA_CONDITIONS: case HA_EXTENSIONS: case HA_INBOUND_SPI: case HA_OUTBOUND_SPI: case HA_MID: { - if (this->buf.len < sizeof(u_int32_t)) + if (this->buf.len < sizeof(uint32_t)) { return FALSE; } - value->u32 = ntohl(*(u_int32_t*)this->buf.ptr); + value->u32 = ntohl(*(uint32_t*)this->buf.ptr); *attr_out = attr; - this->buf = chunk_skip(this->buf, sizeof(u_int32_t)); + this->buf = chunk_skip(this->buf, sizeof(uint32_t)); return TRUE; } /** chunk_t */ @@ -499,12 +499,12 @@ METHOD(enumerator_t, attribute_enumerate, bool, { size_t len; - if (this->buf.len < sizeof(u_int16_t)) + if (this->buf.len < sizeof(uint16_t)) { return FALSE; } - len = ntohs(*(u_int16_t*)this->buf.ptr); - this->buf = chunk_skip(this->buf, sizeof(u_int16_t)); + len = ntohs(*(uint16_t*)this->buf.ptr); + this->buf = chunk_skip(this->buf, sizeof(uint16_t)); if (this->buf.len < len) { return FALSE; diff --git a/src/libcharon/plugins/ha/ha_message.h b/src/libcharon/plugins/ha/ha_message.h index fe1786edf..630c8af8f 100644 --- a/src/libcharon/plugins/ha/ha_message.h +++ b/src/libcharon/plugins/ha/ha_message.h @@ -92,9 +92,9 @@ enum ha_message_attribute_t { HA_REMOTE_ADDR, /** char*, name of configuration */ HA_CONFIG_NAME, - /** u_int32_t, bitset of ike_condition_t */ + /** uint32_t, bitset of ike_condition_t */ HA_CONDITIONS, - /** u_int32_t, bitset of ike_extension_t */ + /** uint32_t, bitset of ike_extension_t */ HA_EXTENSIONS, /** host_t*, local virtual IP */ HA_LOCAL_VIP, @@ -102,7 +102,7 @@ enum ha_message_attribute_t { HA_REMOTE_VIP, /** host_t*, known peer addresses (used for MOBIKE) */ HA_PEER_ADDR, - /** u_int8_t, initiator of an exchange, TRUE for local */ + /** uint8_t, initiator of an exchange, TRUE for local */ HA_INITIATOR, /** chunk_t, initiators nonce */ HA_NONCE_I, @@ -112,41 +112,41 @@ enum ha_message_attribute_t { HA_SECRET, /** chunk_t, SKd of old SA if rekeying */ HA_OLD_SKD, - /** u_int16_t, pseudo random function */ + /** uint16_t, pseudo random function */ HA_ALG_PRF, - /** u_int16_t, old pseudo random function if rekeying */ + /** uint16_t, old pseudo random function if rekeying */ HA_ALG_OLD_PRF, - /** u_int16_t, encryption algorithm */ + /** uint16_t, encryption algorithm */ HA_ALG_ENCR, - /** u_int16_t, encryption key size in bytes */ + /** uint16_t, encryption key size in bytes */ HA_ALG_ENCR_LEN, - /** u_int16_t, integrity protection algorithm */ + /** uint16_t, integrity protection algorithm */ HA_ALG_INTEG, - /** u_int16_t, DH group */ + /** uint16_t, DH group */ HA_ALG_DH, - /** u_int8_t, IPsec mode, TUNNEL|TRANSPORT|... */ + /** uint8_t, IPsec mode, TUNNEL|TRANSPORT|... */ HA_IPSEC_MODE, - /** u_int8_t, IPComp protocol */ + /** uint8_t, IPComp protocol */ HA_IPCOMP, - /** u_int32_t, inbound security parameter index */ + /** uint32_t, inbound security parameter index */ HA_INBOUND_SPI, - /** u_int32_t, outbound security parameter index */ + /** uint32_t, outbound security parameter index */ HA_OUTBOUND_SPI, - /** u_int16_t, inbound security parameter index */ + /** uint16_t, inbound security parameter index */ HA_INBOUND_CPI, - /** u_int16_t, outbound security parameter index */ + /** uint16_t, outbound security parameter index */ HA_OUTBOUND_CPI, /** traffic_selector_t*, local traffic selector */ HA_LOCAL_TS, /** traffic_selector_t*, remote traffic selector */ HA_REMOTE_TS, - /** u_int32_t, message ID */ + /** uint32_t, message ID */ HA_MID, - /** u_int16_t, HA segment */ + /** uint16_t, HA segment */ HA_SEGMENT, - /** u_int16_t, Extended Sequence numbers */ + /** uint16_t, Extended Sequence numbers */ HA_ESN, - /** u_int8_t, IKE version */ + /** uint8_t, IKE version */ HA_IKE_VERSION, /** chunk_t, own DH public value */ HA_LOCAL_DH, @@ -162,9 +162,9 @@ enum ha_message_attribute_t { * Union to enumerate typed attributes in a message */ union ha_message_value_t { - u_int8_t u8; - u_int16_t u16; - u_int32_t u32; + uint8_t u8; + uint16_t u16; + uint32_t u32; char *str; chunk_t chunk; ike_sa_id_t *ike_sa_id; diff --git a/src/libcharon/plugins/ha/ha_segments.h b/src/libcharon/plugins/ha/ha_segments.h index 76da38082..31d47e371 100644 --- a/src/libcharon/plugins/ha/ha_segments.h +++ b/src/libcharon/plugins/ha/ha_segments.h @@ -25,7 +25,7 @@ typedef struct ha_segments_t ha_segments_t; -typedef u_int16_t segment_mask_t; +typedef uint16_t segment_mask_t; /** * maximum number of segments diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c index dd2399366..a0e514614 100644 --- a/src/libcharon/plugins/ha/ha_tunnel.c +++ b/src/libcharon/plugins/ha/ha_tunnel.c @@ -79,7 +79,7 @@ struct private_ha_tunnel_t { /** * Reqid of installed trap */ - u_int32_t trap; + uint32_t trap; /** * backend for HA SA @@ -183,10 +183,22 @@ static void setup_tunnel(private_ha_tunnel_t *this, auth_cfg_t *auth_cfg; child_cfg_t *child_cfg; traffic_selector_t *ts; - lifetime_cfg_t lifetime = { - .time = { - .life = 21600, .rekey = 20400, .jitter = 400, + peer_cfg_create_t peer = { + .cert_policy = CERT_NEVER_SEND, + .unique = UNIQUE_KEEP, + .rekey_time = 86400, /* 24h */ + .jitter_time = 7200, /* 2h */ + .over_time = 3600, /* 1h */ + .no_mobike = TRUE, + .dpd = 30, + }; + child_cfg_create_t child = { + .lifetime = { + .time = { + .life = 21600, .rekey = 20400, .jitter = 400, + }, }, + .mode = MODE_TRANSPORT, }; /* setup credentials */ @@ -208,9 +220,7 @@ static void setup_tunnel(private_ha_tunnel_t *this, remote, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE)); - peer_cfg = peer_cfg_create("ha", ike_cfg, CERT_NEVER_SEND, - UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, FALSE, - TRUE, 30, 0, FALSE, NULL, NULL); + peer_cfg = peer_cfg_create("ha", ike_cfg, &peer); auth_cfg = auth_cfg_create(); auth_cfg->add(auth_cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); @@ -224,9 +234,7 @@ static void setup_tunnel(private_ha_tunnel_t *this, identification_create_from_string(remote)); peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, FALSE); - child_cfg = child_cfg_create("ha", &lifetime, NULL, TRUE, MODE_TRANSPORT, - ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, - 0, 0, NULL, NULL, 0); + child_cfg = child_cfg_create("ha", &child); ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535); diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in index 0b7a29194..38a63ea02 100644 --- a/src/libcharon/plugins/ipseckey/Makefile.in +++ b/src/libcharon/plugins/ipseckey/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/ipseckey -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/ipseckey/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/ipseckey/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/ipseckey/ipseckey.c b/src/libcharon/plugins/ipseckey/ipseckey.c index ca126d772..5ca1e27bc 100644 --- a/src/libcharon/plugins/ipseckey/ipseckey.c +++ b/src/libcharon/plugins/ipseckey/ipseckey.c @@ -34,17 +34,17 @@ struct private_ipseckey_t { /** * Precedence */ - u_int8_t precedence; + uint8_t precedence; /** * Gateway type */ - u_int8_t gateway_type; + uint8_t gateway_type; /** * Algorithm */ - u_int8_t algorithm; + uint8_t algorithm; /** * Gateway @@ -57,7 +57,7 @@ struct private_ipseckey_t { chunk_t public_key; }; -METHOD(ipseckey_t, get_precedence, u_int8_t, +METHOD(ipseckey_t, get_precedence, uint8_t, private_ipseckey_t *this) { return this->precedence; @@ -102,7 +102,7 @@ ipseckey_t *ipseckey_create_frm_rr(rr_t *rr) { private_ipseckey_t *this; bio_reader_t *reader = NULL; - u_int8_t label; + uint8_t label; chunk_t tmp; INIT(this, diff --git a/src/libcharon/plugins/ipseckey/ipseckey.h b/src/libcharon/plugins/ipseckey/ipseckey.h index 5885daeee..b19ec8920 100644 --- a/src/libcharon/plugins/ipseckey/ipseckey.h +++ b/src/libcharon/plugins/ipseckey/ipseckey.h @@ -85,7 +85,7 @@ struct ipseckey_t { * * @return precedence */ - u_int8_t (*get_precedence)(ipseckey_t *this); + uint8_t (*get_precedence)(ipseckey_t *this); /** * Get the type of the gateway. diff --git a/src/libcharon/plugins/ipseckey/ipseckey_cred.c b/src/libcharon/plugins/ipseckey/ipseckey_cred.c index 3ff6dd87d..6c041ce26 100644 --- a/src/libcharon/plugins/ipseckey/ipseckey_cred.c +++ b/src/libcharon/plugins/ipseckey/ipseckey_cred.c @@ -136,7 +136,7 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, rr_set_t *rrset; rr_t *rrsig; bio_reader_t *reader; - u_int32_t nBefore, nAfter; + uint32_t nBefore, nAfter; chunk_t ignore; char *fqdn; diff --git a/src/libcharon/plugins/kernel_iph/Makefile.in b/src/libcharon/plugins/kernel_iph/Makefile.in index de5bfd517..19e7701c6 100644 --- a/src/libcharon/plugins/kernel_iph/Makefile.in +++ b/src/libcharon/plugins/kernel_iph/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/kernel_iph -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_iph/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_iph/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/kernel_iph/kernel_iph_net.c b/src/libcharon/plugins/kernel_iph/kernel_iph_net.c index 6a8a96821..efeb98045 100644 --- a/src/libcharon/plugins/kernel_iph/kernel_iph_net.c +++ b/src/libcharon/plugins/kernel_iph/kernel_iph_net.c @@ -562,7 +562,8 @@ METHOD(kernel_net_t, get_source_addr, host_t*, } METHOD(kernel_net_t, get_nexthop, host_t*, - private_kernel_iph_net_t *this, host_t *dest, int prefix, host_t *src) + private_kernel_iph_net_t *this, host_t *dest, int prefix, host_t *src, + char **iface) { MIB_IPFORWARD_ROW2 route; SOCKADDR_INET best, *sai_dst, *sai_src = NULL; @@ -592,6 +593,10 @@ METHOD(kernel_net_t, get_nexthop, host_t*, { if (!nexthop->is_anyaddr(nexthop)) { + if (iface) + { + *iface = NULL; + } return nexthop; } nexthop->destroy(nexthop); @@ -617,7 +622,7 @@ METHOD(kernel_net_t, del_ip, status_t, * Add or remove a route */ static status_t manage_route(private_kernel_iph_net_t *this, bool add, - chunk_t dst, u_int8_t prefixlen, host_t *gtw, char *name) + chunk_t dst, uint8_t prefixlen, host_t *gtw, char *name) { MIB_IPFORWARD_ROW2 row = { .DestinationPrefix = { @@ -705,14 +710,14 @@ static status_t manage_route(private_kernel_iph_net_t *this, bool add, } METHOD(kernel_net_t, add_route, status_t, - private_kernel_iph_net_t *this, chunk_t dst, u_int8_t prefixlen, + private_kernel_iph_net_t *this, chunk_t dst, uint8_t prefixlen, host_t *gateway, host_t *src, char *name) { return manage_route(this, TRUE, dst, prefixlen, gateway, name); } METHOD(kernel_net_t, del_route, status_t, - private_kernel_iph_net_t *this, chunk_t dst, u_int8_t prefixlen, + private_kernel_iph_net_t *this, chunk_t dst, uint8_t prefixlen, host_t *gateway, host_t *src, char *name) { return manage_route(this, FALSE, dst, prefixlen, gateway, name); diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.in b/src/libcharon/plugins/kernel_libipsec/Makefile.in index 018a25a62..9bfdb950f 100644 --- a/src/libcharon/plugins/kernel_libipsec/Makefile.in +++ b/src/libcharon/plugins/kernel_libipsec/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/kernel_libipsec -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -466,7 +480,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_libipsec/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_libipsec/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -781,6 +794,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c index 4c8771e96..77e37e249 100644 --- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c +++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c @@ -108,7 +108,7 @@ struct route_entry_t { /** Destination net */ chunk_t dst_net; /** Destination net prefixlen */ - u_int8_t prefixlen; + uint8_t prefixlen; /** Reference to exclude route, if any */ exclude_route_t *exclude; }; @@ -151,15 +151,15 @@ typedef struct policy_entry_t policy_entry_t; */ struct policy_entry_t { /** Direction of this policy: in, out, forward */ - u_int8_t direction; + uint8_t direction; /** Parameters of installed policy */ struct { /** Subnet and port */ host_t *net; /** Subnet mask */ - u_int8_t mask; + uint8_t mask; /** Protocol */ - u_int8_t proto; + uint8_t proto; } src, dst; /** Associated route installed for this policy */ route_entry_t *route; @@ -222,7 +222,7 @@ static inline bool policy_entry_equals(policy_entry_t *a, /** * Expiration callback */ -static void expire(u_int8_t protocol, u_int32_t spi, host_t *dst, bool hard) +static void expire(uint8_t protocol, uint32_t spi, host_t *dst, bool hard) { charon->kernel->expire(charon->kernel, protocol, spi, dst, hard); } @@ -235,55 +235,51 @@ METHOD(kernel_ipsec_t, get_features, kernel_feature_t, METHOD(kernel_ipsec_t, get_spi, status_t, private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi) + uint8_t protocol, uint32_t *spi) { return ipsec->sas->get_spi(ipsec->sas, src, dst, protocol, spi); } METHOD(kernel_ipsec_t, get_cpi, status_t, private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst, - u_int16_t *cpi) + uint16_t *cpi) { return NOT_SUPPORTED; } METHOD(kernel_ipsec_t, add_sa, status_t, - private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, - u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, - u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, - bool initiator, bool encap, bool esn, bool inbound, bool update, - linked_list_t *src_ts, linked_list_t *dst_ts) + private_kernel_libipsec_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data) { - return ipsec->sas->add_sa(ipsec->sas, src, dst, spi, protocol, reqid, mark, - tfc, lifetime, enc_alg, enc_key, int_alg, int_key, - mode, ipcomp, cpi, initiator, encap, esn, - inbound, update); + return ipsec->sas->add_sa(ipsec->sas, id->src, id->dst, id->spi, id->proto, + data->reqid, id->mark, data->tfc, data->lifetime, + data->enc_alg, data->enc_key, data->int_alg, data->int_key, + data->mode, data->ipcomp, data->cpi, data->initiator, + data->encap, data->esn, data->inbound, data->update); } METHOD(kernel_ipsec_t, update_sa, status_t, - private_kernel_libipsec_ipsec_t *this, u_int32_t spi, u_int8_t protocol, - u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, - bool encap, bool new_encap, mark_t mark) + private_kernel_libipsec_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data) { return NOT_SUPPORTED; } METHOD(kernel_ipsec_t, query_sa, status_t, - private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes, - u_int64_t *packets, time_t *time) + private_kernel_libipsec_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets, + time_t *time) { - return ipsec->sas->query_sa(ipsec->sas, src, dst, spi, protocol, mark, - bytes, packets, time); + return ipsec->sas->query_sa(ipsec->sas, id->src, id->dst, id->spi, + id->proto, id->mark, bytes, packets, time); } METHOD(kernel_ipsec_t, del_sa, status_t, - private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark) + private_kernel_libipsec_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data) { - return ipsec->sas->del_sa(ipsec->sas, src, dst, spi, protocol, cpi, mark); + return ipsec->sas->del_sa(ipsec->sas, id->src, id->dst, id->spi, id->proto, + data->cpi, id->mark); } METHOD(kernel_ipsec_t, flush_sas, status_t, @@ -312,7 +308,7 @@ static void add_exclude_route(private_kernel_libipsec_ipsec_t *this, if (!route->exclude) { DBG2(DBG_KNL, "installing new exclude route for %H src %H", dst, src); - gtw = charon->kernel->get_nexthop(charon->kernel, dst, -1, NULL); + gtw = charon->kernel->get_nexthop(charon->kernel, dst, -1, NULL, NULL); if (gtw) { char *if_name = NULL; @@ -438,7 +434,8 @@ static bool install_route(private_kernel_libipsec_ipsec_t *this, ); #ifndef __linux__ /* on Linux we cant't install a gateway */ - route->gateway = charon->kernel->get_nexthop(charon->kernel, dst, -1, src); + route->gateway = charon->kernel->get_nexthop(charon->kernel, dst, -1, src, + NULL); #endif if (policy->route) @@ -509,22 +506,22 @@ static bool install_route(private_kernel_libipsec_ipsec_t *this, } METHOD(kernel_ipsec_t, add_policy, status_t, - private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark, - policy_priority_t priority) + private_kernel_libipsec_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { policy_entry_t *policy, *found = NULL; status_t status; - status = ipsec->policies->add_policy(ipsec->policies, src, dst, src_ts, - dst_ts, direction, type, sa, mark, priority); + status = ipsec->policies->add_policy(ipsec->policies, data->src, data->dst, + id->src_ts, id->dst_ts, id->dir, + data->type, data->sa, id->mark, + data->prio); if (status != SUCCESS) { return status; } /* we track policies in order to install routes */ - policy = create_policy_entry(src_ts, dst_ts, direction); + policy = create_policy_entry(id->src_ts, id->dst_ts, id->dir); this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -540,7 +537,8 @@ METHOD(kernel_ipsec_t, add_policy, status_t, } policy->refs++; - if (!install_route(this, src, dst, src_ts, dst_ts, policy)) + if (!install_route(this, data->src, data->dst, id->src_ts, id->dst_ts, + policy)) { return FAILED; } @@ -548,26 +546,25 @@ METHOD(kernel_ipsec_t, add_policy, status_t, } METHOD(kernel_ipsec_t, query_policy, status_t, - private_kernel_libipsec_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - time_t *use_time) + private_kernel_libipsec_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, time_t *use_time) { return NOT_SUPPORTED; } METHOD(kernel_ipsec_t, del_policy, status_t, - private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_kernel_libipsec_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { policy_entry_t *policy, *found = NULL; status_t status; - status = ipsec->policies->del_policy(ipsec->policies, src, dst, src_ts, - dst_ts, direction, type, sa, mark, priority); + status = ipsec->policies->del_policy(ipsec->policies, data->src, data->dst, + id->src_ts, id->dst_ts, id->dir, + data->type, data->sa, id->mark, + data->prio); - policy = create_policy_entry(src_ts, dst_ts, direction); + policy = create_policy_entry(id->src_ts, id->dst_ts, id->dir); this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -596,8 +593,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t, route->src_ip, route->if_name) != SUCCESS) { DBG1(DBG_KNL, "error uninstalling route installed with " - "policy %R === %R %N", src_ts, dst_ts, - policy_dir_names, direction); + "policy %R === %R %N", id->src_ts, id->dst_ts, + policy_dir_names, id->dir); } remove_exclude_route(this, route); } @@ -641,7 +638,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool, } METHOD(kernel_ipsec_t, enable_udp_decap, bool, - private_kernel_libipsec_ipsec_t *this, int fd, int family, u_int16_t port) + private_kernel_libipsec_ipsec_t *this, int fd, int family, uint16_t port) { return NOT_SUPPORTED; } diff --git a/src/libcharon/plugins/kernel_netlink/Makefile.am b/src/libcharon/plugins/kernel_netlink/Makefile.am index 973e2c2f4..41c7304c6 100644 --- a/src/libcharon/plugins/kernel_netlink/Makefile.am +++ b/src/libcharon/plugins/kernel_netlink/Makefile.am @@ -20,6 +20,8 @@ libstrongswan_kernel_netlink_la_SOURCES = \ kernel_netlink_net.h kernel_netlink_net.c \ kernel_netlink_shared.h kernel_netlink_shared.c +libstrongswan_kernel_netlink_la_LIBADD = $(DLLIB) + libstrongswan_kernel_netlink_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/kernel_netlink/Makefile.in b/src/libcharon/plugins/kernel_netlink/Makefile.in index 55dcabf6f..2435dea92 100644 --- a/src/libcharon/plugins/kernel_netlink/Makefile.in +++ b/src/libcharon/plugins/kernel_netlink/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ host_triplet = @host@ TESTS = tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = src/libcharon/plugins/kernel_netlink -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -129,7 +138,8 @@ am__uninstall_files_from_dir = { \ } am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) -libstrongswan_kernel_netlink_la_LIBADD = +am__DEPENDENCIES_1 = +libstrongswan_kernel_netlink_la_DEPENDENCIES = $(am__DEPENDENCIES_1) am_libstrongswan_kernel_netlink_la_OBJECTS = kernel_netlink_plugin.lo \ kernel_netlink_ipsec.lo kernel_netlink_net.lo \ kernel_netlink_shared.lo @@ -241,12 +251,14 @@ am__tty_colors = { \ std=''; \ fi; \ } +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -296,6 +308,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -330,6 +343,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -441,6 +455,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -487,6 +502,7 @@ libstrongswan_kernel_netlink_la_SOURCES = \ kernel_netlink_net.h kernel_netlink_net.c \ kernel_netlink_shared.h kernel_netlink_shared.c +libstrongswan_kernel_netlink_la_LIBADD = $(DLLIB) libstrongswan_kernel_netlink_la_LDFLAGS = -module -avoid-version tests_SOURCES = \ tests.h tests.c \ @@ -520,7 +536,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_netlink/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_netlink/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -1001,6 +1016,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c index 6d9d63a98..9c2a7c315 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -1,11 +1,11 @@ /* - * Copyright (C) 2006-2015 Tobias Brunner + * Copyright (C) 2006-2016 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2008-2016 Andreas Steffen * Copyright (C) 2006-2007 Fabian Hartmann, Noah Heusser * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -18,6 +18,7 @@ * for more details. */ +#define _GNU_SOURCE #include #include #include @@ -26,11 +27,13 @@ #include #include #include +#include #include #include #include #include #include +#include #include "kernel_netlink_ipsec.h" #include "kernel_netlink_shared.h" @@ -38,6 +41,7 @@ #include #include #include +#include #include #include #include @@ -72,7 +76,7 @@ #endif /** Base priority for installed policies */ -#define PRIO_BASE 384 +#define PRIO_BASE 100000 /** Default lifetime of an acquire XFRM state (in seconds) */ #define DEFAULT_ACQUIRE_LIFETIME 165 @@ -286,6 +290,11 @@ struct private_kernel_netlink_ipsec_t { */ mutex_t *mutex; + /** + * Condvar to synchronize access to individual policies + */ + condvar_t *condvar; + /** * Hash table of installed policies (policy_entry_t) */ @@ -326,6 +335,12 @@ struct private_kernel_netlink_ipsec_t { * Installed port based IKE bypass policies, as bypass_t */ array_t *bypass; + + /** + * Custom priority calculation function + */ + uint32_t (*get_priority)(kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data); }; typedef struct route_entry_t route_entry_t; @@ -347,7 +362,7 @@ struct route_entry_t { chunk_t dst_net; /** Destination net prefixlen */ - u_int8_t prefixlen; + uint8_t prefixlen; }; /** @@ -413,8 +428,9 @@ static bool ipsec_sa_equals(ipsec_sa_t *sa, ipsec_sa_t *other_sa) { return sa->src->ip_equals(sa->src, other_sa->src) && sa->dst->ip_equals(sa->dst, other_sa->dst) && - memeq(&sa->mark, &other_sa->mark, sizeof(mark_t)) && - memeq(&sa->cfg, &other_sa->cfg, sizeof(ipsec_sa_cfg_t)); + sa->mark.value == other_sa->mark.value && + sa->mark.mask == other_sa->mark.mask && + ipsec_sa_cfg_equals(&sa->cfg, &other_sa->cfg); } /** @@ -463,14 +479,17 @@ static void ipsec_sa_destroy(private_kernel_netlink_ipsec_t *this, } typedef struct policy_sa_t policy_sa_t; -typedef struct policy_sa_fwd_t policy_sa_fwd_t; +typedef struct policy_sa_out_t policy_sa_out_t; /** * Mapping between a policy and an IPsec SA. */ struct policy_sa_t { /** Priority assigned to the policy when installed with this SA */ - u_int32_t priority; + uint32_t priority; + + /** Automatic priority assigned to the policy when installed with this SA */ + uint32_t auto_priority; /** Type of the policy */ policy_type_t type; @@ -480,10 +499,10 @@ struct policy_sa_t { }; /** - * For forward policies we also cache the traffic selectors in order to install + * For outbound policies we also cache the traffic selectors in order to install * the route. */ -struct policy_sa_fwd_t { +struct policy_sa_out_t { /** Generic interface */ policy_sa_t generic; @@ -495,7 +514,7 @@ struct policy_sa_fwd_t { }; /** - * Create a policy_sa(_fwd)_t object + * Create a policy_sa(_in)_t object */ static policy_sa_t *policy_sa_create(private_kernel_netlink_ipsec_t *this, policy_dir_t dir, policy_type_t type, host_t *src, host_t *dst, @@ -504,14 +523,14 @@ static policy_sa_t *policy_sa_create(private_kernel_netlink_ipsec_t *this, { policy_sa_t *policy; - if (dir == POLICY_FWD) + if (dir == POLICY_OUT) { - policy_sa_fwd_t *fwd; - INIT(fwd, + policy_sa_out_t *out; + INIT(out, .src_ts = src_ts->clone(src_ts), .dst_ts = dst_ts->clone(dst_ts), ); - policy = &fwd->generic; + policy = &out->generic; } else { @@ -523,16 +542,16 @@ static policy_sa_t *policy_sa_create(private_kernel_netlink_ipsec_t *this, } /** - * Destroy a policy_sa(_fwd)_t object + * Destroy a policy_sa(_in)_t object */ static void policy_sa_destroy(policy_sa_t *policy, policy_dir_t *dir, private_kernel_netlink_ipsec_t *this) { - if (*dir == POLICY_FWD) + if (*dir == POLICY_OUT) { - policy_sa_fwd_t *fwd = (policy_sa_fwd_t*)policy; - fwd->src_ts->destroy(fwd->src_ts); - fwd->dst_ts->destroy(fwd->dst_ts); + policy_sa_out_t *out = (policy_sa_out_t*)policy; + out->src_ts->destroy(out->src_ts); + out->dst_ts->destroy(out->dst_ts); } ipsec_sa_destroy(this, policy->sa); free(policy); @@ -546,13 +565,13 @@ typedef struct policy_entry_t policy_entry_t; struct policy_entry_t { /** Direction of this policy: in, out, forward */ - u_int8_t direction; + uint8_t direction; /** Parameters of installed policy */ struct xfrm_selector sel; /** Optional mark */ - u_int32_t mark; + uint32_t mark; /** Associated route installed for this policy */ route_entry_t *route; @@ -561,7 +580,13 @@ struct policy_entry_t { linked_list_t *used_by; /** reqid for this policy */ - u_int32_t reqid; + uint32_t reqid; + + /** Number of threads waiting to work on this policy */ + int waiting; + + /** TRUE if a thread is working on this policy */ + bool working; }; /** @@ -603,40 +628,74 @@ static bool policy_equals(policy_entry_t *key, policy_entry_t *other_key) key->direction == other_key->direction; } +/** + * Determine number of set bits in 16 bit port mask + */ +static inline uint32_t port_mask_bits(uint16_t port_mask) +{ + uint32_t bits; + uint16_t bit_mask = 0x8000; + + port_mask = ntohs(port_mask); + + for (bits = 0; bits < 16; bits++) + { + if (!(port_mask & bit_mask)) + { + break; + } + bit_mask >>= 1; + } + return bits; +} + /** * Calculate the priority of a policy + * + * bits 0-0: restriction to network interface (0..1) 1 bit + * bits 1-6: src + dst port mask bits (2 * 0..16) 6 bits + * bits 7-7: restriction to protocol (0..1) 1 bit + * bits 8-16: src + dst network mask bits (2 * 0..128) 9 bits + * 17 bits + * + * smallest value: 000000000 0 000000 0: 0, lowest priority = 100'000 + * largest value : 100000000 1 100000 1: 65'729, highst priority = 34'271 */ -static inline u_int32_t get_priority(policy_entry_t *policy, - policy_priority_t prio) +static uint32_t get_priority(policy_entry_t *policy, policy_priority_t prio, + char *interface) { - u_int32_t priority = PRIO_BASE; + uint32_t priority = PRIO_BASE, sport_mask_bits, dport_mask_bits; + switch (prio) { case POLICY_PRIORITY_FALLBACK: - priority <<= 1; - /* fall-through */ + priority += PRIO_BASE; + /* fall-through to next case */ case POLICY_PRIORITY_ROUTED: - priority <<= 1; - /* fall-through */ + priority += PRIO_BASE; + /* fall-through to next case */ case POLICY_PRIORITY_DEFAULT: - priority <<= 1; - /* fall-through */ + priority += PRIO_BASE; + /* fall-through to next case */ case POLICY_PRIORITY_PASS: break; } - /* calculate priority based on selector size, small size = high prio */ - priority -= policy->sel.prefixlen_s; - priority -= policy->sel.prefixlen_d; - priority <<= 2; /* make some room for the two flags */ - priority += policy->sel.sport_mask || policy->sel.dport_mask ? 0 : 2; - priority += policy->sel.proto ? 0 : 1; + sport_mask_bits = port_mask_bits(policy->sel.sport_mask); + dport_mask_bits = port_mask_bits(policy->sel.dport_mask); + + /* calculate priority */ + priority -= (policy->sel.prefixlen_s + policy->sel.prefixlen_d) * 256; + priority -= policy->sel.proto ? 128 : 0; + priority -= (sport_mask_bits + dport_mask_bits) * 2; + priority -= (interface != NULL); + return priority; } /** * Convert the general ipsec mode to the one defined in xfrm.h */ -static u_int8_t mode2kernel(ipsec_mode_t mode) +static uint8_t mode2kernel(ipsec_mode_t mode) { switch (mode) { @@ -663,7 +722,7 @@ static void host2xfrm(host_t *host, xfrm_address_t *xfrm) /** * Convert a struct xfrm_address to a host_t */ -static host_t* xfrm2host(int family, xfrm_address_t *xfrm, u_int16_t port) +static host_t* xfrm2host(int family, xfrm_address_t *xfrm, uint16_t port) { chunk_t chunk; @@ -685,7 +744,7 @@ static host_t* xfrm2host(int family, xfrm_address_t *xfrm, u_int16_t port) * Convert a traffic selector address range to subnet and its mask. */ static void ts2subnet(traffic_selector_t* ts, - xfrm_address_t *net, u_int8_t *mask) + xfrm_address_t *net, uint8_t *mask) { host_t *net_host; chunk_t net_chunk; @@ -700,7 +759,7 @@ static void ts2subnet(traffic_selector_t* ts, * Convert a traffic selector port range to port/portmask */ static void ts2ports(traffic_selector_t* ts, - u_int16_t *port, u_int16_t *mask) + uint16_t *port, uint16_t *mask) { uint16_t from, to, bitmask; int bit; @@ -739,10 +798,11 @@ static void ts2ports(traffic_selector_t* ts, * Convert a pair of traffic_selectors to an xfrm_selector */ static struct xfrm_selector ts2selector(traffic_selector_t *src, - traffic_selector_t *dst) + traffic_selector_t *dst, + char *interface) { struct xfrm_selector sel; - u_int16_t port; + uint16_t port; memset(&sel, 0, sizeof(sel)); sel.family = (src->get_type(src) == TS_IPV4_ADDR_RANGE) ? AF_INET : AF_INET6; @@ -763,7 +823,7 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src, sel.dport = htons(traffic_selector_icmp_code(port)); sel.dport_mask = sel.dport ? ~0 : 0; } - sel.ifindex = 0; + sel.ifindex = interface ? if_nametoindex(interface) : 0; sel.user = 0; return sel; @@ -775,8 +835,8 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src, static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) { u_char *addr; - u_int8_t prefixlen; - u_int16_t port = 0; + uint8_t prefixlen; + uint16_t port = 0; host_t *host = NULL; if (src) @@ -833,7 +893,7 @@ static void process_acquire(private_kernel_netlink_ipsec_t *this, struct rtattr *rta; size_t rtasize; traffic_selector_t *src_ts, *dst_ts; - u_int32_t reqid = 0; + uint32_t reqid = 0; int proto = 0; acquire = NLMSG_DATA(hdr); @@ -878,8 +938,8 @@ static void process_expire(private_kernel_netlink_ipsec_t *this, struct nlmsghdr *hdr) { struct xfrm_user_expire *expire; - u_int32_t spi; - u_int8_t protocol; + uint32_t spi; + uint8_t protocol; host_t *dst; expire = NLMSG_DATA(hdr); @@ -913,7 +973,7 @@ static void process_migrate(private_kernel_netlink_ipsec_t *this, host_t *local = NULL, *remote = NULL; host_t *old_src = NULL, *old_dst = NULL; host_t *new_src = NULL, *new_dst = NULL; - u_int32_t reqid = 0; + uint32_t reqid = 0; policy_dir_t dir; policy_id = NLMSG_DATA(hdr); @@ -981,7 +1041,7 @@ static void process_mapping(private_kernel_netlink_ipsec_t *this, struct nlmsghdr *hdr) { struct xfrm_user_mapping *mapping; - u_int32_t spi; + uint32_t spi; mapping = NLMSG_DATA(hdr); spi = mapping->id.spi; @@ -1033,7 +1093,8 @@ static bool receive_events(private_kernel_netlink_ipsec_t *this, int fd, /* no data ready, select again */ return TRUE; default: - DBG1(DBG_KNL, "unable to receive from xfrm event socket"); + DBG1(DBG_KNL, "unable to receive from XFRM event socket: %s " + "(%d)", strerror(errno), errno); sleep(1); return TRUE; } @@ -1061,8 +1122,8 @@ static bool receive_events(private_kernel_netlink_ipsec_t *this, int fd, process_mapping(this, hdr); break; default: - DBG1(DBG_KNL, "received unknown event from xfrm event " - "socket: %d", hdr->nlmsg_type); + DBG1(DBG_KNL, "received unknown event from XFRM event " + "socket: %d", hdr->nlmsg_type); break; } hdr = NLMSG_NEXT(hdr, len); @@ -1080,13 +1141,13 @@ METHOD(kernel_ipsec_t, get_features, kernel_feature_t, * Get an SPI for a specific protocol from the kernel. */ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this, - host_t *src, host_t *dst, u_int8_t proto, u_int32_t min, u_int32_t max, - u_int32_t *spi) + host_t *src, host_t *dst, uint8_t proto, uint32_t min, uint32_t max, + uint32_t *spi) { netlink_buf_t request; struct nlmsghdr *hdr, *out; struct xfrm_userspi_info *userspi; - u_int32_t received_spi = 0; + uint32_t received_spi = 0; size_t len; memset(&request, 0, sizeof(request)); @@ -1147,7 +1208,7 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this, METHOD(kernel_ipsec_t, get_spi, status_t, private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi) + uint8_t protocol, uint32_t *spi) { if (get_spi_internal(this, src, dst, protocol, 0xc0000000, 0xcFFFFFFF, spi) != SUCCESS) @@ -1162,9 +1223,9 @@ METHOD(kernel_ipsec_t, get_spi, status_t, METHOD(kernel_ipsec_t, get_cpi, status_t, private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, - u_int16_t *cpi) + uint16_t *cpi) { - u_int32_t received_spi = 0; + uint32_t received_spi = 0; if (get_spi_internal(this, src, dst, IPPROTO_COMP, 0x100, 0xEFFF, &received_spi) != SUCCESS) @@ -1173,12 +1234,23 @@ METHOD(kernel_ipsec_t, get_cpi, status_t, return FAILED; } - *cpi = htons((u_int16_t)ntohl(received_spi)); + *cpi = htons((uint16_t)ntohl(received_spi)); DBG2(DBG_KNL, "got CPI %.4x", ntohs(*cpi)); return SUCCESS; } +/** + * Format the mark for debug messages + */ +static void format_mark(char *buf, int buflen, mark_t mark) +{ + if (mark.value) + { + snprintf(buf, buflen, " (mark %u/0x%08x)", mark.value, mark.mask); + } +} + /** * Add a XFRM mark to message if required */ @@ -1200,53 +1272,67 @@ static bool add_mark(struct nlmsghdr *hdr, int buflen, mark_t mark) } METHOD(kernel_ipsec_t, add_sa, status_t, - private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, - u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, - u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, - bool initiator, bool encap, bool esn, bool inbound, bool update, - linked_list_t* src_ts, linked_list_t* dst_ts) + private_kernel_netlink_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data) { netlink_buf_t request; - char *alg_name; + char *alg_name, markstr[32] = ""; struct nlmsghdr *hdr; struct xfrm_usersa_info *sa; - u_int16_t icv_size = 64; - ipsec_mode_t original_mode = mode; + uint16_t icv_size = 64, ipcomp = data->ipcomp; + ipsec_mode_t mode = data->mode, original_mode = data->mode; traffic_selector_t *first_src_ts, *first_dst_ts; status_t status = FAILED; /* if IPComp is used, we install an additional IPComp SA. if the cpi is 0 * we are in the recursive call below */ - if (ipcomp != IPCOMP_NONE && cpi != 0) + if (ipcomp != IPCOMP_NONE && data->cpi != 0) { lifetime_cfg_t lft = {{0,0,0},{0,0,0},{0,0,0}}; - add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark, - tfc, &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED, - chunk_empty, mode, ipcomp, 0, 0, initiator, FALSE, FALSE, - inbound, update, src_ts, dst_ts); + kernel_ipsec_sa_id_t ipcomp_id = { + .src = id->src, + .dst = id->dst, + .spi = htonl(ntohs(data->cpi)), + .proto = IPPROTO_COMP, + .mark = id->mark, + }; + kernel_ipsec_add_sa_t ipcomp_sa = { + .reqid = data->reqid, + .mode = data->mode, + .src_ts = data->src_ts, + .dst_ts = data->dst_ts, + .lifetime = &lft, + .enc_alg = ENCR_UNDEFINED, + .int_alg = AUTH_UNDEFINED, + .tfc = data->tfc, + .ipcomp = data->ipcomp, + .initiator = data->initiator, + .inbound = data->inbound, + .update = data->update, + }; + add_sa(this, &ipcomp_id, &ipcomp_sa); ipcomp = IPCOMP_NONE; /* use transport mode ESP SA, IPComp uses tunnel mode */ mode = MODE_TRANSPORT; } memset(&request, 0, sizeof(request)); + format_mark(markstr, sizeof(markstr), id->mark); - DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%u} (mark " - "%u/0x%08x)", ntohl(spi), reqid, mark.value, mark.mask); + DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%u}%s", + ntohl(id->spi), data->reqid, markstr); hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; - hdr->nlmsg_type = update ? XFRM_MSG_UPDSA : XFRM_MSG_NEWSA; + hdr->nlmsg_type = data->update ? XFRM_MSG_UPDSA : XFRM_MSG_NEWSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info)); sa = NLMSG_DATA(hdr); - host2xfrm(src, &sa->saddr); - host2xfrm(dst, &sa->id.daddr); - sa->id.spi = spi; - sa->id.proto = protocol; - sa->family = src->get_family(src); + host2xfrm(id->src, &sa->saddr); + host2xfrm(id->dst, &sa->id.daddr); + sa->id.spi = id->spi; + sa->id.proto = id->proto; + sa->family = id->src->get_family(id->src); sa->mode = mode2kernel(mode); switch (mode) { @@ -1260,10 +1346,13 @@ METHOD(kernel_ipsec_t, add_sa, status_t, * selector can be installed other traffic would get dropped */ break; } - if (src_ts->get_first(src_ts, (void**)&first_src_ts) == SUCCESS && - dst_ts->get_first(dst_ts, (void**)&first_dst_ts) == SUCCESS) + if (data->src_ts->get_first(data->src_ts, + (void**)&first_src_ts) == SUCCESS && + data->dst_ts->get_first(data->dst_ts, + (void**)&first_dst_ts) == SUCCESS) { - sa->sel = ts2selector(first_src_ts, first_dst_ts); + sa->sel = ts2selector(first_src_ts, first_dst_ts, + data->interface); if (!this->proto_port_transport) { /* don't install proto/port on SA. This would break @@ -1279,18 +1368,18 @@ METHOD(kernel_ipsec_t, add_sa, status_t, break; } - sa->reqid = reqid; - sa->lft.soft_byte_limit = XFRM_LIMIT(lifetime->bytes.rekey); - sa->lft.hard_byte_limit = XFRM_LIMIT(lifetime->bytes.life); - sa->lft.soft_packet_limit = XFRM_LIMIT(lifetime->packets.rekey); - sa->lft.hard_packet_limit = XFRM_LIMIT(lifetime->packets.life); + sa->reqid = data->reqid; + sa->lft.soft_byte_limit = XFRM_LIMIT(data->lifetime->bytes.rekey); + sa->lft.hard_byte_limit = XFRM_LIMIT(data->lifetime->bytes.life); + sa->lft.soft_packet_limit = XFRM_LIMIT(data->lifetime->packets.rekey); + sa->lft.hard_packet_limit = XFRM_LIMIT(data->lifetime->packets.life); /* we use lifetimes since added, not since used */ - sa->lft.soft_add_expires_seconds = lifetime->time.rekey; - sa->lft.hard_add_expires_seconds = lifetime->time.life; + sa->lft.soft_add_expires_seconds = data->lifetime->time.rekey; + sa->lft.hard_add_expires_seconds = data->lifetime->time.life; sa->lft.soft_use_expires_seconds = 0; sa->lft.hard_use_expires_seconds = 0; - switch (enc_alg) + switch (data->enc_alg) { case ENCR_UNDEFINED: /* no encryption */ @@ -1313,71 +1402,73 @@ METHOD(kernel_ipsec_t, add_sa, status_t, { struct xfrm_algo_aead *algo; - alg_name = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg); + alg_name = lookup_algorithm(ENCRYPTION_ALGORITHM, data->enc_alg); if (alg_name == NULL) { DBG1(DBG_KNL, "algorithm %N not supported by kernel!", - encryption_algorithm_names, enc_alg); + encryption_algorithm_names, data->enc_alg); goto failed; } DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", - encryption_algorithm_names, enc_alg, enc_key.len * 8); + encryption_algorithm_names, data->enc_alg, + data->enc_key.len * 8); algo = netlink_reserve(hdr, sizeof(request), XFRMA_ALG_AEAD, - sizeof(*algo) + enc_key.len); + sizeof(*algo) + data->enc_key.len); if (!algo) { goto failed; } - algo->alg_key_len = enc_key.len * 8; + algo->alg_key_len = data->enc_key.len * 8; algo->alg_icv_len = icv_size; strncpy(algo->alg_name, alg_name, sizeof(algo->alg_name)); algo->alg_name[sizeof(algo->alg_name) - 1] = '\0'; - memcpy(algo->alg_key, enc_key.ptr, enc_key.len); + memcpy(algo->alg_key, data->enc_key.ptr, data->enc_key.len); break; } default: { struct xfrm_algo *algo; - alg_name = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg); + alg_name = lookup_algorithm(ENCRYPTION_ALGORITHM, data->enc_alg); if (alg_name == NULL) { DBG1(DBG_KNL, "algorithm %N not supported by kernel!", - encryption_algorithm_names, enc_alg); + encryption_algorithm_names, data->enc_alg); goto failed; } DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", - encryption_algorithm_names, enc_alg, enc_key.len * 8); + encryption_algorithm_names, data->enc_alg, + data->enc_key.len * 8); algo = netlink_reserve(hdr, sizeof(request), XFRMA_ALG_CRYPT, - sizeof(*algo) + enc_key.len); + sizeof(*algo) + data->enc_key.len); if (!algo) { goto failed; } - algo->alg_key_len = enc_key.len * 8; + algo->alg_key_len = data->enc_key.len * 8; strncpy(algo->alg_name, alg_name, sizeof(algo->alg_name)); algo->alg_name[sizeof(algo->alg_name) - 1] = '\0'; - memcpy(algo->alg_key, enc_key.ptr, enc_key.len); + memcpy(algo->alg_key, data->enc_key.ptr, data->enc_key.len); } } - if (int_alg != AUTH_UNDEFINED) + if (data->int_alg != AUTH_UNDEFINED) { u_int trunc_len = 0; - alg_name = lookup_algorithm(INTEGRITY_ALGORITHM, int_alg); + alg_name = lookup_algorithm(INTEGRITY_ALGORITHM, data->int_alg); if (alg_name == NULL) { DBG1(DBG_KNL, "algorithm %N not supported by kernel!", - integrity_algorithm_names, int_alg); + integrity_algorithm_names, data->int_alg); goto failed; } DBG2(DBG_KNL, " using integrity algorithm %N with key size %d", - integrity_algorithm_names, int_alg, int_key.len * 8); + integrity_algorithm_names, data->int_alg, data->int_key.len * 8); - switch (int_alg) + switch (data->int_alg) { case AUTH_HMAC_MD5_128: case AUTH_HMAC_SHA2_256_128: @@ -1398,31 +1489,31 @@ METHOD(kernel_ipsec_t, add_sa, status_t, * use specified truncation size supported by newer kernels. * also use this for untruncated MD5 and SHA1. */ algo = netlink_reserve(hdr, sizeof(request), XFRMA_ALG_AUTH_TRUNC, - sizeof(*algo) + int_key.len); + sizeof(*algo) + data->int_key.len); if (!algo) { goto failed; } - algo->alg_key_len = int_key.len * 8; + algo->alg_key_len = data->int_key.len * 8; algo->alg_trunc_len = trunc_len; strncpy(algo->alg_name, alg_name, sizeof(algo->alg_name)); algo->alg_name[sizeof(algo->alg_name) - 1] = '\0'; - memcpy(algo->alg_key, int_key.ptr, int_key.len); + memcpy(algo->alg_key, data->int_key.ptr, data->int_key.len); } else { struct xfrm_algo* algo; algo = netlink_reserve(hdr, sizeof(request), XFRMA_ALG_AUTH, - sizeof(*algo) + int_key.len); + sizeof(*algo) + data->int_key.len); if (!algo) { goto failed; } - algo->alg_key_len = int_key.len * 8; + algo->alg_key_len = data->int_key.len * 8; strncpy(algo->alg_name, alg_name, sizeof(algo->alg_name)); algo->alg_name[sizeof(algo->alg_name) - 1] = '\0'; - memcpy(algo->alg_key, int_key.ptr, int_key.len); + memcpy(algo->alg_key, data->int_key.ptr, data->int_key.len); } } @@ -1451,7 +1542,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, algo->alg_name[sizeof(algo->alg_name) - 1] = '\0'; } - if (encap) + if (data->encap) { struct xfrm_encap_tmpl *tmpl; @@ -1461,8 +1552,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t, goto failed; } tmpl->encap_type = UDP_ENCAP_ESPINUDP; - tmpl->encap_sport = htons(src->get_port(src)); - tmpl->encap_dport = htons(dst->get_port(dst)); + tmpl->encap_sport = htons(id->src->get_port(id->src)); + tmpl->encap_dport = htons(id->dst->get_port(id->dst)); memset(&tmpl->encap_oa, 0, sizeof (xfrm_address_t)); /* encap_oa could probably be derived from the * traffic selectors [rfc4306, p39]. In the netlink kernel @@ -1476,14 +1567,14 @@ METHOD(kernel_ipsec_t, add_sa, status_t, * checks it marks them "checksum ok" so OA isn't needed. */ } - if (!add_mark(hdr, sizeof(request), mark)) + if (!add_mark(hdr, sizeof(request), id->mark)) { goto failed; } - if (tfc && protocol == IPPROTO_ESP && mode == MODE_TUNNEL) + if (data->tfc && id->proto == IPPROTO_ESP && mode == MODE_TUNNEL) { /* the kernel supports TFC padding only for tunnel mode ESP SAs */ - u_int32_t *tfcpad; + uint32_t *tfcpad; tfcpad = netlink_reserve(hdr, sizeof(request), XFRMA_TFCPAD, sizeof(*tfcpad)); @@ -1491,19 +1582,25 @@ METHOD(kernel_ipsec_t, add_sa, status_t, { goto failed; } - *tfcpad = tfc; + *tfcpad = data->tfc; } - if (protocol != IPPROTO_COMP) + if (id->proto != IPPROTO_COMP) { - if (replay_window != 0 && (esn || replay_window > 32)) + /* generally, we don't need a replay window for outbound SAs, however, + * when using ESN the kernel rejects the attribute if it is 0 */ + if (!data->inbound && data->replay_window) + { + data->replay_window = data->esn ? 1 : 0; + } + if (data->replay_window != 0 && (data->esn || data->replay_window > 32)) { /* for ESN or larger replay windows we need the new * XFRMA_REPLAY_ESN_VAL attribute to configure a bitmap */ struct xfrm_replay_state_esn *replay; - u_int32_t bmp_size; + uint32_t bmp_size; - bmp_size = round_up(replay_window, sizeof(u_int32_t) * 8) / 8; + bmp_size = round_up(data->replay_window, sizeof(uint32_t) * 8) / 8; replay = netlink_reserve(hdr, sizeof(request), XFRMA_REPLAY_ESN_VAL, sizeof(*replay) + bmp_size); if (!replay) @@ -1511,11 +1608,12 @@ METHOD(kernel_ipsec_t, add_sa, status_t, goto failed; } /* bmp_len contains number uf __u32's */ - replay->bmp_len = bmp_size / sizeof(u_int32_t); - replay->replay_window = replay_window; - DBG2(DBG_KNL, " using replay window of %u packets", replay_window); + replay->bmp_len = bmp_size / sizeof(uint32_t); + replay->replay_window = data->replay_window; + DBG2(DBG_KNL, " using replay window of %u packets", + data->replay_window); - if (esn) + if (data->esn) { DBG2(DBG_KNL, " using extended sequence numbers (ESN)"); sa->flags |= XFRM_STATE_ESN; @@ -1523,22 +1621,16 @@ METHOD(kernel_ipsec_t, add_sa, status_t, } else { - DBG2(DBG_KNL, " using replay window of %u packets", replay_window); - sa->replay_window = replay_window; + DBG2(DBG_KNL, " using replay window of %u packets", + data->replay_window); + sa->replay_window = data->replay_window; } } if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) { - if (mark.value) - { - DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x " - "(mark %u/0x%08x)", ntohl(spi), mark.value, mark.mask); - } - else - { - DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x", ntohl(spi)); - } + DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x%s", ntohl(id->spi), + markstr); goto failed; } @@ -1555,10 +1647,9 @@ failed: * Allocates into one the replay state structure we get from the kernel. */ static void get_replay_state(private_kernel_netlink_ipsec_t *this, - u_int32_t spi, u_int8_t protocol, - host_t *dst, mark_t mark, + kernel_ipsec_sa_id_t *sa, struct xfrm_replay_state_esn **replay_esn, - u_int32_t *replay_esn_len, + uint32_t *replay_esn_len, struct xfrm_replay_state **replay, struct xfrm_lifetime_cur **lifetime) { @@ -1572,7 +1663,7 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this, memset(&request, 0, sizeof(request)); DBG2(DBG_KNL, "querying replay state from SAD entry with SPI %.8x", - ntohl(spi)); + ntohl(sa->spi)); hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST; @@ -1582,12 +1673,12 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this, aevent_id = NLMSG_DATA(hdr); aevent_id->flags = XFRM_AE_RVAL; - host2xfrm(dst, &aevent_id->sa_id.daddr); - aevent_id->sa_id.spi = spi; - aevent_id->sa_id.proto = protocol; - aevent_id->sa_id.family = dst->get_family(dst); + host2xfrm(sa->dst, &aevent_id->sa_id.daddr); + aevent_id->sa_id.spi = sa->spi; + aevent_id->sa_id.proto = sa->proto; + aevent_id->sa_id.family = sa->dst->get_family(sa->dst); - if (!add_mark(hdr, sizeof(request), mark)) + if (!add_mark(hdr, sizeof(request), sa->mark)) { return; } @@ -1608,8 +1699,7 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this, { struct nlmsgerr *err = NLMSG_DATA(hdr); DBG1(DBG_KNL, "querying replay state from SAD entry " - "failed: %s (%d)", strerror(-err->error), - -err->error); + "failed: %s (%d)", strerror(-err->error), -err->error); break; } default: @@ -1657,9 +1747,9 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this, } METHOD(kernel_ipsec_t, query_sa, status_t, - private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes, u_int64_t *packets, time_t *time) + private_kernel_netlink_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets, + time_t *time) { netlink_buf_t request; struct nlmsghdr *out = NULL, *hdr; @@ -1667,11 +1757,13 @@ METHOD(kernel_ipsec_t, query_sa, status_t, struct xfrm_usersa_info *sa = NULL; status_t status = FAILED; size_t len; + char markstr[32] = ""; memset(&request, 0, sizeof(request)); + format_mark(markstr, sizeof(markstr), id->mark); - DBG2(DBG_KNL, "querying SAD entry with SPI %.8x (mark %u/0x%08x)", - ntohl(spi), mark.value, mark.mask); + DBG2(DBG_KNL, "querying SAD entry with SPI %.8x%s", ntohl(id->spi), + markstr); hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST; @@ -1679,12 +1771,12 @@ METHOD(kernel_ipsec_t, query_sa, status_t, hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id)); sa_id = NLMSG_DATA(hdr); - host2xfrm(dst, &sa_id->daddr); - sa_id->spi = spi; - sa_id->proto = protocol; - sa_id->family = dst->get_family(dst); + host2xfrm(id->dst, &sa_id->daddr); + sa_id->spi = id->spi; + sa_id->proto = id->proto; + sa_id->family = id->dst->get_family(id->dst); - if (!add_mark(hdr, sizeof(request), mark)) + if (!add_mark(hdr, sizeof(request), id->mark)) { return FAILED; } @@ -1705,19 +1797,9 @@ METHOD(kernel_ipsec_t, query_sa, status_t, { struct nlmsgerr *err = NLMSG_DATA(hdr); - if (mark.value) - { - DBG1(DBG_KNL, "querying SAD entry with SPI %.8x " - "(mark %u/0x%08x) failed: %s (%d)", - ntohl(spi), mark.value, mark.mask, - strerror(-err->error), -err->error); - } - else - { - DBG1(DBG_KNL, "querying SAD entry with SPI %.8x " - "failed: %s (%d)", ntohl(spi), - strerror(-err->error), -err->error); - } + DBG1(DBG_KNL, "querying SAD entry with SPI %.8x%s failed: " + "%s (%d)", ntohl(id->spi), markstr, + strerror(-err->error), -err->error); break; } default: @@ -1732,7 +1814,8 @@ METHOD(kernel_ipsec_t, query_sa, status_t, if (sa == NULL) { - DBG2(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi)); + DBG2(DBG_KNL, "unable to query SAD entry with SPI %.8x%s", + ntohl(id->spi), markstr); } else { @@ -1758,23 +1841,33 @@ METHOD(kernel_ipsec_t, query_sa, status_t, } METHOD(kernel_ipsec_t, del_sa, status_t, - private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark) + private_kernel_netlink_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data) { netlink_buf_t request; struct nlmsghdr *hdr; struct xfrm_usersa_id *sa_id; + char markstr[32] = ""; /* if IPComp was used, we first delete the additional IPComp SA */ - if (cpi) - { - del_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, 0, mark); + if (data->cpi) + { + kernel_ipsec_sa_id_t ipcomp_id = { + .src = id->src, + .dst = id->dst, + .spi = htonl(ntohs(data->cpi)), + .proto = IPPROTO_COMP, + .mark = id->mark, + }; + kernel_ipsec_del_sa_t ipcomp = {}; + del_sa(this, &ipcomp_id, &ipcomp); } memset(&request, 0, sizeof(request)); + format_mark(markstr, sizeof(markstr), id->mark); - DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x (mark %u/0x%08x)", - ntohl(spi), mark.value, mark.mask); + DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x%s", ntohl(id->spi), + markstr); hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; @@ -1782,12 +1875,12 @@ METHOD(kernel_ipsec_t, del_sa, status_t, hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id)); sa_id = NLMSG_DATA(hdr); - host2xfrm(dst, &sa_id->daddr); - sa_id->spi = spi; - sa_id->proto = protocol; - sa_id->family = dst->get_family(dst); + host2xfrm(id->dst, &sa_id->daddr); + sa_id->spi = id->spi; + sa_id->proto = id->proto; + sa_id->family = id->dst->get_family(id->dst); - if (!add_mark(hdr, sizeof(request), mark)) + if (!add_mark(hdr, sizeof(request), id->mark)) { return FAILED; } @@ -1795,30 +1888,21 @@ METHOD(kernel_ipsec_t, del_sa, status_t, switch (this->socket_xfrm->send_ack(this->socket_xfrm, hdr)) { case SUCCESS: - DBG2(DBG_KNL, "deleted SAD entry with SPI %.8x (mark %u/0x%08x)", - ntohl(spi), mark.value, mark.mask); + DBG2(DBG_KNL, "deleted SAD entry with SPI %.8x%s", + ntohl(id->spi), markstr); return SUCCESS; case NOT_FOUND: return NOT_FOUND; default: - if (mark.value) - { - DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x " - "(mark %u/0x%08x)", ntohl(spi), mark.value, mark.mask); - } - else - { - DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x", - ntohl(spi)); - } + DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x%s", + ntohl(id->spi), markstr); return FAILED; } } METHOD(kernel_ipsec_t, update_sa, status_t, - private_kernel_netlink_ipsec_t *this, u_int32_t spi, u_int8_t protocol, - u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, - bool old_encap, bool new_encap, mark_t mark) + private_kernel_netlink_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data) { netlink_buf_t request; struct nlmsghdr *hdr, *out = NULL; @@ -1831,19 +1915,33 @@ METHOD(kernel_ipsec_t, update_sa, status_t, struct xfrm_replay_state *replay = NULL; struct xfrm_replay_state_esn *replay_esn = NULL; struct xfrm_lifetime_cur *lifetime = NULL; - u_int32_t replay_esn_len = 0; + uint32_t replay_esn_len = 0; + kernel_ipsec_del_sa_t del = { 0 }; status_t status = FAILED; + char markstr[32] = ""; /* if IPComp is used, we first update the IPComp SA */ - if (cpi) - { - update_sa(this, htonl(ntohs(cpi)), IPPROTO_COMP, 0, - src, dst, new_src, new_dst, FALSE, FALSE, mark); + if (data->cpi) + { + kernel_ipsec_sa_id_t ipcomp_id = { + .src = id->src, + .dst = id->dst, + .spi = htonl(ntohs(data->cpi)), + .proto = IPPROTO_COMP, + .mark = id->mark, + }; + kernel_ipsec_update_sa_t ipcomp = { + .new_src = data->new_src, + .new_dst = data->new_dst, + }; + update_sa(this, &ipcomp_id, &ipcomp); } memset(&request, 0, sizeof(request)); + format_mark(markstr, sizeof(markstr), id->mark); - DBG2(DBG_KNL, "querying SAD entry with SPI %.8x for update", ntohl(spi)); + DBG2(DBG_KNL, "querying SAD entry with SPI %.8x%s for update", + ntohl(id->spi), markstr); /* query the existing SA first */ hdr = &request.hdr; @@ -1852,12 +1950,12 @@ METHOD(kernel_ipsec_t, update_sa, status_t, hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id)); sa_id = NLMSG_DATA(hdr); - host2xfrm(dst, &sa_id->daddr); - sa_id->spi = spi; - sa_id->proto = protocol; - sa_id->family = dst->get_family(dst); + host2xfrm(id->dst, &sa_id->daddr); + sa_id->spi = id->spi; + sa_id->proto = id->proto; + sa_id->family = id->dst->get_family(id->dst); - if (!add_mark(hdr, sizeof(request), mark)) + if (!add_mark(hdr, sizeof(request), id->mark)) { return FAILED; } @@ -1892,23 +1990,25 @@ METHOD(kernel_ipsec_t, update_sa, status_t, } if (out_sa == NULL) { - DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", ntohl(spi)); + DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x%s", + ntohl(id->spi), markstr); goto failed; } - get_replay_state(this, spi, protocol, dst, mark, &replay_esn, - &replay_esn_len, &replay, &lifetime); + get_replay_state(this, id, &replay_esn, &replay_esn_len, &replay, + &lifetime); /* delete the old SA (without affecting the IPComp SA) */ - if (del_sa(this, src, dst, spi, protocol, 0, mark) != SUCCESS) + if (del_sa(this, id, &del) != SUCCESS) { - DBG1(DBG_KNL, "unable to delete old SAD entry with SPI %.8x", - ntohl(spi)); + DBG1(DBG_KNL, "unable to delete old SAD entry with SPI %.8x%s", + ntohl(id->spi), markstr); goto failed; } - DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H", - ntohl(spi), src, dst, new_src, new_dst); + DBG2(DBG_KNL, "updating SAD entry with SPI %.8x%s from %#H..%#H to " + "%#H..%#H", ntohl(id->spi), markstr, id->src, id->dst, data->new_src, + data->new_dst); /* copy over the SA from out to request */ hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; @@ -1916,15 +2016,15 @@ METHOD(kernel_ipsec_t, update_sa, status_t, hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info)); sa = NLMSG_DATA(hdr); memcpy(sa, NLMSG_DATA(out), sizeof(struct xfrm_usersa_info)); - sa->family = new_dst->get_family(new_dst); + sa->family = data->new_dst->get_family(data->new_dst); - if (!src->ip_equals(src, new_src)) + if (!id->src->ip_equals(id->src, data->new_src)) { - host2xfrm(new_src, &sa->saddr); + host2xfrm(data->new_src, &sa->saddr); } - if (!dst->ip_equals(dst, new_dst)) + if (!id->dst->ip_equals(id->dst, data->new_dst)) { - host2xfrm(new_dst, &sa->id.daddr); + host2xfrm(data->new_dst, &sa->id.daddr); } rta = XFRM_RTA(out, struct xfrm_usersa_info); @@ -1932,13 +2032,13 @@ METHOD(kernel_ipsec_t, update_sa, status_t, while (RTA_OK(rta, rtasize)) { /* copy all attributes, but not XFRMA_ENCAP if we are disabling it */ - if (rta->rta_type != XFRMA_ENCAP || new_encap) + if (rta->rta_type != XFRMA_ENCAP || data->new_encap) { if (rta->rta_type == XFRMA_ENCAP) { /* update encap tmpl */ tmpl = RTA_DATA(rta); - tmpl->encap_sport = ntohs(new_src->get_port(new_src)); - tmpl->encap_dport = ntohs(new_dst->get_port(new_dst)); + tmpl->encap_sport = ntohs(data->new_src->get_port(data->new_src)); + tmpl->encap_dport = ntohs(data->new_dst->get_port(data->new_dst)); } netlink_add_attribute(hdr, rta->rta_type, chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)), @@ -1947,7 +2047,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t, rta = RTA_NEXT(rta, rtasize); } - if (tmpl == NULL && new_encap) + if (tmpl == NULL && data->new_encap) { /* add tmpl if we are enabling it */ tmpl = netlink_reserve(hdr, sizeof(request), XFRMA_ENCAP, sizeof(*tmpl)); if (!tmpl) @@ -1955,8 +2055,8 @@ METHOD(kernel_ipsec_t, update_sa, status_t, goto failed; } tmpl->encap_type = UDP_ENCAP_ESPINUDP; - tmpl->encap_sport = ntohs(new_src->get_port(new_src)); - tmpl->encap_dport = ntohs(new_dst->get_port(new_dst)); + tmpl->encap_sport = ntohs(data->new_src->get_port(data->new_src)); + tmpl->encap_dport = ntohs(data->new_dst->get_port(data->new_dst)); memset(&tmpl->encap_oa, 0, sizeof (xfrm_address_t)); } @@ -1987,7 +2087,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t, else { DBG1(DBG_KNL, "unable to copy replay state from old SAD entry with " - "SPI %.8x", ntohl(spi)); + "SPI %.8x%s", ntohl(id->spi), markstr); } if (lifetime) { @@ -2004,12 +2104,13 @@ METHOD(kernel_ipsec_t, update_sa, status_t, else { DBG1(DBG_KNL, "unable to copy usage stats from old SAD entry with " - "SPI %.8x", ntohl(spi)); + "SPI %.8x%s", ntohl(id->spi), markstr); } if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) { - DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", ntohl(spi)); + DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x%s", + ntohl(id->spi), markstr); goto failed; } @@ -2032,7 +2133,7 @@ METHOD(kernel_ipsec_t, flush_sas, status_t, struct nlmsghdr *hdr; struct xfrm_usersa_flush *flush; struct { - u_int8_t proto; + uint8_t proto; char *name; } protos[] = { { IPPROTO_AH, "AH" }, @@ -2065,6 +2166,118 @@ METHOD(kernel_ipsec_t, flush_sas, status_t, return SUCCESS; } +/** + * Unlock the mutex and signal waiting threads + */ +static void policy_change_done(private_kernel_netlink_ipsec_t *this, + policy_entry_t *policy) +{ + policy->working = FALSE; + if (policy->waiting) + { /* don't need to wake threads waiting for other policies */ + this->condvar->broadcast(this->condvar); + } + this->mutex->unlock(this->mutex); +} + +/** + * Install a route for the given policy if enabled and required + */ +static void install_route(private_kernel_netlink_ipsec_t *this, + policy_entry_t *policy, policy_sa_t *mapping, ipsec_sa_t *ipsec) +{ + policy_sa_out_t *out = (policy_sa_out_t*)mapping; + route_entry_t *route; + host_t *iface; + + INIT(route, + .prefixlen = policy->sel.prefixlen_d, + ); + + if (charon->kernel->get_address_by_ts(charon->kernel, out->src_ts, + &route->src_ip, NULL) == SUCCESS) + { + if (!ipsec->dst->is_anyaddr(ipsec->dst)) + { + route->gateway = charon->kernel->get_nexthop(charon->kernel, + ipsec->dst, -1, ipsec->src, + &route->if_name); + } + else + { /* for shunt policies */ + iface = xfrm2host(policy->sel.family, &policy->sel.daddr, 0); + route->gateway = charon->kernel->get_nexthop(charon->kernel, + iface, policy->sel.prefixlen_d, + route->src_ip, &route->if_name); + iface->destroy(iface); + } + route->dst_net = chunk_alloc(policy->sel.family == AF_INET ? 4 : 16); + memcpy(route->dst_net.ptr, &policy->sel.daddr, route->dst_net.len); + + /* get the interface to install the route for, if we haven't one yet. + * If we have a local address, use it. Otherwise (for shunt policies) + * use the route's source address. */ + if (!route->if_name) + { + iface = ipsec->src; + if (iface->is_anyaddr(iface)) + { + iface = route->src_ip; + } + if (!charon->kernel->get_interface(charon->kernel, iface, + &route->if_name)) + { + route_entry_destroy(route); + return; + } + } + if (policy->route) + { + route_entry_t *old = policy->route; + if (route_entry_equals(old, route)) + { + route_entry_destroy(route); + return; + } + /* uninstall previously installed route */ + if (charon->kernel->del_route(charon->kernel, old->dst_net, + old->prefixlen, old->gateway, + old->src_ip, old->if_name) != SUCCESS) + { + DBG1(DBG_KNL, "error uninstalling route installed with policy " + "%R === %R %N", out->src_ts, out->dst_ts, policy_dir_names, + policy->direction); + } + route_entry_destroy(old); + policy->route = NULL; + } + + DBG2(DBG_KNL, "installing route: %R via %H src %H dev %s", out->dst_ts, + route->gateway, route->src_ip, route->if_name); + switch (charon->kernel->add_route(charon->kernel, route->dst_net, + route->prefixlen, route->gateway, + route->src_ip, route->if_name)) + { + default: + DBG1(DBG_KNL, "unable to install source route for %H", + route->src_ip); + /* FALL */ + case ALREADY_DONE: + /* route exists, do not uninstall */ + route_entry_destroy(route); + break; + case SUCCESS: + /* cache the installed route */ + policy->route = route; + break; + } + } + else + { + free(route); + } +} + /** * Add or update a policy in the kernel. * @@ -2111,11 +2324,11 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this, policy_info->lft.soft_use_expires_seconds = 0; policy_info->lft.hard_use_expires_seconds = 0; - if (mapping->type == POLICY_IPSEC) + if (mapping->type == POLICY_IPSEC && ipsec->cfg.reqid) { struct xfrm_user_tmpl *tmpl; struct { - u_int8_t proto; + uint8_t proto; bool use; } protos[] = { { IPPROTO_COMP, ipsec->cfg.ipcomp.transform != IPCOMP_NONE }, @@ -2136,7 +2349,7 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this, count * sizeof(*tmpl)); if (!tmpl) { - this->mutex->unlock(this->mutex); + policy_change_done(this, policy); return FAILED; } @@ -2169,7 +2382,7 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this, if (!add_mark(hdr, sizeof(request), ipsec->mark)) { - this->mutex->unlock(this->mutex); + policy_change_done(this, policy); return FAILED; } this->mutex->unlock(this->mutex); @@ -2181,169 +2394,84 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this, hdr->nlmsg_type = XFRM_MSG_UPDPOLICY; status = this->socket_xfrm->send_ack(this->socket_xfrm, hdr); } + + this->mutex->lock(this->mutex); if (status != SUCCESS) { + policy_change_done(this, policy); return FAILED; } - - /* find the policy again */ - this->mutex->lock(this->mutex); - policy = this->policies->get(this->policies, &clone); - if (!policy || - policy->used_by->find_first(policy->used_by, - NULL, (void**)&mapping) != SUCCESS) - { /* policy or mapping is already gone, ignore */ - this->mutex->unlock(this->mutex); - return SUCCESS; - } - /* install a route, if: - * - this is a forward policy (to just get one for each child) - * - we are in tunnel/BEET mode or install a bypass policy + * - this is an outbound policy (to just get one for each child) * - routing is not disabled via strongswan.conf + * - the selector is not for a specific protocol/port + * - we are in tunnel/BEET mode or install a bypass policy */ - if (policy->direction == POLICY_FWD && this->install_routes && - (mapping->type != POLICY_IPSEC || ipsec->cfg.mode != MODE_TRANSPORT)) + if (policy->direction == POLICY_OUT && this->install_routes && + !policy->sel.proto && !policy->sel.dport && !policy->sel.sport) { - policy_sa_fwd_t *fwd = (policy_sa_fwd_t*)mapping; - route_entry_t *route; - host_t *iface; - - INIT(route, - .prefixlen = policy->sel.prefixlen_s, - ); - - if (charon->kernel->get_address_by_ts(charon->kernel, fwd->dst_ts, - &route->src_ip, NULL) == SUCCESS) - { - /* get the nexthop to src (src as we are in POLICY_FWD) */ - if (!ipsec->src->is_anyaddr(ipsec->src)) - { - route->gateway = charon->kernel->get_nexthop(charon->kernel, - ipsec->src, -1, ipsec->dst); - } - else - { /* for shunt policies */ - iface = xfrm2host(policy->sel.family, &policy->sel.saddr, 0); - route->gateway = charon->kernel->get_nexthop(charon->kernel, - iface, policy->sel.prefixlen_s, - route->src_ip); - iface->destroy(iface); - } - route->dst_net = chunk_alloc(policy->sel.family == AF_INET ? 4 : 16); - memcpy(route->dst_net.ptr, &policy->sel.saddr, route->dst_net.len); - - /* get the interface to install the route for. If we have a local - * address, use it. Otherwise (for shunt policies) use the - * routes source address. */ - iface = ipsec->dst; - if (iface->is_anyaddr(iface)) - { - iface = route->src_ip; - } - /* install route via outgoing interface */ - if (!charon->kernel->get_interface(charon->kernel, iface, - &route->if_name)) - { - this->mutex->unlock(this->mutex); - route_entry_destroy(route); - return SUCCESS; - } - - if (policy->route) - { - route_entry_t *old = policy->route; - if (route_entry_equals(old, route)) - { - this->mutex->unlock(this->mutex); - route_entry_destroy(route); - return SUCCESS; - } - /* uninstall previously installed route */ - if (charon->kernel->del_route(charon->kernel, old->dst_net, - old->prefixlen, old->gateway, - old->src_ip, old->if_name) != SUCCESS) - { - DBG1(DBG_KNL, "error uninstalling route installed with " - "policy %R === %R %N", fwd->src_ts, - fwd->dst_ts, policy_dir_names, - policy->direction); - } - route_entry_destroy(old); - policy->route = NULL; - } - - DBG2(DBG_KNL, "installing route: %R via %H src %H dev %s", - fwd->src_ts, route->gateway, route->src_ip, route->if_name); - switch (charon->kernel->add_route(charon->kernel, route->dst_net, - route->prefixlen, route->gateway, - route->src_ip, route->if_name)) - { - default: - DBG1(DBG_KNL, "unable to install source route for %H", - route->src_ip); - /* FALL */ - case ALREADY_DONE: - /* route exists, do not uninstall */ - route_entry_destroy(route); - break; - case SUCCESS: - /* cache the installed route */ - policy->route = route; - break; - } - } - else + if (mapping->type == POLICY_PASS || + (mapping->type == POLICY_IPSEC && ipsec->cfg.mode != MODE_TRANSPORT)) { - free(route); + install_route(this, policy, mapping, ipsec); } } - this->mutex->unlock(this->mutex); + policy_change_done(this, policy); return SUCCESS; } METHOD(kernel_ipsec_t, add_policy, status_t, - private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_kernel_netlink_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { policy_entry_t *policy, *current; policy_sa_t *assigned_sa, *current_sa; enumerator_t *enumerator; bool found = FALSE, update = TRUE; + char markstr[32] = ""; + uint32_t cur_priority = 0; + int use_count; /* create a policy */ INIT(policy, - .sel = ts2selector(src_ts, dst_ts), - .mark = mark.value & mark.mask, - .direction = direction, - .reqid = sa->reqid, + .sel = ts2selector(id->src_ts, id->dst_ts, id->interface), + .mark = id->mark.value & id->mark.mask, + .direction = id->dir, + .reqid = data->sa->reqid, ); + format_mark(markstr, sizeof(markstr), id->mark); /* find the policy, which matches EXACTLY */ this->mutex->lock(this->mutex); current = this->policies->get(this->policies, policy); if (current) { - if (current->reqid && sa->reqid && current->reqid != sa->reqid) + if (current->reqid && data->sa->reqid && + current->reqid != data->sa->reqid) { - DBG1(DBG_CFG, "unable to install policy %R === %R %N (mark " - "%u/0x%08x) for reqid %u, the same policy for reqid %u exists", - src_ts, dst_ts, policy_dir_names, direction, - mark.value, mark.mask, sa->reqid, current->reqid); + DBG1(DBG_CFG, "unable to install policy %R === %R %N%s for reqid " + "%u, the same policy for reqid %u exists", + id->src_ts, id->dst_ts, policy_dir_names, id->dir, markstr, + data->sa->reqid, current->reqid); policy_entry_destroy(this, policy); this->mutex->unlock(this->mutex); return INVALID_STATE; } /* use existing policy */ - DBG2(DBG_KNL, "policy %R === %R %N (mark %u/0x%08x) " - "already exists, increasing refcount", - src_ts, dst_ts, policy_dir_names, direction, - mark.value, mark.mask); + DBG2(DBG_KNL, "policy %R === %R %N%s already exists, increasing " + "refcount", id->src_ts, id->dst_ts, policy_dir_names, id->dir, + markstr); policy_entry_destroy(this, policy); policy = current; found = TRUE; + + policy->waiting++; + while (policy->working) + { + this->condvar->wait(this->condvar, this->mutex); + } + policy->waiting--; + policy->working = TRUE; } else { /* use the new one, if we have no such policy */ @@ -2352,28 +2480,52 @@ METHOD(kernel_ipsec_t, add_policy, status_t, } /* cache the assigned IPsec SA */ - assigned_sa = policy_sa_create(this, direction, type, src, dst, src_ts, - dst_ts, mark, sa); - assigned_sa->priority = get_priority(policy, priority); + assigned_sa = policy_sa_create(this, id->dir, data->type, data->src, + data->dst, id->src_ts, id->dst_ts, id->mark, data->sa); + assigned_sa->auto_priority = get_priority(policy, data->prio, id->interface); + assigned_sa->priority = this->get_priority ? this->get_priority(id, data) + : data->manual_prio; + assigned_sa->priority = assigned_sa->priority ?: assigned_sa->auto_priority; /* insert the SA according to its priority */ enumerator = policy->used_by->create_enumerator(policy->used_by); while (enumerator->enumerate(enumerator, (void**)¤t_sa)) { - if (current_sa->priority >= assigned_sa->priority) + if (current_sa->priority > assigned_sa->priority) { break; } - update = FALSE; + if (current_sa->priority == assigned_sa->priority) + { + /* in case of equal manual prios order SAs by automatic priority */ + if (current_sa->auto_priority > assigned_sa->auto_priority) + { + break; + } + /* prefer SAs with a reqid over those without */ + if (current_sa->auto_priority == assigned_sa->auto_priority && + (!current_sa->sa->cfg.reqid || assigned_sa->sa->cfg.reqid)) + { + break; + } + } + if (update) + { + cur_priority = current_sa->priority; + update = FALSE; + } } - policy->used_by->insert_before(policy->used_by, enumerator, - assigned_sa); + policy->used_by->insert_before(policy->used_by, enumerator, assigned_sa); enumerator->destroy(enumerator); + use_count = policy->used_by->get_count(policy->used_by); if (!update) { /* we don't update the policy if the priority is lower than that of * the currently installed one */ - this->mutex->unlock(this->mutex); + policy_change_done(this, policy); + DBG2(DBG_KNL, "not updating policy %R === %R %N%s [priority %u," + "refcount %d]", id->src_ts, id->dst_ts, policy_dir_names, + id->dir, markstr, cur_priority, use_count); return SUCCESS; } @@ -2382,36 +2534,36 @@ METHOD(kernel_ipsec_t, add_policy, status_t, found = TRUE; } - DBG2(DBG_KNL, "%s policy %R === %R %N (mark %u/0x%08x)", - found ? "updating" : "adding", src_ts, dst_ts, - policy_dir_names, direction, mark.value, mark.mask); + DBG2(DBG_KNL, "%s policy %R === %R %N%s [priority %u, refcount %d]", + found ? "updating" : "adding", id->src_ts, id->dst_ts, + policy_dir_names, id->dir, markstr, assigned_sa->priority, use_count); if (add_policy_internal(this, policy, assigned_sa, found) != SUCCESS) { - DBG1(DBG_KNL, "unable to %s policy %R === %R %N", - found ? "update" : "add", src_ts, dst_ts, - policy_dir_names, direction); + DBG1(DBG_KNL, "unable to %s policy %R === %R %N%s", + found ? "update" : "add", id->src_ts, id->dst_ts, + policy_dir_names, id->dir, markstr); return FAILED; } return SUCCESS; } METHOD(kernel_ipsec_t, query_policy, status_t, - private_kernel_netlink_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - time_t *use_time) + private_kernel_netlink_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, time_t *use_time) { netlink_buf_t request; struct nlmsghdr *out = NULL, *hdr; struct xfrm_userpolicy_id *policy_id; struct xfrm_userpolicy_info *policy = NULL; size_t len; + char markstr[32] = ""; memset(&request, 0, sizeof(request)); + format_mark(markstr, sizeof(markstr), id->mark); - DBG2(DBG_KNL, "querying policy %R === %R %N (mark %u/0x%08x)", - src_ts, dst_ts, policy_dir_names, direction, - mark.value, mark.mask); + DBG2(DBG_KNL, "querying policy %R === %R %N%s", id->src_ts, id->dst_ts, + policy_dir_names, id->dir, markstr); hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST; @@ -2419,10 +2571,10 @@ METHOD(kernel_ipsec_t, query_policy, status_t, hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_userpolicy_id)); policy_id = NLMSG_DATA(hdr); - policy_id->sel = ts2selector(src_ts, dst_ts); - policy_id->dir = direction; + policy_id->sel = ts2selector(id->src_ts, id->dst_ts, id->interface); + policy_id->dir = id->dir; - if (!add_mark(hdr, sizeof(request), mark)) + if (!add_mark(hdr, sizeof(request), id->mark)) { return FAILED; } @@ -2443,7 +2595,7 @@ METHOD(kernel_ipsec_t, query_policy, status_t, { struct nlmsgerr *err = NLMSG_DATA(hdr); DBG1(DBG_KNL, "querying policy failed: %s (%d)", - strerror(-err->error), -err->error); + strerror(-err->error), -err->error); break; } default: @@ -2458,8 +2610,8 @@ METHOD(kernel_ipsec_t, query_policy, status_t, if (policy == NULL) { - DBG2(DBG_KNL, "unable to query policy %R === %R %N", src_ts, dst_ts, - policy_dir_names, direction); + DBG2(DBG_KNL, "unable to query policy %R === %R %N%s", id->src_ts, + id->dst_ts, policy_dir_names, id->dir, markstr); free(out); return FAILED; } @@ -2479,10 +2631,8 @@ METHOD(kernel_ipsec_t, query_policy, status_t, } METHOD(kernel_ipsec_t, del_policy, status_t, - private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t prio) + private_kernel_netlink_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { policy_entry_t *current, policy; enumerator_t *enumerator; @@ -2491,78 +2641,94 @@ METHOD(kernel_ipsec_t, del_policy, status_t, struct nlmsghdr *hdr; struct xfrm_userpolicy_id *policy_id; bool is_installed = TRUE; - u_int32_t priority; + uint32_t priority, auto_priority, cur_priority; ipsec_sa_t assigned_sa = { - .src = src, - .dst = dst, - .mark = mark, - .cfg = *sa, + .src = data->src, + .dst = data->dst, + .mark = id->mark, + .cfg = *data->sa, }; + char markstr[32] = ""; + int use_count; + status_t status = SUCCESS; - DBG2(DBG_KNL, "deleting policy %R === %R %N (mark %u/0x%08x)", - src_ts, dst_ts, policy_dir_names, direction, - mark.value, mark.mask); + format_mark(markstr, sizeof(markstr), id->mark); + + DBG2(DBG_KNL, "deleting policy %R === %R %N%s", id->src_ts, id->dst_ts, + policy_dir_names, id->dir, markstr); /* create a policy */ memset(&policy, 0, sizeof(policy_entry_t)); - policy.sel = ts2selector(src_ts, dst_ts); - policy.mark = mark.value & mark.mask; - policy.direction = direction; + policy.sel = ts2selector(id->src_ts, id->dst_ts, id->interface); + policy.mark = id->mark.value & id->mark.mask; + policy.direction = id->dir; /* find the policy */ this->mutex->lock(this->mutex); current = this->policies->get(this->policies, &policy); if (!current) { - if (mark.value) - { - DBG1(DBG_KNL, "deleting policy %R === %R %N (mark %u/0x%08x) " - "failed, not found", src_ts, dst_ts, policy_dir_names, - direction, mark.value, mark.mask); - } - else - { - DBG1(DBG_KNL, "deleting policy %R === %R %N failed, not found", - src_ts, dst_ts, policy_dir_names, direction); - } + DBG1(DBG_KNL, "deleting policy %R === %R %N%s failed, not found", + id->src_ts, id->dst_ts, policy_dir_names, id->dir, markstr); this->mutex->unlock(this->mutex); return NOT_FOUND; } + current->waiting++; + while (current->working) + { + this->condvar->wait(this->condvar, this->mutex); + } + current->working = TRUE; + current->waiting--; /* remove mapping to SA by reqid and priority */ - priority = get_priority(current, prio); + auto_priority = get_priority(current, data->prio,id->interface); + priority = this->get_priority ? this->get_priority(id, data) + : data->manual_prio; + priority = priority ?: auto_priority; + enumerator = current->used_by->create_enumerator(current->used_by); while (enumerator->enumerate(enumerator, (void**)&mapping)) { - if (priority == mapping->priority && type == mapping->type && + if (priority == mapping->priority && + auto_priority == mapping->auto_priority && + data->type == mapping->type && ipsec_sa_equals(mapping->sa, &assigned_sa)) { current->used_by->remove_at(current->used_by, enumerator); - policy_sa_destroy(mapping, &direction, this); + policy_sa_destroy(mapping, &id->dir, this); break; } - is_installed = FALSE; + if (is_installed) + { + cur_priority = mapping->priority; + is_installed = FALSE; + } } enumerator->destroy(enumerator); - if (current->used_by->get_count(current->used_by) > 0) + use_count = current->used_by->get_count(current->used_by); + if (use_count > 0) { /* policy is used by more SAs, keep in kernel */ DBG2(DBG_KNL, "policy still used by another CHILD_SA, not removed"); if (!is_installed) { /* no need to update as the policy was not installed for this SA */ - this->mutex->unlock(this->mutex); + policy_change_done(this, current); + DBG2(DBG_KNL, "not updating policy %R === %R %N%s [priority %u, " + "refcount %d]", id->src_ts, id->dst_ts, policy_dir_names, + id->dir, markstr, cur_priority, use_count); return SUCCESS; } + current->used_by->get_first(current->used_by, (void**)&mapping); - DBG2(DBG_KNL, "updating policy %R === %R %N (mark %u/0x%08x)", - src_ts, dst_ts, policy_dir_names, direction, - mark.value, mark.mask); + DBG2(DBG_KNL, "updating policy %R === %R %N%s [priority %u, " + "refcount %d]", id->src_ts, id->dst_ts, policy_dir_names, id->dir, + markstr, mapping->priority, use_count); - current->used_by->get_first(current->used_by, (void**)&mapping); if (add_policy_internal(this, current, mapping, TRUE) != SUCCESS) { - DBG1(DBG_KNL, "unable to update policy %R === %R %N", - src_ts, dst_ts, policy_dir_names, direction); + DBG1(DBG_KNL, "unable to update policy %R === %R %N%s", + id->src_ts, id->dst_ts, policy_dir_names, id->dir, markstr); return FAILED; } return SUCCESS; @@ -2577,11 +2743,11 @@ METHOD(kernel_ipsec_t, del_policy, status_t, policy_id = NLMSG_DATA(hdr); policy_id->sel = current->sel; - policy_id->dir = direction; + policy_id->dir = id->dir; - if (!add_mark(hdr, sizeof(request), mark)) + if (!add_mark(hdr, sizeof(request), id->mark)) { - this->mutex->unlock(this->mutex); + policy_change_done(this, current); return FAILED; } @@ -2592,32 +2758,32 @@ METHOD(kernel_ipsec_t, del_policy, status_t, route->prefixlen, route->gateway, route->src_ip, route->if_name) != SUCCESS) { - DBG1(DBG_KNL, "error uninstalling route installed with " - "policy %R === %R %N", src_ts, dst_ts, - policy_dir_names, direction); + DBG1(DBG_KNL, "error uninstalling route installed with policy " + "%R === %R %N%s", id->src_ts, id->dst_ts, policy_dir_names, + id->dir, markstr); } } - - this->policies->remove(this->policies, current); - policy_entry_destroy(this, current); this->mutex->unlock(this->mutex); if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) { - if (mark.value) - { - DBG1(DBG_KNL, "unable to delete policy %R === %R %N " - "(mark %u/0x%08x)", src_ts, dst_ts, policy_dir_names, - direction, mark.value, mark.mask); - } - else - { - DBG1(DBG_KNL, "unable to delete policy %R === %R %N", - src_ts, dst_ts, policy_dir_names, direction); - } - return FAILED; + DBG1(DBG_KNL, "unable to delete policy %R === %R %N%s", id->src_ts, + id->dst_ts, policy_dir_names, id->dir, markstr); + status = FAILED; } - return SUCCESS; + + this->mutex->lock(this->mutex); + if (!current->waiting) + { /* only if no other thread still needs the policy */ + this->policies->remove(this->policies, current); + policy_entry_destroy(this, current); + this->mutex->unlock(this->mutex); + } + else + { + policy_change_done(this, current); + } + return status; } METHOD(kernel_ipsec_t, flush_policies, status_t, @@ -2676,15 +2842,15 @@ static bool add_socket_bypass(private_kernel_netlink_ipsec_t *this, policy.dir = XFRM_POLICY_OUT; if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0) { - DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s", - strerror(errno)); + DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s (%d)", + strerror(errno), errno); return FALSE; } policy.dir = XFRM_POLICY_IN; if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0) { - DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s", - strerror(errno)); + DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s (%d)", + strerror(errno), errno); return FALSE; } return TRUE; @@ -2699,7 +2865,7 @@ typedef struct { /** layer 4 protocol */ int proto; /** port number, network order */ - u_int16_t port; + uint16_t port; } bypass_t; /** @@ -2839,7 +3005,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool, } METHOD(kernel_ipsec_t, enable_udp_decap, bool, - private_kernel_netlink_ipsec_t *this, int fd, int family, u_int16_t port) + private_kernel_netlink_ipsec_t *this, int fd, int family, uint16_t port) { int type = UDP_ENCAP_ESPINUDP; @@ -2873,6 +3039,7 @@ METHOD(kernel_ipsec_t, destroy, void, enumerator->destroy(enumerator); this->policies->destroy(this->policies); this->sas->destroy(this->sas); + this->condvar->destroy(this->condvar); this->mutex->destroy(this->mutex); free(this); } @@ -2912,6 +3079,9 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() (hashtable_equals_t)ipsec_sa_equals, 32), .bypass = array_create(sizeof(bypass_t), 0), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), + .get_priority = dlsym(RTLD_DEFAULT, + "kernel_netlink_get_priority_custom"), .policy_update = lib->settings->get_bool(lib->settings, "%s.plugins.kernel-netlink.policy_update", FALSE, lib->ns), .install_routes = lib->settings->get_bool(lib->settings, @@ -2955,7 +3125,8 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() this->socket_xfrm_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM); if (this->socket_xfrm_events <= 0) { - DBG1(DBG_KNL, "unable to create XFRM event socket"); + DBG1(DBG_KNL, "unable to create XFRM event socket: %s (%d)", + strerror(errno), errno); destroy(this); return NULL; } @@ -2963,7 +3134,8 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() XFRMNLGRP(MIGRATE) | XFRMNLGRP(MAPPING); if (bind(this->socket_xfrm_events, (struct sockaddr*)&addr, sizeof(addr))) { - DBG1(DBG_KNL, "unable to bind XFRM event socket"); + DBG1(DBG_KNL, "unable to bind XFRM event socket: %s (%d)", + strerror(errno), errno); destroy(this); return NULL; } diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c index f4394a14f..93c2ccccb 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2008-2014 Tobias Brunner + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -278,7 +278,7 @@ struct route_entry_t { chunk_t dst_net; /** Destination net prefixlen */ - u_int8_t prefixlen; + uint8_t prefixlen; }; /** @@ -513,12 +513,12 @@ struct private_kernel_netlink_net_t { /** * MTU to set on installed routes */ - u_int32_t mtu; + uint32_t mtu; /** * MSS to set on installed routes */ - u_int32_t mss; + uint32_t mss; }; /** @@ -526,7 +526,7 @@ struct private_kernel_netlink_net_t { */ static status_t manage_srcroute(private_kernel_netlink_net_t *this, int nlmsg_type, int flags, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, + uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name); /** @@ -1217,7 +1217,7 @@ static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *h struct rtmsg* msg = NLMSG_DATA(hdr); struct rtattr *rta = RTM_RTA(msg); size_t rtasize = RTM_PAYLOAD(hdr); - u_int32_t rta_oif = 0; + uint32_t rta_oif = 0; host_t *host = NULL; /* ignore routes added by us or in the local routing table (local addrs) */ @@ -1243,7 +1243,7 @@ static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *h case RTA_OIF: if (RTA_PAYLOAD(rta) == sizeof(rta_oif)) { - rta_oif = *(u_int32_t*)RTA_DATA(rta); + rta_oif = *(uint32_t*)RTA_DATA(rta); } break; } @@ -1297,7 +1297,8 @@ static bool receive_events(private_kernel_netlink_net_t *this, int fd, /* no data ready, select again */ return TRUE; default: - DBG1(DBG_KNL, "unable to receive from rt event socket"); + DBG1(DBG_KNL, "unable to receive from RT event socket %s (%d)", + strerror(errno), errno); sleep(1); return TRUE; } @@ -1500,6 +1501,32 @@ static int get_interface_index(private_kernel_netlink_net_t *this, char* name) return ifindex; } +/** + * get the name of an interface by index (allocated) + */ +static char *get_interface_name_by_index(private_kernel_netlink_net_t *this, + int index) +{ + iface_entry_t *iface; + char *name = NULL; + + DBG2(DBG_KNL, "getting iface name for index %d", index); + + this->lock->read_lock(this->lock); + if (this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_index, + (void**)&iface, &index) == SUCCESS) + { + name = strdup(iface->ifname); + } + this->lock->unlock(this->lock); + + if (!name) + { + DBG1(DBG_KNL, "unable to get interface name for %d", index); + } + return name; +} + /** * check if an address or net (addr with prefix net bits) is in * subnet (net with net_len net bits) @@ -1545,10 +1572,10 @@ typedef struct { chunk_t src; chunk_t dst; host_t *src_host; - u_int8_t dst_len; - u_int32_t table; - u_int32_t oif; - u_int32_t priority; + uint8_t dst_len; + uint32_t table; + uint32_t oif; + uint32_t priority; } rt_entry_t; /** @@ -1630,20 +1657,20 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route) case RTA_OIF: if (RTA_PAYLOAD(rta) == sizeof(route->oif)) { - route->oif = *(u_int32_t*)RTA_DATA(rta); + route->oif = *(uint32_t*)RTA_DATA(rta); } break; case RTA_PRIORITY: if (RTA_PAYLOAD(rta) == sizeof(route->priority)) { - route->priority = *(u_int32_t*)RTA_DATA(rta); + route->priority = *(uint32_t*)RTA_DATA(rta); } break; #ifdef HAVE_RTA_TABLE case RTA_TABLE: if (RTA_PAYLOAD(rta) == sizeof(route->table)) { - route->table = *(u_int32_t*)RTA_DATA(rta); + route->table = *(uint32_t*)RTA_DATA(rta); } break; #endif /* HAVE_RTA_TABLE*/ @@ -1658,7 +1685,7 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route) */ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, int prefix, bool nexthop, host_t *candidate, - u_int recursion) + char **iface, u_int recursion) { netlink_buf_t request; struct nlmsghdr *hdr, *out, *current; @@ -1774,16 +1801,16 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, } route->src_host = src; } - /* insert route, sorted by priority and network prefix */ + /* insert route, sorted by network prefix and priority */ enumerator = routes->create_enumerator(routes); while (enumerator->enumerate(enumerator, &other)) { - if (route->priority < other->priority) + if (route->dst_len > other->dst_len) { break; } - if (route->priority == other->priority && - route->dst_len > other->dst_len) + if (route->dst_len == other->dst_len && + route->priority < other->priority) { break; } @@ -1860,7 +1887,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, if (gtw && !gtw->ip_equals(gtw, dest)) { route->src_host = get_route(this, gtw, -1, FALSE, candidate, - recursion + 1); + iface, recursion + 1); } DESTROY_IF(gtw); if (route->src_host) @@ -1878,10 +1905,18 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, enumerator->destroy(enumerator); if (nexthop) - { /* nexthop lookup, return gateway if any */ + { /* nexthop lookup, return gateway and oif if any */ + if (iface) + { + *iface = NULL; + } if (best || routes->get_first(routes, (void**)&best) == SUCCESS) { addr = host_create_from_chunk(msg->rtm_family, best->gtw, 0); + if (iface && route->oif) + { + *iface = get_interface_name_by_index(this, route->oif); + } } if (!addr && !match_net) { /* fallback to destination address */ @@ -1901,8 +1936,16 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, if (addr) { - DBG2(DBG_KNL, "using %H as %s to reach %H/%d", addr, - nexthop ? "nexthop" : "address", dest, prefix); + if (nexthop && iface && *iface) + { + DBG2(DBG_KNL, "using %H as nexthop and %s as dev to reach %H/%d", + addr, *iface, dest, prefix); + } + else + { + DBG2(DBG_KNL, "using %H as %s to reach %H/%d", addr, + nexthop ? "nexthop" : "address", dest, prefix); + } } else if (!recursion) { @@ -1915,13 +1958,14 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, METHOD(kernel_net_t, get_source_addr, host_t*, private_kernel_netlink_net_t *this, host_t *dest, host_t *src) { - return get_route(this, dest, -1, FALSE, src, 0); + return get_route(this, dest, -1, FALSE, src, NULL, 0); } METHOD(kernel_net_t, get_nexthop, host_t*, - private_kernel_netlink_net_t *this, host_t *dest, int prefix, host_t *src) + private_kernel_netlink_net_t *this, host_t *dest, int prefix, host_t *src, + char **iface) { - return get_route(this, dest, prefix, TRUE, src, 0); + return get_route(this, dest, prefix, TRUE, src, iface, 0); } /** @@ -2144,7 +2188,7 @@ METHOD(kernel_net_t, del_ip, status_t, */ static status_t manage_srcroute(private_kernel_netlink_net_t *this, int nlmsg_type, int flags, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, + uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) { netlink_buf_t request; @@ -2160,7 +2204,7 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, if (this->routing_table == 0 && prefixlen == 0) { chunk_t half_net; - u_int8_t half_prefixlen; + uint8_t half_prefixlen; status_t status; half_net = chunk_alloca(dst_net.len); @@ -2206,22 +2250,22 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, if (this->mtu || this->mss) { chunk = chunk_alloca(RTA_LENGTH((sizeof(struct rtattr) + - sizeof(u_int32_t)) * 2)); + sizeof(uint32_t)) * 2)); chunk.len = 0; rta = (struct rtattr*)chunk.ptr; if (this->mtu) { rta->rta_type = RTAX_MTU; - rta->rta_len = RTA_LENGTH(sizeof(u_int32_t)); - memcpy(RTA_DATA(rta), &this->mtu, sizeof(u_int32_t)); + rta->rta_len = RTA_LENGTH(sizeof(uint32_t)); + memcpy(RTA_DATA(rta), &this->mtu, sizeof(uint32_t)); chunk.len = rta->rta_len; } if (this->mss) { rta = (struct rtattr*)(chunk.ptr + RTA_ALIGN(chunk.len)); rta->rta_type = RTAX_ADVMSS; - rta->rta_len = RTA_LENGTH(sizeof(u_int32_t)); - memcpy(RTA_DATA(rta), &this->mss, sizeof(u_int32_t)); + rta->rta_len = RTA_LENGTH(sizeof(uint32_t)); + memcpy(RTA_DATA(rta), &this->mss, sizeof(uint32_t)); chunk.len = RTA_ALIGN(chunk.len) + rta->rta_len; } netlink_add_attribute(hdr, RTA_METRICS, chunk, sizeof(request)); @@ -2231,7 +2275,7 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, } METHOD(kernel_net_t, add_route, status_t, - private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen, + private_kernel_netlink_net_t *this, chunk_t dst_net, uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) { status_t status; @@ -2262,7 +2306,7 @@ METHOD(kernel_net_t, add_route, status_t, } METHOD(kernel_net_t, del_route, status_t, - private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen, + private_kernel_netlink_net_t *this, chunk_t dst_net, uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) { status_t status; @@ -2384,7 +2428,7 @@ static status_t init_address_list(private_kernel_netlink_net_t *this) * create or delete a rule to use our routing table */ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type, - int family, u_int32_t table, u_int32_t prio) + int family, uint32_t table, uint32_t prio) { netlink_buf_t request; struct nlmsghdr *hdr; @@ -2644,7 +2688,8 @@ kernel_netlink_net_t *kernel_netlink_net_create() this->socket_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); if (this->socket_events < 0) { - DBG1(DBG_KNL, "unable to create RT event socket"); + DBG1(DBG_KNL, "unable to create RT event socket: %s (%d)", + strerror(errno), errno); destroy(this); return NULL; } @@ -2652,7 +2697,8 @@ kernel_netlink_net_t *kernel_netlink_net_create() RTMGRP_IPV4_ROUTE | RTMGRP_IPV6_ROUTE | RTMGRP_LINK; if (bind(this->socket_events, (struct sockaddr*)&addr, sizeof(addr))) { - DBG1(DBG_KNL, "unable to bind RT event socket"); + DBG1(DBG_KNL, "unable to bind RT event socket: %s (%d)", + strerror(errno), errno); destroy(this); return NULL; } diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c index f7ce992a3..7165b655b 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c @@ -309,7 +309,7 @@ static status_t send_once(private_netlink_socket_t *this, struct nlmsghdr *in, while (!entry->complete) { if (this->parallel && - lib->watcher->get_state(lib->watcher) == WATCHER_RUNNING) + lib->watcher->get_state(lib->watcher) != WATCHER_STOPPED) { if (this->timeout) { @@ -594,13 +594,15 @@ netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names, } if (this->socket == -1) { - DBG1(DBG_KNL, "unable to create netlink socket"); + DBG1(DBG_KNL, "unable to create netlink socket: %s (%d)", + strerror(errno), errno); destroy(this); return NULL; } if (bind(this->socket, (struct sockaddr*)&addr, sizeof(addr))) { - DBG1(DBG_KNL, "unable to bind netlink socket"); + DBG1(DBG_KNL, "unable to bind netlink socket: %s (%d)", + strerror(errno), errno); destroy(this); return NULL; } diff --git a/src/libcharon/plugins/kernel_pfkey/Makefile.in b/src/libcharon/plugins/kernel_pfkey/Makefile.in index f2876a272..8866f13d4 100644 --- a/src/libcharon/plugins/kernel_pfkey/Makefile.in +++ b/src/libcharon/plugins/kernel_pfkey/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/kernel_pfkey -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfkey/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfkey/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index d505f1c33..1b22ea549 100644 --- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2008-2015 Tobias Brunner + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2008 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -141,17 +141,17 @@ #define SOL_UDP IPPROTO_UDP #endif -/** base priority for installed policies */ -#define PRIO_BASE 384 +/** Base priority for installed policies */ +#define PRIO_BASE 100000 #ifdef __APPLE__ /** from xnu/bsd/net/pfkeyv2.h */ #define SADB_X_EXT_NATT 0x002 struct sadb_sa_2 { struct sadb_sa sa; - u_int16_t sadb_sa_natt_port; - u_int16_t sadb_reserved0; - u_int32_t sadb_reserved1; + uint16_t sadb_sa_natt_port; + uint16_t sadb_reserved0; + uint32_t sadb_reserved1; }; #endif @@ -286,7 +286,7 @@ struct route_entry_t { chunk_t dst_net; /** destination net prefixlen */ - u_int8_t prefixlen; + uint8_t prefixlen; /** reference to exclude route, if any */ exclude_route_t *exclude; @@ -352,7 +352,7 @@ static bool ipsec_sa_equals(ipsec_sa_t *sa, ipsec_sa_t *other_sa) { return sa->src->ip_equals(sa->src, other_sa->src) && sa->dst->ip_equals(sa->dst, other_sa->dst) && - memeq(&sa->cfg, &other_sa->cfg, sizeof(ipsec_sa_cfg_t)); + ipsec_sa_cfg_equals(&sa->cfg, &other_sa->cfg); } /** @@ -400,14 +400,17 @@ static void ipsec_sa_destroy(private_kernel_pfkey_ipsec_t *this, } typedef struct policy_sa_t policy_sa_t; -typedef struct policy_sa_in_t policy_sa_in_t; +typedef struct policy_sa_out_t policy_sa_out_t; /** * Mapping between a policy and an IPsec SA. */ struct policy_sa_t { /** Priority assigned to the policy when installed with this SA */ - u_int32_t priority; + uint32_t priority; + + /** Base priority assigned to the policy when installed with this SA */ + uint32_t auto_priority; /** Type of the policy */ policy_type_t type; @@ -417,10 +420,10 @@ struct policy_sa_t { }; /** - * For input policies we also cache the traffic selectors in order to install + * For outbound policies we also cache the traffic selectors in order to install * the route. */ -struct policy_sa_in_t { +struct policy_sa_out_t { /** Generic interface */ policy_sa_t generic; @@ -440,14 +443,14 @@ static policy_sa_t *policy_sa_create(private_kernel_pfkey_ipsec_t *this, { policy_sa_t *policy; - if (dir == POLICY_IN) + if (dir == POLICY_OUT) { - policy_sa_in_t *in; - INIT(in, + policy_sa_out_t *out; + INIT(out, .src_ts = src_ts->clone(src_ts), .dst_ts = dst_ts->clone(dst_ts), ); - policy = &in->generic; + policy = &out->generic; } else { @@ -464,11 +467,11 @@ static policy_sa_t *policy_sa_create(private_kernel_pfkey_ipsec_t *this, static void policy_sa_destroy(policy_sa_t *policy, policy_dir_t *dir, private_kernel_pfkey_ipsec_t *this) { - if (*dir == POLICY_IN) + if (*dir == POLICY_OUT) { - policy_sa_in_t *in = (policy_sa_in_t*)policy; - in->src_ts->destroy(in->src_ts); - in->dst_ts->destroy(in->dst_ts); + policy_sa_out_t *out = (policy_sa_out_t*)policy; + out->src_ts->destroy(out->src_ts); + out->dst_ts->destroy(out->dst_ts); } ipsec_sa_destroy(this, policy->sa); free(policy); @@ -481,19 +484,19 @@ typedef struct policy_entry_t policy_entry_t; */ struct policy_entry_t { /** Index assigned by the kernel */ - u_int32_t index; + uint32_t index; /** Direction of this policy: in, out, forward */ - u_int8_t direction; + uint8_t direction; /** Parameters of installed policy */ struct { /** Subnet and port */ host_t *net; /** Subnet mask */ - u_int8_t mask; + uint8_t mask; /** Protocol */ - u_int8_t proto; + uint8_t proto; } src, dst; /** Associated route installed for this policy */ @@ -514,8 +517,8 @@ static policy_entry_t *create_policy_entry(traffic_selector_t *src_ts, INIT(policy, .direction = dir, ); - u_int16_t port; - u_int8_t proto; + uint16_t port; + uint8_t proto; src_ts->to_subnet(src_ts, &policy->src.net, &policy->src.mask); dst_ts->to_subnet(dst_ts, &policy->dst.net, &policy->dst.mask); @@ -583,40 +586,51 @@ static inline bool policy_entry_equals(policy_entry_t *current, * compare the given kernel index with that of a policy */ static inline bool policy_entry_match_byindex(policy_entry_t *current, - u_int32_t *index) + uint32_t *index) { return current->index == *index; } /** * Calculate the priority of a policy + * + * This is the same formula we use in the kernel-netlink interface, but some + * features are currently not or only partially supported by PF_KEY. + * + * bits 0-0: reserved for interface restriction (0..1) 1 bit + * bits 1-6: src + dst port mask bits (2 * 0..16) 6 bits + * bits 7-7: restriction to protocol (0..1) 1 bit + * bits 8-16: src + dst network mask bits (2 * 0..128) 9 bits + * 17 bits + * + * smallest value: 000000000 0 000000 0: 0, lowest priority = 100'000 + * largest value : 100000000 1 100000 0: 65'728, highst priority = 34'272 */ -static inline u_int32_t get_priority(policy_entry_t *policy, +static inline uint32_t get_priority(policy_entry_t *policy, policy_priority_t prio) { - u_int32_t priority = PRIO_BASE; + uint32_t priority = PRIO_BASE; + switch (prio) { case POLICY_PRIORITY_FALLBACK: - priority <<= 1; + priority += PRIO_BASE; /* fall-through */ case POLICY_PRIORITY_ROUTED: - priority <<= 1; + priority += PRIO_BASE; /* fall-through */ case POLICY_PRIORITY_DEFAULT: - priority <<= 1; - /* fall-trough */ + priority += PRIO_BASE; + /* fall-through */ case POLICY_PRIORITY_PASS: break; } - /* calculate priority based on selector size, small size = high prio */ - priority -= policy->src.mask; - priority -= policy->dst.mask; - priority <<= 2; /* make some room for the two flags */ - priority += policy->src.net->get_port(policy->src.net) || - policy->dst.net->get_port(policy->dst.net) ? - 0 : 2; - priority += policy->src.proto != IPSEC_PROTO_ANY ? 0 : 1; + + /* calculate priority */ + priority -= (policy->src.mask + policy->dst.mask) * 256; + priority -= policy->src.proto != IPSEC_PROTO_ANY ? 128 : 0; + priority -= policy->src.net->get_port(policy->src.net) ? 32 : 0; + priority -= policy->dst.net->get_port(policy->dst.net) ? 32 : 0; return priority; } @@ -697,7 +711,7 @@ ENUM(sadb_ext_type_names, SADB_EXT_RESERVED, SADB_EXT_MAX, /** * convert a protocol identifier to the PF_KEY sa type */ -static u_int8_t proto2satype(u_int8_t proto) +static uint8_t proto2satype(uint8_t proto) { switch (proto) { @@ -715,7 +729,7 @@ static u_int8_t proto2satype(u_int8_t proto) /** * convert a PF_KEY sa type to a protocol identifier */ -static u_int8_t satype2proto(u_int8_t satype) +static uint8_t satype2proto(uint8_t satype) { switch (satype) { @@ -733,7 +747,7 @@ static u_int8_t satype2proto(u_int8_t satype) /** * convert the general ipsec mode to the one defined in ipsec.h */ -static u_int8_t mode2kernel(ipsec_mode_t mode) +static uint8_t mode2kernel(ipsec_mode_t mode) { switch (mode) { @@ -753,7 +767,7 @@ static u_int8_t mode2kernel(ipsec_mode_t mode) /** * convert the general policy direction to the one defined in ipsec.h */ -static u_int8_t dir2kernel(policy_dir_t dir) +static uint8_t dir2kernel(policy_dir_t dir) { switch (dir) { @@ -773,7 +787,7 @@ static u_int8_t dir2kernel(policy_dir_t dir) /** * convert the policy type to the one defined in ipsec.h */ -static inline u_int16_t type2kernel(policy_type_t type) +static inline uint16_t type2kernel(policy_type_t type) { switch (type) { @@ -791,7 +805,7 @@ static inline u_int16_t type2kernel(policy_type_t type) /** * convert the policy direction in ipsec.h to the general one. */ -static policy_dir_t kernel2dir(u_int8_t dir) +static policy_dir_t kernel2dir(uint8_t dir) { switch (dir) { @@ -898,7 +912,7 @@ static kernel_algorithm_t compression_algs[] = { static int lookup_algorithm(transform_type_t type, int ikev2) { kernel_algorithm_t *list; - u_int16_t alg = 0; + uint16_t alg = 0; switch (type) { @@ -929,7 +943,7 @@ static int lookup_algorithm(transform_type_t type, int ikev2) /** * Helper to set a port in a sockaddr_t, the port has to be in host order */ -static void set_port(sockaddr_t *addr, u_int16_t port) +static void set_port(sockaddr_t *addr, uint16_t port) { switch (addr->sa_family) { @@ -971,8 +985,8 @@ static size_t hostcpy(void *dest, host_t *host, bool include_port) /** * add a host to the given sadb_msg */ -static void add_addr_ext(struct sadb_msg *msg, host_t *host, u_int16_t type, - u_int8_t proto, u_int8_t prefixlen, bool include_port) +static void add_addr_ext(struct sadb_msg *msg, host_t *host, uint16_t type, + uint8_t proto, uint8_t prefixlen, bool include_port) { struct sadb_address *addr = (struct sadb_address*)PFKEY_EXT_ADD_NEXT(msg); size_t len; @@ -988,7 +1002,7 @@ static void add_addr_ext(struct sadb_msg *msg, host_t *host, u_int16_t type, /** * adds an empty address extension to the given sadb_msg */ -static void add_anyaddr_ext(struct sadb_msg *msg, int family, u_int8_t type) +static void add_anyaddr_ext(struct sadb_msg *msg, int family, uint8_t type) { socklen_t len = (family == AF_INET) ? sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6); @@ -1039,7 +1053,7 @@ static traffic_selector_t* sadb_address2ts(struct sadb_address *address) { traffic_selector_t *ts; host_t *host; - u_int8_t proto; + uint8_t proto; proto = address->sadb_address_proto; proto = proto == IPSEC_PROTO_ANY ? 0 : proto; @@ -1240,7 +1254,7 @@ static void process_acquire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* msg) { pfkey_msg_t response; - u_int32_t index, reqid = 0; + uint32_t index, reqid = 0; traffic_selector_t *src_ts, *dst_ts; policy_entry_t *policy; policy_sa_t *sa; @@ -1292,8 +1306,8 @@ static void process_expire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* msg) { pfkey_msg_t response; - u_int8_t protocol; - u_int32_t spi; + uint8_t protocol; + uint32_t spi; host_t *dst; bool hard; @@ -1330,7 +1344,7 @@ static void process_migrate(private_kernel_pfkey_ipsec_t *this, pfkey_msg_t response; traffic_selector_t *src_ts, *dst_ts; policy_dir_t dir; - u_int32_t reqid = 0; + uint32_t reqid = 0; host_t *local = NULL, *remote = NULL; DBG2(DBG_KNL, "received an SADB_X_MIGRATE"); @@ -1350,13 +1364,13 @@ static void process_migrate(private_kernel_pfkey_ipsec_t *this, if (response.x_kmaddress) { sockaddr_t *local_addr, *remote_addr; - u_int32_t local_len; + uint32_t local_len; local_addr = (sockaddr_t*)&response.x_kmaddress[1]; local = host_create_from_sockaddr(local_addr); local_len = (local_addr->sa_family == AF_INET6)? sizeof(struct sockaddr_in6) : sizeof(struct sockaddr_in); - remote_addr = (sockaddr_t*)((u_int8_t*)local_addr + local_len); + remote_addr = (sockaddr_t*)((uint8_t*)local_addr + local_len); remote = host_create_from_sockaddr(remote_addr); DBG2(DBG_KNL, " kmaddress: %H...%H", local, remote); } @@ -1384,7 +1398,7 @@ static void process_mapping(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* msg) { pfkey_msg_t response; - u_int32_t spi; + uint32_t spi; sockaddr_t *sa; host_t *dst, *new; @@ -1517,14 +1531,14 @@ static bool receive_events(private_kernel_pfkey_ipsec_t *this, int fd, */ static status_t get_spi_internal(private_kernel_pfkey_ipsec_t *this, - host_t *src, host_t *dst, u_int8_t proto, u_int32_t min, u_int32_t max, - u_int32_t *spi) + host_t *src, host_t *dst, uint8_t proto, uint32_t min, uint32_t max, + uint32_t *spi) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; struct sadb_spirange *range; pfkey_msg_t response; - u_int32_t received_spi = 0; + uint32_t received_spi = 0; size_t len; memset(&request, 0, sizeof(request)); @@ -1570,7 +1584,7 @@ static status_t get_spi_internal(private_kernel_pfkey_ipsec_t *this, METHOD(kernel_ipsec_t, get_spi, status_t, private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi) + uint8_t protocol, uint32_t *spi) { if (get_spi_internal(this, src, dst, protocol, 0xc0000000, 0xcFFFFFFF, spi) != SUCCESS) @@ -1585,9 +1599,9 @@ METHOD(kernel_ipsec_t, get_spi, status_t, METHOD(kernel_ipsec_t, get_cpi, status_t, private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, - u_int16_t *cpi) + uint16_t *cpi) { - u_int32_t received_spi = 0; + uint32_t received_spi = 0; DBG2(DBG_KNL, "getting CPI"); @@ -1598,20 +1612,15 @@ METHOD(kernel_ipsec_t, get_cpi, status_t, return FAILED; } - *cpi = htons((u_int16_t)ntohl(received_spi)); + *cpi = htons((uint16_t)ntohl(received_spi)); DBG2(DBG_KNL, "got CPI %.4x", ntohs(*cpi)); return SUCCESS; } METHOD(kernel_ipsec_t, add_sa, status_t, - private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, - u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc, - lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, - u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, - bool initiator, bool encap, bool esn, bool inbound, bool update, - linked_list_t *src_ts, linked_list_t *dst_ts) + private_kernel_pfkey_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -1620,22 +1629,42 @@ METHOD(kernel_ipsec_t, add_sa, status_t, struct sadb_lifetime *lft; struct sadb_key *key; size_t len; + uint16_t ipcomp = data->ipcomp; + ipsec_mode_t mode = data->mode; /* if IPComp is used, we install an additional IPComp SA. if the cpi is 0 * we are in the recursive call below */ - if (ipcomp != IPCOMP_NONE && cpi != 0) + if (ipcomp != IPCOMP_NONE && data->cpi != 0) { lifetime_cfg_t lft = {{0,0,0},{0,0,0},{0,0,0}}; - add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark, - tfc, &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED, - chunk_empty, mode, ipcomp, 0, 0, FALSE, FALSE, FALSE, inbound, - update, NULL, NULL); + kernel_ipsec_sa_id_t ipcomp_id = { + .src = id->src, + .dst = id->dst, + .spi = htonl(ntohs(data->cpi)), + .proto = IPPROTO_COMP, + .mark = id->mark, + }; + kernel_ipsec_add_sa_t ipcomp_sa = { + .reqid = data->reqid, + .mode = data->mode, + .src_ts = data->src_ts, + .dst_ts = data->dst_ts, + .lifetime = &lft, + .enc_alg = ENCR_UNDEFINED, + .int_alg = AUTH_UNDEFINED, + .tfc = data->tfc, + .ipcomp = data->ipcomp, + .initiator = data->initiator, + .inbound = data->inbound, + .update = data->update, + }; + add_sa(this, &ipcomp_id, &ipcomp_sa); ipcomp = IPCOMP_NONE; /* use transport mode ESP SA, IPComp uses tunnel mode */ mode = MODE_TRANSPORT; } - if (update) + if (data->update) { /* As we didn't know the reqid during SPI allocation, we used reqid * zero. Unfortunately we can't SADB_UPDATE to the new reqid, hence we @@ -1643,10 +1672,16 @@ METHOD(kernel_ipsec_t, add_sa, status_t, * selector does not count for that, therefore we have to delete * that state before installing the new SA to avoid deleting the * the new state after installing it. */ - mark_t zeromark = {0, 0}; - - if (this->public.interface.del_sa(&this->public.interface, - src, dst, spi, protocol, 0, zeromark) != SUCCESS) + kernel_ipsec_sa_id_t del_id = { + .src = id->src, + .dst = id->dst, + .spi = id->spi, + .proto = id->proto, + }; + kernel_ipsec_del_sa_t del = { 0 }; + + if (this->public.interface.del_sa(&this->public.interface, &del_id, + &del) != SUCCESS) { DBG1(DBG_KNL, "deleting SPI allocation SA failed"); } @@ -1655,20 +1690,20 @@ METHOD(kernel_ipsec_t, add_sa, status_t, memset(&request, 0, sizeof(request)); DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%u}", - ntohl(spi), reqid); + ntohl(id->spi), data->reqid); msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_ADD; - msg->sadb_msg_satype = proto2satype(protocol); + msg->sadb_msg_satype = proto2satype(id->proto); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); #ifdef __APPLE__ - if (encap) + if (data->encap) { struct sadb_sa_2 *sa_2; sa_2 = (struct sadb_sa_2*)PFKEY_EXT_ADD_NEXT(msg); - sa_2->sadb_sa_natt_port = dst->get_port(dst); + sa_2->sadb_sa_natt_port = id->dst->get_port(id->dst); sa = &sa_2->sa; sa->sadb_sa_flags |= SADB_X_EXT_NATT; len = sizeof(struct sadb_sa_2); @@ -1681,22 +1716,29 @@ METHOD(kernel_ipsec_t, add_sa, status_t, } sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(len); - sa->sadb_sa_spi = spi; - if (protocol == IPPROTO_COMP) + sa->sadb_sa_spi = id->spi; + if (id->proto == IPPROTO_COMP) { - sa->sadb_sa_encrypt = lookup_algorithm(COMPRESSION_ALGORITHM, ipcomp); + sa->sadb_sa_encrypt = lookup_algorithm(COMPRESSION_ALGORITHM, + ipcomp); } else { /* Linux interprets sadb_sa_replay as number of packets/bits in the - * replay window, whereas on BSD it's the size of the window in bytes */ + * replay window, whereas on BSD it's the size of the window in bytes. + * Only set for the inbound SA as it's not relevant for the outbound + * SA and might waste memory with large windows. */ + if (data->inbound) + { #ifdef __linux__ - sa->sadb_sa_replay = min(replay_window, 32); + sa->sadb_sa_replay = min(data->replay_window, 32); #else - sa->sadb_sa_replay = (replay_window + 7) / 8; + sa->sadb_sa_replay = (data->replay_window + 7) / 8; #endif - sa->sadb_sa_auth = lookup_algorithm(INTEGRITY_ALGORITHM, int_alg); - sa->sadb_sa_encrypt = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg); + } + sa->sadb_sa_auth = lookup_algorithm(INTEGRITY_ALGORITHM, data->int_alg); + sa->sadb_sa_encrypt = lookup_algorithm(ENCRYPTION_ALGORITHM, + data->enc_alg); } PFKEY_EXT_ADD(msg, sa); @@ -1704,86 +1746,88 @@ METHOD(kernel_ipsec_t, add_sa, status_t, sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2; sa2->sadb_x_sa2_len = PFKEY_LEN(sizeof(struct sadb_spirange)); sa2->sadb_x_sa2_mode = mode2kernel(mode); - sa2->sadb_x_sa2_reqid = reqid; + sa2->sadb_x_sa2_reqid = data->reqid; PFKEY_EXT_ADD(msg, sa2); - add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0, FALSE); - add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE); + add_addr_ext(msg, id->src, SADB_EXT_ADDRESS_SRC, 0, 0, FALSE); + add_addr_ext(msg, id->dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE); lft = (struct sadb_lifetime*)PFKEY_EXT_ADD_NEXT(msg); lft->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; lft->sadb_lifetime_len = PFKEY_LEN(sizeof(struct sadb_lifetime)); - lft->sadb_lifetime_allocations = lifetime->packets.rekey; - lft->sadb_lifetime_bytes = lifetime->bytes.rekey; - lft->sadb_lifetime_addtime = lifetime->time.rekey; + lft->sadb_lifetime_allocations = data->lifetime->packets.rekey; + lft->sadb_lifetime_bytes = data->lifetime->bytes.rekey; + lft->sadb_lifetime_addtime = data->lifetime->time.rekey; lft->sadb_lifetime_usetime = 0; /* we only use addtime */ PFKEY_EXT_ADD(msg, lft); lft = (struct sadb_lifetime*)PFKEY_EXT_ADD_NEXT(msg); lft->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; lft->sadb_lifetime_len = PFKEY_LEN(sizeof(struct sadb_lifetime)); - lft->sadb_lifetime_allocations = lifetime->packets.life; - lft->sadb_lifetime_bytes = lifetime->bytes.life; - lft->sadb_lifetime_addtime = lifetime->time.life; + lft->sadb_lifetime_allocations = data->lifetime->packets.life; + lft->sadb_lifetime_bytes = data->lifetime->bytes.life; + lft->sadb_lifetime_addtime = data->lifetime->time.life; lft->sadb_lifetime_usetime = 0; /* we only use addtime */ PFKEY_EXT_ADD(msg, lft); - if (enc_alg != ENCR_UNDEFINED) + if (data->enc_alg != ENCR_UNDEFINED) { if (!sa->sadb_sa_encrypt) { DBG1(DBG_KNL, "algorithm %N not supported by kernel!", - encryption_algorithm_names, enc_alg); + encryption_algorithm_names, data->enc_alg); return FAILED; } DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", - encryption_algorithm_names, enc_alg, enc_key.len * 8); + encryption_algorithm_names, data->enc_alg, data->enc_key.len * 8); key = (struct sadb_key*)PFKEY_EXT_ADD_NEXT(msg); key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT; - key->sadb_key_bits = enc_key.len * 8; - key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + enc_key.len); - memcpy(key + 1, enc_key.ptr, enc_key.len); + key->sadb_key_bits = data->enc_key.len * 8; + key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + data->enc_key.len); + memcpy(key + 1, data->enc_key.ptr, data->enc_key.len); PFKEY_EXT_ADD(msg, key); } - if (int_alg != AUTH_UNDEFINED) + if (data->int_alg != AUTH_UNDEFINED) { if (!sa->sadb_sa_auth) { DBG1(DBG_KNL, "algorithm %N not supported by kernel!", - integrity_algorithm_names, int_alg); + integrity_algorithm_names, data->int_alg); return FAILED; } DBG2(DBG_KNL, " using integrity algorithm %N with key size %d", - integrity_algorithm_names, int_alg, int_key.len * 8); + integrity_algorithm_names, data->int_alg, data->int_key.len * 8); key = (struct sadb_key*)PFKEY_EXT_ADD_NEXT(msg); key->sadb_key_exttype = SADB_EXT_KEY_AUTH; - key->sadb_key_bits = int_key.len * 8; - key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + int_key.len); - memcpy(key + 1, int_key.ptr, int_key.len); + key->sadb_key_bits = data->int_key.len * 8; + key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + data->int_key.len); + memcpy(key + 1, data->int_key.ptr, data->int_key.len); PFKEY_EXT_ADD(msg, key); } #ifdef HAVE_NATT - if (encap) + if (data->encap) { - add_encap_ext(msg, src, dst); + add_encap_ext(msg, id->src, id->dst); } #endif /*HAVE_NATT*/ if (pfkey_send(this, msg, &out, &len) != SUCCESS) { - DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x", ntohl(spi)); + DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x", + ntohl(id->spi)); return FAILED; } else if (out->sadb_msg_errno) { DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x: %s (%d)", - ntohl(spi), strerror(out->sadb_msg_errno), out->sadb_msg_errno); + ntohl(id->spi), strerror(out->sadb_msg_errno), + out->sadb_msg_errno); free(out); return FAILED; } @@ -1793,9 +1837,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t, } METHOD(kernel_ipsec_t, update_sa, status_t, - private_kernel_pfkey_ipsec_t *this, u_int32_t spi, u_int8_t protocol, - u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, - bool encap, bool new_encap, mark_t mark) + private_kernel_pfkey_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -1806,72 +1849,84 @@ METHOD(kernel_ipsec_t, update_sa, status_t, /* we can't update the SA if any of the ip addresses have changed. * that's because we can't use SADB_UPDATE and by deleting and readding the * SA the sequence numbers would get lost */ - if (!src->ip_equals(src, new_src) || - !dst->ip_equals(dst, new_dst)) + if (!id->src->ip_equals(id->src, data->new_src) || + !id->dst->ip_equals(id->dst, data->new_dst)) { DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x: address " - "changes are not supported", ntohl(spi)); + "changes are not supported", ntohl(id->spi)); return NOT_SUPPORTED; } /* if IPComp is used, we first update the IPComp SA */ - if (cpi) - { - update_sa(this, htonl(ntohs(cpi)), IPPROTO_COMP, 0, - src, dst, new_src, new_dst, FALSE, FALSE, mark); + if (data->cpi) + { + kernel_ipsec_sa_id_t ipcomp_id = { + .src = id->src, + .dst = id->dst, + .spi = htonl(ntohs(data->cpi)), + .proto = IPPROTO_COMP, + .mark = id->mark, + }; + kernel_ipsec_update_sa_t ipcomp = { + .new_src = data->new_src, + .new_dst = data->new_dst, + }; + update_sa(this, &ipcomp_id, &ipcomp); } memset(&request, 0, sizeof(request)); - DBG2(DBG_KNL, "querying SAD entry with SPI %.8x", ntohl(spi)); + DBG2(DBG_KNL, "querying SAD entry with SPI %.8x for update", + ntohl(id->spi)); msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_GET; - msg->sadb_msg_satype = proto2satype(protocol); + msg->sadb_msg_satype = proto2satype(id->proto); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); - sa->sadb_sa_spi = spi; + sa->sadb_sa_spi = id->spi; PFKEY_EXT_ADD(msg, sa); /* the kernel wants a SADB_EXT_ADDRESS_SRC to be present even though * it is not used for anything. */ - add_anyaddr_ext(msg, dst->get_family(dst), SADB_EXT_ADDRESS_SRC); - add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE); + add_anyaddr_ext(msg, id->dst->get_family(id->dst), SADB_EXT_ADDRESS_SRC); + add_addr_ext(msg, id->dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE); if (pfkey_send(this, msg, &out, &len) != SUCCESS) { - DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi)); + DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", + ntohl(id->spi)); return FAILED; } else if (out->sadb_msg_errno) { DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x: %s (%d)", - ntohl(spi), strerror(out->sadb_msg_errno), - out->sadb_msg_errno); + ntohl(id->spi), strerror(out->sadb_msg_errno), + out->sadb_msg_errno); free(out); return FAILED; } else if (parse_pfkey_message(out, &response) != SUCCESS) { DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x: parsing " - "response from kernel failed", ntohl(spi)); + "response from kernel failed", ntohl(id->spi)); free(out); return FAILED; } DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H", - ntohl(spi), src, dst, new_src, new_dst); + ntohl(id->spi), id->src, id->dst, data->new_src, data->new_dst); memset(&request, 0, sizeof(request)); msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_UPDATE; - msg->sadb_msg_satype = proto2satype(protocol); + msg->sadb_msg_satype = proto2satype(id->proto); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); #ifdef __APPLE__ @@ -1880,9 +1935,9 @@ METHOD(kernel_ipsec_t, update_sa, status_t, sa_2 = (struct sadb_sa_2*)PFKEY_EXT_ADD_NEXT(msg); sa_2->sa.sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa_2)); memcpy(&sa_2->sa, response.sa, sizeof(struct sadb_sa)); - if (encap) + if (data->encap) { - sa_2->sadb_sa_natt_port = new_dst->get_port(new_dst); + sa_2->sadb_sa_natt_port = data->new_dst->get_port(data->new_dst); sa_2->sa.sadb_sa_flags |= SADB_X_EXT_NATT; } } @@ -1908,9 +1963,9 @@ METHOD(kernel_ipsec_t, update_sa, status_t, } #ifdef HAVE_NATT - if (new_encap) + if (data->new_encap) { - add_encap_ext(msg, new_src, new_dst); + add_encap_ext(msg, data->new_src, data->new_dst); } #endif /*HAVE_NATT*/ @@ -1918,14 +1973,14 @@ METHOD(kernel_ipsec_t, update_sa, status_t, if (pfkey_send(this, msg, &out, &len) != SUCCESS) { - DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", ntohl(spi)); + DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", + ntohl(id->spi)); return FAILED; } else if (out->sadb_msg_errno) { DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x: %s (%d)", - ntohl(spi), strerror(out->sadb_msg_errno), - out->sadb_msg_errno); + ntohl(id->spi), strerror(out->sadb_msg_errno), out->sadb_msg_errno); free(out); return FAILED; } @@ -1935,9 +1990,9 @@ METHOD(kernel_ipsec_t, update_sa, status_t, } METHOD(kernel_ipsec_t, query_sa, status_t, - private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes, u_int64_t *packets, time_t *time) + private_kernel_pfkey_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets, + time_t *time) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -1947,42 +2002,44 @@ METHOD(kernel_ipsec_t, query_sa, status_t, memset(&request, 0, sizeof(request)); - DBG2(DBG_KNL, "querying SAD entry with SPI %.8x", ntohl(spi)); + DBG2(DBG_KNL, "querying SAD entry with SPI %.8x", ntohl(id->spi)); msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_GET; - msg->sadb_msg_satype = proto2satype(protocol); + msg->sadb_msg_satype = proto2satype(id->proto); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); - sa->sadb_sa_spi = spi; + sa->sadb_sa_spi = id->spi; PFKEY_EXT_ADD(msg, sa); /* the Linux Kernel doesn't care for the src address, but other systems do * (e.g. FreeBSD) */ - add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0, FALSE); - add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE); + add_addr_ext(msg, id->src, SADB_EXT_ADDRESS_SRC, 0, 0, FALSE); + add_addr_ext(msg, id->dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE); if (pfkey_send(this, msg, &out, &len) != SUCCESS) { - DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi)); + DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", + ntohl(id->spi)); return FAILED; } else if (out->sadb_msg_errno) { DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x: %s (%d)", - ntohl(spi), strerror(out->sadb_msg_errno), - out->sadb_msg_errno); + ntohl(id->spi), strerror(out->sadb_msg_errno), + out->sadb_msg_errno); free(out); return FAILED; } else if (parse_pfkey_message(out, &response) != SUCCESS) { - DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi)); + DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", + ntohl(id->spi)); free(out); return FAILED; } @@ -2013,8 +2070,8 @@ METHOD(kernel_ipsec_t, query_sa, status_t, } METHOD(kernel_ipsec_t, del_sa, status_t, - private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark) + private_kernel_pfkey_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -2022,48 +2079,57 @@ METHOD(kernel_ipsec_t, del_sa, status_t, size_t len; /* if IPComp was used, we first delete the additional IPComp SA */ - if (cpi) + if (data->cpi) { - del_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, 0, mark); + kernel_ipsec_sa_id_t ipcomp_id = { + .src = id->src, + .dst = id->dst, + .spi = htonl(ntohs(data->cpi)), + .proto = IPPROTO_COMP, + .mark = id->mark, + }; + kernel_ipsec_del_sa_t ipcomp = { 0 }; + del_sa(this, &ipcomp_id, &ipcomp); } memset(&request, 0, sizeof(request)); - DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x", ntohl(spi)); + DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x", ntohl(id->spi)); msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_DELETE; - msg->sadb_msg_satype = proto2satype(protocol); + msg->sadb_msg_satype = proto2satype(id->proto); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); - sa->sadb_sa_spi = spi; + sa->sadb_sa_spi = id->spi; PFKEY_EXT_ADD(msg, sa); /* the Linux Kernel doesn't care for the src address, but other systems do * (e.g. FreeBSD) */ - add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0, FALSE); - add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE); + add_addr_ext(msg, id->src, SADB_EXT_ADDRESS_SRC, 0, 0, FALSE); + add_addr_ext(msg, id->dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE); if (pfkey_send(this, msg, &out, &len) != SUCCESS) { - DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x", ntohl(spi)); + DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x", + ntohl(id->spi)); return FAILED; } else if (out->sadb_msg_errno) { DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x: %s (%d)", - ntohl(spi), strerror(out->sadb_msg_errno), - out->sadb_msg_errno); + ntohl(id->spi), strerror(out->sadb_msg_errno), + out->sadb_msg_errno); free(out); return FAILED; } - DBG2(DBG_KNL, "deleted SAD entry with SPI %.8x", ntohl(spi)); + DBG2(DBG_KNL, "deleted SAD entry with SPI %.8x", ntohl(id->spi)); free(out); return SUCCESS; } @@ -2074,7 +2140,7 @@ METHOD(kernel_ipsec_t, flush_sas, status_t, unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; struct { - u_int8_t proto; + uint8_t proto; char *name; } protos[] = { { SADB_SATYPE_AH, "AH" }, @@ -2138,7 +2204,7 @@ static void add_exclude_route(private_kernel_pfkey_ipsec_t *this, if (!route->exclude) { DBG2(DBG_KNL, "installing new exclude route for %H src %H", dst, src); - gtw = charon->kernel->get_nexthop(charon->kernel, dst, -1, NULL); + gtw = charon->kernel->get_nexthop(charon->kernel, dst, -1, NULL, NULL); if (gtw) { char *if_name = NULL; @@ -2226,56 +2292,58 @@ static void remove_exclude_route(private_kernel_pfkey_ipsec_t *this, } /** - * Try to install a route to the given inbound policy + * Try to install a route to the given outbound policy */ static bool install_route(private_kernel_pfkey_ipsec_t *this, - policy_entry_t *policy, policy_sa_in_t *in) + policy_entry_t *policy, policy_sa_out_t *out) { route_entry_t *route, *old; host_t *host, *src, *dst; bool is_virtual; - if (charon->kernel->get_address_by_ts(charon->kernel, in->dst_ts, &host, + if (charon->kernel->get_address_by_ts(charon->kernel, out->src_ts, &host, &is_virtual) != SUCCESS) { return FALSE; } - /* switch src/dst, as we handle an IN policy */ - src = in->generic.sa->dst; - dst = in->generic.sa->src; - INIT(route, - .prefixlen = policy->src.mask, + .prefixlen = policy->dst.mask, .src_ip = host, - .dst_net = chunk_clone(policy->src.net->get_address(policy->src.net)), + .dst_net = chunk_clone(policy->dst.net->get_address(policy->dst.net)), ); + src = out->generic.sa->src; + dst = out->generic.sa->dst; + if (!dst->is_anyaddr(dst)) { route->gateway = charon->kernel->get_nexthop(charon->kernel, dst, -1, - src); + src, &route->if_name); /* if the IP is virtual, we install the route over the interface it has * been installed on. Otherwise we use the interface we use for IKE, as * this is required for example on Linux. */ if (is_virtual) { + free(route->if_name); + route->if_name = NULL; src = route->src_ip; } } else { /* for shunt policies */ route->gateway = charon->kernel->get_nexthop(charon->kernel, - policy->src.net, policy->src.mask, - route->src_ip); + policy->dst.net, policy->dst.mask, + route->src_ip, &route->if_name); /* we don't have a source address, use the address we found */ src = route->src_ip; } /* get interface for route, using source address */ - if (!charon->kernel->get_interface(charon->kernel, src, &route->if_name)) + if (!route->if_name && + !charon->kernel->get_interface(charon->kernel, src, &route->if_name)) { route_entry_destroy(route); return FALSE; @@ -2296,7 +2364,7 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this, old->src_ip, old->if_name) != SUCCESS) { DBG1(DBG_KNL, "error uninstalling route installed with policy " - "%R === %R %N", in->src_ts, in->dst_ts, + "%R === %R %N", out->src_ts, out->dst_ts, policy_dir_names, policy->direction); } route_entry_destroy(old); @@ -2306,22 +2374,22 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this, /* if remote traffic selector covers the IKE peer, add an exclude route */ if (charon->kernel->get_features(charon->kernel) & KERNEL_REQUIRE_EXCLUDE_ROUTE) { - if (in->src_ts->is_host(in->src_ts, dst)) + if (out->dst_ts->is_host(out->dst_ts, dst)) { DBG1(DBG_KNL, "can't install route for %R === %R %N, conflicts " - "with IKE traffic", in->src_ts, in->dst_ts, policy_dir_names, + "with IKE traffic", out->src_ts, out->dst_ts, policy_dir_names, policy->direction); route_entry_destroy(route); return FALSE; } - if (in->src_ts->includes(in->src_ts, dst)) + if (out->dst_ts->includes(out->dst_ts, dst)) { - add_exclude_route(this, route, in->generic.sa->dst, dst); + add_exclude_route(this, route, out->generic.sa->src, dst); } } DBG2(DBG_KNL, "installing route: %R via %H src %H dev %s", - in->src_ts, route->gateway, route->src_ip, route->if_name); + out->dst_ts, route->gateway, route->src_ip, route->if_name); switch (charon->kernel->add_route(charon->kernel, route->dst_net, route->prefixlen, route->gateway, @@ -2338,7 +2406,7 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this, return TRUE; default: DBG1(DBG_KNL, "installing route failed: %R via %H src %H dev %s", - in->src_ts, route->gateway, route->src_ip, route->if_name); + out->dst_ts, route->gateway, route->src_ip, route->if_name); remove_exclude_route(this, route); route_entry_destroy(route); return FALSE; @@ -2381,53 +2449,56 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this, pol->sadb_x_policy_priority = mapping->priority; #endif - /* one or more sadb_x_ipsecrequest extensions are added to the - * sadb_x_policy extension */ - proto_mode = ipsec->cfg.mode; + if (mapping->type == POLICY_IPSEC && ipsec->cfg.reqid) + { + /* one or more sadb_x_ipsecrequest extensions are added to the + * sadb_x_policy extension */ + proto_mode = ipsec->cfg.mode; + + req = (struct sadb_x_ipsecrequest*)(pol + 1); - req = (struct sadb_x_ipsecrequest*)(pol + 1); + if (ipsec->cfg.ipcomp.transform != IPCOMP_NONE) + { + req->sadb_x_ipsecrequest_proto = IPPROTO_COMP; + + /* !!! the length here MUST be in octets instead of 64 bit words */ + req->sadb_x_ipsecrequest_len = sizeof(struct sadb_x_ipsecrequest); + req->sadb_x_ipsecrequest_mode = mode2kernel(ipsec->cfg.mode); + req->sadb_x_ipsecrequest_reqid = ipsec->cfg.reqid; + req->sadb_x_ipsecrequest_level = (policy->direction == POLICY_OUT) ? + IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_USE; + if (ipsec->cfg.mode == MODE_TUNNEL) + { + len = hostcpy(req + 1, ipsec->src, FALSE); + req->sadb_x_ipsecrequest_len += len; + len = hostcpy((char*)(req + 1) + len, ipsec->dst, FALSE); + req->sadb_x_ipsecrequest_len += len; + /* use transport mode for other SAs */ + proto_mode = MODE_TRANSPORT; + } - if (ipsec->cfg.ipcomp.transform != IPCOMP_NONE) - { - req->sadb_x_ipsecrequest_proto = IPPROTO_COMP; + pol->sadb_x_policy_len += PFKEY_LEN(req->sadb_x_ipsecrequest_len); + req = (struct sadb_x_ipsecrequest*)((char*)(req) + + req->sadb_x_ipsecrequest_len); + } + req->sadb_x_ipsecrequest_proto = ipsec->cfg.esp.use ? IPPROTO_ESP + : IPPROTO_AH; /* !!! the length here MUST be in octets instead of 64 bit words */ req->sadb_x_ipsecrequest_len = sizeof(struct sadb_x_ipsecrequest); - req->sadb_x_ipsecrequest_mode = mode2kernel(ipsec->cfg.mode); + req->sadb_x_ipsecrequest_mode = mode2kernel(proto_mode); req->sadb_x_ipsecrequest_reqid = ipsec->cfg.reqid; - req->sadb_x_ipsecrequest_level = (policy->direction == POLICY_OUT) ? - IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_USE; - if (ipsec->cfg.mode == MODE_TUNNEL) + req->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE; + if (proto_mode == MODE_TUNNEL) { len = hostcpy(req + 1, ipsec->src, FALSE); req->sadb_x_ipsecrequest_len += len; len = hostcpy((char*)(req + 1) + len, ipsec->dst, FALSE); req->sadb_x_ipsecrequest_len += len; - /* use transport mode for other SAs */ - proto_mode = MODE_TRANSPORT; } pol->sadb_x_policy_len += PFKEY_LEN(req->sadb_x_ipsecrequest_len); - req = (struct sadb_x_ipsecrequest*)((char*)(req) + - req->sadb_x_ipsecrequest_len); - } - - req->sadb_x_ipsecrequest_proto = ipsec->cfg.esp.use ? IPPROTO_ESP - : IPPROTO_AH; - /* !!! the length here MUST be in octets instead of 64 bit words */ - req->sadb_x_ipsecrequest_len = sizeof(struct sadb_x_ipsecrequest); - req->sadb_x_ipsecrequest_mode = mode2kernel(proto_mode); - req->sadb_x_ipsecrequest_reqid = ipsec->cfg.reqid; - req->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE; - if (proto_mode == MODE_TUNNEL) - { - len = hostcpy(req + 1, ipsec->src, FALSE); - req->sadb_x_ipsecrequest_len += len; - len = hostcpy((char*)(req + 1) + len, ipsec->dst, FALSE); - req->sadb_x_ipsecrequest_len += len; } - - pol->sadb_x_policy_len += PFKEY_LEN(req->sadb_x_ipsecrequest_len); PFKEY_EXT_ADD(msg, pol); add_addr_ext(msg, policy->src.net, SADB_EXT_ADDRESS_SRC, policy->src.proto, @@ -2492,37 +2563,42 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this, free(out); /* install a route, if: - * - this is an inbound policy (to just get one for each child) - * - we are in tunnel mode or install a bypass policy + * - this is an outbound policy (to just get one for each child) * - routing is not disabled via strongswan.conf + * - the selector is not for a specific protocol/port + * - we are in tunnel mode or install a bypass policy */ - if (policy->direction == POLICY_IN && this->install_routes && - (mapping->type != POLICY_IPSEC || ipsec->cfg.mode != MODE_TRANSPORT)) + if (policy->direction == POLICY_OUT && this->install_routes && + policy->src.proto == IPSEC_PROTO_ANY && + !policy->src.net->get_port(policy->src.net) && + !policy->dst.net->get_port(policy->dst.net)) { - install_route(this, policy, (policy_sa_in_t*)mapping); + if (mapping->type == POLICY_PASS || + (mapping->type == POLICY_IPSEC && ipsec->cfg.mode != MODE_TRANSPORT)) + { + install_route(this, policy, (policy_sa_out_t*)mapping); + } } this->mutex->unlock(this->mutex); return SUCCESS; } METHOD(kernel_ipsec_t, add_policy, status_t, - private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_kernel_pfkey_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { policy_entry_t *policy, *found = NULL; policy_sa_t *assigned_sa, *current_sa; enumerator_t *enumerator; bool update = TRUE; - if (dir2kernel(direction) == IPSEC_DIR_INVALID) + if (dir2kernel(id->dir) == IPSEC_DIR_INVALID) { /* FWD policies are not supported on all platforms */ return SUCCESS; } /* create a policy */ - policy = create_policy_entry(src_ts, dst_ts, direction); + policy = create_policy_entry(id->src_ts, id->dst_ts, id->dir); /* find a matching policy */ this->mutex->lock(this->mutex); @@ -2531,7 +2607,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t, (void**)&found, policy) == SUCCESS) { /* use existing policy */ DBG2(DBG_KNL, "policy %R === %R %N already exists, increasing " - "refcount", src_ts, dst_ts, policy_dir_names, direction); + "refcount", id->src_ts, id->dst_ts, policy_dir_names, id->dir); policy_entry_destroy(policy, this); policy = found; } @@ -2542,18 +2618,35 @@ METHOD(kernel_ipsec_t, add_policy, status_t, } /* cache the assigned IPsec SA */ - assigned_sa = policy_sa_create(this, direction, type, src, dst, src_ts, - dst_ts, sa); - assigned_sa->priority = get_priority(policy, priority); + assigned_sa = policy_sa_create(this, id->dir, data->type, data->src, + data->dst, id->src_ts, id->dst_ts, data->sa); + assigned_sa->auto_priority = get_priority(policy, data->prio); + assigned_sa->priority = data->manual_prio ? data->manual_prio : + assigned_sa->auto_priority; + /* insert the SA according to its priority */ enumerator = policy->used_by->create_enumerator(policy->used_by); while (enumerator->enumerate(enumerator, (void**)¤t_sa)) { - if (current_sa->priority >= assigned_sa->priority) + if (current_sa->priority > assigned_sa->priority) { break; } + if (current_sa->priority == assigned_sa->priority) + { + /* in case of equal manual prios order SAs by automatic priority */ + if (current_sa->auto_priority > assigned_sa->auto_priority) + { + break; + } + /* prefer SAs with a reqid over those without */ + if (current_sa->auto_priority == assigned_sa->auto_priority && + (!current_sa->sa->cfg.reqid || assigned_sa->sa->cfg.reqid)) + { + break; + } + } update = FALSE; } policy->used_by->insert_before(policy->used_by, enumerator, assigned_sa); @@ -2567,23 +2660,22 @@ METHOD(kernel_ipsec_t, add_policy, status_t, } DBG2(DBG_KNL, "%s policy %R === %R %N", - found ? "updating" : "adding", src_ts, dst_ts, - policy_dir_names, direction); + found ? "updating" : "adding", id->src_ts, id->dst_ts, + policy_dir_names, id->dir); if (add_policy_internal(this, policy, assigned_sa, found) != SUCCESS) { DBG1(DBG_KNL, "unable to %s policy %R === %R %N", - found ? "update" : "add", src_ts, dst_ts, - policy_dir_names, direction); + found ? "update" : "add", id->src_ts, id->dst_ts, + policy_dir_names, id->dir); return FAILED; } return SUCCESS; } METHOD(kernel_ipsec_t, query_policy, status_t, - private_kernel_pfkey_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - time_t *use_time) + private_kernel_pfkey_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, time_t *use_time) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -2592,16 +2684,16 @@ METHOD(kernel_ipsec_t, query_policy, status_t, pfkey_msg_t response; size_t len; - if (dir2kernel(direction) == IPSEC_DIR_INVALID) + if (dir2kernel(id->dir) == IPSEC_DIR_INVALID) { /* FWD policies are not supported on all platforms */ return NOT_FOUND; } - DBG2(DBG_KNL, "querying policy %R === %R %N", src_ts, dst_ts, - policy_dir_names, direction); + DBG2(DBG_KNL, "querying policy %R === %R %N", id->src_ts, id->dst_ts, + policy_dir_names, id->dir); /* create a policy */ - policy = create_policy_entry(src_ts, dst_ts, direction); + policy = create_policy_entry(id->src_ts, id->dst_ts, id->dir); /* find a matching policy */ this->mutex->lock(this->mutex); @@ -2609,8 +2701,8 @@ METHOD(kernel_ipsec_t, query_policy, status_t, (linked_list_match_t)policy_entry_equals, (void**)&found, policy) != SUCCESS) { - DBG1(DBG_KNL, "querying policy %R === %R %N failed, not found", src_ts, - dst_ts, policy_dir_names, direction); + DBG1(DBG_KNL, "querying policy %R === %R %N failed, not found", + id->src_ts, id->dst_ts, policy_dir_names, id->dir); policy_entry_destroy(policy, this); this->mutex->unlock(this->mutex); return NOT_FOUND; @@ -2630,7 +2722,7 @@ METHOD(kernel_ipsec_t, query_policy, status_t, pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; pol->sadb_x_policy_id = policy->index; pol->sadb_x_policy_len = PFKEY_LEN(sizeof(struct sadb_x_policy)); - pol->sadb_x_policy_dir = dir2kernel(direction); + pol->sadb_x_policy_dir = dir2kernel(id->dir); pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; PFKEY_EXT_ADD(msg, pol); @@ -2643,30 +2735,31 @@ METHOD(kernel_ipsec_t, query_policy, status_t, if (pfkey_send(this, msg, &out, &len) != SUCCESS) { - DBG1(DBG_KNL, "unable to query policy %R === %R %N", src_ts, dst_ts, - policy_dir_names, direction); + DBG1(DBG_KNL, "unable to query policy %R === %R %N", id->src_ts, + id->dst_ts, policy_dir_names, id->dir); return FAILED; } else if (out->sadb_msg_errno) { - DBG1(DBG_KNL, "unable to query policy %R === %R %N: %s (%d)", src_ts, - dst_ts, policy_dir_names, direction, - strerror(out->sadb_msg_errno), out->sadb_msg_errno); + DBG1(DBG_KNL, "unable to query policy %R === %R %N: %s (%d)", + id->src_ts, id->dst_ts, policy_dir_names, id->dir, + strerror(out->sadb_msg_errno), out->sadb_msg_errno); free(out); return FAILED; } else if (parse_pfkey_message(out, &response) != SUCCESS) { DBG1(DBG_KNL, "unable to query policy %R === %R %N: parsing response " - "from kernel failed", src_ts, dst_ts, policy_dir_names, - direction); + "from kernel failed", id->src_ts, id->dst_ts, policy_dir_names, + id->dir); free(out); return FAILED; } else if (response.lft_current == NULL) { DBG2(DBG_KNL, "unable to query policy %R === %R %N: kernel reports no " - "use time", src_ts, dst_ts, policy_dir_names, direction); + "use time", id->src_ts, id->dst_ts, policy_dir_names, + id->dir); free(out); return FAILED; } @@ -2686,10 +2779,8 @@ METHOD(kernel_ipsec_t, query_policy, status_t, } METHOD(kernel_ipsec_t, del_policy, status_t, - private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t prio) + private_kernel_pfkey_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -2698,24 +2789,24 @@ METHOD(kernel_ipsec_t, del_policy, status_t, policy_sa_t *mapping, *to_remove = NULL; enumerator_t *enumerator; bool first = TRUE, is_installed = TRUE; - u_int32_t priority; + uint32_t priority, auto_priority; size_t len; ipsec_sa_t assigned_sa = { - .src = src, - .dst = dst, - .cfg = *sa, + .src = data->src, + .dst = data->dst, + .cfg = *data->sa, }; - if (dir2kernel(direction) == IPSEC_DIR_INVALID) + if (dir2kernel(id->dir) == IPSEC_DIR_INVALID) { /* FWD policies are not supported on all platforms */ return SUCCESS; } - DBG2(DBG_KNL, "deleting policy %R === %R %N", src_ts, dst_ts, - policy_dir_names, direction); + DBG2(DBG_KNL, "deleting policy %R === %R %N", id->src_ts, id->dst_ts, + policy_dir_names, id->dir); /* create a policy */ - policy = create_policy_entry(src_ts, dst_ts, direction); + policy = create_policy_entry(id->src_ts, id->dst_ts, id->dir); /* find a matching policy */ this->mutex->lock(this->mutex); @@ -2723,8 +2814,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t, (linked_list_match_t)policy_entry_equals, (void**)&found, policy) != SUCCESS) { - DBG1(DBG_KNL, "deleting policy %R === %R %N failed, not found", src_ts, - dst_ts, policy_dir_names, direction); + DBG1(DBG_KNL, "deleting policy %R === %R %N failed, not found", + id->src_ts, id->dst_ts, policy_dir_names, id->dir); policy_entry_destroy(policy, this); this->mutex->unlock(this->mutex); return NOT_FOUND; @@ -2734,11 +2825,14 @@ METHOD(kernel_ipsec_t, del_policy, status_t, /* remove mapping to SA by reqid and priority, if multiple match, which * could happen when rekeying due to an address change, remove the oldest */ - priority = get_priority(policy, prio); + auto_priority = get_priority(policy, data->prio); + priority = data->manual_prio ? data->manual_prio : auto_priority; enumerator = policy->used_by->create_enumerator(policy->used_by); while (enumerator->enumerate(enumerator, (void**)&mapping)) { if (priority == mapping->priority && + auto_priority == mapping->auto_priority && + data->type == mapping->type && ipsec_sa_equals(mapping->sa, &assigned_sa)) { to_remove = mapping; @@ -2762,7 +2856,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t, if (policy->used_by->get_count(policy->used_by) > 0) { /* policy is used by more SAs, keep in kernel */ DBG2(DBG_KNL, "policy still used by another CHILD_SA, not removed"); - policy_sa_destroy(mapping, &direction, this); + policy_sa_destroy(mapping, &id->dir, this); if (!is_installed) { /* no need to update as the policy was not installed for this SA */ @@ -2770,13 +2864,13 @@ METHOD(kernel_ipsec_t, del_policy, status_t, return SUCCESS; } - DBG2(DBG_KNL, "updating policy %R === %R %N", src_ts, dst_ts, - policy_dir_names, direction); + DBG2(DBG_KNL, "updating policy %R === %R %N", id->src_ts, id->dst_ts, + policy_dir_names, id->dir); policy->used_by->get_first(policy->used_by, (void**)&mapping); if (add_policy_internal(this, policy, mapping, TRUE) != SUCCESS) { DBG1(DBG_KNL, "unable to update policy %R === %R %N", - src_ts, dst_ts, policy_dir_names, direction); + id->src_ts, id->dst_ts, policy_dir_names, id->dir); return FAILED; } return SUCCESS; @@ -2793,7 +2887,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t, pol = (struct sadb_x_policy*)PFKEY_EXT_ADD_NEXT(msg); pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; pol->sadb_x_policy_len = PFKEY_LEN(sizeof(struct sadb_x_policy)); - pol->sadb_x_policy_dir = dir2kernel(direction); + pol->sadb_x_policy_dir = dir2kernel(id->dir); pol->sadb_x_policy_type = type2kernel(mapping->type); PFKEY_EXT_ADD(msg, pol); @@ -2810,28 +2904,28 @@ METHOD(kernel_ipsec_t, del_policy, status_t, route->src_ip, route->if_name) != SUCCESS) { DBG1(DBG_KNL, "error uninstalling route installed with " - "policy %R === %R %N", src_ts, dst_ts, - policy_dir_names, direction); + "policy %R === %R %N", id->src_ts, id->dst_ts, + policy_dir_names, id->dir); } remove_exclude_route(this, route); } this->policies->remove(this->policies, found, NULL); - policy_sa_destroy(mapping, &direction, this); + policy_sa_destroy(mapping, &id->dir, this); policy_entry_destroy(policy, this); this->mutex->unlock(this->mutex); if (pfkey_send(this, msg, &out, &len) != SUCCESS) { - DBG1(DBG_KNL, "unable to delete policy %R === %R %N", src_ts, dst_ts, - policy_dir_names, direction); + DBG1(DBG_KNL, "unable to delete policy %R === %R %N", id->src_ts, + id->dst_ts, policy_dir_names, id->dir); return FAILED; } else if (out->sadb_msg_errno) { - DBG1(DBG_KNL, "unable to delete policy %R === %R %N: %s (%d)", src_ts, - dst_ts, policy_dir_names, direction, - strerror(out->sadb_msg_errno), out->sadb_msg_errno); + DBG1(DBG_KNL, "unable to delete policy %R === %R %N: %s (%d)", + id->src_ts, id->dst_ts, policy_dir_names, id->dir, + strerror(out->sadb_msg_errno), out->sadb_msg_errno); free(out); return FAILED; } @@ -2876,7 +2970,7 @@ METHOD(kernel_ipsec_t, flush_policies, status_t, * Register a socket for ACQUIRE/EXPIRE messages */ static status_t register_pfkey_socket(private_kernel_pfkey_ipsec_t *this, - u_int8_t satype) + uint8_t satype) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -2931,7 +3025,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool, } memset(&policy, 0, sizeof(policy)); - policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t); + policy.sadb_x_policy_len = sizeof(policy) / sizeof(uint64_t); policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY; policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS; @@ -2953,7 +3047,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool, } METHOD(kernel_ipsec_t, enable_udp_decap, bool, - private_kernel_pfkey_ipsec_t *this, int fd, int family, u_int16_t port) + private_kernel_pfkey_ipsec_t *this, int fd, int family, uint16_t port) { #ifndef __APPLE__ int type = UDP_ENCAP_ESPINUDP; diff --git a/src/libcharon/plugins/kernel_pfroute/Makefile.in b/src/libcharon/plugins/kernel_pfroute/Makefile.in index 77d83cbca..1c3f49120 100644 --- a/src/libcharon/plugins/kernel_pfroute/Makefile.in +++ b/src/libcharon/plugins/kernel_pfroute/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/kernel_pfroute -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfroute/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfroute/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c index 4eebdfdad..236e3417f 100644 --- a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c +++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009-2013 Tobias Brunner + * Copyright (C) 2009-2016 Tobias Brunner * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -209,7 +209,7 @@ struct route_entry_t { chunk_t dst_net; /** Destination net prefixlen */ - u_int8_t prefixlen; + uint8_t prefixlen; }; /** @@ -420,7 +420,7 @@ struct private_kernel_pfroute_net_t * Forward declaration */ static status_t manage_route(private_kernel_pfroute_net_t *this, int op, - chunk_t dst_net, u_int8_t prefixlen, + chunk_t dst_net, uint8_t prefixlen, host_t *gateway, char *if_name); /** @@ -1381,7 +1381,7 @@ static void add_rt_ifname(struct rt_msghdr *hdr, int type, char *name) * Add or remove a route */ static status_t manage_route(private_kernel_pfroute_net_t *this, int op, - chunk_t dst_net, u_int8_t prefixlen, + chunk_t dst_net, uint8_t prefixlen, host_t *gateway, char *if_name) { struct { @@ -1473,7 +1473,7 @@ static status_t manage_route(private_kernel_pfroute_net_t *this, int op, } METHOD(kernel_net_t, add_route, status_t, - private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen, + private_kernel_pfroute_net_t *this, chunk_t dst_net, uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) { status_t status; @@ -1502,7 +1502,7 @@ METHOD(kernel_net_t, add_route, status_t, } METHOD(kernel_net_t, del_route, status_t, - private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen, + private_kernel_pfroute_net_t *this, chunk_t dst_net, uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) { status_t status; @@ -1533,7 +1533,7 @@ METHOD(kernel_net_t, del_route, status_t, * address. */ static host_t *get_route(private_kernel_pfroute_net_t *this, bool nexthop, - host_t *dest, host_t *src) + host_t *dest, host_t *src, char **iface) { struct { struct rt_msghdr hdr; @@ -1612,6 +1612,15 @@ retry: host = gtw; } } + if (type == RTAX_IFP && addr->sa_family == AF_LINK) + { + struct sockaddr_dl *sdl = (struct sockaddr_dl*)addr; + if (iface) + { + free(*iface); + *iface = strndup(sdl->sdl_data, sdl->sdl_nlen); + } + } } else { @@ -1680,13 +1689,18 @@ retry: METHOD(kernel_net_t, get_source_addr, host_t*, private_kernel_pfroute_net_t *this, host_t *dest, host_t *src) { - return get_route(this, FALSE, dest, src); + return get_route(this, FALSE, dest, src, NULL); } METHOD(kernel_net_t, get_nexthop, host_t*, - private_kernel_pfroute_net_t *this, host_t *dest, int prefix, host_t *src) + private_kernel_pfroute_net_t *this, host_t *dest, int prefix, host_t *src, + char **iface) { - return get_route(this, TRUE, dest, src); + if (iface) + { + *iface = NULL; + } + return get_route(this, TRUE, dest, src, iface); } /** diff --git a/src/libcharon/plugins/kernel_wfp/Makefile.in b/src/libcharon/plugins/kernel_wfp/Makefile.in index cfe643f26..e002b4f0d 100644 --- a/src/libcharon/plugins/kernel_wfp/Makefile.in +++ b/src/libcharon/plugins/kernel_wfp/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ noinst_PROGRAMS = ipsecdump$(EXEEXT) subdir = src/libcharon/plugins/kernel_wfp -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -211,12 +220,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -266,6 +277,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -300,6 +312,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -411,6 +424,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -479,7 +493,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_wfp/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_wfp/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -809,6 +822,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES tags tags-am uninstall uninstall-am \ uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c index e1c429885..6ad26b72f 100644 --- a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c +++ b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c @@ -45,7 +45,7 @@ struct private_kernel_wfp_ipsec_t { /** * Mix value to distribute SPI allocation randomly */ - u_int32_t mixspi; + uint32_t mixspi; /** * IKE bypass filters, as UINT64 filter LUID @@ -103,16 +103,16 @@ struct private_kernel_wfp_ipsec_t { */ typedef struct { /** SPI for this SA */ - u_int32_t spi; + uint32_t spi; /** protocol, IPPROTO_ESP/IPPROTO_AH */ - u_int8_t protocol; + uint8_t protocol; /** hard lifetime of SA */ - u_int32_t lifetime; + uint32_t lifetime; /** destination host address for this SPI */ host_t *dst; struct { /** algorithm */ - u_int16_t alg; + uint16_t alg; /** key */ chunk_t key; } integ, encr; @@ -144,13 +144,13 @@ typedef struct { /** policy destinaiton addresses */ traffic_selector_t *dst; /** WFP allocated LUID for inbound filter ID */ - u_int64_t policy_in; + uint64_t policy_in; /** WFP allocated LUID for outbound filter ID */ - u_int64_t policy_out; + uint64_t policy_out; /** WFP allocated LUID for forward inbound filter ID, tunnel mode only */ - u_int64_t policy_fwd_in; + uint64_t policy_fwd_in; /** WFP allocated LUID for forward outbound filter ID, tunnel mode only */ - u_int64_t policy_fwd_out; + uint64_t policy_fwd_out; /** have installed a route for it? */ bool route; } sp_entry_t; @@ -170,7 +170,7 @@ static void sp_entry_destroy(sp_entry_t *sp) */ typedef struct { /** reqid of entry */ - u_int32_t reqid; + uint32_t reqid; /** outer address on local host */ host_t *local; /** outer address on remote host */ @@ -186,17 +186,17 @@ typedef struct { /** UDP encapsulation */ bool encap; /** provider context, for tunnel mode only */ - u_int64_t provider; + uint64_t provider; /** WFP allocated LUID for SA context */ - u_int64_t sa_id; + uint64_t sa_id; /** WFP allocated LUID for tunnel mode IP-IPv4 inbound filter */ - u_int64_t ip_ipv4_in; + uint64_t ip_ipv4_in; /** WFP allocated LUID for tunnel mode IP-IPv4 outbound filter */ - u_int64_t ip_ipv4_out; + uint64_t ip_ipv4_out; /** WFP allocated LUID for tunnel mode IP-IPv6 inbound filter */ - u_int64_t ip_ipv6_in; + uint64_t ip_ipv6_in; /** WFP allocated LUID for tunnel mode IP-IPv6 outbound filter */ - u_int64_t ip_ipv6_out; + uint64_t ip_ipv6_out; } entry_t; /** @@ -206,7 +206,7 @@ typedef struct { /** destination net of route */ host_t *dst; /** prefix length of dst */ - u_int8_t mask; + uint8_t mask; /** source address for route */ host_t *src; /** gateway of route, NULL if directly attached */ @@ -348,9 +348,9 @@ static FWPM_FILTER_CONDITION0 *append_condition(FWPM_FILTER_CONDITION0 *conds[], /** * Convert an IPv4 prefix to a host order subnet mask */ -static u_int32_t prefix2mask(u_int8_t prefix) +static uint32_t prefix2mask(uint8_t prefix) { - u_int8_t netmask[4] = {}; + uint8_t netmask[4] = {}; int i; for (i = 0; i < sizeof(netmask); i++) @@ -370,7 +370,7 @@ static u_int32_t prefix2mask(u_int8_t prefix) * Convert a 16-bit range to a WFP condition */ static void range2cond(FWPM_FILTER_CONDITION0 *cond, - u_int16_t from, u_int16_t to) + uint16_t from, uint16_t to) { if (from == to) { @@ -399,11 +399,11 @@ static bool ts2condition(traffic_selector_t *ts, const GUID *target, FWPM_FILTER_CONDITION0 *cond; FWP_BYTE_ARRAY16 *addr; FWP_RANGE0 *range; - u_int16_t from_port, to_port; + uint16_t from_port, to_port; void *from, *to; - u_int8_t proto; + uint8_t proto; host_t *net; - u_int8_t prefix; + uint8_t prefix; from = ts->get_from_address(ts).ptr; to = ts->get_to_address(ts).ptr; @@ -496,7 +496,7 @@ static bool ts2condition(traffic_selector_t *ts, const GUID *target, { if (target == &FWPM_CONDITION_IP_LOCAL_ADDRESS) { - u_int8_t from_type, to_type, from_code, to_code; + uint8_t from_type, to_type, from_code, to_code; from_type = traffic_selector_icmp_type(from_port); to_type = traffic_selector_icmp_type(to_port); @@ -736,7 +736,7 @@ static bool install_sp(private_kernel_wfp_ipsec_t *this, sp_entry_t *sp, */ static bool install_ipip_ale(private_kernel_wfp_ipsec_t *this, host_t *local, host_t *remote, GUID *context, - bool inbound, int proto, u_int64_t *filter_id) + bool inbound, int proto, uint64_t *filter_id) { traffic_selector_t *lts, *rts; FWPM_FILTER_CONDITION0 *conds = NULL; @@ -1013,7 +1013,7 @@ static bool install_sa(private_kernel_wfp_ipsec_t *this, entry_t *entry, .ipVersion = version, }; struct { - u_int16_t alg; + uint16_t alg; chunk_t key; } integ = {}, encr = {}; DWORD res; @@ -1099,9 +1099,9 @@ static bool install_sa(private_kernel_wfp_ipsec_t *this, entry_t *entry, */ static void host2address6(host_t *host, void *out) { - u_int32_t *src, *dst = out; + uint32_t *src, *dst = out; - src = (u_int32_t*)host->get_address(host).ptr; + src = (uint32_t*)host->get_address(host).ptr; dst[0] = untoh32(&src[3]); dst[1] = untoh32(&src[2]); @@ -1273,7 +1273,7 @@ static bool generate_guid(private_kernel_wfp_ipsec_t *this, GUID *guid) { return FALSE; } - ok = rng->get_bytes(rng, sizeof(GUID), (u_int8_t*)guid); + ok = rng->get_bytes(rng, sizeof(GUID), (uint8_t*)guid); rng->destroy(rng); return ok; } @@ -1379,7 +1379,7 @@ static bool install_tunnel_sps(private_kernel_wfp_ipsec_t *this, entry_t *entry) * Reduce refcount, or uninstall a route if all refs gone */ static bool uninstall_route(private_kernel_wfp_ipsec_t *this, - host_t *dst, u_int8_t mask, host_t *src, host_t *gtw) + host_t *dst, uint8_t mask, host_t *src, host_t *gtw) { route_t *route, key = { .dst = dst, @@ -1421,7 +1421,7 @@ static bool uninstall_route(private_kernel_wfp_ipsec_t *this, * Install a single route, or refcount if exists */ static bool install_route(private_kernel_wfp_ipsec_t *this, - host_t *dst, u_int8_t mask, host_t *src, host_t *gtw) + host_t *dst, uint8_t mask, host_t *src, host_t *gtw) { route_t *route, key = { .dst = dst, @@ -1476,7 +1476,7 @@ static bool manage_route(private_kernel_wfp_ipsec_t *this, bool add) { host_t *src, *dst, *gtw; - u_int8_t mask; + uint8_t mask; bool done; if (!dst_ts->to_subnet(dst_ts, &dst, &mask)) @@ -1489,7 +1489,7 @@ static bool manage_route(private_kernel_wfp_ipsec_t *this, dst->destroy(dst); return FALSE; } - gtw = charon->kernel->get_nexthop(charon->kernel, remote, -1, local); + gtw = charon->kernel->get_nexthop(charon->kernel, remote, -1, local, NULL); if (add) { done = install_route(this, dst, mask, src, gtw); @@ -1578,7 +1578,7 @@ static bool install(private_kernel_wfp_ipsec_t *this, entry_t *entry) */ typedef struct { /** reqid this trap is installed for */ - u_int32_t reqid; + uint32_t reqid; /** is this a forward policy trap for tunnel mode? */ bool fwd; /** do we have installed a route for this trap policy? */ @@ -1629,7 +1629,7 @@ static u_int hash_trap(trap_t *trap) static void acquire(private_kernel_wfp_ipsec_t *this, UINT64 filter_id, traffic_selector_t *src, traffic_selector_t *dst) { - u_int32_t reqid = 0; + uint32_t reqid = 0; trap_t *trap, key = { .filter_id = filter_id, }; @@ -1654,7 +1654,7 @@ static void acquire(private_kernel_wfp_ipsec_t *this, UINT64 filter_id, * Create a single host traffic selector from an FWP address definition */ static traffic_selector_t *addr2ts(FWP_IP_VERSION version, void *data, - u_int8_t protocol, u_int16_t from_port, u_int16_t to_port) + uint8_t protocol, uint16_t from_port, uint16_t to_port) { ts_type_t type; UINT32 ints[4]; @@ -1689,9 +1689,9 @@ static void WINAPI event_callback(void *user, const FWPM_NET_EVENT1 *event) { private_kernel_wfp_ipsec_t *this = user; traffic_selector_t *local = NULL, *remote = NULL; - u_int8_t protocol = 0; - u_int16_t from_local = 0, to_local = 65535; - u_int16_t from_remote = 0, to_remote = 65535; + uint8_t protocol = 0; + uint16_t from_local = 0, to_local = 65535; + uint16_t from_remote = 0, to_remote = 65535; if ((event->header.flags & FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET) && (event->header.flags & FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET)) @@ -1861,7 +1861,7 @@ static bool uninstall_trap(private_kernel_wfp_ipsec_t *this, trap_t *trap) * Create and install a new trap entry */ static bool add_trap(private_kernel_wfp_ipsec_t *this, - u_int32_t reqid, bool fwd, host_t *local, host_t *remote, + uint32_t reqid, bool fwd, host_t *local, host_t *remote, traffic_selector_t *src, traffic_selector_t *dst) { trap_t *trap; @@ -1893,7 +1893,7 @@ static bool add_trap(private_kernel_wfp_ipsec_t *this, * Uninstall and remove a new trap entry */ static bool remove_trap(private_kernel_wfp_ipsec_t *this, - u_int32_t reqid, bool fwd, + uint32_t reqid, bool fwd, traffic_selector_t *src, traffic_selector_t *dst) { enumerator_t *enumerator; @@ -1949,10 +1949,10 @@ static bool init_spi(private_kernel_wfp_ipsec_t *this) { return FALSE; } - ok = rng->get_bytes(rng, sizeof(this->nextspi), (u_int8_t*)&this->nextspi); + ok = rng->get_bytes(rng, sizeof(this->nextspi), (uint8_t*)&this->nextspi); if (ok) { - ok = rng->get_bytes(rng, sizeof(this->mixspi), (u_int8_t*)&this->mixspi); + ok = rng->get_bytes(rng, sizeof(this->mixspi), (uint8_t*)&this->mixspi); } rng->destroy(rng); return ok; @@ -1966,7 +1966,7 @@ static u_int permute(u_int x, u_int p) u_int qr; x = x % p; - qr = ((u_int64_t)x * x) % p; + qr = ((uint64_t)x * x) % p; if (x <= p / 2) { return qr; @@ -1976,7 +1976,7 @@ static u_int permute(u_int x, u_int p) METHOD(kernel_ipsec_t, get_spi, status_t, private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi) + uint8_t protocol, uint32_t *spi) { /* To avoid sequencial SPIs, we use a one-to-one permuation function on * an incrementing counter, that is a full period PRNG for the range we @@ -1993,7 +1993,7 @@ METHOD(kernel_ipsec_t, get_spi, status_t, METHOD(kernel_ipsec_t, get_cpi, status_t, private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - u_int16_t *cpi) + uint16_t *cpi) { return NOT_SUPPORTED; } @@ -2005,7 +2005,7 @@ typedef struct { /* backref to kernel backend */ private_kernel_wfp_ipsec_t *this; /* SPI of expiring SA */ - u_int32_t spi; + uint32_t spi; /* destination address of expiring SA */ host_t *dst; /* is this a hard expire, or a rekey request? */ @@ -2027,7 +2027,7 @@ static void expire_data_destroy(expire_data_t *data) static job_requeue_t expire_job(expire_data_t *data) { private_kernel_wfp_ipsec_t *this = data->this; - u_int8_t protocol; + uint8_t protocol; entry_t *entry = NULL; sa_entry_t key = { .spi = data->spi, @@ -2074,8 +2074,8 @@ static job_requeue_t expire_job(expire_data_t *data) /** * Schedule an expire event for an SA */ -static void schedule_expire(private_kernel_wfp_ipsec_t *this, u_int32_t spi, - host_t *dst, u_int32_t lifetime, bool hard) +static void schedule_expire(private_kernel_wfp_ipsec_t *this, uint32_t spi, + host_t *dst, uint32_t lifetime, bool hard) { expire_data_t *data; @@ -2093,57 +2093,55 @@ static void schedule_expire(private_kernel_wfp_ipsec_t *this, u_int32_t spi, } METHOD(kernel_ipsec_t, add_sa, status_t, - private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, - u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, - u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, - bool initiator, bool encap, bool esn, bool inbound, bool update, - linked_list_t *src_ts, linked_list_t *dst_ts) + private_kernel_wfp_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data) { host_t *local, *remote; entry_t *entry; - if (inbound) + if (data->inbound) { /* comes first, create new entry */ - local = dst->clone(dst); - remote = src->clone(src); + local = id->dst->clone(id->dst); + remote = id->src->clone(id->src); INIT(entry, - .reqid = reqid, + .reqid = data->reqid, .isa = { - .spi = spi, + .spi = id->spi, .dst = local, - .protocol = protocol, - .lifetime = lifetime->time.life, + .protocol = id->proto, + .lifetime = data->lifetime->time.life, .encr = { - .alg = enc_alg, - .key = chunk_clone(enc_key), + .alg = data->enc_alg, + .key = chunk_clone(data->enc_key), }, .integ = { - .alg = int_alg, - .key = chunk_clone(int_key), + .alg = data->int_alg, + .key = chunk_clone(data->int_key), }, }, .sps = array_create(0, 0), .local = local, .remote = remote, - .mode = mode, - .encap = encap, + .mode = data->mode, + .encap = data->encap, ); - if (lifetime->time.life) + if (data->lifetime->time.life) { - schedule_expire(this, spi, local, lifetime->time.life, TRUE); + schedule_expire(this, id->spi, local, + data->lifetime->time.life, TRUE); } - if (lifetime->time.rekey && lifetime->time.rekey != lifetime->time.life) + if (data->lifetime->time.rekey && + data->lifetime->time.rekey != data->lifetime->time.life) { - schedule_expire(this, spi, local, lifetime->time.rekey, FALSE); + schedule_expire(this, id->spi, local, + data->lifetime->time.rekey, FALSE); } this->mutex->lock(this->mutex); - this->tsas->put(this->tsas, (void*)(uintptr_t)reqid, entry); + this->tsas->put(this->tsas, (void*)(uintptr_t)data->reqid, entry); this->isas->put(this->isas, &entry->isa, entry); this->mutex->unlock(this->mutex); } @@ -2151,29 +2149,29 @@ METHOD(kernel_ipsec_t, add_sa, status_t, { /* comes after inbound, update entry */ this->mutex->lock(this->mutex); - entry = this->tsas->remove(this->tsas, (void*)(uintptr_t)reqid); + entry = this->tsas->remove(this->tsas, (void*)(uintptr_t)data->reqid); this->mutex->unlock(this->mutex); if (!entry) { DBG1(DBG_KNL, "adding outbound SA failed, no inbound SA found " - "for reqid %u ", reqid); + "for reqid %u ", data->reqid); return NOT_FOUND; } /* TODO: should we check for local/remote, mode etc.? */ entry->osa = (sa_entry_t){ - .spi = spi, + .spi = id->spi, .dst = entry->remote, - .protocol = protocol, - .lifetime = lifetime->time.life, + .protocol = id->proto, + .lifetime = data->lifetime->time.life, .encr = { - .alg = enc_alg, - .key = chunk_clone(enc_key), + .alg = data->enc_alg, + .key = chunk_clone(data->enc_key), }, .integ = { - .alg = int_alg, - .key = chunk_clone(int_key), + .alg = data->int_alg, + .key = chunk_clone(data->int_key), }, }; @@ -2186,14 +2184,13 @@ METHOD(kernel_ipsec_t, add_sa, status_t, } METHOD(kernel_ipsec_t, update_sa, status_t, - private_kernel_wfp_ipsec_t *this, u_int32_t spi, u_int8_t protocol, - u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, - bool encap, bool new_encap, mark_t mark) + private_kernel_wfp_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data) { entry_t *entry; sa_entry_t key = { - .dst = dst, - .spi = spi, + .dst = id->dst, + .spi = id->spi, }; UINT64 sa_id = 0; IPSEC_SA_CONTEXT1 *ctx; @@ -2233,16 +2230,16 @@ METHOD(kernel_ipsec_t, update_sa, status_t, DBG1(DBG_KNL, "getting WFP SA context for updated failed: 0x%08x", res); return FAILED; } - if (!hosts2traffic(this, new_dst, new_src, &ctx->inboundSa->traffic) || - !hosts2traffic(this, new_dst, new_src, &ctx->outboundSa->traffic)) + if (!hosts2traffic(this, data->new_dst, data->new_src, &ctx->inboundSa->traffic) || + !hosts2traffic(this, data->new_dst, data->new_src, &ctx->outboundSa->traffic)) { FwpmFreeMemory0((void**)&ctx); return FAILED; } - if (new_encap != encap) + if (data->new_encap != data->encap) { - if (new_encap) + if (data->new_encap) { ctx->inboundSa->udpEncapsulation = &ports; ctx->outboundSa->udpEncapsulation = &ports; @@ -2273,8 +2270,8 @@ METHOD(kernel_ipsec_t, update_sa, status_t, entry->local->destroy(entry->local); entry->remote->destroy(entry->remote); - entry->local = new_dst->clone(new_dst); - entry->remote = new_src->clone(new_src); + entry->local = data->new_dst->clone(data->new_dst); + entry->remote = data->new_src->clone(data->new_src); entry->isa.dst = entry->local; entry->osa.dst = entry->remote; @@ -2290,9 +2287,9 @@ METHOD(kernel_ipsec_t, update_sa, status_t, } METHOD(kernel_ipsec_t, query_sa, status_t, - private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes, - u_int64_t *packets, time_t *time) + private_kernel_wfp_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets, + time_t *time) { /* It does not seem that WFP provides any means of getting per-SA traffic * statistics. IPsecGetStatistics0/1() provides global stats, and @@ -2302,13 +2299,13 @@ METHOD(kernel_ipsec_t, query_sa, status_t, } METHOD(kernel_ipsec_t, del_sa, status_t, - private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark) + private_kernel_wfp_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data) { entry_t *entry; sa_entry_t key = { - .dst = dst, - .spi = spi, + .dst = id->dst, + .spi = id->spi, }; this->mutex->lock(this->mutex); @@ -2341,25 +2338,23 @@ METHOD(kernel_ipsec_t, flush_sas, status_t, } METHOD(kernel_ipsec_t, add_policy, status_t, - private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark, - policy_priority_t priority) + private_kernel_wfp_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { status_t status = SUCCESS; entry_t *entry; sp_entry_t *sp; sa_entry_t key = { - .spi = sa->esp.use ? sa->esp.spi : sa->ah.spi, - .dst = dst, + .spi = data->sa->esp.use ? data->sa->esp.spi : data->sa->ah.spi, + .dst = data->dst, }; - if (sa->esp.use && sa->ah.use) + if (data->sa->esp.use && data->sa->ah.use) { return NOT_SUPPORTED; } - switch (type) + switch (data->type) { case POLICY_IPSEC: break; @@ -2368,7 +2363,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t, return NOT_SUPPORTED; } - switch (direction) + switch (id->dir) { case POLICY_OUT: break; @@ -2380,18 +2375,20 @@ METHOD(kernel_ipsec_t, add_policy, status_t, return NOT_SUPPORTED; } - switch (priority) + switch (data->prio) { case POLICY_PRIORITY_DEFAULT: break; case POLICY_PRIORITY_ROUTED: - if (!add_trap(this, sa->reqid, FALSE, src, dst, src_ts, dst_ts)) + if (!add_trap(this, data->sa->reqid, FALSE, data->src, data->dst, + id->src_ts, id->dst_ts)) { return FAILED; } - if (sa->mode == MODE_TUNNEL) + if (data->sa->mode == MODE_TUNNEL) { - if (!add_trap(this, sa->reqid, TRUE, src, dst, src_ts, dst_ts)) + if (!add_trap(this, data->sa->reqid, TRUE, data->src, data->dst, + id->src_ts, id->dst_ts)) { return FAILED; } @@ -2406,14 +2403,14 @@ METHOD(kernel_ipsec_t, add_policy, status_t, entry = this->osas->get(this->osas, &key); if (entry) { - if (sa->mode == MODE_TUNNEL || array_count(entry->sps) == 0) + if (data->sa->mode == MODE_TUNNEL || array_count(entry->sps) == 0) { INIT(sp, - .src = src_ts->clone(src_ts), - .dst = dst_ts->clone(dst_ts), + .src = id->src_ts->clone(id->src_ts), + .dst = id->dst_ts->clone(id->dst_ts), ); array_insert(entry->sps, -1, sp); - if (array_count(entry->sps) == sa->policy_count) + if (array_count(entry->sps) == data->sa->policy_count) { if (!install(this, entry)) { @@ -2442,25 +2439,24 @@ METHOD(kernel_ipsec_t, add_policy, status_t, } METHOD(kernel_ipsec_t, query_policy, status_t, - private_kernel_wfp_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - time_t *use_time) + private_kernel_wfp_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, time_t *use_time) { /* see query_sa() for some notes */ return NOT_SUPPORTED; } METHOD(kernel_ipsec_t, del_policy, status_t, - private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_kernel_wfp_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { - if (direction == POLICY_OUT && priority == POLICY_PRIORITY_ROUTED) + if (id->dir == POLICY_OUT && data->prio == POLICY_PRIORITY_ROUTED) { - if (remove_trap(this, sa->reqid, FALSE, src_ts, dst_ts)) + if (remove_trap(this, data->sa->reqid, FALSE, id->src_ts, + id->dst_ts)) { - remove_trap(this, sa->reqid, TRUE, src_ts, dst_ts); + remove_trap(this, data->sa->reqid, TRUE, id->src_ts, + id->dst_ts); return SUCCESS; } return NOT_FOUND; @@ -2479,7 +2475,7 @@ METHOD(kernel_ipsec_t, flush_policies, status_t, * Add a bypass policy for a specific UDP port */ static bool add_bypass(private_kernel_wfp_ipsec_t *this, - int family, u_int16_t port, bool inbound, UINT64 *luid) + int family, uint16_t port, bool inbound, UINT64 *luid) { FWPM_FILTER_CONDITION0 *cond, *conds = NULL; int count = 0; @@ -2547,7 +2543,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool, } saddr; int addrlen = sizeof(saddr); UINT64 filter_out, filter_in = 0; - u_int16_t port; + uint16_t port; if (getsockname(fd, &saddr.sa, &addrlen) == SOCKET_ERROR) { @@ -2584,7 +2580,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool, } METHOD(kernel_ipsec_t, enable_udp_decap, bool, - private_kernel_wfp_ipsec_t *this, int fd, int family, u_int16_t port) + private_kernel_wfp_ipsec_t *this, int fd, int family, uint16_t port) { return FALSE; } diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in index 63bbf1975..e0c2cba50 100644 --- a/src/libcharon/plugins/led/Makefile.in +++ b/src/libcharon/plugins/led/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/led -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/led/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/led/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -771,6 +784,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in index 14fcd6f4c..856bdd8aa 100644 --- a/src/libcharon/plugins/load_tester/Makefile.in +++ b/src/libcharon/plugins/load_tester/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = load-tester$(EXEEXT) subdir = src/libcharon/plugins/load_tester -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -213,12 +222,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -268,6 +279,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -302,6 +314,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -413,6 +426,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -478,7 +492,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/load_tester/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/load_tester/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -852,6 +865,8 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/load_tester/load_tester.c b/src/libcharon/plugins/load_tester/load_tester.c index f5a998ecc..94b934d09 100644 --- a/src/libcharon/plugins/load_tester/load_tester.c +++ b/src/libcharon/plugins/load_tester/load_tester.c @@ -65,7 +65,7 @@ static FILE* make_connection() static int initiate(unsigned int count, unsigned int delay) { FILE *stream; - char c; + int c; stream = make_connection(); if (!stream) diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c index 8f6abde0c..28421c212 100644 --- a/src/libcharon/plugins/load_tester/load_tester_config.c +++ b/src/libcharon/plugins/load_tester/load_tester_config.c @@ -124,7 +124,7 @@ struct private_load_tester_config_t { /** * Current port for unique initiator ports */ - u_int16_t unique_port; + uint16_t unique_port; /** * IKE_SA rekeying delay @@ -154,7 +154,7 @@ struct private_load_tester_config_t { /** * Dynamic source port, if used */ - u_int16_t port; + uint16_t port; /** * IKE version to use for load testing @@ -454,8 +454,8 @@ static void generate_auth_cfg(private_load_tester_config_t *this, char *str, /** * Parse a protoport specifier */ -static bool parse_protoport(char *token, u_int16_t *from_port, - u_int16_t *to_port, u_int8_t *protocol) +static bool parse_protoport(char *token, uint16_t *from_port, + uint16_t *to_port, uint8_t *protocol) { char *sep, *port = "", *endptr; struct protoent *proto; @@ -494,7 +494,7 @@ static bool parse_protoport(char *token, u_int16_t *from_port, { return FALSE; } - *protocol = (u_int8_t)p; + *protocol = (uint8_t)p; } } if (streq(port, "%any")) @@ -557,8 +557,8 @@ static void add_ts(private_load_tester_config_t *this, { enumerator_t *enumerator; char *subnet, *pos; - u_int16_t from_port, to_port; - u_int8_t proto; + uint16_t from_port, to_port; + uint8_t proto; enumerator = enumerator_create_token(string, ",", " "); while (enumerator->enumerate(enumerator, &subnet)) @@ -688,13 +688,25 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) peer_cfg_t *peer_cfg; char local[32], *remote; host_t *addr; - ipsec_mode_t mode = MODE_TUNNEL; - lifetime_cfg_t lifetime = { - .time = { - .life = this->child_rekey * 2, - .rekey = this->child_rekey, - .jitter = 0 - } + peer_cfg_create_t peer = { + .cert_policy = CERT_SEND_IF_ASKED, + .unique = UNIQUE_NO, + .keyingtries = 1, + .rekey_time = this->ike_rekey, + .over_time = this->ike_rekey, + .no_mobike = TRUE, + .dpd = this->dpd_delay, + .dpd_timeout = this->dpd_timeout, + }; + child_cfg_create_t child = { + .lifetime = { + .time = { + .life = this->child_rekey * 2, + .rekey = this->child_rekey, + .jitter = 0 + }, + }, + .mode = MODE_TUNNEL, }; if (num) @@ -737,14 +749,8 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) FRAGMENTATION_NO, 0); } ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal)); - peer_cfg = peer_cfg_create("load-test", ike_cfg, - CERT_SEND_IF_ASKED, UNIQUE_NO, 1, /* keytries */ - this->ike_rekey, 0, /* rekey, reauth */ - 0, this->ike_rekey, /* jitter, overtime */ - FALSE, FALSE, TRUE, /* mobike, aggressive, pull */ - this->dpd_delay, /* dpd_delay */ - this->dpd_timeout, /* dpd_timeout */ - FALSE, NULL, NULL); + peer_cfg = peer_cfg_create("load-test", ike_cfg, &peer); + if (this->vip) { peer_cfg->add_virtual_ip(peer_cfg, this->vip->clone(this->vip)); @@ -768,17 +774,15 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) { if (streq(this->mode, "transport")) { - mode = MODE_TRANSPORT; + child.mode = MODE_TRANSPORT; } else if (streq(this->mode, "beet")) { - mode = MODE_BEET; + child.mode = MODE_BEET; } } - child_cfg = child_cfg_create("load-test", &lifetime, NULL, TRUE, mode, - ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, - 0, 0, NULL, NULL, 0); + child_cfg = child_cfg_create("load-test", &child); child_cfg->add_proposal(child_cfg, this->esp->clone(this->esp)); if (num) diff --git a/src/libcharon/plugins/load_tester/load_tester_creds.c b/src/libcharon/plugins/load_tester/load_tester_creds.c index d62c7295d..2f482962a 100644 --- a/src/libcharon/plugins/load_tester/load_tester_creds.c +++ b/src/libcharon/plugins/load_tester/load_tester_creds.c @@ -57,7 +57,7 @@ struct private_load_tester_creds_t { /** * serial number to issue certificates */ - u_int32_t serial; + uint32_t serial; /** * Preshared key for IKE @@ -307,7 +307,7 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, identification_t *dn = NULL; linked_list_t *sans; char buf[128]; - u_int32_t serial; + uint32_t serial; time_t now; if (this->ca == NULL) diff --git a/src/libcharon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c index 6a86bb899..4e20c8f3a 100644 --- a/src/libcharon/plugins/load_tester/load_tester_ipsec.c +++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c @@ -36,7 +36,7 @@ struct private_load_tester_ipsec_t { METHOD(kernel_ipsec_t, get_spi, status_t, private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi) + uint8_t protocol, uint32_t *spi) { *spi = (uint32_t)ref_get(&this->spi); return SUCCESS; @@ -44,69 +44,58 @@ METHOD(kernel_ipsec_t, get_spi, status_t, METHOD(kernel_ipsec_t, get_cpi, status_t, private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - u_int16_t *cpi) + uint16_t *cpi) { return FAILED; } METHOD(kernel_ipsec_t, add_sa, status_t, - private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, - u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, - u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, - bool initiator, bool encap, bool esn, bool inbound, bool update, - linked_list_t *src_ts, linked_list_t *dst_ts) + private_load_tester_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data) { return SUCCESS; } METHOD(kernel_ipsec_t, update_sa, status_t, - private_load_tester_ipsec_t *this, u_int32_t spi, u_int8_t protocol, - u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, - host_t *new_dst, bool encap, bool new_encap, mark_t mark) + private_load_tester_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data) { return SUCCESS; } METHOD(kernel_ipsec_t, query_sa, status_t, - private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes, u_int64_t *packets, time_t *time) + private_load_tester_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets, + time_t *time) { return NOT_SUPPORTED; } METHOD(kernel_ipsec_t, del_sa, status_t, - private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark) + private_load_tester_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data) { return SUCCESS; } METHOD(kernel_ipsec_t, add_policy, status_t, - private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_load_tester_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { return SUCCESS; } METHOD(kernel_ipsec_t, query_policy, status_t, - private_load_tester_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - time_t *use_time) + private_load_tester_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, time_t *use_time) { *use_time = 1; return SUCCESS; } METHOD(kernel_ipsec_t, del_policy, status_t, - private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_load_tester_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { return SUCCESS; } diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in index 9b56d94fe..69aa3792c 100644 --- a/src/libcharon/plugins/lookip/Makefile.in +++ b/src/libcharon/plugins/lookip/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = lookip$(EXEEXT) subdir = src/libcharon/plugins/lookip -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -209,12 +218,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -264,6 +275,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -298,6 +310,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -409,6 +422,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -469,7 +483,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/lookip/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/lookip/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -839,6 +852,8 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/maemo/Makefile.in b/src/libcharon/plugins/maemo/Makefile.in index 5cc654967..78525bf6c 100644 --- a/src/libcharon/plugins/maemo/Makefile.in +++ b/src/libcharon/plugins/maemo/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/maemo -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -468,7 +482,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/maemo/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/maemo/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -805,6 +818,8 @@ uninstall-am: uninstall-dbusserviceDATA uninstall-pluginLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-dbusserviceDATA uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + org.strongswan.charon.service: $(srcdir)/org.strongswan.charon.service.in $(AM_V_GEN) \ diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c index 2e96f8fb4..3e5861b87 100644 --- a/src/libcharon/plugins/maemo/maemo_service.c +++ b/src/libcharon/plugins/maemo/maemo_service.c @@ -236,12 +236,23 @@ static gboolean initiate_connection(private_maemo_service_t *this, traffic_selector_t *ts; auth_cfg_t *auth; certificate_t *cert; - lifetime_cfg_t lifetime = { - .time = { - .life = 10800, /* 3h */ - .rekey = 10200, /* 2h50min */ - .jitter = 300 /* 5min */ - } + peer_cfg_create_t peer = { + .cert_policy = CERT_SEND_IF_ASKED, + .unique = UNIQUE_REPLACE, + .keyingtries = 1, + .rekey_time = 36000, /* 10h */ + .jitter_time = 600, /* 10min */ + .over_time = 600, /* 10min */ + }; + child_cfg_create_t child = { + .lifetime = { + .time = { + .life = 10800, /* 3h */ + .rekey = 10200, /* 2h50min */ + .jitter = 300 /* 5min */ + }, + }, + .mode = MODE_TUNNEL, }; if (this->status == VPN_STATUS_CONNECTED || @@ -329,14 +340,7 @@ static gboolean initiate_connection(private_maemo_service_t *this, ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE)); - peer_cfg = peer_cfg_create(this->current, ike_cfg, - CERT_SEND_IF_ASKED, - UNIQUE_REPLACE, 1, /* keyingtries */ - 36000, 0, /* rekey 10h, reauth none */ - 600, 600, /* jitter, over 10min */ - TRUE, FALSE, TRUE, /* mobike, aggressive, pull */ - 0, 0, /* DPD delay, timeout */ - FALSE, NULL, NULL); /* mediation */ + peer_cfg = peer_cfg_create(this->current, ike_cfg, &peer); peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0)); auth = auth_cfg_create(); @@ -348,9 +352,7 @@ static gboolean initiate_connection(private_maemo_service_t *this, auth->add(auth, AUTH_RULE_IDENTITY, gateway); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); - child_cfg = child_cfg_create(this->current, &lifetime, NULL /* updown */, - TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, - ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); + child_cfg = child_cfg_create(this->current, &child); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in index 32c428487..fe301a7d9 100644 --- a/src/libcharon/plugins/medcli/Makefile.in +++ b/src/libcharon/plugins/medcli/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/medcli -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -463,7 +477,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/medcli/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/medcli/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -779,6 +792,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c index 25b138387..4452739c1 100644 --- a/src/libcharon/plugins/medcli/medcli_config.c +++ b/src/libcharon/plugins/medcli/medcli_config.c @@ -82,12 +82,25 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, child_cfg_t *child_cfg; chunk_t me, other; char *address, *local_net, *remote_net; - lifetime_cfg_t lifetime = { - .time = { - .life = this->rekey * 60 + this->rekey, - .rekey = this->rekey, - .jitter = this->rekey - } + peer_cfg_create_t peer = { + .cert_policy = CERT_NEVER_SEND, + .unique = UNIQUE_REPLACE, + .keyingtries = 1, + .rekey_time = this->rekey * 60, + .jitter_time = this->rekey * 5, + .over_time = this->rekey * 3, + .dpd = this->dpd, + .mediation = TRUE, + }; + child_cfg_create_t child = { + .lifetime = { + .time = { + .life = this->rekey * 60 + this->rekey, + .rekey = this->rekey, + .jitter = this->rekey + }, + }, + .mode = MODE_TUNNEL, }; /* query mediation server config: @@ -107,14 +120,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, address, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE)); - med_cfg = peer_cfg_create( - "mediation", ike_cfg, - CERT_NEVER_SEND, UNIQUE_REPLACE, - 1, this->rekey*60, 0, /* keytries, rekey, reauth */ - this->rekey*5, this->rekey*3, /* jitter, overtime */ - TRUE, FALSE, TRUE, /* mobike, aggressive, pull */ - this->dpd, 0, /* DPD delay, timeout */ - TRUE, NULL, NULL); /* mediation, med by, peer id */ + med_cfg = peer_cfg_create("mediation", ike_cfg, &peer); e->destroy(e); auth = auth_cfg_create(); @@ -144,15 +150,10 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, DESTROY_IF(e); return NULL; } - peer_cfg = peer_cfg_create( - name, this->ike->get_ref(this->ike), - CERT_NEVER_SEND, UNIQUE_REPLACE, - 1, this->rekey*60, 0, /* keytries, rekey, reauth */ - this->rekey*5, this->rekey*3, /* jitter, overtime */ - TRUE, FALSE, TRUE, /* mobike, aggressive, pull */ - this->dpd, 0, /* DPD delay, timeout */ - FALSE, med_cfg, /* mediation, med by */ - identification_create_from_encoding(ID_KEY_ID, other)); + peer.mediation = FALSE; + peer.mediated_by = med_cfg; + peer.peer_id = identification_create_from_encoding(ID_KEY_ID, other); + peer_cfg = peer_cfg_create(name, this->ike->get_ref(this->ike), &peer); auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); @@ -165,9 +166,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, identification_create_from_encoding(ID_KEY_ID, other)); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); - child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, - ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, - 0, 0, NULL, NULL, 0); + child_cfg = child_cfg_create(name, &child); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net)); @@ -205,12 +204,24 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, chunk_t me, other; child_cfg_t *child_cfg; auth_cfg_t *auth; - lifetime_cfg_t lifetime = { - .time = { - .life = this->rekey * 60 + this->rekey, - .rekey = this->rekey, - .jitter = this->rekey - } + peer_cfg_create_t peer = { + .cert_policy = CERT_NEVER_SEND, + .unique = UNIQUE_REPLACE, + .keyingtries = 1, + .rekey_time = this->rekey * 60, + .jitter_time = this->rekey * 5, + .over_time = this->rekey * 3, + .dpd = this->dpd, + }; + child_cfg_create_t child = { + .lifetime = { + .time = { + .life = this->rekey * 60 + this->rekey, + .rekey = this->rekey, + .jitter = this->rekey + }, + }, + .mode = MODE_TUNNEL, }; DESTROY_IF(this->current); @@ -220,14 +231,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, this->current = NULL; return FALSE; } - this->current = peer_cfg_create( - name, this->ike->get_ref(this->ike), - CERT_NEVER_SEND, UNIQUE_REPLACE, - 1, this->rekey*60, 0, /* keytries, rekey, reauth */ - this->rekey*5, this->rekey*3, /* jitter, overtime */ - TRUE, FALSE, TRUE, /* mobike, aggressive, pull */ - this->dpd, 0, /* DPD delay, timeout */ - FALSE, NULL, NULL); /* mediation, med by, peer id */ + this->current = peer_cfg_create(name, this->ike->get_ref(this->ike), &peer); auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); @@ -240,9 +244,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, identification_create_from_encoding(ID_KEY_ID, other)); this->current->add_auth_cfg(this->current, auth, FALSE); - child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, - ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, - 0, 0, NULL, NULL, 0); + child_cfg = child_cfg_create(name, &child); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net)); diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in index de0217a80..d4154fea4 100644 --- a/src/libcharon/plugins/medsrv/Makefile.in +++ b/src/libcharon/plugins/medsrv/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/medsrv -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/medsrv/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/medsrv/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/medsrv/medsrv_config.c b/src/libcharon/plugins/medsrv/medsrv_config.c index 02d805e06..be7f481b6 100644 --- a/src/libcharon/plugins/medsrv/medsrv_config.c +++ b/src/libcharon/plugins/medsrv/medsrv_config.c @@ -87,14 +87,18 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, if (e->enumerate(e, &name)) { - peer_cfg = peer_cfg_create( - name, this->ike->get_ref(this->ike), - CERT_NEVER_SEND, UNIQUE_REPLACE, - 1, this->rekey*60, 0, /* keytries, rekey, reauth */ - this->rekey*5, this->rekey*3, /* jitter, overtime */ - TRUE, FALSE, TRUE, /* mobike, aggressive, pull */ - this->dpd, 0, /* DPD delay, timeout */ - TRUE, NULL, NULL); /* mediation, med by, peer id */ + peer_cfg_create_t peer = { + .cert_policy = CERT_NEVER_SEND, + .unique = UNIQUE_REPLACE, + .keyingtries = 1, + .rekey_time = this->rekey * 60, + .jitter_time = this->rekey * 5, + .over_time = this->rekey * 3, + .dpd = this->dpd, + .mediation = TRUE, + }; + peer_cfg = peer_cfg_create(name, this->ike->get_ref(this->ike), + &peer); e->destroy(e); auth = auth_cfg_create(); diff --git a/src/libcharon/plugins/osx_attr/Makefile.in b/src/libcharon/plugins/osx_attr/Makefile.in index 6a1a81f08..ec488defe 100644 --- a/src/libcharon/plugins/osx_attr/Makefile.in +++ b/src/libcharon/plugins/osx_attr/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/osx_attr -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -463,7 +477,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/osx_attr/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/osx_attr/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/p_cscf/Makefile.am b/src/libcharon/plugins/p_cscf/Makefile.am index 1e00a56a8..f37f3f514 100644 --- a/src/libcharon/plugins/p_cscf/Makefile.am +++ b/src/libcharon/plugins/p_cscf/Makefile.am @@ -1,6 +1,5 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libhydra \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ diff --git a/src/libcharon/plugins/p_cscf/Makefile.in b/src/libcharon/plugins/p_cscf/Makefile.in index 7f78db85a..67ab4bfe3 100644 --- a/src/libcharon/plugins/p_cscf/Makefile.in +++ b/src/libcharon/plugins/p_cscf/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/p_cscf -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -433,7 +447,6 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libhydra \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ @@ -462,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/p_cscf/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/p_cscf/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in index 3f39ba237..9b7ab4c53 100644 --- a/src/libcharon/plugins/radattr/Makefile.in +++ b/src/libcharon/plugins/radattr/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/radattr -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -463,7 +477,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/radattr/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/radattr/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/resolve/Makefile.in b/src/libcharon/plugins/resolve/Makefile.in index 70d97cc32..38b709ef0 100644 --- a/src/libcharon/plugins/resolve/Makefile.in +++ b/src/libcharon/plugins/resolve/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/resolve -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/resolve/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/resolve/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/resolve/resolve_handler.c b/src/libcharon/plugins/resolve/resolve_handler.c index ec3decc4d..9077b51d4 100644 --- a/src/libcharon/plugins/resolve/resolve_handler.c +++ b/src/libcharon/plugins/resolve/resolve_handler.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2012 Tobias Brunner + * Copyright (C) 2012-2016 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -21,6 +21,8 @@ #include #include +#include +#include #include /* path to resolvconf executable */ @@ -47,12 +49,12 @@ struct private_resolve_handler_t { char *file; /** - * use resolvconf instead of writing directly to resolv.conf + * Use resolvconf instead of writing directly to resolv.conf */ bool use_resolvconf; /** - * prefix to be used for interface names sent to resolvconf + * Prefix to be used for interface names sent to resolvconf */ char *iface_prefix; @@ -60,13 +62,55 @@ struct private_resolve_handler_t { * Mutex to access file exclusively */ mutex_t *mutex; + + /** + * Reference counting for DNS servers dns_server_t + */ + array_t *servers; }; +/** + * Reference counting for DNS servers + */ +typedef struct { + + /** + * DNS server address + */ + host_t *server; + + /** + * Reference count + */ + u_int refcount; + +} dns_server_t; + +/** + * Compare a server and a stored reference + */ +static int dns_server_find(const void *a, const void *b) +{ + host_t *server = (host_t*)a; + dns_server_t *item = (dns_server_t*)b; + return chunk_compare(server->get_address(server), + item->server->get_address(item->server)); +} + +/** + * Sort references by DNS server + */ +static int dns_server_sort(const void *a, const void *b, void *user) +{ + const dns_server_t *da = a, *db = b; + return chunk_compare(da->server->get_address(da->server), + db->server->get_address(db->server)); +} + /** * Writes the given nameserver to resolv.conf */ -static bool write_nameserver(private_resolve_handler_t *this, - identification_t *server, host_t *addr) +static bool write_nameserver(private_resolve_handler_t *this, host_t *addr) { FILE *in, *out; char buf[1024]; @@ -79,8 +123,7 @@ static bool write_nameserver(private_resolve_handler_t *this, out = fopen(this->file, "w"); if (out) { - fprintf(out, "nameserver %H # by strongSwan, from %Y\n", addr, - server); + fprintf(out, "nameserver %H # by strongSwan\n", addr); DBG1(DBG_IKE, "installing DNS server %H to %s", addr, this->file); handled = TRUE; @@ -104,8 +147,7 @@ static bool write_nameserver(private_resolve_handler_t *this, /** * Removes the given nameserver from resolv.conf */ -static void remove_nameserver(private_resolve_handler_t *this, - identification_t *server, host_t *addr) +static void remove_nameserver(private_resolve_handler_t *this, host_t *addr) { FILE *in, *out; char line[1024], matcher[512]; @@ -119,8 +161,7 @@ static void remove_nameserver(private_resolve_handler_t *this, if (out) { snprintf(matcher, sizeof(matcher), - "nameserver %H # by strongSwan, from %Y\n", - addr, server); + "nameserver %H # by strongSwan\n", addr); /* copy all, but matching line */ while (fgets(line, sizeof(line), in)) @@ -144,50 +185,91 @@ static void remove_nameserver(private_resolve_handler_t *this, /** * Add or remove the given nameserver by invoking resolvconf. */ -static bool invoke_resolvconf(private_resolve_handler_t *this, - identification_t *server, host_t *addr, +static bool invoke_resolvconf(private_resolve_handler_t *this, host_t *addr, bool install) { - char cmd[128]; - bool success = TRUE; + process_t *process; + FILE *shell; + int in, out, retval; /* we use the nameserver's IP address as part of the interface name to * make them unique */ - if (snprintf(cmd, sizeof(cmd), "%s %s %s%H", RESOLVCONF_EXEC, - install ? "-a" : "-d", this->iface_prefix, addr) >= sizeof(cmd)) + process = process_start_shell(NULL, install ? &in : NULL, &out, NULL, + "2>&1 %s %s %s%H", RESOLVCONF_EXEC, + install ? "-a" : "-d", this->iface_prefix, addr); + + if (!process) { return FALSE; } - if (install) { - FILE *out; - - out = popen(cmd, "w"); - if (!out) + shell = fdopen(in, "w"); + if (shell) { - return FALSE; + DBG1(DBG_IKE, "installing DNS server %H via resolvconf", addr); + fprintf(shell, "nameserver %H\n", addr); + fclose(shell); } - DBG1(DBG_IKE, "installing DNS server %H via resolvconf", addr); - fprintf(out, "nameserver %H\n", addr); - success = !ferror(out); - if (pclose(out)) + else { + close(in); + close(out); + process->wait(process, NULL); return FALSE; } } else { - ignore_result(system(cmd)); + DBG1(DBG_IKE, "removing DNS server %H via resolvconf", addr); + } + shell = fdopen(out, "r"); + if (shell) + { + while (TRUE) + { + char resp[128], *e; + + if (fgets(resp, sizeof(resp), shell) == NULL) + { + if (ferror(shell)) + { + DBG1(DBG_IKE, "error reading from resolvconf"); + } + break; + } + else + { + e = resp + strlen(resp); + if (e > resp && e[-1] == '\n') + { + e[-1] = '\0'; + } + DBG1(DBG_IKE, "resolvconf: %s", resp); + } + } + fclose(shell); + } + else + { + close(out); + } + if (!process->wait(process, &retval) || retval != EXIT_SUCCESS) + { + if (install) + { /* revert changes when installing fails */ + invoke_resolvconf(this, addr, FALSE); + return FALSE; + } } - return success; + return TRUE; } METHOD(attribute_handler_t, handle, bool, private_resolve_handler_t *this, ike_sa_t *ike_sa, configuration_attribute_type_t type, chunk_t data) { - identification_t *server; + dns_server_t *found = NULL; host_t *addr; bool handled; @@ -208,16 +290,34 @@ METHOD(attribute_handler_t, handle, bool, DESTROY_IF(addr); return FALSE; } - server = ike_sa->get_other_id(ike_sa); this->mutex->lock(this->mutex); - if (this->use_resolvconf) + if (array_bsearch(this->servers, addr, dns_server_find, &found) == -1) { - handled = invoke_resolvconf(this, server, addr, TRUE); + if (this->use_resolvconf) + { + handled = invoke_resolvconf(this, addr, TRUE); + } + else + { + handled = write_nameserver(this, addr); + } + if (handled) + { + INIT(found, + .server = addr->clone(addr), + .refcount = 1, + ); + array_insert_create(&this->servers, ARRAY_TAIL, found); + array_sort(this->servers, dns_server_sort, NULL); + } } else { - handled = write_nameserver(this, server, addr); + DBG1(DBG_IKE, "DNS server %H already installed, increasing refcount", + addr); + found->refcount++; + handled = TRUE; } this->mutex->unlock(this->mutex); addr->destroy(addr); @@ -233,9 +333,9 @@ METHOD(attribute_handler_t, release, void, private_resolve_handler_t *this, ike_sa_t *ike_sa, configuration_attribute_type_t type, chunk_t data) { - identification_t *server; + dns_server_t *found = NULL; host_t *addr; - int family; + int family, idx; switch (type) { @@ -249,16 +349,30 @@ METHOD(attribute_handler_t, release, void, return; } addr = host_create_from_chunk(family, data, 0); - server = ike_sa->get_other_id(ike_sa); this->mutex->lock(this->mutex); - if (this->use_resolvconf) - { - invoke_resolvconf(this, server, addr, FALSE); - } - else + idx = array_bsearch(this->servers, addr, dns_server_find, &found); + if (idx != -1) { - remove_nameserver(this, server, addr); + if (--found->refcount > 0) + { + DBG1(DBG_IKE, "DNS server %H still used, decreasing refcount", + addr); + } + else + { + if (this->use_resolvconf) + { + invoke_resolvconf(this, addr, FALSE); + } + else + { + remove_nameserver(this, addr); + } + array_remove(this->servers, idx, NULL); + found->server->destroy(found->server); + free(found); + } } this->mutex->unlock(this->mutex); @@ -341,6 +455,7 @@ METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t*, METHOD(resolve_handler_t, destroy, void, private_resolve_handler_t *this) { + array_destroy(this->servers); this->mutex->destroy(this->mutex); free(this); } diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in index 221cda71a..72a168cb5 100644 --- a/src/libcharon/plugins/smp/Makefile.in +++ b/src/libcharon/plugins/smp/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/smp -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/smp/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/smp/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/smp/smp.c b/src/libcharon/plugins/smp/smp.c index 56b19c792..56891b263 100644 --- a/src/libcharon/plugins/smp/smp.c +++ b/src/libcharon/plugins/smp/smp.c @@ -374,7 +374,7 @@ static void request_control_terminate(xmlTextReaderPtr reader, xmlTextReaderNodeType(reader) == XML_READER_TYPE_TEXT) { const char *str; - u_int32_t id; + uint32_t id; status_t status; str = xmlTextReaderConstValue(reader); diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in index 3dcfaf4a6..112d8d218 100644 --- a/src/libcharon/plugins/socket_default/Makefile.in +++ b/src/libcharon/plugins/socket_default/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/socket_default -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/socket_default/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/socket_default/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c index 6e432d9cf..ba22b0c2b 100644 --- a/src/libcharon/plugins/socket_default/socket_default_socket.c +++ b/src/libcharon/plugins/socket_default/socket_default_socket.c @@ -84,12 +84,12 @@ struct private_socket_default_socket_t { /** * Configured port (or random, if initially 0) */ - u_int16_t port; + uint16_t port; /** * Configured port for NAT-T (or random, if initially 0) */ - u_int16_t natt; + uint16_t natt; /** * IPv4 socket (500 or port) @@ -114,22 +114,22 @@ struct private_socket_default_socket_t { /** * DSCP value set on IPv4 socket */ - u_int8_t dscp4; + uint8_t dscp4; /** * DSCP value set on IPv4 socket for NAT-T (4500 or natt) */ - u_int8_t dscp4_natt; + uint8_t dscp4_natt; /** * DSCP value set on IPv6 socket (500 or port) */ - u_int8_t dscp6; + uint8_t dscp6; /** * DSCP value set on IPv6 socket for NAT-T (4500 or natt) */ - u_int8_t dscp6_natt; + uint8_t dscp6_natt; /** * Maximum packet size to receive @@ -153,7 +153,7 @@ struct private_socket_default_socket_t { */ #ifdef IP_PKTINFO -static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port) +static host_t *get_dst_v4(struct cmsghdr *cmsgptr, uint16_t port) { struct sockaddr_in dst = { .sin_family = AF_INET, @@ -174,7 +174,7 @@ static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port) #elif defined(IP_RECVDSTADDR) -static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port) +static host_t *get_dst_v4(struct cmsghdr *cmsgptr, uint16_t port) { struct sockaddr_in dst = { .sin_family = AF_INET, @@ -193,7 +193,7 @@ static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port) #else /* IP_PKTINFO || IP_RECVDSTADDR */ -static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port) +static host_t *get_dst_v4(struct cmsghdr *cmsgptr, uint16_t port) { return NULL; } @@ -206,7 +206,7 @@ static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port) */ #ifdef HAVE_IN6_PKTINFO -static host_t *get_dst_v6(struct cmsghdr *cmsgptr, u_int16_t port) +static host_t *get_dst_v6(struct cmsghdr *cmsgptr, uint16_t port) { struct in6_pktinfo *pktinfo; struct sockaddr_in6 dst = { @@ -225,7 +225,7 @@ static host_t *get_dst_v6(struct cmsghdr *cmsgptr, u_int16_t port) #else /* HAVE_IN6_PKTINFO */ -static host_t *get_dst_v6(struct cmsghdr *cmsgptr, u_int16_t port) +static host_t *get_dst_v6(struct cmsghdr *cmsgptr, uint16_t port) { return NULL; } @@ -241,7 +241,7 @@ METHOD(socket_t, receiver, status_t, host_t *source = NULL, *dest = NULL; int i, rr, index, bytes_read = 0, selected = -1; bool oldstate; - u_int16_t port = 0; + uint16_t port = 0; struct pollfd pfd[] = { { .fd = this->ipv4, .events = POLLIN }, { .fd = this->ipv4_natt, .events = POLLIN }, @@ -464,7 +464,7 @@ METHOD(socket_t, sender, status_t, host_t *src, *dst; struct msghdr msg; struct iovec iov; - u_int8_t *dscp; + uint8_t *dscp; src = packet->get_source(packet); dst = packet->get_destination(packet); @@ -521,7 +521,7 @@ METHOD(socket_t, sender, status_t, { if (family == AF_INET) { - u_int8_t ds4; + uint8_t ds4; ds4 = packet->get_dscp(packet) << 2; if (setsockopt(skt, SOL_IP, IP_TOS, &ds4, sizeof(ds4)) == 0) @@ -584,7 +584,7 @@ METHOD(socket_t, sender, status_t, return SUCCESS; } -METHOD(socket_t, get_port, u_int16_t, +METHOD(socket_t, get_port, uint16_t, private_socket_default_socket_t *this, bool nat_t) { return nat_t ? this->natt : this->port; @@ -610,7 +610,7 @@ METHOD(socket_t, supported_families, socket_family_t, * open a socket to send and receive packets */ static int open_socket(private_socket_default_socket_t *this, - int family, u_int16_t *port) + int family, uint16_t *port) { int on = TRUE; union { diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in index 88bc22f5e..9f5f4a2e9 100644 --- a/src/libcharon/plugins/socket_dynamic/Makefile.in +++ b/src/libcharon/plugins/socket_dynamic/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/socket_dynamic -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/socket_dynamic/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/socket_dynamic/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c index b89cae47b..ba92e10f2 100644 --- a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c +++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c @@ -107,7 +107,7 @@ struct dynsock_t { /** * Bound source port */ - u_int16_t port; + uint16_t port; }; /** @@ -324,7 +324,7 @@ METHOD(socket_t, receiver, status_t, /** * Get the port allocated dynamically using bind() */ -static bool get_dynamic_port(int fd, int family, u_int16_t *port) +static bool get_dynamic_port(int fd, int family, uint16_t *port) { union { struct sockaddr_storage ss; @@ -367,7 +367,7 @@ static bool get_dynamic_port(int fd, int family, u_int16_t *port) * open a socket to send and receive packets */ static int open_socket(private_socket_dynamic_socket_t *this, - int family, u_int16_t *port) + int family, uint16_t *port) { union { struct sockaddr_storage ss; @@ -481,7 +481,7 @@ static dynsock_t *get_any_socket(private_socket_dynamic_socket_t *this, * Find/Create a socket to send from host */ static dynsock_t *find_socket(private_socket_dynamic_socket_t *this, - int family, u_int16_t port) + int family, uint16_t port) { dynsock_t *skt, lookup = { .family = family, @@ -636,7 +636,7 @@ METHOD(socket_t, sender, status_t, return SUCCESS; } -METHOD(socket_t, get_port, u_int16_t, +METHOD(socket_t, get_port, uint16_t, private_socket_dynamic_socket_t *this, bool nat_t) { /* we return 0 here for users that have no explicit port configured, the diff --git a/src/libcharon/plugins/socket_win/Makefile.in b/src/libcharon/plugins/socket_win/Makefile.in index 683011062..1b6b9f64a 100644 --- a/src/libcharon/plugins/socket_win/Makefile.in +++ b/src/libcharon/plugins/socket_win/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/socket_win -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -463,7 +477,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/socket_win/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/socket_win/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/socket_win/socket_win_socket.c b/src/libcharon/plugins/socket_win/socket_win_socket.c index 94af08e80..c42783c77 100644 --- a/src/libcharon/plugins/socket_win/socket_win_socket.c +++ b/src/libcharon/plugins/socket_win/socket_win_socket.c @@ -51,7 +51,7 @@ struct private_socket_win_socket_t { /** * Port for each socket */ - u_int16_t ports[SOCKET_COUNT]; + uint16_t ports[SOCKET_COUNT]; /** * IPv4/IPv6 dual-use sockets @@ -205,7 +205,7 @@ METHOD(socket_t, receiver, status_t, METHOD(socket_t, sender, status_t, private_socket_win_socket_t *this, packet_t *packet) { - u_int16_t port; + uint16_t port; int i = -1, j; host_t *src, *dst; WSAMSG msg; @@ -316,7 +316,7 @@ METHOD(socket_t, sender, status_t, return SUCCESS; } -METHOD(socket_t, get_port, u_int16_t, +METHOD(socket_t, get_port, uint16_t, private_socket_win_socket_t *this, bool nat) { return this->ports[nat != 0]; diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in index b09379b02..b9cae90ec 100644 --- a/src/libcharon/plugins/sql/Makefile.in +++ b/src/libcharon/plugins/sql/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/sql -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/sql/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/sql/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index ce24d180a..bbc20dca7 100644 --- a/src/libcharon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -170,12 +170,22 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e) if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter, &updown, &hostaccess, &mode, &start, &dpd, &close, &ipcomp, &reqid)) { - lifetime_cfg_t lft = { - .time = { .life = lifetime, .rekey = rekeytime, .jitter = jitter } + child_cfg_create_t child = { + .mode = mode, + .reqid = reqid, + .ipcomp = ipcomp, + .lifetime = { + .time = { + .life = lifetime, .rekey = rekeytime, .jitter = jitter + }, + }, + .start_action = start, + .dpd_action = dpd, + .close_action = close, + .updown = updown, + .hostaccess = hostaccess, }; - child_cfg = child_cfg_create(name, &lft, updown, hostaccess, mode, - start, dpd, close, ipcomp, 0, reqid, - NULL, NULL, 0); + child_cfg = child_cfg_create(name, &child); add_esp_proposals(this, child_cfg, id); add_traffic_selectors(this, child_cfg, id); return child_cfg; @@ -290,6 +300,7 @@ static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id) return ike_cfg; } +#ifdef ME /** * Query a peer config by its id */ @@ -322,6 +333,7 @@ static peer_cfg_t *get_peer_cfg_by_id(private_sql_config_t *this, int id) } return peer_cfg; } +#endif /* ME */ /** * Check if the two IDs match (the first one is optional) @@ -353,7 +365,7 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, &mediation, &mediated_by, &p_type, &p_data)) { identification_t *local_id, *remote_id, *peer_id = NULL; - peer_cfg_t *peer_cfg, *mediated_cfg; + peer_cfg_t *peer_cfg, *mediated_cfg = NULL; ike_cfg_t *ike; host_t *vip = NULL; auth_cfg_t *auth; @@ -367,22 +379,38 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, continue; } ike = get_ike_cfg_by_id(this, ike_cfg); + +#ifdef ME mediated_cfg = mediated_by ? get_peer_cfg_by_id(this, mediated_by) : NULL; if (p_type) { peer_id = identification_create_from_encoding(p_type, p_data); } +#endif if (virtual) { vip = host_create_from_string(virtual, 0); } if (ike) { - peer_cfg = peer_cfg_create( - name, ike, cert_policy, uniqueid, - keyingtries, rekeytime, reauthtime, jitter, overtime, - mobike, FALSE, TRUE, dpd_delay, 0, - mediation, mediated_cfg, peer_id); + peer_cfg_create_t peer = { + .cert_policy = cert_policy, + .unique = uniqueid, + .keyingtries = keyingtries, + .rekey_time = rekeytime, + .reauth_time = reauthtime, + .jitter_time = jitter, + .over_time = overtime, + .no_mobike = !mobike, + .dpd = dpd_delay, +#ifdef ME + .mediation = mediation, + .mediated_by = mediated_cfg, + .peer_id = peer_id, +#endif /* ME */ + }; + + peer_cfg = peer_cfg_create(name, ike, &peer); if (vip) { peer_cfg->add_virtual_ip(peer_cfg, vip); diff --git a/src/libcharon/plugins/sql/sql_logger.c b/src/libcharon/plugins/sql/sql_logger.c index 0fa06eac5..46a894028 100644 --- a/src/libcharon/plugins/sql/sql_logger.c +++ b/src/libcharon/plugins/sql/sql_logger.c @@ -63,7 +63,7 @@ METHOD(logger_t, log_, void, chunk_t local_spi, remote_spi; host_t *local_host, *remote_host; identification_t *local_id, *remote_id; - u_int64_t ispi, rspi; + uint64_t ispi, rspi; ike_sa_id_t *id; id = ike_sa->get_id(ike_sa); diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in index 2b22b333a..9f63cb0b5 100644 --- a/src/libcharon/plugins/stroke/Makefile.in +++ b/src/libcharon/plugins/stroke/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/stroke -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -474,7 +488,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/stroke/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/stroke/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -796,6 +809,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index d0eb2aac3..f2d110434 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -252,7 +252,7 @@ static void swap_ends(stroke_msg_t *msg) static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg) { ike_cfg_t *ike_cfg; - u_int16_t ikeport; + uint16_t ikeport; char me[256], other[256]; swap_ends(msg); @@ -616,12 +616,17 @@ static mem_pool_t *create_pool_range(char *str) static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, stroke_msg_t *msg, ike_cfg_t *ike_cfg) { - identification_t *peer_id = NULL; - peer_cfg_t *mediated_by = NULL; - unique_policy_t unique; - u_int32_t rekey = 0, reauth = 0, over, jitter; peer_cfg_t *peer_cfg; auth_cfg_t *auth_cfg; + peer_cfg_create_t peer = { + .cert_policy = msg->add_conn.me.sendcert, + .keyingtries = msg->add_conn.rekey.tries, + .no_mobike = !msg->add_conn.mobike, + .aggressive = msg->add_conn.aggressive, + .push_mode = msg->add_conn.pushmode, + .dpd = msg->add_conn.dpd.delay, + .dpd_timeout = msg->add_conn.dpd.timeout, + }; #ifdef ME if (msg->add_conn.ikeme.mediation && msg->add_conn.ikeme.mediated_by) @@ -633,14 +638,17 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, if (msg->add_conn.ikeme.mediation) { + peer.mediation = TRUE; /* force unique connections for mediation connections */ msg->add_conn.unique = 1; } if (msg->add_conn.ikeme.mediated_by) { - mediated_by = charon->backends->get_peer_cfg_by_name(charon->backends, - msg->add_conn.ikeme.mediated_by); + peer_cfg_t *mediated_by; + + mediated_by = charon->backends->get_peer_cfg_by_name( + charon->backends, msg->add_conn.ikeme.mediated_by); if (!mediated_by) { DBG1(DBG_CFG, "mediation connection '%s' not found, aborting", @@ -655,58 +663,55 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, mediated_by->destroy(mediated_by); return NULL; } + peer.mediated_by = mediated_by; if (msg->add_conn.ikeme.peerid) { - peer_id = identification_create_from_string(msg->add_conn.ikeme.peerid); + peer.peer_id = identification_create_from_string( + msg->add_conn.ikeme.peerid); } else if (msg->add_conn.other.id) { - peer_id = identification_create_from_string(msg->add_conn.other.id); + peer.peer_id = identification_create_from_string( + msg->add_conn.other.id); } } #endif /* ME */ - jitter = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100; - over = msg->add_conn.rekey.margin; + peer.jitter_time = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100; + peer.over_time = msg->add_conn.rekey.margin; if (msg->add_conn.rekey.reauth) { - reauth = msg->add_conn.rekey.ike_lifetime - over; + peer.reauth_time = msg->add_conn.rekey.ike_lifetime - peer.over_time; } else { - rekey = msg->add_conn.rekey.ike_lifetime - over; + peer.rekey_time = msg->add_conn.rekey.ike_lifetime - peer.over_time; } switch (msg->add_conn.unique) { case 1: /* yes */ case 2: /* replace */ - unique = UNIQUE_REPLACE; + peer.unique = UNIQUE_REPLACE; break; case 3: /* keep */ - unique = UNIQUE_KEEP; + peer.unique = UNIQUE_KEEP; break; case 4: /* never */ - unique = UNIQUE_NEVER; + peer.unique = UNIQUE_NEVER; break; default: /* no */ - unique = UNIQUE_NO; + peer.unique = UNIQUE_NO; break; } if (msg->add_conn.dpd.action == 0) { /* dpdaction=none disables DPD */ - msg->add_conn.dpd.delay = 0; + peer.dpd = 0; } /* other.sourceip is managed in stroke_attributes. If it is set, we define * the pool name as the connection name, which the attribute provider * uses to serve pool addresses. */ - peer_cfg = peer_cfg_create(msg->add_conn.name, ike_cfg, - msg->add_conn.me.sendcert, unique, - msg->add_conn.rekey.tries, rekey, reauth, jitter, over, - msg->add_conn.mobike, msg->add_conn.aggressive, - msg->add_conn.pushmode == 0, - msg->add_conn.dpd.delay, msg->add_conn.dpd.timeout, - msg->add_conn.ikeme.mediation, mediated_by, peer_id); + peer_cfg = peer_cfg_create(msg->add_conn.name, ike_cfg, &peer); if (msg->add_conn.other.sourceip) { @@ -883,8 +888,8 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, /** * Parse a protoport specifier */ -static bool parse_protoport(char *token, u_int16_t *from_port, - u_int16_t *to_port, u_int8_t *protocol) +static bool parse_protoport(char *token, uint16_t *from_port, + uint16_t *to_port, uint8_t *protocol) { char *sep, *port = "", *endptr; struct protoent *proto; @@ -923,7 +928,7 @@ static bool parse_protoport(char *token, u_int16_t *from_port, { return FALSE; } - *protocol = (u_int8_t)p; + *protocol = (uint8_t)p; } } if (streq(port, "%any")) @@ -1002,8 +1007,8 @@ static void add_ts(private_stroke_config_t *this, { enumerator_t *enumerator; char *subnet, *pos; - u_int16_t from_port, to_port; - u_int8_t proto; + uint16_t from_port, to_port; + uint8_t proto; enumerator = enumerator_create_token(end->subnets, ",", " "); while (enumerator->enumerate(enumerator, &subnet)) @@ -1070,45 +1075,50 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, stroke_msg_t *msg) { child_cfg_t *child_cfg; - lifetime_cfg_t lifetime = { - .time = { - .life = msg->add_conn.rekey.ipsec_lifetime, - .rekey = msg->add_conn.rekey.ipsec_lifetime - msg->add_conn.rekey.margin, - .jitter = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100 + child_cfg_create_t child = { + .lifetime = { + .time = { + .life = msg->add_conn.rekey.ipsec_lifetime, + .rekey = msg->add_conn.rekey.ipsec_lifetime - msg->add_conn.rekey.margin, + .jitter = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100 + }, + .bytes = { + .life = msg->add_conn.rekey.life_bytes, + .rekey = msg->add_conn.rekey.life_bytes - msg->add_conn.rekey.margin_bytes, + .jitter = msg->add_conn.rekey.margin_bytes * msg->add_conn.rekey.fuzz / 100 + }, + .packets = { + .life = msg->add_conn.rekey.life_packets, + .rekey = msg->add_conn.rekey.life_packets - msg->add_conn.rekey.margin_packets, + .jitter = msg->add_conn.rekey.margin_packets * msg->add_conn.rekey.fuzz / 100 + }, }, - .bytes = { - .life = msg->add_conn.rekey.life_bytes, - .rekey = msg->add_conn.rekey.life_bytes - msg->add_conn.rekey.margin_bytes, - .jitter = msg->add_conn.rekey.margin_bytes * msg->add_conn.rekey.fuzz / 100 + .mark_in = { + .value = msg->add_conn.mark_in.value, + .mask = msg->add_conn.mark_in.mask }, - .packets = { - .life = msg->add_conn.rekey.life_packets, - .rekey = msg->add_conn.rekey.life_packets - msg->add_conn.rekey.margin_packets, - .jitter = msg->add_conn.rekey.margin_packets * msg->add_conn.rekey.fuzz / 100 - } - }; - mark_t mark_in = { - .value = msg->add_conn.mark_in.value, - .mask = msg->add_conn.mark_in.mask - }; - mark_t mark_out = { - .value = msg->add_conn.mark_out.value, - .mask = msg->add_conn.mark_out.mask + .mark_out = { + .value = msg->add_conn.mark_out.value, + .mask = msg->add_conn.mark_out.mask + }, + .reqid = msg->add_conn.reqid, + .mode = msg->add_conn.mode, + .proxy_mode = msg->add_conn.proxy_mode, + .ipcomp = msg->add_conn.ipcomp, + .tfc = msg->add_conn.tfc, + .inactivity = msg->add_conn.inactivity, + .dpd_action = map_action(msg->add_conn.dpd.action), + .close_action = map_action(msg->add_conn.close_action), + .updown = msg->add_conn.me.updown, + .hostaccess = msg->add_conn.me.hostaccess, + .suppress_policies = !msg->add_conn.install_policy, }; - child_cfg = child_cfg_create( - msg->add_conn.name, &lifetime, msg->add_conn.me.updown, - msg->add_conn.me.hostaccess, msg->add_conn.mode, ACTION_NONE, - map_action(msg->add_conn.dpd.action), - map_action(msg->add_conn.close_action), msg->add_conn.ipcomp, - msg->add_conn.inactivity, msg->add_conn.reqid, - &mark_in, &mark_out, msg->add_conn.tfc); + child_cfg = child_cfg_create(msg->add_conn.name, &child); if (msg->add_conn.replay_window != -1) { child_cfg->set_replay_window(child_cfg, msg->add_conn.replay_window); } - child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode, - msg->add_conn.install_policy); add_ts(this, &msg->add_conn.me, child_cfg, TRUE); add_ts(this, &msg->add_conn.other, child_cfg, FALSE); diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c index 36da5ff21..fb60d3973 100644 --- a/src/libcharon/plugins/stroke/stroke_control.c +++ b/src/libcharon/plugins/stroke/stroke_control.c @@ -198,7 +198,7 @@ METHOD(stroke_control_t, initiate, void, /** * Parse a terminate/rekey specifier */ -static bool parse_specifier(char *string, u_int32_t *id, +static bool parse_specifier(char *string, uint32_t *id, char **name, bool *child, bool *all) { int len; @@ -266,7 +266,7 @@ static bool parse_specifier(char *string, u_int32_t *id, * Report the result of a terminate() call to console */ static void report_terminate_status(private_stroke_control_t *this, - status_t status, FILE *out, u_int32_t id, bool child) + status_t status, FILE *out, uint32_t id, bool child) { char *prefix, *postfix; @@ -300,7 +300,7 @@ static void report_terminate_status(private_stroke_control_t *this, /** * Call the charon controller to terminate a CHILD_SA */ -static void charon_terminate(private_stroke_control_t *this, u_int32_t id, +static void charon_terminate(private_stroke_control_t *this, uint32_t id, stroke_msg_t *msg, FILE *out, bool child) { if (msg->output_verbosity >= 0) @@ -336,7 +336,7 @@ METHOD(stroke_control_t, terminate, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) { char *name; - u_int32_t id; + uint32_t id; bool child, all; ike_sa_t *ike_sa; enumerator_t *enumerator; @@ -424,7 +424,7 @@ METHOD(stroke_control_t, rekey, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) { char *name; - u_int32_t id; + uint32_t id; bool child, all, finished = FALSE; ike_sa_t *ike_sa; enumerator_t *enumerator; @@ -591,13 +591,13 @@ METHOD(stroke_control_t, purge_ike, void, /** * Find an existing CHILD_SA/reqid */ -static u_int32_t find_reqid(child_cfg_t *child_cfg) +static uint32_t find_reqid(child_cfg_t *child_cfg) { enumerator_t *enumerator, *children; child_sa_t *child_sa; ike_sa_t *ike_sa; char *name; - u_int32_t reqid; + uint32_t reqid; reqid = charon->traps->find_reqid(charon->traps, child_cfg); if (reqid) @@ -636,7 +636,7 @@ static void charon_route(peer_cfg_t *peer_cfg, child_cfg_t *child_cfg, char *name, FILE *out) { ipsec_mode_t mode; - u_int32_t reqid; + uint32_t reqid; mode = child_cfg->get_mode(child_cfg); if (mode == MODE_PASS || mode == MODE_DROP) @@ -731,7 +731,7 @@ METHOD(stroke_control_t, unroute, void, { child_sa_t *child_sa; enumerator_t *enumerator; - u_int32_t id = 0; + uint32_t id = 0; if (charon->shunts->uninstall(charon->shunts, msg->unroute.name)) { diff --git a/src/libcharon/plugins/stroke/stroke_counter.c b/src/libcharon/plugins/stroke/stroke_counter.c index 5fa1fb165..e93fd4ef2 100644 --- a/src/libcharon/plugins/stroke/stroke_counter.c +++ b/src/libcharon/plugins/stroke/stroke_counter.c @@ -58,7 +58,7 @@ struct private_stroke_counter_t { /** * Global counter values */ - u_int64_t counter[COUNTER_MAX]; + uint64_t counter[COUNTER_MAX]; /** * Counters for specific connection names, char* => entry_t @@ -78,7 +78,7 @@ typedef struct { /** connection name */ char *name; /** counter values for connection */ - u_int64_t counter[COUNTER_MAX]; + uint64_t counter[COUNTER_MAX]; } entry_t; /** @@ -290,7 +290,7 @@ METHOD(listener_t, message_hook, bool, * Print a single counter value to out */ static void print_counter(FILE *out, stroke_counter_type_t type, - u_int64_t counter) + uint64_t counter) { fprintf(out, "%-18N %12llu\n", stroke_counter_type_names, type, counter); } @@ -300,7 +300,7 @@ static void print_counter(FILE *out, stroke_counter_type_t type, */ static void print_one(private_stroke_counter_t *this, FILE *out, char *name) { - u_int64_t counter[COUNTER_MAX]; + uint64_t counter[COUNTER_MAX]; entry_t *entry; int i; @@ -365,7 +365,7 @@ static void print_all(private_stroke_counter_t *this, FILE *out) */ static void print_global(private_stroke_counter_t *this, FILE *out) { - u_int64_t counter[COUNTER_MAX]; + uint64_t counter[COUNTER_MAX]; int i; this->lock->lock(this->lock); diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c index 42928882a..929e6fc84 100644 --- a/src/libcharon/plugins/stroke/stroke_cred.c +++ b/src/libcharon/plugins/stroke/stroke_cred.c @@ -754,6 +754,8 @@ typedef struct { chunk_t keyid; /** number of tries */ int try; + /** provided PIN */ + shared_key_t *shared; } pin_cb_data_t; /** @@ -798,7 +800,9 @@ static shared_key_t* pin_cb(pin_cb_data_t *data, shared_key_type_t type, { *match_other = ID_MATCH_NONE; } - return shared_key_create(SHARED_PIN, chunk_clone(secret)); + DESTROY_IF(data->shared); + data->shared = shared_key_create(SHARED_PIN, chunk_clone(secret)); + return data->shared->get_ref(data->shared); } } return NULL; @@ -815,7 +819,7 @@ static bool load_pin(mem_cred_t *secrets, chunk_t line, int line_nr, private_key_t *key = NULL; u_int slot; chunk_t chunk; - shared_key_t *shared; + shared_key_t *shared = NULL; identification_t *id; mem_cred_t *mem = NULL; callback_cred_t *cb = NULL; @@ -867,10 +871,11 @@ static bool load_pin(mem_cred_t *secrets, chunk_t line, int line_nr, return TRUE; } /* use callback credential set to prompt for the pin */ - pin_data.prompt = prompt; - pin_data.card = smartcard; - pin_data.keyid = chunk; - pin_data.try = 0; + pin_data = (pin_cb_data_t){ + .prompt = prompt, + .card = smartcard, + .keyid = chunk, + }; cb = callback_cred_create_shared((void*)pin_cb, &pin_data); lib->credmgr->add_local_set(lib->credmgr, &cb->set, FALSE); } @@ -880,30 +885,48 @@ static bool load_pin(mem_cred_t *secrets, chunk_t line, int line_nr, shared = shared_key_create(SHARED_PIN, secret); id = identification_create_from_encoding(ID_KEY_ID, chunk); mem = mem_cred_create(); - mem->add_shared(mem, shared, id, NULL); + mem->add_shared(mem, shared->get_ref(shared), id, NULL); lib->credmgr->add_local_set(lib->credmgr, &mem->set, FALSE); } /* unlock: smartcard needs the pin and potentially calls public set */ key = (private_key_t*)load_from_smartcard(format, slot, module, keyid, CRED_PRIVATE_KEY, KEY_ANY); + + if (key) + { + DBG1(DBG_CFG, " loaded private key from %.*s", (int)sc.len, sc.ptr); + secrets->add_key(secrets, key); + } if (mem) { + if (!key) + { + shared->destroy(shared); + shared = NULL; + } lib->credmgr->remove_local_set(lib->credmgr, &mem->set); mem->destroy(mem); } if (cb) { + if (key) + { + shared = pin_data.shared; + } + else + { + DESTROY_IF(pin_data.shared); + } lib->credmgr->remove_local_set(lib->credmgr, &cb->set); cb->destroy(cb); } - chunk_clear(&chunk); - - if (key) + if (shared) { - DBG1(DBG_CFG, " loaded private key from %.*s", (int)sc.len, sc.ptr); - secrets->add_key(secrets, key); + id = identification_create_from_encoding(ID_KEY_ID, chunk); + secrets->add_shared(secrets, shared, id, NULL); } + chunk_clear(&chunk); return TRUE; } diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c index 0371c7032..6c5703a16 100644 --- a/src/libcharon/plugins/stroke/stroke_list.c +++ b/src/libcharon/plugins/stroke/stroke_list.c @@ -206,7 +206,7 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) { time_t use_in, use_out, rekey, now; - u_int64_t bytes_in, bytes_out, packets_in, packets_out; + uint64_t bytes_in, bytes_out, packets_in, packets_out; proposal_t *proposal; linked_list_t *my_ts, *other_ts; child_cfg_t *config; @@ -244,7 +244,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) proposal = child_sa->get_proposal(child_sa); if (proposal) { - u_int16_t alg, ks; + uint16_t alg, ks; bool first = TRUE; if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, @@ -286,7 +286,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) { fprintf(out, " (%" PRIu64 " pkt%s, %" PRIu64 "s ago)", packets_in, (packets_in == 1) ? "": "s", - (u_int64_t)(now - use_in)); + (uint64_t)(now - use_in)); } child_sa->get_usestats(child_sa, FALSE, @@ -296,7 +296,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) { fprintf(out, " (%" PRIu64 " pkt%s, %" PRIu64 "s ago)", packets_out, (packets_out == 1) ? "": "s", - (u_int64_t)(now - use_out)); + (uint64_t)(now - use_out)); } fprintf(out, ", rekeying "); @@ -474,7 +474,7 @@ METHOD(stroke_list_t, status, void, ike_version_t ike_version; char *pool; host_t *host; - u_int32_t dpd; + uint32_t dpd; time_t since, now; u_int size, online, offline, i; struct utsname utsname; diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c index ee32dbca2..4f7483666 100644 --- a/src/libcharon/plugins/stroke/stroke_socket.c +++ b/src/libcharon/plugins/stroke/stroke_socket.c @@ -613,7 +613,7 @@ static void stroke_config(private_stroke_socket_t *this, static bool on_accept(private_stroke_socket_t *this, stream_t *stream) { stroke_msg_t *msg; - u_int16_t len; + uint16_t len; FILE *out; /* read length */ diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in index 0daff4434..125e3c176 100644 --- a/src/libcharon/plugins/systime_fix/Makefile.in +++ b/src/libcharon/plugins/systime_fix/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/systime_fix -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/systime_fix/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/systime_fix/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -772,6 +785,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in index f124a1b38..0ea265e10 100644 --- a/src/libcharon/plugins/tnc_ifmap/Makefile.in +++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/tnc_ifmap -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -206,12 +215,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -261,6 +272,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -295,6 +307,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -406,6 +419,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -473,7 +487,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/tnc_ifmap/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/tnc_ifmap/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -791,6 +804,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c index 2bad4fab0..ad4f2f8c2 100644 --- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c @@ -145,7 +145,7 @@ tnc_ifmap_listener_t *tnc_ifmap_listener_create(bool reload) { private_tnc_ifmap_listener_t *this; job_t *job; - u_int32_t reschedule; + uint32_t reschedule; INIT(this, .public = { diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.c index f2c00a528..ea48338cd 100644 --- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.c +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.c @@ -40,7 +40,7 @@ struct private_tnc_ifmap_renew_session_job_t { /** * Reschedule time interval in seconds */ - u_int32_t reschedule; + uint32_t reschedule; }; METHOD(job_t, destroy, void, @@ -83,7 +83,7 @@ METHOD(job_t, get_priority, job_priority_t, * Described in header */ tnc_ifmap_renew_session_job_t *tnc_ifmap_renew_session_job_create( - tnc_ifmap_soap_t *ifmap, u_int32_t reschedule) + tnc_ifmap_soap_t *ifmap, uint32_t reschedule) { private_tnc_ifmap_renew_session_job_t *this; diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.h b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.h index f1587a1f6..18a3d5734 100644 --- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.h +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.h @@ -46,6 +46,6 @@ struct tnc_ifmap_renew_session_job_t { * @param reschedule reschedule time in seconds */ tnc_ifmap_renew_session_job_t *tnc_ifmap_renew_session_job_create( - tnc_ifmap_soap_t *ifmap, u_int32_t reschedule); + tnc_ifmap_soap_t *ifmap, uint32_t reschedule); #endif /** TNC_IFMAP_RENEW_SESSION_JOB_H_ @}*/ diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c index a652e7067..8e69de095 100644 --- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c @@ -186,7 +186,7 @@ METHOD(tnc_ifmap_soap_t, purgePublisher, bool, * Create an access-request based on device_name and ike_sa_id */ static xmlNodePtr create_access_request(private_tnc_ifmap_soap_t *this, - u_int32_t id) + uint32_t id) { xmlNodePtr node; char buf[BUF_LEN]; @@ -415,7 +415,7 @@ METHOD(tnc_ifmap_soap_t, publish_ike_sa, bool, identification_t *id, *eap_id, *group; host_t *host; auth_cfg_t *auth; - u_int32_t ike_sa_id; + uint32_t ike_sa_id; bool is_user = FALSE, first = TRUE, success; /* extract relevant data from IKE_SA*/ @@ -584,7 +584,7 @@ METHOD(tnc_ifmap_soap_t, publish_virtual_ips, bool, { tnc_ifmap_soap_msg_t *soap_msg; xmlNodePtr request, node; - u_int32_t ike_sa_id; + uint32_t ike_sa_id; enumerator_t *enumerator; host_t *vip; bool success; diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in index bfd8cf820..f2398c3f4 100644 --- a/src/libcharon/plugins/tnc_pdp/Makefile.in +++ b/src/libcharon/plugins/tnc_pdp/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/tnc_pdp -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -207,12 +216,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -262,6 +273,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -296,6 +308,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -407,6 +420,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -476,7 +490,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/tnc_pdp/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/tnc_pdp/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -791,6 +804,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c index 91456f8da..17f0cd464 100644 --- a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c +++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c @@ -74,7 +74,7 @@ struct private_tnc_pdp_t { /** * PT-TLS port of the server */ - u_int16_t pt_tls_port; + uint16_t pt_tls_port; /** * PT-TLS IPv4 socket @@ -158,7 +158,7 @@ static void free_client_entry(client_entry_t *this) /** * Open IPv4 or IPv6 UDP socket */ -static int open_udp_socket(int family, u_int16_t port) +static int open_udp_socket(int family, uint16_t port) { int on = TRUE; struct sockaddr_storage addr; @@ -233,7 +233,7 @@ static int open_udp_socket(int family, u_int16_t port) /** * Open IPv4 or IPv6 TCP socket */ -static int open_tcp_socket(int family, u_int16_t port) +static int open_tcp_socket(int family, uint16_t port) { int on = TRUE; struct sockaddr_storage addr; @@ -339,8 +339,8 @@ static void send_message(private_tnc_pdp_t *this, radius_message_t *message, /** * Encrypt a MS-MPPE-Send/Recv-Key */ -static chunk_t encrypt_mppe_key(private_tnc_pdp_t *this, u_int8_t type, - chunk_t key, u_int16_t *salt, +static chunk_t encrypt_mppe_key(private_tnc_pdp_t *this, uint8_t type, + chunk_t key, uint16_t *salt, radius_message_t *request) { chunk_t a, r, seed, data; @@ -420,8 +420,8 @@ static void send_response(private_tnc_pdp_t *this, radius_message_t *request, { radius_message_t *response; chunk_t data, recv, send; - u_int32_t tunnel_type; - u_int16_t salt = 0; + uint32_t tunnel_type; + uint16_t salt = 0; response = radius_message_create(code); data = eap->get_data(eap); @@ -477,7 +477,7 @@ static void process_eap(private_tnc_pdp_t *this, radius_message_t *request, eap_payload_t *in, *out = NULL; eap_method_t *method; eap_type_t eap_type; - u_int32_t eap_vendor; + uint32_t eap_vendor; chunk_t data, message = chunk_empty, msk = chunk_empty; chunk_t user_name = chunk_empty, nas_id = chunk_empty; identification_t *group = NULL; diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in index a1c64ca1b..84eed9a45 100644 --- a/src/libcharon/plugins/uci/Makefile.in +++ b/src/libcharon/plugins/uci/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/uci -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/uci/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/uci/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -778,6 +791,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c index 2a8e40380..e0578fe9b 100644 --- a/src/libcharon/plugins/uci/uci_config.c +++ b/src/libcharon/plugins/uci/uci_config.c @@ -126,12 +126,23 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, child_cfg_t *child_cfg; ike_cfg_t *ike_cfg; auth_cfg_t *auth; - lifetime_cfg_t lifetime = { - .time = { - .life = create_rekey(esp_rekey) + 300, - .rekey = create_rekey(esp_rekey), - .jitter = 300 - } + peer_cfg_create_t peer = { + .cert_policy = CERT_SEND_IF_ASKED, + .unique = UNIQUE_NO, + .keyingtries = 1, + .jitter_time = 1800, + .over_time = 900, + .dpd = 60, + }; + child_cfg_create_t child = { + .lifetime = { + .time = { + .life = create_rekey(esp_rekey) + 300, + .rekey = create_rekey(esp_rekey), + .jitter = 300 + }, + }, + .mode = MODE_TUNNEL, }; /* defaults */ @@ -157,13 +168,8 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, remote_addr, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0); ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE)); - this->peer_cfg = peer_cfg_create( - name, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO, - 1, create_rekey(ike_rekey), 0, /* keytries, rekey, reauth */ - 1800, 900, /* jitter, overtime */ - TRUE, FALSE, TRUE, /* mobike, aggressive, pull */ - 60, 0, /* DPD delay, timeout */ - FALSE, NULL, NULL); /* mediation, med by, peer id */ + peer.rekey_time = create_rekey(ike_rekey); + this->peer_cfg = peer_cfg_create(name, ike_cfg, &peer); auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); auth->add(auth, AUTH_RULE_IDENTITY, @@ -179,9 +185,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, } this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, FALSE); - child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, - ACTION_NONE, ACTION_NONE, ACTION_NONE, - FALSE, 0, 0, NULL, NULL, 0); + child_cfg = child_cfg_create(name, &child); child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, create_ts(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, create_ts(remote_net)); diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in index 00bb1498c..cfc1c5f4c 100644 --- a/src/libcharon/plugins/unity/Makefile.in +++ b/src/libcharon/plugins/unity/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/unity -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/unity/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/unity/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -778,6 +791,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/unity/unity_handler.c b/src/libcharon/plugins/unity/unity_handler.c index 9fc9be61a..570727823 100644 --- a/src/libcharon/plugins/unity/unity_handler.c +++ b/src/libcharon/plugins/unity/unity_handler.c @@ -206,7 +206,9 @@ static job_requeue_t add_exclude_async(entry_t *entry) { enumerator_t *enumerator; child_cfg_t *child_cfg; - lifetime_cfg_t lft = { .time = { .life = 0 } }; + child_cfg_create_t child = { + .mode = MODE_PASS, + }; ike_sa_t *ike_sa; char name[128]; host_t *host; @@ -216,9 +218,7 @@ static job_requeue_t add_exclude_async(entry_t *entry) { create_shunt_name(ike_sa, entry->ts, name, sizeof(name)); - child_cfg = child_cfg_create(name, &lft, NULL, TRUE, MODE_PASS, - ACTION_NONE, ACTION_NONE, ACTION_NONE, - FALSE, 0, 0, NULL, NULL, FALSE); + child_cfg = child_cfg_create(name, &child); child_cfg->add_traffic_selector(child_cfg, FALSE, entry->ts->clone(entry->ts)); host = ike_sa->get_my_host(ike_sa); diff --git a/src/libcharon/plugins/unity/unity_provider.c b/src/libcharon/plugins/unity/unity_provider.c index 1e297a39e..07f5f9b61 100644 --- a/src/libcharon/plugins/unity/unity_provider.c +++ b/src/libcharon/plugins/unity/unity_provider.c @@ -53,7 +53,7 @@ static void append_ts(bio_writer_t *writer, traffic_selector_t *ts) { host_t *net, *mask; chunk_t padding; - u_int8_t bits; + uint8_t bits; if (!ts->to_subnet(ts, &net, &bits)) { @@ -115,7 +115,7 @@ METHOD(enumerator_t, attribute_destroy, void, */ static bool use_ts(traffic_selector_t *ts) { - u_int8_t mask; + uint8_t mask; host_t *net; if (ts->get_type(ts) != TS_IPV4_ADDR_RANGE) diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in index 863e14430..612535d85 100644 --- a/src/libcharon/plugins/updown/Makefile.in +++ b/src/libcharon/plugins/updown/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/updown -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/updown/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/updown/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/updown/updown_listener.c b/src/libcharon/plugins/updown/updown_listener.c index e51caab10..6a1581c85 100644 --- a/src/libcharon/plugins/updown/updown_listener.c +++ b/src/libcharon/plugins/updown/updown_listener.c @@ -55,7 +55,7 @@ typedef struct cache_entry_t cache_entry_t; */ struct cache_entry_t { /** requid of the CHILD_SA */ - u_int32_t reqid; + uint32_t reqid; /** cached interface name */ char *iface; }; @@ -63,7 +63,7 @@ struct cache_entry_t { /** * Insert an interface name to the cache */ -static void cache_iface(private_updown_listener_t *this, u_int32_t reqid, +static void cache_iface(private_updown_listener_t *this, uint32_t reqid, char *iface) { cache_entry_t *entry = malloc_thing(cache_entry_t); @@ -77,7 +77,7 @@ static void cache_iface(private_updown_listener_t *this, u_int32_t reqid, /** * Remove a cached interface name and return it. */ -static char* uncache_iface(private_updown_listener_t *this, u_int32_t reqid) +static char* uncache_iface(private_updown_listener_t *this, uint32_t reqid) { enumerator_t *enumerator; cache_entry_t *entry; @@ -257,7 +257,7 @@ static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa, { host_t *me, *other, *host; char *iface; - u_int8_t mask; + uint8_t mask; mark_t mark; bool is_host, is_ipv6; int out; @@ -344,13 +344,13 @@ static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa, } push_vip_env(this, ike_sa, envp, countof(envp), TRUE); push_vip_env(this, ike_sa, envp, countof(envp), FALSE); - mark = config->get_mark(config, TRUE); + mark = child_sa->get_mark(child_sa, TRUE); if (mark.value) { push_env(envp, countof(envp), "PLUTO_MARK_IN=%u/0x%08x", mark.value, mark.mask); } - mark = config->get_mark(config, FALSE); + mark = child_sa->get_mark(child_sa, FALSE); if (mark.value) { push_env(envp, countof(envp), "PLUTO_MARK_OUT=%u/0x%08x", diff --git a/src/libcharon/plugins/vici/Makefile.in b/src/libcharon/plugins/vici/Makefile.in index 86ed00792..b943c09ce 100644 --- a/src/libcharon/plugins/vici/Makefile.in +++ b/src/libcharon/plugins/vici/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -84,8 +94,6 @@ check_PROGRAMS = $(am__EXEEXT_1) @USE_PYTHON_EGGS_TRUE@am__append_2 = python @USE_PERL_CPAN_TRUE@am__append_3 = perl subdir = src/libcharon/plugins/vici -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -99,6 +107,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -274,6 +283,7 @@ am__tty_colors = { \ fi; \ } DIST_SUBDIRS = ruby python perl +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -305,6 +315,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -354,6 +365,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -388,6 +400,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -499,6 +512,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -602,7 +616,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/vici/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/vici/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -1319,6 +1332,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES \ tags tags-am uninstall uninstall-am \ uninstall-ipseclibLTLIBRARIES uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md index 52929bd74..cf5a85a8d 100644 --- a/src/libcharon/plugins/vici/README.md +++ b/src/libcharon/plugins/vici/README.md @@ -277,8 +277,8 @@ Terminates an SA while streaming _control-log_ events. { child = ike = - child_id = - ike_id = + child-id = + ike-id = timeout = loglevel = } => { @@ -337,7 +337,7 @@ events. { noblock = ike = - ike_id = + ike-id = } => { # completes after streaming list-sa events } @@ -734,6 +734,8 @@ _list-conns_ command. ] version = + reauth_time = + rekey_time = local*, remote* = { # multiple local and remote auth sections class = @@ -758,6 +760,9 @@ _list-conns_ command. children = { * = { mode = + rekey_time = + rekey_bytes = + rekey_packets = local-ts = [ ] diff --git a/src/libcharon/plugins/vici/libvici.c b/src/libcharon/plugins/vici/libvici.c index 7c98c8b69..0b549a511 100644 --- a/src/libcharon/plugins/vici/libvici.c +++ b/src/libcharon/plugins/vici/libvici.c @@ -123,7 +123,7 @@ static bool read_error(vici_conn_t *conn, int err) /** * Handle a command response message */ -static bool handle_response(vici_conn_t *conn, u_int32_t len) +static bool handle_response(vici_conn_t *conn, uint32_t len) { chunk_t buf; @@ -140,11 +140,11 @@ static bool handle_response(vici_conn_t *conn, u_int32_t len) /** * Dispatch received event message */ -static bool handle_event(vici_conn_t *conn, u_int32_t len) +static bool handle_event(vici_conn_t *conn, uint32_t len) { vici_message_t *message; event_t *event; - u_int8_t namelen; + uint8_t namelen; char name[257], *buf; if (len < sizeof(namelen)) @@ -198,8 +198,8 @@ static bool handle_event(vici_conn_t *conn, u_int32_t len) CALLBACK(on_read, bool, vici_conn_t *conn, stream_t *stream) { - u_int32_t len; - u_int8_t op; + uint32_t len; + uint8_t op; ssize_t hlen; hlen = stream->read(stream, &len, sizeof(len), FALSE); @@ -358,8 +358,8 @@ vici_res_t* vici_submit(vici_req_t *req, vici_conn_t *conn) vici_message_t *message; vici_res_t *res; chunk_t data; - u_int32_t len; - u_int8_t namelen, op; + uint32_t len; + uint8_t namelen, op; message = req->b->finalize(req->b); if (!message) @@ -678,8 +678,8 @@ void vici_free_res(vici_res_t *res) int vici_register(vici_conn_t *conn, char *name, vici_event_cb_t cb, void *user) { event_t *event; - u_int32_t len; - u_int8_t namelen, op; + uint32_t len; + uint8_t namelen, op; int ret = 1; op = cb ? VICI_EVENT_REGISTER : VICI_EVENT_UNREGISTER; diff --git a/src/libcharon/plugins/vici/perl/Makefile.in b/src/libcharon/plugins/vici/perl/Makefile.in index 550d3e980..e32e9668c 100644 --- a/src/libcharon/plugins/vici/perl/Makefile.in +++ b/src/libcharon/plugins/vici/perl/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,7 +88,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/vici/perl -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -92,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -116,12 +126,14 @@ am__can_run_installinfo = \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -171,6 +183,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -205,6 +218,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -316,6 +330,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -370,7 +385,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/vici/perl/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/vici/perl/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -547,6 +561,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags-am uninstall uninstall-am +.PRECIOUS: Makefile + all-local: Vici-Session/pm_to_blib diff --git a/src/libcharon/plugins/vici/python/MANIFEST.in b/src/libcharon/plugins/vici/python/MANIFEST.in index 1aba38f67..9d5d250d0 100644 --- a/src/libcharon/plugins/vici/python/MANIFEST.in +++ b/src/libcharon/plugins/vici/python/MANIFEST.in @@ -1 +1,2 @@ include LICENSE +include README.rst diff --git a/src/libcharon/plugins/vici/python/Makefile.am b/src/libcharon/plugins/vici/python/Makefile.am index 5936f2a5e..20a6f436d 100644 --- a/src/libcharon/plugins/vici/python/Makefile.am +++ b/src/libcharon/plugins/vici/python/Makefile.am @@ -1,4 +1,4 @@ -EXTRA_DIST = LICENSE MANIFEST.in \ +EXTRA_DIST = LICENSE README.rst MANIFEST.in \ setup.py.in \ vici/test/__init__.py \ vici/test/test_protocol.py \ @@ -10,26 +10,34 @@ EXTRA_DIST = LICENSE MANIFEST.in \ $(srcdir)/setup.py: $(srcdir)/setup.py.in $(AM_V_GEN) sed \ - -e "s:@EGG_VERSION@:$(PACKAGE_VERSION):" \ + -e "s:@EGG_VERSION@:$(PYTHON_PACKAGE_VERSION):" \ $(srcdir)/setup.py.in > $@ -all-local: dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg +all-local: dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg -dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg: $(EXTRA_DIST) $(srcdir)/setup.py +dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg: $(EXTRA_DIST) $(srcdir)/setup.py (cd $(srcdir); $(PYTHON) setup.py bdist_egg \ -b $(shell readlink -f $(builddir))/build \ -d $(shell readlink -f $(builddir))/dist) +package: $(EXTRA_DIST) $(srcdir)/setup.py + (cd $(srcdir); $(PYTHON) setup.py sdist \ + -d $(shell readlink -f $(builddir))/dist \ + bdist_wheel --universal \ + -d $(shell readlink -f $(builddir))/dist) + clean-local: (cd $(srcdir); [ ! -f setup.py ] || $(PYTHON) setup.py clean -a) rm -rf $(srcdir)/setup.py $(srcdir)/vici.egg-info $(builddir)/dist if PYTHON_EGGS_INSTALL -install-exec-local: dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg +install-exec-local: dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg $(EASY_INSTALL) $(PYTHONEGGINSTALLDIR) \ - dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg + dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg endif if USE_PY_TEST TESTS = $(PY_TEST) endif + +.PHONY: package diff --git a/src/libcharon/plugins/vici/python/Makefile.in b/src/libcharon/plugins/vici/python/Makefile.in index 894a7e275..7d1c64267 100644 --- a/src/libcharon/plugins/vici/python/Makefile.in +++ b/src/libcharon/plugins/vici/python/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,7 +88,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/vici/python -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -92,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -138,12 +148,14 @@ am__tty_colors = { \ std=''; \ fi; \ } +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -193,6 +205,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -227,6 +240,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -338,6 +352,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -366,7 +381,7 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -EXTRA_DIST = LICENSE MANIFEST.in \ +EXTRA_DIST = LICENSE README.rst MANIFEST.in \ setup.py.in \ vici/test/__init__.py \ vici/test/test_protocol.py \ @@ -392,7 +407,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/vici/python/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/vici/python/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -663,26 +677,36 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags-am uninstall uninstall-am +.PRECIOUS: Makefile + $(srcdir)/setup.py: $(srcdir)/setup.py.in $(AM_V_GEN) sed \ - -e "s:@EGG_VERSION@:$(PACKAGE_VERSION):" \ + -e "s:@EGG_VERSION@:$(PYTHON_PACKAGE_VERSION):" \ $(srcdir)/setup.py.in > $@ -all-local: dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg +all-local: dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg -dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg: $(EXTRA_DIST) $(srcdir)/setup.py +dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg: $(EXTRA_DIST) $(srcdir)/setup.py (cd $(srcdir); $(PYTHON) setup.py bdist_egg \ -b $(shell readlink -f $(builddir))/build \ -d $(shell readlink -f $(builddir))/dist) +package: $(EXTRA_DIST) $(srcdir)/setup.py + (cd $(srcdir); $(PYTHON) setup.py sdist \ + -d $(shell readlink -f $(builddir))/dist \ + bdist_wheel --universal \ + -d $(shell readlink -f $(builddir))/dist) + clean-local: (cd $(srcdir); [ ! -f setup.py ] || $(PYTHON) setup.py clean -a) rm -rf $(srcdir)/setup.py $(srcdir)/vici.egg-info $(builddir)/dist -@PYTHON_EGGS_INSTALL_TRUE@install-exec-local: dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg +@PYTHON_EGGS_INSTALL_TRUE@install-exec-local: dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg @PYTHON_EGGS_INSTALL_TRUE@ $(EASY_INSTALL) $(PYTHONEGGINSTALLDIR) \ -@PYTHON_EGGS_INSTALL_TRUE@ dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg +@PYTHON_EGGS_INSTALL_TRUE@ dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg + +.PHONY: package # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/vici/python/README.rst b/src/libcharon/plugins/vici/python/README.rst new file mode 100644 index 000000000..3990f6300 --- /dev/null +++ b/src/libcharon/plugins/vici/python/README.rst @@ -0,0 +1,24 @@ +About +----- + +The strongSwan VICI protocol allows external applications to monitor, configure +and control the IKE daemon charon. This Python package provides a native client +side implementation of the VICI protocol, well suited to script automated tasks +in a reliable way. + + +Example Usage +------------- + +.. code-block:: python + + >>> import vici + >>> s = vici.Session() + >>> s.version() + OrderedDict([('daemon', b'charon'), ('version', b'5.4.0'), + ('sysname', b'Linux'), ('release', b'3.13.0-27-generic'), ('machine', b'x86_64')]) + >>> s.load_pool({"p1": {"addrs": "10.0.0.0/24"}}) + OrderedDict([('success', b'yes')]) + >>> s.get_pools() + OrderedDict([('p1', OrderedDict([('base', b'10.0.0.0'), ('size', b'254'), + ('online', b'0'), ('offline', b'0')]))]) diff --git a/src/libcharon/plugins/vici/python/setup.py.in b/src/libcharon/plugins/vici/python/setup.py.in index 0e4ad8236..62b0c5899 100644 --- a/src/libcharon/plugins/vici/python/setup.py.in +++ b/src/libcharon/plugins/vici/python/setup.py.in @@ -1,25 +1,21 @@ from setuptools import setup - -long_description = ( - "The strongSwan VICI protocol allows external application to monitor, " - "configure and control the IKE daemon charon. This python package provides " - "a native client side implementation of the VICI protocol, well suited to " - "script automated tasks in a reliable way." -) +with open('README.rst') as file: + long_description = file.read() setup( name="vici", version="@EGG_VERSION@", - description="Native python interface for strongSwan VICI", - author="Bjorn Schuberg", + description="Native Python interface for strongSwan's VICI protocol", + long_description=long_description, + author="strongSwan Project", + author_email="info@strongswan.org", url="https://wiki.strongswan.org/projects/strongswan/wiki/Vici", license="MIT", packages=["vici"], - long_description=long_description, include_package_data=True, classifiers=( - "Development Status :: 3 - Alpha", + "Development Status :: 5 - Production/Stable", "Intended Audience :: Developers", "Intended Audience :: System Administrators", "License :: OSI Approved :: MIT License", diff --git a/src/libcharon/plugins/vici/python/vici/protocol.py b/src/libcharon/plugins/vici/python/vici/protocol.py index 855a7b2e2..4951817eb 100644 --- a/src/libcharon/plugins/vici/python/vici/protocol.py +++ b/src/libcharon/plugins/vici/python/vici/protocol.py @@ -20,15 +20,22 @@ class Transport(object): self.socket.sendall(struct.pack("!I", len(packet)) + packet) def receive(self): - raw_length = self.socket.recv(self.HEADER_LENGTH) + raw_length = self._recvall(self.HEADER_LENGTH) length, = struct.unpack("!I", raw_length) - payload = self.socket.recv(length) + payload = self._recvall(length) return payload def close(self): self.socket.shutdown(socket.SHUT_RDWR) self.socket.close() + def _recvall(self, count): + """Ensure to read count bytes from the socket""" + data = b"" + while len(data) < count: + data += self.socket.recv(count - len(data)) + return data + class Packet(object): CMD_REQUEST = 0 # Named request message diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in index b87d83de4..aceb28adc 100644 --- a/src/libcharon/plugins/vici/ruby/Makefile.in +++ b/src/libcharon/plugins/vici/ruby/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,7 +88,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/vici/ruby -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -92,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -116,12 +126,14 @@ am__can_run_installinfo = \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -171,6 +183,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -205,6 +218,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -316,6 +330,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -360,7 +375,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/vici/ruby/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/vici/ruby/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -455,8 +469,8 @@ distclean-generic: maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@RUBY_GEMS_INSTALL_FALSE@uninstall-local: @RUBY_GEMS_INSTALL_FALSE@install-data-local: +@RUBY_GEMS_INSTALL_FALSE@uninstall-local: clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am @@ -538,6 +552,8 @@ uninstall-am: uninstall-local mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \ uninstall-am uninstall-local +.PRECIOUS: Makefile + vici.gemspec: $(srcdir)/vici.gemspec.in $(AM_V_GEN) sed \ diff --git a/src/libcharon/plugins/vici/suites/test_socket.c b/src/libcharon/plugins/vici/suites/test_socket.c index 8d545c6c1..d0c0fa76f 100644 --- a/src/libcharon/plugins/vici/suites/test_socket.c +++ b/src/libcharon/plugins/vici/suites/test_socket.c @@ -32,7 +32,7 @@ static void echo_inbound(void *user, u_int id, chunk_t buf) ck_assert_int_eq(data->id, id); /* count number of bytes, including the header */ - data->bytes += buf.len + sizeof(u_int32_t); + data->bytes += buf.len + sizeof(uint32_t); /* echo back data chunk */ data->s->send(data->s, id, chunk_clone(buf)); } @@ -81,7 +81,7 @@ START_TEST(test_echo) 0x00,0x00,0x00,0x0A, 0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x02A, ); char buf[m.len]; - u_int32_t len; + uint32_t len; lib->processor->set_threads(lib->processor, 4); diff --git a/src/libcharon/plugins/vici/vici_attribute.c b/src/libcharon/plugins/vici/vici_attribute.c index 9064d3d8c..e0d9b4ae8 100644 --- a/src/libcharon/plugins/vici/vici_attribute.c +++ b/src/libcharon/plugins/vici/vici_attribute.c @@ -233,7 +233,7 @@ static bool have_vips_from_pool(mem_pool_t *pool, linked_list_t *vips) enumerator_t *enumerator; host_t *host; chunk_t start, end, current; - u_int32_t size; + uint32_t size; bool found = FALSE; host = pool->get_base(pool); @@ -477,10 +477,10 @@ CALLBACK(pool_li, bool, { if (host->get_family(host) == AF_INET) { /* IPv4 attributes contain a subnet mask */ - u_int32_t netmask = 0; + uint32_t netmask = 0; if (mask) - { /* shifting u_int32_t by 32 or more is undefined */ + { /* shifting uint32_t by 32 or more is undefined */ mask = 32 - mask; netmask = htonl((0xFFFFFFFF >> mask) << mask); } diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index 6ebbedc47..d919e1d94 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -57,22 +57,32 @@ /** * Magic value for an undefined lifetime */ -#define LFT_UNDEFINED (~(u_int64_t)0) +#define LFT_UNDEFINED (~(uint64_t)0) /** * Default IKE rekey time */ -#define LFT_DEFAULT_IKE_REKEY (4 * 60 * 60) +#define LFT_DEFAULT_IKE_REKEY_TIME (4 * 60 * 60) /** * Default CHILD rekey time */ -#define LFT_DEFAULT_CHILD_REKEY (1 * 60 * 60) +#define LFT_DEFAULT_CHILD_REKEY_TIME (1 * 60 * 60) + +/** + * Default CHILD rekey bytes + */ +#define LFT_DEFAULT_CHILD_REKEY_BYTES 0 + +/** + * Default CHILD rekey packets + */ +#define LFT_DEFAULT_CHILD_REKEY_PACKETS 0 /** * Undefined replay window */ -#define REPLAY_UNDEFINED (~(u_int32_t)0) +#define REPLAY_UNDEFINED (~(uint32_t)0) typedef struct private_vici_config_t private_vici_config_t; @@ -242,7 +252,7 @@ typedef struct { typedef struct { request_data_t *request; auth_cfg_t *cfg; - u_int32_t round; + uint32_t round; } auth_data_t; /** @@ -259,20 +269,20 @@ static void free_auth_data(auth_data_t *data) */ typedef struct { request_data_t *request; - u_int32_t version; + uint32_t version; bool aggressive; bool encap; bool mobike; bool send_certreq; bool pull; cert_policy_t send_cert; - u_int64_t dpd_delay; - u_int64_t dpd_timeout; + uint64_t dpd_delay; + uint64_t dpd_timeout; fragmentation_t fragmentation; unique_policy_t unique; - u_int32_t keyingtries; - u_int32_t local_port; - u_int32_t remote_port; + uint32_t keyingtries; + uint32_t local_port; + uint32_t remote_port; char *local_addrs; char *remote_addrs; linked_list_t *local; @@ -281,10 +291,10 @@ typedef struct { linked_list_t *children; linked_list_t *vips; char *pools; - u_int64_t reauth_time; - u_int64_t rekey_time; - u_int64_t over_time; - u_int64_t rand_time; + uint64_t reauth_time; + uint64_t rekey_time; + uint64_t over_time; + uint64_t rand_time; } peer_data_t; /** @@ -422,24 +432,12 @@ static void free_peer_data(peer_data_t *data) */ typedef struct { request_data_t *request; - lifetime_cfg_t lft; - char* updown; - bool hostaccess; - bool ipcomp; - bool policies; - ipsec_mode_t mode; - u_int32_t replay_window; - action_t dpd_action; - action_t start_action; - action_t close_action; - u_int32_t reqid; - u_int32_t tfc; - mark_t mark_in; - mark_t mark_out; - u_int64_t inactivity; linked_list_t *proposals; linked_list_t *local_ts; linked_list_t *remote_ts; + uint32_t replay_window; + bool policies; + child_cfg_create_t cfg; } child_data_t; /** @@ -447,35 +445,39 @@ typedef struct { */ static void log_child_data(child_data_t *data, char *name) { + child_cfg_create_t *cfg = &data->cfg; + DBG2(DBG_CFG, " child %s:", name); - DBG2(DBG_CFG, " rekey_time = %llu", data->lft.time.rekey); - DBG2(DBG_CFG, " life_time = %llu", data->lft.time.life); - DBG2(DBG_CFG, " rand_time = %llu", data->lft.time.jitter); - DBG2(DBG_CFG, " rekey_bytes = %llu", data->lft.bytes.rekey); - DBG2(DBG_CFG, " life_bytes = %llu", data->lft.bytes.life); - DBG2(DBG_CFG, " rand_bytes = %llu", data->lft.bytes.jitter); - DBG2(DBG_CFG, " rekey_packets = %llu", data->lft.packets.rekey); - DBG2(DBG_CFG, " life_packets = %llu", data->lft.packets.life); - DBG2(DBG_CFG, " rand_packets = %llu", data->lft.packets.jitter); - DBG2(DBG_CFG, " updown = %s", data->updown); - DBG2(DBG_CFG, " hostaccess = %u", data->hostaccess); - DBG2(DBG_CFG, " ipcomp = %u", data->ipcomp); - DBG2(DBG_CFG, " mode = %N", ipsec_mode_names, data->mode); + DBG2(DBG_CFG, " rekey_time = %llu", cfg->lifetime.time.rekey); + DBG2(DBG_CFG, " life_time = %llu", cfg->lifetime.time.life); + DBG2(DBG_CFG, " rand_time = %llu", cfg->lifetime.time.jitter); + DBG2(DBG_CFG, " rekey_bytes = %llu", cfg->lifetime.bytes.rekey); + DBG2(DBG_CFG, " life_bytes = %llu", cfg->lifetime.bytes.life); + DBG2(DBG_CFG, " rand_bytes = %llu", cfg->lifetime.bytes.jitter); + DBG2(DBG_CFG, " rekey_packets = %llu", cfg->lifetime.packets.rekey); + DBG2(DBG_CFG, " life_packets = %llu", cfg->lifetime.packets.life); + DBG2(DBG_CFG, " rand_packets = %llu", cfg->lifetime.packets.jitter); + DBG2(DBG_CFG, " updown = %s", cfg->updown); + DBG2(DBG_CFG, " hostaccess = %u", cfg->hostaccess); + DBG2(DBG_CFG, " ipcomp = %u", cfg->ipcomp); + DBG2(DBG_CFG, " mode = %N", ipsec_mode_names, cfg->mode); DBG2(DBG_CFG, " policies = %u", data->policies); if (data->replay_window != REPLAY_UNDEFINED) { DBG2(DBG_CFG, " replay_window = %u", data->replay_window); } - DBG2(DBG_CFG, " dpd_action = %N", action_names, data->dpd_action); - DBG2(DBG_CFG, " start_action = %N", action_names, data->start_action); - DBG2(DBG_CFG, " close_action = %N", action_names, data->close_action); - DBG2(DBG_CFG, " reqid = %u", data->reqid); - DBG2(DBG_CFG, " tfc = %d", data->tfc); + DBG2(DBG_CFG, " dpd_action = %N", action_names, cfg->dpd_action); + DBG2(DBG_CFG, " start_action = %N", action_names, cfg->start_action); + DBG2(DBG_CFG, " close_action = %N", action_names, cfg->close_action); + DBG2(DBG_CFG, " reqid = %u", cfg->reqid); + DBG2(DBG_CFG, " tfc = %d", cfg->tfc); + DBG2(DBG_CFG, " priority = %d", cfg->priority); + DBG2(DBG_CFG, " interface = %s", cfg->interface); DBG2(DBG_CFG, " mark_in = %u/%u", - data->mark_in.value, data->mark_in.mask); + cfg->mark_in.value, cfg->mark_in.mask); DBG2(DBG_CFG, " mark_out = %u/%u", - data->mark_out.value, data->mark_out.mask); - DBG2(DBG_CFG, " inactivity = %llu", data->inactivity); + cfg->mark_out.value, cfg->mark_out.mask); + DBG2(DBG_CFG, " inactivity = %llu", cfg->inactivity); DBG2(DBG_CFG, " proposals = %#P", data->proposals); DBG2(DBG_CFG, " local_ts = %#R", data->local_ts); DBG2(DBG_CFG, " remote_ts = %#R", data->remote_ts); @@ -492,7 +494,8 @@ static void free_child_data(child_data_t *data) offsetof(traffic_selector_t, destroy)); data->remote_ts->destroy_offset(data->remote_ts, offsetof(traffic_selector_t, destroy)); - free(data->updown); + free(data->cfg.updown); + free(data->cfg.interface); } /** @@ -568,8 +571,8 @@ CALLBACK(parse_ts, bool, struct protoent *protoent; struct servent *svc; long int p; - u_int16_t from = 0, to = 0xffff; - u_int8_t proto = 0; + uint16_t from = 0, to = 0xffff; + uint8_t proto = 0; if (!vici_stringify(v, buf, sizeof(buf))) { @@ -613,7 +616,7 @@ CALLBACK(parse_ts, bool, { return FALSE; } - proto = (u_int8_t)p; + proto = (uint8_t)p; } } if (streq(port, "opaque")) @@ -809,10 +812,10 @@ CALLBACK(parse_action, bool, } /** - * Parse a u_int32_t + * Parse a uint32_t */ CALLBACK(parse_uint32, bool, - u_int32_t *out, chunk_t v) + uint32_t *out, chunk_t v) { char buf[16], *end; u_long l; @@ -831,10 +834,10 @@ CALLBACK(parse_uint32, bool, } /** - * Parse a u_int64_t + * Parse a uint64_t */ CALLBACK(parse_uint64, bool, - u_int64_t *out, chunk_t v) + uint64_t *out, chunk_t v) { char buf[16], *end; unsigned long long l; @@ -856,7 +859,7 @@ CALLBACK(parse_uint64, bool, * Parse a relative time */ CALLBACK(parse_time, bool, - u_int64_t *out, chunk_t v) + uint64_t *out, chunk_t v) { char buf[16], *end; u_long l; @@ -906,7 +909,7 @@ CALLBACK(parse_time, bool, * Parse byte volume */ CALLBACK(parse_bytes, bool, - u_int64_t *out, chunk_t v) + uint64_t *out, chunk_t v) { char buf[16], *end; unsigned long long l; @@ -968,7 +971,7 @@ CALLBACK(parse_mark, bool, * Parse TFC padding option */ CALLBACK(parse_tfc, bool, - u_int32_t *out, chunk_t v) + uint32_t *out, chunk_t v) { if (chunk_equals(v, chunk_from_str("mtu"))) { @@ -1327,29 +1330,31 @@ CALLBACK(child_kv, bool, child_data_t *child, vici_message_t *message, char *name, chunk_t value) { parse_rule_t rules[] = { - { "updown", parse_string, &child->updown }, - { "hostaccess", parse_bool, &child->hostaccess }, - { "mode", parse_mode, &child->mode }, - { "policies", parse_bool, &child->policies }, - { "replay_window", parse_uint32, &child->replay_window }, - { "rekey_time", parse_time, &child->lft.time.rekey }, - { "life_time", parse_time, &child->lft.time.life }, - { "rand_time", parse_time, &child->lft.time.jitter }, - { "rekey_bytes", parse_bytes, &child->lft.bytes.rekey }, - { "life_bytes", parse_bytes, &child->lft.bytes.life }, - { "rand_bytes", parse_bytes, &child->lft.bytes.jitter }, - { "rekey_packets", parse_uint64, &child->lft.packets.rekey }, - { "life_packets", parse_uint64, &child->lft.packets.life }, - { "rand_packets", parse_uint64, &child->lft.packets.jitter }, - { "dpd_action", parse_action, &child->dpd_action }, - { "start_action", parse_action, &child->start_action }, - { "close_action", parse_action, &child->close_action }, - { "ipcomp", parse_bool, &child->ipcomp }, - { "inactivity", parse_time, &child->inactivity }, - { "reqid", parse_uint32, &child->reqid }, - { "mark_in", parse_mark, &child->mark_in }, - { "mark_out", parse_mark, &child->mark_out }, - { "tfc_padding", parse_tfc, &child->tfc }, + { "updown", parse_string, &child->cfg.updown }, + { "hostaccess", parse_bool, &child->cfg.hostaccess }, + { "mode", parse_mode, &child->cfg.mode }, + { "policies", parse_bool, &child->policies }, + { "replay_window", parse_uint32, &child->replay_window }, + { "rekey_time", parse_time, &child->cfg.lifetime.time.rekey }, + { "life_time", parse_time, &child->cfg.lifetime.time.life }, + { "rand_time", parse_time, &child->cfg.lifetime.time.jitter }, + { "rekey_bytes", parse_bytes, &child->cfg.lifetime.bytes.rekey }, + { "life_bytes", parse_bytes, &child->cfg.lifetime.bytes.life }, + { "rand_bytes", parse_bytes, &child->cfg.lifetime.bytes.jitter }, + { "rekey_packets", parse_uint64, &child->cfg.lifetime.packets.rekey }, + { "life_packets", parse_uint64, &child->cfg.lifetime.packets.life }, + { "rand_packets", parse_uint64, &child->cfg.lifetime.packets.jitter }, + { "dpd_action", parse_action, &child->cfg.dpd_action }, + { "start_action", parse_action, &child->cfg.start_action }, + { "close_action", parse_action, &child->cfg.close_action }, + { "ipcomp", parse_bool, &child->cfg.ipcomp }, + { "inactivity", parse_time, &child->cfg.inactivity }, + { "reqid", parse_uint32, &child->cfg.reqid }, + { "mark_in", parse_mark, &child->cfg.mark_in }, + { "mark_out", parse_mark, &child->cfg.mark_out }, + { "tfc_padding", parse_tfc, &child->cfg.tfc }, + { "priority", parse_uint32, &child->cfg.priority }, + { "interface", parse_string, &child->cfg.interface }, }; return parse_rules(rules, countof(rules), name, value, @@ -1430,6 +1435,42 @@ CALLBACK(peer_kv, bool, &peer->request->reply); } +/** + * Check and update lifetimes + */ +static void check_lifetimes(lifetime_cfg_t *lft) +{ + /* if no hard lifetime specified, add one at soft lifetime + 10% */ + if (lft->time.life == LFT_UNDEFINED) + { + lft->time.life = lft->time.rekey * 110 / 100; + } + if (lft->bytes.life == LFT_UNDEFINED) + { + lft->bytes.life = lft->bytes.rekey * 110 / 100; + } + if (lft->packets.life == LFT_UNDEFINED) + { + lft->packets.life = lft->packets.rekey * 110 / 100; + } + /* if no rand time defined, use difference of hard and soft */ + if (lft->time.jitter == LFT_UNDEFINED) + { + lft->time.jitter = lft->time.life - + min(lft->time.life, lft->time.rekey); + } + if (lft->bytes.jitter == LFT_UNDEFINED) + { + lft->bytes.jitter = lft->bytes.life - + min(lft->bytes.life, lft->bytes.rekey); + } + if (lft->packets.jitter == LFT_UNDEFINED) + { + lft->packets.jitter = lft->packets.life - + min(lft->packets.life, lft->packets.rekey); + } +} + CALLBACK(children_sn, bool, peer_data_t *peer, vici_message_t *message, vici_parse_context_t *ctx, char *name) @@ -1439,29 +1480,28 @@ CALLBACK(children_sn, bool, .proposals = linked_list_create(), .local_ts = linked_list_create(), .remote_ts = linked_list_create(), - .mode = MODE_TUNNEL, .policies = TRUE, .replay_window = REPLAY_UNDEFINED, - .dpd_action = ACTION_NONE, - .start_action = ACTION_NONE, - .close_action = ACTION_NONE, - .lft = { - .time = { - .rekey = LFT_DEFAULT_CHILD_REKEY, - .life = LFT_UNDEFINED, - .jitter = LFT_UNDEFINED, - }, - .bytes = { - .rekey = LFT_UNDEFINED, - .life = LFT_UNDEFINED, - .jitter = LFT_UNDEFINED, + .cfg = { + .mode = MODE_TUNNEL, + .lifetime = { + .time = { + .rekey = LFT_DEFAULT_CHILD_REKEY_TIME, + .life = LFT_UNDEFINED, + .jitter = LFT_UNDEFINED, + }, + .bytes = { + .rekey = LFT_DEFAULT_CHILD_REKEY_BYTES, + .life = LFT_UNDEFINED, + .jitter = LFT_UNDEFINED, + }, + .packets = { + .rekey = LFT_DEFAULT_CHILD_REKEY_PACKETS, + .life = LFT_UNDEFINED, + .jitter = LFT_UNDEFINED, + }, }, - .packets = { - .rekey = LFT_UNDEFINED, - .life = LFT_UNDEFINED, - .jitter = LFT_UNDEFINED, - }, - } + }, }; child_cfg_t *cfg; proposal_t *proposal; @@ -1496,55 +1536,13 @@ CALLBACK(children_sn, bool, child.proposals->insert_last(child.proposals, proposal); } } + child.cfg.suppress_policies = !child.policies; - /* if no hard lifetime specified, add one at soft lifetime + 10% */ - if (child.lft.time.life == LFT_UNDEFINED) - { - child.lft.time.life = child.lft.time.rekey * 110 / 100; - } - if (child.lft.bytes.life == LFT_UNDEFINED) - { - child.lft.bytes.life = child.lft.bytes.rekey * 110 / 100; - } - if (child.lft.packets.life == LFT_UNDEFINED) - { - child.lft.packets.life = child.lft.packets.rekey * 110 / 100; - } - /* if no soft lifetime specified, add one at hard lifetime - 10% */ - if (child.lft.bytes.rekey == LFT_UNDEFINED) - { - child.lft.bytes.rekey = child.lft.bytes.life * 90 / 100; - } - if (child.lft.packets.rekey == LFT_UNDEFINED) - { - child.lft.packets.rekey = child.lft.packets.life * 90 / 100; - } - /* if no rand time defined, use difference of hard and soft */ - if (child.lft.time.jitter == LFT_UNDEFINED) - { - child.lft.time.jitter = child.lft.time.life - - min(child.lft.time.life, child.lft.time.rekey); - } - if (child.lft.bytes.jitter == LFT_UNDEFINED) - { - child.lft.bytes.jitter = child.lft.bytes.life - - min(child.lft.bytes.life, child.lft.bytes.rekey); - } - if (child.lft.packets.jitter == LFT_UNDEFINED) - { - child.lft.packets.jitter = child.lft.packets.life - - min(child.lft.packets.life, child.lft.packets.rekey); - } + check_lifetimes(&child.cfg.lifetime); log_child_data(&child, name); - cfg = child_cfg_create(name, &child.lft, child.updown, - child.hostaccess, child.mode, child.start_action, - child.dpd_action, child.close_action, child.ipcomp, - child.inactivity, child.reqid, &child.mark_in, - &child.mark_out, child.tfc); - - cfg->set_mipv6_options(cfg, FALSE, child.policies); + cfg = child_cfg_create(name, &child.cfg); if (child.replay_window != REPLAY_UNDEFINED) { @@ -1649,12 +1647,12 @@ CALLBACK(peer_sn, bool, /** * Find reqid of an existing CHILD_SA */ -static u_int32_t find_reqid(child_cfg_t *cfg) +static uint32_t find_reqid(child_cfg_t *cfg) { enumerator_t *enumerator, *children; child_sa_t *child_sa; ike_sa_t *ike_sa; - u_int32_t reqid; + uint32_t reqid; reqid = charon->traps->find_reqid(charon->traps, cfg); if (reqid) @@ -1723,7 +1721,7 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name, enumerator_t *enumerator, *children; child_sa_t *child_sa; ike_sa_t *ike_sa; - u_int32_t id = 0, others; + uint32_t id = 0, others; array_t *ids = NULL, *ikeids = NULL; char *name; @@ -1987,6 +1985,7 @@ CALLBACK(config_sn, bool, .rand_time = LFT_UNDEFINED, }; enumerator_t *enumerator; + peer_cfg_create_t cfg; peer_cfg_t *peer_cfg; ike_cfg_t *ike_cfg; child_cfg_t *child_cfg; @@ -2046,7 +2045,7 @@ CALLBACK(config_sn, bool, if (peer.rekey_time == LFT_UNDEFINED && peer.reauth_time == LFT_UNDEFINED) { /* apply a default rekey time if no rekey/reauth time set */ - peer.rekey_time = LFT_DEFAULT_IKE_REKEY; + peer.rekey_time = LFT_DEFAULT_IKE_REKEY_TIME; peer.reauth_time = 0; } if (peer.rekey_time == LFT_UNDEFINED) @@ -2083,12 +2082,22 @@ CALLBACK(config_sn, bool, peer.local_addrs, peer.local_port, peer.remote_addrs, peer.remote_port, peer.fragmentation, 0); - peer_cfg = peer_cfg_create(name, ike_cfg, peer.send_cert, peer.unique, - peer.keyingtries, peer.rekey_time, peer.reauth_time, - peer.rand_time, peer.over_time, peer.mobike, - peer.aggressive, peer.pull, - peer.dpd_delay, peer.dpd_timeout, - FALSE, NULL, NULL); + + cfg = (peer_cfg_create_t){ + .cert_policy = peer.send_cert, + .unique = peer.unique, + .keyingtries = peer.keyingtries, + .rekey_time = peer.rekey_time, + .reauth_time = peer.reauth_time, + .jitter_time = peer.rand_time, + .over_time = peer.over_time, + .no_mobike = !peer.mobike, + .aggressive = peer.aggressive, + .push_mode = !peer.pull, + .dpd = peer.dpd_delay, + .dpd_timeout = peer.dpd_timeout, + }; + peer_cfg = peer_cfg_create(name, ike_cfg, &cfg); while (peer.local->remove_first(peer.local, (void**)&auth) == SUCCESS) diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c index c526d2fda..44003819a 100644 --- a/src/libcharon/plugins/vici/vici_control.c +++ b/src/libcharon/plugins/vici/vici_control.c @@ -507,12 +507,12 @@ CALLBACK(redirect, vici_message_t*, /** * Find reqid of an existing CHILD_SA */ -static u_int32_t find_reqid(child_cfg_t *cfg) +static uint32_t find_reqid(child_cfg_t *cfg) { enumerator_t *enumerator, *children; child_sa_t *child_sa; ike_sa_t *ike_sa; - u_int32_t reqid; + uint32_t reqid; reqid = charon->traps->find_reqid(charon->traps, cfg); if (reqid) @@ -583,7 +583,7 @@ CALLBACK(uninstall, vici_message_t*, { child_sa_t *child_sa; enumerator_t *enumerator; - u_int32_t reqid = 0; + uint32_t reqid = 0; char *child; child = request->get_str(request, NULL, "child"); diff --git a/src/libcharon/plugins/vici/vici_dispatcher.c b/src/libcharon/plugins/vici/vici_dispatcher.c index 31292d6b3..ffe0d61e5 100644 --- a/src/libcharon/plugins/vici/vici_dispatcher.c +++ b/src/libcharon/plugins/vici/vici_dispatcher.c @@ -119,10 +119,10 @@ static void send_op(private_vici_dispatcher_t *this, u_int id, bio_writer_t *writer; u_int len; - len = sizeof(u_int8_t); + len = sizeof(uint8_t); if (name) { - len += sizeof(u_int8_t) + strlen(name); + len += sizeof(uint8_t) + strlen(name); } if (message) { @@ -308,7 +308,7 @@ CALLBACK(inbound, void, { bio_reader_t *reader; chunk_t chunk; - u_int8_t type; + uint8_t type; char name[257]; reader = bio_reader_create(data); diff --git a/src/libcharon/plugins/vici/vici_message.c b/src/libcharon/plugins/vici/vici_message.c index fb6e8a1ab..58b896773 100644 --- a/src/libcharon/plugins/vici/vici_message.c +++ b/src/libcharon/plugins/vici/vici_message.c @@ -137,7 +137,7 @@ typedef struct { METHOD(enumerator_t, parse_enumerate, bool, parse_enumerator_t *this, vici_type_t *out, char **name, chunk_t *value) { - u_int8_t type; + uint8_t type; chunk_t data; if (!this->reader->remaining(this->reader) || diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c index 284c23ee0..04cea004e 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c @@ -86,8 +86,8 @@ static void list_child(private_vici_query_t *this, vici_builder_t *b, child_sa_t *child, time_t now) { time_t t; - u_int64_t bytes, packets; - u_int16_t alg, ks; + uint64_t bytes, packets; + uint16_t alg, ks; proposal_t *proposal; enumerator_t *enumerator; traffic_selector_t *ts; @@ -152,7 +152,7 @@ static void list_child(private_vici_query_t *this, vici_builder_t *b, b->add_kv(b, "packets-in", "%" PRIu64, packets); if (t) { - b->add_kv(b, "use-in", "%"PRIu64, (u_int64_t)(now - t)); + b->add_kv(b, "use-in", "%"PRIu64, (uint64_t)(now - t)); } child->get_usestats(child, FALSE, &t, &bytes, &packets); @@ -160,7 +160,7 @@ static void list_child(private_vici_query_t *this, vici_builder_t *b, b->add_kv(b, "packets-out", "%"PRIu64, packets); if (t) { - b->add_kv(b, "use-out", "%"PRIu64, (u_int64_t)(now - t)); + b->add_kv(b, "use-out", "%"PRIu64, (uint64_t)(now - t)); } t = child->get_lifetime(child, FALSE); @@ -272,7 +272,7 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b, ike_sa_id_t *id; identification_t *eap; proposal_t *proposal; - u_int16_t alg, ks; + uint16_t alg, ks; host_t *host; b->add_kv(b, "uniqueid", "%u", ike_sa->get_unique_id(ike_sa)); @@ -682,9 +682,11 @@ CALLBACK(list_conns, vici_message_t*, peer_cfg_t *peer_cfg; ike_cfg_t *ike_cfg; child_cfg_t *child_cfg; - char *ike, *str; + char *ike, *str, *interface; + uint32_t manual_prio; linked_list_t *list; traffic_selector_t *ts; + lifetime_cfg_t *lft; vici_builder_t *b; ike = request->get_str(request, NULL, "ike"); @@ -725,6 +727,10 @@ CALLBACK(list_conns, vici_message_t*, b->add_kv(b, "version", "%N", ike_version_names, peer_cfg->get_ike_version(peer_cfg)); + b->add_kv(b, "reauth_time", "%u", + peer_cfg->get_reauth_time(peer_cfg, FALSE)); + b->add_kv(b, "rekey_time", "%u", + peer_cfg->get_rekey_time(peer_cfg, FALSE)); build_auth_cfgs(peer_cfg, TRUE, b); build_auth_cfgs(peer_cfg, FALSE, b); @@ -739,6 +745,12 @@ CALLBACK(list_conns, vici_message_t*, b->add_kv(b, "mode", "%N", ipsec_mode_names, child_cfg->get_mode(child_cfg)); + lft = child_cfg->get_lifetime(child_cfg, FALSE); + b->add_kv(b, "rekey_time", "%"PRIu64, lft->time.rekey); + b->add_kv(b, "rekey_bytes", "%"PRIu64, lft->bytes.rekey); + b->add_kv(b, "rekey_packets", "%"PRIu64, lft->packets.rekey); + free(lft); + b->begin_list(b, "local-ts"); list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); selectors = list->create_enumerator(list); @@ -761,6 +773,18 @@ CALLBACK(list_conns, vici_message_t*, list->destroy_offset(list, offsetof(traffic_selector_t, destroy)); b->end_list(b /* remote-ts */); + interface = child_cfg->get_interface(child_cfg); + if (interface) + { + b->add_kv(b, "interface", "%s", interface); + } + + manual_prio = child_cfg->get_manual_prio(child_cfg); + if (manual_prio) + { + b->add_kv(b, "priority", "%u", manual_prio); + } + b->end_section(b); } children->destroy(children); diff --git a/src/libcharon/plugins/vici/vici_socket.c b/src/libcharon/plugins/vici/vici_socket.c index 67fd7e8e3..2a55fd061 100644 --- a/src/libcharon/plugins/vici/vici_socket.c +++ b/src/libcharon/plugins/vici/vici_socket.c @@ -95,11 +95,11 @@ typedef struct { /** bytes of length header sent/received */ u_char hdrlen; /** bytes of length header */ - char hdr[sizeof(u_int32_t)]; + char hdr[sizeof(uint32_t)]; /** send/receive buffer on heap */ chunk_t buf; /** bytes sent/received in buffer */ - u_int32_t done; + uint32_t done; } msg_buf_t; /** @@ -411,7 +411,7 @@ CALLBACK(on_write, bool, static bool do_read(private_vici_socket_t *this, entry_t *entry, stream_t *stream, char *errmsg, size_t errlen) { - u_int32_t msglen; + uint32_t msglen; ssize_t len; /* assemble the length header first */ diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in index 549ef6bce..47fcf91cd 100644 --- a/src/libcharon/plugins/whitelist/Makefile.in +++ b/src/libcharon/plugins/whitelist/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = whitelist$(EXEEXT) subdir = src/libcharon/plugins/whitelist -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -210,12 +219,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -265,6 +276,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -299,6 +311,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -410,6 +423,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -470,7 +484,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/whitelist/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/whitelist/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -840,6 +853,8 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in index 6992df820..0e88f8e32 100644 --- a/src/libcharon/plugins/xauth_eap/Makefile.in +++ b/src/libcharon/plugins/xauth_eap/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/xauth_eap -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_eap/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_eap/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/xauth_eap/xauth_eap.c b/src/libcharon/plugins/xauth_eap/xauth_eap.c index f21d02697..9e103be1c 100644 --- a/src/libcharon/plugins/xauth_eap/xauth_eap.c +++ b/src/libcharon/plugins/xauth_eap/xauth_eap.c @@ -113,7 +113,7 @@ static bool verify_eap(private_xauth_eap_t *this, eap_method_t *backend) eap_payload_t *request, *response; eap_method_t *frontend; eap_type_t type; - u_int32_t vendor; + uint32_t vendor; status_t status; if (backend->initiate(backend, &request) != NEED_MORE) diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in index 057a734a3..e20b46f57 100644 --- a/src/libcharon/plugins/xauth_generic/Makefile.in +++ b/src/libcharon/plugins/xauth_generic/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/xauth_generic -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_generic/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_generic/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in index 6b0104e30..b8adbbf43 100644 --- a/src/libcharon/plugins/xauth_noauth/Makefile.in +++ b/src/libcharon/plugins/xauth_noauth/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/xauth_noauth -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_noauth/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_noauth/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in index ae6a4d070..79c466689 100644 --- a/src/libcharon/plugins/xauth_pam/Makefile.in +++ b/src/libcharon/plugins/xauth_pam/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/xauth_pam -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_pam/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_pam/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/processing/jobs/acquire_job.c b/src/libcharon/processing/jobs/acquire_job.c index 207f534ba..cd4a4ca89 100644 --- a/src/libcharon/processing/jobs/acquire_job.c +++ b/src/libcharon/processing/jobs/acquire_job.c @@ -32,7 +32,7 @@ struct private_acquire_job_t { /** * reqid of the child to rekey */ - u_int32_t reqid; + uint32_t reqid; /** * acquired source traffic selector @@ -70,7 +70,7 @@ METHOD(job_t, get_priority, job_priority_t, /* * Described in header */ -acquire_job_t *acquire_job_create(u_int32_t reqid, +acquire_job_t *acquire_job_create(uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts) { diff --git a/src/libcharon/processing/jobs/acquire_job.h b/src/libcharon/processing/jobs/acquire_job.h index 2b5bf4805..4d31f0569 100644 --- a/src/libcharon/processing/jobs/acquire_job.h +++ b/src/libcharon/processing/jobs/acquire_job.h @@ -47,7 +47,7 @@ struct acquire_job_t { * @param dst_ts destination traffic selector * @return acquire_job_t object */ -acquire_job_t *acquire_job_create(u_int32_t reqid, +acquire_job_t *acquire_job_create(uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts); diff --git a/src/libcharon/processing/jobs/adopt_children_job.c b/src/libcharon/processing/jobs/adopt_children_job.c index c39689012..ff8e78b6b 100644 --- a/src/libcharon/processing/jobs/adopt_children_job.c +++ b/src/libcharon/processing/jobs/adopt_children_job.c @@ -64,7 +64,7 @@ METHOD(job_t, execute, job_requeue_t, ike_sa_id_t *id; ike_sa_t *ike_sa; child_sa_t *child_sa; - u_int32_t unique; + uint32_t unique; ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->id); if (ike_sa) diff --git a/src/libcharon/processing/jobs/delete_child_sa_job.c b/src/libcharon/processing/jobs/delete_child_sa_job.c index 0d85883be..70dbc1b4a 100644 --- a/src/libcharon/processing/jobs/delete_child_sa_job.c +++ b/src/libcharon/processing/jobs/delete_child_sa_job.c @@ -38,7 +38,7 @@ struct private_delete_child_sa_job_t { /** * inbound SPI of the CHILD_SA */ - u_int32_t spi; + uint32_t spi; /** * SA destination address @@ -89,7 +89,7 @@ METHOD(job_t, get_priority, job_priority_t, * Described in header */ delete_child_sa_job_t *delete_child_sa_job_create(protocol_id_t protocol, - u_int32_t spi, host_t *dst, bool expired) + uint32_t spi, host_t *dst, bool expired) { private_delete_child_sa_job_t *this; diff --git a/src/libcharon/processing/jobs/delete_child_sa_job.h b/src/libcharon/processing/jobs/delete_child_sa_job.h index 6fa53644c..349f5debb 100644 --- a/src/libcharon/processing/jobs/delete_child_sa_job.h +++ b/src/libcharon/processing/jobs/delete_child_sa_job.h @@ -51,6 +51,6 @@ struct delete_child_sa_job_t { * @return delete_child_sa_job_t object */ delete_child_sa_job_t *delete_child_sa_job_create(protocol_id_t protocol, - u_int32_t spi, host_t *dst, bool expired); + uint32_t spi, host_t *dst, bool expired); #endif /** DELETE_CHILD_SA_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/inactivity_job.c b/src/libcharon/processing/jobs/inactivity_job.c index f0f90eedf..bf16e51b5 100644 --- a/src/libcharon/processing/jobs/inactivity_job.c +++ b/src/libcharon/processing/jobs/inactivity_job.c @@ -32,12 +32,12 @@ struct private_inactivity_job_t { /** * Unique CHILD_SA identifier to check */ - u_int32_t id; + uint32_t id; /** * Inactivity timeout */ - u_int32_t timeout; + uint32_t timeout; /** * Close IKE_SA if last remaining CHILD inactive? @@ -55,7 +55,7 @@ METHOD(job_t, execute, job_requeue_t, private_inactivity_job_t *this) { ike_sa_t *ike_sa; - u_int32_t reschedule = 0; + uint32_t reschedule = 0; ike_sa = charon->child_sa_manager->checkout_by_id(charon->child_sa_manager, this->id, NULL); @@ -63,7 +63,7 @@ METHOD(job_t, execute, job_requeue_t, { enumerator_t *enumerator; child_sa_t *child_sa; - u_int32_t delete = 0; + uint32_t delete = 0; protocol_id_t proto = 0; int children = 0; status_t status = SUCCESS; @@ -136,7 +136,7 @@ METHOD(job_t, get_priority, job_priority_t, /** * See header */ -inactivity_job_t *inactivity_job_create(u_int32_t unique_id, u_int32_t timeout, +inactivity_job_t *inactivity_job_create(uint32_t unique_id, uint32_t timeout, bool close_ike) { private_inactivity_job_t *this; diff --git a/src/libcharon/processing/jobs/inactivity_job.h b/src/libcharon/processing/jobs/inactivity_job.h index ff19fe560..240782fa8 100644 --- a/src/libcharon/processing/jobs/inactivity_job.h +++ b/src/libcharon/processing/jobs/inactivity_job.h @@ -47,7 +47,7 @@ struct inactivity_job_t { * @param close_ike close IKE_SA if the last remaining CHILD_SA is inactive? * @return inactivity checking job */ -inactivity_job_t *inactivity_job_create(u_int32_t unique_id, u_int32_t timeout, +inactivity_job_t *inactivity_job_create(uint32_t unique_id, uint32_t timeout, bool close_ike); #endif /** INACTIVITY_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/migrate_job.c b/src/libcharon/processing/jobs/migrate_job.c index 097dbdffd..461ba11d1 100644 --- a/src/libcharon/processing/jobs/migrate_job.c +++ b/src/libcharon/processing/jobs/migrate_job.c @@ -34,7 +34,7 @@ struct private_migrate_job_t { /** * reqid of the CHILD_SA if it already exists */ - u_int32_t reqid; + uint32_t reqid; /** * source traffic selector @@ -144,7 +144,7 @@ METHOD(job_t, get_priority, job_priority_t, /* * Described in header */ -migrate_job_t *migrate_job_create(u_int32_t reqid, +migrate_job_t *migrate_job_create(uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t dir, diff --git a/src/libcharon/processing/jobs/migrate_job.h b/src/libcharon/processing/jobs/migrate_job.h index 0f2b9aaad..140635bed 100644 --- a/src/libcharon/processing/jobs/migrate_job.h +++ b/src/libcharon/processing/jobs/migrate_job.h @@ -54,7 +54,7 @@ struct migrate_job_t { * @param remote remote host address to be used in the IKE_SA * @return migrate_job_t object */ -migrate_job_t *migrate_job_create(u_int32_t reqid, +migrate_job_t *migrate_job_create(uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t dir, host_t *local, host_t *remote); diff --git a/src/libcharon/processing/jobs/rekey_child_sa_job.c b/src/libcharon/processing/jobs/rekey_child_sa_job.c index 057876b33..d76f4f65b 100644 --- a/src/libcharon/processing/jobs/rekey_child_sa_job.c +++ b/src/libcharon/processing/jobs/rekey_child_sa_job.c @@ -38,7 +38,7 @@ struct private_rekey_child_sa_job_t { /** * inbound SPI of the CHILD_SA */ - u_int32_t spi; + uint32_t spi; /** * SA destination address @@ -86,7 +86,7 @@ METHOD(job_t, get_priority, job_priority_t, * Described in header */ rekey_child_sa_job_t *rekey_child_sa_job_create(protocol_id_t protocol, - u_int32_t spi, host_t *dst) + uint32_t spi, host_t *dst) { private_rekey_child_sa_job_t *this; diff --git a/src/libcharon/processing/jobs/rekey_child_sa_job.h b/src/libcharon/processing/jobs/rekey_child_sa_job.h index 364bb5ae7..1de06fd07 100644 --- a/src/libcharon/processing/jobs/rekey_child_sa_job.h +++ b/src/libcharon/processing/jobs/rekey_child_sa_job.h @@ -49,5 +49,5 @@ struct rekey_child_sa_job_t { * @return rekey_child_sa_job_t object */ rekey_child_sa_job_t *rekey_child_sa_job_create(protocol_id_t protocol, - u_int32_t spi, host_t *dst); + uint32_t spi, host_t *dst); #endif /** REKEY_CHILD_SA_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/rekey_ike_sa_job.c b/src/libcharon/processing/jobs/rekey_ike_sa_job.c index 403d826a3..148db2f92 100644 --- a/src/libcharon/processing/jobs/rekey_ike_sa_job.c +++ b/src/libcharon/processing/jobs/rekey_ike_sa_job.c @@ -49,11 +49,11 @@ METHOD(job_t, destroy, void, /** * Check if we should delay a reauth, and by how many seconds */ -static u_int32_t get_retry_delay(ike_sa_t *ike_sa) +static uint32_t get_retry_delay(ike_sa_t *ike_sa) { enumerator_t *enumerator; child_sa_t *child_sa; - u_int32_t retry = 0; + uint32_t retry = 0; /* avoid reauth collisions for certain IKE_SA/CHILD_SA states */ if (ike_sa->get_state(ike_sa) != IKE_ESTABLISHED) @@ -87,7 +87,7 @@ METHOD(job_t, execute, job_requeue_t, { ike_sa_t *ike_sa; status_t status = SUCCESS; - u_int32_t retry = 0; + uint32_t retry = 0; ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->ike_sa_id); diff --git a/src/libcharon/processing/jobs/retransmit_job.c b/src/libcharon/processing/jobs/retransmit_job.c index 48c326804..4daa41868 100644 --- a/src/libcharon/processing/jobs/retransmit_job.c +++ b/src/libcharon/processing/jobs/retransmit_job.c @@ -32,7 +32,7 @@ struct private_retransmit_job_t { /** * Message ID of the request to resend. */ - u_int32_t message_id; + uint32_t message_id; /** * ID of the IKE_SA which the message belongs to. @@ -79,7 +79,7 @@ METHOD(job_t, get_priority, job_priority_t, /* * Described in header. */ -retransmit_job_t *retransmit_job_create(u_int32_t message_id,ike_sa_id_t *ike_sa_id) +retransmit_job_t *retransmit_job_create(uint32_t message_id,ike_sa_id_t *ike_sa_id) { private_retransmit_job_t *this; diff --git a/src/libcharon/processing/jobs/retransmit_job.h b/src/libcharon/processing/jobs/retransmit_job.h index c4545534b..595513cef 100644 --- a/src/libcharon/processing/jobs/retransmit_job.h +++ b/src/libcharon/processing/jobs/retransmit_job.h @@ -49,7 +49,7 @@ struct retransmit_job_t { * @param ike_sa_id identification of the ike_sa as ike_sa_id_t * @return retransmit_job_t object */ -retransmit_job_t *retransmit_job_create(u_int32_t message_id, +retransmit_job_t *retransmit_job_create(uint32_t message_id, ike_sa_id_t *ike_sa_id); #endif /** RETRANSMIT_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/update_sa_job.c b/src/libcharon/processing/jobs/update_sa_job.c index 862506d90..3360b7dc5 100644 --- a/src/libcharon/processing/jobs/update_sa_job.c +++ b/src/libcharon/processing/jobs/update_sa_job.c @@ -41,7 +41,7 @@ struct private_update_sa_job_t { /** * SPI of the CHILD_SA */ - u_int32_t spi; + uint32_t spi; /** * Old SA destination address @@ -92,7 +92,7 @@ METHOD(job_t, get_priority, job_priority_t, * Described in header */ update_sa_job_t *update_sa_job_create(protocol_id_t protocol, - u_int32_t spi, host_t *dst, host_t *new) + uint32_t spi, host_t *dst, host_t *new) { private_update_sa_job_t *this; diff --git a/src/libcharon/processing/jobs/update_sa_job.h b/src/libcharon/processing/jobs/update_sa_job.h index 9c19f5b6e..ed978dc8b 100644 --- a/src/libcharon/processing/jobs/update_sa_job.h +++ b/src/libcharon/processing/jobs/update_sa_job.h @@ -49,6 +49,6 @@ struct update_sa_job_t { * @return update_sa_job_t object */ update_sa_job_t *update_sa_job_create(protocol_id_t protocol, - u_int32_t spi, host_t *dst, host_t *new); + uint32_t spi, host_t *dst, host_t *new); #endif /** UPDATE_SA_JOB_H_ @}*/ diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index 56b7cb5a4..8a405d93c 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -1,9 +1,10 @@ /* - * Copyright (C) 2006-2015 Tobias Brunner + * Coypright (C) 2016 Andreas Steffen + * Copyright (C) 2006-2016 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -63,22 +64,22 @@ struct private_child_sa_t { /** * our actually used SPI, 0 if unused */ - u_int32_t my_spi; + uint32_t my_spi; /** * others used SPI, 0 if unused */ - u_int32_t other_spi; + uint32_t other_spi; /** * our Compression Parameter Index (CPI) used, 0 if unused */ - u_int16_t my_cpi; + uint16_t my_cpi; /** * others Compression Parameter Index (CPI) used, 0 if unused */ - u_int16_t other_cpi; + uint16_t other_cpi; /** * Array for local traffic selectors @@ -98,7 +99,7 @@ struct private_child_sa_t { /** * reqid used for this child_sa */ - u_int32_t reqid; + uint32_t reqid; /** * Did we allocate/confirm and must release the reqid? @@ -113,7 +114,7 @@ struct private_child_sa_t { /* * Unique CHILD_SA identifier */ - u_int32_t unique_id; + uint32_t unique_id; /** * inbound mark used for this child_sa @@ -198,28 +199,28 @@ struct private_child_sa_t { /** * last number of inbound bytes */ - u_int64_t my_usebytes; + uint64_t my_usebytes; /** * last number of outbound bytes */ - u_int64_t other_usebytes; + uint64_t other_usebytes; /** * last number of inbound packets */ - u_int64_t my_usepackets; + uint64_t my_usepackets; /** * last number of outbound bytes */ - u_int64_t other_usepackets; + uint64_t other_usepackets; }; /** * convert an IKEv2 specific protocol identifier to the IP protocol identifier. */ -static inline u_int8_t proto_ike2ip(protocol_id_t protocol) +static inline uint8_t proto_ike2ip(protocol_id_t protocol) { switch (protocol) { @@ -238,13 +239,13 @@ METHOD(child_sa_t, get_name, char*, return this->config->get_name(this->config); } -METHOD(child_sa_t, get_reqid, u_int32_t, +METHOD(child_sa_t, get_reqid, uint32_t, private_child_sa_t *this) { return this->reqid; } -METHOD(child_sa_t, get_unique_id, u_int32_t, +METHOD(child_sa_t, get_unique_id, uint32_t, private_child_sa_t *this) { return this->unique_id; @@ -269,13 +270,13 @@ METHOD(child_sa_t, get_state, child_sa_state_t, return this->state; } -METHOD(child_sa_t, get_spi, u_int32_t, +METHOD(child_sa_t, get_spi, uint32_t, private_child_sa_t *this, bool inbound) { return inbound ? this->my_spi : this->other_spi; } -METHOD(child_sa_t, get_cpi, u_int16_t, +METHOD(child_sa_t, get_cpi, uint16_t, private_child_sa_t *this, bool inbound) { return inbound ? this->my_cpi : this->other_cpi; @@ -461,17 +462,24 @@ METHOD(child_sa_t, create_policy_enumerator, enumerator_t*, static status_t update_usebytes(private_child_sa_t *this, bool inbound) { status_t status = FAILED; - u_int64_t bytes, packets; + uint64_t bytes, packets; time_t time; if (inbound) { if (this->my_spi) { - status = charon->kernel->query_sa(charon->kernel, this->other_addr, - this->my_addr, this->my_spi, - proto_ike2ip(this->protocol), this->mark_in, - &bytes, &packets, &time); + kernel_ipsec_sa_id_t id = { + .src = this->other_addr, + .dst = this->my_addr, + .spi = this->my_spi, + .proto = proto_ike2ip(this->protocol), + .mark = this->mark_in, + }; + kernel_ipsec_query_sa_t query = {}; + + status = charon->kernel->query_sa(charon->kernel, &id, &query, + &bytes, &packets, &time); if (status == SUCCESS) { if (bytes > this->my_usebytes) @@ -492,10 +500,17 @@ static status_t update_usebytes(private_child_sa_t *this, bool inbound) { if (this->other_spi) { - status = charon->kernel->query_sa(charon->kernel, this->my_addr, - this->other_addr, this->other_spi, - proto_ike2ip(this->protocol), this->mark_out, - &bytes, &packets, &time); + kernel_ipsec_sa_id_t id = { + .src = this->my_addr, + .dst = this->other_addr, + .spi = this->other_spi, + .proto = proto_ike2ip(this->protocol), + .mark = this->mark_out, + }; + kernel_ipsec_query_sa_t query = {}; + + status = charon->kernel->query_sa(charon->kernel, &id, &query, + &bytes, &packets, &time); if (status == SUCCESS) { if (bytes > this->other_usebytes) @@ -531,15 +546,24 @@ static bool update_usetime(private_child_sa_t *this, bool inbound) if (inbound) { - if (charon->kernel->query_policy(charon->kernel, other_ts, - my_ts, POLICY_IN, this->mark_in, &in) == SUCCESS) + kernel_ipsec_policy_id_t id = { + .dir = POLICY_IN, + .src_ts = other_ts, + .dst_ts = my_ts, + .mark = this->mark_in, + }; + kernel_ipsec_query_policy_t query = {}; + + if (charon->kernel->query_policy(charon->kernel, &id, &query, + &in) == SUCCESS) { last_use = max(last_use, in); } if (this->mode != MODE_TRANSPORT) { - if (charon->kernel->query_policy(charon->kernel, other_ts, - my_ts, POLICY_FWD, this->mark_in, &fwd) == SUCCESS) + id.dir = POLICY_FWD; + if (charon->kernel->query_policy(charon->kernel, &id, &query, + &fwd) == SUCCESS) { last_use = max(last_use, fwd); } @@ -547,8 +571,17 @@ static bool update_usetime(private_child_sa_t *this, bool inbound) } else { - if (charon->kernel->query_policy(charon->kernel, my_ts, - other_ts, POLICY_OUT, this->mark_out, &out) == SUCCESS) + kernel_ipsec_policy_id_t id = { + .dir = POLICY_OUT, + .src_ts = my_ts, + .dst_ts = other_ts, + .mark = this->mark_out, + .interface = this->config->get_interface(this->config), + }; + kernel_ipsec_query_policy_t query = {}; + + if (charon->kernel->query_policy(charon->kernel, &id, &query, + &out) == SUCCESS) { last_use = max(last_use, out); } @@ -573,7 +606,7 @@ static bool update_usetime(private_child_sa_t *this, bool inbound) METHOD(child_sa_t, get_usestats, void, private_child_sa_t *this, bool inbound, - time_t *time, u_int64_t *bytes, u_int64_t *packets) + time_t *time, uint64_t *bytes, uint64_t *packets) { if ((!bytes && !packets) || update_usebytes(this, inbound) != FAILED) { @@ -625,7 +658,7 @@ METHOD(child_sa_t, get_installtime, time_t, return this->install_time; } -METHOD(child_sa_t, alloc_spi, u_int32_t, +METHOD(child_sa_t, alloc_spi, uint32_t, private_child_sa_t *this, protocol_id_t protocol) { if (charon->kernel->get_spi(charon->kernel, this->other_addr, this->my_addr, @@ -639,7 +672,7 @@ METHOD(child_sa_t, alloc_spi, u_int32_t, return 0; } -METHOD(child_sa_t, alloc_cpi, u_int16_t, +METHOD(child_sa_t, alloc_cpi, uint16_t, private_child_sa_t *this) { if (charon->kernel->get_cpi(charon->kernel, this->other_addr, this->my_addr, @@ -651,16 +684,18 @@ METHOD(child_sa_t, alloc_cpi, u_int16_t, } METHOD(child_sa_t, install, status_t, - private_child_sa_t *this, chunk_t encr, chunk_t integ, u_int32_t spi, - u_int16_t cpi, bool initiator, bool inbound, bool tfcv3, + private_child_sa_t *this, chunk_t encr, chunk_t integ, uint32_t spi, + uint16_t cpi, bool initiator, bool inbound, bool tfcv3, linked_list_t *my_ts, linked_list_t *other_ts) { - u_int16_t enc_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED, size; - u_int16_t esn = NO_EXT_SEQ_NUMBERS; + uint16_t enc_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED, size; + uint16_t esn = NO_EXT_SEQ_NUMBERS; linked_list_t *src_ts = NULL, *dst_ts = NULL; time_t now; + kernel_ipsec_sa_id_t id; + kernel_ipsec_add_sa_t sa; lifetime_cfg_t *lifetime; - u_int32_t tfc = 0; + uint32_t tfc = 0; host_t *src, *dst; status_t status; bool update = FALSE; @@ -716,7 +751,7 @@ METHOD(child_sa_t, install, status_t, this->reqid_allocated = TRUE; } - lifetime = this->config->get_lifetime(this->config); + lifetime = this->config->get_lifetime(this->config, TRUE); now = time_monotonic(NULL); if (lifetime->time.rekey) @@ -752,12 +787,36 @@ METHOD(child_sa_t, install, status_t, dst_ts = other_ts; } - status = charon->kernel->add_sa(charon->kernel, - src, dst, spi, proto_ike2ip(this->protocol), this->reqid, - inbound ? this->mark_in : this->mark_out, tfc, - lifetime, enc_alg, encr, int_alg, integ, this->mode, - this->ipcomp, cpi, this->config->get_replay_window(this->config), - initiator, this->encap, esn, inbound, update, src_ts, dst_ts); + id = (kernel_ipsec_sa_id_t){ + .src = src, + .dst = dst, + .spi = spi, + .proto = proto_ike2ip(this->protocol), + .mark = inbound ? this->mark_in : this->mark_out, + }; + sa = (kernel_ipsec_add_sa_t){ + .reqid = this->reqid, + .mode = this->mode, + .src_ts = src_ts, + .dst_ts = dst_ts, + .interface = inbound ? NULL : this->config->get_interface(this->config), + .lifetime = lifetime, + .enc_alg = enc_alg, + .enc_key = encr, + .int_alg = int_alg, + .int_key = integ, + .replay_window = this->config->get_replay_window(this->config), + .tfc = tfc, + .ipcomp = this->ipcomp, + .cpi = cpi, + .encap = this->encap, + .esn = esn, + .initiator = initiator, + .inbound = inbound, + .update = update, + }; + + status = charon->kernel->add_sa(charon->kernel, &id, &sa); free(lifetime); @@ -825,24 +884,62 @@ static void prepare_sa_cfg(private_child_sa_t *this, ipsec_sa_cfg_t *my_sa, static status_t install_policies_internal(private_child_sa_t *this, host_t *my_addr, host_t *other_addr, traffic_selector_t *my_ts, traffic_selector_t *other_ts, ipsec_sa_cfg_t *my_sa, - ipsec_sa_cfg_t *other_sa, policy_type_t type, policy_priority_t priority) + ipsec_sa_cfg_t *other_sa, policy_type_t type, + policy_priority_t priority, uint32_t manual_prio) { + kernel_ipsec_policy_id_t out_id = { + .dir = POLICY_OUT, + .src_ts = my_ts, + .dst_ts = other_ts, + .mark = this->mark_out, + .interface = this->config->get_interface(this->config), + }, in_id = { + .dir = POLICY_IN, + .src_ts = other_ts, + .dst_ts = my_ts, + .mark = this->mark_in, + }; + kernel_ipsec_manage_policy_t out_policy = { + .type = type, + .prio = priority, + .manual_prio = manual_prio, + .src = my_addr, + .dst = other_addr, + .sa = other_sa, + }, in_policy = { + .type = type, + .prio = priority, + .manual_prio = manual_prio, + .src = other_addr, + .dst = my_addr, + .sa = my_sa, + }; status_t status = SUCCESS; - status |= charon->kernel->add_policy(charon->kernel, - my_addr, other_addr, my_ts, other_ts, - POLICY_OUT, type, other_sa, - this->mark_out, priority); - - status |= charon->kernel->add_policy(charon->kernel, - other_addr, my_addr, other_ts, my_ts, - POLICY_IN, type, my_sa, - this->mark_in, priority); + + status |= charon->kernel->add_policy(charon->kernel, &out_id, &out_policy); + status |= charon->kernel->add_policy(charon->kernel, &in_id, &in_policy); if (this->mode != MODE_TRANSPORT) { - status |= charon->kernel->add_policy(charon->kernel, - other_addr, my_addr, other_ts, my_ts, - POLICY_FWD, type, my_sa, - this->mark_in, priority); + in_id.dir = POLICY_FWD; + status |= charon->kernel->add_policy(charon->kernel, &in_id, &in_policy); + + /* install an "outbound" FWD policy in case there is a drop policy + * matching outbound forwarded traffic, to allow another tunnel to use + * the reversed subnets and do the same we don't set a reqid (this also + * allows the kernel backend to distinguish between the two types of + * FWD policies). To avoid problems with symmetrically overlapping + * policies of two SAs we install them with reduced priority. As they + * basically act as bypass policies for drop policies we use a higher + * priority than is used for them. */ + out_id.dir = POLICY_FWD; + other_sa->reqid = 0; + if (priority == POLICY_PRIORITY_DEFAULT) + { + out_policy.prio = POLICY_PRIORITY_ROUTED; + } + status |= charon->kernel->add_policy(charon->kernel, &out_id, &out_policy); + /* reset the reqid for any other further policies */ + other_sa->reqid = this->reqid; } return status; } @@ -853,20 +950,52 @@ static status_t install_policies_internal(private_child_sa_t *this, static void del_policies_internal(private_child_sa_t *this, host_t *my_addr, host_t *other_addr, traffic_selector_t *my_ts, traffic_selector_t *other_ts, ipsec_sa_cfg_t *my_sa, - ipsec_sa_cfg_t *other_sa, policy_type_t type, policy_priority_t priority) + ipsec_sa_cfg_t *other_sa, policy_type_t type, + policy_priority_t priority, uint32_t manual_prio) { + kernel_ipsec_policy_id_t out_id = { + .dir = POLICY_OUT, + .src_ts = my_ts, + .dst_ts = other_ts, + .mark = this->mark_out, + .interface = this->config->get_interface(this->config), + }, in_id = { + .dir = POLICY_IN, + .src_ts = other_ts, + .dst_ts = my_ts, + .mark = this->mark_in, + }; + kernel_ipsec_manage_policy_t out_policy = { + .type = type, + .prio = priority, + .manual_prio = manual_prio, + .src = my_addr, + .dst = other_addr, + .sa = other_sa, + }, in_policy = { + .type = type, + .prio = priority, + .manual_prio = manual_prio, + .src = other_addr, + .dst = my_addr, + .sa = my_sa, + }; - charon->kernel->del_policy(charon->kernel, - my_addr, other_addr, my_ts, other_ts, POLICY_OUT, type, - other_sa, this->mark_out, priority); - charon->kernel->del_policy(charon->kernel, - other_addr, my_addr, other_ts, my_ts, POLICY_IN, - type, my_sa, this->mark_in, priority); + charon->kernel->del_policy(charon->kernel, &out_id, &out_policy); + charon->kernel->del_policy(charon->kernel, &in_id, &in_policy); if (this->mode != MODE_TRANSPORT) { - charon->kernel->del_policy(charon->kernel, - other_addr, my_addr, other_ts, my_ts, POLICY_FWD, - type, my_sa, this->mark_in, priority); + in_id.dir = POLICY_FWD; + charon->kernel->del_policy(charon->kernel, &in_id, &in_policy); + + out_id.dir = POLICY_FWD; + other_sa->reqid = 0; + if (priority == POLICY_PRIORITY_DEFAULT) + { + out_policy.prio = POLICY_PRIORITY_ROUTED; + } + charon->kernel->del_policy(charon->kernel, &out_id, &out_policy); + other_sa->reqid = this->reqid; } } @@ -912,8 +1041,10 @@ METHOD(child_sa_t, add_policies, status_t, { policy_priority_t priority; ipsec_sa_cfg_t my_sa, other_sa; + uint32_t manual_prio; prepare_sa_cfg(this, &my_sa, &other_sa); + manual_prio = this->config->get_manual_prio(this->config); /* if we're not in state CHILD_INSTALLING (i.e. if there is no SAD * entry) we install a trap policy */ @@ -927,18 +1058,20 @@ METHOD(child_sa_t, add_policies, status_t, { /* install outbound drop policy to avoid packets leaving unencrypted * when updating policies */ - if (priority == POLICY_PRIORITY_DEFAULT && require_policy_update()) + if (priority == POLICY_PRIORITY_DEFAULT && manual_prio == 0 && + require_policy_update()) { status |= install_policies_internal(this, this->my_addr, this->other_addr, my_ts, other_ts, &my_sa, &other_sa, POLICY_DROP, - POLICY_PRIORITY_FALLBACK); + POLICY_PRIORITY_FALLBACK, 0); } /* install policies */ status |= install_policies_internal(this, this->my_addr, this->other_addr, my_ts, other_ts, - &my_sa, &other_sa, POLICY_IPSEC, priority); + &my_sa, &other_sa, POLICY_IPSEC, + priority, manual_prio); if (status != SUCCESS) { @@ -994,11 +1127,22 @@ METHOD(child_sa_t, update, status_t, /* update our (initiator) SA */ if (this->my_spi) { - if (charon->kernel->update_sa(charon->kernel, - this->my_spi, proto_ike2ip(this->protocol), - this->ipcomp != IPCOMP_NONE ? this->my_cpi : 0, - this->other_addr, this->my_addr, other, me, - this->encap, encap, this->mark_in) == NOT_SUPPORTED) + kernel_ipsec_sa_id_t id = { + .src = this->other_addr, + .dst = this->my_addr, + .spi = this->my_spi, + .proto = proto_ike2ip(this->protocol), + .mark = this->mark_in, + }; + kernel_ipsec_update_sa_t sa = { + .cpi = this->ipcomp != IPCOMP_NONE ? this->my_cpi : 0, + .new_src = other, + .new_dst = me, + .encap = this->encap, + .new_encap = encap, + }; + if (charon->kernel->update_sa(charon->kernel, &id, + &sa) == NOT_SUPPORTED) { set_state(this, old); return NOT_SUPPORTED; @@ -1008,11 +1152,22 @@ METHOD(child_sa_t, update, status_t, /* update his (responder) SA */ if (this->other_spi) { - if (charon->kernel->update_sa(charon->kernel, - this->other_spi, proto_ike2ip(this->protocol), - this->ipcomp != IPCOMP_NONE ? this->other_cpi : 0, - this->my_addr, this->other_addr, me, other, - this->encap, encap, this->mark_out) == NOT_SUPPORTED) + kernel_ipsec_sa_id_t id = { + .src = this->my_addr, + .dst = this->other_addr, + .spi = this->other_spi, + .proto = proto_ike2ip(this->protocol), + .mark = this->mark_out, + }; + kernel_ipsec_update_sa_t sa = { + .cpi = this->ipcomp != IPCOMP_NONE ? this->other_cpi : 0, + .new_src = me, + .new_dst = other, + .encap = this->encap, + .new_encap = encap, + }; + if (charon->kernel->update_sa(charon->kernel, &id, + &sa) == NOT_SUPPORTED) { set_state(this, old); return NOT_SUPPORTED; @@ -1028,18 +1183,21 @@ METHOD(child_sa_t, update, status_t, ipsec_sa_cfg_t my_sa, other_sa; enumerator_t *enumerator; traffic_selector_t *my_ts, *other_ts; + uint32_t manual_prio; prepare_sa_cfg(this, &my_sa, &other_sa); + manual_prio = this->config->get_manual_prio(this->config); /* always use high priorities, as hosts getting updated are INSTALLED */ enumerator = create_policy_enumerator(this); while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) { traffic_selector_t *old_my_ts = NULL, *old_other_ts = NULL; + /* remove old policies first */ del_policies_internal(this, this->my_addr, this->other_addr, - my_ts, other_ts, &my_sa, &other_sa, - POLICY_IPSEC, POLICY_PRIORITY_DEFAULT); + my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC, + POLICY_PRIORITY_DEFAULT, manual_prio); /* check if we have to update a "dynamic" traffic selector */ if (!me->ip_equals(me, this->my_addr) && @@ -1062,17 +1220,20 @@ METHOD(child_sa_t, update, status_t, /* reinstall updated policies */ install_policies_internal(this, me, other, my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC, - POLICY_PRIORITY_DEFAULT); + POLICY_PRIORITY_DEFAULT, manual_prio); /* update fallback policies after the new policy is in place */ - del_policies_internal(this, this->my_addr, this->other_addr, - old_my_ts ?: my_ts, - old_other_ts ?: other_ts, - &my_sa, &other_sa, POLICY_DROP, - POLICY_PRIORITY_FALLBACK); - install_policies_internal(this, me, other, my_ts, other_ts, + if (manual_prio == 0) + { + del_policies_internal(this, this->my_addr, this->other_addr, + old_my_ts ?: my_ts, + old_other_ts ?: other_ts, + &my_sa, &other_sa, POLICY_DROP, + POLICY_PRIORITY_FALLBACK, 0); + install_policies_internal(this, me, other, my_ts, other_ts, &my_sa, &other_sa, POLICY_DROP, - POLICY_PRIORITY_FALLBACK); + POLICY_PRIORITY_FALLBACK, 0); + } DESTROY_IF(old_my_ts); DESTROY_IF(old_other_ts); } @@ -1115,20 +1276,24 @@ METHOD(child_sa_t, destroy, void, if (this->config->install_policy(this->config)) { ipsec_sa_cfg_t my_sa, other_sa; + uint32_t manual_prio; prepare_sa_cfg(this, &my_sa, &other_sa); + manual_prio = this->config->get_manual_prio(this->config); /* delete all policies in the kernel */ enumerator = create_policy_enumerator(this); while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) { del_policies_internal(this, this->my_addr, this->other_addr, - my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC, priority); - if (priority == POLICY_PRIORITY_DEFAULT && require_policy_update()) + my_ts, other_ts, &my_sa, &other_sa, + POLICY_IPSEC, priority, manual_prio); + if (priority == POLICY_PRIORITY_DEFAULT && manual_prio == 0 && + require_policy_update()) { del_policies_internal(this, this->my_addr, this->other_addr, - my_ts, other_ts, &my_sa, &other_sa, POLICY_DROP, - POLICY_PRIORITY_FALLBACK); + my_ts, other_ts, &my_sa, &other_sa, + POLICY_DROP, POLICY_PRIORITY_FALLBACK, 0); } } enumerator->destroy(enumerator); @@ -1137,17 +1302,31 @@ METHOD(child_sa_t, destroy, void, /* delete SAs in the kernel, if they are set up */ if (this->my_spi) { - charon->kernel->del_sa(charon->kernel, - this->other_addr, this->my_addr, this->my_spi, - proto_ike2ip(this->protocol), this->my_cpi, - this->mark_in); + kernel_ipsec_sa_id_t id = { + .src = this->other_addr, + .dst = this->my_addr, + .spi = this->my_spi, + .proto = proto_ike2ip(this->protocol), + .mark = this->mark_in, + }; + kernel_ipsec_del_sa_t sa = { + .cpi = this->my_cpi, + }; + charon->kernel->del_sa(charon->kernel, &id, &sa); } if (this->other_spi) { - charon->kernel->del_sa(charon->kernel, - this->my_addr, this->other_addr, this->other_spi, - proto_ike2ip(this->protocol), this->other_cpi, - this->mark_out); + kernel_ipsec_sa_id_t id = { + .src = this->my_addr, + .dst = this->other_addr, + .spi = this->other_spi, + .proto = proto_ike2ip(this->protocol), + .mark = this->mark_out, + }; + kernel_ipsec_del_sa_t sa = { + .cpi = this->other_cpi, + }; + charon->kernel->del_sa(charon->kernel, &id, &sa); } if (this->reqid_allocated) @@ -1174,7 +1353,7 @@ METHOD(child_sa_t, destroy, void, static host_t* get_proxy_addr(child_cfg_t *config, host_t *ike, bool local) { host_t *host = NULL; - u_int8_t mask; + uint8_t mask; enumerator_t *enumerator; linked_list_t *ts_list, *list; traffic_selector_t *ts; @@ -1207,11 +1386,12 @@ static host_t* get_proxy_addr(child_cfg_t *config, host_t *ike, bool local) * Described in header. */ child_sa_t * child_sa_create(host_t *me, host_t* other, - child_cfg_t *config, u_int32_t rekey, bool encap, + child_cfg_t *config, uint32_t rekey, bool encap, u_int mark_in, u_int mark_out) { private_child_sa_t *this; - static refcount_t unique_id = 0, unique_mark = 0, mark; + static refcount_t unique_id = 0, unique_mark = 0; + refcount_t mark; INIT(this, .public = { diff --git a/src/libcharon/sa/child_sa.h b/src/libcharon/sa/child_sa.h index debe8eb2c..bc7df996a 100644 --- a/src/libcharon/sa/child_sa.h +++ b/src/libcharon/sa/child_sa.h @@ -128,7 +128,7 @@ struct child_sa_t { * * @return reqid of the CHILD SA */ - u_int32_t (*get_reqid)(child_sa_t *this); + uint32_t (*get_reqid)(child_sa_t *this); /** * Get the unique numerical identifier for this CHILD_SA. @@ -138,7 +138,7 @@ struct child_sa_t { * * @return unique CHILD_SA identifier */ - u_int32_t (*get_unique_id)(child_sa_t *this); + uint32_t (*get_unique_id)(child_sa_t *this); /** * Get the config used to set up this child sa. @@ -171,7 +171,7 @@ struct child_sa_t { * @param inbound TRUE to get inbound SPI, FALSE for outbound. * @return SPI of the CHILD SA */ - u_int32_t (*get_spi) (child_sa_t *this, bool inbound); + uint32_t (*get_spi) (child_sa_t *this, bool inbound); /** * Get the CPI of this CHILD_SA. @@ -183,7 +183,7 @@ struct child_sa_t { * @param inbound TRUE to get inbound CPI, FALSE for outbound. * @return CPI of the CHILD SA */ - u_int16_t (*get_cpi) (child_sa_t *this, bool inbound); + uint16_t (*get_cpi) (child_sa_t *this, bool inbound); /** * Get the protocol which this CHILD_SA uses to protect traffic. @@ -300,7 +300,7 @@ struct child_sa_t { * @param[out] packets number of processed packets (NULL to ignore) */ void (*get_usestats)(child_sa_t *this, bool inbound, time_t *time, - u_int64_t *bytes, u_int64_t *packets); + uint64_t *bytes, uint64_t *packets); /** * Get the mark used with this CHILD_SA. @@ -335,14 +335,14 @@ struct child_sa_t { * @param spi SPI output pointer * @return SPI, 0 on failure */ - u_int32_t (*alloc_spi)(child_sa_t *this, protocol_id_t protocol); + uint32_t (*alloc_spi)(child_sa_t *this, protocol_id_t protocol); /** * Allocate a CPI to use for IPComp. * * @return CPI, 0 on failure */ - u_int16_t (*alloc_cpi)(child_sa_t *this); + uint16_t (*alloc_cpi)(child_sa_t *this); /** * Install an IPsec SA for one direction. @@ -359,7 +359,7 @@ struct child_sa_t { * @return SUCCESS or FAILED */ status_t (*install)(child_sa_t *this, chunk_t encr, chunk_t integ, - u_int32_t spi, u_int16_t cpi, + uint32_t spi, uint16_t cpi, bool initiator, bool inbound, bool tfcv3, linked_list_t *my_ts, linked_list_t *other_ts); /** @@ -404,7 +404,7 @@ struct child_sa_t { * @return child_sa_t object */ child_sa_t * child_sa_create(host_t *me, host_t *other, child_cfg_t *config, - u_int32_t reqid, bool encap, + uint32_t reqid, bool encap, u_int mark_in, u_int mark_out); #endif /** CHILD_SA_H_ @}*/ diff --git a/src/libcharon/sa/child_sa_manager.c b/src/libcharon/sa/child_sa_manager.c index 071a119da..13f22cf5f 100644 --- a/src/libcharon/sa/child_sa_manager.c +++ b/src/libcharon/sa/child_sa_manager.c @@ -59,11 +59,11 @@ typedef struct { /** the associated IKE_SA */ ike_sa_id_t *ike_id; /** unique CHILD_SA identifier */ - u_int32_t unique_id; + uint32_t unique_id; /** inbound SPI */ - u_int32_t spi_in; + uint32_t spi_in; /** outbound SPI */ - u_int32_t spi_out; + uint32_t spi_out; /** inbound host address */ host_t *host_in; /** outbound host address and port */ @@ -202,7 +202,7 @@ METHOD(child_sa_manager_t, remove_, void, * Check out an IKE_SA for a given CHILD_SA */ static ike_sa_t *checkout_ikesa(private_child_sa_manager_t *this, - ike_sa_id_t *id, u_int32_t unique_id, child_sa_t **child_sa) + ike_sa_id_t *id, uint32_t unique_id, child_sa_t **child_sa) { enumerator_t *enumerator; child_sa_t *current; @@ -238,7 +238,7 @@ static ike_sa_t *checkout_ikesa(private_child_sa_manager_t *this, } METHOD(child_sa_manager_t, checkout_by_id, ike_sa_t*, - private_child_sa_manager_t *this, u_int32_t unique_id, + private_child_sa_manager_t *this, uint32_t unique_id, child_sa_t **child_sa) { ike_sa_id_t *id; @@ -262,11 +262,11 @@ METHOD(child_sa_manager_t, checkout_by_id, ike_sa_t*, } METHOD(child_sa_manager_t, checkout, ike_sa_t*, - private_child_sa_manager_t *this, protocol_id_t protocol, u_int32_t spi, + private_child_sa_manager_t *this, protocol_id_t protocol, uint32_t spi, host_t *dst, child_sa_t **child_sa) { ike_sa_id_t *id; - u_int32_t unique_id; + uint32_t unique_id; child_entry_t *entry, key = { .spi_in = spi, .spi_out = spi, diff --git a/src/libcharon/sa/child_sa_manager.h b/src/libcharon/sa/child_sa_manager.h index 4d57528e8..f1d6ad9e0 100644 --- a/src/libcharon/sa/child_sa_manager.h +++ b/src/libcharon/sa/child_sa_manager.h @@ -59,7 +59,7 @@ struct child_sa_manager_t { * @return IKE_SA, NULL if not found */ ike_sa_t *(*checkout)(child_sa_manager_t *this, - protocol_id_t protocol, u_int32_t spi, host_t *dst, + protocol_id_t protocol, uint32_t spi, host_t *dst, child_sa_t **child_sa); /** @@ -72,7 +72,7 @@ struct child_sa_manager_t { * @param child_sa returns CHILD_SA managed by IKE_SA * @return IKE_SA, NULL if not found */ - ike_sa_t *(*checkout_by_id)(child_sa_manager_t *this, u_int32_t unique_id, + ike_sa_t *(*checkout_by_id)(child_sa_manager_t *this, uint32_t unique_id, child_sa_t **child_sa); /** diff --git a/src/libcharon/sa/eap/eap_manager.c b/src/libcharon/sa/eap/eap_manager.c index 1886307e9..e4fcbc8f0 100644 --- a/src/libcharon/sa/eap/eap_manager.c +++ b/src/libcharon/sa/eap/eap_manager.c @@ -35,7 +35,7 @@ struct eap_entry_t { /** * vendor ID, 0 for default EAP methods */ - u_int32_t vendor; + uint32_t vendor; /** * Role of the method returned by the constructor, EAP_SERVER or EAP_PEER @@ -70,7 +70,7 @@ struct private_eap_manager_t { }; METHOD(eap_manager_t, add_method, void, - private_eap_manager_t *this, eap_type_t type, u_int32_t vendor, + private_eap_manager_t *this, eap_type_t type, uint32_t vendor, eap_role_t role, eap_constructor_t constructor) { eap_entry_t *entry = malloc_thing(eap_entry_t); @@ -109,7 +109,7 @@ METHOD(eap_manager_t, remove_method, void, * filter the registered methods */ static bool filter_methods(uintptr_t role, eap_entry_t **entry, - eap_type_t *type, void *in, u_int32_t *vendor) + eap_type_t *type, void *in, uint32_t *vendor) { if ((*entry)->role != (eap_role_t)role) { @@ -144,7 +144,7 @@ METHOD(eap_manager_t, create_enumerator, enumerator_t*, } METHOD(eap_manager_t, create_instance, eap_method_t*, - private_eap_manager_t *this, eap_type_t type, u_int32_t vendor, + private_eap_manager_t *this, eap_type_t type, uint32_t vendor, eap_role_t role, identification_t *server, identification_t *peer) { enumerator_t *enumerator; diff --git a/src/libcharon/sa/eap/eap_manager.h b/src/libcharon/sa/eap/eap_manager.h index e318ef57a..4ed1cae20 100644 --- a/src/libcharon/sa/eap/eap_manager.h +++ b/src/libcharon/sa/eap/eap_manager.h @@ -44,7 +44,7 @@ struct eap_manager_t { * @param role EAP role of the registered method * @param constructor constructor function, returns an eap_method_t */ - void (*add_method)(eap_manager_t *this, eap_type_t type, u_int32_t vendor, + void (*add_method)(eap_manager_t *this, eap_type_t type, uint32_t vendor, eap_role_t role, eap_constructor_t constructor); /** @@ -61,7 +61,7 @@ struct eap_manager_t { * even though it is registered as method with this manager). * * @param role EAP role of methods to enumerate - * @return enumerator over (eap_type_t type, u_int32_t vendor) + * @return enumerator over (eap_type_t type, uint32_t vendor) */ enumerator_t* (*create_enumerator)(eap_manager_t *this, eap_role_t role); @@ -76,7 +76,7 @@ struct eap_manager_t { * @return EAP method instance, NULL if no constructor found */ eap_method_t* (*create_instance)(eap_manager_t *this, eap_type_t type, - u_int32_t vendor, eap_role_t role, + uint32_t vendor, eap_role_t role, identification_t *server, identification_t *peer); diff --git a/src/libcharon/sa/eap/eap_method.h b/src/libcharon/sa/eap/eap_method.h index 689c0f990..8e25f7df8 100644 --- a/src/libcharon/sa/eap/eap_method.h +++ b/src/libcharon/sa/eap/eap_method.h @@ -96,7 +96,7 @@ struct eap_method_t { * @param vendor pointer receiving vendor identifier for type, 0 for none * @return type of the EAP method */ - eap_type_t (*get_type) (eap_method_t *this, u_int32_t *vendor); + eap_type_t (*get_type) (eap_method_t *this, uint32_t *vendor); /** * Check if this EAP method authenticates the server. @@ -126,7 +126,7 @@ struct eap_method_t { * * @return current EAP identifier */ - u_int8_t (*get_identifier) (eap_method_t *this); + uint8_t (*get_identifier) (eap_method_t *this); /** * Set the EAP identifier to a deterministic value, overwriting @@ -134,7 +134,7 @@ struct eap_method_t { * * @param identifier current EAP identifier */ - void (*set_identifier) (eap_method_t *this, u_int8_t identifier); + void (*set_identifier) (eap_method_t *this, uint8_t identifier); /** * Get authentication details performed by this EAP method. diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index bcbff3211..009277ddd 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -1,9 +1,9 @@ /* - * Copyright (C) 2006-2015 Tobias Brunner + * Copyright (C) 2006-2016 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -71,6 +71,7 @@ ENUM(ike_sa_state_names, IKE_CREATED, IKE_DESTROYING, "ESTABLISHED", "PASSIVE", "REKEYING", + "REKEYED", "DELETING", "DESTROYING", ); @@ -101,7 +102,7 @@ struct private_ike_sa_t { /** * unique numerical ID for this IKE_SA. */ - u_int32_t unique_id; + uint32_t unique_id; /** * Current state of the IKE_SA @@ -233,12 +234,12 @@ struct private_ike_sa_t { /** * number pending UPDATE_SA_ADDRESS (MOBIKE) */ - u_int32_t pending_updates; + uint32_t pending_updates; /** * NAT keep alive interval */ - u_int32_t keepalive_interval; + uint32_t keepalive_interval; /** * The schedueld keep alive job, if any @@ -249,7 +250,7 @@ struct private_ike_sa_t { * interval for retries during initiation (e.g. if DNS resolution failed), * 0 to disable (default) */ - u_int32_t retry_initiate_interval; + uint32_t retry_initiate_interval; /** * TRUE if a retry_initiate_job has been queued @@ -259,12 +260,12 @@ struct private_ike_sa_t { /** * Timestamps for this IKE_SA */ - u_int32_t stats[STAT_MAX]; + uint32_t stats[STAT_MAX]; /** * how many times we have retried so far (keyingtries) */ - u_int32_t keyingtry; + uint32_t keyingtry; /** * local host address to be used for IKE, set via MIGRATE kernel message @@ -343,7 +344,7 @@ static time_t get_use_time(private_ike_sa_t* this, bool inbound) return use_time; } -METHOD(ike_sa_t, get_unique_id, u_int32_t, +METHOD(ike_sa_t, get_unique_id, uint32_t, private_ike_sa_t *this) { return this->unique_id; @@ -359,7 +360,7 @@ METHOD(ike_sa_t, get_name, char*, return "(unnamed)"; } -METHOD(ike_sa_t, get_statistic, u_int32_t, +METHOD(ike_sa_t, get_statistic, uint32_t, private_ike_sa_t *this, statistic_t kind) { if (kind < STAT_MAX) @@ -370,7 +371,7 @@ METHOD(ike_sa_t, get_statistic, u_int32_t, } METHOD(ike_sa_t, set_statistic, void, - private_ike_sa_t *this, statistic_t kind, u_int32_t value) + private_ike_sa_t *this, statistic_t kind, uint32_t value) { if (kind < STAT_MAX) { @@ -604,7 +605,7 @@ METHOD(ike_sa_t, set_proposal, void, } METHOD(ike_sa_t, set_message_id, void, - private_ike_sa_t *this, bool initiate, u_int32_t mid) + private_ike_sa_t *this, bool initiate, uint32_t mid) { if (initiate) { @@ -814,7 +815,7 @@ METHOD(ike_sa_t, set_state, void, this->state == IKE_PASSIVE) { job_t *job; - u_int32_t t; + uint32_t t; /* calculate rekey, reauth and lifetime */ this->stats[STAT_ESTABLISHED] = time_monotonic(NULL); @@ -1035,12 +1036,12 @@ METHOD(ike_sa_t, has_mapping_changed, bool, } METHOD(ike_sa_t, set_pending_updates, void, - private_ike_sa_t *this, u_int32_t updates) + private_ike_sa_t *this, uint32_t updates) { this->pending_updates = updates; } -METHOD(ike_sa_t, get_pending_updates, u_int32_t, +METHOD(ike_sa_t, get_pending_updates, uint32_t, private_ike_sa_t *this) { return this->pending_updates; @@ -1203,6 +1204,7 @@ METHOD(ike_sa_t, generate_message_fragmented, status_t, packet_t *packet; status_t status; bool use_frags = FALSE; + bool pre_generated = FALSE; if (this->ike_cfg) { @@ -1237,14 +1239,21 @@ METHOD(ike_sa_t, generate_message_fragmented, status_t, return SUCCESS; } + pre_generated = message->is_encoded(message); this->stats[STAT_OUTBOUND] = time_monotonic(NULL); message->set_ike_sa_id(message, this->ike_sa_id); - charon->bus->message(charon->bus, message, FALSE, TRUE); + if (!pre_generated) + { + charon->bus->message(charon->bus, message, FALSE, TRUE); + } status = message->fragment(message, this->keymat, this->fragment_size, &fragments); if (status == SUCCESS) { - charon->bus->message(charon->bus, message, FALSE, FALSE); + if (!pre_generated) + { + charon->bus->message(charon->bus, message, FALSE, FALSE); + } *packets = enumerator_create_filter(fragments, (void*)filter_fragments, this, NULL); } @@ -1432,7 +1441,7 @@ static void resolve_hosts(private_ike_sa_t *this) } METHOD(ike_sa_t, initiate, status_t, - private_ike_sa_t *this, child_cfg_t *child_cfg, u_int32_t reqid, + private_ike_sa_t *this, child_cfg_t *child_cfg, uint32_t reqid, traffic_selector_t *tsi, traffic_selector_t *tsr) { bool defer_initiate = FALSE; @@ -1642,7 +1651,7 @@ METHOD(ike_sa_t, add_child_sa, void, } METHOD(ike_sa_t, get_child_sa, child_sa_t*, - private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi, bool inbound) + private_ike_sa_t *this, protocol_id_t protocol, uint32_t spi, bool inbound) { enumerator_t *enumerator; child_sa_t *current, *found = NULL; @@ -1721,7 +1730,7 @@ METHOD(ike_sa_t, remove_child_sa, void, } METHOD(ike_sa_t, rekey_child_sa, status_t, - private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi) + private_ike_sa_t *this, protocol_id_t protocol, uint32_t spi) { if (this->state == IKE_PASSIVE) { @@ -1732,7 +1741,7 @@ METHOD(ike_sa_t, rekey_child_sa, status_t, } METHOD(ike_sa_t, delete_child_sa, status_t, - private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi, bool expired) + private_ike_sa_t *this, protocol_id_t protocol, uint32_t spi, bool expired) { if (this->state == IKE_PASSIVE) { @@ -1744,7 +1753,7 @@ METHOD(ike_sa_t, delete_child_sa, status_t, } METHOD(ike_sa_t, destroy_child_sa, status_t, - private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi) + private_ike_sa_t *this, protocol_id_t protocol, uint32_t spi) { enumerator_t *enumerator; child_sa_t *child_sa; @@ -2301,7 +2310,7 @@ METHOD(ike_sa_t, redirect, status_t, } METHOD(ike_sa_t, retransmit, status_t, - private_ike_sa_t *this, u_int32_t message_id) + private_ike_sa_t *this, uint32_t message_id) { if (this->state == IKE_PASSIVE) { @@ -2316,7 +2325,7 @@ METHOD(ike_sa_t, retransmit, status_t, case IKE_CONNECTING: { /* retry IKE_SA_INIT/Main Mode if we have multiple keyingtries */ - u_int32_t tries = this->peer_cfg->get_keyingtries(this->peer_cfg); + uint32_t tries = this->peer_cfg->get_keyingtries(this->peer_cfg); charon->bus->alert(charon->bus, ALERT_PEER_INIT_UNREACHABLE, this->keyingtry); this->keyingtry++; @@ -2348,7 +2357,8 @@ METHOD(ike_sa_t, retransmit, status_t, reestablish(this); break; } - if (this->state != IKE_CONNECTING) + if (this->state != IKE_CONNECTING && + this->state != IKE_REKEYED) { charon->bus->ike_updown(charon->bus, &this->public, FALSE); } @@ -2358,9 +2368,9 @@ METHOD(ike_sa_t, retransmit, status_t, } METHOD(ike_sa_t, set_auth_lifetime, status_t, - private_ike_sa_t *this, u_int32_t lifetime) + private_ike_sa_t *this, uint32_t lifetime) { - u_int32_t diff, hard, soft, now; + uint32_t diff, hard, soft, now; bool send_update; diff = this->peer_cfg->get_over_time(this->peer_cfg); @@ -2500,6 +2510,7 @@ METHOD(ike_sa_t, roam, status_t, case IKE_DELETING: case IKE_DESTROYING: case IKE_PASSIVE: + case IKE_REKEYED: return SUCCESS; default: break; @@ -2609,6 +2620,12 @@ METHOD(ike_sa_t, queue_task, void, this->task_manager->queue_task(this->task_manager, task); } +METHOD(ike_sa_t, queue_task_delayed, void, + private_ike_sa_t *this, task_t *task, uint32_t delay) +{ + this->task_manager->queue_task_delayed(this->task_manager, task, delay); +} + METHOD(ike_sa_t, inherit_pre, void, private_ike_sa_t *this, ike_sa_t *other_public) { @@ -2927,6 +2944,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator, .create_task_enumerator = _create_task_enumerator, .flush_queue = _flush_queue, .queue_task = _queue_task, + .queue_task_delayed = _queue_task_delayed, #ifdef ME .act_as_mediation_server = _act_as_mediation_server, .get_server_reflexive_host = _get_server_reflexive_host, diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h index 836360e3c..6f5040d7c 100644 --- a/src/libcharon/sa/ike_sa.h +++ b/src/libcharon/sa/ike_sa.h @@ -1,9 +1,9 @@ /* - * Copyright (C) 2006-2015 Tobias Brunner + * Copyright (C) 2006-2016 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -58,12 +58,12 @@ typedef struct ike_sa_t ike_sa_t; /** * After which time rekeying should be retried if it failed, in seconds. */ -#define RETRY_INTERVAL 30 +#define RETRY_INTERVAL 15 /** * Jitter to subtract from RETRY_INTERVAL to randomize rekey retry. */ -#define RETRY_JITTER 20 +#define RETRY_JITTER 10 /** * Number of redirects allowed within REDIRECT_LOOP_DETECT_PERIOD. @@ -308,6 +308,11 @@ enum ike_sa_state_t { */ IKE_REKEYING, + /** + * IKE_SA has been rekeyed (or is redundant) + */ + IKE_REKEYED, + /** * IKE_SA is in progress of deletion */ @@ -353,7 +358,7 @@ struct ike_sa_t { * * @return unique ID */ - u_int32_t (*get_unique_id) (ike_sa_t *this); + uint32_t (*get_unique_id) (ike_sa_t *this); /** * Get the state of the IKE_SA. @@ -382,7 +387,7 @@ struct ike_sa_t { * @param kind kind of requested value * @return value as integer */ - u_int32_t (*get_statistic)(ike_sa_t *this, statistic_t kind); + uint32_t (*get_statistic)(ike_sa_t *this, statistic_t kind); /** * Set statistic value of the IKE_SA. @@ -390,7 +395,7 @@ struct ike_sa_t { * @param kind kind of value to update * @param value value as integer */ - void (*set_statistic)(ike_sa_t *this, statistic_t kind, u_int32_t value); + void (*set_statistic)(ike_sa_t *this, statistic_t kind, uint32_t value); /** * Get the own host address. @@ -557,7 +562,7 @@ struct ike_sa_t { * @param initiate TRUE to set message ID for initiating * @param mid message id to set */ - void (*set_message_id)(ike_sa_t *this, bool initiate, u_int32_t mid); + void (*set_message_id)(ike_sa_t *this, bool initiate, uint32_t mid); /** * Add an additional address for the peer. @@ -630,14 +635,14 @@ struct ike_sa_t { * * @return number of pending updates */ - u_int32_t (*get_pending_updates)(ike_sa_t *this); + uint32_t (*get_pending_updates)(ike_sa_t *this); /** * Set the number of queued MOBIKE address updates. * * @param updates number of pending updates */ - void (*set_pending_updates)(ike_sa_t *this, u_int32_t updates); + void (*set_pending_updates)(ike_sa_t *this, uint32_t updates); #ifdef ME /** @@ -752,7 +757,7 @@ struct ike_sa_t { * - DESTROY_ME if initialization failed */ status_t (*initiate) (ike_sa_t *this, child_cfg_t *child_cfg, - u_int32_t reqid, traffic_selector_t *tsi, + uint32_t reqid, traffic_selector_t *tsi, traffic_selector_t *tsr); /** @@ -850,7 +855,7 @@ struct ike_sa_t { * - SUCCESS * - NOT_FOUND if request doesn't have to be retransmited */ - status_t (*retransmit) (ike_sa_t *this, u_int32_t message_id); + status_t (*retransmit) (ike_sa_t *this, uint32_t message_id); /** * Sends a DPD request to the peer. @@ -924,7 +929,7 @@ struct ike_sa_t { * @return child_sa, or NULL if none found */ child_sa_t* (*get_child_sa) (ike_sa_t *this, protocol_id_t protocol, - u_int32_t spi, bool inbound); + uint32_t spi, bool inbound); /** * Get the number of CHILD_SAs. @@ -958,7 +963,7 @@ struct ike_sa_t { * - NOT_FOUND, if IKE_SA has no such CHILD_SA * - SUCCESS, if rekeying initiated */ - status_t (*rekey_child_sa) (ike_sa_t *this, protocol_id_t protocol, u_int32_t spi); + status_t (*rekey_child_sa) (ike_sa_t *this, protocol_id_t protocol, uint32_t spi); /** * Close the CHILD SA with the specified protocol/SPI. @@ -975,7 +980,7 @@ struct ike_sa_t { * - SUCCESS, if delete message sent */ status_t (*delete_child_sa)(ike_sa_t *this, protocol_id_t protocol, - u_int32_t spi, bool expired); + uint32_t spi, bool expired); /** * Destroy a CHILD SA with the specified protocol/SPI. @@ -988,7 +993,7 @@ struct ike_sa_t { * - NOT_FOUND, if IKE_SA has no such CHILD_SA * - SUCCESS */ - status_t (*destroy_child_sa) (ike_sa_t *this, protocol_id_t protocol, u_int32_t spi); + status_t (*destroy_child_sa) (ike_sa_t *this, protocol_id_t protocol, uint32_t spi); /** * Rekey the IKE_SA. @@ -1028,7 +1033,7 @@ struct ike_sa_t { * @param lifetime lifetime in seconds * @return DESTROY_ME to destroy the IKE_SA */ - status_t (*set_auth_lifetime)(ike_sa_t *this, u_int32_t lifetime); + status_t (*set_auth_lifetime)(ike_sa_t *this, uint32_t lifetime); /** * Add a virtual IP to use for this IKE_SA and its children. @@ -1118,6 +1123,15 @@ struct ike_sa_t { */ void (*queue_task)(ike_sa_t *this, task_t *task); + /** + * Queue a task in the manager, but delay its initiation for at least the + * given number of seconds. + * + * @param task task to queue + * @param delay minimum delay in s before initiating the task + */ + void (*queue_task_delayed)(ike_sa_t *this, task_t *task, uint32_t delay); + /** * Inherit required attributes to new SA before rekeying. * diff --git a/src/libcharon/sa/ike_sa_id.c b/src/libcharon/sa/ike_sa_id.c index e52086483..b4e66ed73 100644 --- a/src/libcharon/sa/ike_sa_id.c +++ b/src/libcharon/sa/ike_sa_id.c @@ -34,17 +34,17 @@ struct private_ike_sa_id_t { /** * Major IKE version of IKE_SA. */ - u_int8_t ike_version; + uint8_t ike_version; /** * SPI of initiator. */ - u_int64_t initiator_spi; + uint64_t initiator_spi; /** * SPI of responder. */ - u_int64_t responder_spi; + uint64_t responder_spi; /** * Role for specific IKE_SA. @@ -52,31 +52,31 @@ struct private_ike_sa_id_t { bool is_initiator_flag; }; -METHOD(ike_sa_id_t, get_ike_version, u_int8_t, +METHOD(ike_sa_id_t, get_ike_version, uint8_t, private_ike_sa_id_t *this) { return this->ike_version; } METHOD(ike_sa_id_t, set_responder_spi, void, - private_ike_sa_id_t *this, u_int64_t responder_spi) + private_ike_sa_id_t *this, uint64_t responder_spi) { this->responder_spi = responder_spi; } METHOD(ike_sa_id_t, set_initiator_spi, void, - private_ike_sa_id_t *this, u_int64_t initiator_spi) + private_ike_sa_id_t *this, uint64_t initiator_spi) { this->initiator_spi = initiator_spi; } -METHOD(ike_sa_id_t, get_initiator_spi, u_int64_t, +METHOD(ike_sa_id_t, get_initiator_spi, uint64_t, private_ike_sa_id_t *this) { return this->initiator_spi; } -METHOD(ike_sa_id_t, get_responder_spi, u_int64_t, +METHOD(ike_sa_id_t, get_responder_spi, uint64_t, private_ike_sa_id_t *this) { return this->responder_spi; @@ -134,8 +134,8 @@ METHOD(ike_sa_id_t, destroy, void, /* * Described in header. */ -ike_sa_id_t * ike_sa_id_create(u_int8_t ike_version, u_int64_t initiator_spi, - u_int64_t responder_spi, bool is_initiator_flag) +ike_sa_id_t * ike_sa_id_create(uint8_t ike_version, uint64_t initiator_spi, + uint64_t responder_spi, bool is_initiator_flag) { private_ike_sa_id_t *this; diff --git a/src/libcharon/sa/ike_sa_id.h b/src/libcharon/sa/ike_sa_id.h index 5eb754e95..b3a9ef61f 100644 --- a/src/libcharon/sa/ike_sa_id.h +++ b/src/libcharon/sa/ike_sa_id.h @@ -41,7 +41,7 @@ struct ike_sa_id_t { * * @return IKE version */ - u_int8_t (*get_ike_version) (ike_sa_id_t *this); + uint8_t (*get_ike_version) (ike_sa_id_t *this); /** * Set the SPI of the responder. @@ -50,28 +50,28 @@ struct ike_sa_id_t { * * @param responder_spi SPI of responder to set */ - void (*set_responder_spi) (ike_sa_id_t *this, u_int64_t responder_spi); + void (*set_responder_spi) (ike_sa_id_t *this, uint64_t responder_spi); /** * Set the SPI of the initiator. * * @param initiator_spi SPI to set */ - void (*set_initiator_spi) (ike_sa_id_t *this, u_int64_t initiator_spi); + void (*set_initiator_spi) (ike_sa_id_t *this, uint64_t initiator_spi); /** * Get the initiator SPI. * * @return SPI of the initiator */ - u_int64_t (*get_initiator_spi) (ike_sa_id_t *this); + uint64_t (*get_initiator_spi) (ike_sa_id_t *this); /** * Get the responder SPI. * * @return SPI of the responder */ - u_int64_t (*get_responder_spi) (ike_sa_id_t *this); + uint64_t (*get_responder_spi) (ike_sa_id_t *this); /** * Check if two ike_sa_id_t objects are equal. @@ -131,7 +131,7 @@ struct ike_sa_id_t { * @param is_initiaor TRUE if we are the original initiator * @return ike_sa_id_t object */ -ike_sa_id_t * ike_sa_id_create(u_int8_t ike_version, u_int64_t initiator_spi, - u_int64_t responder_spi, bool is_initiaor); +ike_sa_id_t * ike_sa_id_create(uint8_t ike_version, uint64_t initiator_spi, + uint64_t responder_spi, bool is_initiaor); #endif /** IKE_SA_ID_H_ @}*/ diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c index 307ea3b4a..ce44207c4 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -113,7 +113,7 @@ struct entry_t { /** * message ID or hash of currently processing message, -1 if none */ - u_int32_t processing; + uint32_t processing; }; /** @@ -265,7 +265,7 @@ struct init_hash_t { chunk_t hash; /** our SPI allocated for the IKE_SA based on this message */ - u_int64_t our_spi; + uint64_t our_spi; }; typedef struct segment_t segment_t; @@ -977,9 +977,9 @@ static void remove_connected_peers(private_ike_sa_manager_t *this, entry_t *entr /** * Get a random SPI for new IKE_SAs */ -static u_int64_t get_spi(private_ike_sa_manager_t *this) +static uint64_t get_spi(private_ike_sa_manager_t *this) { - u_int64_t spi; + uint64_t spi; this->spi_lock->read_lock(this->spi_lock); if (this->spi_cb.cb) @@ -987,7 +987,7 @@ static u_int64_t get_spi(private_ike_sa_manager_t *this) spi = this->spi_cb.cb(this->spi_cb.data); } else if (!this->rng || - !this->rng->get_bytes(this->rng, sizeof(spi), (u_int8_t*)&spi)) + !this->rng->get_bytes(this->rng, sizeof(spi), (uint8_t*)&spi)) { spi = 0; } @@ -1007,8 +1007,8 @@ static bool get_init_hash(hasher_t *hasher, message_t *message, chunk_t *hash) if (message->get_first_payload_type(message) == PLV1_FRAGMENT) { /* only hash the source IP, port and SPI for fragmented init messages */ - u_int16_t port; - u_int64_t spi; + uint16_t port; + uint64_t spi; src = message->get_source(message); if (!hasher->allocate_hash(hasher, src->get_address(src), NULL)) @@ -1050,13 +1050,13 @@ static bool get_init_hash(hasher_t *hasher, message_t *message, chunk_t *hash) * FAILED if the SPI allocation failed */ static status_t check_and_put_init_hash(private_ike_sa_manager_t *this, - chunk_t init_hash, u_int64_t *our_spi) + chunk_t init_hash, uint64_t *our_spi) { table_item_t *item; u_int row, segment; mutex_t *mutex; init_hash_t *init; - u_int64_t spi; + uint64_t spi; row = chunk_hash(init_hash) & this->table_mask; segment = row & this->segment_mask; @@ -1174,8 +1174,8 @@ METHOD(ike_sa_manager_t, checkout_new, ike_sa_t*, { ike_sa_id_t *ike_sa_id; ike_sa_t *ike_sa; - u_int8_t ike_version; - u_int64_t spi; + uint8_t ike_version; + uint64_t spi; ike_version = version == IKEV1 ? IKEV1_MAJOR_VERSION : IKEV2_MAJOR_VERSION; @@ -1208,7 +1208,7 @@ METHOD(ike_sa_manager_t, checkout_new, ike_sa_t*, /** * Get the message ID or message hash to detect early retransmissions */ -static u_int32_t get_message_id_or_hash(message_t *message) +static uint32_t get_message_id_or_hash(message_t *message) { if (message->get_major_version(message) == IKEV1_MAJOR_VERSION) { @@ -1273,7 +1273,7 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*, if (is_init) { hasher_t *hasher; - u_int64_t our_spi; + uint64_t our_spi; chunk_t hash; hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); @@ -1415,7 +1415,8 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, { continue; } - if (entry->ike_sa->get_state(entry->ike_sa) == IKE_DELETING) + if (entry->ike_sa->get_state(entry->ike_sa) == IKE_DELETING || + entry->ike_sa->get_state(entry->ike_sa) == IKE_REKEYED) { /* skip IKE_SAs which are not usable, wake other waiting threads */ entry->condvar->signal(entry->condvar); continue; @@ -1455,7 +1456,7 @@ out: } METHOD(ike_sa_manager_t, checkout_by_id, ike_sa_t*, - private_ike_sa_manager_t *this, u_int32_t id) + private_ike_sa_manager_t *this, uint32_t id) { enumerator_t *enumerator; entry_t *entry; @@ -2094,10 +2095,41 @@ METHOD(ike_sa_manager_t, set_spi_cb, void, this->spi_lock->unlock(this->spi_lock); } +/** + * Destroy all entries + */ +static void destroy_all_entries(private_ike_sa_manager_t *this) +{ + enumerator_t *enumerator; + entry_t *entry; + u_int segment; + + enumerator = create_table_enumerator(this); + while (enumerator->enumerate(enumerator, &entry, &segment)) + { + charon->bus->set_sa(charon->bus, entry->ike_sa); + if (entry->half_open) + { + remove_half_open(this, entry); + } + if (entry->my_id && entry->other_id) + { + remove_connected_peers(this, entry); + } + if (entry->init_hash.ptr) + { + remove_init_hash(this, entry->init_hash); + } + remove_entry_at((private_enumerator_t*)enumerator); + entry_destroy(entry); + } + enumerator->destroy(enumerator); + charon->bus->set_sa(charon->bus, NULL); +} + METHOD(ike_sa_manager_t, flush, void, private_ike_sa_manager_t *this) { - /* destroy all list entries */ enumerator_t *enumerator; entry_t *entry; u_int segment; @@ -2153,31 +2185,11 @@ METHOD(ike_sa_manager_t, flush, void, DBG2(DBG_MGR, "destroy all entries"); /* Step 4: destroy all entries */ - enumerator = create_table_enumerator(this); - while (enumerator->enumerate(enumerator, &entry, &segment)) - { - charon->bus->set_sa(charon->bus, entry->ike_sa); - if (entry->half_open) - { - remove_half_open(this, entry); - } - if (entry->my_id && entry->other_id) - { - remove_connected_peers(this, entry); - } - if (entry->init_hash.ptr) - { - remove_init_hash(this, entry->init_hash); - } - remove_entry_at((private_enumerator_t*)enumerator); - entry_destroy(entry); - } - enumerator->destroy(enumerator); - charon->bus->set_sa(charon->bus, NULL); + destroy_all_entries(this); unlock_all_segments(this); this->spi_lock->write_lock(this->spi_lock); - this->rng->destroy(this->rng); + DESTROY_IF(this->rng); this->rng = NULL; this->spi_cb.cb = NULL; this->spi_cb.data = NULL; @@ -2189,7 +2201,11 @@ METHOD(ike_sa_manager_t, destroy, void, { u_int i; - /* these are already cleared in flush() above */ + /* in case new SAs were checked in after flush() was called */ + lock_all_segments(this); + destroy_all_entries(this); + unlock_all_segments(this); + free(this->ike_sa_table); free(this->half_open_table); free(this->connected_peers_table); diff --git a/src/libcharon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h index f1b7c2579..4298c54e2 100644 --- a/src/libcharon/sa/ike_sa_manager.h +++ b/src/libcharon/sa/ike_sa_manager.h @@ -38,7 +38,7 @@ typedef struct ike_sa_manager_t ike_sa_manager_t; * @param data data supplied during registration of the callback * @return allocated SPI, 0 on failure */ -typedef u_int64_t (*spi_cb_t)(void *data); +typedef uint64_t (*spi_cb_t)(void *data); /** * Manages and synchronizes access to all IKE_SAs. @@ -147,7 +147,7 @@ struct ike_sa_manager_t { * - checked out IKE_SA, if found * - NULL, if not found */ - ike_sa_t* (*checkout_by_id) (ike_sa_manager_t* this, u_int32_t id); + ike_sa_t* (*checkout_by_id) (ike_sa_manager_t* this, uint32_t id); /** * Check out an IKE_SA by the policy/connection name. diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c index e428966ad..be6b03bef 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.c +++ b/src/libcharon/sa/ikev1/keymat_v1.c @@ -32,7 +32,7 @@ typedef struct private_keymat_v1_t private_keymat_v1_t; */ typedef struct { /** message ID */ - u_int32_t mid; + uint32_t mid; /** current IV */ chunk_t iv; /** last block of encrypted message */ @@ -128,7 +128,7 @@ static void iv_data_destroy(iv_data_t *this) */ typedef struct { /** message ID */ - u_int32_t mid; + uint32_t mid; /** Ni_b (Nonce from first message) */ chunk_t n_i; /** Nr_b (Nonce from second message) */ @@ -272,7 +272,7 @@ static bool expand_skeyid_e(chunk_t skeyid_e, size_t key_size, prf_t *prf, static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e) { private_aead_t *this; - u_int16_t alg, key_size; + uint16_t alg, key_size; crypter_t *crypter; chunk_t ka; @@ -324,7 +324,7 @@ static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e) /** * Converts integrity algorithm to PRF algorithm */ -static u_int16_t auth_to_prf(u_int16_t alg) +static uint16_t auth_to_prf(uint16_t alg) { switch (alg) { @@ -348,7 +348,7 @@ static u_int16_t auth_to_prf(u_int16_t alg) /** * Converts integrity algorithm to hash algorithm */ -static u_int16_t auth_to_hash(u_int16_t alg) +static uint16_t auth_to_hash(uint16_t alg) { switch (alg) { @@ -370,7 +370,7 @@ static u_int16_t auth_to_hash(u_int16_t alg) /** * Adjust the key length for PRF algorithms that expect a fixed key length. */ -static void adjust_keylen(u_int16_t alg, chunk_t *key) +static void adjust_keylen(uint16_t alg, chunk_t *key) { switch (alg) { @@ -393,10 +393,10 @@ METHOD(keymat_v1_t, derive_ike_keys, bool, { chunk_t g_xy, g_xi, g_xr, dh_me, spi_i, spi_r, nonces, data, skeyid_e; chunk_t skeyid; - u_int16_t alg; + uint16_t alg; - spi_i = chunk_alloca(sizeof(u_int64_t)); - spi_r = chunk_alloca(sizeof(u_int64_t)); + spi_i = chunk_alloca(sizeof(uint64_t)); + spi_r = chunk_alloca(sizeof(uint64_t)); if (!proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &alg, NULL)) { /* no PRF negotiated, use HMAC version of integrity algorithm instead */ @@ -431,8 +431,8 @@ METHOD(keymat_v1_t, derive_ike_keys, bool, } DBG4(DBG_IKE, "shared Diffie Hellman secret %B", &g_xy); - *((u_int64_t*)spi_i.ptr) = id->get_initiator_spi(id); - *((u_int64_t*)spi_r.ptr) = id->get_responder_spi(id); + *((uint64_t*)spi_i.ptr) = id->get_initiator_spi(id); + *((uint64_t*)spi_r.ptr) = id->get_responder_spi(id); nonces = chunk_cata("cc", nonce_i, nonce_r); switch (auth) @@ -585,11 +585,11 @@ METHOD(keymat_v1_t, derive_ike_keys, bool, METHOD(keymat_v1_t, derive_child_keys, bool, private_keymat_v1_t *this, proposal_t *proposal, diffie_hellman_t *dh, - u_int32_t spi_i, u_int32_t spi_r, chunk_t nonce_i, chunk_t nonce_r, + uint32_t spi_i, uint32_t spi_r, chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i, chunk_t *encr_r, chunk_t *integ_r) { - u_int16_t enc_alg, int_alg, enc_size = 0, int_size = 0; - u_int8_t protocol; + uint16_t enc_alg, int_alg, enc_size = 0, int_size = 0; + uint8_t protocol; prf_plus_t *prf_plus; chunk_t seed, secret = chunk_empty; bool success = FALSE; @@ -725,7 +725,7 @@ failure: METHOD(keymat_v1_t, create_hasher, bool, private_keymat_v1_t *this, proposal_t *proposal) { - u_int16_t alg; + uint16_t alg; if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL) || (alg = auth_to_hash(alg)) == HASH_UNKNOWN) { @@ -754,7 +754,7 @@ METHOD(keymat_v1_t, get_hash, bool, ike_sa_id_t *ike_sa_id, chunk_t sa_i, chunk_t id, chunk_t *hash) { chunk_t data; - u_int64_t spi, spi_other; + uint64_t spi, spi_other; /* HASH_I = prf(SKEYID, g^xi | g^xr | CKY-I | CKY-R | SAi_b | IDii_b ) * HASH_R = prf(SKEYID, g^xr | g^xi | CKY-R | CKY-I | SAi_b | IDir_b ) @@ -810,7 +810,7 @@ static chunk_t get_message_data(message_t *message, generator_t *generator) { payload_t *payload, *next; enumerator_t *enumerator; - u_int32_t *lenpos; + uint32_t *lenpos; if (message->is_encoded(message)) { /* inbound, although the message is generated, we cannot access the @@ -850,7 +850,7 @@ static chunk_t get_message_data(message_t *message, generator_t *generator) * Try to find data about a Quick Mode with the given message ID, * if none is found, state is generated. */ -static qm_data_t *lookup_quick_mode(private_keymat_v1_t *this, u_int32_t mid) +static qm_data_t *lookup_quick_mode(private_keymat_v1_t *this, uint32_t mid) { enumerator_t *enumerator; qm_data_t *qm, *found = NULL; @@ -885,7 +885,7 @@ static qm_data_t *lookup_quick_mode(private_keymat_v1_t *this, u_int32_t mid) METHOD(keymat_v1_t, get_hash_phase2, bool, private_keymat_v1_t *this, message_t *message, chunk_t *hash) { - u_int32_t mid, mid_n; + uint32_t mid, mid_n; chunk_t data = chunk_empty; bool add_message = TRUE; char *name = "Hash"; @@ -993,7 +993,7 @@ static bool generate_iv(private_keymat_v1_t *this, iv_data_t *iv) else { /* initial phase 2 IV = hash(last_phase1_block | mid) */ - u_int32_t net;; + uint32_t net;; chunk_t data; net = htonl(iv->mid); @@ -1014,7 +1014,7 @@ static bool generate_iv(private_keymat_v1_t *this, iv_data_t *iv) /** * Try to find an IV for the given message ID, if not found, generate it. */ -static iv_data_t *lookup_iv(private_keymat_v1_t *this, u_int32_t mid) +static iv_data_t *lookup_iv(private_keymat_v1_t *this, uint32_t mid) { enumerator_t *enumerator; iv_data_t *iv, *found = NULL; @@ -1057,7 +1057,7 @@ static iv_data_t *lookup_iv(private_keymat_v1_t *this, u_int32_t mid) } METHOD(keymat_v1_t, get_iv, bool, - private_keymat_v1_t *this, u_int32_t mid, chunk_t *out) + private_keymat_v1_t *this, uint32_t mid, chunk_t *out) { iv_data_t *iv; @@ -1071,7 +1071,7 @@ METHOD(keymat_v1_t, get_iv, bool, } METHOD(keymat_v1_t, update_iv, bool, - private_keymat_v1_t *this, u_int32_t mid, chunk_t last_block) + private_keymat_v1_t *this, uint32_t mid, chunk_t last_block) { iv_data_t *iv = lookup_iv(this, mid); if (iv) @@ -1084,7 +1084,7 @@ METHOD(keymat_v1_t, update_iv, bool, } METHOD(keymat_v1_t, confirm_iv, bool, - private_keymat_v1_t *this, u_int32_t mid) + private_keymat_v1_t *this, uint32_t mid) { iv_data_t *iv = lookup_iv(this, mid); if (iv) diff --git a/src/libcharon/sa/ikev1/keymat_v1.h b/src/libcharon/sa/ikev1/keymat_v1.h index cc9f3b339..46eeea8b6 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.h +++ b/src/libcharon/sa/ikev1/keymat_v1.h @@ -72,7 +72,7 @@ struct keymat_v1_t { * @param integ_r allocated responders integrity key */ bool (*derive_child_keys)(keymat_v1_t *this, proposal_t *proposal, - diffie_hellman_t *dh, u_int32_t spi_i, u_int32_t spi_r, + diffie_hellman_t *dh, uint32_t spi_i, uint32_t spi_r, chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i, chunk_t *encr_r, chunk_t *integ_r); @@ -127,7 +127,7 @@ struct keymat_v1_t { * @param iv chunk receiving IV, internal data * @return TRUE if IV allocated successfully */ - bool (*get_iv)(keymat_v1_t *this, u_int32_t mid, chunk_t *iv); + bool (*get_iv)(keymat_v1_t *this, uint32_t mid, chunk_t *iv); /** * Updates the IV for the next message with the given message ID. @@ -141,7 +141,7 @@ struct keymat_v1_t { * @param last_block last block of encrypted message (gets cloned) * @return TRUE if IV updated successfully */ - bool (*update_iv)(keymat_v1_t *this, u_int32_t mid, chunk_t last_block); + bool (*update_iv)(keymat_v1_t *this, uint32_t mid, chunk_t last_block); /** * Confirms the updated IV for the given message ID. @@ -152,7 +152,7 @@ struct keymat_v1_t { * @param mid message ID * @return TRUE if IV confirmed successfully */ - bool (*confirm_iv)(keymat_v1_t *this, u_int32_t mid); + bool (*confirm_iv)(keymat_v1_t *this, uint32_t mid); }; /** diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 3c601a4fa..b0c4f5f84 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2007-2015 Tobias Brunner + * Copyright (C) 2007-2016 Tobias Brunner * Copyright (C) 2007-2011 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -67,7 +67,7 @@ struct exchange_t { /** * Message ID used for this transaction */ - u_int32_t mid; + uint32_t mid; /** * generated packet for retransmission @@ -104,12 +104,12 @@ struct private_task_manager_t { /** * Message ID of the last response */ - u_int32_t mid; + uint32_t mid; /** * Hash of a previously received message */ - u_int32_t hash; + uint32_t hash; /** * packet(s) for retransmission @@ -119,7 +119,7 @@ struct private_task_manager_t { /** * Sequence number of the last sent message */ - u_int32_t seqnr; + uint32_t seqnr; /** * how many times we have retransmitted so far @@ -135,12 +135,12 @@ struct private_task_manager_t { /** * Message ID of the exchange */ - u_int32_t mid; + uint32_t mid; /** * Hashes of old responses we can ignore */ - u_int32_t old_hashes[MAX_OLD_HASHES]; + uint32_t old_hashes[MAX_OLD_HASHES]; /** * Position in old hash array @@ -150,7 +150,7 @@ struct private_task_manager_t { /** * Sequence number of the last sent message */ - u_int32_t seqnr; + uint32_t seqnr; /** * how many times we have retransmitted so far @@ -212,12 +212,12 @@ struct private_task_manager_t { /** * Sequence number for sending DPD requests */ - u_int32_t dpd_send; + uint32_t dpd_send; /** * Sequence number for received DPD requests */ - u_int32_t dpd_recv; + uint32_t dpd_recv; }; /** @@ -341,11 +341,11 @@ static bool generate_message(private_task_manager_t *this, message_t *message, /** * Retransmit a packet (or its fragments) */ -static status_t retransmit_packet(private_task_manager_t *this, u_int32_t seqnr, +static status_t retransmit_packet(private_task_manager_t *this, uint32_t seqnr, u_int mid, u_int retransmitted, array_t *packets) { packet_t *packet; - u_int32_t t; + uint32_t t; array_get(packets, 0, &packet); if (retransmitted > this->retransmit_tries) @@ -354,14 +354,15 @@ static status_t retransmit_packet(private_task_manager_t *this, u_int32_t seqnr, charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_TIMEOUT, packet); return DESTROY_ME; } - t = (u_int32_t)(this->retransmit_timeout * 1000.0 * + t = (uint32_t)(this->retransmit_timeout * 1000.0 * pow(this->retransmit_base, retransmitted)); if (retransmitted) { DBG1(DBG_IKE, "sending retransmit %u of %s message ID %u, seq %u", retransmitted, seqnr < RESPONDING_SEQ ? "request" : "response", mid, seqnr < RESPONDING_SEQ ? seqnr : seqnr - RESPONDING_SEQ); - charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet); + charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet, + retransmitted); } send_packets(this, packets); lib->scheduler->schedule_job_ms(lib->scheduler, (job_t*) @@ -370,7 +371,7 @@ static status_t retransmit_packet(private_task_manager_t *this, u_int32_t seqnr, } METHOD(task_manager_t, retransmit, status_t, - private_task_manager_t *this, u_int32_t seqnr) + private_task_manager_t *this, uint32_t seqnr) { status_t status = SUCCESS; @@ -514,26 +515,26 @@ METHOD(task_manager_t, initiate, status_t, new_mid = TRUE; break; } - if (!mode_config_expected(this) && - activate_task(this, TASK_QUICK_MODE)) + if (activate_task(this, TASK_ISAKMP_DELETE)) { - exchange = QUICK_MODE; + exchange = INFORMATIONAL_V1; new_mid = TRUE; break; } - if (activate_task(this, TASK_INFORMATIONAL)) + if (activate_task(this, TASK_QUICK_DELETE)) { exchange = INFORMATIONAL_V1; new_mid = TRUE; break; } - if (activate_task(this, TASK_QUICK_DELETE)) + if (!mode_config_expected(this) && + activate_task(this, TASK_QUICK_MODE)) { - exchange = INFORMATIONAL_V1; + exchange = QUICK_MODE; new_mid = TRUE; break; } - if (activate_task(this, TASK_ISAKMP_DELETE)) + if (activate_task(this, TASK_INFORMATIONAL)) { exchange = INFORMATIONAL_V1; new_mid = TRUE; @@ -807,7 +808,7 @@ static void send_notify(private_task_manager_t *this, message_t *request, message_t *response; array_t *packets = NULL; host_t *me, *other; - u_int32_t mid; + uint32_t mid; if (request->get_exchange_type(request) == INFORMATIONAL_V1) { /* don't respond to INFORMATIONAL requests to avoid a notify war */ @@ -857,7 +858,7 @@ static bool process_dpd(private_task_manager_t *this, message_t *message) { notify_payload_t *notify; notify_type_t type; - u_int32_t seq; + uint32_t seq; chunk_t data; type = DPD_R_U_THERE; @@ -910,7 +911,7 @@ static bool process_dpd(private_task_manager_t *this, message_t *message) * Check if we already have a quick mode task queued for the exchange with the * given message ID */ -static bool have_quick_mode_task(private_task_manager_t *this, u_int32_t mid) +static bool have_quick_mode_task(private_task_manager_t *this, uint32_t mid) { enumerator_t *enumerator; quick_mode_t *qm; @@ -935,9 +936,9 @@ static bool have_quick_mode_task(private_task_manager_t *this, u_int32_t mid) } /** - * Check if we still have an aggressive mode task queued + * Check if we still have a specific task queued */ -static bool have_aggressive_mode_task(private_task_manager_t *this) +static bool have_task_queued(private_task_manager_t *this, task_type_t type) { enumerator_t *enumerator; task_t *task; @@ -946,7 +947,7 @@ static bool have_aggressive_mode_task(private_task_manager_t *this) enumerator = this->passive_tasks->create_enumerator(this->passive_tasks); while (enumerator->enumerate(enumerator, &task)) { - if (task->get_type(task) == TASK_AGGRESSIVE_MODE) + if (task->get_type(task) == type) { found = TRUE; break; @@ -1180,6 +1181,12 @@ static status_t process_response(private_task_manager_t *this, } enumerator->destroy(enumerator); + if (this->initiating.retransmitted) + { + packet_t *packet = NULL; + array_get(this->initiating.packets, 0, &packet); + charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_CLEARED, packet); + } this->initiating.type = EXCHANGE_TYPE_UNDEFINED; clear_packets(this->initiating.packets); @@ -1305,7 +1312,7 @@ static status_t queue_message(private_task_manager_t *this, message_t *msg) METHOD(task_manager_t, process_message, status_t, private_task_manager_t *this, message_t *msg) { - u_int32_t hash, mid, i; + uint32_t hash, mid, i; host_t *me, *other; status_t status; @@ -1405,7 +1412,7 @@ METHOD(task_manager_t, process_message, status_t, /* drop XAuth/Mode Config/Quick Mode messages until we received the last * Aggressive Mode message. since Informational messages are not * retransmitted we queue them. */ - if (have_aggressive_mode_task(this)) + if (have_task_queued(this, TASK_AGGRESSIVE_MODE)) { if (msg->get_exchange_type(msg) == INFORMATIONAL_V1) { @@ -1427,6 +1434,13 @@ METHOD(task_manager_t, process_message, status_t, return queue_message(this, msg); } + /* some peers send INITIAL_CONTACT notifies during XAuth, cache it */ + if (have_task_queued(this, TASK_XAUTH) && + msg->get_exchange_type(msg) == INFORMATIONAL_V1) + { + return queue_message(this, msg); + } + msg->set_request(msg, TRUE); charon->bus->message(charon->bus, msg, TRUE, FALSE); status = parse_message(this, msg); @@ -1499,8 +1513,8 @@ static bool has_queued(private_task_manager_t *this, task_type_t type) return found; } -METHOD(task_manager_t, queue_task, void, - private_task_manager_t *this, task_t *task) +METHOD(task_manager_t, queue_task_delayed, void, + private_task_manager_t *this, task_t *task, uint32_t delay) { task_type_t type = task->get_type(task); @@ -1521,6 +1535,12 @@ METHOD(task_manager_t, queue_task, void, this->queued_tasks->insert_last(this->queued_tasks, task); } +METHOD(task_manager_t, queue_task, void, + private_task_manager_t *this, task_t *task) +{ + queue_task_delayed(this, task, 0); +} + METHOD(task_manager_t, queue_ike, void, private_task_manager_t *this) { @@ -1660,7 +1680,7 @@ METHOD(task_manager_t, queue_mobike, void, } METHOD(task_manager_t, queue_child, void, - private_task_manager_t *this, child_cfg_t *cfg, u_int32_t reqid, + private_task_manager_t *this, child_cfg_t *cfg, uint32_t reqid, traffic_selector_t *tsi, traffic_selector_t *tsr) { quick_mode_t *task; @@ -1739,7 +1759,7 @@ static traffic_selector_t* get_first_ts(child_sa_t *child_sa, bool local) } METHOD(task_manager_t, queue_child_rekey, void, - private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi) + private_task_manager_t *this, protocol_id_t protocol, uint32_t spi) { child_sa_t *child_sa; child_cfg_t *cfg; @@ -1754,6 +1774,7 @@ METHOD(task_manager_t, queue_child_rekey, void, { if (is_redundant(this, child_sa)) { + child_sa->set_state(child_sa, CHILD_REKEYED); queue_task(this, (task_t*)quick_delete_create(this->ike_sa, protocol, spi, FALSE, FALSE)); } @@ -1774,7 +1795,7 @@ METHOD(task_manager_t, queue_child_rekey, void, } METHOD(task_manager_t, queue_child_delete, void, - private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi, + private_task_manager_t *this, protocol_id_t protocol, uint32_t spi, bool expired) { queue_task(this, (task_t*)quick_delete_create(this->ike_sa, protocol, @@ -1785,7 +1806,7 @@ METHOD(task_manager_t, queue_dpd, void, private_task_manager_t *this) { peer_cfg_t *peer_cfg; - u_int32_t t, retransmit; + uint32_t t, retransmit; queue_task(this, (task_t*)isakmp_dpd_create(this->ike_sa, DPD_R_U_THERE, this->dpd_send++)); @@ -1798,7 +1819,7 @@ METHOD(task_manager_t, queue_dpd, void, /* use the same timeout as a retransmitting IKE message would have */ for (retransmit = 0; retransmit <= this->retransmit_tries; retransmit++) { - t += (u_int32_t)(this->retransmit_timeout * 1000.0 * + t += (uint32_t)(this->retransmit_timeout * 1000.0 * pow(this->retransmit_base, retransmit)); } } @@ -1871,7 +1892,7 @@ METHOD(task_manager_t, incr_mid, void, } METHOD(task_manager_t, reset, void, - private_task_manager_t *this, u_int32_t initiate, u_int32_t respond) + private_task_manager_t *this, uint32_t initiate, uint32_t respond) { enumerator_t *enumerator; task_t *task; @@ -1960,6 +1981,7 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa) .task_manager = { .process_message = _process_message, .queue_task = _queue_task, + .queue_task_delayed = _queue_task_delayed, .queue_ike = _queue_ike, .queue_ike_rekey = _queue_ike_rekey, .queue_ike_reauth = _queue_ike_reauth, diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c index 710bf1cd2..9b5f676a3 100644 --- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c +++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c @@ -77,7 +77,7 @@ struct private_aggressive_mode_t { /** * Negotiated SA lifetime */ - u_int32_t lifetime; + uint32_t lifetime; /** * Negotiated authentication method @@ -164,7 +164,7 @@ static status_t send_notify(private_aggressive_mode_t *this, notify_type_t type) { notify_payload_t *notify; ike_sa_id_t *ike_sa_id; - u_int64_t spi_i, spi_r; + uint64_t spi_i, spi_r; chunk_t spi; notify = notify_payload_create_from_protocol_and_type(PLV1_NOTIFY, @@ -219,7 +219,7 @@ METHOD(task_t, build_i, status_t, linked_list_t *proposals; identification_t *id; packet_t *packet; - u_int16_t group; + uint16_t group; DBG0(DBG_IKE, "initiating Aggressive Mode IKE_SA %s[%d] to %H", this->ike_sa->get_name(this->ike_sa), @@ -377,7 +377,8 @@ METHOD(task_t, process_r, status_t, id_payload_t *id_payload; identification_t *id; linked_list_t *list; - u_int16_t group; + uint16_t group; + bool prefer_configured; this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); DBG0(DBG_IKE, "%H is initiating a Aggressive Mode IKE_SA", @@ -401,8 +402,10 @@ METHOD(task_t, process_r, status_t, } list = sa_payload->get_proposals(sa_payload); + prefer_configured = lib->settings->get_bool(lib->settings, + "%s.prefer_configured_proposals", TRUE, lib->ns); this->proposal = this->ike_cfg->select_proposal(this->ike_cfg, - list, FALSE); + list, FALSE, prefer_configured); list->destroy_offset(list, offsetof(proposal_t, destroy)); if (!this->proposal) { @@ -629,7 +632,7 @@ METHOD(task_t, process_i, status_t, id_payload_t *id_payload; identification_t *id, *cid; linked_list_t *list; - u_int32_t lifetime; + uint32_t lifetime; sa_payload = (sa_payload_t*)message->get_payload(message, PLV1_SECURITY_ASSOCIATION); @@ -640,7 +643,7 @@ METHOD(task_t, process_i, status_t, } list = sa_payload->get_proposals(sa_payload); this->proposal = this->ike_cfg->select_proposal(this->ike_cfg, - list, FALSE); + list, FALSE, TRUE); list->destroy_offset(list, offsetof(proposal_t, destroy)); if (!this->proposal) { diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_delete.c b/src/libcharon/sa/ikev1/tasks/isakmp_delete.c index a56805afb..df0293d4f 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_delete.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_delete.c @@ -81,7 +81,7 @@ METHOD(task_t, process_r, status_t, payload_t *payload; delete_payload_t *delete_payload; ike_sa_id_t *id; - u_int64_t spi_i, spi_r; + uint64_t spi_i, spi_r; bool found = FALSE; /* some peers send DELETE payloads for other IKE_SAs, e.g. those for expired diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c b/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c index 5522e9221..840d352b1 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c @@ -33,7 +33,7 @@ struct private_isakmp_dpd_t { /** * Sequence number. */ - u_int32_t seqnr; + uint32_t seqnr; /** * DPD notify type @@ -51,8 +51,8 @@ METHOD(task_t, build, status_t, { notify_payload_t *notify; ike_sa_id_t *ike_sa_id; - u_int64_t spi_i, spi_r; - u_int32_t seqnr; + uint64_t spi_i, spi_r; + uint32_t seqnr; chunk_t spi; notify = notify_payload_create_from_protocol_and_type(PLV1_NOTIFY, @@ -100,7 +100,7 @@ METHOD(task_t, destroy, void, * Described in header. */ isakmp_dpd_t *isakmp_dpd_create(ike_sa_t *ike_sa, notify_type_t type, - u_int32_t seqnr) + uint32_t seqnr) { private_isakmp_dpd_t *this; diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_dpd.h b/src/libcharon/sa/ikev1/tasks/isakmp_dpd.h index 06a0175eb..9a69b423c 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_dpd.h +++ b/src/libcharon/sa/ikev1/tasks/isakmp_dpd.h @@ -47,6 +47,6 @@ struct isakmp_dpd_t { * @return ISAKMP_DPD task to handle by the task_manager */ isakmp_dpd_t *isakmp_dpd_create(ike_sa_t *ike_sa, notify_type_t type, - u_int32_t seqnr); + uint32_t seqnr); #endif /** ISAKMP_DPD_H_ @}*/ diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c index cb1a31371..d17948cd0 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c @@ -129,8 +129,8 @@ static chunk_t generate_natd_hash(private_isakmp_natd_t *this, { hasher_t *hasher; chunk_t natd_chunk, natd_hash; - u_int64_t spi_i, spi_r; - u_int16_t port; + uint64_t spi_i, spi_r; + uint16_t port; hasher = this->keymat->get_hasher(this->keymat); if (!hasher) diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c index 0162fd84e..f28b83e8a 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c @@ -170,7 +170,7 @@ static struct { * for fragmentation of base ISAKMP messages (Cisco adds that and thus sends * 0xc0000000) */ -static const u_int32_t fragmentation_ike = 0x80000000; +static const uint32_t fragmentation_ike = 0x80000000; static bool is_known_vid(chunk_t data, int i) { diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c index 3ea4a2a85..628ea0de8 100644 --- a/src/libcharon/sa/ikev1/tasks/main_mode.c +++ b/src/libcharon/sa/ikev1/tasks/main_mode.c @@ -77,7 +77,7 @@ struct private_main_mode_t { /** * Negotiated SA lifetime */ - u_int32_t lifetime; + uint32_t lifetime; /** * Negotiated authentication method @@ -173,7 +173,7 @@ static status_t send_notify(private_main_mode_t *this, notify_type_t type) { notify_payload_t *notify; ike_sa_id_t *ike_sa_id; - u_int64_t spi_i, spi_r; + uint64_t spi_i, spi_r; chunk_t spi; notify = notify_payload_create_from_protocol_and_type(PLV1_NOTIFY, @@ -215,7 +215,7 @@ static void add_initial_contact(private_main_mode_t *this, message_t *message, host_t *host; notify_payload_t *notify; ike_sa_id_t *ike_sa_id; - u_int64_t spi_i, spi_r; + uint64_t spi_i, spi_r; chunk_t spi; idr = this->ph1->get_id(this->ph1, this->peer_cfg, FALSE); @@ -303,7 +303,7 @@ METHOD(task_t, build_i, status_t, } case MM_SA: { - u_int16_t group; + uint16_t group; if (!this->ph1->create_hasher(this->ph1)) { @@ -367,7 +367,7 @@ METHOD(task_t, process_r, status_t, { linked_list_t *list; sa_payload_t *sa_payload; - bool private; + bool private, prefer_configured; this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); DBG0(DBG_IKE, "%H is initiating a Main Mode IKE_SA", @@ -392,9 +392,11 @@ METHOD(task_t, process_r, status_t, list = sa_payload->get_proposals(sa_payload); private = this->ike_sa->supports_extension(this->ike_sa, - EXT_STRONGSWAN); + EXT_STRONGSWAN); + prefer_configured = lib->settings->get_bool(lib->settings, + "%s.prefer_configured_proposals", TRUE, lib->ns); this->proposal = this->ike_cfg->select_proposal(this->ike_cfg, - list, private); + list, private, prefer_configured); list->destroy_offset(list, offsetof(proposal_t, destroy)); if (!this->proposal) { @@ -411,7 +413,7 @@ METHOD(task_t, process_r, status_t, } case MM_SA: { - u_int16_t group; + uint16_t group; if (!this->ph1->create_hasher(this->ph1)) { @@ -627,7 +629,7 @@ METHOD(task_t, process_i, status_t, linked_list_t *list; sa_payload_t *sa_payload; auth_method_t method; - u_int32_t lifetime; + uint32_t lifetime; bool private; sa_payload = (sa_payload_t*)message->get_payload(message, @@ -641,7 +643,7 @@ METHOD(task_t, process_i, status_t, private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN); this->proposal = this->ike_cfg->select_proposal(this->ike_cfg, - list, private); + list, private, TRUE); list->destroy_offset(list, offsetof(proposal_t, destroy)); if (!this->proposal) { diff --git a/src/libcharon/sa/ikev1/tasks/mode_config.c b/src/libcharon/sa/ikev1/tasks/mode_config.c index b9f924009..7098d24a2 100644 --- a/src/libcharon/sa/ikev1/tasks/mode_config.c +++ b/src/libcharon/sa/ikev1/tasks/mode_config.c @@ -58,7 +58,7 @@ struct private_mode_config_t { /** * Identifier to include in response */ - u_int16_t identifier; + uint16_t identifier; }; /** diff --git a/src/libcharon/sa/ikev1/tasks/quick_delete.c b/src/libcharon/sa/ikev1/tasks/quick_delete.c index ade59a2dd..66ef50811 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_delete.c +++ b/src/libcharon/sa/ikev1/tasks/quick_delete.c @@ -69,7 +69,7 @@ struct private_quick_delete_t { /** * Inbound SPI of CHILD_SA to delete */ - u_int32_t spi; + uint32_t spi; /** * Send delete even if SA does not exist @@ -86,9 +86,9 @@ struct private_quick_delete_t { * Delete the specified CHILD_SA, if found */ static bool delete_child(private_quick_delete_t *this, protocol_id_t protocol, - u_int32_t spi, bool remote_close) + uint32_t spi, bool remote_close) { - u_int64_t bytes_in, bytes_out; + uint64_t bytes_in, bytes_out; child_sa_t *child_sa; linked_list_t *my_ts, *other_ts; child_cfg_t *child_cfg; @@ -200,7 +200,7 @@ METHOD(task_t, process_r, status_t, payload_t *payload; delete_payload_t *delete_payload; protocol_id_t protocol; - u_int32_t spi; + uint32_t spi; payloads = message->create_payload_enumerator(message); while (payloads->enumerate(payloads, &payload)) @@ -260,7 +260,7 @@ METHOD(task_t, destroy, void, * Described in header. */ quick_delete_t *quick_delete_create(ike_sa_t *ike_sa, protocol_id_t protocol, - u_int32_t spi, bool force, bool expired) + uint32_t spi, bool force, bool expired) { private_quick_delete_t *this; diff --git a/src/libcharon/sa/ikev1/tasks/quick_delete.h b/src/libcharon/sa/ikev1/tasks/quick_delete.h index 4df30c8fe..6227b364b 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_delete.h +++ b/src/libcharon/sa/ikev1/tasks/quick_delete.h @@ -50,6 +50,6 @@ struct quick_delete_t { * @return quick_delete task to handle by the task_manager */ quick_delete_t *quick_delete_create(ike_sa_t *ike_sa, protocol_id_t protocol, - u_int32_t spi, bool force, bool expired); + uint32_t spi, bool force, bool expired); #endif /** QUICK_DELETE_H_ @}*/ diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index b4fe04663..bbd1cb09f 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -98,22 +98,22 @@ struct private_quick_mode_t { /** * Initiators ESP SPI */ - u_int32_t spi_i; + uint32_t spi_i; /** * Responder ESP SPI */ - u_int32_t spi_r; + uint32_t spi_r; /** * Initiators IPComp CPI */ - u_int16_t cpi_i; + uint16_t cpi_i; /** * Responders IPComp CPI */ - u_int16_t cpi_r; + uint16_t cpi_r; /** * selected CHILD_SA proposal @@ -143,17 +143,17 @@ struct private_quick_mode_t { /** * Negotiated lifetime of new SA */ - u_int32_t lifetime; + uint32_t lifetime; /** - * Negotaited lifebytes of new SA + * Negotiated lifebytes of new SA */ - u_int64_t lifebytes; + uint64_t lifebytes; /** * Reqid to use, 0 for auto-allocate */ - u_int32_t reqid; + uint32_t reqid; /** * Explicit inbound mark value to use, if any @@ -168,7 +168,7 @@ struct private_quick_mode_t { /** * SPI of SA we rekey */ - u_int32_t rekey; + uint32_t rekey; /** * Delete old child after successful rekey @@ -193,7 +193,7 @@ struct private_quick_mode_t { /** * Message ID of handled quick mode exchange */ - u_int32_t mid; + uint32_t mid; /** states of quick mode */ enum { @@ -207,7 +207,7 @@ struct private_quick_mode_t { */ static void schedule_inactivity_timeout(private_quick_mode_t *this) { - u_int32_t timeout; + uint32_t timeout; bool close_ike; timeout = this->config->get_inactivity(this->config); @@ -722,12 +722,12 @@ static void get_lifetimes(private_quick_mode_t *this) { lifetime_cfg_t *lft; - lft = this->config->get_lifetime(this->config); + lft = this->config->get_lifetime(this->config, TRUE); if (lft->time.life) { this->lifetime = lft->time.life; } - else if (lft->bytes.life) + if (lft->bytes.life) { this->lifebytes = lft->bytes.life; } @@ -739,8 +739,8 @@ static void get_lifetimes(private_quick_mode_t *this) */ static void apply_lifetimes(private_quick_mode_t *this, sa_payload_t *sa_payload) { - u_int32_t lifetime; - u_int64_t lifebytes; + uint32_t lifetime; + uint64_t lifebytes; lifetime = sa_payload->get_lifetime(sa_payload); lifebytes = sa_payload->get_lifebytes(sa_payload); @@ -863,7 +863,7 @@ METHOD(task_t, build_i, status_t, if (group != MODP_NONE) { proposal_t *proposal; - u_int16_t preferred_group; + uint16_t preferred_group; proposal = this->ike_sa->get_proposal(this->ike_sa); proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, @@ -1007,7 +1007,6 @@ static void check_for_rekeyed_child(private_quick_mode_t *this) { case CHILD_INSTALLED: case CHILD_REKEYING: - case CHILD_REKEYED: policies = child_sa->create_policy_enumerator(child_sa); if (policies->enumerate(policies, &local, &remote) && local->equals(local, this->tsr) && @@ -1026,9 +1025,10 @@ static void check_for_rekeyed_child(private_quick_mode_t *this) child_sa->get_unique_id(child_sa)); } policies->destroy(policies); - break; - default: - break; + break; + case CHILD_REKEYED: + default: + break; } } } @@ -1050,8 +1050,8 @@ METHOD(task_t, process_r, status_t, sa_payload_t *sa_payload; linked_list_t *tsi, *tsr, *hostsi, *hostsr, *list = NULL; peer_cfg_t *peer_cfg; - u_int16_t group; - bool private; + uint16_t group; + bool private, prefer_configured; sa_payload = (sa_payload_t*)message->get_payload(message, PLV1_SECURITY_ASSOCIATION); @@ -1109,8 +1109,10 @@ METHOD(task_t, process_r, status_t, } private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN); - this->proposal = this->config->select_proposal(this->config, - list, FALSE, private); + prefer_configured = lib->settings->get_bool(lib->settings, + "%s.prefer_configured_proposals", TRUE, lib->ns); + this->proposal = this->config->select_proposal(this->config, list, + FALSE, private, prefer_configured); list->destroy_offset(list, offsetof(proposal_t, destroy)); get_lifetimes(this); @@ -1323,8 +1325,8 @@ METHOD(task_t, process_i, status_t, } private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN); - this->proposal = this->config->select_proposal(this->config, - list, FALSE, private); + this->proposal = this->config->select_proposal(this->config, list, + FALSE, private, TRUE); list->destroy_offset(list, offsetof(proposal_t, destroy)); if (!this->proposal) { @@ -1365,14 +1367,14 @@ METHOD(task_t, get_type, task_type_t, return TASK_QUICK_MODE; } -METHOD(quick_mode_t, get_mid, u_int32_t, +METHOD(quick_mode_t, get_mid, uint32_t, private_quick_mode_t *this) { return this->mid; } METHOD(quick_mode_t, use_reqid, void, - private_quick_mode_t *this, u_int32_t reqid) + private_quick_mode_t *this, uint32_t reqid) { this->reqid = reqid; } @@ -1385,7 +1387,7 @@ METHOD(quick_mode_t, use_marks, void, } METHOD(quick_mode_t, rekey, void, - private_quick_mode_t *this, u_int32_t spi) + private_quick_mode_t *this, uint32_t spi) { this->rekey = spi; } diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.h b/src/libcharon/sa/ikev1/tasks/quick_mode.h index 062d63465..fe684568a 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.h +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.h @@ -46,14 +46,14 @@ struct quick_mode_t { * * @return message ID, or 0 (not defined yet or as initiator) */ - u_int32_t (*get_mid)(quick_mode_t *this); + uint32_t (*get_mid)(quick_mode_t *this); /** * Use a specific reqid to install this CHILD_SA. * * @param reqid reqid to use */ - void (*use_reqid)(quick_mode_t *this, u_int32_t reqid); + void (*use_reqid)(quick_mode_t *this, uint32_t reqid); /** * Use specific mark values, overriding configuration. @@ -68,7 +68,7 @@ struct quick_mode_t { * * @param spi spi of SA to rekey */ - void (*rekey)(quick_mode_t *this, u_int32_t spi); + void (*rekey)(quick_mode_t *this, uint32_t spi); }; /** diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c index ecdfc780d..968b4386c 100644 --- a/src/libcharon/sa/ikev1/tasks/xauth.c +++ b/src/libcharon/sa/ikev1/tasks/xauth.c @@ -68,7 +68,7 @@ struct private_xauth_t { /** * received identifier */ - u_int16_t identifier; + uint16_t identifier; /** * status of Xauth exchange diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c index 91f6187f9..3ab59fada 100644 --- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c @@ -104,7 +104,7 @@ struct private_eap_authenticator_t { * load an EAP method */ static eap_method_t *load_method(private_eap_authenticator_t *this, - eap_type_t type, u_int32_t vendor, eap_role_t role) + eap_type_t type, uint32_t vendor, eap_role_t role) { identification_t *server, *peer, *aaa; auth_cfg_t *auth; @@ -143,7 +143,7 @@ static eap_payload_t* server_initiate_eap(private_eap_authenticator_t *this, auth_cfg_t *auth; eap_type_t type; identification_t *id; - u_int32_t vendor; + uint32_t vendor; eap_payload_t *out; char *action; @@ -237,7 +237,7 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this, eap_payload_t *in) { eap_type_t type, received_type, conf_type; - u_int32_t vendor, received_vendor, conf_vendor; + uint32_t vendor, received_vendor, conf_vendor; eap_payload_t *out; auth_cfg_t *auth; @@ -341,7 +341,7 @@ static eap_payload_t* client_process_eap(private_eap_authenticator_t *this, eap_payload_t *in) { eap_type_t type, conf_type; - u_int32_t vendor, conf_vendor; + uint32_t vendor, conf_vendor; auth_cfg_t *auth; eap_payload_t *out; identification_t *id; @@ -449,7 +449,7 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message, auth_cfg_t *auth; keymat_v2_t *keymat; eap_type_t type; - u_int32_t vendor; + uint32_t vendor; auth_payload = (auth_payload_t*)message->get_payload(message, PLV2_AUTH); @@ -595,7 +595,7 @@ METHOD(authenticator_t, process_client, status_t, } if (this->require_mutual && !this->method->is_mutual(this->method)) { /* we require mutual authentication due to EAP-only */ - u_int32_t vendor; + uint32_t vendor; DBG1(DBG_IKE, "EAP-only authentication requires a mutual and " "MSK deriving EAP method, but %N is not", @@ -623,7 +623,7 @@ METHOD(authenticator_t, process_client, status_t, case EAP_SUCCESS: { eap_type_t type; - u_int32_t vendor; + uint32_t vendor; auth_cfg_t *cfg; if (this->method->get_msk(this->method, &this->msk) == SUCCESS) @@ -685,7 +685,7 @@ METHOD(authenticator_t, is_mutual, bool, { if (this->method) { - u_int32_t vendor; + uint32_t vendor; if (this->method->get_type(this->method, &vendor) != EAP_IDENTITY || vendor != 0) diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c index 04ccd4f4f..6fd34e0a6 100644 --- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c @@ -63,7 +63,7 @@ struct private_pubkey_authenticator_t { static bool parse_signature_auth_data(chunk_t *auth_data, key_type_t *key_type, signature_scheme_t *scheme) { - u_int8_t len; + uint8_t len; int oid; if (!auth_data->len) @@ -91,7 +91,7 @@ static bool build_signature_auth_data(chunk_t *auth_data, signature_scheme_t scheme) { chunk_t data; - u_int8_t len; + uint8_t len; int oid; oid = signature_scheme_to_oid(scheme); diff --git a/src/libcharon/sa/ikev2/connect_manager.c b/src/libcharon/sa/ikev2/connect_manager.c index 161c4fdaf..280796d8c 100644 --- a/src/libcharon/sa/ikev2/connect_manager.c +++ b/src/libcharon/sa/ikev2/connect_manager.c @@ -92,10 +92,10 @@ typedef struct endpoint_pair_t endpoint_pair_t; */ struct endpoint_pair_t { /** pair id */ - u_int32_t id; + uint32_t id; /** priority */ - u_int64_t priority; + uint64_t priority; /** local endpoint */ host_t *local; @@ -107,7 +107,7 @@ struct endpoint_pair_t { check_state_t state; /** number of retransmissions */ - u_int32_t retransmitted; + uint32_t retransmitted; /** the generated packet */ packet_t *packet; @@ -132,8 +132,8 @@ static endpoint_pair_t *endpoint_pair_create(endpoint_notify_t *initiator, { endpoint_pair_t *this; - u_int32_t pi = initiator->get_priority(initiator); - u_int32_t pr = responder->get_priority(responder); + uint32_t pi = initiator->get_priority(initiator); + uint32_t pr = responder->get_priority(responder); INIT(this, .priority = pow(2, 32) * min(pi, pr) + 2 * max(pi, pr) @@ -313,7 +313,7 @@ typedef struct check_t check_t; */ struct check_t { /** message id */ - u_int32_t mid; + uint32_t mid; /** source of the connectivity check */ host_t *src; @@ -375,7 +375,7 @@ struct callback_data_t { chunk_t connect_id; /** message (pair) id */ - u_int32_t mid; + uint32_t mid; }; /** @@ -406,7 +406,7 @@ static callback_data_t *callback_data_create(private_connect_manager_t *connect_ * Creates a new retransmission data object */ static callback_data_t *retransmit_data_create(private_connect_manager_t *connect_manager, - chunk_t connect_id, u_int32_t mid) + chunk_t connect_id, uint32_t mid) { callback_data_t *this = callback_data_create(connect_manager, connect_id); this->mid = mid; @@ -576,7 +576,7 @@ static status_t get_pair_by_hosts(linked_list_t *pairs, host_t *local, (void**)pair, local, remote); } -static bool match_pair_by_id(endpoint_pair_t *current, u_int32_t *id) +static bool match_pair_by_id(endpoint_pair_t *current, uint32_t *id) { return current->id == *id; } @@ -584,7 +584,7 @@ static bool match_pair_by_id(endpoint_pair_t *current, u_int32_t *id) /** * Searches for a pair with a specific id */ -static status_t get_pair_by_id(check_list_t *checklist, u_int32_t id, +static status_t get_pair_by_id(check_list_t *checklist, uint32_t id, endpoint_pair_t **pair) { return checklist->pairs->find_first(checklist->pairs, @@ -669,7 +669,7 @@ static void prune_pairs(linked_list_t *pairs) { enumerator_t *enumerator, *search; endpoint_pair_t *current, *other; - u_int32_t id = 0; + uint32_t id = 0; enumerator = pairs->create_enumerator(pairs); search = pairs->create_enumerator(pairs); @@ -826,7 +826,7 @@ static status_t process_payloads(message_t *message, check_t *check) static chunk_t build_signature(private_connect_manager_t *this, check_list_t *checklist, check_t *check, bool outbound) { - u_int32_t mid; + uint32_t mid; chunk_t mid_chunk, key_chunk, sig_chunk; chunk_t sig_hash; @@ -851,7 +851,7 @@ static chunk_t build_signature(private_connect_manager_t *this, } static void queue_retransmission(private_connect_manager_t *this, check_list_t *checklist, endpoint_pair_t *pair); -static void schedule_checks(private_connect_manager_t *this, check_list_t *checklist, u_int32_t time); +static void schedule_checks(private_connect_manager_t *this, check_list_t *checklist, uint32_t time); static void finish_checks(private_connect_manager_t *this, check_list_t *checklist); /** @@ -1019,11 +1019,11 @@ static void queue_retransmission(private_connect_manager_t *this, check_list_t * job = (job_t*)callback_job_create((callback_job_cb_t)retransmit, data, (callback_job_cleanup_t)callback_data_destroy, NULL); - u_int32_t retransmission = pair->retransmitted + 1; - u_int32_t rto = ME_INTERVAL; + uint32_t retransmission = pair->retransmitted + 1; + uint32_t rto = ME_INTERVAL; if (retransmission > ME_BOOST) { - rto = (u_int32_t)(ME_INTERVAL * pow(ME_RETRANS_BASE, retransmission - ME_BOOST)); + rto = (uint32_t)(ME_INTERVAL * pow(ME_RETRANS_BASE, retransmission - ME_BOOST)); } DBG2(DBG_IKE, "scheduling retransmission %d of pair '%d' in %dms", retransmission, pair->id, rto); @@ -1165,7 +1165,7 @@ static job_requeue_t sender(callback_data_t *data) * Schedules checks for a checklist (time in ms) */ static void schedule_checks(private_connect_manager_t *this, - check_list_t *checklist, u_int32_t time) + check_list_t *checklist, uint32_t time) { callback_data_t *data = callback_data_create(this, checklist->connect_id); checklist->sender = (job_t*)callback_job_create((callback_job_cb_t)sender, diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c index 55cb5dd9c..e37399841 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.c +++ b/src/libcharon/sa/ikev2/keymat_v2.c @@ -99,8 +99,8 @@ METHOD(keymat_t, create_nonce_gen, nonce_gen_t*, /** * Derive IKE keys for a combined AEAD algorithm */ -static bool derive_ike_aead(private_keymat_v2_t *this, u_int16_t alg, - u_int16_t key_size, prf_plus_t *prf_plus) +static bool derive_ike_aead(private_keymat_v2_t *this, uint16_t alg, + uint16_t key_size, prf_plus_t *prf_plus) { aead_t *aead_i, *aead_r; chunk_t key = chunk_empty; @@ -189,8 +189,8 @@ failure: /** * Derive IKE keys for traditional encryption and MAC algorithms */ -static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg, - u_int16_t enc_size, u_int16_t int_alg, prf_plus_t *prf_plus) +static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg, + uint16_t enc_size, uint16_t int_alg, prf_plus_t *prf_plus) { crypter_t *crypter_i = NULL, *crypter_r = NULL; signer_t *signer_i, *signer_r; @@ -302,11 +302,11 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed; chunk_t spi_i, spi_r; prf_plus_t *prf_plus = NULL; - u_int16_t alg, key_size, int_alg; + uint16_t alg, key_size, int_alg; prf_t *rekey_prf = NULL; - spi_i = chunk_alloca(sizeof(u_int64_t)); - spi_r = chunk_alloca(sizeof(u_int64_t)); + spi_i = chunk_alloca(sizeof(uint64_t)); + spi_r = chunk_alloca(sizeof(uint64_t)); if (!dh->get_shared_secret(dh, &secret)) { @@ -354,8 +354,8 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, break; } fixed_nonce = chunk_cat("cc", nonce_i, nonce_r); - *((u_int64_t*)spi_i.ptr) = id->get_initiator_spi(id); - *((u_int64_t*)spi_r.ptr) = id->get_responder_spi(id); + *((uint64_t*)spi_i.ptr) = id->get_initiator_spi(id); + *((uint64_t*)spi_r.ptr) = id->get_responder_spi(id); prf_plus_seed = chunk_cat("ccc", full_nonce, spi_i, spi_r); /* KEYMAT = prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr) @@ -489,7 +489,7 @@ METHOD(keymat_v2_t, derive_child_keys, bool, chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i, chunk_t *encr_r, chunk_t *integ_r) { - u_int16_t enc_alg, int_alg, enc_size = 0, int_size = 0; + uint16_t enc_alg, int_alg, enc_size = 0, int_size = 0; chunk_t seed, secret = chunk_empty; prf_plus_t *prf_plus; diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c index c2f972ab1..41a4e1b75 100644 --- a/src/libcharon/sa/ikev2/task_manager_v2.c +++ b/src/libcharon/sa/ikev2/task_manager_v2.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2007-2015 Tobias Brunner + * Copyright (C) 2007-2016 Tobias Brunner * Copyright (C) 2007-2010 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -43,30 +43,14 @@ #include #include #include +#include #ifdef ME #include #endif -typedef struct exchange_t exchange_t; - -/** - * An exchange in the air, used do detect and handle retransmission - */ -struct exchange_t { - - /** - * Message ID used for this transaction - */ - u_int32_t mid; - - /** - * generated packet for retransmission - */ - packet_t *packet; -}; - typedef struct private_task_manager_t private_task_manager_t; +typedef struct queued_task_t queued_task_t; /** * private data of the task manager @@ -90,7 +74,7 @@ struct private_task_manager_t { /** * Message ID of the exchange */ - u_int32_t mid; + uint32_t mid; /** * packet(s) for retransmission @@ -111,7 +95,7 @@ struct private_task_manager_t { /** * Message ID of the exchange */ - u_int32_t mid; + uint32_t mid; /** * how many times we have retransmitted so far @@ -181,6 +165,22 @@ struct private_task_manager_t { bool make_before_break; }; +/** + * Queued tasks + */ +struct queued_task_t { + + /** + * Queued task + */ + task_t *task; + + /** + * Time before which the task is not to be initiated + */ + timeval_t time; +}; + /** * Reset retransmission packet list */ @@ -216,6 +216,12 @@ METHOD(task_manager_t, flush_queue, void, } while (array_remove(array, ARRAY_TAIL, &task)) { + if (queue == TASK_QUEUE_QUEUED) + { + queued_task_t *queued = (queued_task_t*)task; + task = queued->task; + free(queued); + } task->destroy(task); } } @@ -229,22 +235,28 @@ METHOD(task_manager_t, flush, void, } /** - * move a task of a specific type from the queue to the active list + * Move a task of a specific type from the queue to the active list, if it is + * not delayed. */ static bool activate_task(private_task_manager_t *this, task_type_t type) { enumerator_t *enumerator; - task_t *task; + queued_task_t *queued; + timeval_t now; bool found = FALSE; + time_monotonic(&now); + enumerator = array_create_enumerator(this->queued_tasks); - while (enumerator->enumerate(enumerator, (void**)&task)) + while (enumerator->enumerate(enumerator, (void**)&queued)) { - if (task->get_type(task) == type) + if (queued->task->get_type(queued->task) == type && + !timercmp(&now, &queued->time, <)) { DBG2(DBG_IKE, " activating %N task", task_type_names, type); array_remove_at(this->queued_tasks, enumerator); - array_insert(this->active_tasks, ARRAY_TAIL, task); + array_insert(this->active_tasks, ARRAY_TAIL, queued->task); + free(queued); found = TRUE; break; } @@ -303,12 +315,12 @@ static bool generate_message(private_task_manager_t *this, message_t *message, } METHOD(task_manager_t, retransmit, status_t, - private_task_manager_t *this, u_int32_t message_id) + private_task_manager_t *this, uint32_t message_id) { if (message_id == this->initiating.mid && array_count(this->initiating.packets)) { - u_int32_t timeout; + uint32_t timeout; job_t *job; enumerator_t *enumerator; packet_t *packet; @@ -336,7 +348,7 @@ METHOD(task_manager_t, retransmit, status_t, { if (this->initiating.retransmitted <= this->retransmit_tries) { - timeout = (u_int32_t)(this->retransmit_timeout * 1000.0 * + timeout = (uint32_t)(this->retransmit_timeout * 1000.0 * pow(this->retransmit_base, this->initiating.retransmitted)); } else @@ -352,7 +364,8 @@ METHOD(task_manager_t, retransmit, status_t, { DBG1(DBG_IKE, "retransmit %d of request with message ID %d", this->initiating.retransmitted, message_id); - charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet); + charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet, + this->initiating.retransmitted); } if (!mobike) { @@ -534,6 +547,7 @@ METHOD(task_manager_t, initiate, status_t, break; } case IKE_REKEYING: + case IKE_REKEYED: if (activate_task(this, TASK_IKE_DELETE)) { exchange = INFORMATIONAL; @@ -610,7 +624,8 @@ METHOD(task_manager_t, initiate, status_t, case FAILED: default: this->initiating.type = EXCHANGE_TYPE_UNDEFINED; - if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING) + if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING && + this->ike_sa->get_state(this->ike_sa) != IKE_REKEYED) { charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); } @@ -694,6 +709,13 @@ static status_t process_response(private_task_manager_t *this, } enumerator->destroy(enumerator); + if (this->initiating.retransmitted) + { + packet_t *packet = NULL; + array_get(this->initiating.packets, 0, &packet); + charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_CLEARED, packet); + } + /* catch if we get resetted while processing */ this->reset = FALSE; enumerator = array_create_enumerator(this->active_tasks); @@ -751,8 +773,7 @@ static bool handle_collisions(private_task_manager_t *this, task_t *task) /* do we have to check */ if (type == TASK_IKE_REKEY || type == TASK_CHILD_REKEY || - type == TASK_CHILD_DELETE || type == TASK_IKE_DELETE || - type == TASK_IKE_REAUTH) + type == TASK_CHILD_DELETE || type == TASK_IKE_DELETE) { /* find an exchange collision, and notify these tasks */ enumerator = array_create_enumerator(this->active_tasks); @@ -761,8 +782,7 @@ static bool handle_collisions(private_task_manager_t *this, task_t *task) switch (active->get_type(active)) { case TASK_IKE_REKEY: - if (type == TASK_IKE_REKEY || type == TASK_IKE_DELETE || - type == TASK_IKE_REAUTH) + if (type == TASK_IKE_REKEY || type == TASK_IKE_DELETE) { ike_rekey_t *rekey = (ike_rekey_t*)active; rekey->collide(rekey, task); @@ -799,7 +819,7 @@ static status_t build_response(private_task_manager_t *this, message_t *request) host_t *me, *other; bool delete = FALSE, hook = FALSE; ike_sa_id_t *id = NULL; - u_int64_t responder_spi = 0; + uint64_t responder_spi = 0; bool result; me = request->get_destination(request); @@ -839,6 +859,10 @@ static status_t build_response(private_task_manager_t *this, message_t *request) /* FALL */ case DESTROY_ME: /* destroy IKE_SA, but SEND response first */ + if (handle_collisions(this, task)) + { + array_remove_at(this->passive_tasks, enumerator); + } delete = TRUE; break; } @@ -901,9 +925,11 @@ static status_t process_request(private_task_manager_t *this, payload_t *payload; notify_payload_t *notify; delete_payload_t *delete; + ike_sa_state_t state; if (array_count(this->passive_tasks) == 0) { /* create tasks depending on request type, if not already some queued */ + state = this->ike_sa->get_state(this->ike_sa); switch (message->get_exchange_type(message)) { case IKE_SA_INIT: @@ -939,8 +965,8 @@ static status_t process_request(private_task_manager_t *this, { /* FIXME: we should prevent this on mediation connections */ bool notify_found = FALSE, ts_found = FALSE; - if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED || - this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING) + if (state == IKE_CREATED || + state == IKE_CONNECTING) { DBG1(DBG_IKE, "received CREATE_CHILD_SA request for " "unestablished IKE_SA, rejected"); @@ -1005,6 +1031,14 @@ static status_t process_request(private_task_manager_t *this, case PLV2_NOTIFY: { notify = (notify_payload_t*)payload; + if (state == IKE_REKEYED) + { + DBG1(DBG_IKE, "received unexpected notify %N " + "for rekeyed IKE_SA, ignored", + notify_type_names, + notify->get_notify_type(notify)); + break; + } switch (notify->get_notify_type(notify)) { case ADDITIONAL_IP4_ADDRESS: @@ -1252,7 +1286,7 @@ static void send_notify_response(private_task_manager_t *this, static status_t parse_message(private_task_manager_t *this, message_t *msg) { status_t status; - u_int8_t type = 0; + uint8_t type = 0; status = msg->parse_body(msg, this->ike_sa->get_keymat(this->ike_sa)); @@ -1345,8 +1379,10 @@ METHOD(task_manager_t, process_message, status_t, { host_t *me, *other; status_t status; - u_int32_t mid; + uint32_t mid; bool schedule_delete_job = FALSE; + ike_sa_state_t state; + exchange_type_t type; charon->bus->message(charon->bus, msg, TRUE, FALSE); status = parse_message(this, msg); @@ -1387,15 +1423,16 @@ METHOD(task_manager_t, process_message, status_t, { if (mid == this->responding.mid) { - /* reject initial messages if not received in specific states */ - if ((msg->get_exchange_type(msg) == IKE_SA_INIT && - this->ike_sa->get_state(this->ike_sa) != IKE_CREATED) || - (msg->get_exchange_type(msg) == IKE_AUTH && - this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)) + /* reject initial messages if not received in specific states, + * after rekeying we only expect a DELETE in an INFORMATIONAL */ + type = msg->get_exchange_type(msg); + state = this->ike_sa->get_state(this->ike_sa); + if ((type == IKE_SA_INIT && state != IKE_CREATED) || + (type == IKE_AUTH && state != IKE_CONNECTING) || + (state == IKE_REKEYED && type != INFORMATIONAL)) { DBG1(DBG_IKE, "ignoring %N in IKE_SA state %N", - exchange_type_names, msg->get_exchange_type(msg), - ike_sa_state_names, this->ike_sa->get_state(this->ike_sa)); + exchange_type_names, type, ike_sa_state_names, state); return FAILED; } if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE)) @@ -1499,18 +1536,19 @@ METHOD(task_manager_t, process_message, status_t, return SUCCESS; } -METHOD(task_manager_t, queue_task, void, - private_task_manager_t *this, task_t *task) +METHOD(task_manager_t, queue_task_delayed, void, + private_task_manager_t *this, task_t *task, uint32_t delay) { + enumerator_t *enumerator; + queued_task_t *queued; + timeval_t time; + if (task->get_type(task) == TASK_IKE_MOBIKE) { /* there is no need to queue more than one mobike task */ - enumerator_t *enumerator; - task_t *current; - enumerator = array_create_enumerator(this->queued_tasks); - while (enumerator->enumerate(enumerator, ¤t)) + while (enumerator->enumerate(enumerator, &queued)) { - if (current->get_type(current) == TASK_IKE_MOBIKE) + if (queued->task->get_type(queued->task) == TASK_IKE_MOBIKE) { enumerator->destroy(enumerator); task->destroy(task); @@ -1519,8 +1557,35 @@ METHOD(task_manager_t, queue_task, void, } enumerator->destroy(enumerator); } - DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task)); - array_insert(this->queued_tasks, ARRAY_TAIL, task); + time_monotonic(&time); + if (delay) + { + job_t *job; + + DBG2(DBG_IKE, "queueing %N task (delayed by %us)", task_type_names, + task->get_type(task), delay); + time.tv_sec += delay; + + job = (job_t*)initiate_tasks_job_create( + this->ike_sa->get_id(this->ike_sa)); + lib->scheduler->schedule_job_tv(lib->scheduler, job, time); + } + else + { + DBG2(DBG_IKE, "queueing %N task", task_type_names, + task->get_type(task)); + } + INIT(queued, + .task = task, + .time = time, + ); + array_insert(this->queued_tasks, ARRAY_TAIL, queued); +} + +METHOD(task_manager_t, queue_task, void, + private_task_manager_t *this, task_t *task) +{ + queue_task_delayed(this, task, 0); } /** @@ -1530,12 +1595,12 @@ static bool has_queued(private_task_manager_t *this, task_type_t type) { enumerator_t *enumerator; bool found = FALSE; - task_t *task; + queued_task_t *queued; enumerator = array_create_enumerator(this->queued_tasks); - while (enumerator->enumerate(enumerator, &task)) + while (enumerator->enumerate(enumerator, &queued)) { - if (task->get_type(task) == type) + if (queued->task->get_type(queued->task) == type) { found = TRUE; break; @@ -1614,7 +1679,7 @@ static void trigger_mbb_reauth(private_task_manager_t *this) child_cfg_t *cfg; ike_sa_t *new; host_t *host; - task_t *task; + queued_task_t *queued; new = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, this->ike_sa->get_version(this->ike_sa), TRUE); @@ -1645,13 +1710,14 @@ static void trigger_mbb_reauth(private_task_manager_t *this) enumerator->destroy(enumerator); enumerator = array_create_enumerator(this->queued_tasks); - while (enumerator->enumerate(enumerator, &task)) + while (enumerator->enumerate(enumerator, &queued)) { - if (task->get_type(task) == TASK_CHILD_CREATE) + if (queued->task->get_type(queued->task) == TASK_CHILD_CREATE) { - task->migrate(task, new); - new->queue_task(new, task); + queued->task->migrate(queued->task, new); + new->queue_task(new, queued->task); array_remove_at(this->queued_tasks, enumerator); + free(queued); } } enumerator->destroy(enumerator); @@ -1726,7 +1792,7 @@ METHOD(task_manager_t, queue_mobike, void, } METHOD(task_manager_t, queue_child, void, - private_task_manager_t *this, child_cfg_t *cfg, u_int32_t reqid, + private_task_manager_t *this, child_cfg_t *cfg, uint32_t reqid, traffic_selector_t *tsi, traffic_selector_t *tsr) { child_create_t *task; @@ -1740,13 +1806,13 @@ METHOD(task_manager_t, queue_child, void, } METHOD(task_manager_t, queue_child_rekey, void, - private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi) + private_task_manager_t *this, protocol_id_t protocol, uint32_t spi) { queue_task(this, (task_t*)child_rekey_create(this->ike_sa, protocol, spi)); } METHOD(task_manager_t, queue_child_delete, void, - private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi, + private_task_manager_t *this, protocol_id_t protocol, uint32_t spi, bool expired) { queue_task(this, (task_t*)child_delete_create(this->ike_sa, @@ -1776,34 +1842,62 @@ METHOD(task_manager_t, adopt_tasks, void, private_task_manager_t *this, task_manager_t *other_public) { private_task_manager_t *other = (private_task_manager_t*)other_public; - task_t *task; + queued_task_t *queued; + timeval_t now; + + time_monotonic(&now); /* move queued tasks from other to this */ - while (array_remove(other->queued_tasks, ARRAY_TAIL, &task)) + while (array_remove(other->queued_tasks, ARRAY_TAIL, &queued)) { - DBG2(DBG_IKE, "migrating %N task", task_type_names, task->get_type(task)); - task->migrate(task, this->ike_sa); - array_insert(this->queued_tasks, ARRAY_HEAD, task); + DBG2(DBG_IKE, "migrating %N task", task_type_names, + queued->task->get_type(queued->task)); + queued->task->migrate(queued->task, this->ike_sa); + /* don't delay tasks on the new IKE_SA */ + queued->time = now; + array_insert(this->queued_tasks, ARRAY_HEAD, queued); } } /** - * Migrates child-creating tasks from src to dst + * Migrates child-creating tasks from other to this */ static void migrate_child_tasks(private_task_manager_t *this, - array_t *src, array_t *dst) + private_task_manager_t *other, + task_queue_t queue) { enumerator_t *enumerator; + array_t *array; task_t *task; - enumerator = array_create_enumerator(src); + switch (queue) + { + case TASK_QUEUE_ACTIVE: + array = other->active_tasks; + break; + case TASK_QUEUE_QUEUED: + array = other->queued_tasks; + break; + default: + return; + } + + enumerator = array_create_enumerator(array); while (enumerator->enumerate(enumerator, &task)) { + queued_task_t *queued = NULL; + + if (queue == TASK_QUEUE_QUEUED) + { + queued = (queued_task_t*)task; + task = queued->task; + } if (task->get_type(task) == TASK_CHILD_CREATE) { - array_remove_at(src, enumerator); + array_remove_at(array, enumerator); task->migrate(task, this->ike_sa); - array_insert(dst, ARRAY_TAIL, task); + queue_task(this, task); + free(queued); } } enumerator->destroy(enumerator); @@ -1815,9 +1909,9 @@ METHOD(task_manager_t, adopt_child_tasks, void, private_task_manager_t *other = (private_task_manager_t*)other_public; /* move active child tasks from other to this */ - migrate_child_tasks(this, other->active_tasks, this->queued_tasks); + migrate_child_tasks(this, other, TASK_QUEUE_ACTIVE); /* do the same for queued tasks */ - migrate_child_tasks(this, other->queued_tasks, this->queued_tasks); + migrate_child_tasks(this, other, TASK_QUEUE_QUEUED); } METHOD(task_manager_t, busy, bool, @@ -1827,10 +1921,12 @@ METHOD(task_manager_t, busy, bool, } METHOD(task_manager_t, reset, void, - private_task_manager_t *this, u_int32_t initiate, u_int32_t respond) + private_task_manager_t *this, uint32_t initiate, uint32_t respond) { enumerator_t *enumerator; + queued_task_t *queued; task_t *task; + timeval_t now; /* reset message counters and retransmit packets */ clear_packets(this->responding.packets); @@ -1849,11 +1945,13 @@ METHOD(task_manager_t, reset, void, } this->initiating.type = EXCHANGE_TYPE_UNDEFINED; + time_monotonic(&now); /* reset queued tasks */ enumerator = array_create_enumerator(this->queued_tasks); - while (enumerator->enumerate(enumerator, &task)) + while (enumerator->enumerate(enumerator, &queued)) { - task->migrate(task, this->ike_sa); + queued->time = now; + queued->task->migrate(queued->task, this->ike_sa); } enumerator->destroy(enumerator); @@ -1861,12 +1959,25 @@ METHOD(task_manager_t, reset, void, while (array_remove(this->active_tasks, ARRAY_TAIL, &task)) { task->migrate(task, this->ike_sa); - array_insert(this->queued_tasks, ARRAY_HEAD, task); + INIT(queued, + .task = task, + .time = now, + ); + array_insert(this->queued_tasks, ARRAY_HEAD, queued); } this->reset = TRUE; } +/** + * Filter queued tasks + */ +static bool filter_queued(void *unused, queued_task_t **queued, task_t **task) +{ + *task = (*queued)->task; + return TRUE; +} + METHOD(task_manager_t, create_task_enumerator, enumerator_t*, private_task_manager_t *this, task_queue_t queue) { @@ -1877,7 +1988,9 @@ METHOD(task_manager_t, create_task_enumerator, enumerator_t*, case TASK_QUEUE_PASSIVE: return array_create_enumerator(this->passive_tasks); case TASK_QUEUE_QUEUED: - return array_create_enumerator(this->queued_tasks); + return enumerator_create_filter( + array_create_enumerator(this->queued_tasks), + (void*)filter_queued, NULL, NULL); default: return enumerator_create_empty(); } @@ -1913,6 +2026,7 @@ task_manager_v2_t *task_manager_v2_create(ike_sa_t *ike_sa) .task_manager = { .process_message = _process_message, .queue_task = _queue_task, + .queue_task_delayed = _queue_task_delayed, .queue_ike = _queue_ike, .queue_ike_rekey = _queue_ike_rekey, .queue_ike_reauth = _queue_ike_reauth, diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index 3d4ded944..64a82850b 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2008 Tobias Brunner + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -29,7 +29,7 @@ #include #include #include - +#include typedef struct private_child_create_t private_child_create_t; @@ -151,27 +151,27 @@ struct private_child_create_t { /** * Own allocated SPI */ - u_int32_t my_spi; + uint32_t my_spi; /** * SPI received in proposal */ - u_int32_t other_spi; + uint32_t other_spi; /** * Own allocated Compression Parameter Index (CPI) */ - u_int16_t my_cpi; + uint16_t my_cpi; /** * Other Compression Parameter Index (CPI), received via IPCOMP_SUPPORTED */ - u_int16_t other_cpi; + uint16_t other_cpi; /** * reqid to use if we are rekeying */ - u_int32_t reqid; + uint32_t reqid; /** * Explicit inbound mark value @@ -204,6 +204,25 @@ struct private_child_create_t { bool retry; }; +/** + * Schedule a retry if creating the CHILD_SA temporary failed + */ +static void schedule_delayed_retry(private_child_create_t *this) +{ + child_create_t *task; + uint32_t retry; + + retry = RETRY_INTERVAL - (random() % RETRY_JITTER); + + task = child_create_create(this->ike_sa, + this->config->get_ref(this->config), FALSE, + this->packet_tsi, this->packet_tsr); + task->use_reqid(task, this->reqid); + DBG1(DBG_IKE, "creating CHILD_SA failed, trying again in %d seconds", + retry); + this->ike_sa->queue_task_delayed(this->ike_sa, (task_t*)task, retry); +} + /** * get the nonce from a message */ @@ -306,7 +325,7 @@ static bool allocate_spi(private_child_create_t *this) */ static void schedule_inactivity_timeout(private_child_create_t *this) { - u_int32_t timeout, id; + uint32_t timeout, id; bool close_ike; timeout = this->config->get_inactivity(this->config); @@ -386,7 +405,7 @@ static linked_list_t* get_transport_nat_ts(private_child_create_t *this, linked_list_t *out; traffic_selector_t *ts; host_t *ike, *first = NULL; - u_int8_t mask; + uint8_t mask; if (local) { @@ -464,7 +483,7 @@ static status_t select_and_install(private_child_create_t *this, chunk_t integ_i = chunk_empty, integ_r = chunk_empty; linked_list_t *my_ts, *other_ts; host_t *me, *other; - bool private; + bool private, prefer_configured; if (this->proposals == NULL) { @@ -481,8 +500,10 @@ static status_t select_and_install(private_child_create_t *this, other = this->ike_sa->get_other_host(this->ike_sa); private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN); + prefer_configured = lib->settings->get_bool(lib->settings, + "%s.prefer_configured_proposals", TRUE, lib->ns); this->proposal = this->config->select_proposal(this->config, - this->proposals, no_dh, private); + this->proposals, no_dh, private, prefer_configured); if (this->proposal == NULL) { DBG1(DBG_IKE, "no acceptable proposal found"); @@ -501,7 +522,7 @@ static status_t select_and_install(private_child_create_t *this, if (!this->proposal->has_dh_group(this->proposal, this->dh_group)) { - u_int16_t group; + uint16_t group; if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP, &group, NULL)) @@ -798,7 +819,7 @@ static bool build_payloads(private_child_create_t *this, message_t *message) * Adds an IPCOMP_SUPPORTED notify to the message, allocating a CPI */ static void add_ipcomp_notify(private_child_create_t *this, - message_t *message, u_int8_t ipcomp) + message_t *message, uint8_t ipcomp) { this->my_cpi = this->child_sa->alloc_cpi(this->child_sa); if (this->my_cpi) @@ -838,11 +859,11 @@ static void handle_notify(private_child_create_t *this, notify_payload_t *notify case IPCOMP_SUPPORTED: { ipcomp_transform_t ipcomp; - u_int16_t cpi; + uint16_t cpi; chunk_t data; data = notify->get_notification_data(notify); - cpi = *(u_int16_t*)data.ptr; + cpi = *(uint16_t*)data.ptr; ipcomp = (ipcomp_transform_t)(*(data.ptr + 2)); switch (ipcomp) { @@ -1232,13 +1253,13 @@ METHOD(task_t, build_r, status_t, if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING) { DBG1(DBG_IKE, "unable to create CHILD_SA while rekeying IKE_SA"); - message->add_notify(message, TRUE, NO_ADDITIONAL_SAS, chunk_empty); + message->add_notify(message, TRUE, TEMPORARY_FAILURE, chunk_empty); return SUCCESS; } if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING) { DBG1(DBG_IKE, "unable to create CHILD_SA while deleting IKE_SA"); - message->add_notify(message, TRUE, NO_ADDITIONAL_SAS, chunk_empty); + message->add_notify(message, TRUE, TEMPORARY_FAILURE, chunk_empty); return SUCCESS; } @@ -1310,7 +1331,7 @@ METHOD(task_t, build_r, status_t, return SUCCESS; case INVALID_ARG: { - u_int16_t group = htons(this->dh_group); + uint16_t group = htons(this->dh_group); message->add_notify(message, FALSE, INVALID_KE_PAYLOAD, chunk_from_thing(group)); handle_child_sa_failure(this, message); @@ -1441,10 +1462,21 @@ METHOD(task_t, process_i, status_t, /* an error in CHILD_SA creation is not critical */ return SUCCESS; } + case TEMPORARY_FAILURE: + { + DBG1(DBG_IKE, "received %N notify, will retry later", + notify_type_names, type); + enumerator->destroy(enumerator); + if (!this->rekey) + { /* the rekey task will retry itself if necessary */ + schedule_delayed_retry(this); + } + return SUCCESS; + } case INVALID_KE_PAYLOAD: { chunk_t data; - u_int16_t group = MODP_NONE; + uint16_t group = MODP_NONE; data = notify->get_notification_data(notify); if (data.len == sizeof(group)) @@ -1529,7 +1561,7 @@ METHOD(task_t, process_i, status_t, } METHOD(child_create_t, use_reqid, void, - private_child_create_t *this, u_int32_t reqid) + private_child_create_t *this, uint32_t reqid) { this->reqid = reqid; } diff --git a/src/libcharon/sa/ikev2/tasks/child_create.h b/src/libcharon/sa/ikev2/tasks/child_create.h index 46d9403ee..f48d7b0a9 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.h +++ b/src/libcharon/sa/ikev2/tasks/child_create.h @@ -49,7 +49,7 @@ struct child_create_t { * * @param reqid reqid to use */ - void (*use_reqid) (child_create_t *this, u_int32_t reqid); + void (*use_reqid) (child_create_t *this, uint32_t reqid); /** * Use specific mark values to override configuration. diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.c b/src/libcharon/sa/ikev2/tasks/child_delete.c index 877ae0531..6fa8836ac 100644 --- a/src/libcharon/sa/ikev2/tasks/child_delete.c +++ b/src/libcharon/sa/ikev2/tasks/child_delete.c @@ -1,6 +1,7 @@ /* + * Copyright (C) 2009-2016 Tobias Brunner * Copyright (C) 2006-2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -18,7 +19,7 @@ #include #include #include - +#include typedef struct private_child_delete_t private_child_delete_t; @@ -50,7 +51,7 @@ struct private_child_delete_t { /** * Inbound SPI of CHILD_SA to delete */ - u_int32_t spi; + uint32_t spi; /** * whether to enforce delete action policy @@ -86,7 +87,7 @@ static void build_payloads(private_child_delete_t *this, message_t *message) while (enumerator->enumerate(enumerator, (void**)&child_sa)) { protocol_id_t protocol = child_sa->get_protocol(child_sa); - u_int32_t spi = child_sa->get_spi(child_sa, TRUE); + uint32_t spi = child_sa->get_spi(child_sa, TRUE); switch (protocol) { @@ -118,6 +119,33 @@ static void build_payloads(private_child_delete_t *this, message_t *message) enumerator->destroy(enumerator); } +/** + * Check if the given CHILD_SA is the redundant SA created in a rekey collision. + */ +static bool is_redundant(private_child_delete_t *this, child_sa_t *child) +{ + enumerator_t *tasks; + task_t *task; + + tasks = this->ike_sa->create_task_enumerator(this->ike_sa, + TASK_QUEUE_ACTIVE); + while (tasks->enumerate(tasks, &task)) + { + if (task->get_type(task) == TASK_CHILD_REKEY) + { + child_rekey_t *rekey = (child_rekey_t*)task; + + if (rekey->is_redundant(rekey, child)) + { + tasks->destroy(tasks); + return TRUE; + } + } + } + tasks->destroy(tasks); + return FALSE; +} + /** * read in payloads and find the children to delete */ @@ -126,7 +154,7 @@ static void process_payloads(private_child_delete_t *this, message_t *message) enumerator_t *payloads, *spis; payload_t *payload; delete_payload_t *delete_payload; - u_int32_t spi; + uint32_t spi; protocol_id_t protocol; child_sa_t *child_sa; @@ -157,24 +185,31 @@ static void process_payloads(private_child_delete_t *this, message_t *message) switch (child_sa->get_state(child_sa)) { - case CHILD_REKEYING: + case CHILD_REKEYED: this->rekeyed = TRUE; - /* we reply as usual, rekeying will fail */ break; case CHILD_DELETING: /* we don't send back a delete if we initiated ourself */ if (!this->initiator) { - this->ike_sa->destroy_child_sa(this->ike_sa, - protocol, spi); continue; } /* fall through */ + case CHILD_REKEYING: + /* we reply as usual, rekeying will fail */ case CHILD_INSTALLED: if (!this->initiator) - { /* reestablish installed children if required */ - this->check_delete_action = TRUE; + { + if (is_redundant(this, child_sa)) + { + this->rekeyed = TRUE; + } + else + { + this->check_delete_action = TRUE; + } } + break; default: break; } @@ -199,14 +234,14 @@ static status_t destroy_and_reestablish(private_child_delete_t *this) child_sa_t *child_sa; child_cfg_t *child_cfg; protocol_id_t protocol; - u_int32_t spi, reqid; + uint32_t spi, reqid; action_t action; status_t status = SUCCESS; enumerator = this->child_sas->create_enumerator(this->child_sas); while (enumerator->enumerate(enumerator, (void**)&child_sa)) { - /* signal child down event if we are not rekeying */ + /* signal child down event if we weren't rekeying */ if (!this->rekeyed) { charon->bus->child_updown(charon->bus, child_sa, FALSE); @@ -254,7 +289,7 @@ static void log_children(private_child_delete_t *this) linked_list_t *my_ts, *other_ts; enumerator_t *enumerator; child_sa_t *child_sa; - u_int64_t bytes_in, bytes_out; + uint64_t bytes_in, bytes_out; enumerator = this->child_sas->create_enumerator(this->child_sas); while (enumerator->enumerate(enumerator, (void**)&child_sa)) @@ -308,7 +343,7 @@ METHOD(task_t, build_i, status_t, this->spi = child_sa->get_spi(child_sa, TRUE); } this->child_sas->insert_last(this->child_sas, child_sa); - if (child_sa->get_state(child_sa) == CHILD_REKEYING) + if (child_sa->get_state(child_sa) == CHILD_REKEYED) { this->rekeyed = TRUE; } @@ -347,11 +382,7 @@ METHOD(task_t, process_r, status_t, METHOD(task_t, build_r, status_t, private_child_delete_t *this, message_t *message) { - /* if we are rekeying, we send an empty informational */ - if (this->ike_sa->get_state(this->ike_sa) != IKE_REKEYING) - { - build_payloads(this, message); - } + build_payloads(this, message); DBG1(DBG_IKE, "CHILD_SA closed"); return destroy_and_reestablish(this); } @@ -391,7 +422,7 @@ METHOD(task_t, destroy, void, * Described in header. */ child_delete_t *child_delete_create(ike_sa_t *ike_sa, protocol_id_t protocol, - u_int32_t spi, bool expired) + uint32_t spi, bool expired) { private_child_delete_t *this; diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.h b/src/libcharon/sa/ikev2/tasks/child_delete.h index 1ada0699e..1e9b2d2f7 100644 --- a/src/libcharon/sa/ikev2/tasks/child_delete.h +++ b/src/libcharon/sa/ikev2/tasks/child_delete.h @@ -56,6 +56,6 @@ struct child_delete_t { * @return child_delete task to handle by the task_manager */ child_delete_t *child_delete_create(ike_sa_t *ike_sa, protocol_id_t protocol, - u_int32_t spi, bool expired); + uint32_t spi, bool expired); #endif /** CHILD_DELETE_H_ @}*/ diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c index 6f0c2b2c7..c04ec141f 100644 --- a/src/libcharon/sa/ikev2/tasks/child_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c @@ -1,7 +1,8 @@ /* + * Copyright (C) 2009-2016 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -54,7 +55,7 @@ struct private_child_rekey_t { /** * Inbound SPI of CHILD_SA to rekey */ - u_int32_t spi; + uint32_t spi; /** * the CHILD_CREATE task which is reused to simplify rekeying @@ -91,7 +92,7 @@ struct private_child_rekey_t { */ static void schedule_delayed_rekey(private_child_rekey_t *this) { - u_int32_t retry; + uint32_t retry; job_t *job; retry = RETRY_INTERVAL - (random() % RETRY_JITTER); @@ -130,7 +131,7 @@ static void find_child(private_child_rekey_t *this, message_t *message) { notify_payload_t *notify; protocol_id_t protocol; - u_int32_t spi; + uint32_t spi; notify = message->get_notify(message, REKEY_SA); if (notify) @@ -150,7 +151,7 @@ METHOD(task_t, build_i, status_t, private_child_rekey_t *this, message_t *message) { notify_payload_t *notify; - u_int32_t reqid; + uint32_t reqid; child_cfg_t *config; this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol, @@ -159,14 +160,21 @@ METHOD(task_t, build_i, status_t, { /* check if it is an outbound CHILD_SA */ this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol, this->spi, FALSE); - if (!this->child_sa) - { /* CHILD_SA is gone, unable to rekey. As an empty CREATE_CHILD_SA - * exchange is invalid, we fall back to an INFORMATIONAL exchange.*/ - message->set_exchange_type(message, INFORMATIONAL); - return SUCCESS; + if (this->child_sa) + { + /* we work only with the inbound SPI */ + this->spi = this->child_sa->get_spi(this->child_sa, TRUE); } - /* we work only with the inbound SPI */ - this->spi = this->child_sa->get_spi(this->child_sa, TRUE); + } + if (!this->child_sa || + (!this->child_create && + this->child_sa->get_state(this->child_sa) != CHILD_INSTALLED) || + (this->child_create && + this->child_sa->get_state(this->child_sa) != CHILD_REKEYING)) + { + /* CHILD_SA is gone or in the wrong state, unable to rekey */ + message->set_exchange_type(message, EXCHANGE_TYPE_UNDEFINED); + return SUCCESS; } config = this->child_sa->get_config(this->child_sa); @@ -217,13 +225,19 @@ METHOD(task_t, build_r, status_t, private_child_rekey_t *this, message_t *message) { child_cfg_t *config; - u_int32_t reqid; + uint32_t reqid; + child_sa_state_t state; - if (this->child_sa == NULL || - this->child_sa->get_state(this->child_sa) == CHILD_DELETING) + if (!this->child_sa) { DBG1(DBG_IKE, "unable to rekey, CHILD_SA not found"); - message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty); + message->add_notify(message, TRUE, CHILD_SA_NOT_FOUND, chunk_empty); + return SUCCESS; + } + if (this->child_sa->get_state(this->child_sa) == CHILD_DELETING) + { + DBG1(DBG_IKE, "unable to rekey, we are deleting the CHILD_SA"); + message->add_notify(message, TRUE, TEMPORARY_FAILURE, chunk_empty); return SUCCESS; } @@ -237,14 +251,16 @@ METHOD(task_t, build_r, status_t, this->child_create->set_config(this->child_create, config->get_ref(config)); this->child_create->task.build(&this->child_create->task, message); + state = this->child_sa->get_state(this->child_sa); + this->child_sa->set_state(this->child_sa, CHILD_REKEYING); + if (message->get_payload(message, PLV2_SECURITY_ASSOCIATION) == NULL) - { - /* rekeying failed, reuse old child */ - this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); + { /* rekeying failed, reuse old child */ + this->child_sa->set_state(this->child_sa, state); return SUCCESS; } - this->child_sa->set_state(this->child_sa, CHILD_REKEYING); + this->child_sa->set_state(this->child_sa, CHILD_REKEYED); /* invoke rekey hook */ charon->bus->child_rekey(charon->bus, this->child_sa, @@ -284,9 +300,9 @@ static child_sa_t *handle_collision(private_child_rekey_t *this) if (child_sa) { child_sa->set_close_action(child_sa, ACTION_NONE); - if (child_sa->get_state(child_sa) != CHILD_REKEYING) + if (child_sa->get_state(child_sa) != CHILD_REKEYED) { - child_sa->set_state(child_sa, CHILD_REKEYING); + child_sa->set_state(child_sa, CHILD_REKEYED); } } } @@ -324,7 +340,7 @@ METHOD(task_t, process_i, status_t, private_child_rekey_t *this, message_t *message) { protocol_id_t protocol; - u_int32_t spi; + uint32_t spi; child_sa_t *to_delete; if (message->get_notify(message, NO_ADDITIONAL_SAS)) @@ -337,6 +353,34 @@ METHOD(task_t, process_i, status_t, this->ike_sa->get_id(this->ike_sa), TRUE)); return SUCCESS; } + if (message->get_notify(message, CHILD_SA_NOT_FOUND)) + { + child_cfg_t *child_cfg; + uint32_t reqid; + + if (this->collision && + this->collision->get_type(this->collision) == TASK_CHILD_DELETE) + { /* ignore this error if we already deleted the CHILD_SA on the + * peer's behalf (could happen if the other peer does not detect + * the collision and did not respond with TEMPORARY_FAILURE) */ + return SUCCESS; + } + DBG1(DBG_IKE, "peer didn't find the CHILD_SA we tried to rekey"); + /* FIXME: according to RFC 7296 we should only create a new CHILD_SA if + * it does not exist yet, we currently have no good way of checking for + * that (we could go by name, but that might be tricky e.g. due to + * narrowing) */ + spi = this->child_sa->get_spi(this->child_sa, TRUE); + reqid = this->child_sa->get_reqid(this->child_sa); + protocol = this->child_sa->get_protocol(this->child_sa); + child_cfg = this->child_sa->get_config(this->child_sa); + child_cfg->get_ref(child_cfg); + charon->bus->child_updown(charon->bus, this->child_sa, FALSE); + this->ike_sa->destroy_child_sa(this->ike_sa, protocol, spi); + return this->ike_sa->initiate(this->ike_sa, + child_cfg->get_ref(child_cfg), reqid, + NULL, NULL); + } if (this->child_create->task.process(&this->child_create->task, message) == NEED_MORE) @@ -346,10 +390,10 @@ METHOD(task_t, process_i, status_t, } if (message->get_payload(message, PLV2_SECURITY_ASSOCIATION) == NULL) { - /* establishing new child failed, reuse old. but not when we - * received a delete in the meantime */ - if (!(this->collision && - this->collision->get_type(this->collision) == TASK_CHILD_DELETE)) + /* establishing new child failed, reuse old and try again. but not when + * we received a delete in the meantime */ + if (!this->collision || + this->collision->get_type(this->collision) != TASK_CHILD_DELETE) { schedule_delayed_rekey(this); } @@ -377,9 +421,9 @@ METHOD(task_t, process_i, status_t, return SUCCESS; } /* disable updown event for redundant CHILD_SA */ - if (to_delete->get_state(to_delete) != CHILD_REKEYING) + if (to_delete->get_state(to_delete) != CHILD_REKEYED) { - to_delete->set_state(to_delete, CHILD_REKEYING); + to_delete->set_state(to_delete, CHILD_REKEYED); } spi = to_delete->get_spi(to_delete, TRUE); protocol = to_delete->get_protocol(to_delete); @@ -398,6 +442,18 @@ METHOD(task_t, get_type, task_type_t, return TASK_CHILD_REKEY; } +METHOD(child_rekey_t, is_redundant, bool, + private_child_rekey_t *this, child_sa_t *child) +{ + if (this->collision && + this->collision->get_type(this->collision) == TASK_CHILD_REKEY) + { + private_child_rekey_t *rekey = (private_child_rekey_t*)this->collision; + return child == rekey->child_create->get_child(rekey->child_create); + } + return FALSE; +} + METHOD(child_rekey_t, collide, void, private_child_rekey_t *this, task_t *other) { @@ -406,9 +462,18 @@ METHOD(child_rekey_t, collide, void, if (other->get_type(other) == TASK_CHILD_REKEY) { private_child_rekey_t *rekey = (private_child_rekey_t*)other; + child_sa_t *other_child; + if (rekey->child_sa != this->child_sa) + { /* not the same child => no collision */ + other->destroy(other); + return; + } + /* ignore passive tasks that did not successfully create a CHILD_SA */ + other_child = rekey->child_create->get_child(rekey->child_create); + if (!other_child || + other_child->get_state(other_child) != CHILD_INSTALLED) { - /* not the same child => no collision */ other->destroy(other); return; } @@ -416,19 +481,11 @@ METHOD(child_rekey_t, collide, void, else if (other->get_type(other) == TASK_CHILD_DELETE) { child_delete_t *del = (child_delete_t*)other; - if (this->collision && - this->collision->get_type(this->collision) == TASK_CHILD_REKEY) + if (is_redundant(this, del->get_child(del))) { - private_child_rekey_t *rekey; - - rekey = (private_child_rekey_t*)this->collision; - if (del->get_child(del) == rekey->child_create->get_child(rekey->child_create)) - { - /* peer deletes redundant child created in collision */ - this->other_child_destroyed = TRUE; - other->destroy(other); - return; - } + this->other_child_destroyed = TRUE; + other->destroy(other); + return; } if (del->get_child(del) != this->child_sa) { @@ -439,7 +496,7 @@ METHOD(child_rekey_t, collide, void, } else { - /* any other task is not critical for collisisions, ignore */ + /* any other task is not critical for collisions, ignore */ other->destroy(other); return; } @@ -485,7 +542,7 @@ METHOD(task_t, destroy, void, * Described in header. */ child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol, - u_int32_t spi) + uint32_t spi) { private_child_rekey_t *this; @@ -496,6 +553,7 @@ child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol, .migrate = _migrate, .destroy = _destroy, }, + .is_redundant = _is_redundant, .collide = _collide, }, .ike_sa = ike_sa, diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.h b/src/libcharon/sa/ikev2/tasks/child_rekey.h index 23384653d..0ad1a062d 100644 --- a/src/libcharon/sa/ikev2/tasks/child_rekey.h +++ b/src/libcharon/sa/ikev2/tasks/child_rekey.h @@ -1,6 +1,7 @@ /* + * Copyright (C) 2016 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -39,13 +40,25 @@ struct child_rekey_t { task_t task; /** - * Register a rekeying task which collides with this one + * Check if the given SA is the redundant CHILD_SA created during a rekey + * collision. + * + * This is called if the other peer deletes the redundant SA before we were + * able to handle the CREATE_CHILD_SA response. + * + * @param child CHILD_SA to check + * @return TRUE if the SA is the redundant CHILD_SA + */ + bool (*is_redundant)(child_rekey_t *this, child_sa_t *child); + + /** + * Register a rekeying/delete task which collides with this one * * If two peers initiate rekeying at the same time, the collision must * be handled gracefully. The task manager is aware of what exchanges - * are going on and notifies the outgoing task by passing the incoming. + * are going on and notifies the active task by passing the passive. * - * @param other incoming task + * @param other passive task (adopted) */ void (*collide)(child_rekey_t* this, task_t *other); }; @@ -59,6 +72,6 @@ struct child_rekey_t { * @return child_rekey task to handle by the task_manager */ child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol, - u_int32_t spi); + uint32_t spi); #endif /** CHILD_REKEY_H_ @}*/ diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c index 79a436fbf..036910d0e 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_auth.c +++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c @@ -186,7 +186,7 @@ static status_t collect_other_init_data(private_ike_auth_t *this, */ static void get_reserved_id_bytes(private_ike_auth_t *this, id_payload_t *id) { - u_int8_t *byte; + uint8_t *byte; int i; for (i = 0; i < countof(this->reserved); i++) @@ -564,6 +564,10 @@ METHOD(task_t, process_r, status_t, this->ike_sa->enable_extension(this->ike_sa, EXT_EAP_ONLY_AUTHENTICATION); } + if (message->get_notify(message, INITIAL_CONTACT)) + { + this->initial_contact = TRUE; + } } if (this->other_auth == NULL) @@ -652,14 +656,6 @@ METHOD(task_t, process_r, status_t, return NEED_MORE; } - /* If authenticated (with non-EAP) and received INITIAL_CONTACT, - * delete any existing IKE_SAs with that peer. */ - if (message->get_message_id(message) == 1 && - message->get_notify(message, INITIAL_CONTACT)) - { - this->initial_contact = TRUE; - } - /* another auth round done, invoke authorize hook */ if (!charon->bus->authorize(charon->bus, FALSE)) { @@ -749,13 +745,6 @@ METHOD(task_t, build_r, status_t, get_reserved_id_bytes(this, id_payload); message->add_payload(message, (payload_t*)id_payload); - if (this->initial_contact) - { - charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager, - this->ike_sa, TRUE); - this->initial_contact = FALSE; - } - if ((uintptr_t)cfg->get(cfg, AUTH_RULE_AUTH_CLASS) == AUTH_CLASS_EAP) { /* EAP-only authentication */ if (!this->ike_sa->supports_extension(this->ike_sa, @@ -830,7 +819,7 @@ METHOD(task_t, build_r, status_t, } if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager, - this->ike_sa, FALSE)) + this->ike_sa, this->initial_contact)) { DBG1(DBG_IKE, "cancelling IKE_SA setup due to uniqueness policy"); charon->bus->alert(charon->bus, ALERT_UNIQUE_KEEP); diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c index a7d162e68..47b0a3ed1 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c +++ b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c @@ -45,14 +45,14 @@ struct private_ike_auth_lifetime_t { static void add_auth_lifetime(private_ike_auth_lifetime_t *this, message_t *message) { chunk_t chunk; - u_int32_t lifetime; + uint32_t lifetime; lifetime = this->ike_sa->get_statistic(this->ike_sa, STAT_REAUTH); if (lifetime) { lifetime -= time_monotonic(NULL); chunk = chunk_from_thing(lifetime); - *(u_int32_t*)chunk.ptr = htonl(lifetime); + *(uint32_t*)chunk.ptr = htonl(lifetime); message->add_notify(message, FALSE, AUTH_LIFETIME, chunk); } } @@ -64,13 +64,13 @@ static void process_payloads(private_ike_auth_lifetime_t *this, message_t *messa { notify_payload_t *notify; chunk_t data; - u_int32_t lifetime; + uint32_t lifetime; notify = message->get_notify(message, AUTH_LIFETIME); if (notify) { data = notify->get_notification_data(notify); - lifetime = ntohl(*(u_int32_t*)data.ptr); + lifetime = ntohl(*(uint32_t*)data.ptr); this->ike_sa->set_auth_lifetime(this->ike_sa, lifetime); } } diff --git a/src/libcharon/sa/ikev2/tasks/ike_delete.c b/src/libcharon/sa/ikev2/tasks/ike_delete.c index e972dba07..fd36b144a 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_delete.c +++ b/src/libcharon/sa/ikev2/tasks/ike_delete.c @@ -1,6 +1,7 @@ /* + * Copyright (C) 2016 Tobias Brunner * Copyright (C) 2006-2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -17,7 +18,7 @@ #include #include - +#include typedef struct private_ike_delete_t private_ike_delete_t; @@ -45,11 +46,6 @@ struct private_ike_delete_t { * are we deleting a rekeyed SA? */ bool rekeyed; - - /** - * are we responding to a delete, but have initated our own? - */ - bool simultaneous; }; METHOD(task_t, build_i, status_t, @@ -68,7 +64,8 @@ METHOD(task_t, build_i, status_t, delete_payload = delete_payload_create(PLV2_DELETE, PROTO_IKE); message->add_payload(message, (payload_t*)delete_payload); - if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING) + if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING || + this->ike_sa->get_state(this->ike_sa) == IKE_REKEYED) { this->rekeyed = TRUE; } @@ -93,6 +90,33 @@ METHOD(task_t, process_i, status_t, return DESTROY_ME; } +/** + * Check if this delete happened after a rekey collsion + */ +static bool after_rekey_collision(private_ike_delete_t *this) +{ + enumerator_t *tasks; + task_t *task; + + tasks = this->ike_sa->create_task_enumerator(this->ike_sa, + TASK_QUEUE_ACTIVE); + while (tasks->enumerate(tasks, &task)) + { + if (task->get_type(task) == TASK_IKE_REKEY) + { + ike_rekey_t *rekey = (ike_rekey_t*)task; + + if (rekey->did_collide(rekey)) + { + tasks->destroy(tasks); + return TRUE; + } + } + } + tasks->destroy(tasks); + return FALSE; +} + METHOD(task_t, process_r, status_t, private_ike_delete_t *this, message_t *message) { @@ -119,16 +143,24 @@ METHOD(task_t, process_r, status_t, switch (this->ike_sa->get_state(this->ike_sa)) { + case IKE_REKEYING: + /* if the peer concurrently deleted the IKE_SA we treat this as + * regular delete. however, in case the peer did not detect a rekey + * collision it will delete the replaced IKE_SA if we are still in + * state IKE_REKEYING */ + if (after_rekey_collision(this)) + { + this->rekeyed = TRUE; + break; + } + /* fall-through */ case IKE_ESTABLISHED: this->ike_sa->set_state(this->ike_sa, IKE_DELETING); this->ike_sa->reestablish(this->ike_sa); return NEED_MORE; - case IKE_REKEYING: + case IKE_REKEYED: this->rekeyed = TRUE; break; - case IKE_DELETING: - this->simultaneous = TRUE; - break; default: break; } @@ -141,11 +173,6 @@ METHOD(task_t, build_r, status_t, { DBG0(DBG_IKE, "IKE_SA deleted"); - if (this->simultaneous) - { - /* wait for peer's response for our delete request */ - return SUCCESS; - } if (!this->rekeyed) { /* invoke ike_down() hook if SA has not been rekeyed */ charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); @@ -164,7 +191,6 @@ METHOD(task_t, migrate, void, private_ike_delete_t *this, ike_sa_t *ike_sa) { this->ike_sa = ike_sa; - this->simultaneous = FALSE; } METHOD(task_t, destroy, void, diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c index 78579be95..801b6d8f3 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_init.c +++ b/src/libcharon/sa/ikev2/tasks/ike_init.c @@ -221,7 +221,7 @@ static void handle_supported_hash_algorithms(private_ike_init_t *this, notify_payload_t *notify) { bio_reader_t *reader; - u_int16_t algo; + uint16_t algo; bool added = FALSE; reader = bio_reader_create(notify->get_notification_data(notify)); @@ -373,13 +373,15 @@ static void process_payloads(private_ike_init_t *this, message_t *message) { sa_payload_t *sa_payload = (sa_payload_t*)payload; linked_list_t *proposal_list; - bool private; + bool private, prefer_configured; proposal_list = sa_payload->get_proposals(sa_payload); private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN); + prefer_configured = lib->settings->get_bool(lib->settings, + "%s.prefer_configured_proposals", TRUE, lib->ns); this->proposal = this->config->select_proposal(this->config, - proposal_list, private); + proposal_list, private, prefer_configured); if (!this->proposal) { charon->bus->alert(charon->bus, ALERT_PROPOSAL_MISMATCH_IKE, @@ -633,7 +635,7 @@ METHOD(task_t, build_r, status_t, if (this->dh == NULL || !this->proposal->has_dh_group(this->proposal, this->dh_group)) { - u_int16_t group; + uint16_t group; if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP, &group, NULL)) @@ -765,7 +767,7 @@ METHOD(task_t, process_i, status_t, bad_group = this->dh_group; data = notify->get_notification_data(notify); - this->dh_group = ntohs(*((u_int16_t*)data.ptr)); + this->dh_group = ntohs(*((uint16_t*)data.ptr)); DBG1(DBG_IKE, "peer didn't accept DH group %N, " "it requested %N", diffie_hellman_group_names, bad_group, diffie_hellman_group_names, this->dh_group); diff --git a/src/libcharon/sa/ikev2/tasks/ike_me.c b/src/libcharon/sa/ikev2/tasks/ike_me.c index 10d412ffd..f077ccfb5 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_me.c +++ b/src/libcharon/sa/ikev2/tasks/ike_me.c @@ -128,7 +128,7 @@ static void gather_and_add_endpoints(private_ike_me_t *this, message_t *message) { enumerator_t *enumerator; host_t *addr, *host; - u_int16_t port; + uint16_t port; /* get the port that is used to communicate with the ms */ host = this->ike_sa->get_my_host(this->ike_sa); diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.c b/src/libcharon/sa/ikev2/tasks/ike_mobike.c index 3f7bb175f..dc0f24fb8 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_mobike.c +++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.c @@ -299,7 +299,7 @@ static void update_children(private_ike_mobike_t *this) /** * Apply the port of the old host, if its ip equals the new, use port otherwise. */ -static void apply_port(host_t *host, host_t *old, u_int16_t port, bool local) +static void apply_port(host_t *host, host_t *old, uint16_t port, bool local) { if (host->ip_equals(host, old)) { diff --git a/src/libcharon/sa/ikev2/tasks/ike_natd.c b/src/libcharon/sa/ikev2/tasks/ike_natd.c index 4bf5264dd..f3f32d7af 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_natd.c +++ b/src/libcharon/sa/ikev2/tasks/ike_natd.c @@ -99,8 +99,8 @@ static chunk_t generate_natd_hash(private_ike_natd_t *this, { chunk_t natd_chunk, spi_i_chunk, spi_r_chunk, addr_chunk, port_chunk; chunk_t natd_hash; - u_int64_t spi_i, spi_r; - u_int16_t port; + uint64_t spi_i, spi_r; + uint16_t port; /* prepare all required chunks */ spi_i = ike_sa_id->get_initiator_spi(ike_sa_id); @@ -142,7 +142,7 @@ static notify_payload_t *build_natd_payload(private_ike_natd_t *this, config = this->ike_sa->get_ike_cfg(this->ike_sa); if (force_encap(config) && type == NAT_DETECTION_SOURCE_IP) { - u_int32_t addr; + uint32_t addr; /* chunk_hash() is randomly keyed so this produces a random IPv4 address * that changes with every restart but otherwise stays the same */ diff --git a/src/libcharon/sa/ikev2/tasks/ike_rekey.c b/src/libcharon/sa/ikev2/tasks/ike_rekey.c index eaba04e3a..2f0552a33 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/ike_rekey.c @@ -1,7 +1,8 @@ /* + * Copyright (C) 2015-2016 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -66,8 +67,29 @@ struct private_ike_rekey_t { * colliding task detected by the task manager */ task_t *collision; + + /** + * TRUE if rekeying can't be handled temporarily + */ + bool failed_temporarily; }; +/** + * Schedule a retry if rekeying temporary failed + */ +static void schedule_delayed_rekey(private_ike_rekey_t *this) +{ + uint32_t retry; + job_t *job; + + retry = RETRY_INTERVAL - (random() % RETRY_JITTER); + job = (job_t*)rekey_ike_sa_job_create( + this->ike_sa->get_id(this->ike_sa), FALSE); + DBG1(DBG_IKE, "IKE_SA rekeying failed, trying again in %d seconds", retry); + this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED); + lib->scheduler->schedule_job(lib->scheduler, job, retry); +} + /** * Check if an IKE_SA has any queued tasks, return initiation job */ @@ -83,7 +105,6 @@ static job_t* check_queued_tasks(ike_sa_t *ike_sa) job = (job_t*)initiate_tasks_job_create(ike_sa->get_id(ike_sa)); } enumerator->destroy(enumerator); - return job; } @@ -117,20 +138,9 @@ static void establish_new(private_ike_rekey_t *this) } this->new_sa = NULL; charon->bus->set_sa(charon->bus, this->ike_sa); - } -} -METHOD(task_t, process_r_delete, status_t, - private_ike_rekey_t *this, message_t *message) -{ - establish_new(this); - return this->ike_delete->task.process(&this->ike_delete->task, message); -} - -METHOD(task_t, build_r_delete, status_t, - private_ike_rekey_t *this, message_t *message) -{ - return this->ike_delete->task.build(&this->ike_delete->task, message); + this->ike_sa->set_state(this->ike_sa, IKE_REKEYED); + } } METHOD(task_t, build_i_delete, status_t, @@ -172,36 +182,59 @@ METHOD(task_t, build_i, status_t, return NEED_MORE; } -METHOD(task_t, process_r, status_t, - private_ike_rekey_t *this, message_t *message) +/** + * Check if there are any half-open children + */ +static bool have_half_open_children(private_ike_rekey_t *this) { enumerator_t *enumerator; child_sa_t *child_sa; - - if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING) - { - DBG1(DBG_IKE, "peer initiated rekeying, but we are deleting"); - return NEED_MORE; - } + task_t *task; enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa); while (enumerator->enumerate(enumerator, (void**)&child_sa)) { switch (child_sa->get_state(child_sa)) { - case CHILD_CREATED: case CHILD_REKEYING: case CHILD_RETRYING: case CHILD_DELETING: - /* we do not allow rekeying while we have children in-progress */ - DBG1(DBG_IKE, "peer initiated rekeying, but a child is half-open"); enumerator->destroy(enumerator); - return NEED_MORE; + return TRUE; default: break; } } enumerator->destroy(enumerator); + enumerator = this->ike_sa->create_task_enumerator(this->ike_sa, + TASK_QUEUE_ACTIVE); + while (enumerator->enumerate(enumerator, (void**)&task)) + { + if (task->get_type(task) == TASK_CHILD_CREATE) + { + enumerator->destroy(enumerator); + return TRUE; + } + } + enumerator->destroy(enumerator); + return FALSE; +} + +METHOD(task_t, process_r, status_t, + private_ike_rekey_t *this, message_t *message) +{ + if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING) + { + DBG1(DBG_IKE, "peer initiated rekeying, but we are deleting"); + this->failed_temporarily = TRUE; + return NEED_MORE; + } + if (have_half_open_children(this)) + { + DBG1(DBG_IKE, "peer initiated rekeying, but a child is half-open"); + this->failed_temporarily = TRUE; + return NEED_MORE; + } this->new_sa = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, this->ike_sa->get_version(this->ike_sa), FALSE); @@ -219,33 +252,57 @@ METHOD(task_t, process_r, status_t, METHOD(task_t, build_r, status_t, private_ike_rekey_t *this, message_t *message) { + if (this->failed_temporarily) + { + message->add_notify(message, TRUE, TEMPORARY_FAILURE, chunk_empty); + return SUCCESS; + } if (this->new_sa == NULL) { /* IKE_SA/a CHILD_SA is in an inacceptable state, deny rekeying */ message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty); return SUCCESS; } - if (this->ike_init->task.build(&this->ike_init->task, message) == FAILED) { + this->ike_init->task.destroy(&this->ike_init->task); + this->ike_init = NULL; charon->bus->set_sa(charon->bus, this->ike_sa); return SUCCESS; } charon->bus->set_sa(charon->bus, this->ike_sa); - this->ike_sa->set_state(this->ike_sa, IKE_REKEYING); - /* rekeying successful, delete the IKE_SA using a subtask */ - this->ike_delete = ike_delete_create(this->ike_sa, FALSE); - this->public.task.build = _build_r_delete; - this->public.task.process = _process_r_delete; - - /* the peer does have to delete the IKE_SA. If it does not, we get a - * unusable IKE_SA in REKEYING state without a replacement. We consider - * this a timeout condition by the peer, and trigger a delete actively. */ - lib->scheduler->schedule_job(lib->scheduler, (job_t*) - delete_ike_sa_job_create(this->ike_sa->get_id(this->ike_sa), TRUE), 90); + if (this->ike_sa->get_state(this->ike_sa) != IKE_REKEYING) + { /* in case of a collision we let the initiating task handle this */ + establish_new(this); + /* make sure the IKE_SA is gone in case the peer fails to delete it */ + lib->scheduler->schedule_job(lib->scheduler, (job_t*) + delete_ike_sa_job_create(this->ike_sa->get_id(this->ike_sa), TRUE), + 90); + } + return SUCCESS; +} - return NEED_MORE; +/** + * Conclude any undetected rekey collision. + * + * If the peer does not detect the collision it will delete this IKE_SA. + * Depending on when our request reaches the peer and we receive the delete + * this may get called at different times. + * + * Returns TRUE if there was a collision, FALSE otherwise. + */ +static bool conclude_undetected_collision(private_ike_rekey_t *this) +{ + if (this->collision && + this->collision->get_type(this->collision) == TASK_IKE_REKEY) + { + DBG1(DBG_IKE, "peer did not notice IKE_SA rekey collision, abort " + "active rekeying"); + establish_new((private_ike_rekey_t*)this->collision); + return TRUE; + } + return FALSE; } METHOD(task_t, process_i, status_t, @@ -266,18 +323,9 @@ METHOD(task_t, process_i, status_t, { case FAILED: /* rekeying failed, fallback to old SA */ - if (!(this->collision && ( - this->collision->get_type(this->collision) == TASK_IKE_DELETE || - this->collision->get_type(this->collision) == TASK_IKE_REAUTH))) + if (!conclude_undetected_collision(this)) { - job_t *job; - u_int32_t retry = RETRY_INTERVAL - (random() % RETRY_JITTER); - job = (job_t*)rekey_ike_sa_job_create( - this->ike_sa->get_id(this->ike_sa), FALSE); - DBG1(DBG_IKE, "IKE_SA rekeying failed, " - "trying again in %d seconds", retry); - this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED); - lib->scheduler->schedule_job(lib->scheduler, job, retry); + schedule_delayed_rekey(this); } return SUCCESS; case NEED_MORE: @@ -293,55 +341,53 @@ METHOD(task_t, process_i, status_t, this->collision->get_type(this->collision) == TASK_IKE_REKEY) { private_ike_rekey_t *other = (private_ike_rekey_t*)this->collision; + host_t *host; + chunk_t this_nonce, other_nonce; - /* ike_init can be NULL, if child_sa is half-open */ - if (other->ike_init) - { - host_t *host; - chunk_t this_nonce, other_nonce; - - this_nonce = this->ike_init->get_lower_nonce(this->ike_init); - other_nonce = other->ike_init->get_lower_nonce(other->ike_init); + this_nonce = this->ike_init->get_lower_nonce(this->ike_init); + other_nonce = other->ike_init->get_lower_nonce(other->ike_init); - /* if we have the lower nonce, delete rekeyed SA. If not, delete - * the redundant. */ - if (memcmp(this_nonce.ptr, other_nonce.ptr, - min(this_nonce.len, other_nonce.len)) > 0) + /* if we have the lower nonce, delete rekeyed SA. If not, delete + * the redundant. */ + if (memcmp(this_nonce.ptr, other_nonce.ptr, + min(this_nonce.len, other_nonce.len)) < 0) + { + DBG1(DBG_IKE, "IKE_SA rekey collision lost, deleting redundant " + "IKE_SA %s[%d]", this->new_sa->get_name(this->new_sa), + this->new_sa->get_unique_id(this->new_sa)); + /* apply host for a proper delete */ + host = this->ike_sa->get_my_host(this->ike_sa); + this->new_sa->set_my_host(this->new_sa, host->clone(host)); + host = this->ike_sa->get_other_host(this->ike_sa); + this->new_sa->set_other_host(this->new_sa, host->clone(host)); + /* IKE_SAs in state IKE_REKEYED are silently deleted, so we use + * IKE_REKEYING */ + this->new_sa->set_state(this->new_sa, IKE_REKEYING); + if (this->new_sa->delete(this->new_sa) == DESTROY_ME) { - /* peer should delete this SA. Add a timeout just in case. */ - job_t *job = (job_t*)delete_ike_sa_job_create( - other->new_sa->get_id(other->new_sa), TRUE); - lib->scheduler->schedule_job(lib->scheduler, job, 10); - DBG1(DBG_IKE, "IKE_SA rekey collision won, waiting for delete"); - charon->ike_sa_manager->checkin(charon->ike_sa_manager, other->new_sa); - other->new_sa = NULL; + this->new_sa->destroy(this->new_sa); } else { - DBG1(DBG_IKE, "IKE_SA rekey collision lost, " - "deleting redundant IKE_SA"); - /* apply host for a proper delete */ - host = this->ike_sa->get_my_host(this->ike_sa); - this->new_sa->set_my_host(this->new_sa, host->clone(host)); - host = this->ike_sa->get_other_host(this->ike_sa); - this->new_sa->set_other_host(this->new_sa, host->clone(host)); - this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED); - this->new_sa->set_state(this->new_sa, IKE_REKEYING); - if (this->new_sa->delete(this->new_sa) == DESTROY_ME) - { - this->new_sa->destroy(this->new_sa); - } - else - { - charon->ike_sa_manager->checkin( - charon->ike_sa_manager, this->new_sa); - } - charon->bus->set_sa(charon->bus, this->ike_sa); - this->new_sa = NULL; - establish_new(other); - return SUCCESS; + charon->ike_sa_manager->checkin(charon->ike_sa_manager, + this->new_sa); } + charon->bus->set_sa(charon->bus, this->ike_sa); + this->new_sa = NULL; + establish_new(other); + return SUCCESS; } + /* peer should delete this SA. Add a timeout just in case. */ + job_t *job = (job_t*)delete_ike_sa_job_create( + other->new_sa->get_id(other->new_sa), TRUE); + lib->scheduler->schedule_job(lib->scheduler, job, + HALF_OPEN_IKE_SA_TIMEOUT); + DBG1(DBG_IKE, "IKE_SA rekey collision won, waiting for delete for " + "redundant IKE_SA %s[%d]", other->new_sa->get_name(other->new_sa), + other->new_sa->get_unique_id(other->new_sa)); + other->new_sa->set_state(other->new_sa, IKE_REKEYED); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, other->new_sa); + other->new_sa = NULL; charon->bus->set_sa(charon->bus, this->ike_sa); } @@ -361,11 +407,41 @@ METHOD(task_t, get_type, task_type_t, return TASK_IKE_REKEY; } +METHOD(ike_rekey_t, did_collide, bool, + private_ike_rekey_t *this) +{ + return this->collision && + this->collision->get_type(this->collision) == TASK_IKE_REKEY; +} + METHOD(ike_rekey_t, collide, void, private_ike_rekey_t* this, task_t *other) { DBG1(DBG_IKE, "detected %N collision with %N", task_type_names, TASK_IKE_REKEY, task_type_names, other->get_type(other)); + + switch (other->get_type(other)) + { + case TASK_IKE_DELETE: + conclude_undetected_collision(this); + other->destroy(other); + return; + case TASK_IKE_REKEY: + { + private_ike_rekey_t *rekey = (private_ike_rekey_t*)other; + + if (!rekey->ike_init) + { + DBG1(DBG_IKE, "colliding exchange did not result in an IKE_SA, " + "ignore"); + other->destroy(other); + return; + } + break; + } + default: + break; + } DESTROY_IF(this->collision); this->collision = other; } @@ -425,6 +501,7 @@ ike_rekey_t *ike_rekey_create(ike_sa_t *ike_sa, bool initiator) .migrate = _migrate, .destroy = _destroy, }, + .did_collide = _did_collide, .collide = _collide, }, .ike_sa = ike_sa, diff --git a/src/libcharon/sa/ikev2/tasks/ike_rekey.h b/src/libcharon/sa/ikev2/tasks/ike_rekey.h index 6a12e9034..86b512c92 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_rekey.h +++ b/src/libcharon/sa/ikev2/tasks/ike_rekey.h @@ -1,6 +1,7 @@ /* + * Copyright (C) 2016 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -37,6 +38,13 @@ struct ike_rekey_t { */ task_t task; + /** + * Check if there was a rekey collision. + * + * @return TRUE if there was a rekey collision before + */ + bool (*did_collide)(ike_rekey_t *this); + /** * Register a rekeying task which collides with this one. * diff --git a/src/libcharon/sa/redirect_manager.c b/src/libcharon/sa/redirect_manager.c index ff92ac29f..45b7e79df 100644 --- a/src/libcharon/sa/redirect_manager.c +++ b/src/libcharon/sa/redirect_manager.c @@ -248,7 +248,7 @@ identification_t *redirect_data_parse(chunk_t data, chunk_t *nonce) bio_reader_t *reader; id_type_t id_type; chunk_t gateway; - u_int8_t type; + uint8_t type; reader = bio_reader_create(data); if (!reader->read_uint8(reader, &type) || diff --git a/src/libcharon/sa/shunt_manager.c b/src/libcharon/sa/shunt_manager.c index 0e9cf6e1f..40e291be5 100644 --- a/src/libcharon/sa/shunt_manager.c +++ b/src/libcharon/sa/shunt_manager.c @@ -1,6 +1,6 @@ /* - * Copyright (C) 2015 Tobias Brunner - * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2015-2016 Tobias Brunner + * Copyright (C) 2011-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -68,6 +68,8 @@ static bool install_shunt_policy(child_cfg_t *child) policy_type_t policy_type; policy_priority_t policy_prio; status_t status = SUCCESS; + uint32_t manual_prio; + char *interface; ipsec_sa_cfg_t sa = { .mode = MODE_TRANSPORT }; switch (child->get_mode(child)) @@ -92,6 +94,9 @@ static bool install_shunt_policy(child_cfg_t *child) other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts); hosts->destroy(hosts); + manual_prio = child->get_manual_prio(child); + interface = child->get_interface(child); + /* enumerate pairs of traffic selectors */ e_my_ts = my_ts_list->create_enumerator(my_ts_list); while (e_my_ts->enumerate(e_my_ts, &my_ts)) @@ -110,25 +115,37 @@ static bool install_shunt_policy(child_cfg_t *child) continue; } /* install out policy */ - status |= charon->kernel->add_policy(charon->kernel, - host_any, host_any, - my_ts, other_ts, POLICY_OUT, policy_type, - &sa, child->get_mark(child, FALSE), - policy_prio); - + kernel_ipsec_policy_id_t id = { + .dir = POLICY_OUT, + .src_ts = my_ts, + .dst_ts = other_ts, + .mark = child->get_mark(child, FALSE), + .interface = interface, + }; + kernel_ipsec_manage_policy_t policy = { + .type = policy_type, + .prio = policy_prio, + .manual_prio = manual_prio, + .src = host_any, + .dst = host_any, + .sa = &sa, + }; + status |= charon->kernel->add_policy(charon->kernel, &id, &policy); + /* install "outbound" forward policy */ + id.dir = POLICY_FWD; + status |= charon->kernel->add_policy(charon->kernel, &id, &policy); /* install in policy */ - status |= charon->kernel->add_policy(charon->kernel, - host_any, host_any, - other_ts, my_ts, POLICY_IN, policy_type, - &sa, child->get_mark(child, TRUE), - policy_prio); - - /* install forward policy */ - status |= charon->kernel->add_policy(charon->kernel, - host_any, host_any, - other_ts, my_ts, POLICY_FWD, policy_type, - &sa, child->get_mark(child, TRUE), - policy_prio); + id = (kernel_ipsec_policy_id_t){ + .dir = POLICY_IN, + .src_ts = other_ts, + .dst_ts = my_ts, + .mark = child->get_mark(child, TRUE), + .interface = interface, + }; + status |= charon->kernel->add_policy(charon->kernel, &id, &policy); + /* install "inbound" forward policy */ + id.dir = POLICY_FWD; + status |= charon->kernel->add_policy(charon->kernel, &id, &policy); } e_other_ts->destroy(e_other_ts); } @@ -205,6 +222,8 @@ static void uninstall_shunt_policy(child_cfg_t *child) policy_type_t policy_type; policy_priority_t policy_prio; status_t status = SUCCESS; + uint32_t manual_prio; + char *interface; ipsec_sa_cfg_t sa = { .mode = MODE_TRANSPORT }; switch (child->get_mode(child)) @@ -229,6 +248,9 @@ static void uninstall_shunt_policy(child_cfg_t *child) other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts); hosts->destroy(hosts); + manual_prio = child->get_manual_prio(child); + interface = child->get_interface(child); + /* enumerate pairs of traffic selectors */ e_my_ts = my_ts_list->create_enumerator(my_ts_list); while (e_my_ts->enumerate(e_my_ts, &my_ts)) @@ -247,25 +269,37 @@ static void uninstall_shunt_policy(child_cfg_t *child) continue; } /* uninstall out policy */ - status |= charon->kernel->del_policy(charon->kernel, - host_any, host_any, - my_ts, other_ts, POLICY_OUT, policy_type, - &sa, child->get_mark(child, FALSE), - policy_prio); - + kernel_ipsec_policy_id_t id = { + .dir = POLICY_OUT, + .src_ts = my_ts, + .dst_ts = other_ts, + .mark = child->get_mark(child, FALSE), + .interface = interface, + }; + kernel_ipsec_manage_policy_t policy = { + .type = policy_type, + .prio = policy_prio, + .manual_prio = manual_prio, + .src = host_any, + .dst = host_any, + .sa = &sa, + }; + status |= charon->kernel->del_policy(charon->kernel, &id, &policy); + /* uninstall "outbound" forward policy */ + id.dir = POLICY_FWD; + status |= charon->kernel->del_policy(charon->kernel, &id, &policy); /* uninstall in policy */ - status |= charon->kernel->del_policy(charon->kernel, - host_any, host_any, - other_ts, my_ts, POLICY_IN, policy_type, - &sa, child->get_mark(child, TRUE), - policy_prio); - - /* uninstall forward policy */ - status |= charon->kernel->del_policy(charon->kernel, - host_any, host_any, - other_ts, my_ts, POLICY_FWD, policy_type, - &sa, child->get_mark(child, TRUE), - policy_prio); + id = (kernel_ipsec_policy_id_t){ + .dir = POLICY_IN, + .src_ts = other_ts, + .dst_ts = my_ts, + .mark = child->get_mark(child, TRUE), + .interface = interface, + }; + status |= charon->kernel->del_policy(charon->kernel, &id, &policy); + /* uninstall "inbound" forward policy */ + id.dir = POLICY_FWD; + status |= charon->kernel->del_policy(charon->kernel, &id, &policy); } e_other_ts->destroy(e_other_ts); } diff --git a/src/libcharon/sa/task_manager.h b/src/libcharon/sa/task_manager.h index e7a6bf463..86077d373 100644 --- a/src/libcharon/sa/task_manager.h +++ b/src/libcharon/sa/task_manager.h @@ -1,6 +1,7 @@ /* + * Copyright (C) 2013-2016 Tobias Brunner * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -122,7 +123,17 @@ struct task_manager_t { * * @param task task to queue */ - void (*queue_task) (task_manager_t *this, task_t *task); + void (*queue_task)(task_manager_t *this, task_t *task); + + /** + * Queue a task in the manager, but delay its initiation for at least the + * given number of seconds. + * + * @param task task to queue + * @param delay minimum delay in s before initiating the task + */ + void (*queue_task_delayed)(task_manager_t *this, task_t *task, + uint32_t delay); /** * Queue IKE_SA establishing tasks. @@ -160,7 +171,7 @@ struct task_manager_t { * @param tsi initiator traffic selector, if packet-triggered * @param tsr responder traffic selector, if packet-triggered */ - void (*queue_child)(task_manager_t *this, child_cfg_t *cfg, u_int32_t reqid, + void (*queue_child)(task_manager_t *this, child_cfg_t *cfg, uint32_t reqid, traffic_selector_t *tsi, traffic_selector_t *tsr); /** @@ -170,7 +181,7 @@ struct task_manager_t { * @param spi CHILD_SA SPI to rekey */ void (*queue_child_rekey)(task_manager_t *this, protocol_id_t protocol, - u_int32_t spi); + uint32_t spi); /** * Queue CHILD_SA delete tasks. @@ -180,7 +191,7 @@ struct task_manager_t { * @param expired TRUE if SA already expired */ void (*queue_child_delete)(task_manager_t *this, protocol_id_t protocol, - u_int32_t spi, bool expired); + uint32_t spi, bool expired); /** * Queue liveness checking tasks. @@ -199,7 +210,7 @@ struct task_manager_t { * - INVALID_STATE if retransmission not required * - SUCCESS if retransmission sent */ - status_t (*retransmit) (task_manager_t *this, u_int32_t message_id); + status_t (*retransmit) (task_manager_t *this, uint32_t message_id); /** * Migrate all queued tasks from other to this. @@ -242,7 +253,7 @@ struct task_manager_t { * @param initiate message ID / DPD seq to initiate exchanges (send) * @param respond message ID / DPD seq to respond to exchanges (expect) */ - void (*reset) (task_manager_t *this, u_int32_t initiate, u_int32_t respond); + void (*reset) (task_manager_t *this, uint32_t initiate, uint32_t respond); /** * Check if we are currently waiting for a reply. diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c index 85e220775..40a0682f2 100644 --- a/src/libcharon/sa/trap_manager.c +++ b/src/libcharon/sa/trap_manager.c @@ -115,7 +115,7 @@ typedef struct { /** pending IKE_SA connecting upon acquire */ ike_sa_t *ike_sa; /** reqid of pending trap policy */ - u_int32_t reqid; + uint32_t reqid; /** destination address (wildcard case) */ host_t *dst; } acquire_t; @@ -143,7 +143,7 @@ static void destroy_acquire(acquire_t *this) /** * match an acquire entry by reqid */ -static bool acquire_by_reqid(acquire_t *this, u_int32_t *reqid) +static bool acquire_by_reqid(acquire_t *this, uint32_t *reqid) { return this->reqid == *reqid; } @@ -156,9 +156,9 @@ static bool acquire_by_dst(acquire_t *this, host_t *dst) return this->dst && this->dst->ip_equals(this->dst, dst); } -METHOD(trap_manager_t, install, u_int32_t, +METHOD(trap_manager_t, install, uint32_t, private_trap_manager_t *this, peer_cfg_t *peer, child_cfg_t *child, - u_int32_t reqid) + uint32_t reqid) { entry_t *entry, *found = NULL; ike_cfg_t *ike_cfg; @@ -197,9 +197,7 @@ METHOD(trap_manager_t, install, u_int32_t, me = charon->kernel->get_source_addr(charon->kernel, other, NULL); if (!me) { - DBG1(DBG_CFG, "installing trap failed, local address unknown"); - other->destroy(other); - return 0; + me = host_create_any(other->get_family(other)); } me->set_port(me, ike_cfg->get_my_port(ike_cfg)); } @@ -307,7 +305,7 @@ METHOD(trap_manager_t, install, u_int32_t, } METHOD(trap_manager_t, uninstall, bool, - private_trap_manager_t *this, u_int32_t reqid) + private_trap_manager_t *this, uint32_t reqid) { enumerator_t *enumerator; entry_t *entry, *found = NULL; @@ -366,12 +364,12 @@ METHOD(trap_manager_t, create_enumerator, enumerator_t*, (void*)this->lock->unlock); } -METHOD(trap_manager_t, find_reqid, u_int32_t, +METHOD(trap_manager_t, find_reqid, uint32_t, private_trap_manager_t *this, child_cfg_t *child) { enumerator_t *enumerator; entry_t *entry; - u_int32_t reqid = 0; + uint32_t reqid = 0; this->lock->read_lock(this->lock); enumerator = this->traps->create_enumerator(this->traps); @@ -392,7 +390,7 @@ METHOD(trap_manager_t, find_reqid, u_int32_t, } METHOD(trap_manager_t, acquire, void, - private_trap_manager_t *this, u_int32_t reqid, + private_trap_manager_t *this, uint32_t reqid, traffic_selector_t *src, traffic_selector_t *dst) { enumerator_t *enumerator; @@ -430,7 +428,7 @@ METHOD(trap_manager_t, acquire, void, if (wildcard) { /* for wildcard acquires we check that we don't have a pending acquire * with the same peer */ - u_int8_t mask; + uint8_t mask; dst->to_subnet(dst, &host, &mask); if (this->acquires->find_first(this->acquires, (void*)acquire_by_dst, @@ -483,8 +481,8 @@ METHOD(trap_manager_t, acquire, void, if (ike_sa) { ike_cfg_t *ike_cfg; - u_int16_t port; - u_int8_t mask; + uint16_t port; + uint8_t mask; ike_sa->set_peer_cfg(ike_sa, peer); ike_cfg = ike_sa->get_ike_cfg(ike_sa); diff --git a/src/libcharon/sa/trap_manager.h b/src/libcharon/sa/trap_manager.h index 0491107fd..083ea3dbf 100644 --- a/src/libcharon/sa/trap_manager.h +++ b/src/libcharon/sa/trap_manager.h @@ -40,8 +40,8 @@ struct trap_manager_t { * @param reqid optional reqid to use * @return reqid of installed CHILD_SA, 0 if failed */ - u_int32_t (*install)(trap_manager_t *this, peer_cfg_t *peer, - child_cfg_t *child, u_int32_t reqid); + uint32_t (*install)(trap_manager_t *this, peer_cfg_t *peer, + child_cfg_t *child, uint32_t reqid); /** * Uninstall a trap policy. @@ -49,7 +49,7 @@ struct trap_manager_t { * @param id reqid of CHILD_SA to uninstall, returned by install() * @return TRUE if uninstalled successfully */ - bool (*uninstall)(trap_manager_t *this, u_int32_t reqid); + bool (*uninstall)(trap_manager_t *this, uint32_t reqid); /** * Create an enumerator over all installed traps. @@ -64,7 +64,7 @@ struct trap_manager_t { * @param child CHILD_SA config to get the reqid for * @return reqid of trap, 0 if not found */ - u_int32_t (*find_reqid)(trap_manager_t *this, child_cfg_t *child); + uint32_t (*find_reqid)(trap_manager_t *this, child_cfg_t *child); /** * Acquire an SA triggered by an installed trap. @@ -73,7 +73,7 @@ struct trap_manager_t { * @param src source of the triggering packet * @param dst destination of the triggering packet */ - void (*acquire)(trap_manager_t *this, u_int32_t reqid, + void (*acquire)(trap_manager_t *this, uint32_t reqid, traffic_selector_t *src, traffic_selector_t *dst); /** diff --git a/src/libcharon/tests/Makefile.am b/src/libcharon/tests/Makefile.am index 0589269aa..b8670246b 100644 --- a/src/libcharon/tests/Makefile.am +++ b/src/libcharon/tests/Makefile.am @@ -1,8 +1,9 @@ -TESTS = libcharon_tests +TESTS = libcharon_tests exchange_tests check_PROGRAMS = $(TESTS) libcharon_tests_SOURCES = \ + suites/test_proposal.c \ suites/test_ike_cfg.c \ suites/test_mem_pool.c \ suites/test_message_chapoly.c \ @@ -21,3 +22,34 @@ libcharon_tests_LDADD = \ $(top_builddir)/src/libcharon/libcharon.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libstrongswan/tests/libtest.la + + +exchange_tests_SOURCES = \ + suites/test_child_create.c \ + suites/test_child_delete.c \ + suites/test_child_rekey.c \ + suites/test_ike_delete.c \ + suites/test_ike_rekey.c \ + utils/exchange_test_asserts.h utils/exchange_test_asserts.c \ + utils/exchange_test_helper.h utils/exchange_test_helper.c \ + utils/job_asserts.h \ + utils/mock_dh.h utils/mock_dh.c \ + utils/mock_ipsec.h utils/mock_ipsec.c \ + utils/mock_nonce_gen.h utils/mock_nonce_gen.c \ + utils/mock_sender.h utils/mock_sender.c \ + utils/sa_asserts.h \ + exchange_tests.h exchange_tests.c + +exchange_tests_CFLAGS = \ + -I$(top_srcdir)/src/libcharon \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libstrongswan/tests \ + -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \ + -DPLUGINS=\""${s_plugins}\"" \ + @COVERAGE_CFLAGS@ + +exchange_tests_LDFLAGS = @COVERAGE_LDFLAGS@ +exchange_tests_LDADD = \ + $(top_builddir)/src/libcharon/libcharon.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libstrongswan/tests/libtest.la diff --git a/src/libcharon/tests/Makefile.in b/src/libcharon/tests/Makefile.in index 87dea161a..7a0d34292 100644 --- a/src/libcharon/tests/Makefile.in +++ b/src/libcharon/tests/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -77,11 +87,9 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -TESTS = libcharon_tests$(EXEEXT) +TESTS = libcharon_tests$(EXEEXT) exchange_tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = src/libcharon/tests -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,13 +103,41 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = -am__EXEEXT_1 = libcharon_tests$(EXEEXT) +am__EXEEXT_1 = libcharon_tests$(EXEEXT) exchange_tests$(EXEEXT) am__dirstamp = $(am__leading_dot)dirstamp +am_exchange_tests_OBJECTS = \ + suites/exchange_tests-test_child_create.$(OBJEXT) \ + suites/exchange_tests-test_child_delete.$(OBJEXT) \ + suites/exchange_tests-test_child_rekey.$(OBJEXT) \ + suites/exchange_tests-test_ike_delete.$(OBJEXT) \ + suites/exchange_tests-test_ike_rekey.$(OBJEXT) \ + utils/exchange_tests-exchange_test_asserts.$(OBJEXT) \ + utils/exchange_tests-exchange_test_helper.$(OBJEXT) \ + utils/exchange_tests-mock_dh.$(OBJEXT) \ + utils/exchange_tests-mock_ipsec.$(OBJEXT) \ + utils/exchange_tests-mock_nonce_gen.$(OBJEXT) \ + utils/exchange_tests-mock_sender.$(OBJEXT) \ + exchange_tests-exchange_tests.$(OBJEXT) +exchange_tests_OBJECTS = $(am_exchange_tests_OBJECTS) +exchange_tests_DEPENDENCIES = \ + $(top_builddir)/src/libcharon/libcharon.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libstrongswan/tests/libtest.la +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +exchange_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(exchange_tests_CFLAGS) $(CFLAGS) $(exchange_tests_LDFLAGS) \ + $(LDFLAGS) -o $@ am_libcharon_tests_OBJECTS = \ + suites/libcharon_tests-test_proposal.$(OBJEXT) \ suites/libcharon_tests-test_ike_cfg.$(OBJEXT) \ suites/libcharon_tests-test_mem_pool.$(OBJEXT) \ suites/libcharon_tests-test_message_chapoly.$(OBJEXT) \ @@ -111,10 +147,6 @@ libcharon_tests_DEPENDENCIES = \ $(top_builddir)/src/libcharon/libcharon.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libstrongswan/tests/libtest.la -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = libcharon_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(libcharon_tests_CFLAGS) $(CFLAGS) $(libcharon_tests_LDFLAGS) \ @@ -153,8 +185,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = -SOURCES = $(libcharon_tests_SOURCES) -DIST_SOURCES = $(libcharon_tests_SOURCES) +SOURCES = $(exchange_tests_SOURCES) $(libcharon_tests_SOURCES) +DIST_SOURCES = $(exchange_tests_SOURCES) $(libcharon_tests_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -201,12 +233,14 @@ am__tty_colors = { \ std=''; \ fi; \ } +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +290,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +325,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +437,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -430,6 +467,7 @@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ libcharon_tests_SOURCES = \ + suites/test_proposal.c \ suites/test_ike_cfg.c \ suites/test_mem_pool.c \ suites/test_message_chapoly.c \ @@ -449,6 +487,36 @@ libcharon_tests_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libstrongswan/tests/libtest.la +exchange_tests_SOURCES = \ + suites/test_child_create.c \ + suites/test_child_delete.c \ + suites/test_child_rekey.c \ + suites/test_ike_delete.c \ + suites/test_ike_rekey.c \ + utils/exchange_test_asserts.h utils/exchange_test_asserts.c \ + utils/exchange_test_helper.h utils/exchange_test_helper.c \ + utils/job_asserts.h \ + utils/mock_dh.h utils/mock_dh.c \ + utils/mock_ipsec.h utils/mock_ipsec.c \ + utils/mock_nonce_gen.h utils/mock_nonce_gen.c \ + utils/mock_sender.h utils/mock_sender.c \ + utils/sa_asserts.h \ + exchange_tests.h exchange_tests.c + +exchange_tests_CFLAGS = \ + -I$(top_srcdir)/src/libcharon \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libstrongswan/tests \ + -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \ + -DPLUGINS=\""${s_plugins}\"" \ + @COVERAGE_CFLAGS@ + +exchange_tests_LDFLAGS = @COVERAGE_LDFLAGS@ +exchange_tests_LDADD = \ + $(top_builddir)/src/libcharon/libcharon.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libstrongswan/tests/libtest.la + all: all-am .SUFFIXES: @@ -465,7 +533,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/tests/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/tests/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -498,6 +565,40 @@ suites/$(am__dirstamp): suites/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) suites/$(DEPDIR) @: > suites/$(DEPDIR)/$(am__dirstamp) +suites/exchange_tests-test_child_create.$(OBJEXT): \ + suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) +suites/exchange_tests-test_child_delete.$(OBJEXT): \ + suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) +suites/exchange_tests-test_child_rekey.$(OBJEXT): \ + suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) +suites/exchange_tests-test_ike_delete.$(OBJEXT): \ + suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) +suites/exchange_tests-test_ike_rekey.$(OBJEXT): \ + suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) +utils/$(am__dirstamp): + @$(MKDIR_P) utils + @: > utils/$(am__dirstamp) +utils/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) utils/$(DEPDIR) + @: > utils/$(DEPDIR)/$(am__dirstamp) +utils/exchange_tests-exchange_test_asserts.$(OBJEXT): \ + utils/$(am__dirstamp) utils/$(DEPDIR)/$(am__dirstamp) +utils/exchange_tests-exchange_test_helper.$(OBJEXT): \ + utils/$(am__dirstamp) utils/$(DEPDIR)/$(am__dirstamp) +utils/exchange_tests-mock_dh.$(OBJEXT): utils/$(am__dirstamp) \ + utils/$(DEPDIR)/$(am__dirstamp) +utils/exchange_tests-mock_ipsec.$(OBJEXT): utils/$(am__dirstamp) \ + utils/$(DEPDIR)/$(am__dirstamp) +utils/exchange_tests-mock_nonce_gen.$(OBJEXT): utils/$(am__dirstamp) \ + utils/$(DEPDIR)/$(am__dirstamp) +utils/exchange_tests-mock_sender.$(OBJEXT): utils/$(am__dirstamp) \ + utils/$(DEPDIR)/$(am__dirstamp) + +exchange_tests$(EXEEXT): $(exchange_tests_OBJECTS) $(exchange_tests_DEPENDENCIES) $(EXTRA_exchange_tests_DEPENDENCIES) + @rm -f exchange_tests$(EXEEXT) + $(AM_V_CCLD)$(exchange_tests_LINK) $(exchange_tests_OBJECTS) $(exchange_tests_LDADD) $(LIBS) +suites/libcharon_tests-test_proposal.$(OBJEXT): \ + suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) suites/libcharon_tests-test_ike_cfg.$(OBJEXT): suites/$(am__dirstamp) \ suites/$(DEPDIR)/$(am__dirstamp) suites/libcharon_tests-test_mem_pool.$(OBJEXT): \ @@ -512,14 +613,28 @@ libcharon_tests$(EXEEXT): $(libcharon_tests_OBJECTS) $(libcharon_tests_DEPENDENC mostlyclean-compile: -rm -f *.$(OBJEXT) -rm -f suites/*.$(OBJEXT) + -rm -f utils/*.$(OBJEXT) distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/exchange_tests-exchange_tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcharon_tests-libcharon_tests.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/exchange_tests-test_child_create.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/exchange_tests-test_child_delete.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/exchange_tests-test_child_rekey.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/exchange_tests-test_ike_delete.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/exchange_tests-test_ike_rekey.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_ike_cfg.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_mem_pool.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_message_chapoly.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_proposal.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_dh.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_ipsec.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_sender.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ @@ -545,6 +660,188 @@ distclean-compile: @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< +suites/exchange_tests-test_child_create.o: suites/test_child_create.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_child_create.o -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_child_create.Tpo -c -o suites/exchange_tests-test_child_create.o `test -f 'suites/test_child_create.c' || echo '$(srcdir)/'`suites/test_child_create.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_child_create.Tpo suites/$(DEPDIR)/exchange_tests-test_child_create.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_child_create.c' object='suites/exchange_tests-test_child_create.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_child_create.o `test -f 'suites/test_child_create.c' || echo '$(srcdir)/'`suites/test_child_create.c + +suites/exchange_tests-test_child_create.obj: suites/test_child_create.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_child_create.obj -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_child_create.Tpo -c -o suites/exchange_tests-test_child_create.obj `if test -f 'suites/test_child_create.c'; then $(CYGPATH_W) 'suites/test_child_create.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_child_create.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_child_create.Tpo suites/$(DEPDIR)/exchange_tests-test_child_create.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_child_create.c' object='suites/exchange_tests-test_child_create.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_child_create.obj `if test -f 'suites/test_child_create.c'; then $(CYGPATH_W) 'suites/test_child_create.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_child_create.c'; fi` + +suites/exchange_tests-test_child_delete.o: suites/test_child_delete.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_child_delete.o -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_child_delete.Tpo -c -o suites/exchange_tests-test_child_delete.o `test -f 'suites/test_child_delete.c' || echo '$(srcdir)/'`suites/test_child_delete.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_child_delete.Tpo suites/$(DEPDIR)/exchange_tests-test_child_delete.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_child_delete.c' object='suites/exchange_tests-test_child_delete.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_child_delete.o `test -f 'suites/test_child_delete.c' || echo '$(srcdir)/'`suites/test_child_delete.c + +suites/exchange_tests-test_child_delete.obj: suites/test_child_delete.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_child_delete.obj -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_child_delete.Tpo -c -o suites/exchange_tests-test_child_delete.obj `if test -f 'suites/test_child_delete.c'; then $(CYGPATH_W) 'suites/test_child_delete.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_child_delete.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_child_delete.Tpo suites/$(DEPDIR)/exchange_tests-test_child_delete.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_child_delete.c' object='suites/exchange_tests-test_child_delete.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_child_delete.obj `if test -f 'suites/test_child_delete.c'; then $(CYGPATH_W) 'suites/test_child_delete.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_child_delete.c'; fi` + +suites/exchange_tests-test_child_rekey.o: suites/test_child_rekey.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_child_rekey.o -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_child_rekey.Tpo -c -o suites/exchange_tests-test_child_rekey.o `test -f 'suites/test_child_rekey.c' || echo '$(srcdir)/'`suites/test_child_rekey.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_child_rekey.Tpo suites/$(DEPDIR)/exchange_tests-test_child_rekey.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_child_rekey.c' object='suites/exchange_tests-test_child_rekey.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_child_rekey.o `test -f 'suites/test_child_rekey.c' || echo '$(srcdir)/'`suites/test_child_rekey.c + +suites/exchange_tests-test_child_rekey.obj: suites/test_child_rekey.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_child_rekey.obj -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_child_rekey.Tpo -c -o suites/exchange_tests-test_child_rekey.obj `if test -f 'suites/test_child_rekey.c'; then $(CYGPATH_W) 'suites/test_child_rekey.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_child_rekey.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_child_rekey.Tpo suites/$(DEPDIR)/exchange_tests-test_child_rekey.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_child_rekey.c' object='suites/exchange_tests-test_child_rekey.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_child_rekey.obj `if test -f 'suites/test_child_rekey.c'; then $(CYGPATH_W) 'suites/test_child_rekey.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_child_rekey.c'; fi` + +suites/exchange_tests-test_ike_delete.o: suites/test_ike_delete.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_ike_delete.o -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_ike_delete.Tpo -c -o suites/exchange_tests-test_ike_delete.o `test -f 'suites/test_ike_delete.c' || echo '$(srcdir)/'`suites/test_ike_delete.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_ike_delete.Tpo suites/$(DEPDIR)/exchange_tests-test_ike_delete.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ike_delete.c' object='suites/exchange_tests-test_ike_delete.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_ike_delete.o `test -f 'suites/test_ike_delete.c' || echo '$(srcdir)/'`suites/test_ike_delete.c + +suites/exchange_tests-test_ike_delete.obj: suites/test_ike_delete.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_ike_delete.obj -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_ike_delete.Tpo -c -o suites/exchange_tests-test_ike_delete.obj `if test -f 'suites/test_ike_delete.c'; then $(CYGPATH_W) 'suites/test_ike_delete.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ike_delete.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_ike_delete.Tpo suites/$(DEPDIR)/exchange_tests-test_ike_delete.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ike_delete.c' object='suites/exchange_tests-test_ike_delete.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_ike_delete.obj `if test -f 'suites/test_ike_delete.c'; then $(CYGPATH_W) 'suites/test_ike_delete.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ike_delete.c'; fi` + +suites/exchange_tests-test_ike_rekey.o: suites/test_ike_rekey.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_ike_rekey.o -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_ike_rekey.Tpo -c -o suites/exchange_tests-test_ike_rekey.o `test -f 'suites/test_ike_rekey.c' || echo '$(srcdir)/'`suites/test_ike_rekey.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_ike_rekey.Tpo suites/$(DEPDIR)/exchange_tests-test_ike_rekey.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ike_rekey.c' object='suites/exchange_tests-test_ike_rekey.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_ike_rekey.o `test -f 'suites/test_ike_rekey.c' || echo '$(srcdir)/'`suites/test_ike_rekey.c + +suites/exchange_tests-test_ike_rekey.obj: suites/test_ike_rekey.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_ike_rekey.obj -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_ike_rekey.Tpo -c -o suites/exchange_tests-test_ike_rekey.obj `if test -f 'suites/test_ike_rekey.c'; then $(CYGPATH_W) 'suites/test_ike_rekey.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ike_rekey.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_ike_rekey.Tpo suites/$(DEPDIR)/exchange_tests-test_ike_rekey.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ike_rekey.c' object='suites/exchange_tests-test_ike_rekey.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_ike_rekey.obj `if test -f 'suites/test_ike_rekey.c'; then $(CYGPATH_W) 'suites/test_ike_rekey.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ike_rekey.c'; fi` + +utils/exchange_tests-exchange_test_asserts.o: utils/exchange_test_asserts.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-exchange_test_asserts.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Tpo -c -o utils/exchange_tests-exchange_test_asserts.o `test -f 'utils/exchange_test_asserts.c' || echo '$(srcdir)/'`utils/exchange_test_asserts.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Tpo utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/exchange_test_asserts.c' object='utils/exchange_tests-exchange_test_asserts.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-exchange_test_asserts.o `test -f 'utils/exchange_test_asserts.c' || echo '$(srcdir)/'`utils/exchange_test_asserts.c + +utils/exchange_tests-exchange_test_asserts.obj: utils/exchange_test_asserts.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-exchange_test_asserts.obj -MD -MP -MF utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Tpo -c -o utils/exchange_tests-exchange_test_asserts.obj `if test -f 'utils/exchange_test_asserts.c'; then $(CYGPATH_W) 'utils/exchange_test_asserts.c'; else $(CYGPATH_W) '$(srcdir)/utils/exchange_test_asserts.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Tpo utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/exchange_test_asserts.c' object='utils/exchange_tests-exchange_test_asserts.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-exchange_test_asserts.obj `if test -f 'utils/exchange_test_asserts.c'; then $(CYGPATH_W) 'utils/exchange_test_asserts.c'; else $(CYGPATH_W) '$(srcdir)/utils/exchange_test_asserts.c'; fi` + +utils/exchange_tests-exchange_test_helper.o: utils/exchange_test_helper.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-exchange_test_helper.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Tpo -c -o utils/exchange_tests-exchange_test_helper.o `test -f 'utils/exchange_test_helper.c' || echo '$(srcdir)/'`utils/exchange_test_helper.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Tpo utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/exchange_test_helper.c' object='utils/exchange_tests-exchange_test_helper.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-exchange_test_helper.o `test -f 'utils/exchange_test_helper.c' || echo '$(srcdir)/'`utils/exchange_test_helper.c + +utils/exchange_tests-exchange_test_helper.obj: utils/exchange_test_helper.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-exchange_test_helper.obj -MD -MP -MF utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Tpo -c -o utils/exchange_tests-exchange_test_helper.obj `if test -f 'utils/exchange_test_helper.c'; then $(CYGPATH_W) 'utils/exchange_test_helper.c'; else $(CYGPATH_W) '$(srcdir)/utils/exchange_test_helper.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Tpo utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/exchange_test_helper.c' object='utils/exchange_tests-exchange_test_helper.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-exchange_test_helper.obj `if test -f 'utils/exchange_test_helper.c'; then $(CYGPATH_W) 'utils/exchange_test_helper.c'; else $(CYGPATH_W) '$(srcdir)/utils/exchange_test_helper.c'; fi` + +utils/exchange_tests-mock_dh.o: utils/mock_dh.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_dh.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_dh.Tpo -c -o utils/exchange_tests-mock_dh.o `test -f 'utils/mock_dh.c' || echo '$(srcdir)/'`utils/mock_dh.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_dh.Tpo utils/$(DEPDIR)/exchange_tests-mock_dh.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_dh.c' object='utils/exchange_tests-mock_dh.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_dh.o `test -f 'utils/mock_dh.c' || echo '$(srcdir)/'`utils/mock_dh.c + +utils/exchange_tests-mock_dh.obj: utils/mock_dh.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_dh.obj -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_dh.Tpo -c -o utils/exchange_tests-mock_dh.obj `if test -f 'utils/mock_dh.c'; then $(CYGPATH_W) 'utils/mock_dh.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_dh.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_dh.Tpo utils/$(DEPDIR)/exchange_tests-mock_dh.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_dh.c' object='utils/exchange_tests-mock_dh.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_dh.obj `if test -f 'utils/mock_dh.c'; then $(CYGPATH_W) 'utils/mock_dh.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_dh.c'; fi` + +utils/exchange_tests-mock_ipsec.o: utils/mock_ipsec.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_ipsec.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_ipsec.Tpo -c -o utils/exchange_tests-mock_ipsec.o `test -f 'utils/mock_ipsec.c' || echo '$(srcdir)/'`utils/mock_ipsec.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_ipsec.Tpo utils/$(DEPDIR)/exchange_tests-mock_ipsec.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_ipsec.c' object='utils/exchange_tests-mock_ipsec.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_ipsec.o `test -f 'utils/mock_ipsec.c' || echo '$(srcdir)/'`utils/mock_ipsec.c + +utils/exchange_tests-mock_ipsec.obj: utils/mock_ipsec.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_ipsec.obj -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_ipsec.Tpo -c -o utils/exchange_tests-mock_ipsec.obj `if test -f 'utils/mock_ipsec.c'; then $(CYGPATH_W) 'utils/mock_ipsec.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_ipsec.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_ipsec.Tpo utils/$(DEPDIR)/exchange_tests-mock_ipsec.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_ipsec.c' object='utils/exchange_tests-mock_ipsec.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_ipsec.obj `if test -f 'utils/mock_ipsec.c'; then $(CYGPATH_W) 'utils/mock_ipsec.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_ipsec.c'; fi` + +utils/exchange_tests-mock_nonce_gen.o: utils/mock_nonce_gen.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_nonce_gen.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Tpo -c -o utils/exchange_tests-mock_nonce_gen.o `test -f 'utils/mock_nonce_gen.c' || echo '$(srcdir)/'`utils/mock_nonce_gen.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Tpo utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_nonce_gen.c' object='utils/exchange_tests-mock_nonce_gen.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_nonce_gen.o `test -f 'utils/mock_nonce_gen.c' || echo '$(srcdir)/'`utils/mock_nonce_gen.c + +utils/exchange_tests-mock_nonce_gen.obj: utils/mock_nonce_gen.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_nonce_gen.obj -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Tpo -c -o utils/exchange_tests-mock_nonce_gen.obj `if test -f 'utils/mock_nonce_gen.c'; then $(CYGPATH_W) 'utils/mock_nonce_gen.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_nonce_gen.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Tpo utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_nonce_gen.c' object='utils/exchange_tests-mock_nonce_gen.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_nonce_gen.obj `if test -f 'utils/mock_nonce_gen.c'; then $(CYGPATH_W) 'utils/mock_nonce_gen.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_nonce_gen.c'; fi` + +utils/exchange_tests-mock_sender.o: utils/mock_sender.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_sender.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_sender.Tpo -c -o utils/exchange_tests-mock_sender.o `test -f 'utils/mock_sender.c' || echo '$(srcdir)/'`utils/mock_sender.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_sender.Tpo utils/$(DEPDIR)/exchange_tests-mock_sender.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_sender.c' object='utils/exchange_tests-mock_sender.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_sender.o `test -f 'utils/mock_sender.c' || echo '$(srcdir)/'`utils/mock_sender.c + +utils/exchange_tests-mock_sender.obj: utils/mock_sender.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_sender.obj -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_sender.Tpo -c -o utils/exchange_tests-mock_sender.obj `if test -f 'utils/mock_sender.c'; then $(CYGPATH_W) 'utils/mock_sender.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_sender.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_sender.Tpo utils/$(DEPDIR)/exchange_tests-mock_sender.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_sender.c' object='utils/exchange_tests-mock_sender.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_sender.obj `if test -f 'utils/mock_sender.c'; then $(CYGPATH_W) 'utils/mock_sender.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_sender.c'; fi` + +exchange_tests-exchange_tests.o: exchange_tests.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT exchange_tests-exchange_tests.o -MD -MP -MF $(DEPDIR)/exchange_tests-exchange_tests.Tpo -c -o exchange_tests-exchange_tests.o `test -f 'exchange_tests.c' || echo '$(srcdir)/'`exchange_tests.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/exchange_tests-exchange_tests.Tpo $(DEPDIR)/exchange_tests-exchange_tests.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='exchange_tests.c' object='exchange_tests-exchange_tests.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o exchange_tests-exchange_tests.o `test -f 'exchange_tests.c' || echo '$(srcdir)/'`exchange_tests.c + +exchange_tests-exchange_tests.obj: exchange_tests.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT exchange_tests-exchange_tests.obj -MD -MP -MF $(DEPDIR)/exchange_tests-exchange_tests.Tpo -c -o exchange_tests-exchange_tests.obj `if test -f 'exchange_tests.c'; then $(CYGPATH_W) 'exchange_tests.c'; else $(CYGPATH_W) '$(srcdir)/exchange_tests.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/exchange_tests-exchange_tests.Tpo $(DEPDIR)/exchange_tests-exchange_tests.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='exchange_tests.c' object='exchange_tests-exchange_tests.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o exchange_tests-exchange_tests.obj `if test -f 'exchange_tests.c'; then $(CYGPATH_W) 'exchange_tests.c'; else $(CYGPATH_W) '$(srcdir)/exchange_tests.c'; fi` + +suites/libcharon_tests-test_proposal.o: suites/test_proposal.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -MT suites/libcharon_tests-test_proposal.o -MD -MP -MF suites/$(DEPDIR)/libcharon_tests-test_proposal.Tpo -c -o suites/libcharon_tests-test_proposal.o `test -f 'suites/test_proposal.c' || echo '$(srcdir)/'`suites/test_proposal.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libcharon_tests-test_proposal.Tpo suites/$(DEPDIR)/libcharon_tests-test_proposal.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_proposal.c' object='suites/libcharon_tests-test_proposal.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -c -o suites/libcharon_tests-test_proposal.o `test -f 'suites/test_proposal.c' || echo '$(srcdir)/'`suites/test_proposal.c + +suites/libcharon_tests-test_proposal.obj: suites/test_proposal.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -MT suites/libcharon_tests-test_proposal.obj -MD -MP -MF suites/$(DEPDIR)/libcharon_tests-test_proposal.Tpo -c -o suites/libcharon_tests-test_proposal.obj `if test -f 'suites/test_proposal.c'; then $(CYGPATH_W) 'suites/test_proposal.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_proposal.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libcharon_tests-test_proposal.Tpo suites/$(DEPDIR)/libcharon_tests-test_proposal.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_proposal.c' object='suites/libcharon_tests-test_proposal.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -c -o suites/libcharon_tests-test_proposal.obj `if test -f 'suites/test_proposal.c'; then $(CYGPATH_W) 'suites/test_proposal.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_proposal.c'; fi` + suites/libcharon_tests-test_ike_cfg.o: suites/test_ike_cfg.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -MT suites/libcharon_tests-test_ike_cfg.o -MD -MP -MF suites/$(DEPDIR)/libcharon_tests-test_ike_cfg.Tpo -c -o suites/libcharon_tests-test_ike_cfg.o `test -f 'suites/test_ike_cfg.c' || echo '$(srcdir)/'`suites/test_ike_cfg.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libcharon_tests-test_ike_cfg.Tpo suites/$(DEPDIR)/libcharon_tests-test_ike_cfg.Po @@ -816,6 +1113,8 @@ distclean-generic: -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) -rm -f suites/$(DEPDIR)/$(am__dirstamp) -rm -f suites/$(am__dirstamp) + -rm -f utils/$(DEPDIR)/$(am__dirstamp) + -rm -f utils/$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -826,7 +1125,7 @@ clean-am: clean-checkPROGRAMS clean-generic clean-libtool \ mostlyclean-am distclean: distclean-am - -rm -rf ./$(DEPDIR) suites/$(DEPDIR) + -rm -rf ./$(DEPDIR) suites/$(DEPDIR) utils/$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -872,7 +1171,7 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) suites/$(DEPDIR) + -rm -rf ./$(DEPDIR) suites/$(DEPDIR) utils/$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -907,6 +1206,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/tests/exchange_tests.c b/src/libcharon/tests/exchange_tests.c new file mode 100644 index 000000000..eab50a875 --- /dev/null +++ b/src/libcharon/tests/exchange_tests.c @@ -0,0 +1,64 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include +#include + +#include "utils/exchange_test_helper.h" + +/* declare test suite constructors */ +#define TEST_SUITE(x) test_suite_t* x(); +#define TEST_SUITE_DEPEND(x, ...) TEST_SUITE(x) +#include "exchange_tests.h" +#undef TEST_SUITE +#undef TEST_SUITE_DEPEND + +static test_configuration_t tests[] = { +#define TEST_SUITE(x) \ + { .suite = x, }, +#define TEST_SUITE_DEPEND(x, type, ...) \ + { .suite = x, .feature = PLUGIN_DEPENDS(type, __VA_ARGS__) }, +#include "exchange_tests.h" + { .suite = NULL, } +}; + +static bool test_runner_init(bool init) +{ + if (init) + { + char *plugins, *plugindir; + + libcharon_init(); + + plugins = getenv("TESTS_PLUGINS") ?: + lib->settings->get_str(lib->settings, + "tests.load", PLUGINS); + plugindir = lib->settings->get_str(lib->settings, + "tests.plugindir", PLUGINDIR); + plugin_loader_add_plugindirs(plugindir, plugins); + exchange_test_helper_init(plugins); + } + else + { + exchange_test_helper_deinit(); + libcharon_deinit(); + } + return TRUE; +} + +int main(int argc, char *argv[]) +{ + return test_runner_run("exchanges", tests, test_runner_init); +} diff --git a/src/libcharon/tests/exchange_tests.h b/src/libcharon/tests/exchange_tests.h new file mode 100644 index 000000000..30086721f --- /dev/null +++ b/src/libcharon/tests/exchange_tests.h @@ -0,0 +1,20 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +TEST_SUITE(ike_delete_suite_create) +TEST_SUITE(ike_rekey_suite_create) +TEST_SUITE(child_create_suite_create) +TEST_SUITE(child_delete_suite_create) +TEST_SUITE(child_rekey_suite_create) diff --git a/src/libcharon/tests/libcharon_tests.c b/src/libcharon/tests/libcharon_tests.c index 4692c3094..e25e5434f 100644 --- a/src/libcharon/tests/libcharon_tests.c +++ b/src/libcharon/tests/libcharon_tests.c @@ -53,9 +53,6 @@ static bool test_runner_init(bool init) } else { - lib->processor->set_threads(lib->processor, 0); - lib->processor->cancel(lib->processor); - lib->plugins->unload(lib->plugins); libcharon_deinit(); } return TRUE; diff --git a/src/libcharon/tests/libcharon_tests.h b/src/libcharon/tests/libcharon_tests.h index fb82baccb..f770f464d 100644 --- a/src/libcharon/tests/libcharon_tests.h +++ b/src/libcharon/tests/libcharon_tests.h @@ -1,4 +1,7 @@ /* + * Copyright (C) 2014-2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * * Copyright (C) 2014 Martin Willi * Copyright (C) 2014 revosec AG * @@ -13,6 +16,15 @@ * for more details. */ +/** + * @defgroup libcharon-tests tests + * @ingroup libcharon + * + * @defgroup test_utils_c test_utils + * @ingroup libcharon-tests + */ + +TEST_SUITE(proposal_suite_create) TEST_SUITE(ike_cfg_suite_create) TEST_SUITE(mem_pool_suite_create) TEST_SUITE_DEPEND(message_chapoly_suite_create, AEAD, ENCR_CHACHA20_POLY1305, 32) diff --git a/src/libcharon/tests/suites/test_child_create.c b/src/libcharon/tests/suites/test_child_create.c new file mode 100644 index 000000000..20a47f6bf --- /dev/null +++ b/src/libcharon/tests/suites/test_child_create.c @@ -0,0 +1,106 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include +#include +#include +#include +#include + +/** + * One of the peers tries to create a new CHILD_SA while the other concurrently + * started to rekey the IKE_SA. TEMPORARY_FAILURE should be returned on both + * sides and the peers should prepare to retry. + */ +START_TEST(test_collision_ike_rekey) +{ + child_cfg_t *child_cfg; + child_cfg_create_t child = { + .mode = MODE_TUNNEL, + }; + ike_sa_t *a, *b; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + assert_hook_not_called(child_updown); + child_cfg = child_cfg_create("child", &child); + child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); + child_cfg->add_traffic_selector(child_cfg, TRUE, + traffic_selector_create_dynamic(0, 0, 65535)); + child_cfg->add_traffic_selector(child_cfg, FALSE, + traffic_selector_create_dynamic(0, 0, 65535)); + call_ikesa(a, initiate, child_cfg, 0, NULL, NULL); + assert_child_sa_count(a, 1); + assert_hook(); + + call_ikesa(b, rekey); + + /* CREATE_CHILD_SA { SA, Ni, [KEi,] TSi, TSr } --> */ + assert_hook_not_called(child_updown); + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_count(b, 1); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + assert_hook_not_called(child_updown); + assert_jobs_scheduled(1); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_count(a, 1); + assert_scheduler(); + assert_hook(); + + /* CREATE_CHILD_SA { N(TEMP_FAIL) } --> */ + assert_jobs_scheduled(1); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_ESTABLISHED); + assert_scheduler(); + + /* make sure no message was sent after handling the TEMPORARY_FAILURE and + * that the task to retry creating the CHILD_SA is queued and not active + * and it can't be initiated immediately */ + ck_assert(!exchange_test_helper->sender->dequeue(exchange_test_helper->sender)); + assert_num_tasks(a, 0, TASK_QUEUE_ACTIVE); + assert_num_tasks(a, 1, TASK_QUEUE_QUEUED); + call_ikesa(a, initiate, NULL, 0, NULL, NULL); + assert_num_tasks(a, 0, TASK_QUEUE_ACTIVE); + + assert_sa_idle(b); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +Suite *child_create_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("child create"); + + tc = tcase_create("collisions ike rekey"); + tcase_add_test(tc, test_collision_ike_rekey); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libcharon/tests/suites/test_child_delete.c b/src/libcharon/tests/suites/test_child_delete.c new file mode 100644 index 000000000..437e919c7 --- /dev/null +++ b/src/libcharon/tests/suites/test_child_delete.c @@ -0,0 +1,366 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include +#include +#include +#include +#include + +/** + * Regular CHILD_SA deletion either initiated by the original initiator or + * responder of the IKE_SA. + */ +START_TEST(test_regular) +{ + ike_sa_t *a, *b; + + if (_i) + { /* responder deletes the CHILD_SA (SPI 2) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator deletes the CHILD_SA (SPI 1) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + assert_hook_not_called(child_updown); + call_ikesa(a, delete_child_sa, PROTO_ESP, _i+1, FALSE); + assert_child_sa_state(a, _i+1, CHILD_DELETING); + assert_hook(); + + /* INFORMATIONAL { D } --> */ + assert_hook_updown(child_updown, FALSE); + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_count(b, 0); + assert_hook(); + + /* <-- INFORMATIONAL { D } */ + assert_hook_updown(child_updown, FALSE); + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_count(a, 0); + assert_hook(); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * Both peers initiate the CHILD_SA deletion concurrently and should handle + * the collision properly. + */ +START_TEST(test_collision) +{ + ike_sa_t *a, *b; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + /* both peers delete the CHILD_SA concurrently */ + assert_hook_not_called(child_updown); + call_ikesa(a, delete_child_sa, PROTO_ESP, 1, FALSE); + assert_child_sa_state(a, 1, CHILD_DELETING); + call_ikesa(b, delete_child_sa, PROTO_ESP, 2, FALSE); + assert_child_sa_state(b, 2, CHILD_DELETING); + assert_hook(); + + /* RFC 7296 says: + * + * Normally, the response in the INFORMATIONAL exchange will contain + * Delete payloads for the paired SAs going in the other direction. + * There is one exception. If, by chance, both ends of a set of SAs + * independently decide to close them, each may send a Delete payload + * and the two requests may cross in the network. If a node receives a + * delete request for SAs for which it has already issued a delete + * request, it MUST delete the outgoing SAs while processing the request + * and the incoming SAs while processing the response. In that case, + * the responses MUST NOT include Delete payloads for the deleted SAs, + * since that would result in duplicate deletion and could in theory + * delete the wrong SA. + * + * We don't handle SAs separately so we expect both are still installed, + * but the INFORMATIONAL response should not contain a DELETE payload. + */ + + /* INFORMATIONAL { D } --> */ + assert_hook_not_called(child_updown); + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_DELETING); + /* <-- INFORMATIONAL { D } */ + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_DELETING); + assert_hook(); + + /* <-- INFORMATIONAL { } */ + assert_hook_updown(child_updown, FALSE); + assert_message_empty(IN); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_count(a, 0); + assert_hook(); + /* INFORMATIONAL { } --> */ + assert_hook_updown(child_updown, FALSE); + assert_message_empty(IN); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_count(b, 0); + assert_hook(); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * This is like the collision above but one of the DELETEs is dropped or delayed + * so the other peer is not aware that there is a collision. + */ +START_TEST(test_collision_drop) +{ + ike_sa_t *a, *b; + message_t *msg; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + /* both peers delete the CHILD_SA concurrently */ + assert_hook_not_called(child_updown); + call_ikesa(a, delete_child_sa, PROTO_ESP, 1, FALSE); + assert_child_sa_state(a, 1, CHILD_DELETING); + call_ikesa(b, delete_child_sa, PROTO_ESP, 2, FALSE); + assert_child_sa_state(b, 2, CHILD_DELETING); + assert_hook(); + + /* INFORMATIONAL { D } --> */ + assert_hook_not_called(child_updown); + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_DELETING); + assert_hook(); + + /* drop/delay the responder's message */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* <-- INFORMATIONAL { } */ + assert_hook_updown(child_updown, FALSE); + assert_message_empty(IN); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_count(a, 0); + assert_hook(); + + /* <-- INFORMATIONAL { D } (delayed/retransmitted) */ + assert_hook_not_called(child_updown); + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, a, msg); + assert_hook(); + + /* INFORMATIONAL { } --> */ + assert_hook_updown(child_updown, FALSE); + assert_message_empty(IN); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_count(b, 0); + assert_hook(); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * One of the hosts initiates a rekey of the IKE_SA of the CHILD_SA the other + * peer is concurrently trying to delete. + * + * delete ----\ /---- rekey IKE + * \-----/----> detect collision + * detect collision <---------/ /---- delete + * TEMP_FAIL ----\ / + * \----/-----> + * <--------/ + */ +START_TEST(test_collision_ike_rekey) +{ + ike_sa_t *a, *b; + uint32_t spi_a = _i+1; + + if (_i) + { /* responder deletes the CHILD_SA (SPI 2) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator deletes the CHILD_SA (SPI 1) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + call_ikesa(a, delete_child_sa, PROTO_ESP, spi_a, FALSE); + assert_child_sa_state(a, spi_a, CHILD_DELETING); + call_ikesa(b, rekey); + assert_ike_sa_state(b, IKE_REKEYING); + + /* this should never get called as there is no successful rekeying */ + assert_hook_not_called(ike_rekey); + + /* RFC 7296, 2.25.2: If a peer receives a request to delete a Child SA when + * it is currently rekeying the IKE SA, it SHOULD reply as usual, with a + * Delete payload. + */ + + /* INFORMATIONAL { D } --> */ + assert_hook_updown(child_updown, FALSE); + assert_single_payload(OUT, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYING); + assert_child_sa_count(b, 0); + assert_hook(); + + /* RFC 7296, 2.25.1: If a peer receives a request to rekey the IKE SA, and + * it is currently, rekeying, or closing a Child SA of that IKE SA, it + * SHOULD reply with TEMPORARY_FAILURE. + */ + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, spi_a, CHILD_DELETING); + + /* <-- INFORMATIONAL { D } */ + assert_hook_updown(child_updown, FALSE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_count(a, 0); + assert_hook(); + + /* CREATE_CHILD_SA { N(TEMP_FAIL) } --> */ + /* we expect a job to retry the rekeying is scheduled */ + assert_jobs_scheduled(1); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_ESTABLISHED); + assert_scheduler(); + + /* ike_rekey */ + assert_hook(); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * One of the hosts initiates a delete of the IKE_SA of the CHILD_SA the other + * peer is concurrently trying to delete. + * + * delete ----\ /---- delete IKE + * \-----/----> detect collision + * <---------/ /---- delete + * delete ----\ / + * \----/-----> + * sa already gone <--------/ + */ +START_TEST(test_collision_ike_delete) +{ + ike_sa_t *a, *b; + uint32_t spi_a = _i+1; + message_t *msg; + status_t s; + + if (_i) + { /* responder rekeys the CHILD_SA (SPI 2) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator rekeys the CHILD_SA (SPI 1) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + call_ikesa(a, delete_child_sa, PROTO_ESP, spi_a, FALSE); + assert_child_sa_state(a, spi_a, CHILD_DELETING); + call_ikesa(b, delete); + assert_ike_sa_state(b, IKE_DELETING); + + /* RFC 7296, 2.25.2 does not explicitly state what the behavior SHOULD be if + * a peer receives a request to delete a CHILD_SA when it is currently + * closing the IKE SA. We expect a regular response. + */ + + /* INFORMATIONAL { D } --> */ + assert_hook_updown(child_updown, FALSE); + assert_single_payload(OUT, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_DELETING); + assert_child_sa_count(b, 0); + assert_hook(); + + /* RFC 7296, 2.25.1 does not explicitly state what the behavior SHOULD be if + * a peer receives a request to close the IKE SA if it is currently deleting + * a Child SA of that IKE SA. Let's just close the IKE_SA and forget the + * delete. + */ + + /* <-- INFORMATIONAL { D } */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + assert_message_empty(OUT); + s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + assert_hook(); + assert_hook(); + + /* <-- INFORMATIONAL { D } */ + /* the SA is already gone */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + msg->destroy(msg); + + /* INFORMATIONAL { } --> */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_not_called(child_updown); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + assert_hook(); + assert_hook(); +} +END_TEST + +Suite *child_delete_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("child delete"); + + tc = tcase_create("regular"); + tcase_add_loop_test(tc, test_regular, 0, 2); + suite_add_tcase(s, tc); + + tc = tcase_create("collisions"); + tcase_add_test(tc, test_collision); + tcase_add_test(tc, test_collision_drop); + suite_add_tcase(s, tc); + + tc = tcase_create("collisions ike rekey"); + tcase_add_loop_test(tc, test_collision_ike_rekey, 0, 2); + suite_add_tcase(s, tc); + + tc = tcase_create("collisions ike delete"); + tcase_add_loop_test(tc, test_collision_ike_delete, 0, 2); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libcharon/tests/suites/test_child_rekey.c b/src/libcharon/tests/suites/test_child_rekey.c new file mode 100644 index 000000000..fcac49388 --- /dev/null +++ b/src/libcharon/tests/suites/test_child_rekey.c @@ -0,0 +1,1569 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include +#include +#include +#include +#include + +/** + * Initiate rekeying the CHILD_SA with the given SPI on the given IKE_SA. + */ +#define initiate_rekey(sa, spi) ({ \ + assert_hook_not_called(child_updown); \ + assert_hook_not_called(child_rekey); \ + call_ikesa(sa, rekey_child_sa, PROTO_ESP, spi); \ + assert_child_sa_state(sa, spi, CHILD_REKEYING); \ + assert_hook(); \ + assert_hook(); \ +}) + +/** + * Regular CHILD_SA rekey either initiated by the original initiator or + * responder of the IKE_SA. + */ +START_TEST(test_regular) +{ + ike_sa_t *a, *b; + uint32_t spi_a = _i+1, spi_b = 2-_i; + + if (_i) + { /* responder rekeys the CHILD_SA (SPI 2) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator rekeys the CHILD_SA (SPI 1) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + initiate_rekey(a, spi_a); + + /* this should never get called as this results in a successful rekeying */ + assert_hook_not_called(child_updown); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_hook_called(child_rekey); + assert_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, spi_b, CHILD_REKEYED); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */ + assert_hook_called(child_rekey); + assert_no_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, spi_a, CHILD_DELETING); + assert_child_sa_state(a, 3, CHILD_INSTALLED); + assert_hook(); + + /* INFORMATIONAL { D } --> */ + assert_hook_not_called(child_rekey); + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + assert_hook(); + /* <-- INFORMATIONAL { D } */ + assert_hook_not_called(child_rekey); + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 3, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + assert_hook(); + + /* child_updown */ + assert_hook(); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * CHILD_SA rekey where the responder does not agree with the DH group selected + * by the initiator, either initiated by the original initiator or responder of + * the IKE_SA. + */ +START_TEST(test_regular_ke_invalid) +{ + exchange_test_sa_conf_t conf = { + .initiator = { + .esp = "aes128-sha256-modp2048-modp3072", + }, + .responder = { + .esp = "aes128-sha256-modp3072-modp2048", + }, + }; + ike_sa_t *a, *b; + uint32_t spi_a = _i+1, spi_b = 2-_i; + + if (_i) + { /* responder rekeys the CHILD_SA (SPI 2) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, &conf); + } + else + { /* initiator rekeys the CHILD_SA (SPI 1) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, &conf); + } + initiate_rekey(a, spi_a); + + /* this should never get called as this results in a successful rekeying */ + assert_hook_not_called(child_updown); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_hook_not_called(child_rekey); + assert_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, spi_b, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */ + assert_hook_not_called(child_rekey); + assert_single_notify(IN, INVALID_KE_PAYLOAD); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, spi_a, CHILD_REKEYING); + assert_child_sa_count(a, 1); + assert_hook(); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_hook_called(child_rekey); + assert_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, spi_b, CHILD_REKEYED); + assert_child_sa_state(b, 6, CHILD_INSTALLED); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */ + assert_hook_called(child_rekey); + assert_no_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, spi_a, CHILD_DELETING); + assert_child_sa_state(a, 5, CHILD_INSTALLED); + assert_hook(); + + /* INFORMATIONAL { D } --> */ + assert_hook_not_called(child_rekey); + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 6, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + assert_hook(); + /* <-- INFORMATIONAL { D } */ + assert_hook_not_called(child_rekey); + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 5, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + assert_hook(); + + /* child_updown */ + assert_hook(); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * Check that the responder ignores soft expires while waiting for the delete + * after a rekeying. + */ +START_TEST(test_regular_responder_ignore_soft_expire) +{ + ike_sa_t *a, *b; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + initiate_rekey(a, 1); + + /* this should never get called as this results in a successful rekeying */ + assert_hook_not_called(child_updown); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_hook_called(child_rekey); + assert_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_REKEYED); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */ + assert_hook_called(child_rekey); + assert_no_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_DELETING); + assert_child_sa_state(a, 3, CHILD_INSTALLED); + assert_hook(); + + /* we don't expect this to get called anymore */ + assert_hook_not_called(child_rekey); + /* this should not produce a message, if it does there won't be a delete + * payload below */ + call_ikesa(b, rekey_child_sa, PROTO_ESP, 2); + assert_child_sa_state(b, 2, CHILD_REKEYED); + + /* INFORMATIONAL { D } --> */ + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + /* <-- INFORMATIONAL { D } */ + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 3, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + + /* child_rekey/child_updown */ + assert_hook(); + assert_hook(); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * Check that the responder handles hard expires properly while waiting for the + * delete after a rekeying (e.g. if the initiator of the rekeying fails to + * delete the CHILD_SA for some reason). + */ +START_TEST(test_regular_responder_handle_hard_expire) +{ + ike_sa_t *a, *b; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + initiate_rekey(a, 1); + + /* this should never get called as this results in a successful rekeying */ + assert_hook_not_called(child_updown); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_hook_called(child_rekey); + assert_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_REKEYED); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */ + assert_hook_called(child_rekey); + assert_no_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_DELETING); + assert_child_sa_state(a, 3, CHILD_INSTALLED); + assert_hook(); + + /* we don't expect this to get called anymore */ + assert_hook_not_called(child_rekey); + /* this is similar to a regular delete collision */ + assert_single_payload(OUT, PLV2_DELETE); + call_ikesa(b, delete_child_sa, PROTO_ESP, 2, TRUE); + assert_child_sa_state(b, 2, CHILD_DELETING); + + /* INFORMATIONAL { D } --> */ + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_state(a, 2, CHILD_DELETING); + /* <-- INFORMATIONAL { D } */ + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 3, CHILD_INSTALLED); + assert_child_sa_state(a, 1, CHILD_DELETING); + /* <-- INFORMATIONAL { } */ + assert_message_empty(IN); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 3, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + /* INFORMATIONAL { } --> */ + assert_message_empty(IN); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + + /* child_rekey/child_updown */ + assert_hook(); + assert_hook(); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * Both peers initiate the CHILD_SA reekying concurrently and should handle + * the collision properly depending on the nonces. + */ +START_TEST(test_collision) +{ + ike_sa_t *a, *b; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + /* When rekeyings collide we get two CHILD_SAs with a total of four nonces. + * The CHILD_SA with the lowest nonce SHOULD be deleted by the peer that + * created that CHILD_SA. The replaced CHILD_SA is deleted by the peer that + * initiated the surviving SA. + * Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * CHILD_SA): + * N1/3 -----\ /----- N2/4 + * \--/-----> N3/5 + * N4/6 <-------/ /----- ... + * ... -----\ + * We test this four times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[4]; + /* SPIs of the deleted CHILD_SA (either redundant or replaced) */ + uint32_t spi_del_a, spi_del_b; + /* SPIs of the kept CHILD_SA */ + uint32_t spi_a, spi_b; + } data[] = { + { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 2, 6, 4 }, + { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 4, 3, 5 }, + { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 2, 6, 4 }, + { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 4, 3, 5 }, + }; + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a, 1); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b, 2); + + /* this should never get called as this results in a successful rekeying */ + assert_hook_not_called(child_updown); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_rekey(child_rekey, 2, 5); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_REKEYED); + assert_child_sa_state(b, 5, CHILD_INSTALLED); + assert_hook(); + /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[3]; + assert_hook_rekey(child_rekey, 1, 6); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_REKEYED); + assert_child_sa_state(a, 6, CHILD_INSTALLED); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */ + if (data[_i].spi_del_a == 1) + { /* currently we call this again if we keep our own replacement as we + * already called it above */ + assert_hook_rekey(child_rekey, 1, data[_i].spi_a); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_hook(); + } + else + { + assert_hook_not_called(child_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_hook(); + } + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING); + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); + /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */ + if (data[_i].spi_del_b == 2) + { + assert_hook_rekey(child_rekey, 2, data[_i].spi_b); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_hook(); + } + else + { + assert_hook_not_called(child_rekey); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_hook(); + } + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING); + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(child_rekey); + /* INFORMATIONAL { D } --> */ + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + assert_child_sa_count(b, 2); + /* <-- INFORMATIONAL { D } */ + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); + assert_child_sa_count(a, 2); + /* <-- INFORMATIONAL { D } */ + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + /* INFORMATIONAL { D } --> */ + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + + /* child_rekey/child_updown */ + assert_hook(); + assert_hook(); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * This is like the rekey collision above, but one peer deletes the + * redundant/old SA before the other peer receives the CREATE_CHILD_SA + * response: + * + * rekey ----\ /---- rekey + * \-----/----> detect collision + * detect collision <---------/ /---- + * ----\ / + * \----/-----> + * handle delete <--------/------- delete SA + * --------/-------> + * handle rekey <------/ + * delete SA ----------------> + * <---------------- + */ +START_TEST(test_collision_delayed_response) +{ + ike_sa_t *a, *b; + message_t *msg; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + /* Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * CHILD_SA): + * N1/3 -----\ /----- N2/4 + * \--/-----> N3/5 + * N4/6 <-------/ /----- ... + * ... -----\ + * We test this four times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[4]; + /* SPIs of the deleted CHILD_SA (either redundant or replaced) */ + uint32_t spi_del_a, spi_del_b; + /* SPIs of the kept CHILD_SA */ + uint32_t spi_a, spi_b; + } data[] = { + { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 2, 6, 4 }, + { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 4, 3, 5 }, + { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 2, 6, 4 }, + { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 4, 3, 5 }, + }; + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a, 1); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b, 2); + + /* this should never get called as this results in a successful rekeying */ + assert_hook_not_called(child_updown); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_rekey(child_rekey, 2, 5); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_REKEYED); + assert_child_sa_state(b, 5, CHILD_INSTALLED); + assert_hook(); + /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[3]; + assert_hook_rekey(child_rekey, 1, 6); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_REKEYED); + assert_child_sa_state(a, 6, CHILD_INSTALLED); + assert_hook(); + + /* delay the CREATE_CHILD_SA response from b to a */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */ + if (data[_i].spi_del_b == 2) + { + assert_hook_rekey(child_rekey, 2, data[_i].spi_b); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_hook(); + } + else + { + assert_hook_not_called(child_rekey); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_hook(); + } + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING); + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + + /* <-- INFORMATIONAL { D } */ + assert_hook_not_called(child_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + if (data[_i].spi_del_b == 2) + { + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + } + else + { + assert_child_sa_state(a, 1, CHILD_REKEYED); + assert_child_sa_count(a, 1); + } + /* INFORMATIONAL { D } --> */ + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + assert_child_sa_count(b, 2); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } (delayed) */ + if (data[_i].spi_del_a == 1) + { + assert_hook_rekey(child_rekey, 1, data[_i].spi_a); + exchange_test_helper->process_message(exchange_test_helper, a, msg); + assert_hook(); + } + else + { + assert_hook_not_called(child_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, msg); + assert_hook(); + } + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); + assert_child_sa_count(a, 2); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(child_rekey); + /* INFORMATIONAL { D } --> */ + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + /* <-- INFORMATIONAL { D } */ + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + + /* child_rekey/child_updown */ + assert_hook(); + assert_hook(); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * In this scenario one of the peers does not notice that there is a + * rekey collision: + * + * rekey ----\ /---- rekey + * \ / + * detect collision <-----\---/ + * -------\--------> + * \ /---- delete old SA + * \-/----> detect collision + * detect collision <---------/ /---- TEMP_FAIL + * delete -----------/----> + * aborts rekeying <---------/ + */ +START_TEST(test_collision_delayed_request) +{ + ike_sa_t *a, *b; + message_t *msg; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * CHILD_SA): + * N1/3 -----\ /----- N2/4 + * N3/5 <-----\--/ + * ... -----\ \-------> ... + * We test this three times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[3]; + } data[] = { + { { 0x00, 0xFF, 0xFF } }, + { { 0xFF, 0x00, 0xFF } }, + { { 0xFF, 0xFF, 0x00 } }, + }; + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a, 1); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b, 2); + + /* delay the CREATE_CHILD_SA request from a to b */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* this should never get called as this results in a successful rekeying */ + assert_hook_not_called(child_updown); + + /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_rekey(child_rekey, 1, 5); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_REKEYED); + assert_child_sa_state(a, 5, CHILD_INSTALLED); + assert_hook(); + /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */ + assert_hook_rekey(child_rekey, 2, 4); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_DELETING); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_hook(); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(child_rekey); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */ + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, msg); + assert_child_sa_state(b, 2, CHILD_DELETING); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + + /* <-- INFORMATIONAL { D } */ + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 5, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + assert_no_jobs_scheduled(); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 5, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + assert_scheduler(); + + /* INFORMATIONAL { D } --> */ + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + + /* child_rekey/child_updown */ + assert_hook(); + assert_hook(); + + assert_sa_idle(a); + assert_sa_idle(b); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * Similar to above one peer fails to notice the collision but the + * CREATE_CHILD_SA request is even more delayed: + * + * rekey ----\ /---- rekey + * \ / + * detect collision <-----\---/ + * -------\--------> + * detect collision <-------\-------- delete old SA + * delete ---------\------> + * \-----> + * /---- CHILD_SA_NOT_FOUND + * aborts rekeying <----------/ + */ +START_TEST(test_collision_delayed_request_more) +{ + ike_sa_t *a, *b; + message_t *msg; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * CHILD_SA): + * N1/3 -----\ /----- N2/4 + * N3/5 <-----\--/ + * ... -----\ \-------> ... + * We test this three times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[3]; + } data[] = { + { { 0x00, 0xFF, 0xFF } }, + { { 0xFF, 0x00, 0xFF } }, + { { 0xFF, 0xFF, 0x00 } }, + }; + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a, 1); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b, 2); + + /* delay the CREATE_CHILD_SA request from a to b */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* this should never get called as this results in a successful rekeying */ + assert_hook_not_called(child_updown); + + /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_rekey(child_rekey, 1, 5); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_REKEYED); + assert_child_sa_state(a, 5, CHILD_INSTALLED); + assert_hook(); + /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */ + assert_hook_rekey(child_rekey, 2, 4); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_DELETING); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_hook(); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(child_rekey); + + /* <-- INFORMATIONAL { D } */ + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 5, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + /* INFORMATIONAL { D } --> */ + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_single_notify(OUT, CHILD_SA_NOT_FOUND); + exchange_test_helper->process_message(exchange_test_helper, b, msg); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */ + assert_no_jobs_scheduled(); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 5, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + assert_scheduler(); + + /* child_rekey/child_updown */ + assert_hook(); + assert_hook(); + + assert_sa_idle(a); + assert_sa_idle(b); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * Both peers initiate the CHILD_SA reekying concurrently but the proposed DH + * groups are not the same after handling the INVALID_KE_PAYLOAD they should + * still handle the collision properly depending on the nonces. + */ +START_TEST(test_collision_ke_invalid) +{ + exchange_test_sa_conf_t conf = { + .initiator = { + .esp = "aes128-sha256-modp2048-modp3072", + }, + .responder = { + .esp = "aes128-sha256-modp3072-modp2048", + }, + }; + ike_sa_t *a, *b; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, &conf); + + /* Eight nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * CHILD_SA): + * N1/3 -----\ /----- N2/4 + * \--/-----> N3/5 + * N4/6 <-------/ /---- INVAL_KE + * INVAL_KE -----\ / + * <-----\--/ + * N5/7 -----\ \-------> + * \ /---- N6/8 + * \--/----> N7/9 + * N8/10 <--------/ /---- ... + * ... ------\ + * + * We test this four times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[4]; + /* SPIs of the deleted CHILD_SA (either redundant or replaced) */ + uint32_t spi_del_a, spi_del_b; + /* SPIs of the kept CHILD_SA */ + uint32_t spi_a, spi_b; + } data[] = { + { { 0x00, 0xFF, 0xFF, 0xFF }, 7, 2,10, 8 }, + { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 8, 7, 9 }, + { { 0xFF, 0xFF, 0x00, 0xFF }, 7, 2,10, 8 }, + { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 8, 7, 9 }, + }; + + /* make sure the nonces of the first try don't affect the retries */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(a, 1); + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(b, 2); + + /* this should never get called as this results in a successful rekeying */ + assert_hook_not_called(child_updown); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_hook_not_called(child_rekey); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_REKEYING); + assert_child_sa_count(b, 1); + assert_hook(); + /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */ + assert_hook_not_called(child_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_REKEYING); + assert_child_sa_count(a, 1); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + assert_hook_not_called(child_rekey); + assert_single_notify(IN, INVALID_KE_PAYLOAD); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_REKEYING); + assert_child_sa_count(a, 1); + assert_hook(); + /* CREATE_CHILD_SA { N(INVAL_KE) } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + assert_hook_not_called(child_rekey); + assert_single_notify(IN, INVALID_KE_PAYLOAD); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_REKEYING); + assert_child_sa_count(b, 1); + assert_hook(); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_rekey(child_rekey, 2, 9); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_REKEYED); + assert_child_sa_state(b, 9, CHILD_INSTALLED); + assert_hook(); + /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[3]; + assert_hook_rekey(child_rekey, 1, 10); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_REKEYED); + assert_child_sa_state(a,10, CHILD_INSTALLED); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */ + if (data[_i].spi_del_a == 1) + { /* currently we call this again if we keep our own replacement as we + * already called it above */ + assert_hook_rekey(child_rekey, 1, data[_i].spi_a); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_hook(); + } + else + { + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + } + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING); + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); + /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */ + if (data[_i].spi_del_b == 2) + { + assert_hook_rekey(child_rekey, 2, data[_i].spi_b); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_hook(); + } + else + { + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + } + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING); + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(child_rekey); + /* INFORMATIONAL { D } --> */ + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + assert_child_sa_count(b, 2); + /* <-- INFORMATIONAL { D } */ + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); + assert_child_sa_count(a, 2); + /* <-- INFORMATIONAL { D } */ + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + /* INFORMATIONAL { D } --> */ + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + + /* child_rekey/child_updown */ + assert_hook(); + assert_hook(); + + assert_sa_idle(a); + assert_sa_idle(b); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * This is a variation of the above but with the retry by one peer delayed so + * that to the other peer it looks like there is no collision. + */ +START_TEST(test_collision_ke_invalid_delayed_retry) +{ + exchange_test_sa_conf_t conf = { + .initiator = { + .esp = "aes128-sha256-modp2048-modp3072", + }, + .responder = { + .esp = "aes128-sha256-modp3072-modp2048", + }, + }; + ike_sa_t *a, *b; + message_t *msg; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, &conf); + + /* Seven nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * CHILD_SA): + * N1/3 -----\ /----- N2/4 + * \--/-----> N3/5 + * N4/6 <-------/ /---- INVAL_KE + * INVAL_KE -----\ / + * <-----\--/ + * N5/7 -----\ \-------> + * <-----\--------- N6/8 + * N7/9 -------\-------> + * <-------\------- DELETE + * ... ------\ \-----> + * /---- TEMP_FAIL + * + * We test this three times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[3]; + } data[] = { + { { 0x00, 0xFF, 0xFF } }, + { { 0xFF, 0x00, 0xFF } }, + { { 0xFF, 0xFF, 0x00 } }, + }; + + /* make sure the nonces of the first try don't affect the retries */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(a, 1); + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(b, 2); + + /* this should never get called as this results in a successful rekeying */ + assert_hook_not_called(child_updown); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_hook_not_called(child_rekey); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_REKEYING); + assert_child_sa_count(b, 1); + assert_hook(); + /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */ + assert_hook_not_called(child_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_REKEYING); + assert_child_sa_count(a, 1); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + assert_hook_not_called(child_rekey); + assert_single_notify(IN, INVALID_KE_PAYLOAD); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_REKEYING); + assert_child_sa_count(a, 1); + assert_hook(); + /* CREATE_CHILD_SA { N(INVAL_KE) } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + assert_hook_not_called(child_rekey); + assert_single_notify(IN, INVALID_KE_PAYLOAD); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_REKEYING); + assert_child_sa_count(b, 1); + assert_hook(); + + /* delay the CREATE_CHILD_SA request from a to b */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_rekey(child_rekey, 1, 9); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_REKEYED); + assert_child_sa_state(a, 9, CHILD_INSTALLED); + assert_hook(); + /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */ + assert_hook_rekey(child_rekey, 2, 8); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_DELETING); + assert_child_sa_state(b, 8, CHILD_INSTALLED); + assert_hook(); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(child_rekey); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */ + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, msg); + assert_child_sa_state(b, 2, CHILD_DELETING); + assert_child_sa_state(b, 8, CHILD_INSTALLED); + + /* <-- INFORMATIONAL { D } */ + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 9, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + assert_no_jobs_scheduled(); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 9, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + assert_scheduler(); + + /* INFORMATIONAL { D } --> */ + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 8, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + + /* child_rekey/child_updown */ + assert_hook(); + assert_hook(); + + assert_sa_idle(a); + assert_sa_idle(b); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * One of the hosts initiates a DELETE of the CHILD_SA the other peer is + * concurrently trying to rekey. + * + * rekey ----\ /---- delete + * \-----/----> detect collision + * detect collision <---------/ /---- TEMP_FAIL + * delete ----\ / + * \----/-----> + * aborts rekeying <--------/ + */ +START_TEST(test_collision_delete) +{ + ike_sa_t *a, *b; + uint32_t spi_a = _i+1, spi_b = 2-_i; + + if (_i) + { /* responder rekeys the CHILD_SA (SPI 2) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator rekeys the CHILD_SA (SPI 1) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + initiate_rekey(a, spi_a); + call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE); + assert_child_sa_state(b, spi_b, CHILD_DELETING); + + /* this should never get called as there is no successful rekeying on + * either side */ + assert_hook_not_called(child_rekey); + + /* RFC 7296, 2.25.1: If a peer receives a request to rekey a CHILD_SA that + * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE. + */ + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_hook_not_called(child_updown); + assert_notify(IN, REKEY_SA); + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, spi_b, CHILD_DELETING); + assert_hook(); + + /* RFC 7296, 2.25.1: If a peer receives a request to delete a CHILD_SA that + * it is currently trying to rekey, it SHOULD reply as usual, with a DELETE + * payload. + */ + + /* <-- INFORMATIONAL { D } */ + assert_hook_updown(child_updown, FALSE); + assert_single_payload(IN, PLV2_DELETE); + assert_single_payload(OUT, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_count(a, 0); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + assert_hook_not_called(child_updown); + /* we don't expect a job to retry the rekeying */ + assert_no_jobs_scheduled(); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_scheduler(); + assert_hook(); + + /* INFORMATIONAL { D } --> */ + assert_hook_updown(child_updown, FALSE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_count(b, 0); + assert_hook(); + + /* child_rekey */ + assert_hook(); + + assert_sa_idle(a); + assert_sa_idle(b); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * One of the hosts initiates a DELETE of the CHILD_SA the other peer is + * concurrently trying to rekey. However, the delete request is delayed or + * dropped, so the peer doing the rekeying is unaware of the collision. + * + * rekey ----\ /---- delete + * \-----/----> detect collision + * reschedule <---------/------ TEMP_FAIL + * <--------/ + * delete ----------------> + * + * The job will not find the SA to retry rekeying. + */ +START_TEST(test_collision_delete_drop_delete) +{ + ike_sa_t *a, *b; + message_t *msg; + uint32_t spi_a = _i+1, spi_b = 2-_i; + + if (_i) + { /* responder rekeys the CHILD_SA (SPI 2) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator rekeys the CHILD_SA (SPI 1) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + initiate_rekey(a, spi_a); + call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE); + assert_child_sa_state(b, spi_b, CHILD_DELETING); + + /* this should never get called as there is no successful rekeying on + * either side */ + assert_hook_not_called(child_rekey); + + /* RFC 7296, 2.25.1: If a peer receives a request to rekey a CHILD_SA that + * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE. + */ + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_hook_not_called(child_updown); + assert_notify(IN, REKEY_SA); + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, spi_b, CHILD_DELETING); + assert_hook(); + + /* delay the DELETE request */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + assert_hook_not_called(child_updown); + /* we expect a job to retry the rekeying is scheduled */ + assert_jobs_scheduled(1); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, spi_a, CHILD_INSTALLED); + assert_scheduler(); + assert_hook(); + + /* <-- INFORMATIONAL { D } (delayed) */ + assert_hook_updown(child_updown, FALSE); + assert_single_payload(IN, PLV2_DELETE); + assert_single_payload(OUT, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, a, msg); + assert_child_sa_count(a, 0); + assert_hook(); + + /* INFORMATIONAL { D } --> */ + assert_hook_updown(child_updown, FALSE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_count(b, 0); + assert_hook(); + + /* child_rekey */ + assert_hook(); + + assert_sa_idle(a); + assert_sa_idle(b); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * One of the hosts initiates a DELETE of the CHILD_SA the other peer is + * concurrently trying to rekey. However, the rekey request is delayed or + * dropped, so the peer doing the deleting is unaware of the collision. + * + * rekey ----\ /---- delete + * detect collision <----\-----/ + * delete ------\---------> + * \--------> + * /---- CHILD_SA_NOT_FOUND + * aborts rekeying <----------/ + */ + START_TEST(test_collision_delete_drop_rekey) +{ + ike_sa_t *a, *b; + message_t *msg; + uint32_t spi_a = _i+1, spi_b = 2-_i; + + if (_i) + { /* responder rekeys the CHILD_SA (SPI 2) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator rekeys the CHILD_SA (SPI 1) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + initiate_rekey(a, spi_a); + call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE); + assert_child_sa_state(b, spi_b, CHILD_DELETING); + + /* this should never get called as there is no successful rekeying on + * either side */ + assert_hook_not_called(child_rekey); + + /* delay the CREATE_CHILD_SA request */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* RFC 7296, 2.25.1: If a peer receives a request to delete a CHILD_SA that + * it is currently trying to rekey, it SHOULD reply as usual, with a DELETE + * payload. + */ + + /* <-- INFORMATIONAL { D } */ + assert_hook_updown(child_updown, FALSE); + assert_single_payload(IN, PLV2_DELETE); + assert_single_payload(OUT, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_count(a, 0); + assert_hook(); + + /* INFORMATIONAL { D } --> */ + assert_hook_updown(child_updown, FALSE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_count(b, 0); + assert_hook(); + + /* RFC 7296, 2.25.1: If a peer receives a to rekey a Child SA that does not + * exist, it SHOULD reply with CHILD_SA_NOT_FOUND. + */ + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */ + assert_hook_not_called(child_updown); + assert_notify(IN, REKEY_SA); + assert_single_notify(OUT, CHILD_SA_NOT_FOUND); + exchange_test_helper->process_message(exchange_test_helper, b, msg); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */ + assert_hook_not_called(child_updown); + /* no jobs or tasks should get scheduled/queued */ + assert_no_jobs_scheduled(); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_scheduler(); + assert_hook(); + + /* child_rekey */ + assert_hook(); + + assert_sa_idle(a); + assert_sa_idle(b); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * FIXME: Not sure what we can do about the following: + * + * One of the hosts initiates a rekeying of a CHILD_SA and after responding to + * it the other peer deletes the new SA. However, the rekey response is + * delayed or dropped, so the peer doing the rekeying receives a delete for an + * unknown CHILD_SA and then has a rekeyed CHILD_SA that should not exist. + * + * rekey ----------------> + * /---- rekey + * unknown SA <----------/----- delete new SA + * ----------/-----> + * <--------/ + * + * The peers' states are now out of sync. + * + * Perhaps the rekey initiator could keep track of deletes for non-existing SAs + * while rekeying and then check against the SPIs when handling the + * CREATE_CHILD_SA response. + */ + + +/** + * One of the hosts initiates a rekey of the IKE_SA of the CHILD_SA the other + * peer is concurrently trying to rekey. + * + * rekey ----\ /---- rekey IKE + * \-----/----> detect collision + * detect collision <---------/ /---- TEMP_FAIL + * TEMP_FAIL ----\ / + * \----/-----> + * <--------/ + */ +START_TEST(test_collision_ike_rekey) +{ + ike_sa_t *a, *b; + uint32_t spi_a = _i+1; + + if (_i) + { /* responder rekeys the CHILD_SA (SPI 2) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator rekeys the CHILD_SA (SPI 1) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + initiate_rekey(a, spi_a); + call_ikesa(b, rekey); + assert_ike_sa_state(b, IKE_REKEYING); + + /* these should never get called as there is no successful rekeying on + * either side */ + assert_hook_not_called(ike_rekey); + assert_hook_not_called(child_rekey); + + /* RFC 7296, 2.25.2: If a peer receives a request to rekey a CHILD_SA when + * it is currently rekeying the IKE SA, it SHOULD reply with + * TEMPORARY_FAILURE. + */ + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYING); + + /* RFC 7296, 2.25.1: If a peer receives a request to rekey the IKE SA, and + * it is currently, rekeying, or closing a Child SA of that IKE SA, it + * SHOULD reply with TEMPORARY_FAILURE. + */ + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, spi_a, CHILD_REKEYING); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + /* we expect a job to retry the rekeying is scheduled */ + assert_jobs_scheduled(1); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, spi_a, CHILD_INSTALLED); + assert_scheduler(); + + /* CREATE_CHILD_SA { N(TEMP_FAIL) } --> */ + /* we expect a job to retry the rekeying is scheduled */ + assert_jobs_scheduled(1); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_ESTABLISHED); + assert_scheduler(); + + /* ike_rekey/child_rekey */ + assert_hook(); + assert_hook(); + + assert_sa_idle(a); + assert_sa_idle(b); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * One of the hosts initiates a delete of the IKE_SA of the CHILD_SA the other + * peer is concurrently trying to rekey. + * + * rekey ----\ /---- delete IKE + * \-----/----> detect collision + * <---------/ /---- TEMP_FAIL + * delete ----\ / + * \----/-----> + * sa already gone <--------/ + */ +START_TEST(test_collision_ike_delete) +{ + ike_sa_t *a, *b; + uint32_t spi_a = _i+1; + message_t *msg; + status_t s; + + if (_i) + { /* responder rekeys the CHILD_SA (SPI 2) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator rekeys the CHILD_SA (SPI 1) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + initiate_rekey(a, spi_a); + call_ikesa(b, delete); + assert_ike_sa_state(b, IKE_DELETING); + + /* this should never get called as there is no successful rekeying on + * either side */ + assert_hook_not_called(child_rekey); + + /* RFC 7296, 2.25.2 does not explicitly state what the behavior SHOULD be if + * a peer receives a request to rekey a CHILD_SA when it is currently + * closing the IKE SA. We expect a TEMPORARY_FAILURE notify. + */ + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_DELETING); + + /* RFC 7296, 2.25.1 does not explicitly state what the behavior SHOULD be if + * a peer receives a request to close the IKE SA if it is currently rekeying + * a Child SA of that IKE SA. Let's just close the IKE_SA and forget the + * rekeying. + */ + + /* <-- INFORMATIONAL { D } */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + assert_message_empty(OUT); + s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + assert_hook(); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + /* the SA is already gone */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + msg->destroy(msg); + + /* INFORMATIONAL { } --> */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + assert_hook(); + assert_hook(); + + /* child_rekey */ + assert_hook(); +} +END_TEST + +Suite *child_rekey_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("child rekey"); + + tc = tcase_create("regular"); + tcase_add_loop_test(tc, test_regular, 0, 2); + tcase_add_loop_test(tc, test_regular_ke_invalid, 0, 2); + tcase_add_test(tc, test_regular_responder_ignore_soft_expire); + tcase_add_test(tc, test_regular_responder_handle_hard_expire); + suite_add_tcase(s, tc); + + tc = tcase_create("collisions rekey"); + tcase_add_loop_test(tc, test_collision, 0, 4); + tcase_add_loop_test(tc, test_collision_delayed_response, 0, 4); + tcase_add_loop_test(tc, test_collision_delayed_request, 0, 3); + tcase_add_loop_test(tc, test_collision_delayed_request_more, 0, 3); + tcase_add_loop_test(tc, test_collision_ke_invalid, 0, 4); + tcase_add_loop_test(tc, test_collision_ke_invalid_delayed_retry, 0, 3); + suite_add_tcase(s, tc); + + tc = tcase_create("collisions delete"); + tcase_add_loop_test(tc, test_collision_delete, 0, 2); + tcase_add_loop_test(tc, test_collision_delete_drop_delete, 0, 2); + tcase_add_loop_test(tc, test_collision_delete_drop_rekey, 0, 2); + suite_add_tcase(s, tc); + + tc = tcase_create("collisions ike rekey"); + tcase_add_loop_test(tc, test_collision_ike_rekey, 0, 2); + suite_add_tcase(s, tc); + + tc = tcase_create("collisions ike delete"); + tcase_add_loop_test(tc, test_collision_ike_delete, 0, 2); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libcharon/tests/suites/test_ike_delete.c b/src/libcharon/tests/suites/test_ike_delete.c new file mode 100644 index 000000000..d79f9bc50 --- /dev/null +++ b/src/libcharon/tests/suites/test_ike_delete.c @@ -0,0 +1,137 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include +#include +#include + +/** + * Regular IKE_SA delete either initiated by the original initiator or + * responder of the IKE_SA. + */ +START_TEST(test_regular) +{ + ike_sa_t *a, *b; + status_t s; + + if (_i) + { /* responder deletes the IKE_SA */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator deletes the IKE_SA */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + call_ikesa(a, delete); + assert_ike_sa_state(a, IKE_DELETING); + assert_hook(); + assert_hook(); + + /* INFORMATIONAL { D } --> */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + assert_single_payload(IN, PLV2_DELETE); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + assert_hook(); + assert_hook(); + + /* <-- INFORMATIONAL { } */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + assert_message_empty(IN); + s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + assert_hook(); + assert_hook(); +} +END_TEST + +/** + * Both peers initiate the IKE_SA deletion concurrently and should handle the + * collision properly. + */ +START_TEST(test_collision) +{ + ike_sa_t *a, *b; + status_t s; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + call_ikesa(a, delete); + assert_ike_sa_state(a, IKE_DELETING); + call_ikesa(b, delete); + assert_ike_sa_state(b, IKE_DELETING); + assert_hook(); + assert_hook(); + + /* RFC 7296 says: If a peer receives a request to close an IKE SA that it + * is currently trying to close, it SHOULD reply as usual, and forget about + * its own close request. + * So we expect the SA to just get closed with an empty response still sent. + */ + + /* INFORMATIONAL { D } --> */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + assert_single_payload(IN, PLV2_DELETE); + assert_message_empty(OUT); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + assert_hook(); + assert_hook(); + + /* <-- INFORMATIONAL { D } */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + assert_single_payload(IN, PLV2_DELETE); + assert_message_empty(OUT); + s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + assert_hook(); + assert_hook(); +} +END_TEST + +Suite *ike_delete_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("ike delete"); + + tc = tcase_create("regular"); + tcase_add_loop_test(tc, test_regular, 0, 2); + suite_add_tcase(s, tc); + + tc = tcase_create("collisions"); + tcase_add_test(tc, test_collision); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libcharon/tests/suites/test_ike_rekey.c b/src/libcharon/tests/suites/test_ike_rekey.c new file mode 100644 index 000000000..ba39657a4 --- /dev/null +++ b/src/libcharon/tests/suites/test_ike_rekey.c @@ -0,0 +1,1480 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include +#include +#include +#include + +/** + * Initiate rekeying the given IKE_SA. + */ +#define initiate_rekey(sa) ({ \ + assert_hook_not_called(ike_rekey); \ + call_ikesa(sa, rekey); \ + assert_ike_sa_state(a, IKE_REKEYING); \ + assert_hook(); \ +}) + +/** + * Regular IKE_SA rekeying either initiated by the original initiator or + * responder of the IKE_SA. + */ +START_TEST(test_regular) +{ + ike_sa_t *a, *b, *new_sa; + status_t s; + + if (_i) + { /* responder rekeys the IKE_SA */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator rekeys the IKE_SA */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + /* these should never get called as this results in a successful rekeying */ + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + + initiate_rekey(a); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + assert_hook_rekey(ike_rekey, 1, 3); + assert_no_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYED); + assert_child_sa_count(b, 0); + new_sa = assert_ike_sa_checkout(3, 4, FALSE); + assert_ike_sa_state(new_sa, IKE_ESTABLISHED); + assert_child_sa_count(new_sa, 1); + assert_ike_sa_count(1); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */ + assert_hook_rekey(ike_rekey, 1, 3); + assert_no_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_DELETING); + assert_child_sa_count(a, 0); + new_sa = assert_ike_sa_checkout(3, 4, TRUE); + assert_ike_sa_state(new_sa, IKE_ESTABLISHED); + assert_child_sa_count(new_sa, 1); + assert_ike_sa_count(2); + assert_hook(); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(ike_rekey); + + /* INFORMATIONAL { D } --> */ + assert_single_payload(IN, PLV2_DELETE); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + /* <-- INFORMATIONAL { } */ + assert_message_empty(IN); + s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + + /* ike_rekey/ike_updown/child_updown */ + assert_hook(); + assert_hook(); + assert_hook(); + + charon->ike_sa_manager->flush(charon->ike_sa_manager); +} +END_TEST + +/** + * IKE_SA rekeying where the responder does not agree with the DH group selected + * by the initiator, either initiated by the original initiator or responder of + * the IKE_SA. + */ +START_TEST(test_regular_ke_invalid) +{ + exchange_test_sa_conf_t conf = { + .initiator = { + .ike = "aes128-sha256-modp2048-modp3072", + }, + .responder = { + .ike = "aes128-sha256-modp3072-modp2048", + }, + }; + ike_sa_t *a, *b, *sa; + status_t s; + + lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals", + FALSE, lib->ns); + if (_i) + { /* responder rekeys the IKE_SA */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, &conf); + } + else + { /* initiator rekeys the IKE_SA */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, &conf); + } + /* these should never get called as this results in a successful rekeying */ + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + + lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals", + TRUE, lib->ns); + + initiate_rekey(a); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_ESTABLISHED); + assert_child_sa_count(b, 1); + assert_ike_sa_count(0); + + /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */ + assert_single_notify(IN, INVALID_KE_PAYLOAD); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + assert_hook_rekey(ike_rekey, 1, 3); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYED); + assert_child_sa_count(b, 0); + sa = assert_ike_sa_checkout(3, 5, FALSE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(1); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */ + assert_hook_rekey(ike_rekey, 1, 3); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_DELETING); + assert_child_sa_count(a, 0); + sa = assert_ike_sa_checkout(3, 5, TRUE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(2); + assert_hook(); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(ike_rekey); + + /* INFORMATIONAL { D } --> */ + assert_single_payload(IN, PLV2_DELETE); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + /* <-- INFORMATIONAL { } */ + assert_message_empty(IN); + s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + + /* ike_rekey/ike_updown/child_updown */ + assert_hook(); + assert_hook(); + assert_hook(); + + charon->ike_sa_manager->flush(charon->ike_sa_manager); +} +END_TEST + +/** + * Both peers initiate the IKE_SA rekeying concurrently and should handle the + * collision properly depending on the nonces. + */ +START_TEST(test_collision) +{ + ike_sa_t *a, *b, *sa; + status_t status; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + /* When rekeyings collide we get two IKE_SAs with a total of four nonces. + * The IKE_SA with the lowest nonce SHOULD be deleted by the peer that + * created that IKE_SA. The replaced IKE_SA is deleted by the peer that + * initiated the surviving SA. + * Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * IKE_SA): + * N1/3 -----\ /----- N2/4 + * \--/-----> N3/5 + * N4/6 <-------/ /----- ... + * ... -----\ + * We test this four times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[4]; + /* SPIs of the deleted IKE_SAs (either redundant or replaced) */ + uint32_t del_a_i, del_a_r; + uint32_t del_b_i, del_b_r; + /* SPIs of the kept IKE_SA */ + uint32_t spi_i, spi_r; + } data[] = { + { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 }, + { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 }, + { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 5, 1, 2, 4, 6 }, + { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 2, 4, 6, 3, 5 }, + }; + /* these should never get called as this results in a successful rekeying */ + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYING); + assert_child_sa_count(b, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[3]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* simplify next steps by checking in original IKE_SAs */ + charon->ike_sa_manager->checkin(charon->ike_sa_manager, a); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, b); + assert_ike_sa_count(2); + + /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */ + assert_hook_rekey(ike_rekey, 1, data[_i].spi_i); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + /* as original initiator a is initiator of both SAs it could delete */ + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE); + assert_ike_sa_state(sa, IKE_DELETING); + assert_child_sa_count(sa, 0); + /* if b won it will delete the original SA a initiated */ + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, + data[_i].del_b_i == 1); + assert_ike_sa_state(sa, IKE_REKEYED); + assert_child_sa_count(sa, 0); + sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, + data[_i].del_a_i == 1); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(4); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Nr, KEr } --> */ + assert_hook_rekey(ike_rekey, 1, data[_i].spi_i); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + /* if b wins it deletes the SA originally initiated by a */ + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, + data[_i].del_b_i != 1); + assert_ike_sa_state(sa, IKE_DELETING); + assert_child_sa_count(sa, 0); + /* a only deletes SAs for which b is responder */ + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE); + assert_ike_sa_state(sa, IKE_REKEYED); + assert_child_sa_count(sa, 0); + sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, + data[_i].del_b_i == 1); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(6); + assert_hook(); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(ike_rekey); + + /* INFORMATIONAL { D } --> */ + assert_single_payload(IN, PLV2_DELETE); + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE); + status = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, status); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(5); + /* <-- INFORMATIONAL { D } */ + assert_single_payload(IN, PLV2_DELETE); + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, + data[_i].del_b_i == 1); + status = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, status); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(4); + /* <-- INFORMATIONAL { } */ + assert_message_empty(IN); + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE); + status = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, status); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(3); + /* INFORMATIONAL { } --> */ + assert_message_empty(IN); + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, + data[_i].del_b_i != 1); + status = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, status); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(2); + + /* ike_rekey/ike_updown/child_updown */ + assert_hook(); + assert_hook(); + assert_hook(); + + charon->ike_sa_manager->flush(charon->ike_sa_manager); +} +END_TEST + +/** + * Both peers initiate the IKE_SA rekeying concurrently but the proposed DH + * gropus are not the same. After handling the INVALID_KE_PAYLOAD they should + * still handle the collision properly depending on the nonces. + */ +START_TEST(test_collision_ke_invalid) +{ + exchange_test_sa_conf_t conf = { + .initiator = { + .ike = "aes128-sha256-modp2048-modp3072", + }, + .responder = { + .ike = "aes128-sha256-modp3072-modp2048", + }, + }; + ike_sa_t *a, *b, *sa; + status_t status; + + lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals", + FALSE, lib->ns); + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, &conf); + + lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals", + TRUE, lib->ns); + + /* Six nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * IKE_SA): + * N1/3 -----\ /----- N2/4 + * \--/-----> N3/5 + * N4/6 <-------/ /---- INVAL_KE + * INVAL_KE -----\ / + * <-----\--/ + * N1/3 -----\ \-------> + * \ /---- N2/4 + * \--/----> N5/7 + * N6/8 <--------/ /---- ... + * ... ------\ + * We test this four times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[4]; + /* SPIs of the deleted IKE_SAs (either redundant or replaced) */ + uint32_t del_a_i, del_a_r; + uint32_t del_b_i, del_b_r; + /* SPIs of the kept IKE_SA */ + uint32_t spi_i, spi_r; + } data[] = { + { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 7, 1, 2, 4, 8 }, + { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 2, 4, 8, 3, 7 }, + { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 7, 1, 2, 4, 8 }, + { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 2, 4, 8, 3, 7 }, + }; + /* these should never get called as this results in a successful rekeying */ + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYING); + assert_child_sa_count(b, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[3]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + assert_hook_not_called(ike_rekey); + assert_single_notify(IN, INVALID_KE_PAYLOAD); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* CREATE_CHILD_SA { N(INVAL_KE) } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + assert_hook_not_called(child_rekey); + assert_single_notify(IN, INVALID_KE_PAYLOAD); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYING); + assert_child_sa_count(b, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYING); + assert_child_sa_count(b, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[3]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* simplify next steps by checking in original IKE_SAs */ + charon->ike_sa_manager->checkin(charon->ike_sa_manager, a); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, b); + assert_ike_sa_count(2); + + /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */ + assert_hook_rekey(ike_rekey, 1, data[_i].spi_i); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + /* as original initiator a is initiator of both SAs it could delete */ + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE); + assert_ike_sa_state(sa, IKE_DELETING); + assert_child_sa_count(sa, 0); + /* if b won it will delete the original SA a initiated */ + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, + data[_i].del_b_i == 1); + assert_ike_sa_state(sa, IKE_REKEYED); + assert_child_sa_count(sa, 0); + sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, + data[_i].del_a_i == 1); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(4); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Nr, KEr } --> */ + assert_hook_rekey(ike_rekey, 1, data[_i].spi_i); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + /* if b wins it deletes the SA originally initiated by a */ + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, + data[_i].del_b_i != 1); + assert_ike_sa_state(sa, IKE_DELETING); + assert_child_sa_count(sa, 0); + /* a only deletes SAs for which b is responder */ + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE); + assert_ike_sa_state(sa, IKE_REKEYED); + assert_child_sa_count(sa, 0); + sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, + data[_i].del_b_i == 1); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(6); + assert_hook(); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(ike_rekey); + + /* INFORMATIONAL { D } --> */ + assert_single_payload(IN, PLV2_DELETE); + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE); + status = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, status); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(5); + /* <-- INFORMATIONAL { D } */ + assert_single_payload(IN, PLV2_DELETE); + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, + data[_i].del_b_i == 1); + status = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, status); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(4); + /* <-- INFORMATIONAL { } */ + assert_message_empty(IN); + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE); + status = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, status); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(3); + /* INFORMATIONAL { } --> */ + assert_message_empty(IN); + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, + data[_i].del_b_i != 1); + status = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, status); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(2); + + /* ike_rekey/ike_updown/child_updown */ + assert_hook(); + assert_hook(); + assert_hook(); + + charon->ike_sa_manager->flush(charon->ike_sa_manager); +} +END_TEST + +/** + * This is like the collision above but one of the retries is delayed. + */ +START_TEST(test_collision_ke_invalid_delayed_retry) +{ + exchange_test_sa_conf_t conf = { + .initiator = { + .ike = "aes128-sha256-modp2048-modp3072", + }, + .responder = { + .ike = "aes128-sha256-modp3072-modp2048", + }, + }; + ike_sa_t *a, *b, *sa; + message_t *msg; + status_t s; + + lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals", + FALSE, lib->ns); + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, &conf); + + lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals", + TRUE, lib->ns); + + /* Five nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * IKE_SA): + * N1/3 -----\ /----- N2/4 + * \--/-----> N3/5 + * N4/6 <-------/ /---- INVAL_KE + * INVAL_KE -----\ / + * <-----\--/ + * N1/3 -----\ \-------> + * <-----\--------- N2/4 + * N5/7 -------\-------> + * <-------\------- DELETE + * ... ------\ \-----> + * /---- TEMP_FAIL + * + * We test this three times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[3]; + } data[] = { + { { 0x00, 0xFF, 0xFF } }, + { { 0xFF, 0x00, 0xFF } }, + { { 0xFF, 0xFF, 0x00 } }, + }; + /* these should never get called as this results in a successful rekeying */ + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYING); + assert_child_sa_count(b, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + assert_hook_not_called(ike_rekey); + assert_single_notify(IN, INVALID_KE_PAYLOAD); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* CREATE_CHILD_SA { N(INVAL_KE) } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + assert_hook_not_called(child_rekey); + assert_single_notify(IN, INVALID_KE_PAYLOAD); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYING); + assert_child_sa_count(b, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* delay the CREATE_CHILD_SA request from a to b */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Nr, KEr } --> */ + assert_hook_rekey(ike_rekey, 1, 4); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_DELETING); + assert_child_sa_count(b, 0); + sa = assert_ike_sa_checkout(4, 7, TRUE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(1); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> (delayed) */ + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, msg); + assert_ike_sa_state(b, IKE_DELETING); + + /* <-- INFORMATIONAL { D } */ + assert_hook_rekey(ike_rekey, 1, 4); + assert_single_payload(IN, PLV2_DELETE); + s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + sa = assert_ike_sa_checkout(4, 7, FALSE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(2); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + /* the SA is already gone */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + msg->destroy(msg); + + /* INFORMATIONAL { } --> */ + assert_hook_not_called(ike_rekey); + assert_message_empty(IN); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + assert_hook(); + + /* ike_updown/child_updown */ + assert_hook(); + assert_hook(); + + charon->ike_sa_manager->flush(charon->ike_sa_manager); +} +END_TEST + +/** + * This is like the rekey collision above, but one peer deletes the + * redundant/old SA before the other peer receives the CREATE_CHILD_SA + * response: + * Peer A Peer B + * rekey ----\ /---- rekey + * \-----/----> detect collision + * detect collision <---------/ /---- + * -----------/----> + * handle delete <---------/------ delete redundant/old SA + * ---------/------> + * handle rekey <-------/ + * delete SA ----------------> + * <---------------- + * + * If peer B won the collision it deletes the old IKE_SA, in which case + * this situation is handled as if peer B was not aware of the collision (see + * below). That is, peer A finalizes the rekeying initiated by the peer and + * deletes the IKE_SA (it has no way of knowing whether the peer was aware of + * the collision or not). Peer B will expect the redundant IKE_SA to get + * deleted, but that will never happen if the response arrives after the SA is + * already gone. So a job should be queued that deletes it after a while. + * + * If peer B lost it will switch to the new IKE_SA and delete the redundant + * IKE_SA and expect a delete for the old IKE_SA. In this case peer A will + * simply retransmit until it receives a response to the rekey request, all the + * while ignoring the delete requests for the unknown IKE_SA. Afterwards, + * everything works as in a regular collision (however, until peer A receives + * the response it will not be able to receive any messages on the new IKE_SA). + */ +START_TEST(test_collision_delayed_response) +{ + ike_sa_t *a, *b, *sa; + message_t *msg, *d; + status_t s; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + /* Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * IKE_SA): + * N1/3 -----\ /----- N2/4 + * \--/-----> N3/5 + * N4/6 <-------/ /----- ... + * ... -----\ + * We test this four times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[4]; + /* SPIs of the deleted IKE_SAs (either redundant or replaced) */ + uint32_t del_a_i, del_a_r; + uint32_t del_b_i, del_b_r; + /* SPIs of the kept IKE_SA */ + uint32_t spi_i, spi_r; + } data[] = { + { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 }, + { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 }, + { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 5, 1, 2, 4, 6 }, + { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 2, 4, 6, 3, 5 }, + }; + /* these should never get called as this results in a successful rekeying */ + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYING); + assert_child_sa_count(b, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[3]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* delay the CREATE_CHILD_SA response from b to a */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* simplify next steps by checking in original IKE_SAs */ + charon->ike_sa_manager->checkin(charon->ike_sa_manager, a); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, b); + assert_ike_sa_count(2); + + /* CREATE_CHILD_SA { SA, Nr, KEr } --> */ + assert_hook_rekey(ike_rekey, 1, data[_i].spi_i); + /* besides the job that retransmits the delete, we expect a job that + * deletes the redundant IKE_SA if we expect the other to delete it */ + assert_jobs_scheduled(data[_i].del_b_i == 1 ? 2 : 1); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + /* if b wins it deletes the SA originally initiated by a */ + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, + data[_i].del_b_i != 1); + assert_ike_sa_state(sa, IKE_DELETING); + assert_child_sa_count(sa, 0); + /* a only deletes SAs for which b is responder */ + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE); + assert_ike_sa_state(sa, IKE_REKEYED); + assert_child_sa_count(sa, 0); + sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, + data[_i].del_b_i == 1); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(4); + assert_scheduler(); + assert_hook(); + + /* <-- INFORMATIONAL { D } */ + if (data[_i].del_b_i == 1) + { /* b won, it deletes the replaced IKE_SA */ + assert_hook_rekey(ike_rekey, 1, data[_i].spi_i); + assert_single_payload(IN, PLV2_DELETE); + s = exchange_test_helper->process_message(exchange_test_helper, a, + NULL); + ck_assert_int_eq(DESTROY_ME, s); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, a); + sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, FALSE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(4); + assert_hook(); + + /* INFORMATIONAL { } --> */ + assert_hook_not_called(ike_rekey); + assert_message_empty(IN); + s = exchange_test_helper->process_message(exchange_test_helper, b, + NULL); + ck_assert_int_eq(DESTROY_ME, s); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, b); + assert_ike_sa_count(3); + assert_hook(); + /* the job will later remove this redundant IKE_SA on b */ + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE); + assert_ike_sa_state(sa, IKE_REKEYED); + assert_sa_idle(sa); + /* <-- CREATE_CHILD_SA { SA, Nr, KEr } (delayed) */ + /* the IKE_SA (a) does not exist anymore */ + msg->destroy(msg); + } + else + { /* b lost, the delete is for the non-existing redundant IKE_SA */ + d = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* <-- CREATE_CHILD_SA { SA, Nr, KEr } (delayed) */ + assert_hook_rekey(ike_rekey, 1, data[_i].spi_i); + exchange_test_helper->process_message(exchange_test_helper, a, msg); + /* as original initiator a is initiator of both SAs it could delete */ + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE); + assert_ike_sa_state(sa, IKE_DELETING); + assert_child_sa_count(sa, 0); + /* this is the redundant SA b is trying to delete */ + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, FALSE); + assert_ike_sa_state(sa, IKE_REKEYED); + assert_child_sa_count(sa, 0); + sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, + data[_i].del_a_i == 1); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(6); + assert_hook(); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(ike_rekey); + + /* INFORMATIONAL { D } --> */ + assert_single_payload(IN, PLV2_DELETE); + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE); + s = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, s); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(5); + /* <-- INFORMATIONAL { } */ + assert_message_empty(IN); + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE); + s = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, s); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(4); + + /* <-- INFORMATIONAL { D } (retransmit/delayed) */ + assert_single_payload(IN, PLV2_DELETE); + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, FALSE); + s = exchange_test_helper->process_message(exchange_test_helper, sa, d); + ck_assert_int_eq(DESTROY_ME, s); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(3); + /* INFORMATIONAL { } --> */ + assert_message_empty(IN); + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, TRUE); + s = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, s); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(2); + /* ike_rekey */ + assert_hook(); + } + + /* ike_updown/child_updown */ + assert_hook(); + assert_hook(); + + charon->ike_sa_manager->flush(charon->ike_sa_manager); +} +END_TEST + +/** + * In this scenario one of the peers does not notice that there is a rekey + * collision because the other request is dropped: + * + * rekey ----\ /---- rekey + * \ / + * detect collision <-----\---/ + * -------\--------> + * detect collision <-------\-------- delete old SA + * delete ---------\------> + * rekey done \-----> SA not found (or it never arrives) + */ +START_TEST(test_collision_dropped_request) +{ + ike_sa_t *a, *b, *sa; + message_t *msg; + status_t s; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * CHILD_SA): + * N1/3 -----\ /----- N2/4 + * N3/5 <-----\--/ + * ... -----\ \-------> ... + * We test this three times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[3]; + /* SPIs of the deleted IKE_SAs (either redundant or replaced) */ + uint32_t del_a_i, del_a_r; + uint32_t del_b_i, del_b_r; + /* SPIs of the kept IKE_SA */ + uint32_t spi_i, spi_r; + } data[] = { + { { 0x00, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 }, + { { 0xFF, 0x00, 0xFF }, 1, 2, 4, 6, 3, 5 }, + { { 0xFF, 0xFF, 0x00 }, 3, 5, 1, 2, 4, 6 }, + { { 0xFF, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 }, + }; + /* these should never get called as this results in a successful rekeying */ + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a); + /* drop the CREATE_CHILD_SA request from a to b */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + msg->destroy(msg); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b); + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + assert_hook_rekey(ike_rekey, 1, 4); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_DELETING); + assert_child_sa_count(b, 0); + sa = assert_ike_sa_checkout(4, 5, TRUE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(1); + assert_hook(); + + /* <-- INFORMATIONAL { D } */ + assert_hook_rekey(ike_rekey, 1, 4); + assert_single_payload(IN, PLV2_DELETE); + s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + sa = assert_ike_sa_checkout(4, 5, FALSE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(2); + assert_hook(); + + /* INFORMATIONAL { } --> */ + assert_hook_not_called(ike_rekey); + assert_message_empty(IN); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + assert_hook(); + + /* ike_updown/child_updown */ + assert_hook(); + assert_hook(); + + charon->ike_sa_manager->flush(charon->ike_sa_manager); +} +END_TEST + +/** + * In this scenario one of the peers does not notice that there is a rekey + * collision because the other request is delayed: + * + * rekey ----\ /---- rekey + * \ / + * detect collision <-----\---/ + * -------\--------> + * \ /---- delete old SA + * \-/----> detect collision + * detect collision <---------/ /---- TEMP_FAIL + * delete -----------/----> + * rekey done / + * sa already gone <--------/ + */ +START_TEST(test_collision_delayed_request) +{ + ike_sa_t *a, *b, *sa; + message_t *msg; + status_t s; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * CHILD_SA): + * N1/3 -----\ /----- N2/4 + * N3/5 <-----\--/ + * ... -----\ \-------> ... + * We test this three times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[3]; + /* SPIs of the deleted IKE_SAs (either redundant or replaced) */ + uint32_t del_a_i, del_a_r; + uint32_t del_b_i, del_b_r; + /* SPIs of the kept IKE_SA */ + uint32_t spi_i, spi_r; + } data[] = { + { { 0x00, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 }, + { { 0xFF, 0x00, 0xFF }, 1, 2, 4, 6, 3, 5 }, + { { 0xFF, 0xFF, 0x00 }, 3, 5, 1, 2, 4, 6 }, + { { 0xFF, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 }, + }; + /* these should never get called as this results in a successful rekeying */ + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b); + + /* delay the CREATE_CHILD_SA request from a to b */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + assert_hook_rekey(ike_rekey, 1, 4); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_DELETING); + assert_child_sa_count(b, 0); + sa = assert_ike_sa_checkout(4, 5, TRUE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(1); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> (delayed) */ + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, msg); + assert_ike_sa_state(b, IKE_DELETING); + + /* <-- INFORMATIONAL { D } */ + assert_hook_rekey(ike_rekey, 1, 4); + assert_single_payload(IN, PLV2_DELETE); + s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + sa = assert_ike_sa_checkout(4, 5, FALSE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(2); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + /* the SA is already gone */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + msg->destroy(msg); + + /* INFORMATIONAL { } --> */ + assert_hook_not_called(ike_rekey); + assert_message_empty(IN); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + assert_hook(); + + /* ike_updown/child_updown */ + assert_hook(); + assert_hook(); + + charon->ike_sa_manager->flush(charon->ike_sa_manager); +} +END_TEST + +/** + * In this scenario one of the peers does not notice that there is a rekey + * collision and the delete arrives after the TEMPORARY_FAILURE notify: + * + * rekey ----\ /---- rekey + * \ / + * detect collision <-----\---/ + * -------\--------> + * \ /---- delete old SA + * \-/----> detect collision + * no reschedule <---------/------ TEMP_FAIL + * detect collision <--------/ + * delete ----------------> + * rekey done + */ +START_TEST(test_collision_delayed_request_and_delete) +{ + ike_sa_t *a, *b, *sa; + message_t *msg; + status_t s; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * CHILD_SA): + * N1/3 -----\ /----- N2/4 + * N3/5 <-----\--/ + * ... -----\ \-------> ... + * We test this three times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[3]; + /* SPIs of the deleted IKE_SAs (either redundant or replaced) */ + uint32_t del_a_i, del_a_r; + uint32_t del_b_i, del_b_r; + /* SPIs of the kept IKE_SA */ + uint32_t spi_i, spi_r; + } data[] = { + { { 0x00, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 }, + { { 0xFF, 0x00, 0xFF }, 1, 2, 4, 6, 3, 5 }, + { { 0xFF, 0xFF, 0x00 }, 3, 5, 1, 2, 4, 6 }, + { { 0xFF, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 }, + }; + /* these should never get called as this results in a successful rekeying */ + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b); + + /* delay the CREATE_CHILD_SA request from a to b */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + assert_hook_rekey(ike_rekey, 1, 4); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_DELETING); + assert_child_sa_count(b, 0); + sa = assert_ike_sa_checkout(4, 5, TRUE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(1); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> (delayed) */ + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, msg); + assert_ike_sa_state(b, IKE_DELETING); + + /* delay the INFORMATIONAL request from b to a */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + assert_hook_rekey(ike_rekey, 1, 4); + assert_no_jobs_scheduled(); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYED); + assert_child_sa_count(a, 0); + sa = assert_ike_sa_checkout(4, 5, FALSE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(2); + assert_scheduler(); + assert_hook(); + + /* <-- INFORMATIONAL { D } (delayed) */ + assert_single_payload(IN, PLV2_DELETE); + s = exchange_test_helper->process_message(exchange_test_helper, a, msg); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + + /* INFORMATIONAL { } --> */ + assert_hook_not_called(ike_rekey); + assert_message_empty(IN); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + assert_hook(); + + /* ike_updown/child_updown */ + assert_hook(); + assert_hook(); + + charon->ike_sa_manager->flush(charon->ike_sa_manager); +} +END_TEST + +/** + * One of the hosts initiates a DELETE of the IKE_SA the other peer is + * concurrently trying to rekey. + * + * rekey ----\ /---- delete + * \-----/----> detect collision + * detect collision <---------/ /---- TEMP_FAIL + * delete ----\ / + * \----/-----> + * sa already gone <--------/ + */ +START_TEST(test_collision_delete) +{ + ike_sa_t *a, *b; + message_t *msg; + status_t s; + + if (_i) + { /* responder rekeys the IKE_SA */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator rekeys the IKE_SA */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + /* this should never get called as this does not result in a successful + * rekeying on either side */ + assert_hook_not_called(ike_rekey); + + initiate_rekey(a); + call_ikesa(b, delete); + assert_ike_sa_state(b, IKE_DELETING); + + /* RFC 7296, 2.25.2: If a peer receives a request to rekey an IKE SA that + * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE. + */ + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + assert_hook_not_called(ike_updown); + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_DELETING); + assert_ike_sa_count(0); + assert_hook(); + + /* RFC 7296, 2.25.2: If a peer receives a request to close an IKE SA that + * it is currently rekeying, it SHOULD reply as usual, and forget its own + * rekeying request. + */ + + /* <-- INFORMATIONAL { D } */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + assert_single_payload(IN, PLV2_DELETE); + assert_message_empty(OUT); + s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + assert_hook(); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + /* the SA is already gone */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + msg->destroy(msg); + + /* INFORMATIONAL { } --> */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + assert_hook(); + assert_hook(); + + /* ike_rekey */ + assert_hook(); +} +END_TEST + +/** + * One of the hosts initiates a DELETE of the IKE_SA the other peer is + * concurrently trying to rekey. However, the delete request is delayed or + * dropped, so the peer doing the rekeying is unaware of the collision. + * + * rekey ----\ /---- delete + * \-----/----> detect collision + * reschedule <---------/------ TEMP_FAIL + * <--------/ + * delete ----------------> + */ +START_TEST(test_collision_delete_drop_delete) +{ + ike_sa_t *a, *b; + message_t *msg; + status_t s; + + if (_i) + { /* responder rekeys the IKE_SA */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator rekeys the IKE_SA */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + /* this should never get called as this does not result in a successful + * rekeying on either side */ + assert_hook_not_called(ike_rekey); + + initiate_rekey(a); + call_ikesa(b, delete); + assert_ike_sa_state(b, IKE_DELETING); + + /* RFC 7296, 2.25.2: If a peer receives a request to rekey an IKE SA that + * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE. + */ + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + assert_hook_not_called(ike_updown); + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_DELETING); + assert_ike_sa_count(0); + assert_hook(); + + /* delay the DELETE request */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + /* we expect a job to retry the rekeying is scheduled */ + assert_jobs_scheduled(1); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_ESTABLISHED); + assert_scheduler(); + assert_hook(); + assert_hook(); + + /* <-- INFORMATIONAL { D } (delayed) */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + assert_single_payload(IN, PLV2_DELETE); + assert_message_empty(OUT); + s = exchange_test_helper->process_message(exchange_test_helper, a, msg); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + assert_hook(); + assert_hook(); + + /* INFORMATIONAL { } --> */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + assert_hook(); + assert_hook(); + + /* ike_rekey */ + assert_hook(); +} +END_TEST + +Suite *ike_rekey_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("ike rekey"); + + tc = tcase_create("regular"); + tcase_add_loop_test(tc, test_regular, 0, 2); + tcase_add_loop_test(tc, test_regular_ke_invalid, 0, 2); + suite_add_tcase(s, tc); + + tc = tcase_create("collisions rekey"); + tcase_add_loop_test(tc, test_collision, 0, 4); + tcase_add_loop_test(tc, test_collision_ke_invalid, 0, 4); + tcase_add_loop_test(tc, test_collision_ke_invalid_delayed_retry, 0, 3); + tcase_add_loop_test(tc, test_collision_delayed_response, 0, 4); + tcase_add_loop_test(tc, test_collision_dropped_request, 0, 3); + tcase_add_loop_test(tc, test_collision_delayed_request, 0, 3); + tcase_add_loop_test(tc, test_collision_delayed_request_and_delete, 0, 3); + suite_add_tcase(s, tc); + + tc = tcase_create("collisions delete"); + tcase_add_loop_test(tc, test_collision_delete, 0, 2); + tcase_add_loop_test(tc, test_collision_delete_drop_delete, 0, 2); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libcharon/tests/suites/test_message_chapoly.c b/src/libcharon/tests/suites/test_message_chapoly.c index e871cf6c2..f4a74abb4 100644 --- a/src/libcharon/tests/suites/test_message_chapoly.c +++ b/src/libcharon/tests/suites/test_message_chapoly.c @@ -40,7 +40,7 @@ METHOD(aead_t, get_iv_gen, iv_gen_t*, } METHOD(iv_gen_t, get_iv, bool, - iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer) + iv_gen_t *this, uint64_t seq, size_t size, uint8_t *buffer) { if (size != 8) { @@ -51,7 +51,7 @@ METHOD(iv_gen_t, get_iv, bool, } METHOD(iv_gen_t, allocate_iv, bool, - iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk) + iv_gen_t *this, uint64_t seq, size_t size, chunk_t *chunk) { if (size != 8) { @@ -66,10 +66,10 @@ METHOD(iv_gen_t, allocate_iv, bool, */ START_TEST(test_chacha20poly1305) { - u_int64_t spii, spir; + uint64_t spii, spir; ike_sa_id_t *id; message_t *m; - u_int32_t window = htonl(10); + uint32_t window = htonl(10); chunk_t chunk, exp; keymat_t keymat = { .get_version = _get_version, diff --git a/src/libcharon/tests/suites/test_proposal.c b/src/libcharon/tests/suites/test_proposal.c new file mode 100644 index 000000000..a6226f68f --- /dev/null +++ b/src/libcharon/tests/suites/test_proposal.c @@ -0,0 +1,81 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include + +static struct { + char *self; + char *other; + char *expected; +} select_data[] = { + { "aes128", "aes128", "aes128" }, + { "aes128", "aes256", NULL }, + { "aes128-aes256", "aes256-aes128", "aes128" }, + { "aes256-aes128", "aes128-aes256", "aes256" }, + { "aes128-aes256-sha1-sha256", "aes256-aes128-sha256-sha1", "aes128-sha1" }, + { "aes256-aes128-sha256-sha1", "aes128-aes256-sha1-sha256", "aes256-sha256" }, + { "aes128-sha256-modp3072", "aes128-sha256", NULL }, + { "aes128-sha256", "aes128-sha256-modp3072", NULL }, + { "aes128-sha256-modp3072", "aes128-sha256-modpnone", NULL }, + { "aes128-sha256-modpnone", "aes128-sha256-modp3072", NULL }, + { "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" }, + { "aes128-sha256", "aes128-sha256-modp3072-modpnone", "aes128-sha256" }, + { "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072" }, + { "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone" }, +}; + +START_TEST(test_select) +{ + proposal_t *self, *other, *selected, *expected; + + self = proposal_create_from_string(PROTO_ESP, + select_data[_i].self); + other = proposal_create_from_string(PROTO_ESP, + select_data[_i].other); + selected = self->select(self, other, FALSE); + if (select_data[_i].expected) + { + expected = proposal_create_from_string(PROTO_ESP, + select_data[_i].expected); + ck_assert(selected); + ck_assert_msg(expected->equals(expected, selected), "proposal %P does " + "not match expected %P", selected, expected); + expected->destroy(expected); + } + else + { + ck_assert(!selected); + } + DESTROY_IF(selected); + other->destroy(other); + self->destroy(self); +} +END_TEST + +Suite *proposal_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("proposal"); + + tc = tcase_create("select"); + tcase_add_loop_test(tc, test_select, 0, countof(select_data)); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libcharon/tests/utils/exchange_test_asserts.c b/src/libcharon/tests/utils/exchange_test_asserts.c new file mode 100644 index 000000000..2602b97b7 --- /dev/null +++ b/src/libcharon/tests/utils/exchange_test_asserts.c @@ -0,0 +1,182 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +#include + +#include "exchange_test_asserts.h" + +/* + * Described in header + */ +bool exchange_test_asserts_hook(listener_t *listener) +{ + listener_hook_assert_t *this = (listener_hook_assert_t*)listener; + + this->count++; + return TRUE; +} + +/* + * Described in header + */ +bool exchange_test_asserts_ike_updown(listener_t *listener, ike_sa_t *ike_sa, + bool up) +{ + listener_hook_assert_t *this = (listener_hook_assert_t*)listener; + + this->count++; + assert_listener_msg(this->up == up, this, "IKE_SA not '%s'", + this->up ? "up" : "down"); + return TRUE; +} + +/* + * Described in header + */ +bool exchange_test_asserts_child_updown(listener_t *listener, ike_sa_t *ike_sa, + child_sa_t *child_sa, bool up) +{ + listener_hook_assert_t *this = (listener_hook_assert_t*)listener; + + this->count++; + assert_listener_msg(this->up == up, this, "CHILD_SA not '%s'", + this->up ? "up" : "down"); + return TRUE; +} + +/* + * Described in header + */ +bool exchange_test_asserts_ike_rekey(listener_t *listener, ike_sa_t *old, + ike_sa_t *new) +{ + listener_hook_assert_t *this = (listener_hook_assert_t*)listener; + ike_sa_id_t *id; + uint64_t spi; + + this->count++; + id = old->get_id(old); + spi = id->get_initiator_spi(id); + assert_listener_msg(this->spi_old == spi, this, "unexpected old IKE_SA " + "%.16"PRIx64"_i instead of %.16"PRIx64"_i", + be64toh(spi), be64toh(this->spi_old)); + id = new->get_id(new); + spi = id->get_initiator_spi(id); + assert_listener_msg(this->spi_new == spi, this, "unexpected new IKE_SA " + "%.16"PRIx64"_i instead of %.16"PRIx64"_i", + be64toh(spi), be64toh(this->spi_new)); + return TRUE; +} + +/* + * Described in header + */ +bool exchange_test_asserts_child_rekey(listener_t *listener, ike_sa_t *ike_sa, + child_sa_t *old, child_sa_t *new) +{ + listener_hook_assert_t *this = (listener_hook_assert_t*)listener; + uint32_t spi, expected; + + this->count++; + spi = old->get_spi(old, TRUE); + expected = this->spi_old; + assert_listener_msg(expected == spi, this, "unexpected old CHILD_SA %.8x " + "instead of %.8x", spi, expected); + spi = new->get_spi(new, TRUE); + expected = this->spi_new; + assert_listener_msg(expected == spi, this, "unexpected new CHILD_SA %.8x " + "instead of %.8x", spi, expected); + return TRUE; +} + +/** + * Assert a given message rule + */ +static void assert_message_rule(listener_message_assert_t *this, message_t *msg, + listener_message_rule_t *rule) +{ + if (rule->expected) + { + if (rule->payload) + { + assert_listener_msg(msg->get_payload(msg, rule->payload), + this, "expected payload (%N) not found", + payload_type_names, rule->payload); + + } + if (rule->notify) + { + assert_listener_msg(msg->get_notify(msg, rule->notify), + this, "expected notify payload (%N) not found", + notify_type_names, rule->notify); + } + } + else + { + if (rule->payload) + { + assert_listener_msg(!msg->get_payload(msg, rule->payload), + this, "unexpected payload (%N) found", + payload_type_names, rule->payload); + + } + if (rule->notify) + { + assert_listener_msg(!msg->get_notify(msg, rule->notify), + this, "unexpected notify payload (%N) found", + notify_type_names, rule->notify); + } + } +} + +/* + * Described in header + */ +bool exchange_test_asserts_message(listener_t *listener, ike_sa_t *ike_sa, + message_t *message, bool incoming, bool plain) +{ + listener_message_assert_t *this = (listener_message_assert_t*)listener; + + if (plain && this->incoming == incoming) + { + if (this->count >= 0) + { + enumerator_t *enumerator; + int count = 0; + enumerator = message->create_payload_enumerator(message); + while (enumerator->enumerate(enumerator, NULL)) + { + count++; + } + enumerator->destroy(enumerator); + assert_listener_msg(this->count == count, this, "unexpected payload " + "count in message (%d != %d)", this->count, + count); + } + if (this->num_rules) + { + int i; + + for (i = 0; i < this->num_rules; i++) + { + assert_message_rule(this, message, &this->rules[i]); + } + } + return FALSE; + } + return TRUE; +} diff --git a/src/libcharon/tests/utils/exchange_test_asserts.h b/src/libcharon/tests/utils/exchange_test_asserts.h new file mode 100644 index 000000000..32afcc2e4 --- /dev/null +++ b/src/libcharon/tests/utils/exchange_test_asserts.h @@ -0,0 +1,343 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * Special assertions using listener_t. + * + * @defgroup exchange_test_asserts exchange_test_asserts + * @{ @ingroup test_utils_c + */ + +#ifndef EXCHANGE_TEST_ASSERTS_H_ +#define EXCHANGE_TEST_ASSERTS_H_ + +#include + +typedef struct listener_hook_assert_t listener_hook_assert_t; +typedef struct listener_message_assert_t listener_message_assert_t; +typedef struct listener_message_rule_t listener_message_rule_t; + +struct listener_hook_assert_t { + + /** + * Implemented interface + */ + listener_t listener; + + /** + * Original source file + */ + const char *file; + + /** + * Source line + */ + int line; + + /** + * Name of the hook + */ + const char *name; + + /** + * Expected number of calls (-1 to ignore) + */ + int expected; + + /** + * Number of times the hook was called + */ + int count; + + /** + * Expected updown result + */ + bool up; + + /** + * Initiator/Inbound SPIs to expect in rekey event + */ + uint64_t spi_old, spi_new; +}; + +/** + * Basic callback for methods on listener_t, counting the number of calls. + */ +bool exchange_test_asserts_hook(listener_t *this); + +/** + * Implementation of listener_t::ike_updown. + */ +bool exchange_test_asserts_ike_updown(listener_t *this, ike_sa_t *ike_sa, + bool up); + +/** + * Implementation of listener_t::child_updown. + */ +bool exchange_test_asserts_child_updown(listener_t *this, ike_sa_t *ike_sa, + child_sa_t *child_sa, bool up); + +/** + * Implementation of listener_t::ike_rekey. + */ +bool exchange_test_asserts_ike_rekey(listener_t *this, ike_sa_t *old, + ike_sa_t *new); + +/** + * Implementation of listener_t::child_rekey. + */ +bool exchange_test_asserts_child_rekey(listener_t *this, ike_sa_t *ike_sa, + child_sa_t *old, child_sa_t *new); + +/** + * Check if a statement evaluates to TRUE, use original source file and line + * in the error message if not. + * + * @param x statement to evaluate + * @param l listener providing original source file and line + * @param fmt printf format string + * @param ... arguments for fmt + */ +#define assert_listener_msg(x, l, fmt, ...) ({ \ + test_fail_if_worker_failed(); \ + if (!(x)) \ + { \ + test_fail_msg((l)->file, (l)->line, "%s: " fmt, #x, ##__VA_ARGS__); \ + } \ +}) + +/** + * Initialize an assertion that enforces that the given hook was called. + * Must be matched by a call to assert_hook(). + * + * @param name name of the hook + */ +#define assert_hook_called(name) \ + _assert_hook_init(name, exchange_test_asserts_hook, .expected = 1) + +/** + * Initialize an assertion that enforces that the given hook was not called. + * Must be matched by a call to assert_hook(). + * + * @param name name of the hook + */ +#define assert_hook_not_called(name) \ + _assert_hook_init(name, exchange_test_asserts_hook, .expected = 0) + +/** + * Initialize an assertion that enforces that the given updown hook was called + * with the expected result. + * Must be matched by a call to assert_hook(). + * + * @param name name of the hook + * @param e whether to expect up in the hook to be TRUE or not + */ +#define assert_hook_updown(name, e) \ + _assert_hook_init(name, \ + streq(#name, "ike_updown") ? (void*)exchange_test_asserts_ike_updown \ + : (void*)exchange_test_asserts_child_updown, \ + .expected = 1, \ + .up = e, \ + ) + +/** + * Initialize an assertion that enforces that the given rekey hook was called + * with the SAs with the matching initiator/inbound SPIs. + * Must be matched by a call to assert_hook(). + * + * @param name name of the hook + * @param old SPI of the old SA + * @param new SPI of the new SA + */ +#define assert_hook_rekey(name, old, new) \ + _assert_hook_init(name, \ + streq(#name, "ike_rekey") ? (void*)exchange_test_asserts_ike_rekey \ + : (void*)exchange_test_asserts_child_rekey, \ + .expected = 1, \ + .spi_old = old, \ + .spi_new = new, \ + ) + +/** + * Initialize assertions against invocations of listener_t hooks. Each call + * must be matched by a call to assert_hook(). + */ +#define _assert_hook_init(n, callback, ...) \ +do { \ + listener_hook_assert_t _hook_listener = { \ + .listener = { .n = (void*)callback, }, \ + .file = __FILE__, \ + .line = __LINE__, \ + .name = #n, \ + ##__VA_ARGS__ \ + }; \ + exchange_test_helper->add_listener(exchange_test_helper, &_hook_listener.listener) + +/** + * Enforce the most recently initialized hook assertion. + */ +#define assert_hook() \ + charon->bus->remove_listener(charon->bus, &_hook_listener.listener); \ + if (_hook_listener.expected > 0) { \ + if (_hook_listener.count > 0) { \ + assert_listener_msg(_hook_listener.expected == _hook_listener.count, \ + &_hook_listener, "hook '%s' was called %d times " \ + "instead of %d", _hook_listener.name, \ + _hook_listener.count, _hook_listener.expected); \ + } else { \ + assert_listener_msg(_hook_listener.count, &_hook_listener, \ + "hook '%s' was not called (expected %d)", _hook_listener.name, \ + _hook_listener.expected); \ + } \ + } else if (_hook_listener.expected == 0) { \ + assert_listener_msg(_hook_listener.count == 0, &_hook_listener, \ + "hook '%s' was called unexpectedly", _hook_listener.name); \ + } \ +} while(FALSE) + +/** + * Rules regarding payloads/notifies to expect/not expect in a message + */ +struct listener_message_rule_t { + + /** + * Whether the payload/notify is expected in the message, FALSE to fail if + * it is found + */ + bool expected; + + /** + * Payload type to expect/not expect + */ + payload_type_t payload; + + /** + * Notify type to expect/not expect (paylod type does not have to be + * specified) + */ + notify_type_t notify; +}; + +/** + * Data used to check plaintext messages via listener_t + */ +struct listener_message_assert_t { + + /** + * Implemented interface + */ + listener_t listener; + + /** + * Original source file + */ + const char *file; + + /** + * Source line + */ + int line; + + /** + * Whether to check the next inbound or outbound message + */ + bool incoming; + + /** + * Payload count to expect (-1 to ignore the count) + */ + int count; + + /** + * Payloads to expect or not expect in a message + */ + listener_message_rule_t *rules; + + /** + * Number of rules + */ + int num_rules; +}; + +/** + * Implementation of listener_t::message collecting data and asserting + * certain things. + */ +bool exchange_test_asserts_message(listener_t *this, ike_sa_t *ike_sa, + message_t *message, bool incoming, bool plain); + +/** + * Assert that the next in- or outbound plaintext message is empty. + * + * @param dir IN or OUT to check the next in- or outbound message + */ +#define assert_message_empty(dir) \ + _assert_payload(dir, 0) + +/** + * Assert that the next in- or outbound plaintext message contains exactly + * one payload of the given type. + * + * @param dir IN or OUT to check the next in- or outbound message + * @param expected expected payload type + */ +#define assert_single_payload(dir, expected) \ + _assert_payload(dir, 1, { TRUE, expected, 0 }) + +/** + * Assert that the next in- or outbound plaintext message contains exactly + * one notify of the given type. + * + * @param dir IN or OUT to check the next in- or outbound message + * @param expected expected notify type + */ +#define assert_single_notify(dir, expected) \ + _assert_payload(dir, 1, { TRUE, 0, expected }) + +/** + * Assert that the next in- or outbound plaintext message contains a notify + * of the given type. + * + * @param dir IN or OUT to check the next in- or outbound message + * @param expected expected notify type + */ +#define assert_notify(dir, expected) \ + _assert_payload(dir, -1, { TRUE, 0, expected }) + +/** + * Assert that the next in- or outbound plaintext message does not contain a + * notify of the given type. + * + * @param dir IN or OUT to check the next in- or outbound message + * @param unexpected not expected notify type + */ +#define assert_no_notify(dir, unexpected) \ + _assert_payload(dir, -1, { FALSE, 0, unexpected }) + +#define _assert_payload(dir, c, ...) ({ \ + listener_message_rule_t _rules[] = { __VA_ARGS__ }; \ + listener_message_assert_t _listener = { \ + .listener = { .message = exchange_test_asserts_message, }, \ + .file = __FILE__, \ + .line = __LINE__, \ + .incoming = streq(#dir, "IN") ? TRUE : FALSE, \ + .count = c, \ + .rules = _rules, \ + .num_rules = countof(_rules), \ + }; \ + exchange_test_helper->add_listener(exchange_test_helper, &_listener.listener); \ +}) + +#endif /** EXCHANGE_TEST_ASSERTS_H_ @}*/ diff --git a/src/libcharon/tests/utils/exchange_test_helper.c b/src/libcharon/tests/utils/exchange_test_helper.c new file mode 100644 index 000000000..f32906d5d --- /dev/null +++ b/src/libcharon/tests/utils/exchange_test_helper.c @@ -0,0 +1,372 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "exchange_test_helper.h" +#include "mock_dh.h" +#include "mock_ipsec.h" +#include "mock_nonce_gen.h" + +#include +#include + +typedef struct private_exchange_test_helper_t private_exchange_test_helper_t; +typedef struct private_backend_t private_backend_t; + +/** + * Private data + */ +struct private_exchange_test_helper_t { + + /** + * Public interface + */ + exchange_test_helper_t public; + + /** + * Credentials + */ + mem_cred_t *creds; + + /** + * IKE_SA SPI counter + */ + refcount_t ike_spi; + + /** + * List of registered listeners + */ + array_t *listeners; +}; + +/** + * Custom backend_t implementation + */ +struct private_backend_t { + + /** + * Public interface + */ + backend_t public; + + /** + * Responder ike_cfg + */ + ike_cfg_t *ike_cfg; + + /** + * Responder peer_cfg/child_cfg + */ + peer_cfg_t *peer_cfg; +}; + +CALLBACK(get_ike_spi, uint64_t, + private_exchange_test_helper_t *this) +{ + return (uint64_t)ref_get(&this->ike_spi); +} + +/* + * Described in header + */ +exchange_test_helper_t *exchange_test_helper; + +static ike_cfg_t *create_ike_cfg(bool initiator, exchange_test_sa_conf_t *conf) +{ + ike_cfg_t *ike_cfg; + char *proposal = NULL; + + ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "127.0.0.1", IKEV2_UDP_PORT, + "127.0.0.1", IKEV2_UDP_PORT, FRAGMENTATION_NO, 0); + if (conf) + { + proposal = initiator ? conf->initiator.ike : conf->responder.ike; + } + if (proposal) + { + ike_cfg->add_proposal(ike_cfg, + proposal_create_from_string(PROTO_IKE, proposal)); + } + else + { + ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); + } + return ike_cfg; +} + +static child_cfg_t *create_child_cfg(bool initiator, + exchange_test_sa_conf_t *conf) +{ + child_cfg_t *child_cfg; + child_cfg_create_t child = { + .mode = MODE_TUNNEL, + }; + char *proposal = NULL; + + child_cfg = child_cfg_create(initiator ? "init" : "resp", &child); + if (conf) + { + proposal = initiator ? conf->initiator.esp : conf->responder.esp; + } + if (proposal) + { + child_cfg->add_proposal(child_cfg, + proposal_create_from_string(PROTO_ESP, proposal)); + } + else + { + child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); + } + child_cfg->add_traffic_selector(child_cfg, TRUE, + traffic_selector_create_dynamic(0, 0, 65535)); + child_cfg->add_traffic_selector(child_cfg, FALSE, + traffic_selector_create_dynamic(0, 0, 65535)); + return child_cfg; +} + +static void add_auth_cfg(peer_cfg_t *peer_cfg, bool initiator, bool local) +{ + auth_cfg_t *auth; + char *id = "init"; + + auth = auth_cfg_create(); + auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); + if (initiator ^ local) + { + id = "resp"; + } + auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_string(id)); + peer_cfg->add_auth_cfg(peer_cfg, auth, local); +} + +static peer_cfg_t *create_peer_cfg(bool initiator, + exchange_test_sa_conf_t *conf) +{ + peer_cfg_t *peer_cfg; + peer_cfg_create_t peer = { + .cert_policy = CERT_SEND_IF_ASKED, + .unique = UNIQUE_REPLACE, + .keyingtries = 1, + }; + + peer_cfg = peer_cfg_create(initiator ? "init" : "resp", + create_ike_cfg(initiator, conf), &peer); + add_auth_cfg(peer_cfg, initiator, TRUE); + add_auth_cfg(peer_cfg, initiator, FALSE); + return peer_cfg; +} + +METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, + private_backend_t *this, host_t *me, host_t *other) +{ + return enumerator_create_single(this->ike_cfg, NULL); +} + +METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, + private_backend_t *this, identification_t *me, identification_t *other) +{ + return enumerator_create_single(this->peer_cfg, NULL); +} + +METHOD(exchange_test_helper_t, process_message, status_t, + private_exchange_test_helper_t *this, ike_sa_t *ike_sa, message_t *message) +{ + status_t status = FAILED; + ike_sa_id_t *id; + + if (!message) + { + message = this->public.sender->dequeue(this->public.sender); + } + id = message->get_ike_sa_id(message); + id = id->clone(id); + id->switch_initiator(id); + if (!id->get_responder_spi(id) || id->equals(id, ike_sa->get_id(ike_sa))) + { + charon->bus->set_sa(charon->bus, ike_sa); + status = ike_sa->process_message(ike_sa, message); + charon->bus->set_sa(charon->bus, NULL); + } + message->destroy(message); + id->destroy(id); + return status; +} + +METHOD(exchange_test_helper_t, establish_sa, void, + private_exchange_test_helper_t *this, ike_sa_t **init, ike_sa_t **resp, + exchange_test_sa_conf_t *conf) +{ + private_backend_t backend = { + .public = { + .create_ike_cfg_enumerator = _create_ike_cfg_enumerator, + .create_peer_cfg_enumerator = _create_peer_cfg_enumerator, + .get_peer_cfg_by_name = (void*)return_null, + }, + }; + ike_sa_id_t *id_i, *id_r; + ike_sa_t *sa_i, *sa_r; + peer_cfg_t *peer_cfg; + child_cfg_t *child_cfg; + + sa_i = *init = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, + IKEV2, TRUE); + id_i = sa_i->get_id(sa_i); + + sa_r = *resp = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, + IKEV2, FALSE); + id_r = sa_r->get_id(sa_r); + + peer_cfg = create_peer_cfg(TRUE, conf); + child_cfg = create_child_cfg(TRUE, conf); + peer_cfg->add_child_cfg(peer_cfg, child_cfg->get_ref(child_cfg)); + sa_i->set_peer_cfg(sa_i, peer_cfg); + peer_cfg->destroy(peer_cfg); + call_ikesa(sa_i, initiate, child_cfg, 0, NULL, NULL); + + backend.ike_cfg = create_ike_cfg(FALSE, conf); + peer_cfg = backend.peer_cfg = create_peer_cfg(FALSE, conf); + child_cfg = create_child_cfg(FALSE, conf); + peer_cfg->add_child_cfg(peer_cfg, child_cfg->get_ref(child_cfg)); + child_cfg->destroy(child_cfg); + charon->backends->add_backend(charon->backends, &backend.public); + + /* IKE_SA_INIT --> */ + id_r->set_initiator_spi(id_r, id_i->get_initiator_spi(id_i)); + process_message(this, sa_r, NULL); + /* <-- IKE_SA_INIT */ + id_i->set_responder_spi(id_i, id_r->get_responder_spi(id_r)); + process_message(this, sa_i, NULL); + /* IKE_AUTH --> */ + process_message(this, sa_r, NULL); + /* <-- IKE_AUTH */ + process_message(this, sa_i, NULL); + + charon->backends->remove_backend(charon->backends, &backend.public); + DESTROY_IF(backend.peer_cfg); + DESTROY_IF(backend.ike_cfg); +} + +METHOD(exchange_test_helper_t, add_listener, void, + private_exchange_test_helper_t *this, listener_t *listener) +{ + array_insert_create(&this->listeners, ARRAY_TAIL, listener); + charon->bus->add_listener(charon->bus, listener); +} + +/** + * Enable logging in charon as requested + */ +static void initialize_logging() +{ + int level = LEVEL_SILENT; + char *verbosity; + + verbosity = getenv("TESTS_VERBOSITY"); + if (verbosity) + { + level = atoi(verbosity); + } + lib->settings->set_int(lib->settings, "%s.filelog.stderr.default", + lib->settings->get_int(lib->settings, "%s.filelog.stderr.default", + level, lib->ns), lib->ns); + lib->settings->set_bool(lib->settings, "%s.filelog.stderr.ike_name", TRUE, + lib->ns); + charon->load_loggers(charon, NULL, TRUE); +} + +/** + * Create a nonce generator with the first byte + */ +static nonce_gen_t *create_nonce_gen() +{ + return mock_nonce_gen_create(exchange_test_helper->nonce_first_byte); +} + +/* + * Described in header + */ +void exchange_test_helper_init(char *plugins) +{ + private_exchange_test_helper_t *this; + plugin_feature_t features[] = { + PLUGIN_REGISTER(DH, mock_dh_create), + /* we only need to support a limited number of DH groups */ + PLUGIN_PROVIDE(DH, MODP_2048_BIT), + PLUGIN_PROVIDE(DH, MODP_3072_BIT), + PLUGIN_PROVIDE(DH, ECP_256_BIT), + PLUGIN_REGISTER(NONCE_GEN, create_nonce_gen), + PLUGIN_PROVIDE(NONCE_GEN), + PLUGIN_DEPENDS(RNG, RNG_WEAK), + }; + + INIT(this, + .public = { + .sender = mock_sender_create(), + .establish_sa = _establish_sa, + .process_message = _process_message, + .add_listener = _add_listener, + }, + .creds = mem_cred_create(), + ); + + initialize_logging(); + lib->plugins->add_static_features(lib->plugins, "exchange-test-helper", + features, countof(features), TRUE, NULL, NULL); + /* the libcharon unit tests only load the libstrongswan plugins, unless + * TESTS_PLUGINS is defined */ + charon->initialize(charon, plugins); + lib->plugins->status(lib->plugins, LEVEL_CTRL); + + /* the original sender is not initialized because there is no socket */ + charon->sender = (sender_t*)this->public.sender; + /* and there is no kernel plugin loaded + * TODO: we'd have more control if we'd implement kernel_interface_t */ + charon->kernel->add_ipsec_interface(charon->kernel, mock_ipsec_create); + /* like SPIs for IPsec SAs, make IKE SPIs predictable */ + charon->ike_sa_manager->set_spi_cb(charon->ike_sa_manager, get_ike_spi, + this); + + lib->credmgr->add_set(lib->credmgr, &this->creds->set); + + this->creds->add_shared(this->creds, + shared_key_create(SHARED_IKE, chunk_clone(chunk_from_str("test"))), + identification_create_from_string("%any"), NULL); + + exchange_test_helper = &this->public; +} + +/* + * Described in header + */ +void exchange_test_helper_deinit() +{ + private_exchange_test_helper_t *this; + listener_t *listener; + + this = (private_exchange_test_helper_t*)exchange_test_helper; + + while (array_remove(this->listeners, ARRAY_HEAD, &listener)) + { + charon->bus->remove_listener(charon->bus, listener); + } + lib->credmgr->remove_set(lib->credmgr, &this->creds->set); + this->creds->destroy(this->creds); + /* flush SAs before destroying the sender (in case of test failures) */ + charon->ike_sa_manager->flush(charon->ike_sa_manager); + /* charon won't destroy this as it didn't initialize the original sender */ + charon->sender->destroy(charon->sender); + charon->sender = NULL; + array_destroy(this->listeners); + free(this); +} diff --git a/src/libcharon/tests/utils/exchange_test_helper.h b/src/libcharon/tests/utils/exchange_test_helper.h new file mode 100644 index 000000000..e1fdb012a --- /dev/null +++ b/src/libcharon/tests/utils/exchange_test_helper.h @@ -0,0 +1,128 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * This class and singleton object initializes charon and provides helper + * methods to create unit tests for IKEv2 exchanges. + * + * It also registers special implementations for the kernel_ipsec_t interface, + * the sender and provides dummy configs and credentials. + * + * @defgroup exchange_test_helper exchange_test_helper + * @{ @ingroup test_utils_c + */ + +#ifndef EXCHANGE_TEST_HELPER_H_ +#define EXCHANGE_TEST_HELPER_H_ + +#include + +#include "mock_sender.h" + +typedef struct exchange_test_helper_t exchange_test_helper_t; +typedef struct exchange_test_sa_conf_t exchange_test_sa_conf_t; + +struct exchange_test_helper_t { + + /** + * Sender instance used during tests + */ + mock_sender_t *sender; + + /** + * Set the initial byte of all nonces generated by future nonce + * generators (already instatiated nonce generators are not affected). + */ + u_char nonce_first_byte; + + /** + * Creates an established IKE_SA/CHILD_SA + * + * @param[out] init IKE_SA of the initiator + * @param[out] resp IKE_SA of the responder + * @param conf configuration for SAs + */ + void (*establish_sa)(exchange_test_helper_t *this, ike_sa_t **init, + ike_sa_t **resp, exchange_test_sa_conf_t *conf); + + /** + * Pass a message to the given IKE_SA for processing, setting the IKE_SA on + * the bus while processing the message. + * + * @param ike_sa the IKE_SA receiving the message + * @param message the message, or NULL to pass the next message in the + * send queue (adopted) + * @return return value from ike_sa_t::process_message() + */ + status_t (*process_message)(exchange_test_helper_t *this, ike_sa_t *sa, + message_t *message); + + /** + * Register a listener with the bus. + * + * Don't use bus_t::add_listener() directly for listeners on the stack + * as that could lead to invalid listeners registered when hooks are + * triggered during cleanup if a test case fails. All of the listeners + * added this way are unregistered with the bus before cleaning up. + * + * @param listener listener to add to the bus + */ + void (*add_listener)(exchange_test_helper_t *this, listener_t *listener); +}; + +struct exchange_test_sa_conf_t { + + /** + * Configuration for initiator and responder + */ + struct { + /** IKE proposal */ + char *ike; + /** ESP proposal */ + char *esp; + } initiator, responder; +}; + +/** + * Since we don't use the IKE_SA manager to checkout SAs use this to call a + * method on the given IKE_SA in its context. + */ +#define call_ikesa(sa, method, ...) ({ \ + charon->bus->set_sa(charon->bus, sa); \ + sa->method(sa, ##__VA_ARGS__); \ + charon->bus->set_sa(charon->bus, NULL); \ +}) + +/** + * The one and only instance of the helper object. + * + * Set between exchange_test_helper_setup() and exchange_test_helper_teardown() + * calls. + */ +extern exchange_test_helper_t *exchange_test_helper; + +/** + * Initialize charon and the helper object. + * + * @param plugins plugins to load + */ +void exchange_test_helper_init(char *plugins); + +/** + * Deinitialize the helper object. + */ +void exchange_test_helper_deinit(); + +#endif /** EXCHANGE_TEST_HELPER_H_ @} */ diff --git a/src/libcharon/tests/utils/job_asserts.h b/src/libcharon/tests/utils/job_asserts.h new file mode 100644 index 000000000..3491f08c3 --- /dev/null +++ b/src/libcharon/tests/utils/job_asserts.h @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * Special assertions against job handling. + * + * @defgroup job_asserts job_asserts + * @{ @ingroup test_utils_c + */ + +#ifndef JOB_ASSERTS_H_ +#define JOB_ASSERTS_H_ + +/** + * Initialize an assertion that enforces that no jobs were scheduled. + * Must be matched by a call to assert_scheduler(). + */ +#define assert_no_jobs_scheduled() _assert_jobs_scheduled(0) + +/** + * Initialize an assertion that enforces that a specific number of jobs was + * scheduled. + * Must be matched by a call to assert_scheduler(). + * + * @param count expected number of jobs getting scheduled + */ +#define assert_jobs_scheduled(count) _assert_jobs_scheduled(count) + +/** + * Initialize assertions against job scheduling. + * Must be matched by a call to assert_scheduler(). + */ +#define _assert_jobs_scheduled(count) \ +do { \ + u_int _initial = lib->scheduler->get_job_load(lib->scheduler); \ + u_int _expected = count + +/** + * Enforce scheduler asserts. + */ +#define assert_scheduler() \ + u_int _actual = lib->scheduler->get_job_load(lib->scheduler) - _initial; \ + test_assert_msg(_expected == _actual, "unexpected number of jobs " \ + "scheduled (%u != %u)", _expected, _actual); \ +} while(FALSE) + +#endif /** JOB_ASSERTS_H_ @}*/ diff --git a/src/libcharon/tests/utils/mock_dh.c b/src/libcharon/tests/utils/mock_dh.c new file mode 100644 index 000000000..153bf1166 --- /dev/null +++ b/src/libcharon/tests/utils/mock_dh.c @@ -0,0 +1,87 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * Copyright (C) 2008 Martin Willi + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "mock_dh.h" + +typedef struct private_diffie_hellman_t private_diffie_hellman_t; + +/** + * Private data + */ +struct private_diffie_hellman_t { + + /** + * Public interface + */ + diffie_hellman_t public; + + /** + * Instantiated DH group + */ + diffie_hellman_group_t group; +}; + +METHOD(diffie_hellman_t, get_my_public_value, bool, + private_diffie_hellman_t *this, chunk_t *value) +{ + *value = chunk_empty; + return TRUE; +} + +METHOD(diffie_hellman_t, set_other_public_value, bool, + private_diffie_hellman_t *this, chunk_t value) +{ + return TRUE; +} + +METHOD(diffie_hellman_t, get_shared_secret, bool, + private_diffie_hellman_t *this, chunk_t *secret) +{ + *secret = chunk_empty; + return TRUE; +} + +METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t, + private_diffie_hellman_t *this) +{ + return this->group; +} + +METHOD(diffie_hellman_t, destroy, void, + private_diffie_hellman_t *this) +{ + free(this); +} + +/** + * See header + */ +diffie_hellman_t *mock_dh_create(diffie_hellman_group_t group) +{ + private_diffie_hellman_t *this; + + INIT(this, + .public = { + .get_shared_secret = _get_shared_secret, + .set_other_public_value = _set_other_public_value, + .get_my_public_value = _get_my_public_value, + .get_dh_group = _get_dh_group, + .destroy = _destroy, + }, + .group = group, + ); + return &this->public; +} diff --git a/src/libcharon/tests/utils/mock_dh.h b/src/libcharon/tests/utils/mock_dh.h new file mode 100644 index 000000000..332c65537 --- /dev/null +++ b/src/libcharon/tests/utils/mock_dh.h @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * Provides a DH implementation that does no real work to make the tests run + * faster. + * + * @defgroup mock_dh mock_dh + * @{ @ingroup test_utils_c + */ + +#ifndef MOCK_DH_H_ +#define MOCK_DH_H_ + +#include + +/** + * Creates a diffie_hellman_t object. + * + * @param group Diffie Hellman group, supports MODP_NULL only + * @return created object + */ +diffie_hellman_t *mock_dh_create(diffie_hellman_group_t group); + +#endif /** MOCK_DH_H_ @}*/ diff --git a/src/libcharon/tests/utils/mock_ipsec.c b/src/libcharon/tests/utils/mock_ipsec.c new file mode 100644 index 000000000..d57a26a87 --- /dev/null +++ b/src/libcharon/tests/utils/mock_ipsec.c @@ -0,0 +1,128 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * Copyright (C) 2008 Martin Willi + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "mock_ipsec.h" + +typedef struct private_kernel_ipsec_t private_kernel_ipsec_t; + +/** + * Private data + */ +struct private_kernel_ipsec_t { + + /** + * Public interface + */ + kernel_ipsec_t public; + + /** + * Allocated SPI + */ + refcount_t spi; +}; + +METHOD(kernel_ipsec_t, get_spi, status_t, + private_kernel_ipsec_t *this, host_t *src, host_t *dst, uint8_t protocol, + uint32_t *spi) +{ + *spi = (uint32_t)ref_get(&this->spi); + return SUCCESS; +} + +METHOD(kernel_ipsec_t, get_cpi, status_t, + private_kernel_ipsec_t *this, host_t *src, host_t *dst, uint16_t *cpi) +{ + return FAILED; +} + +METHOD(kernel_ipsec_t, add_sa, status_t, + private_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data) +{ + return SUCCESS; +} + +METHOD(kernel_ipsec_t, update_sa, status_t, + private_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data) +{ + return SUCCESS; +} + +METHOD(kernel_ipsec_t, query_sa, status_t, + private_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets, + time_t *time) +{ + return NOT_SUPPORTED; +} + +METHOD(kernel_ipsec_t, del_sa, status_t, + private_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data) +{ + return SUCCESS; +} + +METHOD(kernel_ipsec_t, add_policy, status_t, + private_kernel_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) +{ + return SUCCESS; +} + +METHOD(kernel_ipsec_t, query_policy, status_t, + private_kernel_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, time_t *use_time) +{ + *use_time = 1; + return SUCCESS; +} + +METHOD(kernel_ipsec_t, del_policy, status_t, + private_kernel_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) +{ + return SUCCESS; +} + +/* + * Described in header + */ +kernel_ipsec_t *mock_ipsec_create() +{ + private_kernel_ipsec_t *this; + + INIT(this, + .public = { + .get_spi = _get_spi, + .get_cpi = _get_cpi, + .add_sa = _add_sa, + .update_sa = _update_sa, + .query_sa = _query_sa, + .del_sa = _del_sa, + .flush_sas = (void*)return_failed, + .add_policy = _add_policy, + .query_policy = _query_policy, + .del_policy = _del_policy, + .flush_policies = (void*)return_failed, + .bypass_socket = (void*)return_true, + .enable_udp_decap = (void*)return_true, + .destroy = (void*)free, + }, + ); + return &this->public; +} diff --git a/src/libcharon/tests/utils/mock_ipsec.h b/src/libcharon/tests/utils/mock_ipsec.h new file mode 100644 index 000000000..cbf21524a --- /dev/null +++ b/src/libcharon/tests/utils/mock_ipsec.h @@ -0,0 +1,36 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * kernel_ipsec_t implementation used for exchange unit tests. Currently + * returns sequential SPIs, all other methods are noops. + * + * @defgroup mock_ipsec mock_ipsec + * @{ @ingroup test_utils_c + */ + +#ifndef MOCK_IPSEC_H_ +#define MOCK_IPSEC_H_ + +#include + +/** + * Create an instance of kernel_ipsec_t + * + * @return created object + */ +kernel_ipsec_t *mock_ipsec_create(); + +#endif /** MOCK_IPSEC_H_ @}*/ diff --git a/src/libcharon/tests/utils/mock_nonce_gen.c b/src/libcharon/tests/utils/mock_nonce_gen.c new file mode 100644 index 000000000..30910f991 --- /dev/null +++ b/src/libcharon/tests/utils/mock_nonce_gen.c @@ -0,0 +1,91 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "mock_nonce_gen.h" + +typedef struct private_nonce_gen_t private_nonce_gen_t; + +struct private_nonce_gen_t { + + /** + * Public interface + */ + nonce_gen_t public; + + /** + * Random number generator + */ + rng_t* rng; + + /** + * First byte to set to the nonces + */ + u_char first; +}; + +METHOD(nonce_gen_t, get_nonce, bool, + private_nonce_gen_t *this, size_t size, uint8_t *buffer) +{ + if (size > 0) + { + buffer[0] = this->first; + buffer++; + size--; + } + return this->rng->get_bytes(this->rng, size, buffer); +} + +METHOD(nonce_gen_t, allocate_nonce, bool, + private_nonce_gen_t *this, size_t size, chunk_t *chunk) +{ + *chunk = chunk_alloc(size); + if (!get_nonce(this, chunk->len, chunk->ptr)) + { + chunk_free(chunk); + return FALSE; + } + return TRUE; +} + +METHOD(nonce_gen_t, destroy, void, + private_nonce_gen_t *this) +{ + DESTROY_IF(this->rng); + free(this); +} + +/* + * Described in header + */ +nonce_gen_t *mock_nonce_gen_create(u_char first) +{ + private_nonce_gen_t *this; + + INIT(this, + .public = { + .get_nonce = _get_nonce, + .allocate_nonce = _allocate_nonce, + .destroy = _destroy, + }, + .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK), + .first = first, + ); + if (!this->rng) + { + destroy(this); + return NULL; + } + return &this->public; +} diff --git a/src/libcharon/tests/utils/mock_nonce_gen.h b/src/libcharon/tests/utils/mock_nonce_gen.h new file mode 100644 index 000000000..feeab8bc0 --- /dev/null +++ b/src/libcharon/tests/utils/mock_nonce_gen.h @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * Special nonce generator that sets the first byte of the generated nonces to + * a fixed specified value. + * + * @defgroup mock_nonce_gen mock_nonce_gen + * @{ @ingroup test_utils_c + */ + +#ifndef MOCK_NONCE_GEN_H_ +#define MOCK_NONCE_GEN_H_ + +#include + +/** + * Creates a nonce_gen_t instance. + * + * @param first first byte to set in generated nonces + * @return created object + */ +nonce_gen_t *mock_nonce_gen_create(u_char first); + +#endif /** MOCK_NONCE_GEN_H_ @} */ diff --git a/src/libcharon/tests/utils/mock_sender.c b/src/libcharon/tests/utils/mock_sender.c new file mode 100644 index 000000000..c090ff439 --- /dev/null +++ b/src/libcharon/tests/utils/mock_sender.c @@ -0,0 +1,85 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "mock_sender.h" + +#include + +typedef struct private_mock_sender_t private_mock_sender_t; + +/** + * Private data + */ +struct private_mock_sender_t { + + /** + * Public interface + */ + mock_sender_t public; + + /** + * Packet queue, as message_t* + */ + linked_list_t *queue; +}; + + +METHOD(sender_t, send_, void, + private_mock_sender_t *this, packet_t *packet) +{ + message_t *message; + + message = message_create_from_packet(packet); + message->parse_header(message); + this->queue->insert_last(this->queue, message); +} + +METHOD(mock_sender_t, dequeue, message_t*, + private_mock_sender_t *this) +{ + message_t *message = NULL; + + this->queue->remove_first(this->queue, (void**)&message); + return message; +} + +METHOD(sender_t, destroy, void, + private_mock_sender_t *this) +{ + this->queue->destroy_offset(this->queue, offsetof(message_t, destroy)); + free(this); +} + +/* + * Described in header + */ +mock_sender_t *mock_sender_create() +{ + private_mock_sender_t *this; + + INIT(this, + .public = { + .interface = { + .send = _send_, + .send_no_marker = (void*)nop, + .flush = (void*)nop, + .destroy = _destroy, + }, + .dequeue = _dequeue, + }, + .queue = linked_list_create(), + ); + return &this->public; +} diff --git a/src/libcharon/tests/utils/mock_sender.h b/src/libcharon/tests/utils/mock_sender.h new file mode 100644 index 000000000..5eabddadc --- /dev/null +++ b/src/libcharon/tests/utils/mock_sender.h @@ -0,0 +1,56 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * sender_t implementation that does not pass the sent packet to a socket but + * instead provides it for immediate delivery to an ike_sa_t object. + * + * @defgroup mock_sender mock_sender + * @{ @ingroup test_utils_c + */ + +#ifndef MOCK_SENDER_H_ +#define MOCK_SENDER_H_ + +#include +#include + +typedef struct mock_sender_t mock_sender_t; + +struct mock_sender_t { + + /** + * Implemented interface + */ + sender_t interface; + + /** + * Remove the next packet in the send queue as message_t object. The IKE + * header is already parsed (which is assumed does not fail) so it can + * directly be passed to ike_sa_t::process_message(). + * + * @return message or NULL if none is queued + */ + message_t *(*dequeue)(mock_sender_t *this); +}; + +/** + * Creates a mock_sender_t instance. + * + * @return created object + */ +mock_sender_t *mock_sender_create(); + +#endif /** MOCK_SENDER_H_ @} */ diff --git a/src/libcharon/tests/utils/sa_asserts.h b/src/libcharon/tests/utils/sa_asserts.h new file mode 100644 index 000000000..7afa3b55b --- /dev/null +++ b/src/libcharon/tests/utils/sa_asserts.h @@ -0,0 +1,145 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * Special assertions against IKE_SAs and CHILD_SAs (e.g. regarding their + * state). + * + * @defgroup sa_asserts sa_asserts + * @{ @ingroup test_utils_c + */ + +#ifndef SA_ASSERTS_H_ +#define SA_ASSERTS_H_ + +#include + +/** + * Check that there exists a specific number of IKE_SAs in the manager. + */ +#define assert_ike_sa_count(count) \ +({ \ + typeof(count) _count = count; \ + u_int _actual = charon->ike_sa_manager->get_count(charon->ike_sa_manager); \ + test_assert_msg(_count == _actual, "unexpected number of IKE_SAs in " \ + "manager (%d != %d)", _count, _actual); \ +}) + +/** + * Check that the IKE_SA with the given SPIs and initiator flag is in the + * manager and return it. Does not actually keep the SA checked out as + * that would block cleaning up if asserts against it fail (since we control + * access to SAs it's also not really necessary). + */ +#define assert_ike_sa_checkout(spi_i, spi_r, initiator) \ +({ \ + typeof(spi_i) _spi_i = spi_i; \ + typeof(spi_r) _spi_r = spi_r; \ + typeof(initiator) _init = initiator; \ + ike_sa_id_t *_id = ike_sa_id_create(IKEV2, _spi_i, _spi_r, _init); \ + ike_sa_t *_ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, _id); \ + test_assert_msg(_ike_sa, "IKE_SA with SPIs %.16"PRIx64"_i %.16"PRIx64"_r " \ + "(%d) does not exist", be64toh(_spi_i), be64toh(_spi_r), _init); \ + _id->destroy(_id); \ + charon->ike_sa_manager->checkin(charon->ike_sa_manager, _ike_sa); \ + _ike_sa; \ +}) + +/** + * Check if the given IKE_SA is in the expected state. + */ +#define assert_ike_sa_state(ike_sa, state) \ +({ \ + typeof(ike_sa) _sa = ike_sa; \ + typeof(state) _state = state; \ + test_assert_msg(_state == _sa->get_state(_sa), "%N != %N", \ + ike_sa_state_names, _state, \ + ike_sa_state_names, _sa->get_state(_sa)); \ +}) + +/** + * Check that there exists a specific number of CHILD_SAs. + */ +#define assert_child_sa_count(ike_sa, count) \ +({ \ + typeof(ike_sa) _sa = ike_sa; \ + typeof(count) _count = count; \ + test_assert_msg(_count == _sa->get_child_count(_sa), "unexpected number " \ + "of CHILD_SAs in IKE_SA %s (%d != %d)", #ike_sa, _count, \ + _sa->get_child_count(_sa)); \ +}) + +/** + * Check if the CHILD_SA with the given SPI is in the expected state. + */ +#define assert_child_sa_state(ike_sa, spi, state) \ +({ \ + typeof(ike_sa) _sa = ike_sa; \ + typeof(spi) _spi = spi; \ + typeof(state) _state = state; \ + child_sa_t *_child = _sa->get_child_sa(_sa, PROTO_ESP, _spi, TRUE) ?: \ + _sa->get_child_sa(_sa, PROTO_ESP, _spi, FALSE); \ + test_assert_msg(_child, "CHILD_SA with SPI %.8x does not exist", \ + ntohl(_spi)); \ + test_assert_msg(_state == _child->get_state(_child), "%N != %N", \ + child_sa_state_names, _state, \ + child_sa_state_names, _child->get_state(_child)); \ +}) + +/** + * Assert that the CHILD_SA with the given inbound SPI does not exist. + */ +#define assert_child_sa_not_exists(ike_sa, spi) \ +({ \ + typeof(ike_sa) _sa = ike_sa; \ + typeof(spi) _spi = spi; \ + child_sa_t *_child = _sa->get_child_sa(_sa, PROTO_ESP, _spi, TRUE) ?: \ + _sa->get_child_sa(_sa, PROTO_ESP, _spi, FALSE); \ + test_assert_msg(!_child, "CHILD_SA with SPI %.8x exists", ntohl(_spi)); \ +}) + +/** + * Assert that there is a specific number of tasks in a given queue + * + * @param ike_sa IKE_SA to check + * @param count number of expected tasks + * @param queue queue to check (task_queue_t) + */ +#define assert_num_tasks(ike_sa, count, queue) \ +({ \ + typeof(ike_sa) _sa = ike_sa; \ + typeof(count) _count = count; \ + int _c = 0; task_t *_task; \ + enumerator_t *_enumerator = _sa->create_task_enumerator(_sa, queue); \ + while (_enumerator->enumerate(_enumerator, &_task)) { _c++; } \ + _enumerator->destroy(_enumerator); \ + test_assert_msg(_count == _c, "unexpected number of tasks in " #queue " " \ + "of IKE_SA %s (%d != %d)", #ike_sa, _count, _c); \ +}) + +/** + * Assert that all task queues of the given IKE_SA are empty + * + * @param ike_sa IKE_SA to check + */ +#define assert_sa_idle(ike_sa) \ +({ \ + typeof(ike_sa) _ike_sa = ike_sa; \ + assert_num_tasks(_ike_sa, 0, TASK_QUEUE_QUEUED); \ + assert_num_tasks(_ike_sa, 0, TASK_QUEUE_ACTIVE); \ + assert_num_tasks(_ike_sa, 0, TASK_QUEUE_PASSIVE); \ +}) + +#endif /** SA_ASSERTS_H_ @}*/ diff --git a/src/libfast/Makefile.am b/src/libfast/Makefile.am index 48079c66a..1a2da9791 100644 --- a/src/libfast/Makefile.am +++ b/src/libfast/Makefile.am @@ -22,4 +22,4 @@ endif libfast_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - -lfcgi $(clearsilver_LIBS) $(PTHREADLIB) + -lfcgi $(clearsilver_LIBS) $(PTHREADLIB) $(ATOMICLIB) diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in index 0c692542d..4c489db65 100644 --- a/src/libfast/Makefile.in +++ b/src/libfast/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libfast -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp $(am__nobase_fast_include_HEADERS_DIST) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am \ + $(am__nobase_fast_include_HEADERS_DIST) $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -132,7 +142,8 @@ LTLIBRARIES = $(ipseclib_LTLIBRARIES) am__DEPENDENCIES_1 = libfast_la_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) am_libfast_la_OBJECTS = fast_dispatcher.lo fast_request.lo \ fast_session.lo fast_smtp.lo libfast_la_OBJECTS = $(am_libfast_la_OBJECTS) @@ -204,12 +215,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +272,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +307,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +419,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -453,7 +469,7 @@ libfast_la_SOURCES = \ libfast_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - -lfcgi $(clearsilver_LIBS) $(PTHREADLIB) + -lfcgi $(clearsilver_LIBS) $(PTHREADLIB) $(ATOMICLIB) all: all-am @@ -471,7 +487,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libfast/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libfast/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -804,6 +819,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES \ uninstall-ipseclibLTLIBRARIES \ uninstall-nobase_fast_includeHEADERS +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/Android.mk b/src/libimcv/Android.mk index 80e2aaadb..89ce5801a 100644 --- a/src/libimcv/Android.mk +++ b/src/libimcv/Android.mk @@ -48,7 +48,6 @@ libimcv_la_SOURCES := \ pts/pts_pcr.h pts/pts_pcr.c \ pts/pts_proto_caps.h \ pts/pts_req_func_comp_evid.h \ - pts/pts_simple_evid_final.h \ pts/pts_creds.h pts/pts_creds.c \ pts/pts_database.h pts/pts_database.c \ pts/pts_dh_group.h pts/pts_dh_group.c \ @@ -107,6 +106,7 @@ LOCAL_SRC_FILES := $(filter %.c,$(libimcv_la_SOURCES)) LOCAL_C_INCLUDES += \ $(strongswan_PATH)/src/libtncif \ + $(strongswan_PATH)/src/libtpmtss \ $(strongswan_PATH)/src/libstrongswan LOCAL_CFLAGS := $(strongswan_CFLAGS) @@ -119,6 +119,6 @@ LOCAL_ARM_MODE := arm LOCAL_PRELINK_MODULE := false -LOCAL_SHARED_LIBRARIES += libstrongswan libtncif +LOCAL_SHARED_LIBRARIES += libstrongswan libtncif libtpmtss include $(BUILD_SHARED_LIBRARY) diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am index 7683da3af..8cde4b7fc 100644 --- a/src/libimcv/Makefile.am +++ b/src/libimcv/Makefile.am @@ -1,6 +1,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libtpmtss \ -DIPSEC_SCRIPT=\"${ipsec_script}\" ipseclib_LTLIBRARIES = libimcv.la @@ -10,11 +11,8 @@ libimcv_la_LDFLAGS = \ libimcv_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(top_builddir)/src/libtncif/libtncif.la - -if USE_TROUSERS - libimcv_la_LIBADD += -ltspi -endif + $(top_builddir)/src/libtncif/libtncif.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la if USE_WINDOWS libimcv_la_LIBADD += -lws2_32 @@ -66,7 +64,6 @@ libimcv_la_SOURCES = \ pts/pts_pcr.h pts/pts_pcr.c \ pts/pts_proto_caps.h \ pts/pts_req_func_comp_evid.h \ - pts/pts_simple_evid_final.h \ pts/pts_creds.h pts/pts_creds.c \ pts/pts_database.h pts/pts_database.c \ pts/pts_dh_group.h pts/pts_dh_group.c \ @@ -207,5 +204,6 @@ imcv_tests_CFLAGS = \ imcv_tests_LDFLAGS = @COVERAGE_LDFLAGS@ imcv_tests_LDADD = \ $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libstrongswan/tests/libtest.la diff --git a/src/libimcv/Makefile.in b/src/libimcv/Makefile.in index 200f9590e..7983b7758 100644 --- a/src/libimcv/Makefile.in +++ b/src/libimcv/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -18,7 +18,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,26 +91,23 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -@USE_TROUSERS_TRUE@am__append_1 = -ltspi -@USE_WINDOWS_TRUE@am__append_2 = -lws2_32 +@USE_WINDOWS_TRUE@am__append_1 = -lws2_32 ipsec_PROGRAMS = imv_policy_manager$(EXEEXT) -@USE_IMC_TEST_TRUE@am__append_3 = plugins/imc_test -@USE_IMV_TEST_TRUE@am__append_4 = plugins/imv_test -@USE_IMC_SCANNER_TRUE@am__append_5 = plugins/imc_scanner -@USE_IMV_SCANNER_TRUE@am__append_6 = plugins/imv_scanner -@USE_IMC_OS_TRUE@am__append_7 = plugins/imc_os -@USE_IMV_OS_TRUE@am__append_8 = plugins/imv_os -@USE_IMC_ATTESTATION_TRUE@am__append_9 = plugins/imc_attestation -@USE_IMV_ATTESTATION_TRUE@am__append_10 = plugins/imv_attestation -@USE_IMC_SWID_TRUE@am__append_11 = plugins/imc_swid -@USE_IMV_SWID_TRUE@am__append_12 = plugins/imv_swid -@USE_IMC_HCD_TRUE@am__append_13 = plugins/imc_hcd -@USE_IMV_HCD_TRUE@am__append_14 = plugins/imv_hcd +@USE_IMC_TEST_TRUE@am__append_2 = plugins/imc_test +@USE_IMV_TEST_TRUE@am__append_3 = plugins/imv_test +@USE_IMC_SCANNER_TRUE@am__append_4 = plugins/imc_scanner +@USE_IMV_SCANNER_TRUE@am__append_5 = plugins/imv_scanner +@USE_IMC_OS_TRUE@am__append_6 = plugins/imc_os +@USE_IMV_OS_TRUE@am__append_7 = plugins/imv_os +@USE_IMC_ATTESTATION_TRUE@am__append_8 = plugins/imc_attestation +@USE_IMV_ATTESTATION_TRUE@am__append_9 = plugins/imv_attestation +@USE_IMC_SWID_TRUE@am__append_10 = plugins/imc_swid +@USE_IMV_SWID_TRUE@am__append_11 = plugins/imv_swid +@USE_IMC_HCD_TRUE@am__append_12 = plugins/imc_hcd +@USE_IMV_HCD_TRUE@am__append_13 = plugins/imv_hcd TESTS = imcv_tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = src/libimcv -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp $(dist_templates_DATA) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -114,6 +121,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(dist_templates_DATA) \ + $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -151,7 +160,8 @@ LTLIBRARIES = $(ipseclib_LTLIBRARIES) am__DEPENDENCIES_1 = libimcv_la_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(top_builddir)/src/libtncif/libtncif.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/src/libtncif/libtncif.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la \ $(am__DEPENDENCIES_1) am__dirstamp = $(am__leading_dot)dirstamp am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \ @@ -230,6 +240,7 @@ am_imcv_tests_OBJECTS = ita/imcv_tests-ita_attr_command.$(OBJEXT) \ imcv_tests-imcv.$(OBJEXT) imcv_tests-imcv_tests.$(OBJEXT) imcv_tests_OBJECTS = $(am_imcv_tests_OBJECTS) imcv_tests_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libstrongswan/tests/libtest.la imcv_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ @@ -348,6 +359,7 @@ DIST_SUBDIRS = . plugins/imc_test plugins/imv_test plugins/imc_scanner \ plugins/imc_attestation plugins/imv_attestation \ plugins/imc_swid plugins/imv_swid plugins/imc_hcd \ plugins/imv_hcd +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -379,6 +391,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -428,6 +441,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -462,6 +476,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -573,6 +588,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -604,6 +620,7 @@ xml_LIBS = @xml_LIBS@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libtpmtss \ -DIPSEC_SCRIPT=\"${ipsec_script}\" ipseclib_LTLIBRARIES = libimcv.la @@ -612,8 +629,8 @@ libimcv_la_LDFLAGS = \ libimcv_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(top_builddir)/src/libtncif/libtncif.la $(am__append_1) \ - $(am__append_2) + $(top_builddir)/src/libtncif/libtncif.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la $(am__append_1) libimcv_la_SOURCES = \ imcv.h imcv.c \ imc/imc_agent.h imc/imc_agent.c imc/imc_state.h \ @@ -660,7 +677,6 @@ libimcv_la_SOURCES = \ pts/pts_pcr.h pts/pts_pcr.c \ pts/pts_proto_caps.h \ pts/pts_req_func_comp_evid.h \ - pts/pts_simple_evid_final.h \ pts/pts_creds.h pts/pts_creds.c \ pts/pts_database.h pts/pts_database.c \ pts/pts_dh_group.h pts/pts_dh_group.c \ @@ -726,10 +742,10 @@ imv_policy_manager_LDADD = \ $(top_builddir)/src/libtncif/libtncif.la #imv/imv_policy_manager.o : $(top_builddir)/config.status -SUBDIRS = . $(am__append_3) $(am__append_4) $(am__append_5) \ - $(am__append_6) $(am__append_7) $(am__append_8) \ - $(am__append_9) $(am__append_10) $(am__append_11) \ - $(am__append_12) $(am__append_13) $(am__append_14) +SUBDIRS = . $(am__append_2) $(am__append_3) $(am__append_4) \ + $(am__append_5) $(am__append_6) $(am__append_7) \ + $(am__append_8) $(am__append_9) $(am__append_10) \ + $(am__append_11) $(am__append_12) $(am__append_13) imcv_tests_SOURCES = \ ita/ita_attr_command.c \ pa_tnc/pa_tnc_attr_manager.c \ @@ -749,6 +765,7 @@ imcv_tests_CFLAGS = \ imcv_tests_LDFLAGS = @COVERAGE_LDFLAGS@ imcv_tests_LDADD = \ $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libstrongswan/tests/libtest.la @@ -768,7 +785,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -1999,6 +2015,8 @@ uninstall-am: uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS \ uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS \ uninstall-ipsecSCRIPTS uninstall-ipseclibLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/generic/generic_attr_bool.c b/src/libimcv/generic/generic_attr_bool.c index 3f570d9f8..5668b94fd 100644 --- a/src/libimcv/generic/generic_attr_bool.c +++ b/src/libimcv/generic/generic_attr_bool.c @@ -118,11 +118,11 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_generic_attr_bool_t *this, u_int32_t *offset) + private_generic_attr_bool_t *this, uint32_t *offset) { enum_name_t *pa_attr_names; bio_reader_t *reader; - u_int32_t status; + uint32_t status; *offset = 0; diff --git a/src/libimcv/generic/generic_attr_chunk.c b/src/libimcv/generic/generic_attr_chunk.c index 98a539987..2227e2041 100644 --- a/src/libimcv/generic/generic_attr_chunk.c +++ b/src/libimcv/generic/generic_attr_chunk.c @@ -93,7 +93,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_generic_attr_chunk_t *this, u_int32_t *offset) + private_generic_attr_chunk_t *this, uint32_t *offset) { enum_name_t *pa_attr_names; *offset = 0; diff --git a/src/libimcv/generic/generic_attr_string.c b/src/libimcv/generic/generic_attr_string.c index e63c0126a..4983ef91f 100644 --- a/src/libimcv/generic/generic_attr_string.c +++ b/src/libimcv/generic/generic_attr_string.c @@ -88,7 +88,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_generic_attr_string_t *this, u_int32_t *offset) + private_generic_attr_string_t *this, uint32_t *offset) { enum_name_t *pa_attr_names; u_char *pos; diff --git a/src/libimcv/ietf/ietf_attr.c b/src/libimcv/ietf/ietf_attr.c index 38b777fce..cfac6ed17 100644 --- a/src/libimcv/ietf/ietf_attr.c +++ b/src/libimcv/ietf/ietf_attr.c @@ -47,7 +47,7 @@ ENUM(ietf_attr_names, IETF_ATTR_TESTING, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED, /** * See header */ -pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, size_t length, +pa_tnc_attr_t* ietf_attr_create_from_data(uint32_t type, size_t length, chunk_t value) { switch (type) diff --git a/src/libimcv/ietf/ietf_attr.h b/src/libimcv/ietf/ietf_attr.h index 169ed78e8..7154674af 100644 --- a/src/libimcv/ietf/ietf_attr.h +++ b/src/libimcv/ietf/ietf_attr.h @@ -59,7 +59,7 @@ extern enum_name_t *ietf_attr_names; * @param length attribute length * @param value attribute value or segment */ -pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, size_t length, +pa_tnc_attr_t* ietf_attr_create_from_data(uint32_t type, size_t length, chunk_t value); #endif /** IETF_ATTR_H_ @}*/ diff --git a/src/libimcv/ietf/ietf_attr_assess_result.c b/src/libimcv/ietf/ietf_attr_assess_result.c index 1cffdcaae..894212508 100644 --- a/src/libimcv/ietf/ietf_attr_assess_result.c +++ b/src/libimcv/ietf/ietf_attr_assess_result.c @@ -67,7 +67,7 @@ struct private_ietf_attr_assess_result_t { /** * Assessment Result */ - u_int32_t result; + uint32_t result; /** * Reference count @@ -117,7 +117,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ietf_attr_assess_result_t *this, u_int32_t *offset) + private_ietf_attr_assess_result_t *this, uint32_t *offset) { bio_reader_t *reader; @@ -162,7 +162,7 @@ METHOD(pa_tnc_attr_t, destroy, void, } } -METHOD(ietf_attr_assess_result_t, get_result, u_int32_t, +METHOD(ietf_attr_assess_result_t, get_result, uint32_t, private_ietf_attr_assess_result_t *this) { return this->result; @@ -171,7 +171,7 @@ METHOD(ietf_attr_assess_result_t, get_result, u_int32_t, /** * Described in header. */ -pa_tnc_attr_t *ietf_attr_assess_result_create(u_int32_t result) +pa_tnc_attr_t *ietf_attr_assess_result_create(uint32_t result) { private_ietf_attr_assess_result_t *this; diff --git a/src/libimcv/ietf/ietf_attr_assess_result.h b/src/libimcv/ietf/ietf_attr_assess_result.h index b1a5166dc..fe7c1aaf3 100644 --- a/src/libimcv/ietf/ietf_attr_assess_result.h +++ b/src/libimcv/ietf/ietf_attr_assess_result.h @@ -43,7 +43,7 @@ struct ietf_attr_assess_result_t { * * @return Assessment Result */ - u_int32_t (*get_result)(ietf_attr_assess_result_t *this); + uint32_t (*get_result)(ietf_attr_assess_result_t *this); }; @@ -51,7 +51,7 @@ struct ietf_attr_assess_result_t { * Creates an ietf_attr_assess_result_t object * */ -pa_tnc_attr_t* ietf_attr_assess_result_create(u_int32_t result); +pa_tnc_attr_t* ietf_attr_assess_result_create(uint32_t result); /** * Creates an ietf_attr_assess_result_t object from received data diff --git a/src/libimcv/ietf/ietf_attr_attr_request.c b/src/libimcv/ietf/ietf_attr_attr_request.c index 08658e2f7..2a0b7f062 100644 --- a/src/libimcv/ietf/ietf_attr_attr_request.c +++ b/src/libimcv/ietf/ietf_attr_attr_request.c @@ -136,7 +136,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(ietf_attr_attr_request_t, add, void, - private_ietf_attr_attr_request_t *this, pen_t vendor_id, u_int32_t type) + private_ietf_attr_attr_request_t *this, pen_t vendor_id, uint32_t type) { enum_name_t *pa_attr_names; pen_type_t *entry; @@ -160,12 +160,12 @@ METHOD(ietf_attr_attr_request_t, add, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ietf_attr_attr_request_t *this, u_int32_t *offset) + private_ietf_attr_attr_request_t *this, uint32_t *offset) { bio_reader_t *reader; pen_t vendor_id; - u_int32_t type; - u_int8_t reserved; + uint32_t type; + uint8_t reserved; int count; *offset = 0; @@ -228,7 +228,7 @@ METHOD(ietf_attr_attr_request_t, create_enumerator, enumerator_t*, /** * Described in header. */ -pa_tnc_attr_t *ietf_attr_attr_request_create(pen_t vendor_id, u_int32_t type) +pa_tnc_attr_t *ietf_attr_attr_request_create(pen_t vendor_id, uint32_t type) { private_ietf_attr_attr_request_t *this; diff --git a/src/libimcv/ietf/ietf_attr_attr_request.h b/src/libimcv/ietf/ietf_attr_attr_request.h index 47b038605..4c4ede04a 100644 --- a/src/libimcv/ietf/ietf_attr_attr_request.h +++ b/src/libimcv/ietf/ietf_attr_attr_request.h @@ -44,7 +44,7 @@ struct ietf_attr_attr_request_t { * @param vendor_id Attribute Vendor ID * @param type Attribute Type */ - void (*add)(ietf_attr_attr_request_t *this, pen_t vendor_id, u_int32_t type); + void (*add)(ietf_attr_attr_request_t *this, pen_t vendor_id, uint32_t type); /** * Creates an enumerator over all attribute types contained @@ -59,7 +59,7 @@ struct ietf_attr_attr_request_t { * Creates an ietf_attr_attr_request_t object * */ -pa_tnc_attr_t* ietf_attr_attr_request_create(pen_t vendor_id, u_int32_t type); +pa_tnc_attr_t* ietf_attr_attr_request_create(pen_t vendor_id, uint32_t type); /** * @param length Total length of attribute value diff --git a/src/libimcv/ietf/ietf_attr_fwd_enabled.c b/src/libimcv/ietf/ietf_attr_fwd_enabled.c index 876a740c0..93eca3b3c 100644 --- a/src/libimcv/ietf/ietf_attr_fwd_enabled.c +++ b/src/libimcv/ietf/ietf_attr_fwd_enabled.c @@ -117,10 +117,10 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ietf_attr_fwd_enabled_t *this, u_int32_t *offset) + private_ietf_attr_fwd_enabled_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int32_t fwd_status; + uint32_t fwd_status; *offset = 0; diff --git a/src/libimcv/ietf/ietf_attr_installed_packages.c b/src/libimcv/ietf/ietf_attr_installed_packages.c index 39eea555a..7a870ac40 100644 --- a/src/libimcv/ietf/ietf_attr_installed_packages.c +++ b/src/libimcv/ietf/ietf_attr_installed_packages.c @@ -169,13 +169,13 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ietf_attr_installed_packages_t *this, u_int32_t *offset) + private_ietf_attr_installed_packages_t *this, uint32_t *offset) { bio_reader_t *reader; package_entry_t *entry; status_t status = NEED_MORE; chunk_t name, version; - u_int16_t reserved; + uint16_t reserved; u_char *pos; if (this->offset == 0) diff --git a/src/libimcv/ietf/ietf_attr_numeric_version.c b/src/libimcv/ietf/ietf_attr_numeric_version.c index c8fd6c1ca..7a3e78fd0 100644 --- a/src/libimcv/ietf/ietf_attr_numeric_version.c +++ b/src/libimcv/ietf/ietf_attr_numeric_version.c @@ -73,27 +73,27 @@ struct private_ietf_attr_numeric_version_t { /** * Major Version Number */ - u_int32_t major_version; + uint32_t major_version; /** * Minor Version Number */ - u_int32_t minor_version; + uint32_t minor_version; /** * IBuild Number */ - u_int32_t build; + uint32_t build; /** * Service Pack Major Number */ - u_int16_t service_pack_major; + uint16_t service_pack_major; /** * Service Pack Minor Number */ - u_int16_t service_pack_minor; + uint16_t service_pack_minor; /** * Reference count @@ -148,7 +148,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ietf_attr_numeric_version_t *this, u_int32_t *offset) + private_ietf_attr_numeric_version_t *this, uint32_t *offset) { bio_reader_t *reader; @@ -198,7 +198,7 @@ METHOD(pa_tnc_attr_t, destroy, void, } METHOD(ietf_attr_numeric_version_t, get_version, void, - private_ietf_attr_numeric_version_t *this, u_int32_t *major, u_int32_t *minor) + private_ietf_attr_numeric_version_t *this, uint32_t *major, uint32_t *minor) { if (major) { @@ -210,14 +210,14 @@ METHOD(ietf_attr_numeric_version_t, get_version, void, } } -METHOD(ietf_attr_numeric_version_t, get_build, u_int32_t, +METHOD(ietf_attr_numeric_version_t, get_build, uint32_t, private_ietf_attr_numeric_version_t *this) { return this->build; } METHOD(ietf_attr_numeric_version_t, get_service_pack, void, - private_ietf_attr_numeric_version_t *this, u_int16_t *major, u_int16_t *minor) + private_ietf_attr_numeric_version_t *this, uint16_t *major, uint16_t *minor) { if (major) { @@ -232,10 +232,10 @@ METHOD(ietf_attr_numeric_version_t, get_service_pack, void, /** * Described in header. */ -pa_tnc_attr_t *ietf_attr_numeric_version_create(u_int32_t major, u_int32_t minor, - u_int32_t build, - u_int16_t service_pack_major, - u_int16_t service_pack_minor) +pa_tnc_attr_t *ietf_attr_numeric_version_create(uint32_t major, uint32_t minor, + uint32_t build, + uint16_t service_pack_major, + uint16_t service_pack_minor) { private_ietf_attr_numeric_version_t *this; diff --git a/src/libimcv/ietf/ietf_attr_numeric_version.h b/src/libimcv/ietf/ietf_attr_numeric_version.h index 8808d48ed..afb3823e4 100644 --- a/src/libimcv/ietf/ietf_attr_numeric_version.h +++ b/src/libimcv/ietf/ietf_attr_numeric_version.h @@ -45,7 +45,7 @@ struct ietf_attr_numeric_version_t { * @param minor Minor Version Number */ void (*get_version)(ietf_attr_numeric_version_t *this, - u_int32_t *major, u_int32_t *minor); + uint32_t *major, uint32_t *minor); /** * Gets the Build Number @@ -53,7 +53,7 @@ struct ietf_attr_numeric_version_t { * @param major Major Version Number * @param minor Minor Version Number */ - u_int32_t (*get_build)(ietf_attr_numeric_version_t *this); + uint32_t (*get_build)(ietf_attr_numeric_version_t *this); /** * Gets the Major and Minor Numbers of the Service Pack @@ -62,17 +62,17 @@ struct ietf_attr_numeric_version_t { * @param minor Servcie Pack Minor Number */ void (*get_service_pack)(ietf_attr_numeric_version_t *this, - u_int16_t *major, u_int16_t *minor); + uint16_t *major, uint16_t *minor); }; /** * Creates an ietf_attr_numeric_version_t object * */ -pa_tnc_attr_t* ietf_attr_numeric_version_create(u_int32_t major, u_int32_t minor, - u_int32_t build, - u_int16_t service_pack_major, - u_int16_t service_pack_minor); +pa_tnc_attr_t* ietf_attr_numeric_version_create(uint32_t major, uint32_t minor, + uint32_t build, + uint16_t service_pack_major, + uint16_t service_pack_minor); /** * Creates an ietf_attr_numeric_version_t object from received data diff --git a/src/libimcv/ietf/ietf_attr_op_status.c b/src/libimcv/ietf/ietf_attr_op_status.c index d061a52f9..f04c89b96 100644 --- a/src/libimcv/ietf/ietf_attr_op_status.c +++ b/src/libimcv/ietf/ietf_attr_op_status.c @@ -93,12 +93,12 @@ struct private_ietf_attr_op_status_t { /** * Status */ - u_int8_t status; + uint8_t status; /** * Result */ - u_int8_t result; + uint8_t result; /** * Last Use @@ -164,11 +164,11 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ietf_attr_op_status_t *this, u_int32_t *offset) + private_ietf_attr_op_status_t *this, uint32_t *offset) { bio_reader_t *reader; chunk_t last_use; - u_int16_t reserved; + uint16_t reserved; struct tm t; *offset = 0; @@ -245,13 +245,13 @@ METHOD(pa_tnc_attr_t, destroy, void, } } -METHOD(ietf_attr_op_status_t, get_status, u_int8_t, +METHOD(ietf_attr_op_status_t, get_status, uint8_t, private_ietf_attr_op_status_t *this) { return this->status; } -METHOD(ietf_attr_op_status_t, get_result, u_int8_t, +METHOD(ietf_attr_op_status_t, get_result, uint8_t, private_ietf_attr_op_status_t *this) { return this->result; @@ -266,7 +266,7 @@ METHOD(ietf_attr_op_status_t, get_last_use, time_t, /** * Described in header. */ -pa_tnc_attr_t *ietf_attr_op_status_create(u_int8_t status, u_int8_t result, +pa_tnc_attr_t *ietf_attr_op_status_create(uint8_t status, uint8_t result, time_t last_use) { private_ietf_attr_op_status_t *this; diff --git a/src/libimcv/ietf/ietf_attr_op_status.h b/src/libimcv/ietf/ietf_attr_op_status.h index ceb13fe75..c91735a55 100644 --- a/src/libimcv/ietf/ietf_attr_op_status.h +++ b/src/libimcv/ietf/ietf_attr_op_status.h @@ -70,14 +70,14 @@ struct ietf_attr_op_status_t { * * @return Operational Status */ - u_int8_t (*get_status)(ietf_attr_op_status_t *this); + uint8_t (*get_status)(ietf_attr_op_status_t *this); /** * Gets the Operational Result * * @return Operational Result */ - u_int8_t (*get_result)(ietf_attr_op_status_t *this); + uint8_t (*get_result)(ietf_attr_op_status_t *this); /** * Gets the time of last use @@ -94,7 +94,7 @@ struct ietf_attr_op_status_t { * @param result Operational Result * @param last_use Time of last use */ -pa_tnc_attr_t* ietf_attr_op_status_create(u_int8_t status, u_int8_t result, +pa_tnc_attr_t* ietf_attr_op_status_create(uint8_t status, uint8_t result, time_t last_use); /** diff --git a/src/libimcv/ietf/ietf_attr_port_filter.c b/src/libimcv/ietf/ietf_attr_port_filter.c index 6f7ff54cc..05920fdd8 100644 --- a/src/libimcv/ietf/ietf_attr_port_filter.c +++ b/src/libimcv/ietf/ietf_attr_port_filter.c @@ -30,8 +30,8 @@ typedef struct port_entry_t port_entry_t; */ struct port_entry_t { bool blocked; - u_int8_t protocol; - u_int16_t port; + uint8_t protocol; + uint16_t port; }; /** @@ -142,11 +142,11 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ietf_attr_port_filter_t *this, u_int32_t *offset) + private_ietf_attr_port_filter_t *this, uint32_t *offset) { bio_reader_t *reader; port_entry_t *entry; - u_int8_t blocked; + uint8_t blocked; *offset = 0; @@ -201,8 +201,8 @@ METHOD(pa_tnc_attr_t, destroy, void, } METHOD(ietf_attr_port_filter_t, add_port, void, - private_ietf_attr_port_filter_t *this, bool blocked, u_int8_t protocol, - u_int16_t port) + private_ietf_attr_port_filter_t *this, bool blocked, uint8_t protocol, + uint16_t port) { port_entry_t *entry; @@ -217,8 +217,8 @@ METHOD(ietf_attr_port_filter_t, add_port, void, * Enumerate port filter entries */ static bool port_filter(void *null, port_entry_t **entry, - bool *blocked, void *i2, u_int8_t *protocol, void *i3, - u_int16_t *port) + bool *blocked, void *i2, uint8_t *protocol, void *i3, + uint16_t *port) { *blocked = (*entry)->blocked; *protocol = (*entry)->protocol; diff --git a/src/libimcv/ietf/ietf_attr_port_filter.h b/src/libimcv/ietf/ietf_attr_port_filter.h index e6c5a3f61..db35453c4 100644 --- a/src/libimcv/ietf/ietf_attr_port_filter.h +++ b/src/libimcv/ietf/ietf_attr_port_filter.h @@ -46,11 +46,11 @@ struct ietf_attr_port_filter_t { * @param port TCP/UDP port number */ void (*add_port)(ietf_attr_port_filter_t *this, bool blocked, - u_int8_t protocol, u_int16_t port); + uint8_t protocol, uint16_t port); /** * Enumerates over all ports - * Format: bool *blocked, u_int8_t *protocol, u_int16_t *port + * Format: bool *blocked, uint8_t *protocol, uint16_t *port * * @return enumerator */ diff --git a/src/libimcv/ietf/ietf_attr_product_info.c b/src/libimcv/ietf/ietf_attr_product_info.c index 37c89e9e5..ed1a74b43 100644 --- a/src/libimcv/ietf/ietf_attr_product_info.c +++ b/src/libimcv/ietf/ietf_attr_product_info.c @@ -74,7 +74,7 @@ struct private_ietf_attr_product_info_t { /** * Product ID */ - u_int16_t product_id; + uint16_t product_id; /** * Product Name @@ -131,7 +131,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ietf_attr_product_info_t *this, u_int32_t *offset) + private_ietf_attr_product_info_t *this, uint32_t *offset) { bio_reader_t *reader; chunk_t product_name; @@ -190,7 +190,7 @@ METHOD(pa_tnc_attr_t, destroy, void, } METHOD(ietf_attr_product_info_t, get_info, chunk_t, - private_ietf_attr_product_info_t *this, pen_t *vendor_id, u_int16_t *id) + private_ietf_attr_product_info_t *this, pen_t *vendor_id, uint16_t *id) { if (vendor_id) { @@ -206,7 +206,7 @@ METHOD(ietf_attr_product_info_t, get_info, chunk_t, /** * Described in header. */ -pa_tnc_attr_t *ietf_attr_product_info_create(pen_t vendor_id, u_int16_t id, +pa_tnc_attr_t *ietf_attr_product_info_create(pen_t vendor_id, uint16_t id, chunk_t name) { private_ietf_attr_product_info_t *this; diff --git a/src/libimcv/ietf/ietf_attr_product_info.h b/src/libimcv/ietf/ietf_attr_product_info.h index 5151b5808..53e240955 100644 --- a/src/libimcv/ietf/ietf_attr_product_info.h +++ b/src/libimcv/ietf/ietf_attr_product_info.h @@ -46,7 +46,7 @@ struct ietf_attr_product_info_t { * @return Product Name */ chunk_t (*get_info)(ietf_attr_product_info_t *this, - pen_t *vendor_id, u_int16_t *id); + pen_t *vendor_id, uint16_t *id); }; @@ -54,7 +54,7 @@ struct ietf_attr_product_info_t { * Creates an ietf_attr_product_info_t object * */ -pa_tnc_attr_t* ietf_attr_product_info_create(pen_t vendor_id, u_int16_t id, +pa_tnc_attr_t* ietf_attr_product_info_create(pen_t vendor_id, uint16_t id, chunk_t name); /** diff --git a/src/libimcv/ietf/ietf_attr_remediation_instr.c b/src/libimcv/ietf/ietf_attr_remediation_instr.c index 64070374e..c834b23fd 100644 --- a/src/libimcv/ietf/ietf_attr_remediation_instr.c +++ b/src/libimcv/ietf/ietf_attr_remediation_instr.c @@ -165,10 +165,10 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ietf_attr_remediation_instr_t *this, u_int32_t *offset) + private_ietf_attr_remediation_instr_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int8_t reserved; + uint8_t reserved; status_t status = SUCCESS; u_char *pos; diff --git a/src/libimcv/ietf/ietf_attr_string_version.c b/src/libimcv/ietf/ietf_attr_string_version.c index c46200b8f..f78138747 100644 --- a/src/libimcv/ietf/ietf_attr_string_version.c +++ b/src/libimcv/ietf/ietf_attr_string_version.c @@ -134,7 +134,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ietf_attr_string_version_t *this, u_int32_t *offset) + private_ietf_attr_string_version_t *this, uint32_t *offset) { bio_reader_t *reader; status_t status = FAILED; diff --git a/src/libimcv/imc/imc_agent.c b/src/libimcv/imc/imc_agent.c index 0d622f1b8..3a7a16bc2 100644 --- a/src/libimcv/imc/imc_agent.c +++ b/src/libimcv/imc/imc_agent.c @@ -46,7 +46,7 @@ struct private_imc_agent_t { /** * number of message types registered by IMC */ - u_int32_t type_count; + uint32_t type_count; /** * ID of IMC as assigned by TNCC @@ -320,7 +320,7 @@ static char* get_str_attribute(private_imc_agent_t *this, TNC_ConnectionID id, /** * Read an UInt32 attribute */ -static u_int32_t get_uint_attribute(private_imc_agent_t *this, TNC_ConnectionID id, +static uint32_t get_uint_attribute(private_imc_agent_t *this, TNC_ConnectionID id, TNC_AttributeID attribute_id) { TNC_UInt32 len; @@ -341,7 +341,7 @@ METHOD(imc_agent_t, create_state, TNC_Result, TNC_ConnectionID conn_id; char *tnccs_p = NULL, *tnccs_v = NULL, *t_p = NULL, *t_v = NULL; bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE; - u_int32_t max_msg_len; + uint32_t max_msg_len; conn_id = state->get_connection_id(state); if (find_connection(this, conn_id)) @@ -550,7 +550,7 @@ METHOD(imc_agent_t, destroy, void, * Described in header. */ imc_agent_t *imc_agent_create(const char *name, - pen_type_t *supported_types, u_int32_t type_count, + pen_type_t *supported_types, uint32_t type_count, TNC_IMCID id, TNC_Version *actual_version) { private_imc_agent_t *this; diff --git a/src/libimcv/imc/imc_agent.h b/src/libimcv/imc/imc_agent.h index 8bdfb6c32..bac1b4832 100644 --- a/src/libimcv/imc/imc_agent.h +++ b/src/libimcv/imc/imc_agent.h @@ -198,7 +198,7 @@ struct imc_agent_t { * */ imc_agent_t *imc_agent_create(const char *name, - pen_type_t *supported_types, u_int32_t type_count, + pen_type_t *supported_types, uint32_t type_count, TNC_IMCID id, TNC_Version *actual_version); #endif /** IMC_AGENT_H_ @}*/ diff --git a/src/libimcv/imc/imc_os_info.c b/src/libimcv/imc/imc_os_info.c index 55e152af5..3315c209f 100644 --- a/src/libimcv/imc/imc_os_info.c +++ b/src/libimcv/imc/imc_os_info.c @@ -69,7 +69,7 @@ METHOD(imc_os_info_t, get_name, chunk_t, } METHOD(imc_os_info_t, get_numeric_version, void, - private_imc_os_info_t *this, u_int32_t *major, u_int32_t *minor) + private_imc_os_info_t *this, uint32_t *major, uint32_t *minor) { u_char *pos; diff --git a/src/libimcv/imc/imc_os_info.h b/src/libimcv/imc/imc_os_info.h index ef7fb6d43..680e2b7a3 100644 --- a/src/libimcv/imc/imc_os_info.h +++ b/src/libimcv/imc/imc_os_info.h @@ -54,8 +54,8 @@ struct imc_os_info_t { * @param major OS major version number * @param minor OS minor version number */ - void (*get_numeric_version)(imc_os_info_t *this, u_int32_t *major, - u_int32_t *minor); + void (*get_numeric_version)(imc_os_info_t *this, uint32_t *major, + uint32_t *minor); /** * Get the OS version or release diff --git a/src/libimcv/imc/imc_state.h b/src/libimcv/imc/imc_state.h index efcf567f0..d8aeab996 100644 --- a/src/libimcv/imc/imc_state.h +++ b/src/libimcv/imc/imc_state.h @@ -72,14 +72,14 @@ struct imc_state_t { * * @param max_msg_len maximum size of a PA-TNC message */ - void (*set_max_msg_len)(imc_state_t *this, u_int32_t max_msg_len); + void (*set_max_msg_len)(imc_state_t *this, uint32_t max_msg_len); /** * Get the maximum size of a PA-TNC message for this TNCCS connection * * @return maximum size of a PA-TNC message */ - u_int32_t (*get_max_msg_len)(imc_state_t *this); + uint32_t (*get_max_msg_len)(imc_state_t *this); /** * Get attribute segmentation contracts associated with TNCCS Connection diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql index 9162e3f87..6f88e173a 100644 --- a/src/libimcv/imv/data.sql +++ b/src/libimcv/imv/data.sql @@ -412,6 +412,90 @@ INSERT INTO products ( /* 69 */ 'Debian 7.9 armv7l' ); +INSERT INTO products ( /* 70 */ + name +) VALUES ( + 'Ubuntu 15.04 i686' +); + +INSERT INTO products ( /* 71 */ + name +) VALUES ( + 'Ubuntu 15.04 x86_64' +); + +INSERT INTO products ( /* 72 */ + name +) VALUES ( + 'Ubuntu 15.10 i686' +); + +INSERT INTO products ( /* 73 */ + name +) VALUES ( + 'Ubuntu 15.10 x86_64' +); + +INSERT INTO products ( /* 74 */ + name +) VALUES ( + 'Ubuntu 16.04 i686' +); + +INSERT INTO products ( /* 75 */ + name +) VALUES ( + 'Ubuntu 16.04 x86_64' +); + +INSERT INTO products ( /* 76 */ + name +) VALUES ( + 'Debian 7.10 i686' +); + +INSERT INTO products ( /* 77 */ + name +) VALUES ( + 'Debian 7.10 x86_64' +); + +INSERT INTO products ( /* 78 */ + name +) VALUES ( + 'Debian 7.10 armv6l' +); + +INSERT INTO products ( /* 79 */ + name +) VALUES ( + 'Debian 7.10 armv7l' +); + +INSERT INTO products ( /* 80 */ + name +) VALUES ( + 'Android 6.0' +); + +INSERT INTO products ( /* 81 */ + name +) VALUES ( + 'Android 6.0.1' +); + +INSERT INTO products ( /* 82 */ + name +) VALUES ( + 'Debian 8.5 i686' +); + +INSERT INTO products ( /* 83 */ + name +) VALUES ( + 'Debian 8.5 x86_64' +); + /* Directories */ INSERT INTO directories ( /* 1 */ @@ -541,19 +625,19 @@ INSERT INTO files ( /* 6 */ INSERT INTO algorithms ( id, name ) VALUES ( - 32768, 'SHA1' + 32768, 'SHA1' ); INSERT INTO algorithms ( id, name ) VALUES ( - 16384, 'SHA256' + 16384, 'SHA256' ); INSERT INTO algorithms ( id, name ) VALUES ( - 8192, 'SHA384' + 8192, 'SHA384' ); /* File Hashes */ @@ -916,6 +1000,12 @@ INSERT INTO groups_product_defaults ( 4, 66 ); +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 4, 76 +); + INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( @@ -988,6 +1078,18 @@ INSERT INTO groups_product_defaults ( 5, 67 ); +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 5, 77 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 5, 83 +); + INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( @@ -1042,6 +1144,24 @@ INSERT INTO groups_product_defaults ( 6, 61 ); +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 6, 70 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 6, 72 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 6, 74 +); + INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( @@ -1102,6 +1222,24 @@ INSERT INTO groups_product_defaults ( 7, 62 ); +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 7, 71 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 7, 73 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 7, 75 +); + INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( @@ -1162,6 +1300,12 @@ INSERT INTO groups_product_defaults ( 3, 50 ); +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 3, 51 +); + INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( @@ -1177,7 +1321,13 @@ INSERT INTO groups_product_defaults ( INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( - 3, 51 + 3, 80 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 3, 81 ); INSERT INTO groups_product_defaults ( @@ -1240,6 +1390,12 @@ INSERT INTO groups_product_defaults ( 14, 68 ); +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 14, 78 +); + INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( @@ -1252,6 +1408,12 @@ INSERT INTO groups_product_defaults ( 15, 69 ); +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 15, 79 +); + /* Policies */ INSERT INTO policies ( /* 1 */ diff --git a/src/libimcv/imv/imv_database.h b/src/libimcv/imv/imv_database.h index 79551cc79..d0b2db2b4 100644 --- a/src/libimcv/imv/imv_database.h +++ b/src/libimcv/imv/imv_database.h @@ -46,7 +46,7 @@ struct imv_database_t { */ imv_session_t* (*add_session)(imv_database_t *this, TNC_ConnectionID conn_id, - u_int32_t ar_id_type, chunk_t ar_id_value); + uint32_t ar_id_type, chunk_t ar_id_value); /** * Remove and delete a session diff --git a/src/libimcv/ita/ita_attr.c b/src/libimcv/ita/ita_attr.c index 35c882c37..1d8db71cb 100644 --- a/src/libimcv/ita/ita_attr.c +++ b/src/libimcv/ita/ita_attr.c @@ -35,7 +35,7 @@ ENUM(ita_attr_names, ITA_ATTR_COMMAND, ITA_ATTR_DEVICE_ID, /** * See header */ -pa_tnc_attr_t* ita_attr_create_from_data(u_int32_t type, size_t length, +pa_tnc_attr_t* ita_attr_create_from_data(uint32_t type, size_t length, chunk_t value) { switch (type) diff --git a/src/libimcv/ita/ita_attr.h b/src/libimcv/ita/ita_attr.h index 7378a1cbe..726537420 100644 --- a/src/libimcv/ita/ita_attr.h +++ b/src/libimcv/ita/ita_attr.h @@ -53,7 +53,7 @@ extern enum_name_t *ita_attr_names; * @param length attribute length * @param value attribute value or segment */ -pa_tnc_attr_t* ita_attr_create_from_data(u_int32_t type, size_t length, +pa_tnc_attr_t* ita_attr_create_from_data(uint32_t type, size_t length, chunk_t value); #endif /** ITA_ATTR_H_ @}*/ diff --git a/src/libimcv/ita/ita_attr_angel.c b/src/libimcv/ita/ita_attr_angel.c index 110863608..133089759 100644 --- a/src/libimcv/ita/ita_attr_angel.c +++ b/src/libimcv/ita/ita_attr_angel.c @@ -81,7 +81,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ita_attr_angel_t *this, u_int32_t *offset) + private_ita_attr_angel_t *this, uint32_t *offset) { return SUCCESS; } diff --git a/src/libimcv/ita/ita_attr_command.c b/src/libimcv/ita/ita_attr_command.c index a6b187f13..03a534125 100644 --- a/src/libimcv/ita/ita_attr_command.c +++ b/src/libimcv/ita/ita_attr_command.c @@ -101,7 +101,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ita_attr_command_t *this, u_int32_t *offset) + private_ita_attr_command_t *this, uint32_t *offset) { *offset = 0; diff --git a/src/libimcv/ita/ita_attr_dummy.c b/src/libimcv/ita/ita_attr_dummy.c index 0d21ac6ea..8fa23cf99 100644 --- a/src/libimcv/ita/ita_attr_dummy.c +++ b/src/libimcv/ita/ita_attr_dummy.c @@ -99,7 +99,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ita_attr_dummy_t *this, u_int32_t *offset) + private_ita_attr_dummy_t *this, uint32_t *offset) { *offset = 0; diff --git a/src/libimcv/ita/ita_attr_get_settings.c b/src/libimcv/ita/ita_attr_get_settings.c index 3c047fb82..4c50cffd9 100644 --- a/src/libimcv/ita/ita_attr_get_settings.c +++ b/src/libimcv/ita/ita_attr_get_settings.c @@ -140,10 +140,10 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ita_attr_get_settings_t *this, u_int32_t *offset) + private_ita_attr_get_settings_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int32_t count; + uint32_t count; chunk_t name; status_t status = FAILED; diff --git a/src/libimcv/ita/ita_attr_settings.c b/src/libimcv/ita/ita_attr_settings.c index ced347705..c7c968a26 100644 --- a/src/libimcv/ita/ita_attr_settings.c +++ b/src/libimcv/ita/ita_attr_settings.c @@ -169,10 +169,10 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ita_attr_settings_t *this, u_int32_t *offset) + private_ita_attr_settings_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int32_t count; + uint32_t count; chunk_t name, value; entry_t *entry; status_t status = FAILED; diff --git a/src/libimcv/pa_tnc/pa_tnc_attr_manager.h b/src/libimcv/pa_tnc/pa_tnc_attr_manager.h index 8607feede..1fec8e3f9 100644 --- a/src/libimcv/pa_tnc/pa_tnc_attr_manager.h +++ b/src/libimcv/pa_tnc/pa_tnc_attr_manager.h @@ -28,7 +28,7 @@ typedef struct pa_tnc_attr_manager_t pa_tnc_attr_manager_t; #include #include -typedef pa_tnc_attr_t* (*pa_tnc_attr_create_t)(u_int32_t type, size_t length, +typedef pa_tnc_attr_t* (*pa_tnc_attr_create_t)(uint32_t type, size_t length, chunk_t value); /** diff --git a/src/libimcv/plugins/imc_attestation/Makefile.am b/src/libimcv/plugins/imc_attestation/Makefile.am index e7b1f1ce1..14b1646e5 100644 --- a/src/libimcv/plugins/imc_attestation/Makefile.am +++ b/src/libimcv/plugins/imc_attestation/Makefile.am @@ -1,7 +1,8 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv + -I$(top_srcdir)/src/libimcv \ + -I$(top_srcdir)/src/libtpmtss AM_CFLAGS = \ $(PLUGIN_CFLAGS) diff --git a/src/libimcv/plugins/imc_attestation/Makefile.in b/src/libimcv/plugins/imc_attestation/Makefile.in index 6d9533d21..d2b8168b9 100644 --- a/src/libimcv/plugins/imc_attestation/Makefile.in +++ b/src/libimcv/plugins/imc_attestation/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libimcv/plugins/imc_attestation -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -432,7 +446,8 @@ xml_LIBS = @xml_LIBS@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv + -I$(top_srcdir)/src/libimcv \ + -I$(top_srcdir)/src/libtpmtss AM_CFLAGS = \ $(PLUGIN_CFLAGS) @@ -462,7 +477,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_attestation/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imc_attestation/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -766,6 +780,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-imcvLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c index f24aec881..56713bb04 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -225,9 +226,9 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg, { tcg_pts_attr_req_file_meas_t *attr_cast; char *pathname; - u_int16_t request_id; + uint16_t request_id; bool is_directory; - u_int32_t delimiter; + uint32_t delimiter; pts_file_meas_t *measurements; pen_type_t error_code; @@ -282,7 +283,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg, tcg_pts_attr_req_file_meta_t *attr_cast; char *pathname; bool is_directory; - u_int8_t delimiter; + uint8_t delimiter; pts_file_meta_t *metadata; pen_type_t error_code; @@ -336,8 +337,8 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg, pts_comp_evidence_t *evid; pts_component_t *comp; pen_type_t error_code; - u_int32_t depth; - u_int8_t flags; + uint32_t depth; + uint8_t flags; status_t status; enumerator_t *e; @@ -420,11 +421,11 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg, } case TCG_PTS_GEN_ATTEST_EVID: { - pts_simple_evid_final_flag_t flags; - pts_meas_algorithms_t comp_hash_algorithm; pts_comp_evidence_t *evid; - chunk_t pcr_composite, quote_sig; - bool use_quote2; + tpm_quote_mode_t quote_mode; + tpm_tss_quote_info_t *quote_info; + chunk_t quote_sig; + bool use_quote2, use_version_info; /* Send cached Component Evidence entries */ while (attestation_state->next_evidence(attestation_state, &evid)) @@ -434,21 +435,23 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg, } use_quote2 = lib->settings->get_bool(lib->settings, - "%s.plugins.imc-attestation.use_quote2", TRUE, - lib->ns); - if (!pts->quote_tpm(pts, use_quote2, &pcr_composite, "e_sig)) + "%s.plugins.imc-attestation.use_quote2", + TRUE, lib->ns); + use_version_info = lib->settings->get_bool(lib->settings, + "%s.plugins.imc-attestation.use_version_info", + FALSE, lib->ns); + quote_mode = use_quote2 ? (use_version_info ? + TPM_QUOTE2_VERSION_INFO : + TPM_QUOTE2) : + TPM_QUOTE; + + if (!pts->quote(pts, "e_mode, "e_info, "e_sig)) { DBG1(DBG_IMC, "error occurred during TPM quote operation"); return FALSE; } - /* Send Simple Evidence Final attribute */ - flags = use_quote2 ? PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 : - PTS_SIMPLE_EVID_FINAL_QUOTE_INFO; - comp_hash_algorithm = PTS_MEAS_ALGO_SHA1; - - attr = tcg_pts_attr_simple_evid_final_create(flags, - comp_hash_algorithm, pcr_composite, quote_sig); + attr = tcg_pts_attr_simple_evid_final_create(quote_info, quote_sig); msg->add_attribute(msg, attr); break; } diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_state.c b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c index 0b594cb10..b789a2104 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation_state.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c @@ -64,7 +64,7 @@ struct private_imc_attestation_state_t { /** * Maximum PA-TNC message size for this TNCCS connection */ - u_int32_t max_msg_len; + uint32_t max_msg_len; /** * PA-TNC attribute segmentation contracts associated with TNCCS connection @@ -114,12 +114,12 @@ METHOD(imc_state_t, set_flags, void, } METHOD(imc_state_t, set_max_msg_len, void, - private_imc_attestation_state_t *this, u_int32_t max_msg_len) + private_imc_attestation_state_t *this, uint32_t max_msg_len) { this->max_msg_len = max_msg_len; } -METHOD(imc_state_t, get_max_msg_len, u_int32_t, +METHOD(imc_state_t, get_max_msg_len, uint32_t, private_imc_attestation_state_t *this) { return this->max_msg_len; @@ -175,7 +175,7 @@ METHOD(imc_attestation_state_t, get_pts, pts_t*, METHOD(imc_attestation_state_t, create_component, pts_component_t*, private_imc_attestation_state_t *this, pts_comp_func_name_t *name, - u_int32_t depth) + uint32_t depth) { enumerator_t *enumerator; pts_component_t *component; diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_state.h b/src/libimcv/plugins/imc_attestation/imc_attestation_state.h index 854c8825b..aaf27547c 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation_state.h +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_state.h @@ -57,7 +57,7 @@ struct imc_attestation_state_t { * @return created functional component instance or NULL */ pts_component_t* (*create_component)(imc_attestation_state_t *this, - pts_comp_func_name_t *name, u_int32_t depth); + pts_comp_func_name_t *name, uint32_t depth); /** * Add an entry to the Component Evidence cache list diff --git a/src/libimcv/plugins/imc_hcd/Makefile.in b/src/libimcv/plugins/imc_hcd/Makefile.in index 0d603c9e7..44aaf878b 100644 --- a/src/libimcv/plugins/imc_hcd/Makefile.in +++ b/src/libimcv/plugins/imc_hcd/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libimcv/plugins/imc_hcd -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -198,12 +207,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -253,6 +264,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -287,6 +299,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -398,6 +411,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_hcd/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imc_hcd/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -759,6 +772,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-imcvLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/plugins/imc_hcd/imc_hcd_state.c b/src/libimcv/plugins/imc_hcd/imc_hcd_state.c index ce93d7ef7..60ccdce81 100644 --- a/src/libimcv/plugins/imc_hcd/imc_hcd_state.c +++ b/src/libimcv/plugins/imc_hcd/imc_hcd_state.c @@ -59,7 +59,7 @@ struct private_imc_hcd_state_t { /** * Maximum PA-TNC message size for this TNCCS connection */ - u_int32_t max_msg_len; + uint32_t max_msg_len; /** * PA-TNC attribute segmentation contracts associated with TNCCS connection @@ -93,12 +93,12 @@ METHOD(imc_state_t, set_flags, void, } METHOD(imc_state_t, set_max_msg_len, void, - private_imc_hcd_state_t *this, u_int32_t max_msg_len) + private_imc_hcd_state_t *this, uint32_t max_msg_len) { this->max_msg_len = max_msg_len; } -METHOD(imc_state_t, get_max_msg_len, u_int32_t, +METHOD(imc_state_t, get_max_msg_len, uint32_t, private_imc_hcd_state_t *this) { return this->max_msg_len; diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in index d1787da3c..93d532db2 100644 --- a/src/libimcv/plugins/imc_os/Makefile.in +++ b/src/libimcv/plugins/imc_os/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libimcv/plugins/imc_os -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -198,12 +207,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -253,6 +264,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -287,6 +299,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -398,6 +411,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_os/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imc_os/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -759,6 +772,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-imcvLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c index af1862ad3..cabcd0a9e 100644 --- a/src/libimcv/plugins/imc_os/imc_os.c +++ b/src/libimcv/plugins/imc_os/imc_os.c @@ -162,7 +162,7 @@ static void add_product_info(imc_msg_t *msg) static void add_numeric_version(imc_msg_t *msg) { pa_tnc_attr_t *attr; - u_int32_t major, minor; + uint32_t major, minor; os->get_numeric_version(os, &major, &minor); DBG1(DBG_IMC, "operating system numeric version is %d.%d", diff --git a/src/libimcv/plugins/imc_os/imc_os_state.c b/src/libimcv/plugins/imc_os/imc_os_state.c index 139ab0597..a38696a81 100644 --- a/src/libimcv/plugins/imc_os/imc_os_state.c +++ b/src/libimcv/plugins/imc_os/imc_os_state.c @@ -59,7 +59,7 @@ struct private_imc_os_state_t { /** * Maximum PA-TNC message size for this TNCCS connection */ - u_int32_t max_msg_len; + uint32_t max_msg_len; /** * PA-TNC attribute segmentation contracts associated with TNCCS connection @@ -93,12 +93,12 @@ METHOD(imc_state_t, set_flags, void, } METHOD(imc_state_t, set_max_msg_len, void, - private_imc_os_state_t *this, u_int32_t max_msg_len) + private_imc_os_state_t *this, uint32_t max_msg_len) { this->max_msg_len = max_msg_len; } -METHOD(imc_state_t, get_max_msg_len, u_int32_t, +METHOD(imc_state_t, get_max_msg_len, uint32_t, private_imc_os_state_t *this) { return this->max_msg_len; diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in index 2f03a7c70..44d827945 100644 --- a/src/libimcv/plugins/imc_scanner/Makefile.in +++ b/src/libimcv/plugins/imc_scanner/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libimcv/plugins/imc_scanner -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -199,12 +208,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -254,6 +265,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -288,6 +300,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -399,6 +412,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_scanner/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imc_scanner/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -760,6 +773,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-imcvLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner.c b/src/libimcv/plugins/imc_scanner/imc_scanner.c index c67636f8f..bf2479cf5 100644 --- a/src/libimcv/plugins/imc_scanner/imc_scanner.c +++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c @@ -128,8 +128,8 @@ static bool do_netstat(ietf_attr_port_filter_t *attr) while (fgets(buf, sizeof(buf), file)) { u_char *pos; - u_int8_t new_protocol, protocol; - u_int16_t new_port, port; + uint8_t new_protocol, protocol; + uint16_t new_port, port; int i; enumerator_t *enumerator; bool allowed, found = FALSE; diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c index d357859fa..c1b7a50e4 100644 --- a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c +++ b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c @@ -59,7 +59,7 @@ struct private_imc_scanner_state_t { /** * Maximum PA-TNC message size for this TNCCS connection */ - u_int32_t max_msg_len; + uint32_t max_msg_len; /** * PA-TNC attribute segmentation contracts associated with TNCCS connection @@ -93,12 +93,12 @@ METHOD(imc_state_t, set_flags, void, } METHOD(imc_state_t, set_max_msg_len, void, - private_imc_scanner_state_t *this, u_int32_t max_msg_len) + private_imc_scanner_state_t *this, uint32_t max_msg_len) { this->max_msg_len = max_msg_len; } -METHOD(imc_state_t, get_max_msg_len, u_int32_t, +METHOD(imc_state_t, get_max_msg_len, uint32_t, private_imc_scanner_state_t *this) { return this->max_msg_len; diff --git a/src/libimcv/plugins/imc_swid/Makefile.in b/src/libimcv/plugins/imc_swid/Makefile.in index 981f86401..5eec53129 100644 --- a/src/libimcv/plugins/imc_swid/Makefile.in +++ b/src/libimcv/plugins/imc_swid/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libimcv/plugins/imc_swid -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -469,7 +483,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swid/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swid/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -818,6 +831,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES uninstall-ipsecDATA \ tags tags-am uninstall uninstall-am uninstall-imcvLTLIBRARIES \ uninstall-ipsecDATA uninstall-swidDATA +.PRECIOUS: Makefile + $(swid_tag) : regid.2004-03.org.strongswan_strongSwan.swidtag.in $(AM_V_GEN) \ diff --git a/src/libimcv/plugins/imc_swid/imc_swid_state.c b/src/libimcv/plugins/imc_swid/imc_swid_state.c index 65c279b3f..8d5e8e089 100644 --- a/src/libimcv/plugins/imc_swid/imc_swid_state.c +++ b/src/libimcv/plugins/imc_swid/imc_swid_state.c @@ -59,7 +59,7 @@ struct private_imc_swid_state_t { /** * Maximum PA-TNC message size for this TNCCS connection */ - u_int32_t max_msg_len; + uint32_t max_msg_len; /** * PA-TNC attribute segmentation contracts associated with TNCCS connection @@ -69,7 +69,7 @@ struct private_imc_swid_state_t { /** * Event ID Epoch */ - u_int32_t eid_epoch; + uint32_t eid_epoch; }; METHOD(imc_state_t, get_connection_id, TNC_ConnectionID, @@ -98,12 +98,12 @@ METHOD(imc_state_t, set_flags, void, } METHOD(imc_state_t, set_max_msg_len, void, - private_imc_swid_state_t *this, u_int32_t max_msg_len) + private_imc_swid_state_t *this, uint32_t max_msg_len) { this->max_msg_len = max_msg_len; } -METHOD(imc_state_t, get_max_msg_len, u_int32_t, +METHOD(imc_state_t, get_max_msg_len, uint32_t, private_imc_swid_state_t *this) { return this->max_msg_len; @@ -146,7 +146,7 @@ METHOD(imc_state_t, destroy, void, free(this); } -METHOD(imc_swid_state_t, get_eid_epoch, u_int32_t, +METHOD(imc_swid_state_t, get_eid_epoch, uint32_t, private_imc_swid_state_t *this) { return this->eid_epoch; @@ -158,11 +158,11 @@ METHOD(imc_swid_state_t, get_eid_epoch, u_int32_t, imc_state_t *imc_swid_state_create(TNC_ConnectionID connection_id) { private_imc_swid_state_t *this; - u_int32_t eid_epoch; + uint32_t eid_epoch; nonce_gen_t *ng; ng = lib->crypto->create_nonce_gen(lib->crypto); - if (!ng || !ng->get_nonce(ng, 4, (u_int8_t*)&eid_epoch)) + if (!ng || !ng->get_nonce(ng, 4, (uint8_t*)&eid_epoch)) { DBG1(DBG_TNC, "failed to generate random EID epoch value"); DESTROY_IF(ng); diff --git a/src/libimcv/plugins/imc_swid/imc_swid_state.h b/src/libimcv/plugins/imc_swid/imc_swid_state.h index cb3ac4589..c2719d21b 100644 --- a/src/libimcv/plugins/imc_swid/imc_swid_state.h +++ b/src/libimcv/plugins/imc_swid/imc_swid_state.h @@ -43,7 +43,7 @@ struct imc_swid_state_t { * * @return Event ID Epoch */ - u_int32_t (*get_eid_epoch)(imc_swid_state_t *this); + uint32_t (*get_eid_epoch)(imc_swid_state_t *this); }; diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in index 7bf459044..508f7fe4b 100644 --- a/src/libimcv/plugins/imc_test/Makefile.in +++ b/src/libimcv/plugins/imc_test/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libimcv/plugins/imc_test -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -198,12 +207,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -253,6 +264,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -287,6 +299,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -398,6 +411,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_test/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imc_test/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -759,6 +772,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-imcvLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/plugins/imc_test/imc_test_state.c b/src/libimcv/plugins/imc_test/imc_test_state.c index d3f6805ad..047c82502 100644 --- a/src/libimcv/plugins/imc_test/imc_test_state.c +++ b/src/libimcv/plugins/imc_test/imc_test_state.c @@ -61,7 +61,7 @@ struct private_imc_test_state_t { /** * Maximum PA-TNC message size for this TNCCS connection */ - u_int32_t max_msg_len; + uint32_t max_msg_len; /** * PA-TNC attribute segmentation contracts associated with TNCCS connection @@ -124,12 +124,12 @@ METHOD(imc_state_t, set_flags, void, } METHOD(imc_state_t, set_max_msg_len, void, - private_imc_test_state_t *this, u_int32_t max_msg_len) + private_imc_test_state_t *this, uint32_t max_msg_len) { this->max_msg_len = max_msg_len; } -METHOD(imc_state_t, get_max_msg_len, u_int32_t, +METHOD(imc_state_t, get_max_msg_len, uint32_t, private_imc_test_state_t *this) { return this->max_msg_len; diff --git a/src/libimcv/plugins/imv_attestation/Makefile.am b/src/libimcv/plugins/imv_attestation/Makefile.am index 6c5bf8913..f353d30fc 100644 --- a/src/libimcv/plugins/imv_attestation/Makefile.am +++ b/src/libimcv/plugins/imv_attestation/Makefile.am @@ -2,6 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libimcv \ + -I$(top_srcdir)/src/libtpmtss \ -DPLUGINS=\""${attest_plugins}\"" AM_CFLAGS = \ @@ -11,6 +12,7 @@ imcv_LTLIBRARIES = imv-attestation.la imv_attestation_la_LIBADD = \ $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la imv_attestation_la_SOURCES = imv_attestation.c \ @@ -27,6 +29,7 @@ attest_SOURCES = attest.c \ attest_db.h attest_db.c attest_LDADD = \ $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la attest.o : $(top_builddir)/config.status diff --git a/src/libimcv/plugins/imv_attestation/Makefile.in b/src/libimcv/plugins/imv_attestation/Makefile.in index d3f790091..61b92e0e4 100644 --- a/src/libimcv/plugins/imv_attestation/Makefile.in +++ b/src/libimcv/plugins/imv_attestation/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = attest$(EXEEXT) subdir = src/libimcv/plugins/imv_attestation -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -131,6 +140,7 @@ am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)" LTLIBRARIES = $(imcv_LTLIBRARIES) imv_attestation_la_DEPENDENCIES = \ $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la am_imv_attestation_la_OBJECTS = imv_attestation.lo \ imv_attestation_state.lo imv_attestation_agent.lo \ @@ -149,6 +159,7 @@ am_attest_OBJECTS = attest.$(OBJEXT) attest_usage.$(OBJEXT) \ attest_db.$(OBJEXT) attest_OBJECTS = $(am_attest_OBJECTS) attest_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) @@ -210,12 +221,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -265,6 +278,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -299,6 +313,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -410,6 +425,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -442,6 +458,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libimcv \ + -I$(top_srcdir)/src/libtpmtss \ -DPLUGINS=\""${attest_plugins}\"" AM_CFLAGS = \ @@ -450,6 +467,7 @@ AM_CFLAGS = \ imcv_LTLIBRARIES = imv-attestation.la imv_attestation_la_LIBADD = \ $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la imv_attestation_la_SOURCES = imv_attestation.c \ @@ -465,6 +483,7 @@ attest_SOURCES = attest.c \ attest_LDADD = \ $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la EXTRA_DIST = build-database.sh @@ -484,7 +503,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_attestation/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imv_attestation/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -847,6 +865,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES uninstall-ipsecPROGRAMS tags tags-am uninstall uninstall-am uninstall-imcvLTLIBRARIES \ uninstall-ipsecPROGRAMS +.PRECIOUS: Makefile + attest.o : $(top_builddir)/config.status # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libimcv/plugins/imv_attestation/attest_db.c b/src/libimcv/plugins/imv_attestation/attest_db.c index f1a1f923e..034418428 100644 --- a/src/libimcv/plugins/imv_attestation/attest_db.c +++ b/src/libimcv/plugins/imv_attestation/attest_db.c @@ -853,7 +853,7 @@ METHOD(attest_db_t, list_devices, void, time_t timestamp; int id, last_id = 0, ar_id = 0, last_ar_id = 0, device_count = 0, trusted; int session_id, rec; - u_int32_t ar_id_type; + uint32_t ar_id_type; u_int tstamp; e = this->db->query(this->db, diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_agent.c b/src/libimcv/plugins/imv_attestation/imv_attestation_agent.c index 91c12f33b..89ba86930 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation_agent.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_agent.c @@ -217,7 +217,12 @@ static TNC_Result receive_msg(private_imv_attestation_agent_t *this, DBG1(DBG_IMV, "received TCG-PTS error '%N'", pts_error_code_names, error_code.type); DBG1(DBG_IMV, "error information: %B", &msg_info); - fatal_error = TRUE; + + /* TPM 2.0 doesn't return TPM Version Information */ + if (error_code.type != TCG_PTS_TPM_VERS_NOT_SUPPORTED) + { + fatal_error = TRUE; + } } break; } diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c index c3e053d9b..b1ee16bf8 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c @@ -418,45 +418,31 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg, case TCG_PTS_SIMPLE_EVID_FINAL: { tcg_pts_attr_simple_evid_final_t *attr_cast; - uint8_t flags; - pts_meas_algorithms_t comp_hash_algorithm; - chunk_t pcr_comp, tpm_quote_sig, evid_sig; - chunk_t pcr_composite, quote_info, result_buf; + tpm_tss_quote_info_t *quote_info; + chunk_t quoted = chunk_empty, quote_sig, evid_sig, result_buf; imv_workitem_t *workitem; imv_reason_string_t *reason_string; + hash_algorithm_t digest_alg; enumerator_t *enumerator; - bool use_quote2, use_ver_info; bio_writer_t *result; attr_cast = (tcg_pts_attr_simple_evid_final_t*)attr; - flags = attr_cast->get_quote_info(attr_cast, &comp_hash_algorithm, - &pcr_comp, &tpm_quote_sig); + attr_cast->get_quote_info(attr_cast, "e_info, "e_sig); - if (flags != PTS_SIMPLE_EVID_FINAL_NO) + if (quote_info->get_quote_mode(quote_info) != TPM_QUOTE_NONE) { - use_quote2 = (flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 || - flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER); - use_ver_info = (flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER); - /* Construct PCR Composite and TPM Quote Info structures */ - if (!pts->get_quote_info(pts, use_quote2, use_ver_info, - comp_hash_algorithm, &pcr_composite, "e_info)) - { - DBG1(DBG_IMV, "unable to construct TPM Quote Info"); - return FALSE; - } - - if (!chunk_equals_const(pcr_comp, pcr_composite)) + if (!pts->get_quote(pts, quote_info, "ed)) { - DBG1(DBG_IMV, "received PCR Composite does not match " - "constructed one"); + DBG1(DBG_IMV, "unable to construct TPM Quote Info digest"); attestation_state->set_measurement_error(attestation_state, IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL); goto quote_error; } - DBG2(DBG_IMV, "received PCR Composite matches constructed one"); + digest_alg = quote_info->get_pcr_digest_alg(quote_info); - if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sig)) + if (!pts->verify_quote_signature(pts, digest_alg, quoted, + quote_sig)) { attestation_state->set_measurement_error(attestation_state, IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL); @@ -465,8 +451,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg, DBG2(DBG_IMV, "TPM Quote Info signature verification successful"); quote_error: - free(pcr_composite.ptr); - free(quote_info.ptr); + chunk_free("ed); /** * Finalize any pending measurement registrations and check diff --git a/src/libimcv/plugins/imv_hcd/Makefile.am b/src/libimcv/plugins/imv_hcd/Makefile.am index 28926d45e..0dce300ef 100644 --- a/src/libimcv/plugins/imv_hcd/Makefile.am +++ b/src/libimcv/plugins/imv_hcd/Makefile.am @@ -1,6 +1,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libtpmtss \ -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ diff --git a/src/libimcv/plugins/imv_hcd/Makefile.in b/src/libimcv/plugins/imv_hcd/Makefile.in index c179a94e4..4fdbbf49c 100644 --- a/src/libimcv/plugins/imv_hcd/Makefile.in +++ b/src/libimcv/plugins/imv_hcd/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libimcv/plugins/imv_hcd -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -198,12 +207,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -253,6 +264,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -287,6 +299,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -398,6 +411,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -429,6 +443,7 @@ xml_LIBS = @xml_LIBS@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libtpmtss \ -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ @@ -459,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_hcd/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imv_hcd/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -763,6 +777,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-imcvLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/plugins/imv_os/Makefile.am b/src/libimcv/plugins/imv_os/Makefile.am index 3b3f793f1..f5bc9010c 100644 --- a/src/libimcv/plugins/imv_os/Makefile.am +++ b/src/libimcv/plugins/imv_os/Makefile.am @@ -1,7 +1,8 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv + -I$(top_srcdir)/src/libimcv \ + -I$(top_srcdir)/src/libtpmtss AM_CFLAGS = \ $(PLUGIN_CFLAGS) diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in index c6f925aa0..d2997a940 100644 --- a/src/libimcv/plugins/imv_os/Makefile.in +++ b/src/libimcv/plugins/imv_os/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ @USE_WINDOWS_FALSE@ipsec_PROGRAMS = pacman$(EXEEXT) subdir = src/libimcv/plugins/imv_os -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -206,12 +215,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -261,6 +272,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -295,6 +307,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -406,6 +419,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -437,7 +451,8 @@ xml_LIBS = @xml_LIBS@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv + -I$(top_srcdir)/src/libimcv \ + -I$(top_srcdir)/src/libtpmtss AM_CFLAGS = \ $(PLUGIN_CFLAGS) @@ -471,7 +486,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_os/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imv_os/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -831,6 +845,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES uninstall-ipsecPROGRAMS tags tags-am uninstall uninstall-am uninstall-imcvLTLIBRARIES \ uninstall-ipsecPROGRAMS +.PRECIOUS: Makefile + @USE_WINDOWS_FALSE@pacman.o : $(top_builddir)/config.status # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libimcv/plugins/imv_scanner/Makefile.am b/src/libimcv/plugins/imv_scanner/Makefile.am index 98814437e..3b3ee818f 100644 --- a/src/libimcv/plugins/imv_scanner/Makefile.am +++ b/src/libimcv/plugins/imv_scanner/Makefile.am @@ -1,7 +1,8 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv + -I$(top_srcdir)/src/libimcv \ + -I$(top_srcdir)/src/libtpmtss AM_CFLAGS = \ $(PLUGIN_CFLAGS) diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in index 0eee4d1e0..ffca30cd9 100644 --- a/src/libimcv/plugins/imv_scanner/Makefile.in +++ b/src/libimcv/plugins/imv_scanner/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libimcv/plugins/imv_scanner -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -431,7 +445,8 @@ xml_LIBS = @xml_LIBS@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv + -I$(top_srcdir)/src/libimcv \ + -I$(top_srcdir)/src/libtpmtss AM_CFLAGS = \ $(PLUGIN_CFLAGS) @@ -461,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_scanner/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imv_scanner/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -765,6 +779,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-imcvLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c index acef11cad..8dce4986f 100644 --- a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c +++ b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c @@ -185,13 +185,13 @@ METHOD(imv_agent_if_t, receive_message_long, TNC_Result, typedef struct port_range_t port_range_t; struct port_range_t { - u_int16_t start, stop; + uint16_t start, stop; }; /** * Parse a TCP or UDP port list from an argument string */ -static linked_list_t* get_port_list(u_int8_t protocol_family, +static linked_list_t* get_port_list(uint8_t protocol_family, bool closed_port_policy, char *arg_str) { chunk_t port_list, port_item, port_start; @@ -336,8 +336,8 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, { TNC_IMV_Evaluation_Result eval; TNC_IMV_Action_Recommendation rec; - u_int8_t protocol_family, protocol; - u_int16_t port; + uint8_t protocol_family, protocol; + uint16_t port; bool closed_port_policy, blocked, first; char result_str[BUF_LEN], *pos, *protocol_str; size_t len; diff --git a/src/libimcv/plugins/imv_swid/Makefile.am b/src/libimcv/plugins/imv_swid/Makefile.am index 3a63b67d2..73da84b55 100644 --- a/src/libimcv/plugins/imv_swid/Makefile.am +++ b/src/libimcv/plugins/imv_swid/Makefile.am @@ -1,6 +1,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libtpmtss \ -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ diff --git a/src/libimcv/plugins/imv_swid/Makefile.in b/src/libimcv/plugins/imv_swid/Makefile.in index ce246da57..aea48e7af 100644 --- a/src/libimcv/plugins/imv_swid/Makefile.in +++ b/src/libimcv/plugins/imv_swid/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libimcv/plugins/imv_swid -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -432,6 +446,7 @@ xml_LIBS = @xml_LIBS@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libtpmtss \ -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ @@ -465,7 +480,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swid/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swid/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +784,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-imcvLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in index 19cef2073..30fa3c7a9 100644 --- a/src/libimcv/plugins/imv_test/Makefile.in +++ b/src/libimcv/plugins/imv_test/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libimcv/plugins/imv_test -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -199,12 +208,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -254,6 +265,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -288,6 +300,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -399,6 +412,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_test/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imv_test/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -764,6 +777,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-imcvLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/pts/components/ita/ita_comp_ima.h b/src/libimcv/pts/components/ita/ita_comp_ima.h index 546d0a4b2..0577eccd9 100644 --- a/src/libimcv/pts/components/ita/ita_comp_ima.h +++ b/src/libimcv/pts/components/ita/ita_comp_ima.h @@ -29,7 +29,7 @@ * @param depth Sub-component depth * @param pts_db PTS measurement database */ -pts_component_t* pts_ita_comp_ima_create(u_int32_t depth, +pts_component_t* pts_ita_comp_ima_create(uint32_t depth, pts_database_t *pts_db); #endif /** PTS_ITA_COMP_IMA_H_ @}*/ diff --git a/src/libimcv/pts/components/ita/ita_comp_tboot.c b/src/libimcv/pts/components/ita/ita_comp_tboot.c index 3d990f6f2..324c41f12 100644 --- a/src/libimcv/pts/components/ita/ita_comp_tboot.c +++ b/src/libimcv/pts/components/ita/ita_comp_tboot.c @@ -43,7 +43,7 @@ struct pts_ita_comp_tboot_t { /** * Sub-component depth */ - u_int32_t depth; + uint32_t depth; /** * PTS measurement database @@ -93,20 +93,20 @@ METHOD(pts_component_t, get_comp_func_name, pts_comp_func_name_t*, return this->name; } -METHOD(pts_component_t, get_evidence_flags, u_int8_t, +METHOD(pts_component_t, get_evidence_flags, uint8_t, pts_ita_comp_tboot_t *this) { return PTS_REQ_FUNC_COMP_EVID_PCR; } -METHOD(pts_component_t, get_depth, u_int32_t, +METHOD(pts_component_t, get_depth, uint32_t, pts_ita_comp_tboot_t *this) { return this->depth; } METHOD(pts_component_t, measure, status_t, - pts_ita_comp_tboot_t *this, u_int8_t qualifier, pts_t *pts, + pts_ita_comp_tboot_t *this, uint8_t qualifier, pts_t *pts, pts_comp_evidence_t **evidence) { @@ -117,7 +117,7 @@ METHOD(pts_component_t, measure, status_t, pts_comp_evidence_t *evid; char *meas_hex, *pcr_before_hex, *pcr_after_hex; chunk_t measurement, pcr_before, pcr_after; - u_int32_t extended_pcr; + uint32_t extended_pcr; switch (this->seq_no++) { @@ -183,11 +183,11 @@ METHOD(pts_component_t, measure, status_t, } METHOD(pts_component_t, verify, status_t, - pts_ita_comp_tboot_t *this, u_int8_t qualifier,pts_t *pts, + pts_ita_comp_tboot_t *this, uint8_t qualifier,pts_t *pts, pts_comp_evidence_t *evidence) { bool has_pcr_info; - u_int32_t extended_pcr, vid, name; + uint32_t extended_pcr, vid, name; enum_name_t *names; pts_meas_algorithms_t algo; pts_pcr_transform_t transform; @@ -264,7 +264,7 @@ METHOD(pts_component_t, verify, status_t, } METHOD(pts_component_t, finalize, bool, - pts_ita_comp_tboot_t *this, u_int8_t qualifier, bio_writer_t *result) + pts_ita_comp_tboot_t *this, uint8_t qualifier, bio_writer_t *result) { char result_buf[BUF_LEN]; @@ -304,7 +304,7 @@ METHOD(pts_component_t, destroy, void, pts_ita_comp_tboot_t *this) { int count; - u_int32_t vid, name; + uint32_t vid, name; enum_name_t *names; if (ref_put(&this->ref)) @@ -328,7 +328,7 @@ METHOD(pts_component_t, destroy, void, /** * See header */ -pts_component_t *pts_ita_comp_tboot_create(u_int32_t depth, +pts_component_t *pts_ita_comp_tboot_create(uint32_t depth, pts_database_t *pts_db) { pts_ita_comp_tboot_t *this; diff --git a/src/libimcv/pts/components/ita/ita_comp_tboot.h b/src/libimcv/pts/components/ita/ita_comp_tboot.h index 1e1a14831..0459500cc 100644 --- a/src/libimcv/pts/components/ita/ita_comp_tboot.h +++ b/src/libimcv/pts/components/ita/ita_comp_tboot.h @@ -29,7 +29,7 @@ * @param depth Sub-component depth * @param pts_db PTS measurement database */ -pts_component_t* pts_ita_comp_tboot_create(u_int32_t depth, +pts_component_t* pts_ita_comp_tboot_create(uint32_t depth, pts_database_t *pts_db); #endif /** PTS_ITA_COMP_TBOOT_H_ @}*/ diff --git a/src/libimcv/pts/components/ita/ita_comp_tgrub.c b/src/libimcv/pts/components/ita/ita_comp_tgrub.c index e9555726a..a5a1a9b96 100644 --- a/src/libimcv/pts/components/ita/ita_comp_tgrub.c +++ b/src/libimcv/pts/components/ita/ita_comp_tgrub.c @@ -42,7 +42,7 @@ struct pts_ita_comp_tgrub_t { /** * Sub-component depth */ - u_int32_t depth; + uint32_t depth; /** * PTS measurement database @@ -62,27 +62,27 @@ METHOD(pts_component_t, get_comp_func_name, pts_comp_func_name_t*, return this->name; } -METHOD(pts_component_t, get_evidence_flags, u_int8_t, +METHOD(pts_component_t, get_evidence_flags, uint8_t, pts_ita_comp_tgrub_t *this) { return PTS_REQ_FUNC_COMP_EVID_PCR; } -METHOD(pts_component_t, get_depth, u_int32_t, +METHOD(pts_component_t, get_depth, uint32_t, pts_ita_comp_tgrub_t *this) { return this->depth; } METHOD(pts_component_t, measure, status_t, - pts_ita_comp_tgrub_t *this, u_int8_t qualifier, pts_t *pts, + pts_ita_comp_tgrub_t *this, uint8_t qualifier, pts_t *pts, pts_comp_evidence_t **evidence) { size_t pcr_len; pts_pcr_transform_t pcr_transform; pts_meas_algorithms_t hash_algo; pts_comp_evidence_t *evid; - u_int32_t extended_pcr; + uint32_t extended_pcr; time_t measurement_time; chunk_t measurement, pcr_before, pcr_after; @@ -90,7 +90,7 @@ METHOD(pts_component_t, measure, status_t, extended_pcr = PCR_DEBUG; time(&measurement_time); - if (!pts->read_pcr(pts, extended_pcr, &pcr_after)) + if (!pts->read_pcr(pts, extended_pcr, &pcr_after, HASH_SHA1)) { DBG1(DBG_PTS, "error occurred while reading PCR: %d", extended_pcr); return FAILED; @@ -116,11 +116,11 @@ METHOD(pts_component_t, measure, status_t, } METHOD(pts_component_t, verify, status_t, - pts_ita_comp_tgrub_t *this, u_int8_t qualifier, pts_t *pts, + pts_ita_comp_tgrub_t *this, uint8_t qualifier, pts_t *pts, pts_comp_evidence_t *evidence) { bool has_pcr_info; - u_int32_t extended_pcr; + uint32_t extended_pcr; pts_meas_algorithms_t algo; pts_pcr_transform_t transform; pts_pcr_t *pcrs; @@ -155,7 +155,7 @@ METHOD(pts_component_t, verify, status_t, } METHOD(pts_component_t, finalize, bool, - pts_ita_comp_tgrub_t *this, u_int8_t qualifier, bio_writer_t *result) + pts_ita_comp_tgrub_t *this, uint8_t qualifier, bio_writer_t *result) { return FALSE; } @@ -180,7 +180,7 @@ METHOD(pts_component_t, destroy, void, /** * See header */ -pts_component_t *pts_ita_comp_tgrub_create(u_int32_t depth, +pts_component_t *pts_ita_comp_tgrub_create(uint32_t depth, pts_database_t *pts_db) { pts_ita_comp_tgrub_t *this; diff --git a/src/libimcv/pts/components/ita/ita_comp_tgrub.h b/src/libimcv/pts/components/ita/ita_comp_tgrub.h index 59913c82d..7c856ebb9 100644 --- a/src/libimcv/pts/components/ita/ita_comp_tgrub.h +++ b/src/libimcv/pts/components/ita/ita_comp_tgrub.h @@ -29,7 +29,7 @@ * @param depth Sub-component depth * @param pts_db PTS measurement database */ -pts_component_t* pts_ita_comp_tgrub_create(u_int32_t depth, +pts_component_t* pts_ita_comp_tgrub_create(uint32_t depth, pts_database_t *pts_db); #endif /** PTS_ITA_COMP_TGRUB_H_ @}*/ diff --git a/src/libimcv/pts/components/pts_comp_evidence.c b/src/libimcv/pts/components/pts_comp_evidence.c index 08c3d5e9a..f039deb7a 100644 --- a/src/libimcv/pts/components/pts_comp_evidence.c +++ b/src/libimcv/pts/components/pts_comp_evidence.c @@ -37,7 +37,7 @@ struct private_pts_comp_evidence_t { /** * Sub-Component Depth */ - u_int32_t depth; + uint32_t depth; /** * Measurement Time @@ -62,7 +62,7 @@ struct private_pts_comp_evidence_t { /** * PCR the measurement was extended into */ - u_int32_t extended_pcr; + uint32_t extended_pcr; /** * PCR value before extension @@ -92,7 +92,7 @@ struct private_pts_comp_evidence_t { }; METHOD(pts_comp_evidence_t, get_comp_func_name, pts_comp_func_name_t*, - private_pts_comp_evidence_t *this, u_int32_t *depth) + private_pts_comp_evidence_t *this, uint32_t *depth) { if (depth) { @@ -101,14 +101,14 @@ METHOD(pts_comp_evidence_t, get_comp_func_name, pts_comp_func_name_t*, return this->name; } -METHOD(pts_comp_evidence_t, get_extended_pcr, u_int32_t, +METHOD(pts_comp_evidence_t, get_extended_pcr, uint32_t, private_pts_comp_evidence_t *this) { return this->extended_pcr; } METHOD(pts_comp_evidence_t, get_measurement, chunk_t, - private_pts_comp_evidence_t *this, u_int32_t *extended_pcr, + private_pts_comp_evidence_t *this, uint32_t *extended_pcr, pts_meas_algorithms_t *algo, pts_pcr_transform_t *transform, time_t *measurement_time) { @@ -193,8 +193,8 @@ METHOD(pts_comp_evidence_t, destroy, void, * See header */ pts_comp_evidence_t *pts_comp_evidence_create(pts_comp_func_name_t *name, - u_int32_t depth, - u_int32_t extended_pcr, + uint32_t depth, + uint32_t extended_pcr, pts_meas_algorithms_t algo, pts_pcr_transform_t transform, time_t measurement_time, diff --git a/src/libimcv/pts/components/pts_comp_evidence.h b/src/libimcv/pts/components/pts_comp_evidence.h index 55776ce8b..6178c2abd 100644 --- a/src/libimcv/pts/components/pts_comp_evidence.h +++ b/src/libimcv/pts/components/pts_comp_evidence.h @@ -70,14 +70,14 @@ struct pts_comp_evidence_t { * @result Component Functional Name */ pts_comp_func_name_t* (*get_comp_func_name)(pts_comp_evidence_t *this, - u_int32_t *depth); + uint32_t *depth); /** * Gets the PCR the measurement was extended into * * @result PCR the measurement was extended into */ - u_int32_t (*get_extended_pcr)(pts_comp_evidence_t *this); + uint32_t (*get_extended_pcr)(pts_comp_evidence_t *this); /** * Gets the measurement and the algorithms used @@ -89,7 +89,7 @@ struct pts_comp_evidence_t { * @result Measurement hash value */ chunk_t (*get_measurement)(pts_comp_evidence_t *this, - u_int32_t *extended_pcr, + uint32_t *extended_pcr, pts_meas_algorithms_t *algo, pts_pcr_transform_t *transform, time_t *measurement_time); @@ -150,8 +150,8 @@ struct pts_comp_evidence_t { * @param measurement Measurement hash value */ pts_comp_evidence_t* pts_comp_evidence_create(pts_comp_func_name_t *name, - u_int32_t depth, - u_int32_t extended_pcr, + uint32_t depth, + uint32_t extended_pcr, pts_meas_algorithms_t algo, pts_pcr_transform_t transform, time_t measurement_time, diff --git a/src/libimcv/pts/components/pts_comp_func_name.c b/src/libimcv/pts/components/pts_comp_func_name.c index e12522ed1..00494e1ad 100644 --- a/src/libimcv/pts/components/pts_comp_func_name.c +++ b/src/libimcv/pts/components/pts_comp_func_name.c @@ -35,40 +35,40 @@ struct private_pts_comp_func_name_t { /** * PTS Component Functional Name Vendor ID */ - u_int32_t vid; + uint32_t vid; /** * PTS Component Functional Name */ - u_int32_t name; + uint32_t name; /** * PTS Component Functional Name Qualifier */ - u_int8_t qualifier; + uint8_t qualifier; }; -METHOD(pts_comp_func_name_t, get_vendor_id, u_int32_t, +METHOD(pts_comp_func_name_t, get_vendor_id, uint32_t, private_pts_comp_func_name_t *this) { return this->vid; } -METHOD(pts_comp_func_name_t, get_name, u_int32_t, +METHOD(pts_comp_func_name_t, get_name, uint32_t, private_pts_comp_func_name_t *this) { return this->name; } -METHOD(pts_comp_func_name_t, get_qualifier, u_int8_t, +METHOD(pts_comp_func_name_t, get_qualifier, uint8_t, private_pts_comp_func_name_t *this) { return this->qualifier; } METHOD(pts_comp_func_name_t, set_qualifier, void, - private_pts_comp_func_name_t *this, u_int8_t qualifier) + private_pts_comp_func_name_t *this, uint8_t qualifier) { this->qualifier = qualifier; } @@ -117,12 +117,12 @@ METHOD(pts_comp_func_name_t, log_, void, if (names && types) { - DBG2(DBG_PTS, "%s%N functional component '%N' [%s] '%N'", + DBG3(DBG_PTS, "%s%N functional component '%N' [%s] '%N'", label, pen_names, this->vid, names, this->name, flags, types, type); } else { - DBG2(DBG_PTS, "%s0x%06x functional component 0x%08x 0x%02x", + DBG3(DBG_PTS, "%s0x%06x functional component 0x%08x 0x%02x", label, this->vid, this->name, this->qualifier); } } @@ -136,8 +136,8 @@ METHOD(pts_comp_func_name_t, destroy, void, /** * See header */ -pts_comp_func_name_t* pts_comp_func_name_create(u_int32_t vid, u_int32_t name, - u_int8_t qualifier) +pts_comp_func_name_t* pts_comp_func_name_create(uint32_t vid, uint32_t name, + uint8_t qualifier) { private_pts_comp_func_name_t *this; diff --git a/src/libimcv/pts/components/pts_comp_func_name.h b/src/libimcv/pts/components/pts_comp_func_name.h index 90ad7083f..cb069c404 100644 --- a/src/libimcv/pts/components/pts_comp_func_name.h +++ b/src/libimcv/pts/components/pts_comp_func_name.h @@ -38,28 +38,28 @@ struct pts_comp_func_name_t { * * @return PTS Component Functional Name Vendor ID */ - u_int32_t (*get_vendor_id)(pts_comp_func_name_t *this); + uint32_t (*get_vendor_id)(pts_comp_func_name_t *this); /** * Get the PTS Component Functional Name * * @return PTS Component Functional Name */ - u_int32_t (*get_name)(pts_comp_func_name_t *this); + uint32_t (*get_name)(pts_comp_func_name_t *this); /** * Get the PTS Component Functional Name Qualifier * * @return PTS Component Functional Name Qualifier */ - u_int8_t (*get_qualifier)(pts_comp_func_name_t *this); + uint8_t (*get_qualifier)(pts_comp_func_name_t *this); /** * Set the PTS Component Functional Name Qualifier * * @param qualifier PTS Component Functional Name Qualifier to be set */ - void (*set_qualifier)(pts_comp_func_name_t *this, u_int8_t qualifier); + void (*set_qualifier)(pts_comp_func_name_t *this, uint8_t qualifier); /** * Check to PTS Component Functional Names for equality @@ -97,7 +97,7 @@ struct pts_comp_func_name_t { * @param name PTS Component Functional Name * @param qualifier PTS Component Functional Name Qualifier */ -pts_comp_func_name_t* pts_comp_func_name_create(u_int32_t vid, u_int32_t name, - u_int8_t qualifier); +pts_comp_func_name_t* pts_comp_func_name_create(uint32_t vid, uint32_t name, + uint8_t qualifier); #endif /** PTS_FUNC_COMP_NAME_H_ @}*/ diff --git a/src/libimcv/pts/components/pts_component.h b/src/libimcv/pts/components/pts_component.h index 71b1ad59c..1ca4458bf 100644 --- a/src/libimcv/pts/components/pts_component.h +++ b/src/libimcv/pts/components/pts_component.h @@ -49,14 +49,14 @@ struct pts_component_t { * * @return PTS Component Functional Name */ - u_int8_t (*get_evidence_flags)(pts_component_t *this); + uint8_t (*get_evidence_flags)(pts_component_t *this); /** * Get the PTS Sub-component Depth * * @return PTS Sub-component Depth */ - u_int32_t (*get_depth)(pts_component_t *this); + uint32_t (*get_depth)(pts_component_t *this); /** * Do evidence measurements on the PTS Functional Component @@ -67,7 +67,7 @@ struct pts_component_t { * @param measurements additional file measurements (NULL if not present) * @return status return code */ - status_t (*measure)(pts_component_t *this, u_int8_t qualifier, pts_t *pts, + status_t (*measure)(pts_component_t *this, uint8_t qualifier, pts_t *pts, pts_comp_evidence_t** evidence); /** @@ -78,7 +78,7 @@ struct pts_component_t { * @param evidence component evidence measurement to be verified * @return status return code */ - status_t (*verify)(pts_component_t *this, u_int8_t qualifier, pts_t *pts, + status_t (*verify)(pts_component_t *this, uint8_t qualifier, pts_t *pts, pts_comp_evidence_t *evidence); /** @@ -89,7 +89,7 @@ struct pts_component_t { * @param result writer appending concise measurement result * @return TRUE if finalization successful */ - bool (*finalize)(pts_component_t *this, u_int8_t qualifier, + bool (*finalize)(pts_component_t *this, uint8_t qualifier, bio_writer_t *result); /** diff --git a/src/libimcv/pts/components/pts_component_manager.c b/src/libimcv/pts/components/pts_component_manager.c index 9c1375b79..4f0004fe8 100644 --- a/src/libimcv/pts/components/pts_component_manager.c +++ b/src/libimcv/pts/components/pts_component_manager.c @@ -77,7 +77,7 @@ struct component_entry_t { /** * Vendor-Specific Component Functional Name */ - u_int32_t name; + uint32_t name; /** * Functional Component creation method @@ -165,7 +165,7 @@ METHOD(pts_component_manager_t, get_qualifier_type_names, enum_name_t*, } METHOD(pts_component_manager_t, add_component, void, - private_pts_component_manager_t *this, pen_t vendor_id, u_int32_t name, + private_pts_component_manager_t *this, pen_t vendor_id, uint32_t name, pts_component_create_t create) { enumerator_t *enumerator; @@ -210,13 +210,13 @@ METHOD(pts_component_manager_t, remove_vendor, void, enumerator->destroy(enumerator); } -METHOD(pts_component_manager_t, get_qualifier, u_int8_t, +METHOD(pts_component_manager_t, get_qualifier, uint8_t, private_pts_component_manager_t *this, pts_comp_func_name_t *name, char *flags) { enumerator_t *enumerator; vendor_entry_t *entry; - u_int8_t qualifier, size, flag, type = 0; + uint8_t qualifier, size, flag, type = 0; int i; enumerator = this->list->create_enumerator(this->list); @@ -252,7 +252,7 @@ METHOD(pts_component_manager_t, get_qualifier, u_int8_t, METHOD(pts_component_manager_t, create, pts_component_t*, private_pts_component_manager_t *this, - pts_comp_func_name_t *name, u_int32_t depth, pts_database_t *pts_db) + pts_comp_func_name_t *name, uint32_t depth, pts_database_t *pts_db) { enumerator_t *enumerator, *e2; vendor_entry_t *entry; diff --git a/src/libimcv/pts/components/pts_component_manager.h b/src/libimcv/pts/components/pts_component_manager.h index 00f8765ca..bd1974b92 100644 --- a/src/libimcv/pts/components/pts_component_manager.h +++ b/src/libimcv/pts/components/pts_component_manager.h @@ -30,7 +30,7 @@ typedef struct pts_component_manager_t pts_component_manager_t; #include #include -typedef pts_component_t* (*pts_component_create_t)(u_int32_t depth, +typedef pts_component_t* (*pts_component_create_t)(uint32_t depth, pts_database_t *pts_db); /** @@ -61,7 +61,7 @@ struct pts_component_manager_t { * @param create Functional Component creation method */ void (*add_component)(pts_component_manager_t *this, pen_t vendor_id, - u_int32_t name, pts_component_create_t create); + uint32_t name, pts_component_create_t create); /** * Remove vendor-specific components and associated namespace @@ -95,7 +95,7 @@ struct pts_component_manager_t { * @param flags Qualifier Flags as a string in a char buffer * @return Qualifier Type */ - u_int8_t (*get_qualifier)(pts_component_manager_t *this, + uint8_t (*get_qualifier)(pts_component_manager_t *this, pts_comp_func_name_t *name, char *flags); /** @@ -107,7 +107,7 @@ struct pts_component_manager_t { * @return Component object if supported, NULL else */ pts_component_t* (*create)(pts_component_manager_t *this, - pts_comp_func_name_t *name, u_int32_t depth, + pts_comp_func_name_t *name, uint32_t depth, pts_database_t *pts_db); /** diff --git a/src/libimcv/pts/pts.c b/src/libimcv/pts/pts.c index 1ca72098e..2ba949e40 100644 --- a/src/libimcv/pts/pts.c +++ b/src/libimcv/pts/pts.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Sansar Choinyambuu - * Copyright (C) 2012-2014 Andreas Steffen + * Copyright (C) 2012-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -21,21 +21,8 @@ #include #include -#ifdef TSS_TROUSERS -#ifdef _BASETSD_H_ -/* MinGW defines _BASETSD_H_, but TSS checks for _BASETSD_H */ -# define _BASETSD_H -#endif -#include -#include -#else -#ifndef TPM_TAG_QUOTE_INFO2 -#define TPM_TAG_QUOTE_INFO2 0x0036 -#endif -#ifndef TPM_LOC_ZERO -#define TPM_LOC_ZERO 0x01 -#endif -#endif +#include +#include #include #include @@ -43,6 +30,13 @@ #include #include +#ifndef TPM_TAG_QUOTE_INFO2 +#define TPM_TAG_QUOTE_INFO2 0x0036 +#endif +#ifndef TPM_LOC_ZERO +#define TPM_LOC_ZERO 0x01 +#endif + typedef struct private_pts_t private_pts_t; /** @@ -102,9 +96,9 @@ struct private_pts_t { bool is_imc; /** - * Do we have an activated TPM + * Active TPM */ - bool has_tpm; + tpm_tss_t *tpm; /** * Contains a TPM_CAP_VERSION_INFO struct @@ -112,14 +106,14 @@ struct private_pts_t { chunk_t tpm_version_info; /** - * Contains TSS Blob structure for AIK + * AIK object handle */ - chunk_t aik_blob; + uint32_t aik_handle; /** - * Contains a Attestation Identity Key or Certificate + * Contains an Attestation Identity Key Certificate */ - certificate_t *aik; + certificate_t *aik_cert; /** * Primary key referening AIK in database @@ -191,7 +185,6 @@ METHOD(pts_t, set_dh_hash_algorithm, void, } } - METHOD(pts_t, create_dh_nonce, bool, private_pts_t *this, pts_dh_group_t group, int nonce_len) { @@ -306,41 +299,6 @@ METHOD(pts_t, calculate_secret, bool, return TRUE; } -#ifdef TSS_TROUSERS - -/** - * Print TPM 1.2 Version Info - */ -static void print_tpm_version_info(private_pts_t *this) -{ - TPM_CAP_VERSION_INFO *info; - - info = (TPM_CAP_VERSION_INFO*)this->tpm_version_info.ptr; - - if (this->tpm_version_info.len >= - sizeof(*info) - sizeof(info->vendorSpecific)) - { - DBG2(DBG_PTS, "TPM Version Info: Chip Version: %u.%u.%u.%u, " - "Spec Level: %u, Errata Rev: %u, Vendor ID: %.4s", - info->version.major, info->version.minor, - info->version.revMajor, info->version.revMinor, - untoh16(&info->specLevel), info->errataRev, info->tpmVendorID); - } - else - { - DBG1(DBG_PTS, "could not parse tpm version info"); - } -} - -#else - -static void print_tpm_version_info(private_pts_t *this) -{ - DBG1(DBG_PTS, "unknown TPM version: no TSS implementation available"); -} - -#endif /* TSS_TROUSERS */ - METHOD(pts_t, get_platform_id, int, private_pts_t *this) { @@ -356,104 +314,135 @@ METHOD(pts_t, set_platform_id, void, METHOD(pts_t, get_tpm_version_info, bool, private_pts_t *this, chunk_t *info) { - if (!this->has_tpm) - { - return FALSE; - } - *info = this->tpm_version_info; - print_tpm_version_info(this); - return TRUE; + *info = this->tpm ? this->tpm->get_version_info(this->tpm) : + this->tpm_version_info; + return info->len > 0; } METHOD(pts_t, set_tpm_version_info, void, private_pts_t *this, chunk_t info) { this->tpm_version_info = chunk_clone(info); - print_tpm_version_info(this); -} - -/** - * Load an AIK Blob (TSS_TSPATTRIB_KEYBLOB_BLOB attribute) - */ -static void load_aik_blob(private_pts_t *this) -{ - char *path; - chunk_t *map; - - path = lib->settings->get_str(lib->settings, - "%s.plugins.imc-attestation.aik_blob", NULL, lib->ns); - if (path) - { - map = chunk_map(path, FALSE); - if (map) - { - DBG2(DBG_PTS, "loaded AIK Blob from '%s'", path); - DBG3(DBG_PTS, "AIK Blob: %B", map); - this->aik_blob = chunk_clone(*map); - chunk_unmap(map); - } - else - { - DBG1(DBG_PTS, "unable to map AIK Blob file '%s': %s", - path, strerror(errno)); - } - } - else - { - DBG1(DBG_PTS, "AIK Blob is not available"); - } + /* print_tpm_version_info(this); */ } /** - * Load an AIK certificate or public key + * Load an AIK handle and an optional AIK certificate and + * in the case of a TPM 1.2 an AIK private key blob plus matching public key, * the certificate having precedence over the public key if both are present */ static void load_aik(private_pts_t *this) { - char *cert_path, *key_path; + char *handle_str, *cert_path, *key_path, *blob_path; + chunk_t aik_pubkey = chunk_empty; + handle_str = lib->settings->get_str(lib->settings, + "%s.plugins.imc-attestation.aik_handle", NULL, lib->ns); cert_path = lib->settings->get_str(lib->settings, "%s.plugins.imc-attestation.aik_cert", NULL, lib->ns); key_path = lib->settings->get_str(lib->settings, "%s.plugins.imc-attestation.aik_pubkey", NULL, lib->ns); + blob_path = lib->settings->get_str(lib->settings, + "%s.plugins.imc-attestation.aik_blob", NULL, lib->ns); + if (handle_str) + { + this->aik_handle = strtoll(handle_str, NULL, 16); + } if (cert_path) { - this->aik = lib->creds->create(lib->creds, CRED_CERTIFICATE, + this->aik_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, cert_path, BUILD_END); - if (this->aik) + if (this->aik_cert) { DBG2(DBG_PTS, "loaded AIK certificate from '%s'", cert_path); - return; } } - if (key_path) + + if (this->tpm->get_version(this->tpm) == TPM_VERSION_1_2) { - this->aik = lib->creds->create(lib->creds, CRED_CERTIFICATE, - CERT_TRUSTED_PUBKEY, BUILD_FROM_FILE, - key_path, BUILD_END); - if (this->aik) + tpm_tss_trousers_t *tpm_12; + chunk_t aik_blob = chunk_empty; + chunk_t *map; + + /* get AIK private key blob */ + if (blob_path) { - DBG2(DBG_PTS, "loaded AIK public key from '%s'", key_path); - return; + map = chunk_map(blob_path, FALSE); + if (map) + { + DBG2(DBG_PTS, "loaded AIK Blob from '%s'", blob_path); + DBG3(DBG_PTS, "AIK Blob: %B", map); + aik_blob = chunk_clone(*map); + chunk_unmap(map); + } + else + { + DBG1(DBG_PTS, "unable to map AIK Blob file '%s': %s", + blob_path, strerror(errno)); + } } + else + { + DBG1(DBG_PTS, "AIK Blob is not available"); + } + + /* get AIK public key */ + if (key_path) + { + map = chunk_map(key_path, FALSE); + if (map) + { + DBG2(DBG_PTS, "loaded AIK public key from '%s'", key_path); + aik_pubkey = chunk_clone(*map); + chunk_unmap(map); + } + else + { + DBG1(DBG_PTS, "unable to map AIK public key file '%s': %s", + key_path, strerror(errno)); + } + } + else + { + DBG1(DBG_PTS, "AIK public key is not available"); + } + + /* Load AIK item into TPM 1.2 object */ + tpm_12 = (tpm_tss_trousers_t *)this->tpm; + tpm_12->load_aik(tpm_12, aik_blob, aik_pubkey, this->aik_handle); } - DBG1(DBG_PTS, "neither AIK certificate nor public key is available"); + /* if no signed X.509 AIK certificate is available use public key instead */ + if (!this->aik_cert) + { + aik_pubkey = this->tpm->get_public(this->tpm, this->aik_handle); + if (aik_pubkey.len > 0) + { + this->aik_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, + CERT_TRUSTED_PUBKEY, BUILD_BLOB, + aik_pubkey, BUILD_END); + chunk_free(&aik_pubkey); + } + else + { + DBG1(DBG_PTS, "neither AIK certificate nor public key is available"); + } + } } METHOD(pts_t, get_aik, certificate_t*, private_pts_t *this) { - return this->aik; + return this->aik_cert; } METHOD(pts_t, set_aik, void, private_pts_t *this, certificate_t *aik, int aik_id) { - DESTROY_IF(this->aik); - this->aik = aik->get_ref(aik); + DESTROY_IF(this->aik_cert); + this->aik_cert = aik->get_ref(aik); this->aik_id = aik_id; } @@ -611,312 +600,64 @@ METHOD(pts_t, get_metadata, pts_file_meta_t*, return metadata; } - -#ifdef TSS_TROUSERS - METHOD(pts_t, read_pcr, bool, - private_pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value) + private_pts_t *this, uint32_t pcr_num, chunk_t *pcr_value, + hash_algorithm_t alg) { - TSS_HCONTEXT hContext; - TSS_HTPM hTPM; - TSS_RESULT result; - BYTE *buf; - UINT32 len; - - bool success = FALSE; - - result = Tspi_Context_Create(&hContext); - if (result != TSS_SUCCESS) - { - DBG1(DBG_PTS, "TPM context could not be created: tss error 0x%x", result); - return FALSE; - } - - result = Tspi_Context_Connect(hContext, NULL); - if (result != TSS_SUCCESS) - { - goto err; - } - result = Tspi_Context_GetTpmObject (hContext, &hTPM); - if (result != TSS_SUCCESS) - { - goto err; - } - result = Tspi_TPM_PcrRead(hTPM, pcr_num, &len, &buf); - if (result != TSS_SUCCESS) - { - goto err; - } - *pcr_value = chunk_clone(chunk_create(buf, len)); - DBG3(DBG_PTS, "PCR %d value:%B", pcr_num, pcr_value); - success = TRUE; - -err: - if (!success) - { - DBG1(DBG_PTS, "TPM not available: tss error 0x%x", result); - } - Tspi_Context_FreeMemory(hContext, NULL); - Tspi_Context_Close(hContext); - - return success; + return this->tpm ? this->tpm->read_pcr(this->tpm, pcr_num, pcr_value, alg) + : FALSE; } METHOD(pts_t, extend_pcr, bool, - private_pts_t *this, u_int32_t pcr_num, chunk_t input, chunk_t *output) + private_pts_t *this, uint32_t pcr_num, chunk_t *pcr_value, chunk_t data, + hash_algorithm_t alg) { - TSS_HCONTEXT hContext; - TSS_HTPM hTPM; - TSS_RESULT result; - u_int32_t pcr_length; - chunk_t pcr_value = chunk_empty; - - result = Tspi_Context_Create(&hContext); - if (result != TSS_SUCCESS) + if (!this->tpm->extend_pcr(this->tpm, pcr_num, pcr_value, data, alg)) { - DBG1(DBG_PTS, "TPM context could not be created: tss error 0x%x", - result); return FALSE; } - result = Tspi_Context_Connect(hContext, NULL); - if (result != TSS_SUCCESS) - { - goto err; - } - result = Tspi_Context_GetTpmObject (hContext, &hTPM); - if (result != TSS_SUCCESS) - { - goto err; - } - - pcr_value = chunk_alloc(PTS_PCR_LEN); - result = Tspi_TPM_PcrExtend(hTPM, pcr_num, PTS_PCR_LEN, input.ptr, - NULL, &pcr_length, &pcr_value.ptr); - if (result != TSS_SUCCESS) - { - goto err; - } - - *output = pcr_value; - *output = chunk_clone(*output); - - DBG3(DBG_PTS, "PCR %d extended with: %B", pcr_num, &input); - DBG3(DBG_PTS, "PCR %d value after extend: %B", pcr_num, output); - - chunk_clear(&pcr_value); - Tspi_Context_FreeMemory(hContext, NULL); - Tspi_Context_Close(hContext); + DBG3(DBG_PTS, "PCR %d extended with: %#B", pcr_num, &data); + DBG3(DBG_PTS, "PCR %d after extension: %#B", pcr_num, pcr_value); return TRUE; - -err: - DBG1(DBG_PTS, "TPM not available: tss error 0x%x", result); - - chunk_clear(&pcr_value); - Tspi_Context_FreeMemory(hContext, NULL); - Tspi_Context_Close(hContext); - - return FALSE; } -METHOD(pts_t, quote_tpm, bool, - private_pts_t *this, bool use_quote2, chunk_t *pcr_comp, chunk_t *quote_sig) +METHOD(pts_t, quote, bool, + private_pts_t *this, tpm_quote_mode_t *quote_mode, + tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig) { - TSS_HCONTEXT hContext; - TSS_HTPM hTPM; - TSS_HKEY hAIK; - TSS_HKEY hSRK; - TSS_HPOLICY srkUsagePolicy; - TSS_UUID SRK_UUID = TSS_UUID_SRK; - BYTE secret[] = TSS_WELL_KNOWN_SECRET; - TSS_HPCRS hPcrComposite; - TSS_VALIDATION valData; - TSS_RESULT result; - chunk_t quote_info; - BYTE* versionInfo; - u_int32_t versionInfoSize, pcr; + chunk_t pcr_value, pcr_computed; + uint32_t pcr, pcr_sel = 0; enumerator_t *enumerator; - bool success = FALSE; - - result = Tspi_Context_Create(&hContext); - if (result != TSS_SUCCESS) - { - DBG1(DBG_PTS, "TPM context could not be created: tss error 0x%x", - result); - return FALSE; - } - result = Tspi_Context_Connect(hContext, NULL); - if (result != TSS_SUCCESS) - { - goto err1; - } - result = Tspi_Context_GetTpmObject (hContext, &hTPM); - if (result != TSS_SUCCESS) - { - goto err1; - } - - /* Retrieve SRK from TPM and set the authentication to well known secret*/ - result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, - SRK_UUID, &hSRK); - if (result != TSS_SUCCESS) - { - goto err1; - } - - result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy); - if (result != TSS_SUCCESS) - { - goto err1; - } - result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_SHA1, - 20, secret); - if (result != TSS_SUCCESS) - { - goto err1; - } - result = Tspi_Context_LoadKeyByBlob (hContext, hSRK, this->aik_blob.len, - this->aik_blob.ptr, &hAIK); - if (result != TSS_SUCCESS) - { - goto err1; - } - - /* Create PCR composite object */ - result = use_quote2 ? - Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, - TSS_PCRS_STRUCT_INFO_SHORT, &hPcrComposite) : - Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, - TSS_PCRS_STRUCT_DEFAULT, &hPcrComposite); - if (result != TSS_SUCCESS) - { - goto err2; - } - - /* Select PCRs */ + /* select PCRs */ + DBG2(DBG_PTS, "PCR values hashed into PCR Composite:"); enumerator = this->pcrs->create_enumerator(this->pcrs); while (enumerator->enumerate(enumerator, &pcr)) { - result = use_quote2 ? - Tspi_PcrComposite_SelectPcrIndexEx(hPcrComposite, pcr, - TSS_PCRS_DIRECTION_RELEASE) : - Tspi_PcrComposite_SelectPcrIndex(hPcrComposite, pcr); - if (result != TSS_SUCCESS) + if (this->tpm->read_pcr(this->tpm, pcr, &pcr_value, HASH_SHA1)) { - break; - } - } - enumerator->destroy(enumerator); + pcr_computed = this->pcrs->get(this->pcrs, pcr); + DBG2(DBG_PTS, "PCR %2d %#B %s", pcr, &pcr_value, + chunk_equals(pcr_value, pcr_computed) ? "ok" : "differs"); + chunk_free(&pcr_value); + }; - if (result != TSS_SUCCESS) - { - goto err3; + /* add PCR to selection list */ + pcr_sel |= (1 << pcr); } - - /* Set the Validation Data */ - valData.ulExternalDataLength = this->secret.len; - valData.rgbExternalData = (BYTE *)this->secret.ptr; - + enumerator->destroy(enumerator); /* TPM Quote */ - result = use_quote2 ? - Tspi_TPM_Quote2(hTPM, hAIK, FALSE, hPcrComposite, &valData, - &versionInfoSize, &versionInfo): - Tspi_TPM_Quote(hTPM, hAIK, hPcrComposite, &valData); - if (result != TSS_SUCCESS) - { - goto err4; - } - - /* Set output chunks */ - *pcr_comp = chunk_alloc(HASH_SIZE_SHA1); - - if (use_quote2) - { - /* TPM_Composite_Hash is last 20 bytes of TPM_Quote_Info2 structure */ - memcpy(pcr_comp->ptr, valData.rgbData + valData.ulDataLength - HASH_SIZE_SHA1, - HASH_SIZE_SHA1); - } - else - { - /* TPM_Composite_Hash is 8-28th bytes of TPM_Quote_Info structure */ - memcpy(pcr_comp->ptr, valData.rgbData + 8, HASH_SIZE_SHA1); - } - DBG3(DBG_PTS, "Hash of PCR Composite: %#B", pcr_comp); - - quote_info = chunk_create(valData.rgbData, valData.ulDataLength); - DBG3(DBG_PTS, "TPM Quote Info: %B","e_info); - - *quote_sig = chunk_clone(chunk_create(valData.rgbValidationData, - valData.ulValidationDataLength)); - DBG3(DBG_PTS, "TPM Quote Signature: %B",quote_sig); - - success = TRUE; - - /* Cleanup */ -err4: - Tspi_Context_FreeMemory(hContext, NULL); - -err3: - Tspi_Context_CloseObject(hContext, hPcrComposite); - -err2: - Tspi_Context_CloseObject(hContext, hAIK); - -err1: - Tspi_Context_Close(hContext); - if (!success) - { - DBG1(DBG_PTS, "TPM not available: tss error 0x%x", result); - } - return success; -} - -#else /* TSS_TROUSERS */ - -METHOD(pts_t, read_pcr, bool, - private_pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value) -{ - return FALSE; -} - -METHOD(pts_t, extend_pcr, bool, - private_pts_t *this, u_int32_t pcr_num, chunk_t input, chunk_t *output) -{ - return FALSE; -} - -METHOD(pts_t, quote_tpm, bool, - private_pts_t *this, bool use_quote2, chunk_t *pcr_comp, chunk_t *quote_sig) -{ - return FALSE; + return this->tpm->quote(this->tpm, this->aik_handle, pcr_sel, HASH_SHA1, + this->secret, quote_mode, quote_info, quote_sig); } -#endif /* TSS_TROUSERS */ - -/** - * TPM_QUOTE_INFO structure: - * 4 bytes of version - * 4 bytes 'Q' 'U' 'O' 'T' - * 20 byte SHA1 of TCPA_PCR_COMPOSITE - * 20 byte nonce - * - * TPM_QUOTE_INFO2 structure: - * 2 bytes Tag 0x0036 TPM_Tag_Quote_info2 - * 4 bytes 'Q' 'U' 'T' '2' - * 20 bytes nonce - * 26 bytes PCR_INFO_SHORT - */ - -METHOD(pts_t, get_quote_info, bool, - private_pts_t *this, bool use_quote2, bool use_ver_info, - pts_meas_algorithms_t comp_hash_algo, - chunk_t *out_pcr_comp, chunk_t *out_quote_info) +METHOD(pts_t, get_quote, bool, + private_pts_t *this, tpm_tss_quote_info_t *quote_info, chunk_t *quoted) { - chunk_t selection, pcr_comp, hash_pcr_comp; - bio_writer_t *writer; - hasher_t *hasher; + tpm_tss_pcr_composite_t *pcr_composite; + bool success; if (!this->pcrs->get_count(this->pcrs)) { @@ -930,128 +671,93 @@ METHOD(pts_t, get_quote_info, bool, "unable to construct TPM Quote Info"); return FALSE; } - if (use_quote2 && use_ver_info && !this->tpm_version_info.ptr) - { - DBG1(DBG_PTS, "TPM Version Information unavailable, ", - "unable to construct TPM Quote Info2"); - return FALSE; - } - - pcr_comp = this->pcrs->get_composite(this->pcrs); - - - /* Output the TPM_PCR_COMPOSITE expected from IMC */ - if (comp_hash_algo) + if (quote_info->get_quote_mode(quote_info) == TPM_QUOTE2_VERSION_INFO) { - hash_algorithm_t algo; - - algo = pts_meas_algo_to_hash(comp_hash_algo); - hasher = lib->crypto->create_hasher(lib->crypto, algo); - - /* Hash the PCR Composite Structure */ - if (!hasher || !hasher->allocate_hash(hasher, pcr_comp, out_pcr_comp)) + if (!this->tpm_version_info.ptr) { - DESTROY_IF(hasher); - free(pcr_comp.ptr); + DBG1(DBG_PTS, "TPM Version Information unavailable, ", + "unable to construct TPM Quote Info2"); return FALSE; } - DBG3(DBG_PTS, "constructed PCR Composite hash: %#B", out_pcr_comp); - hasher->destroy(hasher); + quote_info->set_version_info(quote_info, this->tpm_version_info); } - else - { - *out_pcr_comp = chunk_clone(pcr_comp); - } - - /* SHA1 hash of PCR Composite to construct TPM_QUOTE_INFO */ - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (!hasher || !hasher->allocate_hash(hasher, pcr_comp, &hash_pcr_comp)) - { - DESTROY_IF(hasher); - chunk_free(out_pcr_comp); - free(pcr_comp.ptr); - return FALSE; - } - hasher->destroy(hasher); - - /* Construct TPM_QUOTE_INFO/TPM_QUOTE_INFO2 structure */ - writer = bio_writer_create(TPM_QUOTE_INFO_LEN); - - if (use_quote2) - { - /* TPM Structure Tag */ - writer->write_uint16(writer, TPM_TAG_QUOTE_INFO2); - - /* Magic QUT2 value */ - writer->write_data(writer, chunk_create("QUT2", 4)); - - /* Secret assessment value 20 bytes (nonce) */ - writer->write_data(writer, this->secret); - - /* PCR selection */ - selection.ptr = pcr_comp.ptr; - selection.len = 2 + this->pcrs->get_selection_size(this->pcrs); - writer->write_data(writer, selection); - - /* TPM Locality Selection */ - writer->write_uint8(writer, TPM_LOC_ZERO); - - /* PCR Composite Hash */ - writer->write_data(writer, hash_pcr_comp); - - if (use_ver_info) - { - /* TPM version Info */ - writer->write_data(writer, this->tpm_version_info); - } - } - else - { - /* Version number */ - writer->write_data(writer, chunk_from_chars(1, 1, 0, 0)); - - /* Magic QUOT value */ - writer->write_data(writer, chunk_create("QUOT", 4)); - - /* PCR Composite Hash */ - writer->write_data(writer, hash_pcr_comp); - - /* Secret assessment value 20 bytes (nonce) */ - writer->write_data(writer, this->secret); - } - - /* TPM Quote Info */ - *out_quote_info = writer->extract_buf(writer); - DBG3(DBG_PTS, "constructed TPM Quote Info: %B", out_quote_info); + pcr_composite = this->pcrs->get_composite(this->pcrs); - writer->destroy(writer); - free(pcr_comp.ptr); - free(hash_pcr_comp.ptr); + success = quote_info->get_quote(quote_info, this->secret, + pcr_composite, quoted); + chunk_free(&pcr_composite->pcr_select); + chunk_free(&pcr_composite->pcr_composite); + free(pcr_composite); - return TRUE; + return success; } METHOD(pts_t, verify_quote_signature, bool, - private_pts_t *this, chunk_t data, chunk_t signature) + private_pts_t *this, hash_algorithm_t digest_alg, chunk_t digest, + chunk_t signature) { - public_key_t *aik_pub_key; + public_key_t *aik_pubkey; + signature_scheme_t scheme; - aik_pub_key = this->aik->get_public_key(this->aik); - if (!aik_pub_key) + aik_pubkey = this->aik_cert->get_public_key(this->aik_cert); + if (!aik_pubkey) { DBG1(DBG_PTS, "failed to get public key from AIK certificate"); return FALSE; } - if (!aik_pub_key->verify(aik_pub_key, SIGN_RSA_EMSA_PKCS1_SHA1, - data, signature)) + /* Determine signing scheme */ + switch (aik_pubkey->get_type(aik_pubkey)) + { + case KEY_RSA: + switch (digest_alg) + { + case HASH_SHA1: + scheme = SIGN_RSA_EMSA_PKCS1_SHA1; + break; + case HASH_SHA256: + scheme = SIGN_RSA_EMSA_PKCS1_SHA256; + break; + case HASH_SHA384: + scheme = SIGN_RSA_EMSA_PKCS1_SHA384; + break; + case HASH_SHA512: + scheme = SIGN_RSA_EMSA_PKCS1_SHA512; + break; + default: + scheme = SIGN_UNKNOWN; + } + break; + case KEY_ECDSA: + switch (digest_alg) + { + case HASH_SHA256: + scheme = SIGN_ECDSA_256; + break; + case HASH_SHA384: + scheme = SIGN_ECDSA_384; + break; + case HASH_SHA512: + scheme = SIGN_ECDSA_521; + break; + default: + scheme = SIGN_UNKNOWN; + } + break; + default: + DBG1(DBG_PTS, "%N AIK key type not supported", key_type_names, + aik_pubkey->get_type(aik_pubkey)); + return FALSE; + } + + if (!aik_pubkey->verify(aik_pubkey, scheme, digest, signature)) { DBG1(DBG_PTS, "signature verification failed for TPM Quote Info"); - DESTROY_IF(aik_pub_key); + DESTROY_IF(aik_pubkey); return FALSE; } - aik_pub_key->destroy(aik_pub_key); + aik_pubkey->destroy(aik_pubkey); return TRUE; } @@ -1064,78 +770,17 @@ METHOD(pts_t, get_pcrs, pts_pcr_t*, METHOD(pts_t, destroy, void, private_pts_t *this) { + DESTROY_IF(this->tpm); DESTROY_IF(this->pcrs); - DESTROY_IF(this->aik); + DESTROY_IF(this->aik_cert); DESTROY_IF(this->dh); free(this->initiator_nonce.ptr); free(this->responder_nonce.ptr); free(this->secret.ptr); - free(this->aik_blob.ptr); free(this->tpm_version_info.ptr); free(this); } - -#ifdef TSS_TROUSERS - -/** - * Check for a TPM by querying for TPM Version Info - */ -static bool has_tpm(private_pts_t *this) -{ - TSS_HCONTEXT hContext; - TSS_HTPM hTPM; - TSS_RESULT result; - u_int32_t version_info_len; - - result = Tspi_Context_Create(&hContext); - if (result != TSS_SUCCESS) - { - DBG1(DBG_PTS, "TPM context could not be created: tss error 0x%x", - result); - return FALSE; - } - result = Tspi_Context_Connect(hContext, NULL); - if (result != TSS_SUCCESS) - { - goto err; - } - result = Tspi_Context_GetTpmObject (hContext, &hTPM); - if (result != TSS_SUCCESS) - { - goto err; - } - result = Tspi_TPM_GetCapability(hTPM, TSS_TPMCAP_VERSION_VAL, 0, NULL, - &version_info_len, - &this->tpm_version_info.ptr); - this->tpm_version_info.len = version_info_len; - if (result != TSS_SUCCESS) - { - goto err; - } - this->tpm_version_info = chunk_clone(this->tpm_version_info); - - Tspi_Context_FreeMemory(hContext, NULL); - Tspi_Context_Close(hContext); - return TRUE; - - err: - DBG1(DBG_PTS, "TPM not available: tss error 0x%x", result); - Tspi_Context_FreeMemory(hContext, NULL); - Tspi_Context_Close(hContext); - return FALSE; -} - -#else /* TSS_TROUSERS */ - -static bool has_tpm(private_pts_t *this) -{ - return FALSE; -} - -#endif /* TSS_TROUSERS */ - - /** * See header */ @@ -1174,9 +819,9 @@ pts_t *pts_create(bool is_imc) .get_metadata = _get_metadata, .read_pcr = _read_pcr, .extend_pcr = _extend_pcr, - .quote_tpm = _quote_tpm, + .quote = _quote, .get_pcrs = _get_pcrs, - .get_quote_info = _get_quote_info, + .get_quote = _get_quote, .verify_quote_signature = _verify_quote_signature, .destroy = _destroy, }, @@ -1189,12 +834,11 @@ pts_t *pts_create(bool is_imc) if (is_imc) { - if (has_tpm(this)) + this->tpm = tpm_tss_probe(TPM_VERSION_ANY); + if (this->tpm) { - this->has_tpm = TRUE; this->proto_caps |= PTS_PROTO_CAPS_T | PTS_PROTO_CAPS_D; load_aik(this); - load_aik_blob(this); } } else diff --git a/src/libimcv/pts/pts.h b/src/libimcv/pts/pts.h index d525306dd..f3da659dc 100644 --- a/src/libimcv/pts/pts.h +++ b/src/libimcv/pts/pts.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu - * Copyright (C) 2012-2014 Andreas Steffen + * Copyright (C) 2012-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -32,9 +32,10 @@ typedef struct pts_t pts_t; #include "pts_dh_group.h" #include "pts_pcr.h" #include "pts_req_func_comp_evid.h" -#include "pts_simple_evid_final.h" #include "components/pts_comp_func_name.h" +#include + #include #include @@ -70,11 +71,6 @@ typedef struct pts_t pts_t; */ #define ASSESSMENT_SECRET_LEN 20 -/** - * Length of the TPM_QUOTE_INFO structure, TPM Spec 1.2 - */ -#define TPM_QUOTE_INFO_LEN 48 - /** * Hashing algorithm used by tboot and trustedGRUB */ @@ -236,39 +232,39 @@ struct pts_t { pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname, bool is_dir); /** - * Reads given PCR value and returns it - * Expects owner secret to be WELL_KNOWN_SECRET + * Retrieve the current value of a PCR register in a given PCR bank * - * @param pcr_num Number of PCR to read - * @param pcr_value Chunk to save pcr read output - * @return NULL in case of TSS error, PCR value otherwise + * @param pcr_num PCR number + * @param pcr_value PCR value returned + * @param alg hash algorithm, selects PCR bank (TPM 2.0 only) + * @return TRUE if PCR value retrieval succeeded */ - bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value); + bool (*read_pcr)(pts_t *this, uint32_t pcr_num, chunk_t *pcr_value, + hash_algorithm_t alg); /** - * Extends given PCR with given value - * Expects owner secret to be WELL_KNOWN_SECRET + * Extend a PCR register in a given PCR bank with a hash value * - * @param pcr_num Number of PCR to extend - * @param input Value to extend - * @param output Chunk to save PCR value after extension - * @return FALSE in case of TSS error, TRUE otherwise + * @param pcr_num PCR number + * @param pcr_value extended PCR value returned + * @param hash data to be extended into the PCR + * @param alg hash algorithm, selects PCR bank (TPM 2.0 only) + * @return TRUE if PCR extension succeeded */ - bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input, - chunk_t *output); + bool (*extend_pcr)(pts_t *this, uint32_t pcr_num, chunk_t *pcr_value, + chunk_t data, hash_algorithm_t alg); /** * Quote over PCR's * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK * - * @param use_quote2 Version of the Quote function to be used - * @param pcr_comp Chunk to save PCR composite structure - * @param quote_sig Chunk to save quote operation output - * without external data (anti-replay protection) - * @return FALSE in case of TSS error, TRUE otherwise + * @param quote_mode type of Quote signature + * @param quote_info returns various info covered by Quote signature + * @param quote_sig returns Quote signature + * @return FALSE in case of Quote error, TRUE otherwise */ - bool (*quote_tpm)(pts_t *this, bool use_quote2, chunk_t *pcr_comp, - chunk_t *quote_sig); + bool (*quote)(pts_t *this, tpm_quote_mode_t *quote_mode, + tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig); /** * Get the shadow PCR set @@ -277,28 +273,26 @@ struct pts_t { */ pts_pcr_t* (*get_pcrs)(pts_t *this); - /** - * Constructs and returns TPM Quote Info structure expected from IMC + /** + * Computes digest of the constructed TPM Quote Info structure * - * @param use_quote2 Version of the TPM_QUOTE_INFO to be constructed - * @param use_ver_info Version info is concatenated to TPM_QUOTE_INFO2 - * @param comp_hash_algo Composite Hash Algorithm - * @param pcr_comp Output variable to store PCR Composite - * @param quote_info Output variable to store TPM Quote Info + * @param quote_info TPM Quote Info as received from IMC + * @param quoted Encoding of TPM Quote Info * @return FALSE in case of any error, TRUE otherwise */ - bool (*get_quote_info)(pts_t *this, bool use_quote2, bool ver_info_included, - pts_meas_algorithms_t comp_hash_algo, - chunk_t *pcr_comp, chunk_t *quote_info); + bool (*get_quote)(pts_t *this, tpm_tss_quote_info_t *quote_info, + chunk_t *quoted); /** * Constructs and returns PCR Quote Digest structure expected from IMC * - * @param data Calculated TPM Quote Digest + * @param digest_alg Hash algorithm used for TPM Quote Digest + * @param digest Calculated TPM Quote Digest * @param signature TPM Quote Signature received from IMC * @return FALSE if signature is not verified */ - bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature); + bool (*verify_quote_signature)(pts_t *this, hash_algorithm_t digest_alg, + chunk_t digest, chunk_t signature); /** * Destroys a pts_t object. diff --git a/src/libimcv/pts/pts_file_meas.c b/src/libimcv/pts/pts_file_meas.c index 966d54ba2..6cfb86cb3 100644 --- a/src/libimcv/pts/pts_file_meas.c +++ b/src/libimcv/pts/pts_file_meas.c @@ -39,7 +39,7 @@ struct private_pts_file_meas_t { /** * ID of PTS File Measurement Request */ - u_int16_t request_id; + uint16_t request_id; /** * List of File Measurements @@ -70,7 +70,7 @@ static void free_entry(entry_t *entry) } } -METHOD(pts_file_meas_t, get_request_id, u_int16_t, +METHOD(pts_file_meas_t, get_request_id, uint16_t, private_pts_file_meas_t *this) { return this->request_id; @@ -266,7 +266,7 @@ METHOD(pts_file_meas_t, destroy, void, /** * See header */ -pts_file_meas_t *pts_file_meas_create(u_int16_t request_id) +pts_file_meas_t *pts_file_meas_create(uint16_t request_id) { private_pts_file_meas_t *this; @@ -334,7 +334,7 @@ static bool hash_file(hasher_t *hasher, char *pathname, u_char *hash) /** * See header */ -pts_file_meas_t *pts_file_meas_create_from_path(u_int16_t request_id, +pts_file_meas_t *pts_file_meas_create_from_path(uint16_t request_id, char *pathname, bool is_dir, bool use_rel_name, pts_meas_algorithms_t alg) { diff --git a/src/libimcv/pts/pts_file_meas.h b/src/libimcv/pts/pts_file_meas.h index 4bf28e280..514006925 100644 --- a/src/libimcv/pts/pts_file_meas.h +++ b/src/libimcv/pts/pts_file_meas.h @@ -38,7 +38,7 @@ struct pts_file_meas_t { * * @return ID of PTS File Measurement Request */ - u_int16_t (*get_request_id)(pts_file_meas_t *this); + uint16_t (*get_request_id)(pts_file_meas_t *this); /** * Get the number of measured files @@ -94,7 +94,7 @@ struct pts_file_meas_t { * * @param request_id ID of PTS File Measurement Request */ -pts_file_meas_t* pts_file_meas_create(u_int16_t request_id); +pts_file_meas_t* pts_file_meas_create(uint16_t request_id); /** * Creates a pts_file_meas_t object measuring a file/directory @@ -105,7 +105,7 @@ pts_file_meas_t* pts_file_meas_create(u_int16_t request_id); * @param use_rel_name TRUE if relative filenames are to be used * @param alg PTS hash measurement algorithm to be used */ -pts_file_meas_t* pts_file_meas_create_from_path(u_int16_t request_id, +pts_file_meas_t* pts_file_meas_create_from_path(uint16_t request_id, char* pathname, bool is_dir, bool use_rel_name, pts_meas_algorithms_t alg); diff --git a/src/libimcv/pts/pts_file_meta.h b/src/libimcv/pts/pts_file_meta.h index 3f1813306..b02b142db 100644 --- a/src/libimcv/pts/pts_file_meta.h +++ b/src/libimcv/pts/pts_file_meta.h @@ -34,12 +34,12 @@ typedef struct pts_file_metadata_t pts_file_metadata_t; */ struct pts_file_metadata_t { pts_file_type_t type; - u_int64_t filesize; - u_int64_t created; - u_int64_t modified; - u_int64_t accessed; - u_int64_t owner; - u_int64_t group; + uint64_t filesize; + uint64_t created; + uint64_t modified; + uint64_t accessed; + uint64_t owner; + uint64_t group; char *filename; }; diff --git a/src/libimcv/pts/pts_ima_bios_list.c b/src/libimcv/pts/pts_ima_bios_list.c index 5051b6c2d..7caa514a5 100644 --- a/src/libimcv/pts/pts_ima_bios_list.c +++ b/src/libimcv/pts/pts_ima_bios_list.c @@ -61,6 +61,8 @@ enum event_type_t { EV_EFI_PLATFORM_FIRMWARE_BLOB = 0x80000008, EV_EFI_HANDOFF_TABLES = 0x80000009, + EV_EFI_HCRTM_EVENT = 0x80000010, + EV_EFI_VARIABLE_AUTHORITY = 0x800000E0 }; @@ -85,7 +87,6 @@ ENUM_BEGIN(event_type_names, EV_PREBOOT_CERT, EV_OMIT_BOOT_DEVICE_EVENTS, "Nonhost Info", "Omit Boot Device Events" ); - ENUM_NEXT(event_type_names, EV_EFI_EVENT_BASE, EV_EFI_HANDOFF_TABLES, EV_OMIT_BOOT_DEVICE_EVENTS, "EFI Event Base", @@ -99,8 +100,12 @@ ENUM_NEXT(event_type_names, EV_EFI_EVENT_BASE, EV_EFI_HANDOFF_TABLES, "EFI Platform Firmware Blob", "EFI Handoff Tables" ); -ENUM_NEXT(event_type_names, EV_EFI_VARIABLE_AUTHORITY, EV_EFI_VARIABLE_AUTHORITY, +ENUM_NEXT(event_type_names, EV_EFI_HCRTM_EVENT, EV_EFI_HCRTM_EVENT, EV_EFI_HANDOFF_TABLES, + "EFI HCRTM Event" +); +ENUM_NEXT(event_type_names, EV_EFI_VARIABLE_AUTHORITY, EV_EFI_VARIABLE_AUTHORITY, + EV_EFI_HCRTM_EVENT, "EFI Variable Authority" ); ENUM_END(event_type_names, EV_EFI_VARIABLE_AUTHORITY); diff --git a/src/libimcv/pts/pts_meas_algo.c b/src/libimcv/pts/pts_meas_algo.c index c06371123..246c37714 100644 --- a/src/libimcv/pts/pts_meas_algo.c +++ b/src/libimcv/pts/pts_meas_algo.c @@ -155,6 +155,24 @@ hash_algorithm_t pts_meas_algo_to_hash(pts_meas_algorithms_t algorithm) } } +/** + * Described in header. + */ +pts_meas_algorithms_t pts_meas_algo_from_hash(hash_algorithm_t algorithm) +{ + switch (algorithm) + { + case HASH_SHA1: + return PTS_MEAS_ALGO_SHA1; + case HASH_SHA256: + return PTS_MEAS_ALGO_SHA256; + case HASH_SHA384: + return PTS_MEAS_ALGO_SHA384; + default: + return PTS_MEAS_ALGO_NONE; + } +} + /** * Described in header. */ diff --git a/src/libimcv/pts/pts_meas_algo.h b/src/libimcv/pts/pts_meas_algo.h index eec7e7981..d70310679 100644 --- a/src/libimcv/pts/pts_meas_algo.h +++ b/src/libimcv/pts/pts_meas_algo.h @@ -95,6 +95,14 @@ pts_meas_algorithms_t pts_meas_algo_select(pts_meas_algorithms_t supported_algos */ hash_algorithm_t pts_meas_algo_to_hash(pts_meas_algorithms_t algorithm); +/** + * Convert hash_algorithm_t to pts_meas_algorithms_t + * + * @param algorithm PTS measurement algorithm type + * @return libstrongswan hash algorithm type + */ +pts_meas_algorithms_t pts_meas_algo_from_hash(hash_algorithm_t algorithm); + /** * Return the hash size of a pts_meas_algorithm * diff --git a/src/libimcv/pts/pts_pcr.c b/src/libimcv/pts/pts_pcr.c index 0af93b608..d514532c5 100644 --- a/src/libimcv/pts/pts_pcr.c +++ b/src/libimcv/pts/pts_pcr.c @@ -40,17 +40,17 @@ struct private_pts_pcr_t { /** * Number of extended PCR registers */ - u_int32_t pcr_count; + uint32_t pcr_count; /** * Highest extended PCR register */ - u_int32_t pcr_max; + uint32_t pcr_max; /** * Bitmap of extended PCR registers */ - u_int8_t pcr_select[PTS_PCR_MAX_NUM / 8]; + uint8_t pcr_select[PTS_PCR_MAX_NUM / 8]; /** * Hasher used to extend shadow PCRs @@ -59,16 +59,16 @@ struct private_pts_pcr_t { }; -METHOD(pts_pcr_t, get_count, u_int32_t, +METHOD(pts_pcr_t, get_count, uint32_t, private_pts_pcr_t *this) { return this->pcr_count; } METHOD(pts_pcr_t, select_pcr, bool, - private_pts_pcr_t *this, u_int32_t pcr) + private_pts_pcr_t *this, uint32_t pcr) { - u_int32_t i, f; + uint32_t i, f; if (pcr >= PTS_PCR_MAX_NUM) { @@ -106,7 +106,7 @@ typedef struct { /** implements enumerator_t */ enumerator_t public; /** current PCR */ - u_int32_t pcr; + uint32_t pcr; /** back reference to parent */ private_pts_pcr_t *pcrs; } pcr_enumerator_t; @@ -116,11 +116,11 @@ typedef struct { */ static bool pcr_enumerator_enumerate(pcr_enumerator_t *this, ...) { - u_int32_t *pcr, i, f; + uint32_t *pcr, i, f; va_list args; va_start(args, this); - pcr = va_arg(args, u_int32_t*); + pcr = va_arg(args, uint32_t*); va_end(args); while (this->pcr <= this->pcrs->pcr_max) @@ -158,13 +158,13 @@ METHOD(pts_pcr_t, create_enumerator, enumerator_t*, } METHOD(pts_pcr_t, get, chunk_t, - private_pts_pcr_t *this, u_int32_t pcr) + private_pts_pcr_t *this, uint32_t pcr) { return (pcr < PTS_PCR_MAX_NUM) ? this->pcrs[pcr] : chunk_empty; } METHOD(pts_pcr_t, set, bool, - private_pts_pcr_t *this, u_int32_t pcr, chunk_t value) + private_pts_pcr_t *this, uint32_t pcr, chunk_t value) { if (value.len != PTS_PCR_LEN) { @@ -180,7 +180,7 @@ METHOD(pts_pcr_t, set, bool, } METHOD(pts_pcr_t, extend, chunk_t, - private_pts_pcr_t *this, u_int32_t pcr, chunk_t measurement) + private_pts_pcr_t *this, uint32_t pcr, chunk_t measurement) { if (measurement.len != PTS_PCR_LEN) { @@ -200,26 +200,25 @@ METHOD(pts_pcr_t, extend, chunk_t, return this->pcrs[pcr]; } -METHOD(pts_pcr_t, get_composite, chunk_t, +METHOD(pts_pcr_t, get_composite, tpm_tss_pcr_composite_t*, private_pts_pcr_t *this) { - chunk_t composite; + tpm_tss_pcr_composite_t *pcr_composite; enumerator_t *enumerator; - u_int16_t selection_size; - u_int32_t pcr_field_size, pcr; + uint16_t selection_size; + uint32_t pcr_field_size, pcr; u_char *pos; selection_size = get_selection_size(this); pcr_field_size = this->pcr_count * PTS_PCR_LEN; - composite = chunk_alloc(2 + selection_size + 4 + pcr_field_size); - pos = composite.ptr; - htoun16(pos, selection_size); - pos += 2; - memcpy(pos, this->pcr_select, selection_size); - pos += selection_size; - htoun32(pos, pcr_field_size); - pos += 4; + INIT(pcr_composite, + .pcr_select = chunk_alloc(selection_size), + .pcr_composite = chunk_alloc(pcr_field_size), + ); + + memcpy(pcr_composite->pcr_select.ptr, this->pcr_select, selection_size); + pos = pcr_composite->pcr_composite.ptr; enumerator = create_enumerator(this); while (enumerator->enumerate(enumerator, &pcr)) @@ -229,14 +228,13 @@ METHOD(pts_pcr_t, get_composite, chunk_t, } enumerator->destroy(enumerator); - DBG3(DBG_PTS, "constructed PCR Composite: %B", &composite); - return composite; + return pcr_composite; } METHOD(pts_pcr_t, destroy, void, private_pts_pcr_t *this) { - u_int32_t i; + uint32_t i; for (i = 0; i < PTS_PCR_MAX_NUM; i++) { @@ -253,7 +251,7 @@ pts_pcr_t *pts_pcr_create(void) { private_pts_pcr_t *this; hasher_t *hasher; - u_int32_t i; + uint32_t i; hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (!hasher) diff --git a/src/libimcv/pts/pts_pcr.h b/src/libimcv/pts/pts_pcr.h index f638b5ee4..df84c679f 100644 --- a/src/libimcv/pts/pts_pcr.h +++ b/src/libimcv/pts/pts_pcr.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -25,6 +25,8 @@ typedef struct pts_pcr_t pts_pcr_t; #include +#include + /** * Maximum number of PCR's of TPM, TPM Spec 1.2 */ @@ -45,7 +47,7 @@ struct pts_pcr_t { * * @return number of selected PCRs */ - u_int32_t (*get_count)(pts_pcr_t *this); + uint32_t (*get_count)(pts_pcr_t *this); /** * Mark a PCR as selected @@ -53,7 +55,7 @@ struct pts_pcr_t { * @param pcr index of PCR * @return TRUE if PCR index exists */ - bool (*select_pcr)(pts_pcr_t *this, u_int32_t pcr); + bool (*select_pcr)(pts_pcr_t *this, uint32_t pcr); /** * Get the size of the selection field in bytes @@ -75,7 +77,7 @@ struct pts_pcr_t { * @param pcr index of PCR * @return content of PCR */ - chunk_t (*get)(pts_pcr_t *this, u_int32_t pcr); + chunk_t (*get)(pts_pcr_t *this, uint32_t pcr); /** * Set the content of a PCR @@ -84,7 +86,7 @@ struct pts_pcr_t { * @param value new value of PCR * @return TRUE if value could be set */ - bool (*set)(pts_pcr_t *this, u_int32_t pcr, chunk_t value); + bool (*set)(pts_pcr_t *this, uint32_t pcr, chunk_t value); /** * Extend the content of a PCR @@ -93,14 +95,14 @@ struct pts_pcr_t { * @param measurement measurment value to be extended into PCR * @return new content of PCR */ - chunk_t (*extend)(pts_pcr_t *this, u_int32_t pcr, chunk_t measurement); + chunk_t (*extend)(pts_pcr_t *this, uint32_t pcr, chunk_t measurement); /** * Create a PCR Composite object over all selected PCRs * * @return PCR Composite object (must be freed) */ - chunk_t (*get_composite)(pts_pcr_t *this); + tpm_tss_pcr_composite_t* (*get_composite)(pts_pcr_t *this); /** diff --git a/src/libimcv/pts/pts_simple_evid_final.h b/src/libimcv/pts/pts_simple_evid_final.h deleted file mode 100644 index 0c8dea0cc..000000000 --- a/src/libimcv/pts/pts_simple_evid_final.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (C) 2011 Sansar Choinyambuu - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup pts_simple_evid_final pts_rsimple_evid_final - * @{ @ingroup pts - */ - -#ifndef PTS_SIMPLE_EVID_FINAL_H_ -#define PTS_SIMPLE_EVID_FINAL_H_ - -typedef enum pts_simple_evid_final_flag_t pts_simple_evid_final_flag_t; - -#include - -/** - * PTS Simple Evidence Final Flags - */ -enum pts_simple_evid_final_flag_t { - /** TPM PCR Composite and TPM Quote Signature not included */ - PTS_SIMPLE_EVID_FINAL_NO = 0x00, - /** TPM PCR Composite and TPM Quote Signature included - * using TPM_QUOTE_INFO */ - PTS_SIMPLE_EVID_FINAL_QUOTE_INFO = 0x40, - /** TPM PCR Composite and TPM Quote Signature included - * using TPM_QUOTE_INFO2, TPM_CAP_VERSION_INFO not appended */ - PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 = 0x80, - /** TPM PCR Composite and TPM Quote Signature included - * using TPM_QUOTE_INFO2, TPM_CAP_VERSION_INFO appended */ - PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER = 0xC0, - /** Evidence Signature included */ - PTS_SIMPLE_EVID_FINAL_EVID_SIG = 0x20, -}; - -#endif /** PTS_SIMPLE_EVID_FINAL_H_ @}*/ diff --git a/src/libimcv/pwg/pwg_attr.c b/src/libimcv/pwg/pwg_attr.c index 8a2eb2828..123df05d6 100644 --- a/src/libimcv/pwg/pwg_attr.c +++ b/src/libimcv/pwg/pwg_attr.c @@ -75,7 +75,7 @@ ENUM_END(pwg_attr_names, PWG_HCD_CONFIGURATION_STATE); /** * See header */ -pa_tnc_attr_t* pwg_attr_create_from_data(u_int32_t type, size_t length, chunk_t value) +pa_tnc_attr_t* pwg_attr_create_from_data(uint32_t type, size_t length, chunk_t value) { switch (type) { diff --git a/src/libimcv/pwg/pwg_attr.h b/src/libimcv/pwg/pwg_attr.h index 01db42cd2..2782075b2 100644 --- a/src/libimcv/pwg/pwg_attr.h +++ b/src/libimcv/pwg/pwg_attr.h @@ -69,7 +69,7 @@ extern enum_name_t *pwg_attr_names; * @param length attribute length * @param value attribute value or segment */ -pa_tnc_attr_t* pwg_attr_create_from_data(u_int32_t type, size_t length, +pa_tnc_attr_t* pwg_attr_create_from_data(uint32_t type, size_t length, chunk_t value); #endif /** PWG_ATTR_H_ @}*/ diff --git a/src/libimcv/pwg/pwg_attr_vendor_smi_code.c b/src/libimcv/pwg/pwg_attr_vendor_smi_code.c index 7931259aa..0b03f12ec 100644 --- a/src/libimcv/pwg/pwg_attr_vendor_smi_code.c +++ b/src/libimcv/pwg/pwg_attr_vendor_smi_code.c @@ -117,7 +117,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_pwg_attr_vendor_smi_code_t *this, u_int32_t *offset) + private_pwg_attr_vendor_smi_code_t *this, uint32_t *offset) { bio_reader_t *reader; uint32_t vendor_smi_code; diff --git a/src/libimcv/swid/swid_error.c b/src/libimcv/swid/swid_error.c index 7f3c34476..7c7427fb1 100644 --- a/src/libimcv/swid/swid_error.c +++ b/src/libimcv/swid/swid_error.c @@ -27,8 +27,8 @@ ENUM(swid_error_code_names, TCG_SWID_ERROR, TCG_SWID_RESPONSE_TOO_LARGE, /** * Described in header. */ -pa_tnc_attr_t* swid_error_create(swid_error_code_t code, u_int32_t request_id, - u_int32_t max_attr_size, char *description) +pa_tnc_attr_t* swid_error_create(swid_error_code_t code, uint32_t request_id, + uint32_t max_attr_size, char *description) { bio_writer_t *writer; chunk_t msg_info; diff --git a/src/libimcv/swid/swid_error.h b/src/libimcv/swid/swid_error.h index b459ba686..2ed099186 100644 --- a/src/libimcv/swid/swid_error.h +++ b/src/libimcv/swid/swid_error.h @@ -52,7 +52,7 @@ extern enum_name_t *swid_error_code_names; * @param max_attr_size Maximum IF-M attribute size (if applicable) * @param description Optional description string or NULL */ -pa_tnc_attr_t* swid_error_create(swid_error_code_t code, u_int32_t request, - u_int32_t max_attr_size, char *description); +pa_tnc_attr_t* swid_error_create(swid_error_code_t code, uint32_t request, + uint32_t max_attr_size, char *description); #endif /** SWID_ERROR_H_ @}*/ diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_aik.c b/src/libimcv/tcg/pts/tcg_pts_attr_aik.c index 194cf1b68..3ca24faec 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_aik.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_aik.c @@ -108,7 +108,7 @@ METHOD(pa_tnc_attr_t, build, void, private_tcg_pts_attr_aik_t *this) { bio_writer_t *writer; - u_int8_t flags = PTS_AIK_FLAGS_NONE; + uint8_t flags = PTS_AIK_FLAGS_NONE; cred_encoding_type_t encoding_type = CERT_ASN1_DER; chunk_t aik_blob; @@ -136,10 +136,10 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_aik_t *this, u_int32_t *offset) + private_tcg_pts_attr_aik_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int8_t flags; + uint8_t flags; certificate_type_t type; chunk_t aik_blob; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c index 2a1506898..5cb81c122 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c @@ -140,11 +140,11 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_dh_nonce_finish_t *this, u_int32_t *offset) + private_tcg_pts_attr_dh_nonce_finish_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int8_t reserved, nonce_len; - u_int16_t hash_algo; + uint8_t reserved, nonce_len; + uint16_t hash_algo; *offset = 0; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h index 78b5025bc..cbc9847fa 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h @@ -43,7 +43,7 @@ struct tcg_pts_attr_dh_nonce_finish_t { * * @return Length of nonce */ - u_int8_t (*get_nonce_len)(tcg_pts_attr_dh_nonce_finish_t *this); + uint8_t (*get_nonce_len)(tcg_pts_attr_dh_nonce_finish_t *this); /** * Get selected hash algorithm diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c index 0349ce53e..9c24759ea 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c @@ -72,7 +72,7 @@ struct private_tcg_pts_attr_dh_nonce_params_req_t { /** * Minimum acceptable length of nonce */ - u_int8_t min_nonce_len; + uint8_t min_nonce_len; /** * Diffie Hellman group set @@ -129,11 +129,11 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_dh_nonce_params_req_t *this, u_int32_t *offset) + private_tcg_pts_attr_dh_nonce_params_req_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int8_t reserved; - u_int16_t dh_groups; + uint8_t reserved; + uint16_t dh_groups; *offset = 0; @@ -179,7 +179,7 @@ METHOD(pa_tnc_attr_t, destroy, void, } } -METHOD(tcg_pts_attr_dh_nonce_params_req_t, get_min_nonce_len, u_int8_t, +METHOD(tcg_pts_attr_dh_nonce_params_req_t, get_min_nonce_len, uint8_t, private_tcg_pts_attr_dh_nonce_params_req_t *this) { return this->min_nonce_len; @@ -194,7 +194,7 @@ METHOD(tcg_pts_attr_dh_nonce_params_req_t, get_dh_groups, pts_dh_group_t, /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create(u_int8_t min_nonce_len, +pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create(uint8_t min_nonce_len, pts_dh_group_t dh_groups) { private_tcg_pts_attr_dh_nonce_params_req_t *this; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h index 4396bf687..3d83b6d86 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h @@ -44,7 +44,7 @@ struct tcg_pts_attr_dh_nonce_params_req_t { * * @return Minimum acceptable length of nonce */ - u_int8_t (*get_min_nonce_len)(tcg_pts_attr_dh_nonce_params_req_t *this); + uint8_t (*get_min_nonce_len)(tcg_pts_attr_dh_nonce_params_req_t *this); /** * Get supported Diffie Hellman Groups @@ -60,7 +60,7 @@ struct tcg_pts_attr_dh_nonce_params_req_t { * @param min_nonce_len Minimum acceptable length of nonce * @param dh_groups Initiator's supported DH groups */ -pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_req_create(u_int8_t min_nonce_len, +pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_req_create(uint8_t min_nonce_len, pts_dh_group_t dh_groups); /** diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c index fa1dbdd3a..a4e66a670 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c @@ -148,12 +148,12 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_dh_nonce_params_resp_t *this, u_int32_t *offset) + private_tcg_pts_attr_dh_nonce_params_resp_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int32_t reserved; - u_int8_t nonce_len; - u_int16_t dh_group, hash_algo_set; + uint32_t reserved; + uint8_t nonce_len; + uint16_t dh_group, hash_algo_set; *offset = 0; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c b/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c index 397882926..aba34a817 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c @@ -149,8 +149,8 @@ METHOD(pa_tnc_attr_t, build, void, { bio_writer_t *writer; enumerator_t *enumerator; - u_int64_t count; - u_int16_t request_id; + uint64_t count; + uint16_t request_id; char *filename; chunk_t measurement; bool first = TRUE; @@ -192,7 +192,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_file_meas_t *this, u_int32_t *offset) + private_tcg_pts_attr_file_meas_t *this, uint32_t *offset) { bio_reader_t *reader; chunk_t measurement, filename; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c index b7b4d7e3f..e203f71c5 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c @@ -118,10 +118,10 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_gen_attest_evid_t *this, u_int32_t *offset) + private_tcg_pts_attr_gen_attest_evid_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int32_t reserved; + uint32_t reserved; *offset = 0; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c b/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c index 8fda2b1f5..e2da704dc 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c @@ -121,10 +121,10 @@ METHOD(pa_tnc_attr_t, add_segment, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_get_aik_t *this, u_int32_t *offset) + private_tcg_pts_attr_get_aik_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int32_t reserved; + uint32_t reserved; *offset = 0; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.c b/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.c index a4c9dba87..e98d7b40e 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.c @@ -118,10 +118,10 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_get_tpm_version_info_t *this, u_int32_t *offset) + private_tcg_pts_attr_get_tpm_version_info_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int32_t reserved; + uint32_t reserved; *offset = 0; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c b/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c index 8b0502a91..ce38b626a 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c @@ -121,10 +121,10 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_meas_algo_t *this, u_int32_t *offset) + private_tcg_pts_attr_meas_algo_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int16_t reserved, algorithms; + uint16_t reserved, algorithms; *offset = 0; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c b/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c index 0a562c0bc..ba017438c 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c @@ -123,10 +123,10 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_proto_caps_t *this, u_int32_t *offset) + private_tcg_pts_attr_proto_caps_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int16_t reserved, flags; + uint16_t reserved, flags; *offset = 0; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c index a3c3ce56e..b4f336713 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c @@ -85,12 +85,12 @@ struct private_tcg_pts_attr_req_file_meas_t { /** * Request ID */ - u_int16_t request_id; + uint16_t request_id; /** * UTF8 Encoding of Delimiter Character */ - u_int32_t delimiter; + uint32_t delimiter; /** * Fully Qualified File Pathname @@ -130,7 +130,7 @@ METHOD(pa_tnc_attr_t, set_noskip_flag,void, METHOD(pa_tnc_attr_t, build, void, private_tcg_pts_attr_req_file_meas_t *this) { - u_int8_t flags = PTS_REQ_FILE_MEAS_NO_FLAGS; + uint8_t flags = PTS_REQ_FILE_MEAS_NO_FLAGS; chunk_t pathname; bio_writer_t *writer; @@ -156,11 +156,11 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_req_file_meas_t *this, u_int32_t *offset) + private_tcg_pts_attr_req_file_meas_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int8_t flags; - u_int8_t reserved; + uint8_t flags; + uint8_t reserved; chunk_t pathname; *offset = 0; @@ -220,13 +220,13 @@ METHOD(tcg_pts_attr_req_file_meas_t, get_directory_flag, bool, return this->directory_flag; } -METHOD(tcg_pts_attr_req_file_meas_t, get_request_id, u_int16_t, +METHOD(tcg_pts_attr_req_file_meas_t, get_request_id, uint16_t, private_tcg_pts_attr_req_file_meas_t *this) { return this->request_id; } -METHOD(tcg_pts_attr_req_file_meas_t, get_delimiter, u_int32_t, +METHOD(tcg_pts_attr_req_file_meas_t, get_delimiter, uint32_t, private_tcg_pts_attr_req_file_meas_t *this) { return this->delimiter; @@ -242,8 +242,8 @@ METHOD(tcg_pts_attr_req_file_meas_t, get_pathname, char*, * Described in header. */ pa_tnc_attr_t *tcg_pts_attr_req_file_meas_create(bool directory_flag, - u_int16_t request_id, - u_int32_t delimiter, + uint16_t request_id, + uint32_t delimiter, char *pathname) { private_tcg_pts_attr_req_file_meas_t *this; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h index 20a54dfaf..cbf429dab 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h @@ -50,14 +50,14 @@ struct tcg_pts_attr_req_file_meas_t { * * @return Request ID */ - u_int16_t (*get_request_id)(tcg_pts_attr_req_file_meas_t *this); + uint16_t (*get_request_id)(tcg_pts_attr_req_file_meas_t *this); /** * Get Delimiter * * @return UTF-8 encoding of a Delimiter Character */ - u_int32_t (*get_delimiter)(tcg_pts_attr_req_file_meas_t *this); + uint32_t (*get_delimiter)(tcg_pts_attr_req_file_meas_t *this); /** * Get Fully Qualified File Pathname @@ -77,8 +77,8 @@ struct tcg_pts_attr_req_file_meas_t { * @param pathname File Pathname */ pa_tnc_attr_t* tcg_pts_attr_req_file_meas_create(bool directory_flag, - u_int16_t request_id, - u_int32_t delimiter, + uint16_t request_id, + uint32_t delimiter, char *pathname); /** diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c index f6befa8b9..d8acf0625 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c @@ -83,7 +83,7 @@ struct private_tcg_pts_attr_req_file_meta_t { /** * UTF8 Encoding of Delimiter Character */ - u_int8_t delimiter; + uint8_t delimiter; /** * Fully Qualified File Pathname @@ -123,7 +123,7 @@ METHOD(pa_tnc_attr_t, set_noskip_flag,void, METHOD(pa_tnc_attr_t, build, void, private_tcg_pts_attr_req_file_meta_t *this) { - u_int8_t flags = PTS_REQ_FILE_META_NO_FLAGS; + uint8_t flags = PTS_REQ_FILE_META_NO_FLAGS; chunk_t pathname; bio_writer_t *writer; @@ -149,11 +149,11 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_req_file_meta_t *this, u_int32_t *offset) + private_tcg_pts_attr_req_file_meta_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int8_t flags; - u_int16_t reserved; + uint8_t flags; + uint16_t reserved; chunk_t pathname; *offset = 0; @@ -212,7 +212,7 @@ METHOD(tcg_pts_attr_req_file_meta_t, get_directory_flag, bool, return this->directory_flag; } -METHOD(tcg_pts_attr_req_file_meta_t, get_delimiter, u_int8_t, +METHOD(tcg_pts_attr_req_file_meta_t, get_delimiter, uint8_t, private_tcg_pts_attr_req_file_meta_t *this) { return this->delimiter; @@ -228,7 +228,7 @@ METHOD(tcg_pts_attr_req_file_meta_t, get_pathname, char*, * Described in header. */ pa_tnc_attr_t *tcg_pts_attr_req_file_meta_create(bool directory_flag, - u_int8_t delimiter, + uint8_t delimiter, char *pathname) { private_tcg_pts_attr_req_file_meta_t *this; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h index c2f1cca74..91ab5c678 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h @@ -50,7 +50,7 @@ struct tcg_pts_attr_req_file_meta_t { * * @return UTF-8 encoding of a Delimiter Character */ - u_int8_t (*get_delimiter)(tcg_pts_attr_req_file_meta_t *this); + uint8_t (*get_delimiter)(tcg_pts_attr_req_file_meta_t *this); /** * Get Fully Qualified File Pathname @@ -69,7 +69,7 @@ struct tcg_pts_attr_req_file_meta_t { * @param pathname File Pathname */ pa_tnc_attr_t* tcg_pts_attr_req_file_meta_create(bool directory_flag, - u_int8_t delimiter, + uint8_t delimiter, char *pathname); /** diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c index 03891104c..da21003e3 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c @@ -110,16 +110,16 @@ typedef struct entry_t entry_t; * Functional component entry */ struct entry_t { - u_int8_t flags; - u_int32_t depth; + uint8_t flags; + uint32_t depth; pts_comp_func_name_t *name; }; /** * Enumerate functional component entries */ -static bool entry_filter(void *null, entry_t **entry, u_int8_t *flags, - void *i2, u_int32_t *depth, void *i3, +static bool entry_filter(void *null, entry_t **entry, uint8_t *flags, + void *i2, uint32_t *depth, void *i3, pts_comp_func_name_t **name) { *flags = (*entry)->flags; @@ -195,11 +195,11 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_req_func_comp_evid_t *this, u_int32_t *offset) + private_tcg_pts_attr_req_func_comp_evid_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int32_t depth, vendor_id, name; - u_int8_t flags, fam_and_qualifier, qualifier; + uint32_t depth, vendor_id, name; + uint8_t flags, fam_and_qualifier, qualifier; status_t status = FAILED; entry_t *entry = NULL; @@ -296,8 +296,8 @@ METHOD(pa_tnc_attr_t, destroy, void, } METHOD(tcg_pts_attr_req_func_comp_evid_t, add_component, void, - private_tcg_pts_attr_req_func_comp_evid_t *this, u_int8_t flags, - u_int32_t depth, pts_comp_func_name_t *name) + private_tcg_pts_attr_req_func_comp_evid_t *this, uint8_t flags, + uint32_t depth, pts_comp_func_name_t *name) { entry_t *entry; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.h b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.h index 2f8657ed2..43abcbb4d 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.h @@ -47,7 +47,7 @@ struct tcg_pts_attr_req_func_comp_evid_t { * @param name Functional Component Name */ void (*add_component)(tcg_pts_attr_req_func_comp_evid_t *this, - u_int8_t flags, u_int32_t depth, + uint8_t flags, uint32_t depth, pts_comp_func_name_t *name); /** diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c index d94ee89a5..c249ca151 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c @@ -181,9 +181,9 @@ METHOD(pa_tnc_attr_t, build, void, bio_writer_t *writer; bool has_pcr_info; char utc_time_buf[25], *policy_uri; - u_int8_t flags; - u_int16_t len; - u_int32_t depth, extended_pcr; + uint8_t flags; + uint16_t len; + uint32_t depth, extended_pcr; pts_comp_func_name_t *name; pts_meas_algorithms_t hash_algorithm; pts_pcr_transform_t transform; @@ -301,14 +301,14 @@ bool measurement_time_from_utc(time_t *measurement_time, chunk_t utc_time) } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_simple_comp_evid_t *this, u_int32_t *offset) + private_tcg_pts_attr_simple_comp_evid_t *this, uint32_t *offset) { bio_reader_t *reader; pts_comp_func_name_t *name; - u_int8_t flags, fam_and_qualifier, qualifier, reserved; - u_int8_t measurement_type, transform, validation; - u_int16_t hash_algorithm, len; - u_int32_t depth, vendor_id, comp_name, extended_pcr; + uint8_t flags, fam_and_qualifier, qualifier, reserved; + uint8_t measurement_type, transform, validation; + uint16_t hash_algorithm, len; + uint32_t depth, vendor_id, comp_name, extended_pcr; chunk_t measurement, utc_time, policy_uri, pcr_before, pcr_after; time_t measurement_time; bool has_pcr_info = FALSE, has_validation = FALSE; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c index cfeaec6e9..267c85776 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Sansar Choinyambuu - * Copyright (C) 2011-2014 Andreas Steffen + * Copyright (C) 2011-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -15,7 +15,6 @@ */ #include "tcg_pts_attr_simple_evid_final.h" -#include "pts/pts_simple_evid_final.h" #include #include @@ -27,6 +26,7 @@ typedef struct private_tcg_pts_attr_simple_evid_final_t private_tcg_pts_attr_sim /** * Simple Evidence Final * see section 3.15.2 of PTS Protocol: Binding to TNC IF-M Specification + * plus non-standard extensions to cover the TPM 2.0 Quote Info format * * 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 @@ -37,17 +37,57 @@ typedef struct private_tcg_pts_attr_simple_evid_final_t private_tcg_pts_attr_sim * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * ~ Optional TPM PCR Composite (Variable Length) ~ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Opt. TPM Qual. Signer Length | Optional TPM Qualified Signer ~ + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * ~ Optional TPM Qualified Signer (Variable Length) ~ + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Opt. TPM Clock Info Length | Optional TPM Clock Info ~ + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * ~ Optional TPM Clock Info (Variable Length) ~ + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Opt. TPM Version Info Length | Optional TPM Version Info ~ + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * ~ Optional TPM Version Info (Variable Length) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Opt. TPM PCR Selection Length | Opt. TPM PCR Selection ~ + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * ~ Optional TPM PCR Selection (Variable Length) ~ + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Optional TPM Quote Signature Length | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * ~ Optional TPM Quote Signature (Variable Length) ~ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * ~ Optional Evidence Signature (Variable Length) ~ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - */ +*/ #define PTS_SIMPLE_EVID_FINAL_SIZE 2 #define PTS_SIMPLE_EVID_FINAL_RESERVED 0x00 -#define PTS_SIMPLE_EVID_FINAL_FLAG_MASK 0xC0 + +/** + * PTS Simple Evidence Final Flags + */ +enum pts_simple_evid_final_flag_t { + /** TPM PCR Composite and TPM Quote Signature not included */ + PTS_SIMPLE_EVID_FINAL_NO = 0x00, + /** TPM Quote Info and TPM Quite Signature included + * using TPM 2.0 Quote Info format */ + PTS_SIMPLE_EVID_FINAL_EVID_QUOTE_INFO_TPM2 = 0x10, + /** Evidence Signature included */ + PTS_SIMPLE_EVID_FINAL_EVID_SIG = 0x20, + /** TPM PCR Composite and TPM Quote Signature included + * using TPM_QUOTE_INFO */ + PTS_SIMPLE_EVID_FINAL_QUOTE_INFO = 0x40, + /** TPM PCR Composite and TPM Quote Signature included + * using TPM_QUOTE_INFO2, TPM_CAP_VERSION_INFO not appended */ + PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 = 0x80, + /** TPM PCR Composite and TPM Quote Signature included + * using TPM_QUOTE_INFO2, TPM_CAP_VERSION_INFO appended */ + PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER = 0xC0, + /** Mask for the TPM Quote Info flags */ + PTS_SIMPLE_EVID_FINAL_QUOTE_INFO_MASK = 0xD0 +}; + /** * Private data of an tcg_pts_attr_simple_evid_final_t object. */ @@ -79,24 +119,14 @@ struct private_tcg_pts_attr_simple_evid_final_t { bool noskip_flag; /** - * Set of flags for Simple Evidence Final - */ - u_int8_t flags; - - /** - * Optional Composite Hash Algorithm - */ - pts_meas_algorithms_t comp_hash_algorithm; - - /** - * Optional TPM PCR Composite + * Optional TPM Quote Info */ - chunk_t pcr_comp; + tpm_tss_quote_info_t *quote_info; /** * Optional TPM Quote Signature */ - chunk_t tpm_quote_sig; + chunk_t quote_sig; /** * Is Evidence Signature included? @@ -156,9 +186,9 @@ METHOD(pa_tnc_attr_t, destroy, void, { if (ref_put(&this->ref)) { + DESTROY_IF(this->quote_info); free(this->value.ptr); - free(this->pcr_comp.ptr); - free(this->tpm_quote_sig.ptr); + free(this->quote_sig.ptr); free(this->evid_sig.ptr); free(this); } @@ -167,14 +197,36 @@ METHOD(pa_tnc_attr_t, destroy, void, METHOD(pa_tnc_attr_t, build, void, private_tcg_pts_attr_simple_evid_final_t *this) { + chunk_t pcr_digest, pcr_select, qualified_signer, clock_info, version_info; + hash_algorithm_t pcr_digest_alg; + tpm_quote_mode_t quote_mode; bio_writer_t *writer; - u_int8_t flags; + uint8_t flags; if (this->value.ptr) { return; } - flags = this->flags & PTS_SIMPLE_EVID_FINAL_FLAG_MASK; + + quote_mode = this->quote_info->get_quote_mode(this->quote_info); + switch (quote_mode) + { + case TPM_QUOTE: + flags = PTS_SIMPLE_EVID_FINAL_QUOTE_INFO; + break; + case TPM_QUOTE2: + flags = PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2; + break; + case TPM_QUOTE2_VERSION_INFO: + flags = PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER; + break; + case TPM_QUOTE_TPM2: + flags = PTS_SIMPLE_EVID_FINAL_EVID_QUOTE_INFO_TPM2; + break; + case TPM_QUOTE_NONE: + default: + flags = PTS_SIMPLE_EVID_FINAL_NO; + } if (this->has_evid_sig) { @@ -185,25 +237,35 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_uint8 (writer, flags); writer->write_uint8 (writer, PTS_SIMPLE_EVID_FINAL_RESERVED); - /** Optional Composite Hash Algorithm field is always present - * Field has value of all zeroes if not used. - * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011 - */ - writer->write_uint16(writer, this->comp_hash_algorithm); + pcr_digest_alg = this->quote_info->get_pcr_digest_alg(this->quote_info); + pcr_digest = this->quote_info->get_pcr_digest(this->quote_info); + + writer->write_uint16(writer, pts_meas_algo_from_hash(pcr_digest_alg)); /* Optional fields */ - if (this->flags != PTS_SIMPLE_EVID_FINAL_NO) + if (quote_mode != TPM_QUOTE_NONE) { - writer->write_uint32 (writer, this->pcr_comp.len); - writer->write_data (writer, this->pcr_comp); - - writer->write_uint32 (writer, this->tpm_quote_sig.len); - writer->write_data (writer, this->tpm_quote_sig); + writer->write_data32(writer, pcr_digest); } - if (this->has_evid_sig) + if (quote_mode == TPM_QUOTE_TPM2) { - writer->write_data (writer, this->evid_sig); + version_info = this->quote_info->get_version_info(this->quote_info); + this->quote_info->get_tpm2_info(this->quote_info, &qualified_signer, + &clock_info, &pcr_select); + writer->write_data16(writer, qualified_signer); + writer->write_data16(writer, clock_info); + writer->write_data16(writer, version_info); + writer->write_data16(writer, pcr_select); + } + + if (quote_mode != TPM_QUOTE_NONE) + { + writer->write_data32(writer, this->quote_sig); + if (this->has_evid_sig) + { + writer->write_data(writer, this->evid_sig); + } } this->value = writer->extract_buf(writer); @@ -212,12 +274,16 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_simple_evid_final_t *this, u_int32_t *offset) + private_tcg_pts_attr_simple_evid_final_t *this, uint32_t *offset) { + hash_algorithm_t pcr_digest_alg; + tpm_quote_mode_t quote_mode; bio_reader_t *reader; - u_int8_t flags, reserved; - u_int16_t algorithm; - u_int32_t pcr_comp_len, tpm_quote_sig_len, evid_sig_len; + uint8_t flags, reserved; + uint16_t algorithm; + uint32_t evid_sig_len; + chunk_t pcr_digest = chunk_empty, quote_sig, evid_sig; + chunk_t qualified_signer, clock_info, version_info, pcr_select; status_t status = FAILED; *offset = 0; @@ -236,56 +302,99 @@ METHOD(pa_tnc_attr_t, process, status_t, reader->read_uint8(reader, &flags); reader->read_uint8(reader, &reserved); - this->flags = flags & PTS_SIMPLE_EVID_FINAL_FLAG_MASK; - this->has_evid_sig = (flags & PTS_SIMPLE_EVID_FINAL_EVID_SIG) != 0; + flags &= PTS_SIMPLE_EVID_FINAL_QUOTE_INFO_MASK; + + switch (flags) + { + case PTS_SIMPLE_EVID_FINAL_QUOTE_INFO: + quote_mode = TPM_QUOTE; + break; + case PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2: + quote_mode = TPM_QUOTE2; + break; + case PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER: + quote_mode = TPM_QUOTE2_VERSION_INFO; + break; + case PTS_SIMPLE_EVID_FINAL_EVID_QUOTE_INFO_TPM2: + quote_mode = TPM_QUOTE_TPM2; + break; + case PTS_SIMPLE_EVID_FINAL_NO: + default: + quote_mode = TPM_QUOTE_NONE; + break; + } + /** Optional Composite Hash Algorithm field is always present * Field has value of all zeroes if not used. * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011 */ - reader->read_uint16(reader, &algorithm); - this->comp_hash_algorithm = algorithm; + pcr_digest_alg = pts_meas_algo_to_hash(algorithm); - /* Optional Composite Hash Algorithm and TPM PCR Composite fields */ - if (this->flags != PTS_SIMPLE_EVID_FINAL_NO) + /* Optional fields */ + if (quote_mode != TPM_QUOTE_NONE) { - if (!reader->read_uint32(reader, &pcr_comp_len)) + if (!reader->read_data32(reader, &pcr_digest)) { DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final " - "PCR Composite Length"); + "PCR Composite"); goto end; } - if (!reader->read_data(reader, pcr_comp_len, &this->pcr_comp)) + } + this->quote_info = tpm_tss_quote_info_create(quote_mode, pcr_digest_alg, + pcr_digest); + + if (quote_mode == TPM_QUOTE_TPM2) + { + if (!reader->read_data16(reader, &qualified_signer)) { DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final " - "PCR Composite"); + "Qualified Signer"); goto end; } - this->pcr_comp = chunk_clone(this->pcr_comp); - - if (!reader->read_uint32(reader, &tpm_quote_sig_len)) + if (!reader->read_data16(reader, &clock_info)) + { + DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final " + "Clock Info"); + goto end; + } + if (!reader->read_data16(reader, &version_info)) + { + DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final " + "Version Info"); + goto end; + } + if (!reader->read_data16(reader, &pcr_select)) { DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final " - "TPM Quote Singature Length"); + "PCR select"); goto end; } - if (!reader->read_data(reader, tpm_quote_sig_len, &this->tpm_quote_sig)) + this->quote_info->set_tpm2_info(this->quote_info, qualified_signer, + clock_info, pcr_select); + this->quote_info->set_version_info(this->quote_info, version_info); + } + + + if (quote_mode != TPM_QUOTE_NONE) + { + if (!reader->read_data32(reader, "e_sig)) { DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final " "TPM Quote Singature"); goto end; } - this->tpm_quote_sig = chunk_clone(this->tpm_quote_sig); + this->quote_sig = chunk_clone(quote_sig); } /* Optional Evidence Signature field */ if (this->has_evid_sig) { evid_sig_len = reader->remaining(reader); - reader->read_data(reader, evid_sig_len, &this->evid_sig); - this->evid_sig = chunk_clone(this->evid_sig); + reader->read_data(reader, evid_sig_len, &evid_sig); + this->evid_sig = chunk_clone(evid_sig); } reader->destroy(reader); @@ -296,23 +405,18 @@ end: return status; } -METHOD(tcg_pts_attr_simple_evid_final_t, get_quote_info, u_int8_t, +METHOD(tcg_pts_attr_simple_evid_final_t, get_quote_info, void, private_tcg_pts_attr_simple_evid_final_t *this, - pts_meas_algorithms_t *comp_hash_algo, chunk_t *pcr_comp, chunk_t *tpm_quote_sig) + tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig) { - if (comp_hash_algo) - { - *comp_hash_algo = this->comp_hash_algorithm; - } - if (pcr_comp) + if (quote_info) { - *pcr_comp = this->pcr_comp; + *quote_info = this->quote_info; } - if (tpm_quote_sig) + if (quote_sig) { - *tpm_quote_sig = this->tpm_quote_sig; + *quote_sig = this->quote_sig; } - return this->flags; } METHOD(tcg_pts_attr_simple_evid_final_t, get_evid_sig, bool, @@ -335,9 +439,8 @@ METHOD(tcg_pts_attr_simple_evid_final_t, set_evid_sig, void, /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create(u_int8_t flags, - pts_meas_algorithms_t comp_hash_algorithm, - chunk_t pcr_comp, chunk_t tpm_quote_sig) +pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create( + tpm_tss_quote_info_t *quote_info, chunk_t quote_sig) { private_tcg_pts_attr_simple_evid_final_t *this; @@ -359,10 +462,8 @@ pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create(u_int8_t flags, .set_evid_sig = _set_evid_sig, }, .type = { PEN_TCG, TCG_PTS_SIMPLE_EVID_FINAL }, - .flags = flags, - .comp_hash_algorithm = comp_hash_algorithm, - .pcr_comp = pcr_comp, - .tpm_quote_sig = tpm_quote_sig, + .quote_info = quote_info, + .quote_sig = quote_sig, .ref = 1, ); diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.h b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.h index 8343b5b30..849174a8f 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu - * Copyright (C) 2014 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -28,6 +28,8 @@ typedef struct tcg_pts_attr_simple_evid_final_t tcg_pts_attr_simple_evid_final_t #include "tcg_pts_attr_meas_algo.h" #include "pa_tnc/pa_tnc_attr.h" +#include + /** * Class implementing the TCG PTS Simple Evidence Final attribute * @@ -40,16 +42,14 @@ struct tcg_pts_attr_simple_evid_final_t { pa_tnc_attr_t pa_tnc_attribute; /** - * Get Optional PCR Composite and TPM Quote Signature + * Get Optional TPM Quote Info and TPM Quote Signature * - * @param comp_hash_algo Optional Composite Hash Algorithm - * @param pcr_comp Optional PCR Composite - * @param tpm_quote sig Optional TPM Quote Signature - * @return PTS_SIMPLE_EVID_FINAL flags + * @param quote_info Optional TPM Quote Info + * @param quote sig Optional TPM Quote Signature */ - u_int8_t (*get_quote_info)(tcg_pts_attr_simple_evid_final_t *this, - pts_meas_algorithms_t *comp_hash_algo, - chunk_t *pcr_comp, chunk_t *tpm_quote_sig); + void (*get_quote_info)(tcg_pts_attr_simple_evid_final_t *this, + tpm_tss_quote_info_t **quote_info, + chunk_t *quote_sig); /** * Get Optional Evidence Signature @@ -73,16 +73,11 @@ struct tcg_pts_attr_simple_evid_final_t { /** * Creates an tcg_pts_attr_simple_evid_final_t object * - * @param flags Set of flags - * @param comp_hash_algorithm Composite Hash Algorithm - * @param pcr_comp Optional TPM PCR Composite - * @param tpm_quote_sign Optional TPM Quote Signature + * @param quote_info Optional TPM Quote Info + * @param quote_sig Optional TPM Quote Signature */ pa_tnc_attr_t* tcg_pts_attr_simple_evid_final_create( - u_int8_t flags, - pts_meas_algorithms_t comp_hash_algorithm, - chunk_t pcr_comp, - chunk_t tpm_quote_sign); + tpm_tss_quote_info_t *quote_info, chunk_t quote_sig); /** * Creates an tcg_pts_attr_simple_evid_final_t object from received data diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.c b/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.c index db877e9c5..fca1932a9 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.c @@ -122,7 +122,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_tpm_version_info_t *this, u_int32_t *offset) + private_tcg_pts_attr_tpm_version_info_t *this, uint32_t *offset) { bio_reader_t *reader; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c b/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c index 7c176fdf6..df5898c3e 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c @@ -144,7 +144,7 @@ METHOD(pa_tnc_attr_t, build, void, bio_writer_t *writer; enumerator_t *enumerator; pts_file_metadata_t *entry; - u_int64_t number_of_files; + uint64_t number_of_files; if (this->value.ptr) { @@ -179,14 +179,14 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_file_meta_t *this, u_int32_t *offset) + private_tcg_pts_attr_file_meta_t *this, uint32_t *offset) { bio_reader_t *reader; pts_file_metadata_t *entry; - u_int8_t type, reserved; - u_int16_t len; - u_int64_t number_of_files, filesize, created, modified, accessed; - u_int64_t owner, group; + uint8_t type, reserved; + uint16_t len; + uint64_t number_of_files, filesize, created, modified, accessed; + uint64_t owner, group; chunk_t filename; status_t status = FAILED; diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_max_size.c b/src/libimcv/tcg/seg/tcg_seg_attr_max_size.c index 010eaf83d..e56a96f94 100644 --- a/src/libimcv/tcg/seg/tcg_seg_attr_max_size.c +++ b/src/libimcv/tcg/seg/tcg_seg_attr_max_size.c @@ -124,7 +124,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_seg_attr_max_size_t *this, u_int32_t *offset) + private_tcg_seg_attr_max_size_t *this, uint32_t *offset) { bio_reader_t *reader; diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c b/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c index 995f64cad..985e57be8 100644 --- a/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c +++ b/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c @@ -128,7 +128,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_seg_attr_next_seg_t *this, u_int32_t *offset) + private_tcg_seg_attr_next_seg_t *this, uint32_t *offset) { bio_reader_t *reader; uint8_t flags; diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c b/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c index 4f767539c..7cd585a04 100644 --- a/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c +++ b/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c @@ -119,7 +119,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_seg_attr_seg_env_t *this, u_int32_t *offset) + private_tcg_seg_attr_seg_env_t *this, uint32_t *offset) { bio_reader_t *reader; diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_req.c b/src/libimcv/tcg/swid/tcg_swid_attr_req.c index 561242758..f02bbcb85 100644 --- a/src/libimcv/tcg/swid/tcg_swid_attr_req.c +++ b/src/libimcv/tcg/swid/tcg_swid_attr_req.c @@ -80,17 +80,17 @@ struct private_tcg_swid_attr_req_t { /** * SWID request flags */ - u_int8_t flags; + uint8_t flags; /** * Request ID */ - u_int32_t request_id; + uint32_t request_id; /** * Earliest EID */ - u_int32_t earliest_eid; + uint32_t earliest_eid; /** * List of Target Tag Identifiers @@ -162,10 +162,10 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_swid_attr_req_t *this, u_int32_t *offset) + private_tcg_swid_attr_req_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int32_t tag_id_count; + uint32_t tag_id_count; chunk_t tag_creator, unique_sw_id; swid_tag_id_t *tag_id; @@ -244,19 +244,19 @@ METHOD(pa_tnc_attr_t, destroy, void, } } -METHOD(tcg_swid_attr_req_t, get_flags, u_int8_t, +METHOD(tcg_swid_attr_req_t, get_flags, uint8_t, private_tcg_swid_attr_req_t *this) { return this->flags; } -METHOD(tcg_swid_attr_req_t, get_request_id, u_int32_t, +METHOD(tcg_swid_attr_req_t, get_request_id, uint32_t, private_tcg_swid_attr_req_t *this) { return this->request_id; } -METHOD(tcg_swid_attr_req_t, get_earliest_eid, u_int32_t, +METHOD(tcg_swid_attr_req_t, get_earliest_eid, uint32_t, private_tcg_swid_attr_req_t *this) { return this->earliest_eid; @@ -277,8 +277,8 @@ METHOD(tcg_swid_attr_req_t, get_targets, swid_inventory_t*, /** * Described in header. */ -pa_tnc_attr_t *tcg_swid_attr_req_create(u_int8_t flags, u_int32_t request_id, - u_int32_t eid) +pa_tnc_attr_t *tcg_swid_attr_req_create(uint8_t flags, uint32_t request_id, + uint32_t eid) { private_tcg_swid_attr_req_t *this; diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_req.h b/src/libimcv/tcg/swid/tcg_swid_attr_req.h index fd2ccdc4f..b28c33a8b 100644 --- a/src/libimcv/tcg/swid/tcg_swid_attr_req.h +++ b/src/libimcv/tcg/swid/tcg_swid_attr_req.h @@ -53,21 +53,21 @@ struct tcg_swid_attr_req_t { * * @return Flags */ - u_int8_t (*get_flags)(tcg_swid_attr_req_t *this); + uint8_t (*get_flags)(tcg_swid_attr_req_t *this); /** * Get Request ID * * @return Request ID */ - u_int32_t (*get_request_id)(tcg_swid_attr_req_t *this); + uint32_t (*get_request_id)(tcg_swid_attr_req_t *this); /** * Get Earliest EID * * @return Event ID */ - u_int32_t (*get_earliest_eid)(tcg_swid_attr_req_t *this); + uint32_t (*get_earliest_eid)(tcg_swid_attr_req_t *this); /** * Add Tag ID @@ -92,8 +92,8 @@ struct tcg_swid_attr_req_t { * @param request_id Request ID * @param eid Earliest Event ID */ -pa_tnc_attr_t* tcg_swid_attr_req_create(u_int8_t flags, u_int32_t request_id, - u_int32_t eid); +pa_tnc_attr_t* tcg_swid_attr_req_create(uint8_t flags, uint32_t request_id, + uint32_t eid); /** * Creates an tcg_swid_attr_req_t object from received data diff --git a/src/libimcv/tcg/tcg_attr.c b/src/libimcv/tcg/tcg_attr.c index 3ed6e8699..ab1fa43a5 100644 --- a/src/libimcv/tcg/tcg_attr.c +++ b/src/libimcv/tcg/tcg_attr.c @@ -185,7 +185,7 @@ ENUM_END(tcg_attr_names, TCG_PTS_AIK); /** * See header */ -pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, size_t length, chunk_t value) +pa_tnc_attr_t* tcg_attr_create_from_data(uint32_t type, size_t length, chunk_t value) { switch (type) { diff --git a/src/libimcv/tcg/tcg_attr.h b/src/libimcv/tcg/tcg_attr.h index 3a9a7b2e7..d915c785c 100644 --- a/src/libimcv/tcg/tcg_attr.h +++ b/src/libimcv/tcg/tcg_attr.h @@ -101,7 +101,7 @@ extern enum_name_t *tcg_attr_names; * @param length attribute length * @param value attribute value or segment */ -pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, size_t length, +pa_tnc_attr_t* tcg_attr_create_from_data(uint32_t type, size_t length, chunk_t value); #endif /** TCG_ATTR_H_ @}*/ diff --git a/src/libipsec/Makefile.in b/src/libipsec/Makefile.in index a08d8c51f..19a2577b7 100644 --- a/src/libipsec/Makefile.in +++ b/src/libipsec/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libipsec -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -215,6 +224,7 @@ am__define_uniq_tagged_files = \ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -246,6 +256,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -295,6 +306,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -329,6 +341,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -440,6 +453,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -509,7 +523,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libipsec/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libipsec/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -894,6 +907,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipseclibLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libipsec/esp_context.c b/src/libipsec/esp_context.c index 2b003e390..6c7e9a1c9 100644 --- a/src/libipsec/esp_context.c +++ b/src/libipsec/esp_context.c @@ -49,7 +49,7 @@ struct private_esp_context_t { * The highest sequence number that was successfully verified * and authenticated, or assigned in an outbound context */ - u_int32_t last_seqno; + uint32_t last_seqno; /** * The bit in the window of the highest authenticated sequence number @@ -103,7 +103,7 @@ static inline bool get_window_bit(private_esp_context_t *this, u_int index) /** * Returns TRUE if the supplied seqno is not already marked in the window */ -static bool check_window(private_esp_context_t *this, u_int32_t seqno) +static bool check_window(private_esp_context_t *this, uint32_t seqno) { u_int offset; @@ -113,7 +113,7 @@ static bool check_window(private_esp_context_t *this, u_int32_t seqno) } METHOD(esp_context_t, verify_seqno, bool, - private_esp_context_t *this, u_int32_t seqno) + private_esp_context_t *this, uint32_t seqno) { if (!this->inbound) { @@ -145,7 +145,7 @@ METHOD(esp_context_t, verify_seqno, bool, } METHOD(esp_context_t, set_authenticated_seqno, void, - private_esp_context_t *this, u_int32_t seqno) + private_esp_context_t *this, uint32_t seqno) { u_int i, shift; @@ -173,14 +173,14 @@ METHOD(esp_context_t, set_authenticated_seqno, void, } } -METHOD(esp_context_t, get_seqno, u_int32_t, +METHOD(esp_context_t, get_seqno, uint32_t, private_esp_context_t *this) { return this->last_seqno; } METHOD(esp_context_t, next_seqno, bool, - private_esp_context_t *this, u_int32_t *seqno) + private_esp_context_t *this, uint32_t *seqno) { if (this->inbound || this->last_seqno == UINT32_MAX) { /* inbound or segno would cycle */ diff --git a/src/libipsec/esp_context.h b/src/libipsec/esp_context.h index b33daf589..322dab97f 100644 --- a/src/libipsec/esp_context.h +++ b/src/libipsec/esp_context.h @@ -46,7 +46,7 @@ struct esp_context_t { * * @return current sequence number, in host byte order */ - u_int32_t (*get_seqno)(esp_context_t *this); + uint32_t (*get_seqno)(esp_context_t *this); /** * Allocate the next outbound ESP sequence number. @@ -54,7 +54,7 @@ struct esp_context_t { * @param seqno the sequence number, in host byte order * @return FALSE if the sequence number cycled or inbound context */ - bool (*next_seqno)(esp_context_t *this, u_int32_t *seqno); + bool (*next_seqno)(esp_context_t *this, uint32_t *seqno); /** * Verify an ESP sequence number. Checks whether a packet with this @@ -66,7 +66,7 @@ struct esp_context_t { * @param seqno the sequence number to verify, in host byte order * @return TRUE when sequence number is valid */ - bool (*verify_seqno)(esp_context_t *this, u_int32_t seqno); + bool (*verify_seqno)(esp_context_t *this, uint32_t seqno); /** * Adds a sequence number that was successfully verified and @@ -76,7 +76,7 @@ struct esp_context_t { * @param seqno verified and authenticated seq number in host byte order */ void (*set_authenticated_seqno)(esp_context_t *this, - u_int32_t seqno); + uint32_t seqno); /** * Destroy an esp_context_t diff --git a/src/libipsec/esp_packet.c b/src/libipsec/esp_packet.c index 822302280..50bc8b4f7 100644 --- a/src/libipsec/esp_packet.c +++ b/src/libipsec/esp_packet.c @@ -52,7 +52,7 @@ struct private_esp_packet_t { /** * Next Header info (e.g. IPPROTO_IPIP) */ - u_int8_t next_header; + uint8_t next_header; }; @@ -97,14 +97,14 @@ METHOD(packet_t, set_data, void, return this->packet->set_data(this->packet, data); } -METHOD(packet_t, get_dscp, u_int8_t, +METHOD(packet_t, get_dscp, uint8_t, private_esp_packet_t *this) { return this->packet->get_dscp(this->packet); } METHOD(packet_t, set_dscp, void, - private_esp_packet_t *this, u_int8_t value) + private_esp_packet_t *this, uint8_t value) { this->packet->set_dscp(this->packet, value); } @@ -127,10 +127,10 @@ METHOD(packet_t, clone_, packet_t*, } METHOD(esp_packet_t, parse_header, bool, - private_esp_packet_t *this, u_int32_t *spi) + private_esp_packet_t *this, uint32_t *spi) { bio_reader_t *reader; - u_int32_t seq; + uint32_t seq; reader = bio_reader_create(this->packet->get_data(this->packet)); if (!reader->read_uint32(reader, spi) || @@ -156,7 +156,7 @@ static bool check_padding(chunk_t padding) for (i = 0; i < padding.len; ++i) { - if (padding.ptr[i] != (u_int8_t)(i + 1)) + if (padding.ptr[i] != (uint8_t)(i + 1)) { return FALSE; } @@ -169,7 +169,7 @@ static bool check_padding(chunk_t padding) */ static bool remove_padding(private_esp_packet_t *this, chunk_t plaintext) { - u_int8_t next_header, pad_length; + uint8_t next_header, pad_length; chunk_t padding, payload; bio_reader_t *reader; @@ -211,7 +211,7 @@ METHOD(esp_packet_t, decrypt, status_t, private_esp_packet_t *this, esp_context_t *esp_context) { bio_reader_t *reader; - u_int32_t spi, seq; + uint32_t spi, seq; chunk_t data, iv, icv, aad, ciphertext, plaintext; aead_t *aead; @@ -272,16 +272,16 @@ static void generate_padding(chunk_t padding) for (i = 0; i < padding.len; ++i) { - padding.ptr[i] = (u_int8_t)(i + 1); + padding.ptr[i] = (uint8_t)(i + 1); } } METHOD(esp_packet_t, encrypt, status_t, - private_esp_packet_t *this, esp_context_t *esp_context, u_int32_t spi) + private_esp_packet_t *this, esp_context_t *esp_context, uint32_t spi) { chunk_t iv, icv, aad, padding, payload, ciphertext; bio_writer_t *writer; - u_int32_t next_seqno; + uint32_t next_seqno; size_t blocksize, plainlen; aead_t *aead; iv_gen_t *iv_gen; @@ -316,7 +316,7 @@ METHOD(esp_packet_t, encrypt, status_t, plainlen += padding.len; /* len = spi, seq, IV, plaintext, ICV */ - writer = bio_writer_create(2 * sizeof(u_int32_t) + iv.len + plainlen + + writer = bio_writer_create(2 * sizeof(uint32_t) + iv.len + plainlen + icv.len); writer->write_uint32(writer, ntohl(spi)); writer->write_uint32(writer, next_seqno); @@ -349,7 +349,7 @@ METHOD(esp_packet_t, encrypt, status_t, DBG3(DBG_ESP, "ESP before encryption:\n payload = %B\n padding = %B\n " "padding length = %hhu, next header = %hhu", &payload, &padding, - (u_int8_t)padding.len, this->next_header); + (uint8_t)padding.len, this->next_header); /* encrypt/authenticate the content inline */ if (!aead->encrypt(aead, ciphertext, aad, iv, NULL)) @@ -368,7 +368,7 @@ METHOD(esp_packet_t, encrypt, status_t, return SUCCESS; } -METHOD(esp_packet_t, get_next_header, u_int8_t, +METHOD(esp_packet_t, get_next_header, uint8_t, private_esp_packet_t *this) { return this->next_header; diff --git a/src/libipsec/esp_packet.h b/src/libipsec/esp_packet.h index f1941a3ba..c42acba43 100644 --- a/src/libipsec/esp_packet.h +++ b/src/libipsec/esp_packet.h @@ -64,7 +64,7 @@ struct esp_packet_t { * @return TRUE when successful, FALSE otherwise (e.g. when the * length of the packet is invalid) */ - bool (*parse_header)(esp_packet_t *this, u_int32_t *spi); + bool (*parse_header)(esp_packet_t *this, uint32_t *spi); /** * Authenticate and decrypt the packet. Also verifies the sequence number @@ -94,7 +94,7 @@ struct esp_packet_t { * - NOT_FOUND if no suitable IV generator provided */ status_t (*encrypt)(esp_packet_t *this, esp_context_t *esp_context, - u_int32_t spi); + uint32_t spi); /** * Get the next header field of a packet. @@ -103,7 +103,7 @@ struct esp_packet_t { * * @return next header field */ - u_int8_t (*get_next_header)(esp_packet_t *this); + uint8_t (*get_next_header)(esp_packet_t *this); /** * Get the plaintext payload of this packet. diff --git a/src/libipsec/ip_packet.c b/src/libipsec/ip_packet.c index 21dbd5e89..0fdd5d340 100644 --- a/src/libipsec/ip_packet.c +++ b/src/libipsec/ip_packet.c @@ -31,14 +31,14 @@ * and unfortunately Android does not define a variant with BSD names. */ struct tcphdr { - u_int16_t source; - u_int16_t dest; - u_int32_t seq; - u_int32_t ack_seq; - u_int16_t flags; - u_int16_t window; - u_int16_t check; - u_int16_t urg_ptr; + uint16_t source; + uint16_t dest; + uint32_t seq; + uint32_t ack_seq; + uint16_t flags; + uint16_t window; + uint16_t check; + uint16_t urg_ptr; } __attribute__((packed)); /** @@ -47,10 +47,10 @@ struct tcphdr { * the BSD member names, but this is simpler and more consistent with the above. */ struct udphdr { - u_int16_t source; - u_int16_t dest; - u_int16_t len; - u_int16_t check; + uint16_t source; + uint16_t dest; + uint16_t len; + uint16_t check; } __attribute__((packed)); typedef struct private_ip_packet_t private_ip_packet_t; @@ -88,16 +88,16 @@ struct private_ip_packet_t { /** * IP version */ - u_int8_t version; + uint8_t version; /** * Protocol|Next Header field */ - u_int8_t next_header; + uint8_t next_header; }; -METHOD(ip_packet_t, get_version, u_int8_t, +METHOD(ip_packet_t, get_version, uint8_t, private_ip_packet_t *this) { return this->version; @@ -127,7 +127,7 @@ METHOD(ip_packet_t, get_payload, chunk_t, return this->payload; } -METHOD(ip_packet_t, get_next_header, u_int8_t, +METHOD(ip_packet_t, get_next_header, uint8_t, private_ip_packet_t *this) { return this->next_header; @@ -151,8 +151,8 @@ METHOD(ip_packet_t, destroy, void, /** * Parse transport protocol header */ -static bool parse_transport_header(chunk_t packet, u_int8_t proto, - u_int16_t *sport, u_int16_t *dport) +static bool parse_transport_header(chunk_t packet, uint8_t proto, + uint16_t *sport, uint16_t *dport) { switch (proto) { @@ -196,8 +196,8 @@ static bool parse_transport_header(chunk_t packet, u_int8_t proto, ip_packet_t *ip_packet_create(chunk_t packet) { private_ip_packet_t *this; - u_int8_t version, next_header; - u_int16_t sport = 0, dport = 0; + uint8_t version, next_header; + uint16_t sport = 0, dport = 0; host_t *src, *dst; chunk_t payload; @@ -296,19 +296,19 @@ failed: /** * Calculate the checksum for the pseudo IP header */ -static u_int16_t pseudo_header_checksum(host_t *src, host_t *dst, - u_int8_t proto, chunk_t payload) +static uint16_t pseudo_header_checksum(host_t *src, host_t *dst, + uint8_t proto, chunk_t payload) { switch (src->get_family(src)) { case AF_INET: { struct __attribute__((packed)) { - u_int32_t src; - u_int32_t dst; + uint32_t src; + uint32_t dst; u_char zero; u_char proto; - u_int16_t len; + uint16_t len; } pseudo = { .proto = proto, .len = htons(payload.len), @@ -324,7 +324,7 @@ static u_int16_t pseudo_header_checksum(host_t *src, host_t *dst, struct __attribute__((packed)) { u_char src[16]; u_char dst[16]; - u_int32_t len; + uint32_t len; u_char zero[3]; u_char next_header; } pseudo = { @@ -344,10 +344,10 @@ static u_int16_t pseudo_header_checksum(host_t *src, host_t *dst, /** * Apply transport ports and calculate header checksums */ -static void fix_transport_header(host_t *src, host_t *dst, u_int8_t proto, +static void fix_transport_header(host_t *src, host_t *dst, uint8_t proto, chunk_t payload) { - u_int16_t sum = 0, sport, dport; + uint16_t sum = 0, sport, dport; sport = src->get_port(src); dport = dst->get_port(dst); @@ -407,7 +407,7 @@ static void fix_transport_header(host_t *src, host_t *dst, u_int8_t proto, * Described in header. */ ip_packet_t *ip_packet_create_from_data(host_t *src, host_t *dst, - u_int8_t next_header, chunk_t data) + uint8_t next_header, chunk_t data) { chunk_t packet; int family; diff --git a/src/libipsec/ip_packet.h b/src/libipsec/ip_packet.h index fa38eac2c..1e1d619a2 100644 --- a/src/libipsec/ip_packet.h +++ b/src/libipsec/ip_packet.h @@ -37,7 +37,7 @@ struct ip_packet_t { * * @return ip version */ - u_int8_t (*get_version)(ip_packet_t *this); + uint8_t (*get_version)(ip_packet_t *this); /** * Get the source address of this packet @@ -58,7 +58,7 @@ struct ip_packet_t { * * @return protocol|next header field */ - u_int8_t (*get_next_header)(ip_packet_t *this); + uint8_t (*get_next_header)(ip_packet_t *this); /** * Get the complete IP packet (including the header) @@ -113,7 +113,7 @@ ip_packet_t *ip_packet_create(chunk_t packet); * @return ip_packet_t instance, or NULL if invalid */ ip_packet_t *ip_packet_create_from_data(host_t *src, host_t *dst, - u_int8_t next_header, chunk_t data); + uint8_t next_header, chunk_t data); /** * Encode a UDP packet from the given data. diff --git a/src/libipsec/ipsec_event_listener.h b/src/libipsec/ipsec_event_listener.h index f15f6fe52..e784cedb3 100644 --- a/src/libipsec/ipsec_event_listener.h +++ b/src/libipsec/ipsec_event_listener.h @@ -40,7 +40,7 @@ struct ipsec_event_listener_t { * @param dst destination address of expired SA * @param hard TRUE if this is a hard expire, FALSE otherwise */ - void (*expire)(u_int8_t protocol, u_int32_t spi, host_t *dst, bool hard); + void (*expire)(uint8_t protocol, uint32_t spi, host_t *dst, bool hard); }; #endif /** IPSEC_EVENT_LISTENER_H_ @}*/ diff --git a/src/libipsec/ipsec_event_relay.c b/src/libipsec/ipsec_event_relay.c index 048063053..94cc6527f 100644 --- a/src/libipsec/ipsec_event_relay.c +++ b/src/libipsec/ipsec_event_relay.c @@ -67,12 +67,12 @@ typedef struct { /** * Protocol of the SA */ - u_int8_t protocol; + uint8_t protocol; /** * SPI of the SA, if any */ - u_int32_t spi; + uint32_t spi; /** * SA destination address @@ -135,7 +135,7 @@ static job_requeue_t handle_events(private_ipsec_event_relay_t *this) } METHOD(ipsec_event_relay_t, expire, void, - private_ipsec_event_relay_t *this, u_int8_t protocol, u_int32_t spi, + private_ipsec_event_relay_t *this, uint8_t protocol, uint32_t spi, host_t *dst, bool hard) { ipsec_event_t *event; diff --git a/src/libipsec/ipsec_event_relay.h b/src/libipsec/ipsec_event_relay.h index 1dddf121b..056352e84 100644 --- a/src/libipsec/ipsec_event_relay.h +++ b/src/libipsec/ipsec_event_relay.h @@ -43,7 +43,7 @@ struct ipsec_event_relay_t { * @param dst destination address of expired SA * @param hard TRUE for a hard expire, FALSE otherwise */ - void (*expire)(ipsec_event_relay_t *this, u_int8_t protocol, u_int32_t spi, + void (*expire)(ipsec_event_relay_t *this, uint8_t protocol, uint32_t spi, host_t *dst, bool hard); /** diff --git a/src/libipsec/ipsec_policy.c b/src/libipsec/ipsec_policy.c index 8407921ac..8077d3c8d 100644 --- a/src/libipsec/ipsec_policy.c +++ b/src/libipsec/ipsec_policy.c @@ -54,7 +54,7 @@ struct private_ipsec_policy_t { /** * If any of the two TS has a protocol selector we cache it here */ - u_int8_t protocol; + uint8_t protocol; /** * Traffic direction @@ -90,7 +90,7 @@ struct private_ipsec_policy_t { METHOD(ipsec_policy_t, match, bool, private_ipsec_policy_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid, + traffic_selector_t *dst_ts, policy_dir_t direction, uint32_t reqid, mark_t mark, policy_priority_t priority) { return (this->direction == direction && @@ -104,7 +104,7 @@ METHOD(ipsec_policy_t, match, bool, METHOD(ipsec_policy_t, match_packet, bool, private_ipsec_policy_t *this, ip_packet_t *packet) { - u_int8_t proto = packet->get_next_header(packet); + uint8_t proto = packet->get_next_header(packet); host_t *src = packet->get_source(packet), *dst = packet->get_destination(packet); @@ -125,7 +125,7 @@ METHOD(ipsec_policy_t, get_destination_ts, traffic_selector_t*, return this->dst_ts; } -METHOD(ipsec_policy_t, get_reqid, u_int32_t, +METHOD(ipsec_policy_t, get_reqid, uint32_t, private_ipsec_policy_t *this) { return this->sa.reqid; diff --git a/src/libipsec/ipsec_policy.h b/src/libipsec/ipsec_policy.h index 23a9ea99d..6d67a602e 100644 --- a/src/libipsec/ipsec_policy.h +++ b/src/libipsec/ipsec_policy.h @@ -77,7 +77,7 @@ struct ipsec_policy_t { * * @return the reqid */ - u_int32_t (*get_reqid)(ipsec_policy_t *this); + uint32_t (*get_reqid)(ipsec_policy_t *this); /** * Get another reference to this policy @@ -99,7 +99,7 @@ struct ipsec_policy_t { */ bool (*match)(ipsec_policy_t *this, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, - u_int32_t reqid, mark_t mark, policy_priority_t priority); + uint32_t reqid, mark_t mark, policy_priority_t priority); /** * Check if this policy matches the given IP packet diff --git a/src/libipsec/ipsec_policy_mgr.c b/src/libipsec/ipsec_policy_mgr.c index 3f312ffd2..8570e07a8 100644 --- a/src/libipsec/ipsec_policy_mgr.c +++ b/src/libipsec/ipsec_policy_mgr.c @@ -57,7 +57,7 @@ typedef struct { /** * Priority used to sort policies */ - u_int32_t priority; + uint32_t priority; /** * The policy @@ -70,13 +70,13 @@ typedef struct { * Calculate the pseudo-priority to sort policies. This is the same algorithm * used by the NETLINK kernel interface (i.e. high priority -> low value). */ -static u_int32_t calculate_priority(policy_priority_t policy_priority, +static uint32_t calculate_priority(policy_priority_t policy_priority, traffic_selector_t *src, traffic_selector_t *dst) { - u_int32_t priority = PRIO_BASE; - u_int16_t port; - u_int8_t mask, proto; + uint32_t priority = PRIO_BASE; + uint16_t port; + uint8_t mask, proto; host_t *net; switch (policy_priority) @@ -182,7 +182,7 @@ METHOD(ipsec_policy_mgr_t, del_policy, status_t, { enumerator_t *enumerator; ipsec_policy_entry_t *current, *found = NULL; - u_int32_t priority; + uint32_t priority; if (type != POLICY_IPSEC || direction == POLICY_FWD) { /* we ignore these policies as we currently have no use for them */ @@ -235,7 +235,7 @@ METHOD(ipsec_policy_mgr_t, flush_policies, status_t, METHOD(ipsec_policy_mgr_t, find_by_packet, ipsec_policy_t*, private_ipsec_policy_mgr_t *this, ip_packet_t *packet, bool inbound, - u_int32_t reqid) + uint32_t reqid) { enumerator_t *enumerator; ipsec_policy_entry_t *current; diff --git a/src/libipsec/ipsec_policy_mgr.h b/src/libipsec/ipsec_policy_mgr.h index 0ea797e7a..97e147e40 100644 --- a/src/libipsec/ipsec_policy_mgr.h +++ b/src/libipsec/ipsec_policy_mgr.h @@ -105,7 +105,7 @@ struct ipsec_policy_mgr_t { */ ipsec_policy_t *(*find_by_packet)(ipsec_policy_mgr_t *this, ip_packet_t *packet, bool inbound, - u_int32_t reqid); + uint32_t reqid); /** * Destroy an ipsec_policy_mgr_t diff --git a/src/libipsec/ipsec_processor.c b/src/libipsec/ipsec_processor.c index ee297a34b..af79707d1 100644 --- a/src/libipsec/ipsec_processor.c +++ b/src/libipsec/ipsec_processor.c @@ -93,8 +93,8 @@ static job_requeue_t process_inbound(private_ipsec_processor_t *this) esp_packet_t *packet; ip_packet_t *ip_packet; ipsec_sa_t *sa; - u_int8_t next_header; - u_int32_t spi, reqid; + uint8_t next_header; + uint32_t spi, reqid; packet = (esp_packet_t*)this->inbound_queue->dequeue(this->inbound_queue); diff --git a/src/libipsec/ipsec_sa.c b/src/libipsec/ipsec_sa.c index ccbbb1b3c..ba020658b 100644 --- a/src/libipsec/ipsec_sa.c +++ b/src/libipsec/ipsec_sa.c @@ -36,7 +36,7 @@ struct private_ipsec_sa_t { /** * SPI of this SA */ - u_int32_t spi; + uint32_t spi; /** * Source address @@ -51,12 +51,12 @@ struct private_ipsec_sa_t { /** * Protocol */ - u_int8_t protocol; + uint8_t protocol; /** * Reqid of this SA */ - u_int32_t reqid; + uint32_t reqid; /** * Lifetime configuration @@ -90,9 +90,9 @@ struct private_ipsec_sa_t { /** last time of use */ time_t time; /** number of packets processed */ - u_int64_t packets; + uint64_t packets; /** number of bytes processed */ - u_int64_t bytes; + uint64_t bytes; } use; /** @@ -132,19 +132,19 @@ METHOD(ipsec_sa_t, set_destination, void, this->dst = addr->clone(addr); } -METHOD(ipsec_sa_t, get_spi, u_int32_t, +METHOD(ipsec_sa_t, get_spi, uint32_t, private_ipsec_sa_t *this) { return this->spi; } -METHOD(ipsec_sa_t, get_reqid, u_int32_t, +METHOD(ipsec_sa_t, get_reqid, uint32_t, private_ipsec_sa_t *this) { return this->reqid; } -METHOD(ipsec_sa_t, get_protocol, u_int8_t, +METHOD(ipsec_sa_t, get_protocol, uint8_t, private_ipsec_sa_t *this) { return this->protocol; @@ -169,7 +169,7 @@ METHOD(ipsec_sa_t, get_esp_context, esp_context_t*, } METHOD(ipsec_sa_t, get_usestats, void, - private_ipsec_sa_t *this, u_int64_t *bytes, u_int64_t *packets, + private_ipsec_sa_t *this, uint64_t *bytes, uint64_t *packets, time_t *time) { if (bytes) @@ -210,7 +210,7 @@ METHOD(ipsec_sa_t, expire, void, } METHOD(ipsec_sa_t, update_usestats, void, - private_ipsec_sa_t *this, u_int32_t bytes) + private_ipsec_sa_t *this, uint32_t bytes) { this->use.time = time_monotonic(NULL); this->use.packets++; @@ -239,21 +239,21 @@ METHOD(ipsec_sa_t, update_usestats, void, } METHOD(ipsec_sa_t, match_by_spi_dst, bool, - private_ipsec_sa_t *this, u_int32_t spi, host_t *dst) + private_ipsec_sa_t *this, uint32_t spi, host_t *dst) { return this->spi == spi && this->dst->ip_equals(this->dst, dst) && !this->hard_expired; } METHOD(ipsec_sa_t, match_by_spi_src_dst, bool, - private_ipsec_sa_t *this, u_int32_t spi, host_t *src, host_t *dst) + private_ipsec_sa_t *this, uint32_t spi, host_t *src, host_t *dst) { return this->spi == spi && this->src->ip_equals(this->src, src) && this->dst->ip_equals(this->dst, dst); } METHOD(ipsec_sa_t, match_by_reqid, bool, - private_ipsec_sa_t *this, u_int32_t reqid, bool inbound) + private_ipsec_sa_t *this, uint32_t reqid, bool inbound) { return this->reqid == reqid && this->inbound == inbound && !this->hard_expired; @@ -271,11 +271,11 @@ METHOD(ipsec_sa_t, destroy, void, /** * Described in header. */ -ipsec_sa_t *ipsec_sa_create(u_int32_t spi, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc, - lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, - u_int16_t ipcomp, u_int16_t cpi, bool encap, bool esn, bool inbound) +ipsec_sa_t *ipsec_sa_create(uint32_t spi, host_t *src, host_t *dst, + uint8_t protocol, uint32_t reqid, mark_t mark, uint32_t tfc, + lifetime_cfg_t *lifetime, uint16_t enc_alg, chunk_t enc_key, + uint16_t int_alg, chunk_t int_key, ipsec_mode_t mode, + uint16_t ipcomp, uint16_t cpi, bool encap, bool esn, bool inbound) { private_ipsec_sa_t *this; diff --git a/src/libipsec/ipsec_sa.h b/src/libipsec/ipsec_sa.h index 8dad29ac5..36fe48379 100644 --- a/src/libipsec/ipsec_sa.h +++ b/src/libipsec/ipsec_sa.h @@ -70,21 +70,21 @@ struct ipsec_sa_t { * * @return SPI of this SA */ - u_int32_t (*get_spi)(ipsec_sa_t *this); + uint32_t (*get_spi)(ipsec_sa_t *this); /** * Get the reqid of this SA * * @return reqid of this SA */ - u_int32_t (*get_reqid)(ipsec_sa_t *this); + uint32_t (*get_reqid)(ipsec_sa_t *this); /** * Get the protocol (e.g. IPPROTO_ESP) of this SA * * @return protocol of this SA */ - u_int8_t (*get_protocol)(ipsec_sa_t *this); + uint8_t (*get_protocol)(ipsec_sa_t *this); /** * Returns whether this SA is inbound or outbound @@ -116,7 +116,7 @@ struct ipsec_sa_t { * @param packets receives number of processed packets, or NULL * @param time receives last use time of this SA, or NULL */ - void (*get_usestats)(ipsec_sa_t *this, u_int64_t *bytes, u_int64_t *packets, + void (*get_usestats)(ipsec_sa_t *this, uint64_t *bytes, uint64_t *packets, time_t *time); /** @@ -124,7 +124,7 @@ struct ipsec_sa_t { * * @param bytes length of packet processed */ - void (*update_usestats)(ipsec_sa_t *this, u_int32_t bytes); + void (*update_usestats)(ipsec_sa_t *this, uint32_t bytes); /** * Expire this SA, soft or hard. @@ -145,7 +145,7 @@ struct ipsec_sa_t { * @param dst destination address * @return TRUE if this SA matches all parameters, FALSE otherwise */ - bool (*match_by_spi_dst)(ipsec_sa_t *this, u_int32_t spi, host_t *dst); + bool (*match_by_spi_dst)(ipsec_sa_t *this, uint32_t spi, host_t *dst); /** * Check if this SA matches all given parameters @@ -155,7 +155,7 @@ struct ipsec_sa_t { * @param dst destination address * @return TRUE if this SA matches all parameters, FALSE otherwise */ - bool (*match_by_spi_src_dst)(ipsec_sa_t *this, u_int32_t spi, host_t *src, + bool (*match_by_spi_src_dst)(ipsec_sa_t *this, uint32_t spi, host_t *src, host_t *dst); /** @@ -167,7 +167,7 @@ struct ipsec_sa_t { * @param inbound TRUE for inbound SA, FALSE for outbound * @return TRUE if this SA matches all parameters, FALSE otherwise */ - bool (*match_by_reqid)(ipsec_sa_t *this, u_int32_t reqid, bool inbound); + bool (*match_by_reqid)(ipsec_sa_t *this, uint32_t reqid, bool inbound); /** * Destroy an ipsec_sa_t @@ -199,12 +199,12 @@ struct ipsec_sa_t { * @param inbound TRUE if this is an inbound SA, FALSE otherwise * @return the IPsec SA, or NULL if the creation failed */ -ipsec_sa_t *ipsec_sa_create(u_int32_t spi, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t reqid, mark_t mark, - u_int32_t tfc, lifetime_cfg_t *lifetime, - u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, - ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, +ipsec_sa_t *ipsec_sa_create(uint32_t spi, host_t *src, host_t *dst, + uint8_t protocol, uint32_t reqid, mark_t mark, + uint32_t tfc, lifetime_cfg_t *lifetime, + uint16_t enc_alg, chunk_t enc_key, + uint16_t int_alg, chunk_t int_key, + ipsec_mode_t mode, uint16_t ipcomp, uint16_t cpi, bool encap, bool esn, bool inbound); #endif /** IPSEC_SA_H_ @}*/ diff --git a/src/libipsec/ipsec_sa_mgr.c b/src/libipsec/ipsec_sa_mgr.c index 9d461f2c1..ec35c6ea3 100644 --- a/src/libipsec/ipsec_sa_mgr.c +++ b/src/libipsec/ipsec_sa_mgr.c @@ -109,19 +109,19 @@ typedef struct { /** * 0 if this is a hard expire, otherwise the offset in s (soft->hard) */ - u_int32_t hard_offset; + uint32_t hard_offset; } ipsec_sa_expired_t; /* * Used for the hash table of allocated SPIs */ -static bool spi_equals(u_int32_t *spi, u_int32_t *other_spi) +static bool spi_equals(uint32_t *spi, uint32_t *other_spi) { return *spi == *other_spi; } -static u_int spi_hash(u_int32_t *spi) +static u_int spi_hash(uint32_t *spi) { return chunk_hash(chunk_from_thing(*spi)); } @@ -237,26 +237,26 @@ static bool match_entry_by_sa_ptr(ipsec_sa_entry_t *item, ipsec_sa_t *sa) return item->sa == sa; } -static bool match_entry_by_spi_inbound(ipsec_sa_entry_t *item, u_int32_t *spi, +static bool match_entry_by_spi_inbound(ipsec_sa_entry_t *item, uint32_t *spi, bool *inbound) { return item->sa->get_spi(item->sa) == *spi && item->sa->is_inbound(item->sa) == *inbound; } -static bool match_entry_by_spi_src_dst(ipsec_sa_entry_t *item, u_int32_t *spi, +static bool match_entry_by_spi_src_dst(ipsec_sa_entry_t *item, uint32_t *spi, host_t *src, host_t *dst) { return item->sa->match_by_spi_src_dst(item->sa, *spi, src, dst); } static bool match_entry_by_reqid_inbound(ipsec_sa_entry_t *item, - u_int32_t *reqid, bool *inbound) + uint32_t *reqid, bool *inbound) { return item->sa->match_by_reqid(item->sa, *reqid, *inbound); } -static bool match_entry_by_spi_dst(ipsec_sa_entry_t *item, u_int32_t *spi, +static bool match_entry_by_spi_dst(ipsec_sa_entry_t *item, uint32_t *spi, host_t *dst) { return item->sa->match_by_spi_dst(item->sa, *spi, dst); @@ -299,7 +299,7 @@ static job_requeue_t sa_expired(ipsec_sa_expired_t *expired) if (this->sas->find_first(this->sas, (void*)match_entry_by_ptr, NULL, expired->entry) == SUCCESS) { - u_int32_t hard_offset; + uint32_t hard_offset; hard_offset = expired->hard_offset; expired->entry->sa->expire(expired->entry->sa, hard_offset == 0); @@ -328,7 +328,7 @@ static void schedule_expiration(private_ipsec_sa_mgr_t *this, lifetime_cfg_t *lifetime = entry->sa->get_lifetime(entry->sa); ipsec_sa_expired_t *expired; callback_job_t *job; - u_int32_t timeout; + uint32_t timeout; if (!lifetime->time.life) { /* no expiration at all */ @@ -362,7 +362,7 @@ static void schedule_expiration(private_ipsec_sa_mgr_t *this, static void flush_allocated_spis(private_ipsec_sa_mgr_t *this) { enumerator_t *enumerator; - u_int32_t *current; + uint32_t *current; DBG2(DBG_ESP, "flushing allocated SPIs"); enumerator = this->allocated_spis->create_enumerator(this->allocated_spis); @@ -378,9 +378,9 @@ static void flush_allocated_spis(private_ipsec_sa_mgr_t *this) /** * Pre-allocate an SPI for an inbound SA */ -static bool allocate_spi(private_ipsec_sa_mgr_t *this, u_int32_t spi) +static bool allocate_spi(private_ipsec_sa_mgr_t *this, uint32_t spi) { - u_int32_t *spi_alloc; + uint32_t *spi_alloc; if (this->allocated_spis->get(this->allocated_spis, &spi) || this->sas->find_first(this->sas, (void*)match_entry_by_spi_inbound, @@ -388,17 +388,17 @@ static bool allocate_spi(private_ipsec_sa_mgr_t *this, u_int32_t spi) { return FALSE; } - spi_alloc = malloc_thing(u_int32_t); + spi_alloc = malloc_thing(uint32_t); *spi_alloc = spi; this->allocated_spis->put(this->allocated_spis, spi_alloc, spi_alloc); return TRUE; } METHOD(ipsec_sa_mgr_t, get_spi, status_t, - private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, u_int8_t protocol, - u_int32_t *spi) + private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, uint8_t protocol, + uint32_t *spi) { - u_int32_t spi_new; + uint32_t spi_new; this->mutex->lock(this->mutex); if (!this->rng) @@ -415,7 +415,7 @@ METHOD(ipsec_sa_mgr_t, get_spi, status_t, do { if (!this->rng->get_bytes(this->rng, sizeof(spi_new), - (u_int8_t*)&spi_new)) + (uint8_t*)&spi_new)) { this->mutex->unlock(this->mutex); DBG1(DBG_ESP, "failed to allocate SPI"); @@ -435,11 +435,11 @@ METHOD(ipsec_sa_mgr_t, get_spi, status_t, } METHOD(ipsec_sa_mgr_t, add_sa, status_t, - private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, u_int32_t spi, - u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc, - lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, - u_int16_t cpi, bool initiator, bool encap, bool esn, bool inbound, + private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, uint32_t spi, + uint8_t protocol, uint32_t reqid, mark_t mark, uint32_t tfc, + lifetime_cfg_t *lifetime, uint16_t enc_alg, chunk_t enc_key, + uint16_t int_alg, chunk_t int_key, ipsec_mode_t mode, uint16_t ipcomp, + uint16_t cpi, bool initiator, bool encap, bool esn, bool inbound, bool update) { ipsec_sa_entry_t *entry; @@ -465,7 +465,7 @@ METHOD(ipsec_sa_mgr_t, add_sa, status_t, if (update) { /* remove any pre-allocated SPIs */ - u_int32_t *spi_alloc; + uint32_t *spi_alloc; spi_alloc = this->allocated_spis->remove(this->allocated_spis, &spi); free(spi_alloc); @@ -489,8 +489,8 @@ METHOD(ipsec_sa_mgr_t, add_sa, status_t, } METHOD(ipsec_sa_mgr_t, update_sa, status_t, - private_ipsec_sa_mgr_t *this, u_int32_t spi, u_int8_t protocol, - u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, + private_ipsec_sa_mgr_t *this, uint32_t spi, uint8_t protocol, + uint16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, bool encap, bool new_encap, mark_t mark) { ipsec_sa_entry_t *entry = NULL; @@ -528,8 +528,8 @@ METHOD(ipsec_sa_mgr_t, update_sa, status_t, METHOD(ipsec_sa_mgr_t, query_sa, status_t, private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes, u_int64_t *packets, time_t *time) + uint32_t spi, uint8_t protocol, mark_t mark, + uint64_t *bytes, uint64_t *packets, time_t *time) { ipsec_sa_entry_t *entry = NULL; @@ -549,8 +549,8 @@ METHOD(ipsec_sa_mgr_t, query_sa, status_t, } METHOD(ipsec_sa_mgr_t, del_sa, status_t, - private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, u_int32_t spi, - u_int8_t protocol, u_int16_t cpi, mark_t mark) + private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, uint32_t spi, + uint8_t protocol, uint16_t cpi, mark_t mark) { ipsec_sa_entry_t *current, *found = NULL; enumerator_t *enumerator; @@ -583,7 +583,7 @@ METHOD(ipsec_sa_mgr_t, del_sa, status_t, } METHOD(ipsec_sa_mgr_t, checkout_by_reqid, ipsec_sa_t*, - private_ipsec_sa_mgr_t *this, u_int32_t reqid, bool inbound) + private_ipsec_sa_mgr_t *this, uint32_t reqid, bool inbound) { ipsec_sa_entry_t *entry; ipsec_sa_t *sa = NULL; @@ -600,7 +600,7 @@ METHOD(ipsec_sa_mgr_t, checkout_by_reqid, ipsec_sa_t*, } METHOD(ipsec_sa_mgr_t, checkout_by_spi, ipsec_sa_t*, - private_ipsec_sa_mgr_t *this, u_int32_t spi, host_t *dst) + private_ipsec_sa_mgr_t *this, uint32_t spi, host_t *dst) { ipsec_sa_entry_t *entry; ipsec_sa_t *sa = NULL; diff --git a/src/libipsec/ipsec_sa_mgr.h b/src/libipsec/ipsec_sa_mgr.h index a57eab4e7..708af1fda 100644 --- a/src/libipsec/ipsec_sa_mgr.h +++ b/src/libipsec/ipsec_sa_mgr.h @@ -49,7 +49,7 @@ struct ipsec_sa_mgr_t { * @return SUCCESS of operation successful */ status_t (*get_spi)(ipsec_sa_mgr_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi); + uint8_t protocol, uint32_t *spi); /** * Add a new SA @@ -77,11 +77,11 @@ struct ipsec_sa_mgr_t { * @return SUCCESS if operation completed */ status_t (*add_sa)(ipsec_sa_mgr_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int32_t reqid, - mark_t mark, u_int32_t tfc, lifetime_cfg_t *lifetime, - u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, - chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, - u_int16_t cpi, bool initiator, bool encap, bool esn, + uint32_t spi, uint8_t protocol, uint32_t reqid, + mark_t mark, uint32_t tfc, lifetime_cfg_t *lifetime, + uint16_t enc_alg, chunk_t enc_key, uint16_t int_alg, + chunk_t int_key, ipsec_mode_t mode, uint16_t ipcomp, + uint16_t cpi, bool initiator, bool encap, bool esn, bool inbound, bool update); /** @@ -100,7 +100,7 @@ struct ipsec_sa_mgr_t { * @return SUCCESS if operation completed */ status_t (*update_sa)(ipsec_sa_mgr_t *this, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, + uint32_t spi, uint8_t protocol, uint16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, bool encap, bool new_encap, mark_t mark); @@ -119,8 +119,8 @@ struct ipsec_sa_mgr_t { * @return SUCCESS if operation completed */ status_t (*query_sa)(ipsec_sa_mgr_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes, u_int64_t *packets, time_t *time); + uint32_t spi, uint8_t protocol, mark_t mark, + uint64_t *bytes, uint64_t *packets, time_t *time); /** * Delete a previously added SA @@ -134,7 +134,7 @@ struct ipsec_sa_mgr_t { * @return SUCCESS if operation completed */ status_t (*del_sa)(ipsec_sa_mgr_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, + uint32_t spi, uint8_t protocol, uint16_t cpi, mark_t mark); /** @@ -159,7 +159,7 @@ struct ipsec_sa_mgr_t { * @param dst destination address (e.g. of an inbound packet) * @return the matching IPsec SA, or NULL if none is found */ - ipsec_sa_t *(*checkout_by_spi)(ipsec_sa_mgr_t *this, u_int32_t spi, + ipsec_sa_t *(*checkout_by_spi)(ipsec_sa_mgr_t *this, uint32_t spi, host_t *dst); /** @@ -177,7 +177,7 @@ struct ipsec_sa_mgr_t { * @param inbound TRUE for an inbound SA, FALSE for an outbound SA * @return the matching IPsec SA, or NULL if none is found */ - ipsec_sa_t *(*checkout_by_reqid)(ipsec_sa_mgr_t *this, u_int32_t reqid, + ipsec_sa_t *(*checkout_by_reqid)(ipsec_sa_mgr_t *this, uint32_t reqid, bool inbound); /** diff --git a/src/libipsec/tests/Makefile.in b/src/libipsec/tests/Makefile.in index ebf6e7e93..db73e1fe0 100644 --- a/src/libipsec/tests/Makefile.in +++ b/src/libipsec/tests/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ host_triplet = @host@ TESTS = ipsec_tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = src/libipsec/tests -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -196,12 +205,14 @@ am__tty_colors = { \ std=''; \ fi; \ } +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -251,6 +262,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -285,6 +297,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -396,6 +409,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libipsec/tests/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libipsec/tests/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -866,6 +879,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libipsec/tests/suites/test_chapoly.c b/src/libipsec/tests/suites/test_chapoly.c index 31dc2ac7b..67099deb2 100644 --- a/src/libipsec/tests/suites/test_chapoly.c +++ b/src/libipsec/tests/suites/test_chapoly.c @@ -27,7 +27,7 @@ METHOD(aead_t, get_iv_gen, iv_gen_t*, } METHOD(iv_gen_t, get_iv, bool, - iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer) + iv_gen_t *this, uint64_t seq, size_t size, uint8_t *buffer) { if (size != 8) { @@ -38,7 +38,7 @@ METHOD(iv_gen_t, get_iv, bool, } METHOD(iv_gen_t, allocate_iv, bool, - iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk) + iv_gen_t *this, uint64_t seq, size_t size, chunk_t *chunk) { if (size != 8) { @@ -58,7 +58,7 @@ START_TEST(test_chapoly) esp_packet_t *esp; esp_context_t *ctx; chunk_t data, exp; - u_int32_t seq = 0; + uint32_t seq = 0; icmp = ip_packet_create(chunk_clone(chunk_from_chars( 0x45,0x00,0x00,0x54,0xa6,0xf2,0x00,0x00, diff --git a/src/libpttls/Makefile.in b/src/libpttls/Makefile.in index c4eb8b4a9..a4d4b332b 100644 --- a/src/libpttls/Makefile.in +++ b/src/libpttls/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ @USE_WINDOWS_TRUE@am__append_1 = -lws2_32 subdir = src/libpttls -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -465,7 +479,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libpttls/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libpttls/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -798,6 +811,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipseclibLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libpttls/pt_tls.c b/src/libpttls/pt_tls.c index 3c1f874d7..01493f45c 100644 --- a/src/libpttls/pt_tls.c +++ b/src/libpttls/pt_tls.c @@ -17,6 +17,7 @@ #include #include + /** * Described in header. */ @@ -87,12 +88,12 @@ static bio_reader_t* read_tls(tls_socket_t *tls, size_t len) /** * Read a PT-TLS message, return header data */ -bio_reader_t* pt_tls_read(tls_socket_t *tls, u_int32_t *vendor, - u_int32_t *type, u_int32_t *identifier) +bio_reader_t* pt_tls_read(tls_socket_t *tls, uint32_t *vendor, + uint32_t *type, uint32_t *identifier) { bio_reader_t *reader; - u_int32_t len; - u_int8_t reserved; + uint32_t len; + uint8_t reserved; reader = read_tls(tls, PT_TLS_HEADER_LEN); if (!reader) @@ -135,7 +136,7 @@ bio_reader_t* pt_tls_read(tls_socket_t *tls, u_int32_t *vendor, * Prepend a PT-TLS header to a writer, send data, destroy writer */ bool pt_tls_write(tls_socket_t *tls, pt_tls_message_type_t type, - u_int32_t identifier, chunk_t data) + uint32_t identifier, chunk_t data) { bio_writer_t *writer; chunk_t out; diff --git a/src/libpttls/pt_tls.h b/src/libpttls/pt_tls.h index b2f3198a4..2cee8e10f 100644 --- a/src/libpttls/pt_tls.h +++ b/src/libpttls/pt_tls.h @@ -105,8 +105,8 @@ enum pt_tls_auth_t { * @param identifier receives Message Identifer * @return reader over message value, NULL on error */ -bio_reader_t* pt_tls_read(tls_socket_t *tls, u_int32_t *vendor, - u_int32_t *type, u_int32_t *identifier); +bio_reader_t* pt_tls_read(tls_socket_t *tls, uint32_t *vendor, + uint32_t *type, uint32_t *identifier); /** * Prepend a PT-TLS header to a writer, send data, destroy writer. @@ -118,7 +118,7 @@ bio_reader_t* pt_tls_read(tls_socket_t *tls, u_int32_t *vendor, * @return TRUE if data written successfully */ bool pt_tls_write(tls_socket_t *tls, pt_tls_message_type_t type, - u_int32_t identifier, chunk_t data); + uint32_t identifier, chunk_t data); /** * Dummy libpttls initialization function needed for integrity test diff --git a/src/libpttls/pt_tls_client.c b/src/libpttls/pt_tls_client.c index bd5b96f70..167918811 100644 --- a/src/libpttls/pt_tls_client.c +++ b/src/libpttls/pt_tls_client.c @@ -60,7 +60,7 @@ struct private_pt_tls_client_t { /** * Current PT-TLS message identifier */ - u_int32_t identifier; + uint32_t identifier; }; /** @@ -101,8 +101,8 @@ static bool negotiate_version(private_pt_tls_client_t *this) { bio_writer_t *writer; bio_reader_t *reader; - u_int32_t type, vendor, identifier, reserved; - u_int8_t version; + uint32_t type, vendor, identifier, reserved; + uint8_t version; bool res; DBG1(DBG_TNC, "sending offer for PT-TLS version %d", PT_TLS_VERSION); @@ -143,8 +143,8 @@ static bool negotiate_version(private_pt_tls_client_t *this) */ static status_t do_sasl(private_pt_tls_client_t *this, sasl_mechanism_t *sasl) { - u_int32_t type, vendor, identifier; - u_int8_t result; + uint32_t type, vendor, identifier; + uint8_t result; bio_reader_t *reader; bio_writer_t *writer; chunk_t data; @@ -277,8 +277,8 @@ static status_t select_and_do_sasl(private_pt_tls_client_t *this) { bio_reader_t *reader; sasl_mechanism_t *sasl = NULL; - u_int32_t type, vendor, identifier; - u_int8_t len; + uint32_t type, vendor, identifier; + uint8_t len; chunk_t chunk; char buf[21]; status_t status = NEED_MORE; @@ -364,7 +364,7 @@ static bool assess(private_pt_tls_client_t *this, tls_t *tnccs) size_t buflen = PT_TLS_MAX_MESSAGE_LEN; char buf[buflen]; bio_reader_t *reader; - u_int32_t vendor, type, identifier; + uint32_t vendor, type, identifier; chunk_t data; switch (tnccs->build(tnccs, buf, &buflen, &msglen)) diff --git a/src/libpttls/pt_tls_server.c b/src/libpttls/pt_tls_server.c index cedc2632c..a1c645319 100644 --- a/src/libpttls/pt_tls_server.c +++ b/src/libpttls/pt_tls_server.c @@ -55,7 +55,7 @@ struct private_pt_tls_server_t { /** * Message Identifier */ - u_int32_t identifier; + uint32_t identifier; /** * TNCCS protocol handler, implemented as tls_t @@ -71,8 +71,8 @@ static bool negotiate_version(private_pt_tls_server_t *this) { bio_reader_t *reader; bio_writer_t *writer; - u_int32_t vendor, type, identifier; - u_int8_t reserved, vmin, vmax, vpref; + uint32_t vendor, type, identifier; + uint8_t reserved, vmin, vmax, vpref; bool res; reader = pt_tls_read(this->tls, &vendor, &type, &identifier); @@ -161,7 +161,7 @@ static status_t process_sasl(private_pt_tls_server_t *this, static status_t read_sasl(private_pt_tls_server_t *this, sasl_mechanism_t *sasl) { - u_int32_t vendor, type, identifier; + uint32_t vendor, type, identifier; bio_reader_t *reader; status_t status; chunk_t data; @@ -260,11 +260,11 @@ static bool send_sasl_mechs(private_pt_tls_server_t *this) static status_t read_sasl_mech_selection(private_pt_tls_server_t *this, sasl_mechanism_t **out) { - u_int32_t vendor, type, identifier; + uint32_t vendor, type, identifier; sasl_mechanism_t *sasl; bio_reader_t *reader; chunk_t chunk; - u_int8_t len; + uint8_t len; char buf[21]; reader = pt_tls_read(this->tls, &vendor, &type, &identifier); @@ -406,7 +406,7 @@ static status_t assess(private_pt_tls_server_t *this, tls_t *tnccs) size_t buflen = PT_TLS_MAX_MESSAGE_LEN; char buf[buflen]; bio_reader_t *reader; - u_int32_t vendor, type, identifier; + uint32_t vendor, type, identifier; chunk_t data; status_t status; diff --git a/src/libradius/Makefile.in b/src/libradius/Makefile.in index 9b03099da..f5a5d1231 100644 --- a/src/libradius/Makefile.in +++ b/src/libradius/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libradius -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -196,12 +205,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -251,6 +262,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -285,6 +297,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -396,6 +409,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libradius/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libradius/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -762,6 +775,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipseclibLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libradius/radius_config.c b/src/libradius/radius_config.c index 663173411..521cd1dec 100644 --- a/src/libradius/radius_config.c +++ b/src/libradius/radius_config.c @@ -200,7 +200,7 @@ METHOD(radius_config_t, destroy, void, * See header */ radius_config_t *radius_config_create(char *name, char *address, - u_int16_t auth_port, u_int16_t acct_port, + uint16_t auth_port, uint16_t acct_port, char *nas_identifier, char *secret, int sockets, int preference, u_int tries, double timeout, double base) diff --git a/src/libradius/radius_config.h b/src/libradius/radius_config.h index c0ff057c8..c9a2f63bd 100644 --- a/src/libradius/radius_config.h +++ b/src/libradius/radius_config.h @@ -118,7 +118,7 @@ struct radius_config_t { * @param base base to calculate retransmission timeout */ radius_config_t *radius_config_create(char *name, char *address, - u_int16_t auth_port, u_int16_t acct_port, + uint16_t auth_port, uint16_t acct_port, char *nas_identifier, char *secret, int sockets, int preference, u_int tries, double timeout, double base); diff --git a/src/libradius/radius_message.c b/src/libradius/radius_message.c index 01c829841..9705d3b53 100644 --- a/src/libradius/radius_message.c +++ b/src/libradius/radius_message.c @@ -28,15 +28,15 @@ typedef struct rattr_t rattr_t; */ struct rmsg_t { /** message code, radius_message_code_t */ - u_int8_t code; + uint8_t code; /** message identifier */ - u_int8_t identifier; + uint8_t identifier; /** length of Code, Identifier, Length, Authenticator and Attributes */ - u_int16_t length; + uint16_t length; /** message authenticator, MD5 hash */ - u_int8_t authenticator[HASH_SIZE_MD5]; + uint8_t authenticator[HASH_SIZE_MD5]; /** variable list of packed attributes */ - u_int8_t attributes[]; + uint8_t attributes[]; } __attribute__((packed)); /** @@ -44,11 +44,11 @@ struct rmsg_t { */ struct rattr_t { /** attribute type, radius_attribute_type_t */ - u_int8_t type; + uint8_t type; /** length of the attriubte, including the Type, Length and Value fields */ - u_int8_t length; + uint8_t length; /** variable length attribute value */ - u_int8_t value[]; + uint8_t value[]; } __attribute__((packed)); /** @@ -293,7 +293,7 @@ typedef struct { /** inner attribute enumerator */ enumerator_t *inner; /** current vendor ID */ - u_int32_t vendor; + uint32_t vendor; /** reader for current vendor ID */ bio_reader_t *reader; } vendor_enumerator_t; @@ -303,7 +303,7 @@ METHOD(enumerator_t, vendor_enumerate, bool, { chunk_t inner_data; int inner_type; - u_int8_t type8, len; + uint8_t type8, len; while (TRUE) { @@ -449,7 +449,7 @@ METHOD(radius_message_t, crypt, bool, } METHOD(radius_message_t, sign, bool, - private_radius_message_t *this, u_int8_t *req_auth, chunk_t secret, + private_radius_message_t *this, uint8_t *req_auth, chunk_t secret, hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth) { if (rng) @@ -516,7 +516,7 @@ METHOD(radius_message_t, sign, bool, } METHOD(radius_message_t, verify, bool, - private_radius_message_t *this, u_int8_t *req_auth, chunk_t secret, + private_radius_message_t *this, uint8_t *req_auth, chunk_t secret, hasher_t *hasher, signer_t *signer) { char buf[HASH_SIZE_MD5], res_auth[HASH_SIZE_MD5]; @@ -606,19 +606,19 @@ METHOD(radius_message_t, get_code, radius_message_code_t, return this->msg->code; } -METHOD(radius_message_t, get_identifier, u_int8_t, +METHOD(radius_message_t, get_identifier, uint8_t, private_radius_message_t *this) { return this->msg->identifier; } METHOD(radius_message_t, set_identifier, void, - private_radius_message_t *this, u_int8_t identifier) + private_radius_message_t *this, uint8_t identifier) { this->msg->identifier = identifier; } -METHOD(radius_message_t, get_authenticator, u_int8_t*, +METHOD(radius_message_t, get_authenticator, uint8_t*, private_radius_message_t *this) { return this->msg->authenticator; diff --git a/src/libradius/radius_message.h b/src/libradius/radius_message.h index e6cb40b18..c72773312 100644 --- a/src/libradius/radius_message.h +++ b/src/libradius/radius_message.h @@ -241,21 +241,21 @@ struct radius_message_t { * * @return message identifier */ - u_int8_t (*get_identifier)(radius_message_t *this); + uint8_t (*get_identifier)(radius_message_t *this); /** * Set the message identifier. * * @param identifier message identifier */ - void (*set_identifier)(radius_message_t *this, u_int8_t identifier); + void (*set_identifier)(radius_message_t *this, uint8_t identifier); /** * Get the 16 byte authenticator. * * @return pointer to the Authenticator field */ - u_int8_t* (*get_authenticator)(radius_message_t *this); + uint8_t* (*get_authenticator)(radius_message_t *this); /** * Get the RADIUS message in its encoded form. @@ -275,7 +275,7 @@ struct radius_message_t { * @param msg_auth calculate and add Message-Authenticator * @return TRUE if signed successfully */ - bool (*sign)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret, + bool (*sign)(radius_message_t *this, uint8_t *req_auth, chunk_t secret, hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth); /** @@ -286,7 +286,7 @@ struct radius_message_t { * @param signer HMAC-MD5 signer with secret set * @param hasher MD5 hasher */ - bool (*verify)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret, + bool (*verify)(radius_message_t *this, uint8_t *req_auth, chunk_t secret, hasher_t *hasher, signer_t *signer); /** diff --git a/src/libradius/radius_mppe.h b/src/libradius/radius_mppe.h index 1b7a732ec..5006ca9d0 100644 --- a/src/libradius/radius_mppe.h +++ b/src/libradius/radius_mppe.h @@ -30,11 +30,11 @@ typedef struct mppe_key_t mppe_key_t; struct mppe_key_t { - u_int32_t id; - u_int8_t type; - u_int8_t length; - u_int16_t salt; - u_int8_t key[]; + uint32_t id; + uint8_t type; + uint8_t length; + uint16_t salt; + uint8_t key[]; } __attribute__((packed)); #endif /** RADIUS_MPPE_H_ @}*/ diff --git a/src/libradius/radius_socket.c b/src/libradius/radius_socket.c index 065f2644e..115be79fb 100644 --- a/src/libradius/radius_socket.c +++ b/src/libradius/radius_socket.c @@ -60,7 +60,7 @@ struct private_radius_socket_t { /** * Server port for authentication */ - u_int16_t auth_port; + uint16_t auth_port; /** * socket file descriptor for authentication @@ -70,7 +70,7 @@ struct private_radius_socket_t { /** * Server port for accounting */ - u_int16_t acct_port; + uint16_t acct_port; /** * socket file descriptor for accounting @@ -85,7 +85,7 @@ struct private_radius_socket_t { /** * current RADIUS identifier */ - u_int8_t identifier; + uint8_t identifier; /** * hasher to use for response verification @@ -127,7 +127,7 @@ struct private_radius_socket_t { * Check or establish RADIUS connection */ static bool check_connection(private_radius_socket_t *this, - int *fd, u_int16_t port) + int *fd, uint16_t port) { if (*fd == -1) { @@ -166,7 +166,7 @@ static bool check_connection(private_radius_socket_t *this, /** * Receive the response to the message with the given ID */ -static status_t receive_response(int fd, int timeout, u_int8_t id, +static status_t receive_response(int fd, int timeout, uint8_t id, radius_message_t **response) { radius_message_t *msg; @@ -224,7 +224,7 @@ METHOD(radius_socket_t, request, radius_message_t*, radius_message_t *response; chunk_t data; int *fd, retransmit = 0, timeout; - u_int16_t port; + uint16_t port; rng_t *rng = NULL; if (request->get_code(request) == RMC_ACCOUNTING_REQUEST) @@ -299,7 +299,7 @@ METHOD(radius_socket_t, request, radius_message_t*, /** * Decrypt a MS-MPPE-Send/Recv-Key */ -static chunk_t decrypt_mppe_key(private_radius_socket_t *this, u_int16_t salt, +static chunk_t decrypt_mppe_key(private_radius_socket_t *this, uint16_t salt, chunk_t C, radius_message_t *request) { chunk_t decrypted; @@ -375,8 +375,8 @@ METHOD(radius_socket_t, destroy, void, /** * See header */ -radius_socket_t *radius_socket_create(char *address, u_int16_t auth_port, - u_int16_t acct_port, chunk_t secret, +radius_socket_t *radius_socket_create(char *address, uint16_t auth_port, + uint16_t acct_port, chunk_t secret, u_int tries, double timeout, double base) { private_radius_socket_t *this; diff --git a/src/libradius/radius_socket.h b/src/libradius/radius_socket.h index 84b146a7d..acc6c368f 100644 --- a/src/libradius/radius_socket.h +++ b/src/libradius/radius_socket.h @@ -96,8 +96,8 @@ struct radius_socket_t { * @param timeout retransmission timeout * @param base base to calculate retransmission timeout */ -radius_socket_t *radius_socket_create(char *address, u_int16_t auth_port, - u_int16_t acct_port, chunk_t secret, +radius_socket_t *radius_socket_create(char *address, uint16_t auth_port, + uint16_t acct_port, chunk_t secret, u_int tries, double timeout, double base); #endif /** RADIUS_SOCKET_H_ @}*/ diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in index e813eb085..a7bc8e321 100644 --- a/src/libsimaka/Makefile.in +++ b/src/libsimaka/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ @USE_WINDOWS_TRUE@am__append_1 = -lws2_32 subdir = src/libsimaka -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -199,12 +208,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -254,6 +265,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -288,6 +300,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -399,6 +412,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libsimaka/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libsimaka/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -762,6 +775,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipseclibLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libsimaka/simaka_card.h b/src/libsimaka/simaka_card.h index 52cb32514..b705923f6 100644 --- a/src/libsimaka/simaka_card.h +++ b/src/libsimaka/simaka_card.h @@ -66,7 +66,7 @@ struct simaka_card_t { * @param ck buffer receiving encryption key ck * @param ik buffer receiving integrity key ik * @param res buffer receiving authentication result res - * @param res_len nubmer of bytes written to res buffer + * @param res_len number of bytes written to res buffer * @return SUCCESS, FAILED, or INVALID_STATE if out of sync */ status_t (*get_quintuplet)(simaka_card_t *this, identification_t *id, @@ -112,7 +112,7 @@ struct simaka_card_t { */ void (*set_reauth)(simaka_card_t *this, identification_t *id, identification_t *next, char mk[HASH_SIZE_SHA1], - u_int16_t counter); + uint16_t counter); /** * Retrieve parameters for fast reauthentication stored via set_reauth(). @@ -123,7 +123,7 @@ struct simaka_card_t { * @return fast reauthentication identity, NULL if not found */ identification_t* (*get_reauth)(simaka_card_t *this, identification_t *id, - char mk[HASH_SIZE_SHA1], u_int16_t *counter); + char mk[HASH_SIZE_SHA1], uint16_t *counter); }; #endif /** SIMAKA_CARD_H_ @}*/ diff --git a/src/libsimaka/simaka_manager.c b/src/libsimaka/simaka_manager.c index e85dd660b..47f1f6f8a 100644 --- a/src/libsimaka/simaka_manager.c +++ b/src/libsimaka/simaka_manager.c @@ -207,7 +207,7 @@ METHOD(simaka_manager_t, card_get_pseudonym, identification_t*, METHOD(simaka_manager_t, card_set_reauth, void, private_simaka_manager_t *this, identification_t *id, identification_t *next, - char mk[HASH_SIZE_SHA1], u_int16_t counter) + char mk[HASH_SIZE_SHA1], uint16_t counter) { enumerator_t *enumerator; simaka_card_t *card; @@ -227,7 +227,7 @@ METHOD(simaka_manager_t, card_set_reauth, void, METHOD(simaka_manager_t, card_get_reauth, identification_t*, private_simaka_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1], - u_int16_t *counter) + uint16_t *counter) { enumerator_t *enumerator; simaka_card_t *card; @@ -393,7 +393,7 @@ METHOD(simaka_manager_t, provider_gen_pseudonym, identification_t*, METHOD(simaka_manager_t, provider_is_reauth, identification_t*, private_simaka_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1], - u_int16_t *counter) + uint16_t *counter) { enumerator_t *enumerator; simaka_provider_t *provider; diff --git a/src/libsimaka/simaka_manager.h b/src/libsimaka/simaka_manager.h index bdd50296e..b10d1659b 100644 --- a/src/libsimaka/simaka_manager.h +++ b/src/libsimaka/simaka_manager.h @@ -84,7 +84,7 @@ struct simaka_manager_t { * @param ck buffer receiving encryption key ck * @param ik buffer receiving integrity key ik * @param res buffer receiving authentication result res - * @param res_len nubmer of bytes written to res buffer + * @param res_len number of bytes written to res buffer * @return SUCCESS, FAILED, or INVALID_STATE if out of sync */ status_t (*card_get_quintuplet)(simaka_manager_t *this, identification_t *id, @@ -131,7 +131,7 @@ struct simaka_manager_t { */ void (*card_set_reauth)(simaka_manager_t *this, identification_t *id, identification_t *next, char mk[HASH_SIZE_SHA1], - u_int16_t counter); + uint16_t counter); /** * Retrieve fast reauthentication parameters from one of the registered cards. @@ -143,7 +143,7 @@ struct simaka_manager_t { */ identification_t* (*card_get_reauth)(simaka_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1], - u_int16_t *counter); + uint16_t *counter); /** * Register a triplet provider (server) at the manager. @@ -228,7 +228,7 @@ struct simaka_manager_t { */ identification_t* (*provider_is_reauth)(simaka_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1], - u_int16_t *counter); + uint16_t *counter); /** * Generate a fast reauth id using one of the registered providers. diff --git a/src/libsimaka/simaka_message.c b/src/libsimaka/simaka_message.c index 7dd15480b..234d7ef2a 100644 --- a/src/libsimaka/simaka_message.c +++ b/src/libsimaka/simaka_message.c @@ -30,17 +30,17 @@ typedef struct attr_t attr_t; */ struct hdr_t { /** EAP code (REQUEST/RESPONSE) */ - u_int8_t code; + uint8_t code; /** unique message identifier */ - u_int8_t identifier; + uint8_t identifier; /** length of whole message */ - u_int16_t length; + uint16_t length; /** EAP type => EAP_SIM/EAP_AKA */ - u_int8_t type; + uint8_t type; /** SIM subtype */ - u_int8_t subtype; + uint8_t subtype; /** reserved bytes */ - u_int16_t reserved; + uint16_t reserved; } __attribute__((__packed__)); /** @@ -48,9 +48,9 @@ struct hdr_t { */ struct attr_hdr_t { /** attribute type */ - u_int8_t type; + uint8_t type; /** attibute length */ - u_int8_t length; + uint8_t length; } __attribute__((__packed__)); /** @@ -204,7 +204,7 @@ METHOD(simaka_message_t, is_request, bool, return this->hdr->code == EAP_REQUEST; } -METHOD(simaka_message_t, get_identifier, u_int8_t, +METHOD(simaka_message_t, get_identifier, uint8_t, private_simaka_message_t *this) { return this->hdr->identifier; @@ -366,7 +366,7 @@ static bool parse_attributes(private_simaka_message_t *this, chunk_t in) case AT_IDENTITY: case AT_VERSION_LIST: { - u_int16_t len; + uint16_t len; if (hdr->length < 1 || in.len < 4) { @@ -610,7 +610,7 @@ METHOD(simaka_message_t, generate, bool, chunk_t out, encr, data, *target, mac = chunk_empty; simaka_attribute_t type; attr_hdr_t *hdr; - u_int16_t len; + uint16_t len; signer_t *signer; call_hook(this, FALSE, TRUE); @@ -684,7 +684,7 @@ METHOD(simaka_message_t, generate, bool, case AT_VERSION_LIST: case AT_RES: { - u_int16_t len, padding; + uint16_t len, padding; len = htons(data.len); if (type == AT_RES) @@ -912,7 +912,7 @@ simaka_message_t *simaka_message_create_from_payload(chunk_t data, /** * See header. */ -simaka_message_t *simaka_message_create(bool request, u_int8_t identifier, +simaka_message_t *simaka_message_create(bool request, uint8_t identifier, eap_type_t type, simaka_subtype_t subtype, simaka_crypto_t *crypto) { diff --git a/src/libsimaka/simaka_message.h b/src/libsimaka/simaka_message.h index 9e2c7dea9..2393d3450 100644 --- a/src/libsimaka/simaka_message.h +++ b/src/libsimaka/simaka_message.h @@ -176,7 +176,7 @@ struct simaka_message_t { * * @return EAP message identifier */ - u_int8_t (*get_identifier)(simaka_message_t *this); + uint8_t (*get_identifier)(simaka_message_t *this); /** * Get the EAP type of the message. @@ -257,7 +257,7 @@ struct simaka_message_t { * @param crypto EAP-SIM/AKA crypto helper * @return empty message of requested kind, NULL on error */ -simaka_message_t *simaka_message_create(bool request, u_int8_t identifier, +simaka_message_t *simaka_message_create(bool request, uint8_t identifier, eap_type_t type, simaka_subtype_t subtype, simaka_crypto_t *crypto); diff --git a/src/libsimaka/simaka_provider.h b/src/libsimaka/simaka_provider.h index f1bf80049..ef1c73908 100644 --- a/src/libsimaka/simaka_provider.h +++ b/src/libsimaka/simaka_provider.h @@ -62,7 +62,7 @@ struct simaka_provider_t { * @param id permanent identity of peer to create challenge for * @param rand buffer receiving random value rand * @param xres buffer receiving expected authentication result xres - * @param xres_len nubmer of bytes written to xres buffer + * @param xres_len number of bytes written to xres buffer * @param ck buffer receiving encryption key ck * @param ik buffer receiving integrity key ik * @param autn authentication token autn @@ -112,7 +112,7 @@ struct simaka_provider_t { * @return permanent identity, NULL if id not a reauth identity */ identification_t* (*is_reauth)(simaka_provider_t *this, identification_t *id, - char mk[HASH_SIZE_SHA1], u_int16_t *counter); + char mk[HASH_SIZE_SHA1], uint16_t *counter); /** * Generate a fast reauthentication identity, associated to a master key. diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index 0bac61b44..9be93f1f8 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -120,7 +120,9 @@ endif library.lo : $(top_builddir)/config.status -libstrongswan_la_LIBADD = $(DLLIB) $(BTLIB) $(SOCKLIB) $(RTLIB) $(BFDLIB) $(UNWINDLIB) +libstrongswan_la_LIBADD = \ + $(DLLIB) $(ATOMICLIB) $(BTLIB) $(SOCKLIB) \ + $(RTLIB) $(BFDLIB) $(UNWINDLIB) AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in index d88c96f03..d1b65bdb2 100644 --- a/src/libstrongswan/Makefile.in +++ b/src/libstrongswan/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -221,12 +231,6 @@ host_triplet = @host@ @MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_123 = plugins/test_vectors/libstrongswan-test-vectors.la @USE_BLISS_TRUE@am__append_124 = plugins/bliss/tests subdir = src/libstrongswan -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - settings/settings_parser.h settings/settings_parser.c \ - settings/settings_lexer.c $(top_srcdir)/depcomp \ - $(top_srcdir)/ylwrap \ - $(am__nobase_strongswan_include_HEADERS_DIST) \ - $(noinst_HEADERS) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -240,6 +244,9 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am \ + $(am__nobase_strongswan_include_HEADERS_DIST) \ + $(noinst_HEADERS) $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -280,26 +287,27 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__append_19) $(am__append_21) \ - $(am__append_23) $(am__append_25) $(am__append_27) \ - $(am__append_29) $(am__append_31) $(am__append_33) \ - $(am__append_35) $(am__append_37) $(am__append_39) \ - $(am__append_41) $(am__append_43) $(am__append_45) \ - $(am__append_47) $(am__append_49) $(am__append_51) \ - $(am__append_53) $(am__append_55) $(am__append_57) \ - $(am__append_59) $(am__append_61) $(am__append_63) \ - $(am__append_65) $(am__append_67) $(am__append_69) \ - $(am__append_71) $(am__append_73) $(am__append_75) \ - $(am__append_77) $(am__append_79) $(am__append_81) \ - $(am__append_83) $(am__append_85) $(am__append_87) \ - $(am__append_89) $(am__append_91) $(am__append_93) \ - $(am__append_95) $(am__append_97) $(am__append_99) \ - $(am__append_101) $(am__append_103) $(am__append_105) \ - $(am__append_107) $(am__append_109) $(am__append_111) \ - $(am__append_113) $(am__append_115) $(am__append_117) \ - $(am__append_119) $(am__append_121) $(am__append_123) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_19) \ + $(am__append_21) $(am__append_23) $(am__append_25) \ + $(am__append_27) $(am__append_29) $(am__append_31) \ + $(am__append_33) $(am__append_35) $(am__append_37) \ + $(am__append_39) $(am__append_41) $(am__append_43) \ + $(am__append_45) $(am__append_47) $(am__append_49) \ + $(am__append_51) $(am__append_53) $(am__append_55) \ + $(am__append_57) $(am__append_59) $(am__append_61) \ + $(am__append_63) $(am__append_65) $(am__append_67) \ + $(am__append_69) $(am__append_71) $(am__append_73) \ + $(am__append_75) $(am__append_77) $(am__append_79) \ + $(am__append_81) $(am__append_83) $(am__append_85) \ + $(am__append_87) $(am__append_89) $(am__append_91) \ + $(am__append_93) $(am__append_95) $(am__append_97) \ + $(am__append_99) $(am__append_101) $(am__append_103) \ + $(am__append_105) $(am__append_107) $(am__append_109) \ + $(am__append_111) $(am__append_113) $(am__append_115) \ + $(am__append_117) $(am__append_119) $(am__append_121) \ + $(am__append_123) am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \ asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c \ bio/bio_writer.c collections/blocking_queue.c \ @@ -632,6 +640,9 @@ DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \ plugins/chapoly plugins/ctr plugins/ccm plugins/gcm \ plugins/ntru plugins/bliss plugins/test_vectors tests \ plugins/bliss/tests +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \ + $(top_srcdir)/ylwrap settings/settings_lexer.c \ + settings/settings_parser.c settings/settings_parser.h DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -663,6 +674,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -712,6 +724,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -746,6 +759,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -857,6 +871,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -1003,27 +1018,28 @@ settings/settings_types.h @USE_DEV_HEADERS_TRUE@utils/utils/string.h utils/utils/memory.h utils/utils/tty.h utils/utils/path.h \ @USE_DEV_HEADERS_TRUE@utils/utils/status.h utils/utils/object.h utils/utils/time.h utils/utils/align.h -libstrongswan_la_LIBADD = $(DLLIB) $(BTLIB) $(SOCKLIB) $(RTLIB) \ - $(BFDLIB) $(UNWINDLIB) $(am__append_2) $(am__append_4) \ - $(am__append_5) $(am__append_13) $(am__append_15) \ - $(am__append_17) $(am__append_19) $(am__append_21) \ - $(am__append_23) $(am__append_25) $(am__append_27) \ - $(am__append_29) $(am__append_31) $(am__append_33) \ - $(am__append_35) $(am__append_37) $(am__append_39) \ - $(am__append_41) $(am__append_43) $(am__append_45) \ - $(am__append_47) $(am__append_49) $(am__append_51) \ - $(am__append_53) $(am__append_55) $(am__append_57) \ - $(am__append_59) $(am__append_61) $(am__append_63) \ - $(am__append_65) $(am__append_67) $(am__append_69) \ - $(am__append_71) $(am__append_73) $(am__append_75) \ - $(am__append_77) $(am__append_79) $(am__append_81) \ - $(am__append_83) $(am__append_85) $(am__append_87) \ - $(am__append_89) $(am__append_91) $(am__append_93) \ - $(am__append_95) $(am__append_97) $(am__append_99) \ - $(am__append_101) $(am__append_103) $(am__append_105) \ - $(am__append_107) $(am__append_109) $(am__append_111) \ - $(am__append_113) $(am__append_115) $(am__append_117) \ - $(am__append_119) $(am__append_121) $(am__append_123) +libstrongswan_la_LIBADD = $(DLLIB) $(ATOMICLIB) $(BTLIB) $(SOCKLIB) \ + $(RTLIB) $(BFDLIB) $(UNWINDLIB) $(am__append_2) \ + $(am__append_4) $(am__append_5) $(am__append_13) \ + $(am__append_15) $(am__append_17) $(am__append_19) \ + $(am__append_21) $(am__append_23) $(am__append_25) \ + $(am__append_27) $(am__append_29) $(am__append_31) \ + $(am__append_33) $(am__append_35) $(am__append_37) \ + $(am__append_39) $(am__append_41) $(am__append_43) \ + $(am__append_45) $(am__append_47) $(am__append_49) \ + $(am__append_51) $(am__append_53) $(am__append_55) \ + $(am__append_57) $(am__append_59) $(am__append_61) \ + $(am__append_63) $(am__append_65) $(am__append_67) \ + $(am__append_69) $(am__append_71) $(am__append_73) \ + $(am__append_75) $(am__append_77) $(am__append_79) \ + $(am__append_81) $(am__append_83) $(am__append_85) \ + $(am__append_87) $(am__append_89) $(am__append_91) \ + $(am__append_93) $(am__append_95) $(am__append_97) \ + $(am__append_99) $(am__append_101) $(am__append_103) \ + $(am__append_105) $(am__append_107) $(am__append_109) \ + $(am__append_111) $(am__append_113) $(am__append_115) \ + $(am__append_117) $(am__append_119) $(am__append_121) \ + $(am__append_123) AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \ -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_LIB_DIR=\"${ipseclibdir}\" \ -DPLUGINDIR=\"${plugindir}\" \ @@ -1124,7 +1140,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -2322,6 +2337,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES \ uninstall-ipseclibLTLIBRARIES \ uninstall-nobase_strongswan_includeHEADERS +.PRECIOUS: Makefile + library.lo : $(top_builddir)/config.status diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index 628bb99e6..2ee414abf 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -592,15 +592,15 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const c /* * Described in header */ -u_int64_t asn1_parse_integer_uint64(chunk_t blob) +uint64_t asn1_parse_integer_uint64(chunk_t blob) { - u_int64_t val = 0; + uint64_t val = 0; int i; for (i = 0; i < blob.len; i++) { /* if it is longer than 8 bytes, we just use the 8 LSBs */ val <<= 8; - val |= (u_int64_t)blob.ptr[i]; + val |= (uint64_t)blob.ptr[i]; } return val; } diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h index 8ac005610..f0b3e17e8 100644 --- a/src/libstrongswan/asn1/asn1.h +++ b/src/libstrongswan/asn1/asn1.h @@ -172,13 +172,13 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level0, const char* name); /** - * Converts an ASN.1 INTEGER object to an u_int64_t. If the INTEGER is longer + * Converts an ASN.1 INTEGER object to an uint64_t. If the INTEGER is longer * than 8 bytes only the 8 LSBs are returned. * * @param blob body of an ASN.1 coded integer object * @return converted integer */ -u_int64_t asn1_parse_integer_uint64(chunk_t blob); +uint64_t asn1_parse_integer_uint64(chunk_t blob); /** * Print the value of an ASN.1 simple object diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c index ed953d482..c23746e57 100644 --- a/src/libstrongswan/asn1/oid.c +++ b/src/libstrongswan/asn1/oid.c @@ -28,8 +28,8 @@ const oid_t oid_names[] = { { 0x01, 0, 1, 8, "pilotAttributeType" }, /* 15 */ { 0x01, 17, 0, 9, "UID" }, /* 16 */ { 0x19, 0, 0, 9, "DC" }, /* 17 */ - {0x55, 66, 1, 0, "X.500" }, /* 18 */ - { 0x04, 38, 1, 1, "X.509" }, /* 19 */ + {0x55, 67, 1, 0, "X.500" }, /* 18 */ + { 0x04, 39, 1, 1, "X.509" }, /* 19 */ { 0x03, 21, 0, 2, "CN" }, /* 20 */ { 0x04, 22, 0, 2, "S" }, /* 21 */ { 0x05, 23, 0, 2, "SN" }, /* 22 */ @@ -46,447 +46,448 @@ const oid_t oid_names[] = { { 0x2B, 34, 0, 2, "I" }, /* 33 */ { 0x2D, 35, 0, 2, "ID" }, /* 34 */ { 0x2E, 36, 0, 2, "dnQualifier" }, /* 35 */ - { 0x41, 37, 0, 2, "pseudonym" }, /* 36 */ - { 0x48, 0, 0, 2, "role" }, /* 37 */ - { 0x1D, 0, 1, 1, "id-ce" }, /* 38 */ - { 0x09, 40, 0, 2, "subjectDirectoryAttrs" }, /* 39 */ - { 0x0E, 41, 0, 2, "subjectKeyIdentifier" }, /* 40 */ - { 0x0F, 42, 0, 2, "keyUsage" }, /* 41 */ - { 0x10, 43, 0, 2, "privateKeyUsagePeriod" }, /* 42 */ - { 0x11, 44, 0, 2, "subjectAltName" }, /* 43 */ - { 0x12, 45, 0, 2, "issuerAltName" }, /* 44 */ - { 0x13, 46, 0, 2, "basicConstraints" }, /* 45 */ - { 0x14, 47, 0, 2, "crlNumber" }, /* 46 */ - { 0x15, 48, 0, 2, "reasonCode" }, /* 47 */ - { 0x17, 49, 0, 2, "holdInstructionCode" }, /* 48 */ - { 0x18, 50, 0, 2, "invalidityDate" }, /* 49 */ - { 0x1B, 51, 0, 2, "deltaCrlIndicator" }, /* 50 */ - { 0x1C, 52, 0, 2, "issuingDistributionPoint" }, /* 51 */ - { 0x1D, 53, 0, 2, "certificateIssuer" }, /* 52 */ - { 0x1E, 54, 0, 2, "nameConstraints" }, /* 53 */ - { 0x1F, 55, 0, 2, "crlDistributionPoints" }, /* 54 */ - { 0x20, 57, 1, 2, "certificatePolicies" }, /* 55 */ - { 0x00, 0, 0, 3, "anyPolicy" }, /* 56 */ - { 0x21, 58, 0, 2, "policyMappings" }, /* 57 */ - { 0x23, 59, 0, 2, "authorityKeyIdentifier" }, /* 58 */ - { 0x24, 60, 0, 2, "policyConstraints" }, /* 59 */ - { 0x25, 62, 1, 2, "extendedKeyUsage" }, /* 60 */ - { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 61 */ - { 0x2E, 63, 0, 2, "freshestCRL" }, /* 62 */ - { 0x36, 64, 0, 2, "inhibitAnyPolicy" }, /* 63 */ - { 0x37, 65, 0, 2, "targetInformation" }, /* 64 */ - { 0x38, 0, 0, 2, "noRevAvail" }, /* 65 */ - {0x2A, 190, 1, 0, "" }, /* 66 */ - { 0x83, 79, 1, 1, "" }, /* 67 */ - { 0x08, 0, 1, 2, "jp" }, /* 68 */ - { 0x8C, 0, 1, 3, "" }, /* 69 */ - { 0x9A, 0, 1, 4, "" }, /* 70 */ - { 0x4B, 0, 1, 5, "" }, /* 71 */ - { 0x3D, 0, 1, 6, "" }, /* 72 */ - { 0x01, 0, 1, 7, "security" }, /* 73 */ - { 0x01, 0, 1, 8, "algorithm" }, /* 74 */ - { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 75 */ - { 0x02, 77, 0, 10, "camellia128-cbc" }, /* 76 */ - { 0x03, 78, 0, 10, "camellia192-cbc" }, /* 77 */ - { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 78 */ - { 0x86, 0, 1, 1, "" }, /* 79 */ - { 0x48, 0, 1, 2, "us" }, /* 80 */ - { 0x86, 149, 1, 3, "" }, /* 81 */ - { 0xF6, 87, 1, 4, "" }, /* 82 */ - { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 83 */ - { 0x07, 0, 1, 6, "Entrust" }, /* 84 */ - { 0x41, 0, 1, 7, "nsn-ce" }, /* 85 */ - { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 86 */ - { 0xF7, 0, 1, 4, "" }, /* 87 */ - { 0x0D, 0, 1, 5, "RSADSI" }, /* 88 */ - { 0x01, 144, 1, 6, "PKCS" }, /* 89 */ - { 0x01, 102, 1, 7, "PKCS-1" }, /* 90 */ - { 0x01, 92, 0, 8, "rsaEncryption" }, /* 91 */ - { 0x02, 93, 0, 8, "md2WithRSAEncryption" }, /* 92 */ - { 0x04, 94, 0, 8, "md5WithRSAEncryption" }, /* 93 */ - { 0x05, 95, 0, 8, "sha-1WithRSAEncryption" }, /* 94 */ - { 0x07, 96, 0, 8, "id-RSAES-OAEP" }, /* 95 */ - { 0x08, 97, 0, 8, "id-mgf1" }, /* 96 */ - { 0x09, 98, 0, 8, "id-pSpecified" }, /* 97 */ - { 0x0B, 99, 0, 8, "sha256WithRSAEncryption" }, /* 98 */ - { 0x0C, 100, 0, 8, "sha384WithRSAEncryption" }, /* 99 */ - { 0x0D, 101, 0, 8, "sha512WithRSAEncryption" }, /* 100 */ - { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 101 */ - { 0x05, 107, 1, 7, "PKCS-5" }, /* 102 */ - { 0x03, 104, 0, 8, "pbeWithMD5AndDES-CBC" }, /* 103 */ - { 0x0A, 105, 0, 8, "pbeWithSHA1AndDES-CBC" }, /* 104 */ - { 0x0C, 106, 0, 8, "id-PBKDF2" }, /* 105 */ - { 0x0D, 0, 0, 8, "id-PBES2" }, /* 106 */ - { 0x07, 114, 1, 7, "PKCS-7" }, /* 107 */ - { 0x01, 109, 0, 8, "data" }, /* 108 */ - { 0x02, 110, 0, 8, "signedData" }, /* 109 */ - { 0x03, 111, 0, 8, "envelopedData" }, /* 110 */ - { 0x04, 112, 0, 8, "signedAndEnvelopedData" }, /* 111 */ - { 0x05, 113, 0, 8, "digestedData" }, /* 112 */ - { 0x06, 0, 0, 8, "encryptedData" }, /* 113 */ - { 0x09, 128, 1, 7, "PKCS-9" }, /* 114 */ - { 0x01, 116, 0, 8, "E" }, /* 115 */ - { 0x02, 117, 0, 8, "unstructuredName" }, /* 116 */ - { 0x03, 118, 0, 8, "contentType" }, /* 117 */ - { 0x04, 119, 0, 8, "messageDigest" }, /* 118 */ - { 0x05, 120, 0, 8, "signingTime" }, /* 119 */ - { 0x06, 121, 0, 8, "counterSignature" }, /* 120 */ - { 0x07, 122, 0, 8, "challengePassword" }, /* 121 */ - { 0x08, 123, 0, 8, "unstructuredAddress" }, /* 122 */ - { 0x0E, 124, 0, 8, "extensionRequest" }, /* 123 */ - { 0x0F, 125, 0, 8, "S/MIME Capabilities" }, /* 124 */ - { 0x16, 0, 1, 8, "certTypes" }, /* 125 */ - { 0x01, 127, 0, 9, "X.509" }, /* 126 */ - { 0x02, 0, 0, 9, "SDSI" }, /* 127 */ - { 0x0c, 0, 1, 7, "PKCS-12" }, /* 128 */ - { 0x01, 136, 1, 8, "pbeIds" }, /* 129 */ - { 0x01, 131, 0, 9, "pbeWithSHAAnd128BitRC4" }, /* 130 */ - { 0x02, 132, 0, 9, "pbeWithSHAAnd40BitRC4" }, /* 131 */ - { 0x03, 133, 0, 9, "pbeWithSHAAnd3-KeyTripleDES-CBC"}, /* 132 */ - { 0x04, 134, 0, 9, "pbeWithSHAAnd2-KeyTripleDES-CBC"}, /* 133 */ - { 0x05, 135, 0, 9, "pbeWithSHAAnd128BitRC2-CBC" }, /* 134 */ - { 0x06, 0, 0, 9, "pbeWithSHAAnd40BitRC2-CBC" }, /* 135 */ - { 0x0a, 0, 1, 8, "PKCS-12v1" }, /* 136 */ - { 0x01, 0, 1, 9, "bagIds" }, /* 137 */ - { 0x01, 139, 0, 10, "keyBag" }, /* 138 */ - { 0x02, 140, 0, 10, "pkcs8ShroudedKeyBag" }, /* 139 */ - { 0x03, 141, 0, 10, "certBag" }, /* 140 */ - { 0x04, 142, 0, 10, "crlBag" }, /* 141 */ - { 0x05, 143, 0, 10, "secretBag" }, /* 142 */ - { 0x06, 0, 0, 10, "safeContentsBag" }, /* 143 */ - { 0x02, 147, 1, 6, "digestAlgorithm" }, /* 144 */ - { 0x02, 146, 0, 7, "md2" }, /* 145 */ - { 0x05, 0, 0, 7, "md5" }, /* 146 */ - { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 147 */ - { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 148 */ - { 0xCE, 0, 1, 3, "" }, /* 149 */ - { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 150 */ - { 0x02, 153, 1, 5, "id-publicKeyType" }, /* 151 */ - { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 152 */ - { 0x03, 183, 1, 5, "ellipticCurve" }, /* 153 */ - { 0x00, 175, 1, 6, "c-TwoCurve" }, /* 154 */ - { 0x01, 156, 0, 7, "c2pnb163v1" }, /* 155 */ - { 0x02, 157, 0, 7, "c2pnb163v2" }, /* 156 */ - { 0x03, 158, 0, 7, "c2pnb163v3" }, /* 157 */ - { 0x04, 159, 0, 7, "c2pnb176w1" }, /* 158 */ - { 0x05, 160, 0, 7, "c2tnb191v1" }, /* 159 */ - { 0x06, 161, 0, 7, "c2tnb191v2" }, /* 160 */ - { 0x07, 162, 0, 7, "c2tnb191v3" }, /* 161 */ - { 0x08, 163, 0, 7, "c2onb191v4" }, /* 162 */ - { 0x09, 164, 0, 7, "c2onb191v5" }, /* 163 */ - { 0x0A, 165, 0, 7, "c2pnb208w1" }, /* 164 */ - { 0x0B, 166, 0, 7, "c2tnb239v1" }, /* 165 */ - { 0x0C, 167, 0, 7, "c2tnb239v2" }, /* 166 */ - { 0x0D, 168, 0, 7, "c2tnb239v3" }, /* 167 */ - { 0x0E, 169, 0, 7, "c2onb239v4" }, /* 168 */ - { 0x0F, 170, 0, 7, "c2onb239v5" }, /* 169 */ - { 0x10, 171, 0, 7, "c2pnb272w1" }, /* 170 */ - { 0x11, 172, 0, 7, "c2pnb304w1" }, /* 171 */ - { 0x12, 173, 0, 7, "c2tnb359v1" }, /* 172 */ - { 0x13, 174, 0, 7, "c2pnb368w1" }, /* 173 */ - { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 174 */ - { 0x01, 0, 1, 6, "primeCurve" }, /* 175 */ - { 0x01, 177, 0, 7, "prime192v1" }, /* 176 */ - { 0x02, 178, 0, 7, "prime192v2" }, /* 177 */ - { 0x03, 179, 0, 7, "prime192v3" }, /* 178 */ - { 0x04, 180, 0, 7, "prime239v1" }, /* 179 */ - { 0x05, 181, 0, 7, "prime239v2" }, /* 180 */ - { 0x06, 182, 0, 7, "prime239v3" }, /* 181 */ - { 0x07, 0, 0, 7, "prime256v1" }, /* 182 */ - { 0x04, 0, 1, 5, "id-ecSigType" }, /* 183 */ - { 0x01, 185, 0, 6, "ecdsa-with-SHA1" }, /* 184 */ - { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 185 */ - { 0x01, 187, 0, 7, "ecdsa-with-SHA224" }, /* 186 */ - { 0x02, 188, 0, 7, "ecdsa-with-SHA256" }, /* 187 */ - { 0x03, 189, 0, 7, "ecdsa-with-SHA384" }, /* 188 */ - { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 189 */ - {0x2B, 417, 1, 0, "" }, /* 190 */ - { 0x06, 331, 1, 1, "dod" }, /* 191 */ - { 0x01, 0, 1, 2, "internet" }, /* 192 */ - { 0x04, 282, 1, 3, "private" }, /* 193 */ - { 0x01, 0, 1, 4, "enterprise" }, /* 194 */ - { 0x82, 232, 1, 5, "" }, /* 195 */ - { 0x37, 208, 1, 6, "Microsoft" }, /* 196 */ - { 0x0A, 201, 1, 7, "" }, /* 197 */ - { 0x03, 0, 1, 8, "" }, /* 198 */ - { 0x03, 200, 0, 9, "msSGC" }, /* 199 */ - { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 200 */ - { 0x14, 205, 1, 7, "msEnrollmentInfrastructure" }, /* 201 */ - { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 202 */ - { 0x02, 204, 0, 9, "msSmartcardLogon" }, /* 203 */ - { 0x03, 0, 0, 9, "msUPN" }, /* 204 */ - { 0x15, 0, 1, 7, "msCertSrvInfrastructure" }, /* 205 */ - { 0x07, 207, 0, 8, "msCertTemplate" }, /* 206 */ - { 0x0A, 0, 0, 8, "msApplicationCertPolicies" }, /* 207 */ - { 0xA0, 0, 1, 6, "" }, /* 208 */ - { 0x2A, 0, 1, 7, "ITA" }, /* 209 */ - { 0x01, 211, 0, 8, "strongSwan" }, /* 210 */ - { 0x02, 212, 0, 8, "cps" }, /* 211 */ - { 0x03, 213, 0, 8, "e-voting" }, /* 212 */ - { 0x05, 0, 1, 8, "BLISS" }, /* 213 */ - { 0x01, 216, 1, 9, "keyType" }, /* 214 */ - { 0x01, 0, 0, 10, "blissPublicKey" }, /* 215 */ - { 0x02, 225, 1, 9, "parameters" }, /* 216 */ - { 0x01, 218, 0, 10, "BLISS-I" }, /* 217 */ - { 0x02, 219, 0, 10, "BLISS-II" }, /* 218 */ - { 0x03, 220, 0, 10, "BLISS-III" }, /* 219 */ - { 0x04, 221, 0, 10, "BLISS-IV" }, /* 220 */ - { 0x05, 222, 0, 10, "BLISS-B-I" }, /* 221 */ - { 0x06, 223, 0, 10, "BLISS-B-II" }, /* 222 */ - { 0x07, 224, 0, 10, "BLISS-B-III" }, /* 223 */ - { 0x08, 0, 0, 10, "BLISS-B-IV" }, /* 224 */ - { 0x03, 0, 1, 9, "blissSigType" }, /* 225 */ - { 0x01, 227, 0, 10, "BLISS-with-SHA2-512" }, /* 226 */ - { 0x02, 228, 0, 10, "BLISS-with-SHA2-384" }, /* 227 */ - { 0x03, 229, 0, 10, "BLISS-with-SHA2-256" }, /* 228 */ - { 0x04, 230, 0, 10, "BLISS-with-SHA3-512" }, /* 229 */ - { 0x05, 231, 0, 10, "BLISS-with-SHA3-384" }, /* 230 */ - { 0x06, 0, 0, 10, "BLISS-with-SHA3-256" }, /* 231 */ - { 0x89, 239, 1, 5, "" }, /* 232 */ - { 0x31, 0, 1, 6, "" }, /* 233 */ - { 0x01, 0, 1, 7, "" }, /* 234 */ - { 0x01, 0, 1, 8, "" }, /* 235 */ - { 0x02, 0, 1, 9, "" }, /* 236 */ - { 0x02, 0, 1, 10, "" }, /* 237 */ - { 0x4B, 0, 0, 11, "TCGID" }, /* 238 */ - { 0x97, 243, 1, 5, "" }, /* 239 */ - { 0x55, 0, 1, 6, "" }, /* 240 */ - { 0x01, 0, 1, 7, "" }, /* 241 */ - { 0x02, 0, 0, 8, "blowfish-cbc" }, /* 242 */ - { 0xC1, 0, 1, 5, "" }, /* 243 */ - { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 244 */ - { 0x01, 0, 1, 7, "eess" }, /* 245 */ - { 0x01, 0, 1, 8, "eess1" }, /* 246 */ - { 0x01, 251, 1, 9, "eess1-algs" }, /* 247 */ - { 0x01, 249, 0, 10, "ntru-EESS1v1-SVES" }, /* 248 */ - { 0x02, 250, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 249 */ - { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 250 */ - { 0x02, 281, 1, 9, "eess1-params" }, /* 251 */ - { 0x01, 253, 0, 10, "ees251ep1" }, /* 252 */ - { 0x02, 254, 0, 10, "ees347ep1" }, /* 253 */ - { 0x03, 255, 0, 10, "ees503ep1" }, /* 254 */ - { 0x07, 256, 0, 10, "ees251sp2" }, /* 255 */ - { 0x0C, 257, 0, 10, "ees251ep4" }, /* 256 */ - { 0x0D, 258, 0, 10, "ees251ep5" }, /* 257 */ - { 0x0E, 259, 0, 10, "ees251sp3" }, /* 258 */ - { 0x0F, 260, 0, 10, "ees251sp4" }, /* 259 */ - { 0x10, 261, 0, 10, "ees251sp5" }, /* 260 */ - { 0x11, 262, 0, 10, "ees251sp6" }, /* 261 */ - { 0x12, 263, 0, 10, "ees251sp7" }, /* 262 */ - { 0x13, 264, 0, 10, "ees251sp8" }, /* 263 */ - { 0x14, 265, 0, 10, "ees251sp9" }, /* 264 */ - { 0x22, 266, 0, 10, "ees401ep1" }, /* 265 */ - { 0x23, 267, 0, 10, "ees449ep1" }, /* 266 */ - { 0x24, 268, 0, 10, "ees677ep1" }, /* 267 */ - { 0x25, 269, 0, 10, "ees1087ep2" }, /* 268 */ - { 0x26, 270, 0, 10, "ees541ep1" }, /* 269 */ - { 0x27, 271, 0, 10, "ees613ep1" }, /* 270 */ - { 0x28, 272, 0, 10, "ees887ep1" }, /* 271 */ - { 0x29, 273, 0, 10, "ees1171ep1" }, /* 272 */ - { 0x2A, 274, 0, 10, "ees659ep1" }, /* 273 */ - { 0x2B, 275, 0, 10, "ees761ep1" }, /* 274 */ - { 0x2C, 276, 0, 10, "ees1087ep1" }, /* 275 */ - { 0x2D, 277, 0, 10, "ees1499ep1" }, /* 276 */ - { 0x2E, 278, 0, 10, "ees401ep2" }, /* 277 */ - { 0x2F, 279, 0, 10, "ees439ep1" }, /* 278 */ - { 0x30, 280, 0, 10, "ees593ep1" }, /* 279 */ - { 0x31, 0, 0, 10, "ees743ep1" }, /* 280 */ - { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 281 */ - { 0x05, 0, 1, 3, "security" }, /* 282 */ - { 0x05, 0, 1, 4, "mechanisms" }, /* 283 */ - { 0x07, 328, 1, 5, "id-pkix" }, /* 284 */ - { 0x01, 289, 1, 6, "id-pe" }, /* 285 */ - { 0x01, 287, 0, 7, "authorityInfoAccess" }, /* 286 */ - { 0x03, 288, 0, 7, "qcStatements" }, /* 287 */ - { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 288 */ - { 0x02, 292, 1, 6, "id-qt" }, /* 289 */ - { 0x01, 291, 0, 7, "cps" }, /* 290 */ - { 0x02, 0, 0, 7, "unotice" }, /* 291 */ - { 0x03, 302, 1, 6, "id-kp" }, /* 292 */ - { 0x01, 294, 0, 7, "serverAuth" }, /* 293 */ - { 0x02, 295, 0, 7, "clientAuth" }, /* 294 */ - { 0x03, 296, 0, 7, "codeSigning" }, /* 295 */ - { 0x04, 297, 0, 7, "emailProtection" }, /* 296 */ - { 0x05, 298, 0, 7, "ipsecEndSystem" }, /* 297 */ - { 0x06, 299, 0, 7, "ipsecTunnel" }, /* 298 */ - { 0x07, 300, 0, 7, "ipsecUser" }, /* 299 */ - { 0x08, 301, 0, 7, "timeStamping" }, /* 300 */ - { 0x09, 0, 0, 7, "ocspSigning" }, /* 301 */ - { 0x08, 310, 1, 6, "id-otherNames" }, /* 302 */ - { 0x01, 304, 0, 7, "personalData" }, /* 303 */ - { 0x02, 305, 0, 7, "userGroup" }, /* 304 */ - { 0x03, 306, 0, 7, "id-on-permanentIdentifier" }, /* 305 */ - { 0x04, 307, 0, 7, "id-on-hardwareModuleName" }, /* 306 */ - { 0x05, 308, 0, 7, "xmppAddr" }, /* 307 */ - { 0x06, 309, 0, 7, "id-on-SIM" }, /* 308 */ - { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 309 */ - { 0x0A, 315, 1, 6, "id-aca" }, /* 310 */ - { 0x01, 312, 0, 7, "authenticationInfo" }, /* 311 */ - { 0x02, 313, 0, 7, "accessIdentity" }, /* 312 */ - { 0x03, 314, 0, 7, "chargingIdentity" }, /* 313 */ - { 0x04, 0, 0, 7, "group" }, /* 314 */ - { 0x0B, 316, 0, 6, "subjectInfoAccess" }, /* 315 */ - { 0x30, 0, 1, 6, "id-ad" }, /* 316 */ - { 0x01, 325, 1, 7, "ocsp" }, /* 317 */ - { 0x01, 319, 0, 8, "basic" }, /* 318 */ - { 0x02, 320, 0, 8, "nonce" }, /* 319 */ - { 0x03, 321, 0, 8, "crl" }, /* 320 */ - { 0x04, 322, 0, 8, "response" }, /* 321 */ - { 0x05, 323, 0, 8, "noCheck" }, /* 322 */ - { 0x06, 324, 0, 8, "archiveCutoff" }, /* 323 */ - { 0x07, 0, 0, 8, "serviceLocator" }, /* 324 */ - { 0x02, 326, 0, 7, "caIssuers" }, /* 325 */ - { 0x03, 327, 0, 7, "timeStamping" }, /* 326 */ - { 0x05, 0, 0, 7, "caRepository" }, /* 327 */ - { 0x08, 0, 1, 5, "ipsec" }, /* 328 */ - { 0x02, 0, 1, 6, "certificate" }, /* 329 */ - { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 330 */ - { 0x0E, 337, 1, 1, "oiw" }, /* 331 */ - { 0x03, 0, 1, 2, "secsig" }, /* 332 */ - { 0x02, 0, 1, 3, "algorithms" }, /* 333 */ - { 0x07, 335, 0, 4, "des-cbc" }, /* 334 */ - { 0x1A, 336, 0, 4, "sha-1" }, /* 335 */ - { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 336 */ - { 0x24, 383, 1, 1, "TeleTrusT" }, /* 337 */ - { 0x03, 0, 1, 2, "algorithm" }, /* 338 */ - { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 339 */ - { 0x01, 344, 1, 4, "rsaSignature" }, /* 340 */ - { 0x02, 342, 0, 5, "rsaSigWithripemd160" }, /* 341 */ - { 0x03, 343, 0, 5, "rsaSigWithripemd128" }, /* 342 */ - { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 343 */ - { 0x02, 0, 1, 4, "ecSign" }, /* 344 */ - { 0x01, 346, 0, 5, "ecSignWithsha1" }, /* 345 */ - { 0x02, 347, 0, 5, "ecSignWithripemd160" }, /* 346 */ - { 0x03, 348, 0, 5, "ecSignWithmd2" }, /* 347 */ - { 0x04, 349, 0, 5, "ecSignWithmd5" }, /* 348 */ - { 0x05, 366, 1, 5, "ttt-ecg" }, /* 349 */ - { 0x01, 354, 1, 6, "fieldType" }, /* 350 */ - { 0x01, 0, 1, 7, "characteristictwoField" }, /* 351 */ - { 0x01, 0, 1, 8, "basisType" }, /* 352 */ - { 0x01, 0, 0, 9, "ipBasis" }, /* 353 */ - { 0x02, 356, 1, 6, "keyType" }, /* 354 */ - { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 355 */ - { 0x03, 357, 0, 6, "curve" }, /* 356 */ - { 0x04, 364, 1, 6, "signatures" }, /* 357 */ - { 0x01, 359, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 358 */ - { 0x02, 360, 0, 7, "ecgdsa-with-SHA1" }, /* 359 */ - { 0x03, 361, 0, 7, "ecgdsa-with-SHA224" }, /* 360 */ - { 0x04, 362, 0, 7, "ecgdsa-with-SHA256" }, /* 361 */ - { 0x05, 363, 0, 7, "ecgdsa-with-SHA384" }, /* 362 */ - { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 363 */ - { 0x05, 0, 1, 6, "module" }, /* 364 */ - { 0x01, 0, 0, 7, "1" }, /* 365 */ - { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 366 */ - { 0x01, 0, 1, 6, "ellipticCurve" }, /* 367 */ - { 0x01, 0, 1, 7, "versionOne" }, /* 368 */ - { 0x01, 370, 0, 8, "brainpoolP160r1" }, /* 369 */ - { 0x02, 371, 0, 8, "brainpoolP160t1" }, /* 370 */ - { 0x03, 372, 0, 8, "brainpoolP192r1" }, /* 371 */ - { 0x04, 373, 0, 8, "brainpoolP192t1" }, /* 372 */ - { 0x05, 374, 0, 8, "brainpoolP224r1" }, /* 373 */ - { 0x06, 375, 0, 8, "brainpoolP224t1" }, /* 374 */ - { 0x07, 376, 0, 8, "brainpoolP256r1" }, /* 375 */ - { 0x08, 377, 0, 8, "brainpoolP256t1" }, /* 376 */ - { 0x09, 378, 0, 8, "brainpoolP320r1" }, /* 377 */ - { 0x0A, 379, 0, 8, "brainpoolP320t1" }, /* 378 */ - { 0x0B, 380, 0, 8, "brainpoolP384r1" }, /* 379 */ - { 0x0C, 381, 0, 8, "brainpoolP384t1" }, /* 380 */ - { 0x0D, 382, 0, 8, "brainpoolP512r1" }, /* 381 */ - { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 382 */ - { 0x81, 0, 1, 1, "" }, /* 383 */ - { 0x04, 0, 1, 2, "Certicom" }, /* 384 */ - { 0x00, 0, 1, 3, "curve" }, /* 385 */ - { 0x01, 387, 0, 4, "sect163k1" }, /* 386 */ - { 0x02, 388, 0, 4, "sect163r1" }, /* 387 */ - { 0x03, 389, 0, 4, "sect239k1" }, /* 388 */ - { 0x04, 390, 0, 4, "sect113r1" }, /* 389 */ - { 0x05, 391, 0, 4, "sect113r2" }, /* 390 */ - { 0x06, 392, 0, 4, "secp112r1" }, /* 391 */ - { 0x07, 393, 0, 4, "secp112r2" }, /* 392 */ - { 0x08, 394, 0, 4, "secp160r1" }, /* 393 */ - { 0x09, 395, 0, 4, "secp160k1" }, /* 394 */ - { 0x0A, 396, 0, 4, "secp256k1" }, /* 395 */ - { 0x0F, 397, 0, 4, "sect163r2" }, /* 396 */ - { 0x10, 398, 0, 4, "sect283k1" }, /* 397 */ - { 0x11, 399, 0, 4, "sect283r1" }, /* 398 */ - { 0x16, 400, 0, 4, "sect131r1" }, /* 399 */ - { 0x17, 401, 0, 4, "sect131r2" }, /* 400 */ - { 0x18, 402, 0, 4, "sect193r1" }, /* 401 */ - { 0x19, 403, 0, 4, "sect193r2" }, /* 402 */ - { 0x1A, 404, 0, 4, "sect233k1" }, /* 403 */ - { 0x1B, 405, 0, 4, "sect233r1" }, /* 404 */ - { 0x1C, 406, 0, 4, "secp128r1" }, /* 405 */ - { 0x1D, 407, 0, 4, "secp128r2" }, /* 406 */ - { 0x1E, 408, 0, 4, "secp160r2" }, /* 407 */ - { 0x1F, 409, 0, 4, "secp192k1" }, /* 408 */ - { 0x20, 410, 0, 4, "secp224k1" }, /* 409 */ - { 0x21, 411, 0, 4, "secp224r1" }, /* 410 */ - { 0x22, 412, 0, 4, "secp384r1" }, /* 411 */ - { 0x23, 413, 0, 4, "secp521r1" }, /* 412 */ - { 0x24, 414, 0, 4, "sect409k1" }, /* 413 */ - { 0x25, 415, 0, 4, "sect409r1" }, /* 414 */ - { 0x26, 416, 0, 4, "sect571k1" }, /* 415 */ - { 0x27, 0, 0, 4, "sect571r1" }, /* 416 */ - {0x60, 471, 1, 0, "" }, /* 417 */ - { 0x86, 0, 1, 1, "" }, /* 418 */ - { 0x48, 0, 1, 2, "" }, /* 419 */ - { 0x01, 0, 1, 3, "organization" }, /* 420 */ - { 0x65, 447, 1, 4, "gov" }, /* 421 */ - { 0x03, 0, 1, 5, "csor" }, /* 422 */ - { 0x04, 0, 1, 6, "nistalgorithm" }, /* 423 */ - { 0x01, 434, 1, 7, "aes" }, /* 424 */ - { 0x02, 426, 0, 8, "id-aes128-CBC" }, /* 425 */ - { 0x06, 427, 0, 8, "id-aes128-GCM" }, /* 426 */ - { 0x07, 428, 0, 8, "id-aes128-CCM" }, /* 427 */ - { 0x16, 429, 0, 8, "id-aes192-CBC" }, /* 428 */ - { 0x1A, 430, 0, 8, "id-aes192-GCM" }, /* 429 */ - { 0x1B, 431, 0, 8, "id-aes192-CCM" }, /* 430 */ - { 0x2A, 432, 0, 8, "id-aes256-CBC" }, /* 431 */ - { 0x2E, 433, 0, 8, "id-aes256-GCM" }, /* 432 */ - { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 433 */ - { 0x02, 0, 1, 7, "hashalgs" }, /* 434 */ - { 0x01, 436, 0, 8, "id-sha256" }, /* 435 */ - { 0x02, 437, 0, 8, "id-sha384" }, /* 436 */ - { 0x03, 438, 0, 8, "id-sha512" }, /* 437 */ - { 0x04, 439, 0, 8, "id-sha224" }, /* 438 */ - { 0x05, 440, 0, 8, "id-sha512-224" }, /* 439 */ - { 0x06, 441, 0, 8, "id-sha512-256" }, /* 440 */ - { 0x07, 442, 0, 8, "id-sha3-224" }, /* 441 */ - { 0x08, 443, 0, 8, "id-sha3-256" }, /* 442 */ - { 0x09, 444, 0, 8, "id-sha3-384" }, /* 443 */ - { 0x0A, 445, 0, 8, "id-sha3-512" }, /* 444 */ - { 0x0B, 446, 0, 8, "id-shake128" }, /* 445 */ - { 0x0C, 0, 0, 8, "id-shake256" }, /* 446 */ - { 0x86, 0, 1, 4, "" }, /* 447 */ - { 0xf8, 0, 1, 5, "" }, /* 448 */ - { 0x42, 461, 1, 6, "netscape" }, /* 449 */ - { 0x01, 456, 1, 7, "" }, /* 450 */ - { 0x01, 452, 0, 8, "nsCertType" }, /* 451 */ - { 0x03, 453, 0, 8, "nsRevocationUrl" }, /* 452 */ - { 0x04, 454, 0, 8, "nsCaRevocationUrl" }, /* 453 */ - { 0x08, 455, 0, 8, "nsCaPolicyUrl" }, /* 454 */ - { 0x0d, 0, 0, 8, "nsComment" }, /* 455 */ - { 0x03, 459, 1, 7, "directory" }, /* 456 */ - { 0x01, 0, 1, 8, "" }, /* 457 */ - { 0x03, 0, 0, 9, "employeeNumber" }, /* 458 */ - { 0x04, 0, 1, 7, "policy" }, /* 459 */ - { 0x01, 0, 0, 8, "nsSGC" }, /* 460 */ - { 0x45, 0, 1, 6, "verisign" }, /* 461 */ - { 0x01, 0, 1, 7, "pki" }, /* 462 */ - { 0x09, 0, 1, 8, "attributes" }, /* 463 */ - { 0x02, 465, 0, 9, "messageType" }, /* 464 */ - { 0x03, 466, 0, 9, "pkiStatus" }, /* 465 */ - { 0x04, 467, 0, 9, "failInfo" }, /* 466 */ - { 0x05, 468, 0, 9, "senderNonce" }, /* 467 */ - { 0x06, 469, 0, 9, "recipientNonce" }, /* 468 */ - { 0x07, 470, 0, 9, "transID" }, /* 469 */ - { 0x08, 0, 0, 9, "extensionReq" }, /* 470 */ - {0x67, 0, 1, 0, "" }, /* 471 */ - { 0x81, 0, 1, 1, "" }, /* 472 */ - { 0x05, 0, 1, 2, "" }, /* 473 */ - { 0x02, 0, 1, 3, "tcg-attribute" }, /* 474 */ - { 0x01, 476, 0, 4, "tcg-at-tpmManufacturer" }, /* 475 */ - { 0x02, 477, 0, 4, "tcg-at-tpmModel" }, /* 476 */ - { 0x03, 478, 0, 4, "tcg-at-tpmVersion" }, /* 477 */ - { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 478 */ + { 0x36, 37, 0, 2, "dmdName" }, /* 36 */ + { 0x41, 38, 0, 2, "pseudonym" }, /* 37 */ + { 0x48, 0, 0, 2, "role" }, /* 38 */ + { 0x1D, 0, 1, 1, "id-ce" }, /* 39 */ + { 0x09, 41, 0, 2, "subjectDirectoryAttrs" }, /* 40 */ + { 0x0E, 42, 0, 2, "subjectKeyIdentifier" }, /* 41 */ + { 0x0F, 43, 0, 2, "keyUsage" }, /* 42 */ + { 0x10, 44, 0, 2, "privateKeyUsagePeriod" }, /* 43 */ + { 0x11, 45, 0, 2, "subjectAltName" }, /* 44 */ + { 0x12, 46, 0, 2, "issuerAltName" }, /* 45 */ + { 0x13, 47, 0, 2, "basicConstraints" }, /* 46 */ + { 0x14, 48, 0, 2, "crlNumber" }, /* 47 */ + { 0x15, 49, 0, 2, "reasonCode" }, /* 48 */ + { 0x17, 50, 0, 2, "holdInstructionCode" }, /* 49 */ + { 0x18, 51, 0, 2, "invalidityDate" }, /* 50 */ + { 0x1B, 52, 0, 2, "deltaCrlIndicator" }, /* 51 */ + { 0x1C, 53, 0, 2, "issuingDistributionPoint" }, /* 52 */ + { 0x1D, 54, 0, 2, "certificateIssuer" }, /* 53 */ + { 0x1E, 55, 0, 2, "nameConstraints" }, /* 54 */ + { 0x1F, 56, 0, 2, "crlDistributionPoints" }, /* 55 */ + { 0x20, 58, 1, 2, "certificatePolicies" }, /* 56 */ + { 0x00, 0, 0, 3, "anyPolicy" }, /* 57 */ + { 0x21, 59, 0, 2, "policyMappings" }, /* 58 */ + { 0x23, 60, 0, 2, "authorityKeyIdentifier" }, /* 59 */ + { 0x24, 61, 0, 2, "policyConstraints" }, /* 60 */ + { 0x25, 63, 1, 2, "extendedKeyUsage" }, /* 61 */ + { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 62 */ + { 0x2E, 64, 0, 2, "freshestCRL" }, /* 63 */ + { 0x36, 65, 0, 2, "inhibitAnyPolicy" }, /* 64 */ + { 0x37, 66, 0, 2, "targetInformation" }, /* 65 */ + { 0x38, 0, 0, 2, "noRevAvail" }, /* 66 */ + {0x2A, 191, 1, 0, "" }, /* 67 */ + { 0x83, 80, 1, 1, "" }, /* 68 */ + { 0x08, 0, 1, 2, "jp" }, /* 69 */ + { 0x8C, 0, 1, 3, "" }, /* 70 */ + { 0x9A, 0, 1, 4, "" }, /* 71 */ + { 0x4B, 0, 1, 5, "" }, /* 72 */ + { 0x3D, 0, 1, 6, "" }, /* 73 */ + { 0x01, 0, 1, 7, "security" }, /* 74 */ + { 0x01, 0, 1, 8, "algorithm" }, /* 75 */ + { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 76 */ + { 0x02, 78, 0, 10, "camellia128-cbc" }, /* 77 */ + { 0x03, 79, 0, 10, "camellia192-cbc" }, /* 78 */ + { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 79 */ + { 0x86, 0, 1, 1, "" }, /* 80 */ + { 0x48, 0, 1, 2, "us" }, /* 81 */ + { 0x86, 150, 1, 3, "" }, /* 82 */ + { 0xF6, 88, 1, 4, "" }, /* 83 */ + { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 84 */ + { 0x07, 0, 1, 6, "Entrust" }, /* 85 */ + { 0x41, 0, 1, 7, "nsn-ce" }, /* 86 */ + { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 87 */ + { 0xF7, 0, 1, 4, "" }, /* 88 */ + { 0x0D, 0, 1, 5, "RSADSI" }, /* 89 */ + { 0x01, 145, 1, 6, "PKCS" }, /* 90 */ + { 0x01, 103, 1, 7, "PKCS-1" }, /* 91 */ + { 0x01, 93, 0, 8, "rsaEncryption" }, /* 92 */ + { 0x02, 94, 0, 8, "md2WithRSAEncryption" }, /* 93 */ + { 0x04, 95, 0, 8, "md5WithRSAEncryption" }, /* 94 */ + { 0x05, 96, 0, 8, "sha-1WithRSAEncryption" }, /* 95 */ + { 0x07, 97, 0, 8, "id-RSAES-OAEP" }, /* 96 */ + { 0x08, 98, 0, 8, "id-mgf1" }, /* 97 */ + { 0x09, 99, 0, 8, "id-pSpecified" }, /* 98 */ + { 0x0B, 100, 0, 8, "sha256WithRSAEncryption" }, /* 99 */ + { 0x0C, 101, 0, 8, "sha384WithRSAEncryption" }, /* 100 */ + { 0x0D, 102, 0, 8, "sha512WithRSAEncryption" }, /* 101 */ + { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 102 */ + { 0x05, 108, 1, 7, "PKCS-5" }, /* 103 */ + { 0x03, 105, 0, 8, "pbeWithMD5AndDES-CBC" }, /* 104 */ + { 0x0A, 106, 0, 8, "pbeWithSHA1AndDES-CBC" }, /* 105 */ + { 0x0C, 107, 0, 8, "id-PBKDF2" }, /* 106 */ + { 0x0D, 0, 0, 8, "id-PBES2" }, /* 107 */ + { 0x07, 115, 1, 7, "PKCS-7" }, /* 108 */ + { 0x01, 110, 0, 8, "data" }, /* 109 */ + { 0x02, 111, 0, 8, "signedData" }, /* 110 */ + { 0x03, 112, 0, 8, "envelopedData" }, /* 111 */ + { 0x04, 113, 0, 8, "signedAndEnvelopedData" }, /* 112 */ + { 0x05, 114, 0, 8, "digestedData" }, /* 113 */ + { 0x06, 0, 0, 8, "encryptedData" }, /* 114 */ + { 0x09, 129, 1, 7, "PKCS-9" }, /* 115 */ + { 0x01, 117, 0, 8, "E" }, /* 116 */ + { 0x02, 118, 0, 8, "unstructuredName" }, /* 117 */ + { 0x03, 119, 0, 8, "contentType" }, /* 118 */ + { 0x04, 120, 0, 8, "messageDigest" }, /* 119 */ + { 0x05, 121, 0, 8, "signingTime" }, /* 120 */ + { 0x06, 122, 0, 8, "counterSignature" }, /* 121 */ + { 0x07, 123, 0, 8, "challengePassword" }, /* 122 */ + { 0x08, 124, 0, 8, "unstructuredAddress" }, /* 123 */ + { 0x0E, 125, 0, 8, "extensionRequest" }, /* 124 */ + { 0x0F, 126, 0, 8, "S/MIME Capabilities" }, /* 125 */ + { 0x16, 0, 1, 8, "certTypes" }, /* 126 */ + { 0x01, 128, 0, 9, "X.509" }, /* 127 */ + { 0x02, 0, 0, 9, "SDSI" }, /* 128 */ + { 0x0c, 0, 1, 7, "PKCS-12" }, /* 129 */ + { 0x01, 137, 1, 8, "pbeIds" }, /* 130 */ + { 0x01, 132, 0, 9, "pbeWithSHAAnd128BitRC4" }, /* 131 */ + { 0x02, 133, 0, 9, "pbeWithSHAAnd40BitRC4" }, /* 132 */ + { 0x03, 134, 0, 9, "pbeWithSHAAnd3-KeyTripleDES-CBC"}, /* 133 */ + { 0x04, 135, 0, 9, "pbeWithSHAAnd2-KeyTripleDES-CBC"}, /* 134 */ + { 0x05, 136, 0, 9, "pbeWithSHAAnd128BitRC2-CBC" }, /* 135 */ + { 0x06, 0, 0, 9, "pbeWithSHAAnd40BitRC2-CBC" }, /* 136 */ + { 0x0a, 0, 1, 8, "PKCS-12v1" }, /* 137 */ + { 0x01, 0, 1, 9, "bagIds" }, /* 138 */ + { 0x01, 140, 0, 10, "keyBag" }, /* 139 */ + { 0x02, 141, 0, 10, "pkcs8ShroudedKeyBag" }, /* 140 */ + { 0x03, 142, 0, 10, "certBag" }, /* 141 */ + { 0x04, 143, 0, 10, "crlBag" }, /* 142 */ + { 0x05, 144, 0, 10, "secretBag" }, /* 143 */ + { 0x06, 0, 0, 10, "safeContentsBag" }, /* 144 */ + { 0x02, 148, 1, 6, "digestAlgorithm" }, /* 145 */ + { 0x02, 147, 0, 7, "md2" }, /* 146 */ + { 0x05, 0, 0, 7, "md5" }, /* 147 */ + { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 148 */ + { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 149 */ + { 0xCE, 0, 1, 3, "" }, /* 150 */ + { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 151 */ + { 0x02, 154, 1, 5, "id-publicKeyType" }, /* 152 */ + { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 153 */ + { 0x03, 184, 1, 5, "ellipticCurve" }, /* 154 */ + { 0x00, 176, 1, 6, "c-TwoCurve" }, /* 155 */ + { 0x01, 157, 0, 7, "c2pnb163v1" }, /* 156 */ + { 0x02, 158, 0, 7, "c2pnb163v2" }, /* 157 */ + { 0x03, 159, 0, 7, "c2pnb163v3" }, /* 158 */ + { 0x04, 160, 0, 7, "c2pnb176w1" }, /* 159 */ + { 0x05, 161, 0, 7, "c2tnb191v1" }, /* 160 */ + { 0x06, 162, 0, 7, "c2tnb191v2" }, /* 161 */ + { 0x07, 163, 0, 7, "c2tnb191v3" }, /* 162 */ + { 0x08, 164, 0, 7, "c2onb191v4" }, /* 163 */ + { 0x09, 165, 0, 7, "c2onb191v5" }, /* 164 */ + { 0x0A, 166, 0, 7, "c2pnb208w1" }, /* 165 */ + { 0x0B, 167, 0, 7, "c2tnb239v1" }, /* 166 */ + { 0x0C, 168, 0, 7, "c2tnb239v2" }, /* 167 */ + { 0x0D, 169, 0, 7, "c2tnb239v3" }, /* 168 */ + { 0x0E, 170, 0, 7, "c2onb239v4" }, /* 169 */ + { 0x0F, 171, 0, 7, "c2onb239v5" }, /* 170 */ + { 0x10, 172, 0, 7, "c2pnb272w1" }, /* 171 */ + { 0x11, 173, 0, 7, "c2pnb304w1" }, /* 172 */ + { 0x12, 174, 0, 7, "c2tnb359v1" }, /* 173 */ + { 0x13, 175, 0, 7, "c2pnb368w1" }, /* 174 */ + { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 175 */ + { 0x01, 0, 1, 6, "primeCurve" }, /* 176 */ + { 0x01, 178, 0, 7, "prime192v1" }, /* 177 */ + { 0x02, 179, 0, 7, "prime192v2" }, /* 178 */ + { 0x03, 180, 0, 7, "prime192v3" }, /* 179 */ + { 0x04, 181, 0, 7, "prime239v1" }, /* 180 */ + { 0x05, 182, 0, 7, "prime239v2" }, /* 181 */ + { 0x06, 183, 0, 7, "prime239v3" }, /* 182 */ + { 0x07, 0, 0, 7, "prime256v1" }, /* 183 */ + { 0x04, 0, 1, 5, "id-ecSigType" }, /* 184 */ + { 0x01, 186, 0, 6, "ecdsa-with-SHA1" }, /* 185 */ + { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 186 */ + { 0x01, 188, 0, 7, "ecdsa-with-SHA224" }, /* 187 */ + { 0x02, 189, 0, 7, "ecdsa-with-SHA256" }, /* 188 */ + { 0x03, 190, 0, 7, "ecdsa-with-SHA384" }, /* 189 */ + { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 190 */ + {0x2B, 418, 1, 0, "" }, /* 191 */ + { 0x06, 332, 1, 1, "dod" }, /* 192 */ + { 0x01, 0, 1, 2, "internet" }, /* 193 */ + { 0x04, 283, 1, 3, "private" }, /* 194 */ + { 0x01, 0, 1, 4, "enterprise" }, /* 195 */ + { 0x82, 233, 1, 5, "" }, /* 196 */ + { 0x37, 209, 1, 6, "Microsoft" }, /* 197 */ + { 0x0A, 202, 1, 7, "" }, /* 198 */ + { 0x03, 0, 1, 8, "" }, /* 199 */ + { 0x03, 201, 0, 9, "msSGC" }, /* 200 */ + { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 201 */ + { 0x14, 206, 1, 7, "msEnrollmentInfrastructure" }, /* 202 */ + { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 203 */ + { 0x02, 205, 0, 9, "msSmartcardLogon" }, /* 204 */ + { 0x03, 0, 0, 9, "msUPN" }, /* 205 */ + { 0x15, 0, 1, 7, "msCertSrvInfrastructure" }, /* 206 */ + { 0x07, 208, 0, 8, "msCertTemplate" }, /* 207 */ + { 0x0A, 0, 0, 8, "msApplicationCertPolicies" }, /* 208 */ + { 0xA0, 0, 1, 6, "" }, /* 209 */ + { 0x2A, 0, 1, 7, "ITA" }, /* 210 */ + { 0x01, 212, 0, 8, "strongSwan" }, /* 211 */ + { 0x02, 213, 0, 8, "cps" }, /* 212 */ + { 0x03, 214, 0, 8, "e-voting" }, /* 213 */ + { 0x05, 0, 1, 8, "BLISS" }, /* 214 */ + { 0x01, 217, 1, 9, "keyType" }, /* 215 */ + { 0x01, 0, 0, 10, "blissPublicKey" }, /* 216 */ + { 0x02, 226, 1, 9, "parameters" }, /* 217 */ + { 0x01, 219, 0, 10, "BLISS-I" }, /* 218 */ + { 0x02, 220, 0, 10, "BLISS-II" }, /* 219 */ + { 0x03, 221, 0, 10, "BLISS-III" }, /* 220 */ + { 0x04, 222, 0, 10, "BLISS-IV" }, /* 221 */ + { 0x05, 223, 0, 10, "BLISS-B-I" }, /* 222 */ + { 0x06, 224, 0, 10, "BLISS-B-II" }, /* 223 */ + { 0x07, 225, 0, 10, "BLISS-B-III" }, /* 224 */ + { 0x08, 0, 0, 10, "BLISS-B-IV" }, /* 225 */ + { 0x03, 0, 1, 9, "blissSigType" }, /* 226 */ + { 0x01, 228, 0, 10, "BLISS-with-SHA2-512" }, /* 227 */ + { 0x02, 229, 0, 10, "BLISS-with-SHA2-384" }, /* 228 */ + { 0x03, 230, 0, 10, "BLISS-with-SHA2-256" }, /* 229 */ + { 0x04, 231, 0, 10, "BLISS-with-SHA3-512" }, /* 230 */ + { 0x05, 232, 0, 10, "BLISS-with-SHA3-384" }, /* 231 */ + { 0x06, 0, 0, 10, "BLISS-with-SHA3-256" }, /* 232 */ + { 0x89, 240, 1, 5, "" }, /* 233 */ + { 0x31, 0, 1, 6, "" }, /* 234 */ + { 0x01, 0, 1, 7, "" }, /* 235 */ + { 0x01, 0, 1, 8, "" }, /* 236 */ + { 0x02, 0, 1, 9, "" }, /* 237 */ + { 0x02, 0, 1, 10, "" }, /* 238 */ + { 0x4B, 0, 0, 11, "TCGID" }, /* 239 */ + { 0x97, 244, 1, 5, "" }, /* 240 */ + { 0x55, 0, 1, 6, "" }, /* 241 */ + { 0x01, 0, 1, 7, "" }, /* 242 */ + { 0x02, 0, 0, 8, "blowfish-cbc" }, /* 243 */ + { 0xC1, 0, 1, 5, "" }, /* 244 */ + { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 245 */ + { 0x01, 0, 1, 7, "eess" }, /* 246 */ + { 0x01, 0, 1, 8, "eess1" }, /* 247 */ + { 0x01, 252, 1, 9, "eess1-algs" }, /* 248 */ + { 0x01, 250, 0, 10, "ntru-EESS1v1-SVES" }, /* 249 */ + { 0x02, 251, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 250 */ + { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 251 */ + { 0x02, 282, 1, 9, "eess1-params" }, /* 252 */ + { 0x01, 254, 0, 10, "ees251ep1" }, /* 253 */ + { 0x02, 255, 0, 10, "ees347ep1" }, /* 254 */ + { 0x03, 256, 0, 10, "ees503ep1" }, /* 255 */ + { 0x07, 257, 0, 10, "ees251sp2" }, /* 256 */ + { 0x0C, 258, 0, 10, "ees251ep4" }, /* 257 */ + { 0x0D, 259, 0, 10, "ees251ep5" }, /* 258 */ + { 0x0E, 260, 0, 10, "ees251sp3" }, /* 259 */ + { 0x0F, 261, 0, 10, "ees251sp4" }, /* 260 */ + { 0x10, 262, 0, 10, "ees251sp5" }, /* 261 */ + { 0x11, 263, 0, 10, "ees251sp6" }, /* 262 */ + { 0x12, 264, 0, 10, "ees251sp7" }, /* 263 */ + { 0x13, 265, 0, 10, "ees251sp8" }, /* 264 */ + { 0x14, 266, 0, 10, "ees251sp9" }, /* 265 */ + { 0x22, 267, 0, 10, "ees401ep1" }, /* 266 */ + { 0x23, 268, 0, 10, "ees449ep1" }, /* 267 */ + { 0x24, 269, 0, 10, "ees677ep1" }, /* 268 */ + { 0x25, 270, 0, 10, "ees1087ep2" }, /* 269 */ + { 0x26, 271, 0, 10, "ees541ep1" }, /* 270 */ + { 0x27, 272, 0, 10, "ees613ep1" }, /* 271 */ + { 0x28, 273, 0, 10, "ees887ep1" }, /* 272 */ + { 0x29, 274, 0, 10, "ees1171ep1" }, /* 273 */ + { 0x2A, 275, 0, 10, "ees659ep1" }, /* 274 */ + { 0x2B, 276, 0, 10, "ees761ep1" }, /* 275 */ + { 0x2C, 277, 0, 10, "ees1087ep1" }, /* 276 */ + { 0x2D, 278, 0, 10, "ees1499ep1" }, /* 277 */ + { 0x2E, 279, 0, 10, "ees401ep2" }, /* 278 */ + { 0x2F, 280, 0, 10, "ees439ep1" }, /* 279 */ + { 0x30, 281, 0, 10, "ees593ep1" }, /* 280 */ + { 0x31, 0, 0, 10, "ees743ep1" }, /* 281 */ + { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 282 */ + { 0x05, 0, 1, 3, "security" }, /* 283 */ + { 0x05, 0, 1, 4, "mechanisms" }, /* 284 */ + { 0x07, 329, 1, 5, "id-pkix" }, /* 285 */ + { 0x01, 290, 1, 6, "id-pe" }, /* 286 */ + { 0x01, 288, 0, 7, "authorityInfoAccess" }, /* 287 */ + { 0x03, 289, 0, 7, "qcStatements" }, /* 288 */ + { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 289 */ + { 0x02, 293, 1, 6, "id-qt" }, /* 290 */ + { 0x01, 292, 0, 7, "cps" }, /* 291 */ + { 0x02, 0, 0, 7, "unotice" }, /* 292 */ + { 0x03, 303, 1, 6, "id-kp" }, /* 293 */ + { 0x01, 295, 0, 7, "serverAuth" }, /* 294 */ + { 0x02, 296, 0, 7, "clientAuth" }, /* 295 */ + { 0x03, 297, 0, 7, "codeSigning" }, /* 296 */ + { 0x04, 298, 0, 7, "emailProtection" }, /* 297 */ + { 0x05, 299, 0, 7, "ipsecEndSystem" }, /* 298 */ + { 0x06, 300, 0, 7, "ipsecTunnel" }, /* 299 */ + { 0x07, 301, 0, 7, "ipsecUser" }, /* 300 */ + { 0x08, 302, 0, 7, "timeStamping" }, /* 301 */ + { 0x09, 0, 0, 7, "ocspSigning" }, /* 302 */ + { 0x08, 311, 1, 6, "id-otherNames" }, /* 303 */ + { 0x01, 305, 0, 7, "personalData" }, /* 304 */ + { 0x02, 306, 0, 7, "userGroup" }, /* 305 */ + { 0x03, 307, 0, 7, "id-on-permanentIdentifier" }, /* 306 */ + { 0x04, 308, 0, 7, "id-on-hardwareModuleName" }, /* 307 */ + { 0x05, 309, 0, 7, "xmppAddr" }, /* 308 */ + { 0x06, 310, 0, 7, "id-on-SIM" }, /* 309 */ + { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 310 */ + { 0x0A, 316, 1, 6, "id-aca" }, /* 311 */ + { 0x01, 313, 0, 7, "authenticationInfo" }, /* 312 */ + { 0x02, 314, 0, 7, "accessIdentity" }, /* 313 */ + { 0x03, 315, 0, 7, "chargingIdentity" }, /* 314 */ + { 0x04, 0, 0, 7, "group" }, /* 315 */ + { 0x0B, 317, 0, 6, "subjectInfoAccess" }, /* 316 */ + { 0x30, 0, 1, 6, "id-ad" }, /* 317 */ + { 0x01, 326, 1, 7, "ocsp" }, /* 318 */ + { 0x01, 320, 0, 8, "basic" }, /* 319 */ + { 0x02, 321, 0, 8, "nonce" }, /* 320 */ + { 0x03, 322, 0, 8, "crl" }, /* 321 */ + { 0x04, 323, 0, 8, "response" }, /* 322 */ + { 0x05, 324, 0, 8, "noCheck" }, /* 323 */ + { 0x06, 325, 0, 8, "archiveCutoff" }, /* 324 */ + { 0x07, 0, 0, 8, "serviceLocator" }, /* 325 */ + { 0x02, 327, 0, 7, "caIssuers" }, /* 326 */ + { 0x03, 328, 0, 7, "timeStamping" }, /* 327 */ + { 0x05, 0, 0, 7, "caRepository" }, /* 328 */ + { 0x08, 0, 1, 5, "ipsec" }, /* 329 */ + { 0x02, 0, 1, 6, "certificate" }, /* 330 */ + { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 331 */ + { 0x0E, 338, 1, 1, "oiw" }, /* 332 */ + { 0x03, 0, 1, 2, "secsig" }, /* 333 */ + { 0x02, 0, 1, 3, "algorithms" }, /* 334 */ + { 0x07, 336, 0, 4, "des-cbc" }, /* 335 */ + { 0x1A, 337, 0, 4, "sha-1" }, /* 336 */ + { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 337 */ + { 0x24, 384, 1, 1, "TeleTrusT" }, /* 338 */ + { 0x03, 0, 1, 2, "algorithm" }, /* 339 */ + { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 340 */ + { 0x01, 345, 1, 4, "rsaSignature" }, /* 341 */ + { 0x02, 343, 0, 5, "rsaSigWithripemd160" }, /* 342 */ + { 0x03, 344, 0, 5, "rsaSigWithripemd128" }, /* 343 */ + { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 344 */ + { 0x02, 0, 1, 4, "ecSign" }, /* 345 */ + { 0x01, 347, 0, 5, "ecSignWithsha1" }, /* 346 */ + { 0x02, 348, 0, 5, "ecSignWithripemd160" }, /* 347 */ + { 0x03, 349, 0, 5, "ecSignWithmd2" }, /* 348 */ + { 0x04, 350, 0, 5, "ecSignWithmd5" }, /* 349 */ + { 0x05, 367, 1, 5, "ttt-ecg" }, /* 350 */ + { 0x01, 355, 1, 6, "fieldType" }, /* 351 */ + { 0x01, 0, 1, 7, "characteristictwoField" }, /* 352 */ + { 0x01, 0, 1, 8, "basisType" }, /* 353 */ + { 0x01, 0, 0, 9, "ipBasis" }, /* 354 */ + { 0x02, 357, 1, 6, "keyType" }, /* 355 */ + { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 356 */ + { 0x03, 358, 0, 6, "curve" }, /* 357 */ + { 0x04, 365, 1, 6, "signatures" }, /* 358 */ + { 0x01, 360, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 359 */ + { 0x02, 361, 0, 7, "ecgdsa-with-SHA1" }, /* 360 */ + { 0x03, 362, 0, 7, "ecgdsa-with-SHA224" }, /* 361 */ + { 0x04, 363, 0, 7, "ecgdsa-with-SHA256" }, /* 362 */ + { 0x05, 364, 0, 7, "ecgdsa-with-SHA384" }, /* 363 */ + { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 364 */ + { 0x05, 0, 1, 6, "module" }, /* 365 */ + { 0x01, 0, 0, 7, "1" }, /* 366 */ + { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 367 */ + { 0x01, 0, 1, 6, "ellipticCurve" }, /* 368 */ + { 0x01, 0, 1, 7, "versionOne" }, /* 369 */ + { 0x01, 371, 0, 8, "brainpoolP160r1" }, /* 370 */ + { 0x02, 372, 0, 8, "brainpoolP160t1" }, /* 371 */ + { 0x03, 373, 0, 8, "brainpoolP192r1" }, /* 372 */ + { 0x04, 374, 0, 8, "brainpoolP192t1" }, /* 373 */ + { 0x05, 375, 0, 8, "brainpoolP224r1" }, /* 374 */ + { 0x06, 376, 0, 8, "brainpoolP224t1" }, /* 375 */ + { 0x07, 377, 0, 8, "brainpoolP256r1" }, /* 376 */ + { 0x08, 378, 0, 8, "brainpoolP256t1" }, /* 377 */ + { 0x09, 379, 0, 8, "brainpoolP320r1" }, /* 378 */ + { 0x0A, 380, 0, 8, "brainpoolP320t1" }, /* 379 */ + { 0x0B, 381, 0, 8, "brainpoolP384r1" }, /* 380 */ + { 0x0C, 382, 0, 8, "brainpoolP384t1" }, /* 381 */ + { 0x0D, 383, 0, 8, "brainpoolP512r1" }, /* 382 */ + { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 383 */ + { 0x81, 0, 1, 1, "" }, /* 384 */ + { 0x04, 0, 1, 2, "Certicom" }, /* 385 */ + { 0x00, 0, 1, 3, "curve" }, /* 386 */ + { 0x01, 388, 0, 4, "sect163k1" }, /* 387 */ + { 0x02, 389, 0, 4, "sect163r1" }, /* 388 */ + { 0x03, 390, 0, 4, "sect239k1" }, /* 389 */ + { 0x04, 391, 0, 4, "sect113r1" }, /* 390 */ + { 0x05, 392, 0, 4, "sect113r2" }, /* 391 */ + { 0x06, 393, 0, 4, "secp112r1" }, /* 392 */ + { 0x07, 394, 0, 4, "secp112r2" }, /* 393 */ + { 0x08, 395, 0, 4, "secp160r1" }, /* 394 */ + { 0x09, 396, 0, 4, "secp160k1" }, /* 395 */ + { 0x0A, 397, 0, 4, "secp256k1" }, /* 396 */ + { 0x0F, 398, 0, 4, "sect163r2" }, /* 397 */ + { 0x10, 399, 0, 4, "sect283k1" }, /* 398 */ + { 0x11, 400, 0, 4, "sect283r1" }, /* 399 */ + { 0x16, 401, 0, 4, "sect131r1" }, /* 400 */ + { 0x17, 402, 0, 4, "sect131r2" }, /* 401 */ + { 0x18, 403, 0, 4, "sect193r1" }, /* 402 */ + { 0x19, 404, 0, 4, "sect193r2" }, /* 403 */ + { 0x1A, 405, 0, 4, "sect233k1" }, /* 404 */ + { 0x1B, 406, 0, 4, "sect233r1" }, /* 405 */ + { 0x1C, 407, 0, 4, "secp128r1" }, /* 406 */ + { 0x1D, 408, 0, 4, "secp128r2" }, /* 407 */ + { 0x1E, 409, 0, 4, "secp160r2" }, /* 408 */ + { 0x1F, 410, 0, 4, "secp192k1" }, /* 409 */ + { 0x20, 411, 0, 4, "secp224k1" }, /* 410 */ + { 0x21, 412, 0, 4, "secp224r1" }, /* 411 */ + { 0x22, 413, 0, 4, "secp384r1" }, /* 412 */ + { 0x23, 414, 0, 4, "secp521r1" }, /* 413 */ + { 0x24, 415, 0, 4, "sect409k1" }, /* 414 */ + { 0x25, 416, 0, 4, "sect409r1" }, /* 415 */ + { 0x26, 417, 0, 4, "sect571k1" }, /* 416 */ + { 0x27, 0, 0, 4, "sect571r1" }, /* 417 */ + {0x60, 472, 1, 0, "" }, /* 418 */ + { 0x86, 0, 1, 1, "" }, /* 419 */ + { 0x48, 0, 1, 2, "" }, /* 420 */ + { 0x01, 0, 1, 3, "organization" }, /* 421 */ + { 0x65, 448, 1, 4, "gov" }, /* 422 */ + { 0x03, 0, 1, 5, "csor" }, /* 423 */ + { 0x04, 0, 1, 6, "nistalgorithm" }, /* 424 */ + { 0x01, 435, 1, 7, "aes" }, /* 425 */ + { 0x02, 427, 0, 8, "id-aes128-CBC" }, /* 426 */ + { 0x06, 428, 0, 8, "id-aes128-GCM" }, /* 427 */ + { 0x07, 429, 0, 8, "id-aes128-CCM" }, /* 428 */ + { 0x16, 430, 0, 8, "id-aes192-CBC" }, /* 429 */ + { 0x1A, 431, 0, 8, "id-aes192-GCM" }, /* 430 */ + { 0x1B, 432, 0, 8, "id-aes192-CCM" }, /* 431 */ + { 0x2A, 433, 0, 8, "id-aes256-CBC" }, /* 432 */ + { 0x2E, 434, 0, 8, "id-aes256-GCM" }, /* 433 */ + { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 434 */ + { 0x02, 0, 1, 7, "hashalgs" }, /* 435 */ + { 0x01, 437, 0, 8, "id-sha256" }, /* 436 */ + { 0x02, 438, 0, 8, "id-sha384" }, /* 437 */ + { 0x03, 439, 0, 8, "id-sha512" }, /* 438 */ + { 0x04, 440, 0, 8, "id-sha224" }, /* 439 */ + { 0x05, 441, 0, 8, "id-sha512-224" }, /* 440 */ + { 0x06, 442, 0, 8, "id-sha512-256" }, /* 441 */ + { 0x07, 443, 0, 8, "id-sha3-224" }, /* 442 */ + { 0x08, 444, 0, 8, "id-sha3-256" }, /* 443 */ + { 0x09, 445, 0, 8, "id-sha3-384" }, /* 444 */ + { 0x0A, 446, 0, 8, "id-sha3-512" }, /* 445 */ + { 0x0B, 447, 0, 8, "id-shake128" }, /* 446 */ + { 0x0C, 0, 0, 8, "id-shake256" }, /* 447 */ + { 0x86, 0, 1, 4, "" }, /* 448 */ + { 0xf8, 0, 1, 5, "" }, /* 449 */ + { 0x42, 462, 1, 6, "netscape" }, /* 450 */ + { 0x01, 457, 1, 7, "" }, /* 451 */ + { 0x01, 453, 0, 8, "nsCertType" }, /* 452 */ + { 0x03, 454, 0, 8, "nsRevocationUrl" }, /* 453 */ + { 0x04, 455, 0, 8, "nsCaRevocationUrl" }, /* 454 */ + { 0x08, 456, 0, 8, "nsCaPolicyUrl" }, /* 455 */ + { 0x0d, 0, 0, 8, "nsComment" }, /* 456 */ + { 0x03, 460, 1, 7, "directory" }, /* 457 */ + { 0x01, 0, 1, 8, "" }, /* 458 */ + { 0x03, 0, 0, 9, "employeeNumber" }, /* 459 */ + { 0x04, 0, 1, 7, "policy" }, /* 460 */ + { 0x01, 0, 0, 8, "nsSGC" }, /* 461 */ + { 0x45, 0, 1, 6, "verisign" }, /* 462 */ + { 0x01, 0, 1, 7, "pki" }, /* 463 */ + { 0x09, 0, 1, 8, "attributes" }, /* 464 */ + { 0x02, 466, 0, 9, "messageType" }, /* 465 */ + { 0x03, 467, 0, 9, "pkiStatus" }, /* 466 */ + { 0x04, 468, 0, 9, "failInfo" }, /* 467 */ + { 0x05, 469, 0, 9, "senderNonce" }, /* 468 */ + { 0x06, 470, 0, 9, "recipientNonce" }, /* 469 */ + { 0x07, 471, 0, 9, "transID" }, /* 470 */ + { 0x08, 0, 0, 9, "extensionReq" }, /* 471 */ + {0x67, 0, 1, 0, "" }, /* 472 */ + { 0x81, 0, 1, 1, "" }, /* 473 */ + { 0x05, 0, 1, 2, "" }, /* 474 */ + { 0x02, 0, 1, 3, "tcg-attribute" }, /* 475 */ + { 0x01, 477, 0, 4, "tcg-at-tpmManufacturer" }, /* 476 */ + { 0x02, 478, 0, 4, "tcg-at-tpmModel" }, /* 477 */ + { 0x03, 479, 0, 4, "tcg-at-tpmVersion" }, /* 478 */ + { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 479 */ }; diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h index 1120156e5..042f108dd 100644 --- a/src/libstrongswan/asn1/oid.h +++ b/src/libstrongswan/asn1/oid.h @@ -40,221 +40,222 @@ extern const oid_t oid_names[]; #define OID_INITIALS 33 #define OID_UNIQUE_IDENTIFIER 34 #define OID_DN_QUALIFIER 35 -#define OID_PSEUDONYM 36 -#define OID_ROLE 37 -#define OID_SUBJECT_KEY_ID 40 -#define OID_KEY_USAGE 41 -#define OID_SUBJECT_ALT_NAME 43 -#define OID_BASIC_CONSTRAINTS 45 -#define OID_CRL_NUMBER 46 -#define OID_CRL_REASON_CODE 47 -#define OID_DELTA_CRL_INDICATOR 50 -#define OID_ISSUING_DIST_POINT 51 -#define OID_NAME_CONSTRAINTS 53 -#define OID_CRL_DISTRIBUTION_POINTS 54 -#define OID_CERTIFICATE_POLICIES 55 -#define OID_ANY_POLICY 56 -#define OID_POLICY_MAPPINGS 57 -#define OID_AUTHORITY_KEY_ID 58 -#define OID_POLICY_CONSTRAINTS 59 -#define OID_EXTENDED_KEY_USAGE 60 -#define OID_FRESHEST_CRL 62 -#define OID_INHIBIT_ANY_POLICY 63 -#define OID_TARGET_INFORMATION 64 -#define OID_NO_REV_AVAIL 65 -#define OID_CAMELLIA128_CBC 76 -#define OID_CAMELLIA192_CBC 77 -#define OID_CAMELLIA256_CBC 78 -#define OID_RSA_ENCRYPTION 91 -#define OID_MD2_WITH_RSA 92 -#define OID_MD5_WITH_RSA 93 -#define OID_SHA1_WITH_RSA 94 -#define OID_RSAES_OAEP 95 -#define OID_SHA256_WITH_RSA 98 -#define OID_SHA384_WITH_RSA 99 -#define OID_SHA512_WITH_RSA 100 -#define OID_SHA224_WITH_RSA 101 -#define OID_PBE_MD5_DES_CBC 103 -#define OID_PBE_SHA1_DES_CBC 104 -#define OID_PBKDF2 105 -#define OID_PBES2 106 -#define OID_PKCS7_DATA 108 -#define OID_PKCS7_SIGNED_DATA 109 -#define OID_PKCS7_ENVELOPED_DATA 110 -#define OID_PKCS7_SIGNED_ENVELOPED_DATA 111 -#define OID_PKCS7_DIGESTED_DATA 112 -#define OID_PKCS7_ENCRYPTED_DATA 113 -#define OID_EMAIL_ADDRESS 115 -#define OID_UNSTRUCTURED_NAME 116 -#define OID_PKCS9_CONTENT_TYPE 117 -#define OID_PKCS9_MESSAGE_DIGEST 118 -#define OID_PKCS9_SIGNING_TIME 119 -#define OID_CHALLENGE_PASSWORD 121 -#define OID_UNSTRUCTURED_ADDRESS 122 -#define OID_EXTENSION_REQUEST 123 -#define OID_X509_CERTIFICATE 126 -#define OID_PBE_SHA1_RC4_128 130 -#define OID_PBE_SHA1_RC4_40 131 -#define OID_PBE_SHA1_3DES_CBC 132 -#define OID_PBE_SHA1_3DES_2KEY_CBC 133 -#define OID_PBE_SHA1_RC2_CBC_128 134 -#define OID_PBE_SHA1_RC2_CBC_40 135 -#define OID_P12_KEY_BAG 138 -#define OID_P12_PKCS8_KEY_BAG 139 -#define OID_P12_CERT_BAG 140 -#define OID_P12_CRL_BAG 141 -#define OID_MD2 145 -#define OID_MD5 146 -#define OID_3DES_EDE_CBC 148 -#define OID_EC_PUBLICKEY 152 -#define OID_C2PNB163V1 155 -#define OID_C2PNB163V2 156 -#define OID_C2PNB163V3 157 -#define OID_C2PNB176W1 158 -#define OID_C2PNB191V1 159 -#define OID_C2PNB191V2 160 -#define OID_C2PNB191V3 161 -#define OID_C2PNB191V4 162 -#define OID_C2PNB191V5 163 -#define OID_C2PNB208W1 164 -#define OID_C2PNB239V1 165 -#define OID_C2PNB239V2 166 -#define OID_C2PNB239V3 167 -#define OID_C2PNB239V4 168 -#define OID_C2PNB239V5 169 -#define OID_C2PNB272W1 170 -#define OID_C2PNB304W1 171 -#define OID_C2PNB359V1 172 -#define OID_C2PNB368W1 173 -#define OID_C2PNB431R1 174 -#define OID_PRIME192V1 176 -#define OID_PRIME192V2 177 -#define OID_PRIME192V3 178 -#define OID_PRIME239V1 179 -#define OID_PRIME239V2 180 -#define OID_PRIME239V3 181 -#define OID_PRIME256V1 182 -#define OID_ECDSA_WITH_SHA1 184 -#define OID_ECDSA_WITH_SHA224 186 -#define OID_ECDSA_WITH_SHA256 187 -#define OID_ECDSA_WITH_SHA384 188 -#define OID_ECDSA_WITH_SHA512 189 -#define OID_MS_SMARTCARD_LOGON 203 -#define OID_USER_PRINCIPAL_NAME 204 -#define OID_STRONGSWAN 210 -#define OID_BLISS_PUBLICKEY 215 -#define OID_BLISS_I 217 -#define OID_BLISS_II 218 -#define OID_BLISS_III 219 -#define OID_BLISS_IV 220 -#define OID_BLISS_B_I 221 -#define OID_BLISS_B_II 222 -#define OID_BLISS_B_III 223 -#define OID_BLISS_B_IV 224 -#define OID_BLISS_WITH_SHA2_512 226 -#define OID_BLISS_WITH_SHA2_384 227 -#define OID_BLISS_WITH_SHA2_256 228 -#define OID_BLISS_WITH_SHA3_512 229 -#define OID_BLISS_WITH_SHA3_384 230 -#define OID_BLISS_WITH_SHA3_256 231 -#define OID_TCGID 238 -#define OID_BLOWFISH_CBC 242 -#define OID_AUTHORITY_INFO_ACCESS 286 -#define OID_IP_ADDR_BLOCKS 288 -#define OID_POLICY_QUALIFIER_CPS 290 -#define OID_POLICY_QUALIFIER_UNOTICE 291 -#define OID_SERVER_AUTH 293 -#define OID_CLIENT_AUTH 294 -#define OID_OCSP_SIGNING 301 -#define OID_XMPP_ADDR 307 -#define OID_AUTHENTICATION_INFO 311 -#define OID_ACCESS_IDENTITY 312 -#define OID_CHARGING_IDENTITY 313 -#define OID_GROUP 314 -#define OID_OCSP 317 -#define OID_BASIC 318 -#define OID_NONCE 319 -#define OID_CRL 320 -#define OID_RESPONSE 321 -#define OID_NO_CHECK 322 -#define OID_ARCHIVE_CUTOFF 323 -#define OID_SERVICE_LOCATOR 324 -#define OID_CA_ISSUERS 325 -#define OID_IKE_INTERMEDIATE 330 -#define OID_DES_CBC 334 -#define OID_SHA1 335 -#define OID_SHA1_WITH_RSA_OIW 336 -#define OID_ECGDSA_PUBKEY 355 -#define OID_ECGDSA_SIG_WITH_RIPEMD160 358 -#define OID_ECGDSA_SIG_WITH_SHA1 359 -#define OID_ECGDSA_SIG_WITH_SHA224 360 -#define OID_ECGDSA_SIG_WITH_SHA256 361 -#define OID_ECGDSA_SIG_WITH_SHA384 362 -#define OID_ECGDSA_SIG_WITH_SHA512 363 -#define OID_SECT163K1 386 -#define OID_SECT163R1 387 -#define OID_SECT239K1 388 -#define OID_SECT113R1 389 -#define OID_SECT113R2 390 -#define OID_SECT112R1 391 -#define OID_SECT112R2 392 -#define OID_SECT160R1 393 -#define OID_SECT160K1 394 -#define OID_SECT256K1 395 -#define OID_SECT163R2 396 -#define OID_SECT283K1 397 -#define OID_SECT283R1 398 -#define OID_SECT131R1 399 -#define OID_SECT131R2 400 -#define OID_SECT193R1 401 -#define OID_SECT193R2 402 -#define OID_SECT233K1 403 -#define OID_SECT233R1 404 -#define OID_SECT128R1 405 -#define OID_SECT128R2 406 -#define OID_SECT160R2 407 -#define OID_SECT192K1 408 -#define OID_SECT224K1 409 -#define OID_SECT224R1 410 -#define OID_SECT384R1 411 -#define OID_SECT521R1 412 -#define OID_SECT409K1 413 -#define OID_SECT409R1 414 -#define OID_SECT571K1 415 -#define OID_SECT571R1 416 -#define OID_AES128_CBC 425 -#define OID_AES128_GCM 426 -#define OID_AES128_CCM 427 -#define OID_AES192_CBC 428 -#define OID_AES192_GCM 429 -#define OID_AES192_CCM 430 -#define OID_AES256_CBC 431 -#define OID_AES256_GCM 432 -#define OID_AES256_CCM 433 -#define OID_SHA256 435 -#define OID_SHA384 436 -#define OID_SHA512 437 -#define OID_SHA224 438 -#define OID_SHA3_224 441 -#define OID_SHA3_256 442 -#define OID_SHA3_384 443 -#define OID_SHA3_512 444 -#define OID_NS_REVOCATION_URL 452 -#define OID_NS_CA_REVOCATION_URL 453 -#define OID_NS_CA_POLICY_URL 454 -#define OID_NS_COMMENT 455 -#define OID_EMPLOYEE_NUMBER 458 -#define OID_PKI_MESSAGE_TYPE 464 -#define OID_PKI_STATUS 465 -#define OID_PKI_FAIL_INFO 466 -#define OID_PKI_SENDER_NONCE 467 -#define OID_PKI_RECIPIENT_NONCE 468 -#define OID_PKI_TRANS_ID 469 -#define OID_TPM_MANUFACTURER 475 -#define OID_TPM_MODEL 476 -#define OID_TPM_VERSION 477 -#define OID_TPM_ID_LABEL 478 +#define OID_DMD_NAME 36 +#define OID_PSEUDONYM 37 +#define OID_ROLE 38 +#define OID_SUBJECT_KEY_ID 41 +#define OID_KEY_USAGE 42 +#define OID_SUBJECT_ALT_NAME 44 +#define OID_BASIC_CONSTRAINTS 46 +#define OID_CRL_NUMBER 47 +#define OID_CRL_REASON_CODE 48 +#define OID_DELTA_CRL_INDICATOR 51 +#define OID_ISSUING_DIST_POINT 52 +#define OID_NAME_CONSTRAINTS 54 +#define OID_CRL_DISTRIBUTION_POINTS 55 +#define OID_CERTIFICATE_POLICIES 56 +#define OID_ANY_POLICY 57 +#define OID_POLICY_MAPPINGS 58 +#define OID_AUTHORITY_KEY_ID 59 +#define OID_POLICY_CONSTRAINTS 60 +#define OID_EXTENDED_KEY_USAGE 61 +#define OID_FRESHEST_CRL 63 +#define OID_INHIBIT_ANY_POLICY 64 +#define OID_TARGET_INFORMATION 65 +#define OID_NO_REV_AVAIL 66 +#define OID_CAMELLIA128_CBC 77 +#define OID_CAMELLIA192_CBC 78 +#define OID_CAMELLIA256_CBC 79 +#define OID_RSA_ENCRYPTION 92 +#define OID_MD2_WITH_RSA 93 +#define OID_MD5_WITH_RSA 94 +#define OID_SHA1_WITH_RSA 95 +#define OID_RSAES_OAEP 96 +#define OID_SHA256_WITH_RSA 99 +#define OID_SHA384_WITH_RSA 100 +#define OID_SHA512_WITH_RSA 101 +#define OID_SHA224_WITH_RSA 102 +#define OID_PBE_MD5_DES_CBC 104 +#define OID_PBE_SHA1_DES_CBC 105 +#define OID_PBKDF2 106 +#define OID_PBES2 107 +#define OID_PKCS7_DATA 109 +#define OID_PKCS7_SIGNED_DATA 110 +#define OID_PKCS7_ENVELOPED_DATA 111 +#define OID_PKCS7_SIGNED_ENVELOPED_DATA 112 +#define OID_PKCS7_DIGESTED_DATA 113 +#define OID_PKCS7_ENCRYPTED_DATA 114 +#define OID_EMAIL_ADDRESS 116 +#define OID_UNSTRUCTURED_NAME 117 +#define OID_PKCS9_CONTENT_TYPE 118 +#define OID_PKCS9_MESSAGE_DIGEST 119 +#define OID_PKCS9_SIGNING_TIME 120 +#define OID_CHALLENGE_PASSWORD 122 +#define OID_UNSTRUCTURED_ADDRESS 123 +#define OID_EXTENSION_REQUEST 124 +#define OID_X509_CERTIFICATE 127 +#define OID_PBE_SHA1_RC4_128 131 +#define OID_PBE_SHA1_RC4_40 132 +#define OID_PBE_SHA1_3DES_CBC 133 +#define OID_PBE_SHA1_3DES_2KEY_CBC 134 +#define OID_PBE_SHA1_RC2_CBC_128 135 +#define OID_PBE_SHA1_RC2_CBC_40 136 +#define OID_P12_KEY_BAG 139 +#define OID_P12_PKCS8_KEY_BAG 140 +#define OID_P12_CERT_BAG 141 +#define OID_P12_CRL_BAG 142 +#define OID_MD2 146 +#define OID_MD5 147 +#define OID_3DES_EDE_CBC 149 +#define OID_EC_PUBLICKEY 153 +#define OID_C2PNB163V1 156 +#define OID_C2PNB163V2 157 +#define OID_C2PNB163V3 158 +#define OID_C2PNB176W1 159 +#define OID_C2PNB191V1 160 +#define OID_C2PNB191V2 161 +#define OID_C2PNB191V3 162 +#define OID_C2PNB191V4 163 +#define OID_C2PNB191V5 164 +#define OID_C2PNB208W1 165 +#define OID_C2PNB239V1 166 +#define OID_C2PNB239V2 167 +#define OID_C2PNB239V3 168 +#define OID_C2PNB239V4 169 +#define OID_C2PNB239V5 170 +#define OID_C2PNB272W1 171 +#define OID_C2PNB304W1 172 +#define OID_C2PNB359V1 173 +#define OID_C2PNB368W1 174 +#define OID_C2PNB431R1 175 +#define OID_PRIME192V1 177 +#define OID_PRIME192V2 178 +#define OID_PRIME192V3 179 +#define OID_PRIME239V1 180 +#define OID_PRIME239V2 181 +#define OID_PRIME239V3 182 +#define OID_PRIME256V1 183 +#define OID_ECDSA_WITH_SHA1 185 +#define OID_ECDSA_WITH_SHA224 187 +#define OID_ECDSA_WITH_SHA256 188 +#define OID_ECDSA_WITH_SHA384 189 +#define OID_ECDSA_WITH_SHA512 190 +#define OID_MS_SMARTCARD_LOGON 204 +#define OID_USER_PRINCIPAL_NAME 205 +#define OID_STRONGSWAN 211 +#define OID_BLISS_PUBLICKEY 216 +#define OID_BLISS_I 218 +#define OID_BLISS_II 219 +#define OID_BLISS_III 220 +#define OID_BLISS_IV 221 +#define OID_BLISS_B_I 222 +#define OID_BLISS_B_II 223 +#define OID_BLISS_B_III 224 +#define OID_BLISS_B_IV 225 +#define OID_BLISS_WITH_SHA2_512 227 +#define OID_BLISS_WITH_SHA2_384 228 +#define OID_BLISS_WITH_SHA2_256 229 +#define OID_BLISS_WITH_SHA3_512 230 +#define OID_BLISS_WITH_SHA3_384 231 +#define OID_BLISS_WITH_SHA3_256 232 +#define OID_TCGID 239 +#define OID_BLOWFISH_CBC 243 +#define OID_AUTHORITY_INFO_ACCESS 287 +#define OID_IP_ADDR_BLOCKS 289 +#define OID_POLICY_QUALIFIER_CPS 291 +#define OID_POLICY_QUALIFIER_UNOTICE 292 +#define OID_SERVER_AUTH 294 +#define OID_CLIENT_AUTH 295 +#define OID_OCSP_SIGNING 302 +#define OID_XMPP_ADDR 308 +#define OID_AUTHENTICATION_INFO 312 +#define OID_ACCESS_IDENTITY 313 +#define OID_CHARGING_IDENTITY 314 +#define OID_GROUP 315 +#define OID_OCSP 318 +#define OID_BASIC 319 +#define OID_NONCE 320 +#define OID_CRL 321 +#define OID_RESPONSE 322 +#define OID_NO_CHECK 323 +#define OID_ARCHIVE_CUTOFF 324 +#define OID_SERVICE_LOCATOR 325 +#define OID_CA_ISSUERS 326 +#define OID_IKE_INTERMEDIATE 331 +#define OID_DES_CBC 335 +#define OID_SHA1 336 +#define OID_SHA1_WITH_RSA_OIW 337 +#define OID_ECGDSA_PUBKEY 356 +#define OID_ECGDSA_SIG_WITH_RIPEMD160 359 +#define OID_ECGDSA_SIG_WITH_SHA1 360 +#define OID_ECGDSA_SIG_WITH_SHA224 361 +#define OID_ECGDSA_SIG_WITH_SHA256 362 +#define OID_ECGDSA_SIG_WITH_SHA384 363 +#define OID_ECGDSA_SIG_WITH_SHA512 364 +#define OID_SECT163K1 387 +#define OID_SECT163R1 388 +#define OID_SECT239K1 389 +#define OID_SECT113R1 390 +#define OID_SECT113R2 391 +#define OID_SECT112R1 392 +#define OID_SECT112R2 393 +#define OID_SECT160R1 394 +#define OID_SECT160K1 395 +#define OID_SECT256K1 396 +#define OID_SECT163R2 397 +#define OID_SECT283K1 398 +#define OID_SECT283R1 399 +#define OID_SECT131R1 400 +#define OID_SECT131R2 401 +#define OID_SECT193R1 402 +#define OID_SECT193R2 403 +#define OID_SECT233K1 404 +#define OID_SECT233R1 405 +#define OID_SECT128R1 406 +#define OID_SECT128R2 407 +#define OID_SECT160R2 408 +#define OID_SECT192K1 409 +#define OID_SECT224K1 410 +#define OID_SECT224R1 411 +#define OID_SECT384R1 412 +#define OID_SECT521R1 413 +#define OID_SECT409K1 414 +#define OID_SECT409R1 415 +#define OID_SECT571K1 416 +#define OID_SECT571R1 417 +#define OID_AES128_CBC 426 +#define OID_AES128_GCM 427 +#define OID_AES128_CCM 428 +#define OID_AES192_CBC 429 +#define OID_AES192_GCM 430 +#define OID_AES192_CCM 431 +#define OID_AES256_CBC 432 +#define OID_AES256_GCM 433 +#define OID_AES256_CCM 434 +#define OID_SHA256 436 +#define OID_SHA384 437 +#define OID_SHA512 438 +#define OID_SHA224 439 +#define OID_SHA3_224 442 +#define OID_SHA3_256 443 +#define OID_SHA3_384 444 +#define OID_SHA3_512 445 +#define OID_NS_REVOCATION_URL 453 +#define OID_NS_CA_REVOCATION_URL 454 +#define OID_NS_CA_POLICY_URL 455 +#define OID_NS_COMMENT 456 +#define OID_EMPLOYEE_NUMBER 459 +#define OID_PKI_MESSAGE_TYPE 465 +#define OID_PKI_STATUS 466 +#define OID_PKI_FAIL_INFO 467 +#define OID_PKI_SENDER_NONCE 468 +#define OID_PKI_RECIPIENT_NONCE 469 +#define OID_PKI_TRANS_ID 470 +#define OID_TPM_MANUFACTURER 476 +#define OID_TPM_MODEL 477 +#define OID_TPM_VERSION 478 +#define OID_TPM_ID_LABEL 479 -#define OID_MAX 479 +#define OID_MAX 480 #endif /* OID_H_ */ diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt index b5ec15f3c..eeeb234c7 100644 --- a/src/libstrongswan/asn1/oid.txt +++ b/src/libstrongswan/asn1/oid.txt @@ -34,6 +34,7 @@ 0x2B "I" OID_INITIALS 0x2D "ID" OID_UNIQUE_IDENTIFIER 0x2E "dnQualifier" OID_DN_QUALIFIER + 0x36 "dmdName" OID_DMD_NAME 0x41 "pseudonym" OID_PSEUDONYM 0x48 "role" OID_ROLE 0x1D "id-ce" diff --git a/src/libstrongswan/bio/bio_reader.c b/src/libstrongswan/bio/bio_reader.c index 29b9e7279..6e35999ce 100644 --- a/src/libstrongswan/bio/bio_reader.c +++ b/src/libstrongswan/bio/bio_reader.c @@ -43,7 +43,7 @@ struct private_bio_reader_t { chunk_t cleanup; }; -METHOD(bio_reader_t, remaining, u_int32_t, +METHOD(bio_reader_t, remaining, uint32_t, private_bio_reader_t *this) { return this->buf.len; @@ -76,16 +76,16 @@ static inline chunk_t chunk_skip_end(chunk_t chunk, size_t bytes, bool from_end) /** * Returns a pointer to the data to read, optionally from the end */ -static inline u_char *get_ptr_end(private_bio_reader_t *this, u_int32_t len, +static inline u_char *get_ptr_end(private_bio_reader_t *this, uint32_t len, bool from_end) { return from_end ? this->buf.ptr + (this->buf.len - len) : this->buf.ptr; } /** - * Read an u_int8_t from the buffer, optionally from the end of the buffer + * Read an uint8_t from the buffer, optionally from the end of the buffer */ -static bool read_uint8_internal(private_bio_reader_t *this, u_int8_t *res, +static bool read_uint8_internal(private_bio_reader_t *this, uint8_t *res, bool from_end) { if (this->buf.len < 1) @@ -100,9 +100,9 @@ static bool read_uint8_internal(private_bio_reader_t *this, u_int8_t *res, } /** - * Read an u_int16_t from the buffer, optionally from the end + * Read an uint16_t from the buffer, optionally from the end */ -static bool read_uint16_internal(private_bio_reader_t *this, u_int16_t *res, +static bool read_uint16_internal(private_bio_reader_t *this, uint16_t *res, bool from_end) { if (this->buf.len < 2) @@ -117,9 +117,9 @@ static bool read_uint16_internal(private_bio_reader_t *this, u_int16_t *res, } /** - * Read an u_int32_t (only 24-bit) from the buffer, optionally from the end + * Read an uint32_t (only 24-bit) from the buffer, optionally from the end */ -static bool read_uint24_internal(private_bio_reader_t *this, u_int32_t *res, +static bool read_uint24_internal(private_bio_reader_t *this, uint32_t *res, bool from_end) { if (this->buf.len < 3) @@ -134,9 +134,9 @@ static bool read_uint24_internal(private_bio_reader_t *this, u_int32_t *res, } /** - * Read an u_int32_t from the buffer, optionally from the end + * Read an uint32_t from the buffer, optionally from the end */ -static bool read_uint32_internal(private_bio_reader_t *this, u_int32_t *res, +static bool read_uint32_internal(private_bio_reader_t *this, uint32_t *res, bool from_end) { if (this->buf.len < 4) @@ -151,9 +151,9 @@ static bool read_uint32_internal(private_bio_reader_t *this, u_int32_t *res, } /** - * Read an u_int64_t from the buffer, optionally from the end + * Read an uint64_t from the buffer, optionally from the end */ -static bool read_uint64_internal(private_bio_reader_t *this, u_int64_t *res, +static bool read_uint64_internal(private_bio_reader_t *this, uint64_t *res, bool from_end) { if (this->buf.len < 8) @@ -170,7 +170,7 @@ static bool read_uint64_internal(private_bio_reader_t *this, u_int64_t *res, /** * Read a chunk of data from the buffer, optionally from the end */ -static bool read_data_internal(private_bio_reader_t *this, u_int32_t len, +static bool read_data_internal(private_bio_reader_t *this, uint32_t len, chunk_t *res, bool from_end) { if (this->buf.len < len) @@ -185,73 +185,73 @@ static bool read_data_internal(private_bio_reader_t *this, u_int32_t len, } METHOD(bio_reader_t, read_uint8, bool, - private_bio_reader_t *this, u_int8_t *res) + private_bio_reader_t *this, uint8_t *res) { return read_uint8_internal(this, res, FALSE); } METHOD(bio_reader_t, read_uint16, bool, - private_bio_reader_t *this, u_int16_t *res) + private_bio_reader_t *this, uint16_t *res) { return read_uint16_internal(this, res, FALSE); } METHOD(bio_reader_t, read_uint24, bool, - private_bio_reader_t *this, u_int32_t *res) + private_bio_reader_t *this, uint32_t *res) { return read_uint24_internal(this, res, FALSE); } METHOD(bio_reader_t, read_uint32, bool, - private_bio_reader_t *this, u_int32_t *res) + private_bio_reader_t *this, uint32_t *res) { return read_uint32_internal(this, res, FALSE); } METHOD(bio_reader_t, read_uint64, bool, - private_bio_reader_t *this, u_int64_t *res) + private_bio_reader_t *this, uint64_t *res) { return read_uint64_internal(this, res, FALSE); } METHOD(bio_reader_t, read_data, bool, - private_bio_reader_t *this, u_int32_t len, chunk_t *res) + private_bio_reader_t *this, uint32_t len, chunk_t *res) { return read_data_internal(this, len, res, FALSE); } METHOD(bio_reader_t, read_uint8_end, bool, - private_bio_reader_t *this, u_int8_t *res) + private_bio_reader_t *this, uint8_t *res) { return read_uint8_internal(this, res, TRUE); } METHOD(bio_reader_t, read_uint16_end, bool, - private_bio_reader_t *this, u_int16_t *res) + private_bio_reader_t *this, uint16_t *res) { return read_uint16_internal(this, res, TRUE); } METHOD(bio_reader_t, read_uint24_end, bool, - private_bio_reader_t *this, u_int32_t *res) + private_bio_reader_t *this, uint32_t *res) { return read_uint24_internal(this, res, TRUE); } METHOD(bio_reader_t, read_uint32_end, bool, - private_bio_reader_t *this, u_int32_t *res) + private_bio_reader_t *this, uint32_t *res) { return read_uint32_internal(this, res, TRUE); } METHOD(bio_reader_t, read_uint64_end, bool, - private_bio_reader_t *this, u_int64_t *res) + private_bio_reader_t *this, uint64_t *res) { return read_uint64_internal(this, res, TRUE); } METHOD(bio_reader_t, read_data_end, bool, - private_bio_reader_t *this, u_int32_t len, chunk_t *res) + private_bio_reader_t *this, uint32_t len, chunk_t *res) { return read_data_internal(this, len, res, TRUE); } @@ -259,7 +259,7 @@ METHOD(bio_reader_t, read_data_end, bool, METHOD(bio_reader_t, read_data8, bool, private_bio_reader_t *this, chunk_t *res) { - u_int8_t len; + uint8_t len; if (!read_uint8(this, &len)) { @@ -271,7 +271,7 @@ METHOD(bio_reader_t, read_data8, bool, METHOD(bio_reader_t, read_data16, bool, private_bio_reader_t *this, chunk_t *res) { - u_int16_t len; + uint16_t len; if (!read_uint16(this, &len)) { @@ -283,7 +283,7 @@ METHOD(bio_reader_t, read_data16, bool, METHOD(bio_reader_t, read_data24, bool, private_bio_reader_t *this, chunk_t *res) { - u_int32_t len; + uint32_t len; if (!read_uint24(this, &len)) { @@ -295,7 +295,7 @@ METHOD(bio_reader_t, read_data24, bool, METHOD(bio_reader_t, read_data32, bool, private_bio_reader_t *this, chunk_t *res) { - u_int32_t len; + uint32_t len; if (!read_uint32(this, &len)) { diff --git a/src/libstrongswan/bio/bio_reader.h b/src/libstrongswan/bio/bio_reader.h index 475422428..358993c4f 100644 --- a/src/libstrongswan/bio/bio_reader.h +++ b/src/libstrongswan/bio/bio_reader.h @@ -40,7 +40,7 @@ struct bio_reader_t { * * @return number of remaining bytes in buffer */ - u_int32_t (*remaining)(bio_reader_t *this); + uint32_t (*remaining)(bio_reader_t *this); /** * Peek the remaining data, not consuming any bytes. @@ -55,7 +55,7 @@ struct bio_reader_t { * @param res pointer to result * @return TRUE if integer read successfully */ - bool (*read_uint8)(bio_reader_t *this, u_int8_t *res); + bool (*read_uint8)(bio_reader_t *this, uint8_t *res); /** * Read a 16-bit integer from the buffer, advance. @@ -63,7 +63,7 @@ struct bio_reader_t { * @param res pointer to result * @return TRUE if integer read successfully */ - bool (*read_uint16)(bio_reader_t *this, u_int16_t *res); + bool (*read_uint16)(bio_reader_t *this, uint16_t *res); /** * Read a 24-bit integer from the buffer, advance. @@ -71,7 +71,7 @@ struct bio_reader_t { * @param res pointer to result * @return TRUE if integer read successfully */ - bool (*read_uint24)(bio_reader_t *this, u_int32_t *res); + bool (*read_uint24)(bio_reader_t *this, uint32_t *res); /** * Read a 32-bit integer from the buffer, advance. @@ -79,7 +79,7 @@ struct bio_reader_t { * @param res pointer to result * @return TRUE if integer read successfully */ - bool (*read_uint32)(bio_reader_t *this, u_int32_t *res); + bool (*read_uint32)(bio_reader_t *this, uint32_t *res); /** * Read a 64-bit integer from the buffer, advance. @@ -87,7 +87,7 @@ struct bio_reader_t { * @param res pointer to result * @return TRUE if integer read successfully */ - bool (*read_uint64)(bio_reader_t *this, u_int64_t *res); + bool (*read_uint64)(bio_reader_t *this, uint64_t *res); /** * Read a chunk of len bytes, advance. @@ -96,7 +96,7 @@ struct bio_reader_t { * @param res pointer to result, not cloned * @return TRUE if data read successfully */ - bool (*read_data)(bio_reader_t *this, u_int32_t len, chunk_t *res); + bool (*read_data)(bio_reader_t *this, uint32_t len, chunk_t *res); /** * Read a 8-bit integer from the end of the buffer, reduce remaining. @@ -104,7 +104,7 @@ struct bio_reader_t { * @param res pointer to result * @return TRUE if integer read successfully */ - bool (*read_uint8_end)(bio_reader_t *this, u_int8_t *res); + bool (*read_uint8_end)(bio_reader_t *this, uint8_t *res); /** * Read a 16-bit integer from the end of the buffer, reduce remaining. @@ -112,7 +112,7 @@ struct bio_reader_t { * @param res pointer to result * @return TRUE if integer read successfully */ - bool (*read_uint16_end)(bio_reader_t *this, u_int16_t *res); + bool (*read_uint16_end)(bio_reader_t *this, uint16_t *res); /** * Read a 24-bit integer from the end of the buffer, reduce remaining. @@ -120,7 +120,7 @@ struct bio_reader_t { * @param res pointer to result * @return TRUE if integer read successfully */ - bool (*read_uint24_end)(bio_reader_t *this, u_int32_t *res); + bool (*read_uint24_end)(bio_reader_t *this, uint32_t *res); /** * Read a 32-bit integer from the end of the buffer, reduce remaining. @@ -128,7 +128,7 @@ struct bio_reader_t { * @param res pointer to result * @return TRUE if integer read successfully */ - bool (*read_uint32_end)(bio_reader_t *this, u_int32_t *res); + bool (*read_uint32_end)(bio_reader_t *this, uint32_t *res); /** * Read a 64-bit integer from the end of the buffer, reduce remaining. @@ -136,7 +136,7 @@ struct bio_reader_t { * @param res pointer to result * @return TRUE if integer read successfully */ - bool (*read_uint64_end)(bio_reader_t *this, u_int64_t *res); + bool (*read_uint64_end)(bio_reader_t *this, uint64_t *res); /** * Read a chunk of len bytes from the end of the buffer, reduce remaining. @@ -145,7 +145,7 @@ struct bio_reader_t { * @param res ponter to result, not cloned * @return TRUE if data read successfully */ - bool (*read_data_end)(bio_reader_t *this, u_int32_t len, chunk_t *res); + bool (*read_data_end)(bio_reader_t *this, uint32_t len, chunk_t *res); /** * Read a chunk of bytes with a 8-bit length header, advance. diff --git a/src/libstrongswan/bio/bio_writer.c b/src/libstrongswan/bio/bio_writer.c index 152d9ce22..a21b376cf 100644 --- a/src/libstrongswan/bio/bio_writer.c +++ b/src/libstrongswan/bio/bio_writer.c @@ -65,7 +65,7 @@ static inline void increase(private_bio_writer_t *this, size_t required) } METHOD(bio_writer_t, write_uint8, void, - private_bio_writer_t *this, u_int8_t value) + private_bio_writer_t *this, uint8_t value) { increase(this, 1); this->buf.ptr[this->used] = value; @@ -73,7 +73,7 @@ METHOD(bio_writer_t, write_uint8, void, } METHOD(bio_writer_t, write_uint16, void, - private_bio_writer_t *this, u_int16_t value) + private_bio_writer_t *this, uint16_t value) { increase(this, 2); htoun16(this->buf.ptr + this->used, value); @@ -81,7 +81,7 @@ METHOD(bio_writer_t, write_uint16, void, } METHOD(bio_writer_t, write_uint24, void, - private_bio_writer_t *this, u_int32_t value) + private_bio_writer_t *this, uint32_t value) { increase(this, 3); value = htonl(value); @@ -90,7 +90,7 @@ METHOD(bio_writer_t, write_uint24, void, } METHOD(bio_writer_t, write_uint32, void, - private_bio_writer_t *this, u_int32_t value) + private_bio_writer_t *this, uint32_t value) { increase(this, 4); htoun32(this->buf.ptr + this->used, value); @@ -98,7 +98,7 @@ METHOD(bio_writer_t, write_uint32, void, } METHOD(bio_writer_t, write_uint64, void, - private_bio_writer_t *this, u_int64_t value) + private_bio_writer_t *this, uint64_t value) { increase(this, 8); htoun64(this->buf.ptr + this->used, value); @@ -166,7 +166,7 @@ METHOD(bio_writer_t, wrap16, void, METHOD(bio_writer_t, wrap24, void, private_bio_writer_t *this) { - u_int32_t len; + uint32_t len; increase(this, 3); memmove(this->buf.ptr + 3, this->buf.ptr, this->used); @@ -221,7 +221,7 @@ METHOD(bio_writer_t, destroy, void, /** * See header */ -bio_writer_t *bio_writer_create(u_int32_t bufsize) +bio_writer_t *bio_writer_create(uint32_t bufsize) { private_bio_writer_t *this; diff --git a/src/libstrongswan/bio/bio_writer.h b/src/libstrongswan/bio/bio_writer.h index 2ac4f3556..b6e3db730 100644 --- a/src/libstrongswan/bio/bio_writer.h +++ b/src/libstrongswan/bio/bio_writer.h @@ -40,35 +40,35 @@ struct bio_writer_t { * * @param value value to append */ - void (*write_uint8)(bio_writer_t *this, u_int8_t value); + void (*write_uint8)(bio_writer_t *this, uint8_t value); /** * Append a 16-bit integer to the buffer. * * @param value value to append */ - void (*write_uint16)(bio_writer_t *this, u_int16_t value); + void (*write_uint16)(bio_writer_t *this, uint16_t value); /** * Append a 24-bit integer to the buffer. * * @param value value to append */ - void (*write_uint24)(bio_writer_t *this, u_int32_t value); + void (*write_uint24)(bio_writer_t *this, uint32_t value); /** * Append a 32-bit integer to the buffer. * * @param value value to append */ - void (*write_uint32)(bio_writer_t *this, u_int32_t value); + void (*write_uint32)(bio_writer_t *this, uint32_t value); /** * Append a 64-bit integer to the buffer. * * @param value value to append */ - void (*write_uint64)(bio_writer_t *this, u_int64_t value); + void (*write_uint64)(bio_writer_t *this, uint64_t value); /** * Append a chunk of data without a length header. @@ -166,6 +166,6 @@ struct bio_writer_t { * * @param bufsize initially allocated buffer size */ -bio_writer_t *bio_writer_create(u_int32_t bufsize); +bio_writer_t *bio_writer_create(uint32_t bufsize); #endif /** BIO_WRITER_H_ @}*/ diff --git a/src/libstrongswan/collections/array.c b/src/libstrongswan/collections/array.c index a45a68aaf..69e7df99e 100644 --- a/src/libstrongswan/collections/array.c +++ b/src/libstrongswan/collections/array.c @@ -42,13 +42,13 @@ */ struct array_t { /** number of elements currently in array (not counting head/tail) */ - u_int32_t count; + uint32_t count; /** size of each element, 0 for a pointer based array */ - u_int16_t esize; + uint16_t esize; /** allocated but unused elements at array front */ - u_int8_t head; + uint8_t head; /** allocated but unused elements at array end */ - u_int8_t tail; + uint8_t tail; /** array elements */ void *data; }; @@ -64,7 +64,7 @@ struct array_t { /** * Get the actual size of a number of elements */ -static size_t get_size(array_t *array, u_int32_t num) +static size_t get_size(array_t *array, uint32_t num) { if (array->esize) { @@ -76,7 +76,7 @@ static size_t get_size(array_t *array, u_int32_t num) /** * Increase allocated but unused tail room to at least "room" */ -static void make_tail_room(array_t *array, u_int8_t room) +static void make_tail_room(array_t *array, uint8_t room) { if (array->tail < room) { @@ -89,11 +89,11 @@ static void make_tail_room(array_t *array, u_int8_t room) /** * Increase allocated but unused head room to at least "room" */ -static void make_head_room(array_t *array, u_int8_t room) +static void make_head_room(array_t *array, uint8_t room) { if (array->head < room) { - u_int8_t increase = room - array->head; + uint8_t increase = room - array->head; array->data = realloc(array->data, get_size(array, array->count + array->tail + room)); @@ -158,7 +158,7 @@ static void remove_head(array_t *array, int idx) array->head++; } -array_t *array_create(u_int esize, u_int8_t reserve) +array_t *array_create(u_int esize, uint8_t reserve) { array_t *array; @@ -186,7 +186,7 @@ void array_compress(array_t *array) { if (array) { - u_int32_t tail; + uint32_t tail; tail = array->tail; if (array->head) diff --git a/src/libstrongswan/collections/array.h b/src/libstrongswan/collections/array.h index c3be1a15d..d8a16b5df 100644 --- a/src/libstrongswan/collections/array.h +++ b/src/libstrongswan/collections/array.h @@ -68,7 +68,7 @@ typedef void (*array_callback_t)(void *data, int idx, void *user); * @param reserve number of items to allocate space for * @return array instance */ -array_t *array_create(u_int esize, u_int8_t reserve); +array_t *array_create(u_int esize, uint8_t reserve); /** * Get the number of elements currently in the array. diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h index 6940069de..7191dc1bc 100644 --- a/src/libstrongswan/credentials/auth_cfg.h +++ b/src/libstrongswan/credentials/auth_cfg.h @@ -78,7 +78,7 @@ enum auth_rule_t { AUTH_RULE_EAP_IDENTITY, /** EAP type to propose for peer authentication, eap_type_t */ AUTH_RULE_EAP_TYPE, - /** EAP vendor for vendor specific type, u_int32_t */ + /** EAP vendor for vendor specific type, uint32_t */ AUTH_RULE_EAP_VENDOR, /** XAUTH backend name to use, char* */ AUTH_RULE_XAUTH_BACKEND, diff --git a/src/libstrongswan/credentials/containers/pkcs12.c b/src/libstrongswan/credentials/containers/pkcs12.c index 7b812d27d..9e7815d04 100644 --- a/src/libstrongswan/credentials/containers/pkcs12.c +++ b/src/libstrongswan/credentials/containers/pkcs12.c @@ -42,8 +42,8 @@ static inline void copy_chunk(chunk_t dst, chunk_t src) */ static void add_chunks(chunk_t a, chunk_t b) { - u_int16_t sum; - u_int8_t rem = 0; + uint16_t sum; + uint8_t rem = 0; ssize_t i, j; for (i = a.len - 1, j = b.len -1; i >= 0 && j >= 0; i--, j--) @@ -64,12 +64,12 @@ static void add_chunks(chunk_t a, chunk_t b) * Do the actual key derivation with the given hasher, password and id. */ static bool derive_key(hash_algorithm_t hash, chunk_t unicode, chunk_t salt, - u_int64_t iterations, char id, chunk_t result) + uint64_t iterations, char id, chunk_t result) { chunk_t out = result, D, S, P = chunk_empty, I, Ai, B, Ij; hasher_t *hasher; size_t Slen, v, u; - u_int64_t i; + uint64_t i; bool success = FALSE; hasher = lib->crypto->create_hasher(lib->crypto, hash); @@ -149,7 +149,7 @@ end: * Described in header */ bool pkcs12_derive_key(hash_algorithm_t hash, chunk_t password, chunk_t salt, - u_int64_t iterations, pkcs12_key_type_t type, chunk_t key) + uint64_t iterations, pkcs12_key_type_t type, chunk_t key) { chunk_t unicode = chunk_empty; bool success; diff --git a/src/libstrongswan/credentials/containers/pkcs12.h b/src/libstrongswan/credentials/containers/pkcs12.h index f22ef045a..fc4fb39ce 100644 --- a/src/libstrongswan/credentials/containers/pkcs12.h +++ b/src/libstrongswan/credentials/containers/pkcs12.h @@ -73,6 +73,6 @@ struct pkcs12_t { * @return TRUE on success */ bool pkcs12_derive_key(hash_algorithm_t hash, chunk_t password, chunk_t salt, - u_int64_t iterations, pkcs12_key_type_t type, chunk_t key); + uint64_t iterations, pkcs12_key_type_t type, chunk_t key); #endif /** PKCS12_H_ @}*/ diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c index 4884c4bfa..988e709ad 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.c +++ b/src/libstrongswan/credentials/sets/mem_cred.c @@ -250,6 +250,7 @@ METHOD(mem_cred_t, add_crl, bool, if (new) { this->untrusted->remove_at(this->untrusted, enumerator); + current->destroy(current); } else { diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c index b0b86372c..35dcf25ac 100644 --- a/src/libstrongswan/crypto/crypto_factory.c +++ b/src/libstrongswan/crypto/crypto_factory.c @@ -347,6 +347,10 @@ METHOD(crypto_factory_t, create_nonce_gen, nonce_gen_t*, while (enumerator->enumerate(enumerator, &entry)) { nonce_gen = entry->create_nonce_gen(); + if (nonce_gen) + { + break; + } } enumerator->destroy(enumerator); this->lock->unlock(this->lock); diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h index 272502cf0..2d28b207d 100644 --- a/src/libstrongswan/crypto/hashers/hasher.h +++ b/src/libstrongswan/crypto/hashers/hasher.h @@ -90,7 +90,7 @@ struct hasher_t { * @return TRUE if hash created successfully */ bool (*get_hash)(hasher_t *this, chunk_t data, - u_int8_t *hash) __attribute__((warn_unused_result)); + uint8_t *hash) __attribute__((warn_unused_result)); /** * Hash data and allocate space for the hash. diff --git a/src/libstrongswan/crypto/iv/iv_gen.h b/src/libstrongswan/crypto/iv/iv_gen.h index 81b0701ce..292fc329f 100644 --- a/src/libstrongswan/crypto/iv/iv_gen.h +++ b/src/libstrongswan/crypto/iv/iv_gen.h @@ -38,8 +38,8 @@ struct iv_gen_t { * @param buffer pointer where the generated IV will be written * @return TRUE if IV allocation was successful, FALSE otherwise */ - bool (*get_iv)(iv_gen_t *this, u_int64_t seq, size_t size, - u_int8_t *buffer) __attribute__((warn_unused_result)); + bool (*get_iv)(iv_gen_t *this, uint64_t seq, size_t size, + uint8_t *buffer) __attribute__((warn_unused_result)); /** * Generates an IV and allocates space for it. @@ -49,7 +49,7 @@ struct iv_gen_t { * @param chunk chunk which will hold the generated IV * @return TRUE if IV allocation was successful, FALSE otherwise */ - bool (*allocate_iv)(iv_gen_t *this, u_int64_t seq, size_t size, + bool (*allocate_iv)(iv_gen_t *this, uint64_t seq, size_t size, chunk_t *chunk) __attribute__((warn_unused_result)); /** diff --git a/src/libstrongswan/crypto/iv/iv_gen_null.c b/src/libstrongswan/crypto/iv/iv_gen_null.c index b13de0674..3b8f93986 100644 --- a/src/libstrongswan/crypto/iv/iv_gen_null.c +++ b/src/libstrongswan/crypto/iv/iv_gen_null.c @@ -29,13 +29,13 @@ struct private_iv_gen_t { }; METHOD(iv_gen_t, get_iv, bool, - private_iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer) + private_iv_gen_t *this, uint64_t seq, size_t size, uint8_t *buffer) { return size == 0; } METHOD(iv_gen_t, allocate_iv, bool, - private_iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk) + private_iv_gen_t *this, uint64_t seq, size_t size, chunk_t *chunk) { *chunk = chunk_empty; return size == 0; diff --git a/src/libstrongswan/crypto/iv/iv_gen_rand.c b/src/libstrongswan/crypto/iv/iv_gen_rand.c index 2bed63fcc..1474b3a12 100644 --- a/src/libstrongswan/crypto/iv/iv_gen_rand.c +++ b/src/libstrongswan/crypto/iv/iv_gen_rand.c @@ -36,7 +36,7 @@ struct private_iv_gen_t { }; METHOD(iv_gen_t, get_iv, bool, - private_iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer) + private_iv_gen_t *this, uint64_t seq, size_t size, uint8_t *buffer) { if (!this->rng) { @@ -46,7 +46,7 @@ METHOD(iv_gen_t, get_iv, bool, } METHOD(iv_gen_t, allocate_iv, bool, - private_iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk) + private_iv_gen_t *this, uint64_t seq, size_t size, chunk_t *chunk) { if (!this->rng) { diff --git a/src/libstrongswan/crypto/iv/iv_gen_seq.c b/src/libstrongswan/crypto/iv/iv_gen_seq.c index 9f99c5192..56620291c 100644 --- a/src/libstrongswan/crypto/iv/iv_gen_seq.c +++ b/src/libstrongswan/crypto/iv/iv_gen_seq.c @@ -18,7 +18,7 @@ /** * Magic value for the initial IV state */ -#define SEQ_IV_INIT_STATE (~(u_int64_t)0) +#define SEQ_IV_INIT_STATE (~(uint64_t)0) #define SEQ_IV_HIGH_MASK (1ULL << 63) typedef struct private_iv_gen_t private_iv_gen_t; @@ -36,30 +36,30 @@ struct private_iv_gen_t { /** * Previously passed sequence number in lower space to enforce uniqueness */ - u_int64_t prevl; + uint64_t prevl; /** * Previously passed sequence number in upper space to enforce uniqueness */ - u_int64_t prevh; + uint64_t prevh; /** * Salt to mask counter */ - u_int8_t *salt; + uint8_t *salt; }; METHOD(iv_gen_t, get_iv, bool, - private_iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer) + private_iv_gen_t *this, uint64_t seq, size_t size, uint8_t *buffer) { - u_int8_t iv[sizeof(u_int64_t)]; + uint8_t iv[sizeof(uint64_t)]; size_t len = size; if (!this->salt) { return FALSE; } - if (size < sizeof(u_int64_t)) + if (size < sizeof(uint64_t)) { return FALSE; } @@ -83,19 +83,19 @@ METHOD(iv_gen_t, get_iv, bool, { this->prevl = seq; } - if (len > sizeof(u_int64_t)) + if (len > sizeof(uint64_t)) { - len = sizeof(u_int64_t); + len = sizeof(uint64_t); memset(buffer, 0, size - len); } htoun64(iv, seq); - memxor(iv, this->salt, sizeof(u_int64_t)); - memcpy(buffer + size - len, iv + sizeof(u_int64_t) - len, len); + memxor(iv, this->salt, sizeof(uint64_t)); + memcpy(buffer + size - len, iv + sizeof(uint64_t) - len, len); return TRUE; } METHOD(iv_gen_t, allocate_iv, bool, - private_iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk) + private_iv_gen_t *this, uint64_t seq, size_t size, chunk_t *chunk) { *chunk = chunk_alloc(size); if (!get_iv(this, seq, chunk->len, chunk->ptr)) @@ -131,8 +131,8 @@ iv_gen_t *iv_gen_seq_create() rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); if (rng) { - this->salt = malloc(sizeof(u_int64_t)); - if (!rng->get_bytes(rng, sizeof(u_int64_t), this->salt)) + this->salt = malloc(sizeof(uint64_t)); + if (!rng->get_bytes(rng, sizeof(uint64_t), this->salt)) { free(this->salt); this->salt = NULL; diff --git a/src/libstrongswan/crypto/mac.h b/src/libstrongswan/crypto/mac.h index f7b43ba39..f23c6750f 100644 --- a/src/libstrongswan/crypto/mac.h +++ b/src/libstrongswan/crypto/mac.h @@ -47,7 +47,7 @@ struct mac_t { * @return TRUE if mac generated successfully */ bool (*get_mac)(mac_t *this, chunk_t data, - u_int8_t *out) __attribute__((warn_unused_result)); + uint8_t *out) __attribute__((warn_unused_result)); /** * Get the size of the resulting MAC. diff --git a/src/libstrongswan/crypto/mgf1/mgf1.c b/src/libstrongswan/crypto/mgf1/mgf1.c index 4bbcd6e99..5116dfefa 100644 --- a/src/libstrongswan/crypto/mgf1/mgf1.c +++ b/src/libstrongswan/crypto/mgf1/mgf1.c @@ -39,7 +39,7 @@ struct private_mgf1_t { /** * Counter */ - u_int32_t counter; + uint32_t counter; /** * Set if counter has reached 2^32 diff --git a/src/libstrongswan/crypto/nonce_gen.h b/src/libstrongswan/crypto/nonce_gen.h index 7dae4f776..98d159e12 100644 --- a/src/libstrongswan/crypto/nonce_gen.h +++ b/src/libstrongswan/crypto/nonce_gen.h @@ -38,7 +38,7 @@ struct nonce_gen_t { * @return TRUE if nonce allocation was successful, FALSE otherwise */ bool (*get_nonce)(nonce_gen_t *this, size_t size, - u_int8_t *buffer) __attribute__((warn_unused_result)); + uint8_t *buffer) __attribute__((warn_unused_result)); /** * Generates a nonce and allocates space for it. diff --git a/src/libstrongswan/crypto/pkcs5.c b/src/libstrongswan/crypto/pkcs5.c index 478926f2f..8a1452425 100644 --- a/src/libstrongswan/crypto/pkcs5.c +++ b/src/libstrongswan/crypto/pkcs5.c @@ -41,7 +41,7 @@ struct private_pkcs5_t { /** * Iterations for key derivation */ - u_int64_t iterations; + uint64_t iterations; /** * Encryption algorithm @@ -110,7 +110,7 @@ struct private_pkcs5_t { */ static bool verify_padding(crypter_t *crypter, chunk_t *blob) { - u_int8_t padding, count; + uint8_t padding, count; padding = count = blob->ptr[blob->len - 1]; @@ -181,10 +181,10 @@ static bool pkcs12_kdf(private_pkcs5_t *this, chunk_t password, chunk_t keymat) * Function F of PBKDF2 */ static bool pbkdf2_f(chunk_t block, prf_t *prf, chunk_t seed, - u_int64_t iterations) + uint64_t iterations) { chunk_t u; - u_int64_t i; + uint64_t i; u = chunk_alloca(prf->get_block_size(prf)); if (!prf->get_bytes(prf, seed, u.ptr)) @@ -212,7 +212,7 @@ static bool pbkdf2(private_pkcs5_t *this, chunk_t password, chunk_t key) prf_t *prf; chunk_t keymat, block, seed; size_t blocks; - u_int32_t i = 0; + uint32_t i = 0; prf = this->data.pbes2.prf; @@ -247,7 +247,7 @@ static bool pbkdf1(private_pkcs5_t *this, chunk_t password, chunk_t key) { hasher_t *hasher; chunk_t hash; - u_int64_t i; + uint64_t i; hasher = this->data.pbes1.hasher; diff --git a/src/libstrongswan/crypto/prf_plus.c b/src/libstrongswan/crypto/prf_plus.c index 94be1d5bf..6b7f8f851 100644 --- a/src/libstrongswan/crypto/prf_plus.c +++ b/src/libstrongswan/crypto/prf_plus.c @@ -44,7 +44,7 @@ struct private_prf_plus_t { /** * Octet which will be appended to the seed, 0 if not used */ - u_int8_t counter; + uint8_t counter; /** * Already given out bytes in current buffer. @@ -58,7 +58,7 @@ struct private_prf_plus_t { }; METHOD(prf_plus_t, get_bytes, bool, - private_prf_plus_t *this, size_t length, u_int8_t *buffer) + private_prf_plus_t *this, size_t length, uint8_t *buffer) { size_t round, written = 0; diff --git a/src/libstrongswan/crypto/prf_plus.h b/src/libstrongswan/crypto/prf_plus.h index f994dce16..2c4b8852d 100644 --- a/src/libstrongswan/crypto/prf_plus.h +++ b/src/libstrongswan/crypto/prf_plus.h @@ -39,7 +39,7 @@ struct prf_plus_t { * @return TRUE if bytes generated successfully */ bool (*get_bytes)(prf_plus_t *this, size_t length, - u_int8_t *buffer) __attribute__((warn_unused_result)); + uint8_t *buffer) __attribute__((warn_unused_result)); /** * Allocate pseudo random bytes. diff --git a/src/libstrongswan/crypto/prfs/mac_prf.c b/src/libstrongswan/crypto/prfs/mac_prf.c index b5f6be982..3f8eb7e5c 100644 --- a/src/libstrongswan/crypto/prfs/mac_prf.c +++ b/src/libstrongswan/crypto/prfs/mac_prf.c @@ -36,7 +36,7 @@ struct private_prf_t { }; METHOD(prf_t, get_bytes, bool, - private_prf_t *this, chunk_t seed, u_int8_t *buffer) + private_prf_t *this, chunk_t seed, uint8_t *buffer) { return this->mac->get_mac(this->mac, seed, buffer); } diff --git a/src/libstrongswan/crypto/prfs/prf.h b/src/libstrongswan/crypto/prfs/prf.h index 46e23b244..bf443e5f4 100644 --- a/src/libstrongswan/crypto/prfs/prf.h +++ b/src/libstrongswan/crypto/prfs/prf.h @@ -80,7 +80,7 @@ struct prf_t { * @return TRUE if bytes generated successfully */ bool (*get_bytes)(prf_t *this, chunk_t seed, - u_int8_t *buffer) __attribute__((warn_unused_result)); + uint8_t *buffer) __attribute__((warn_unused_result)); /** * Generates pseudo random bytes and allocate space for them. diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c index bbb97d088..282d40e7b 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c @@ -134,7 +134,7 @@ METHOD(proposal_keywords_t, get_token, const proposal_token_t*, METHOD(proposal_keywords_t, register_token, void, private_proposal_keywords_t *this, const char *name, transform_type_t type, - u_int16_t algorithm, u_int16_t keysize) + uint16_t algorithm, uint16_t keysize) { proposal_token_t *token; diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.h b/src/libstrongswan/crypto/proposal/proposal_keywords.h index 5cdbafc51..856abdce6 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.h +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.h @@ -69,12 +69,12 @@ struct proposal_token_t { /** * The IKE id of the algorithm. */ - u_int16_t algorithm; + uint16_t algorithm; /** * The key size associated with the specific algorithm. */ - u_int16_t keysize; + uint16_t keysize; }; /** @@ -100,8 +100,8 @@ struct proposal_keywords_t { * @param keysize the key size associated with the specific algorithm */ void (*register_token)(proposal_keywords_t *this, const char *name, - transform_type_t type, u_int16_t algorithm, - u_int16_t keysize); + transform_type_t type, uint16_t algorithm, + uint16_t keysize); /** * Register an algorithm name parser. diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c index 51b9d782d..ba4c895d7 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c @@ -55,16 +55,16 @@ error "gperf generated tables don't work with this execution character set. Plea struct proposal_token { char *name; transform_type_t type; - u_int16_t algorithm; - u_int16_t keysize; + uint16_t algorithm; + uint16_t keysize; }; -#define TOTAL_KEYWORDS 139 +#define TOTAL_KEYWORDS 140 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 -#define MIN_HASH_VALUE 18 -#define MAX_HASH_VALUE 276 -/* maximum key range = 259, duplicates = 0 */ +#define MIN_HASH_VALUE 11 +#define MAX_HASH_VALUE 266 +/* maximum key range = 256, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -80,32 +80,32 @@ hash (str, len) { static const unsigned short asso_values[] = { - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 66, 6, - 18, 39, 81, 30, 9, 27, 3, 0, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 105, 277, 33, 0, 6, - 57, 60, 15, 96, 3, 0, 277, 277, 0, 0, - 0, 18, 126, 30, 111, 24, 36, 159, 277, 277, - 9, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277 + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 71, 4, + 20, 6, 48, 32, 10, 30, 5, 3, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 97, 267, 4, 8, 18, + 56, 107, 107, 78, 10, 4, 267, 267, 3, 5, + 7, 4, 30, 92, 104, 3, 32, 145, 267, 267, + 3, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267 }; register int hval = len; @@ -144,177 +144,177 @@ hash (str, len) static const struct proposal_token wordlist[] = { - {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0}, {"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0}, - {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0}, - {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0}, {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, - {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, + {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0}, + {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, + {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0}, + {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, + {"ntru128", DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0}, {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0}, {"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0}, - {"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, + {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0}, {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192}, - {"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, - {"aes192ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192}, + {"ntru192", DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0}, + {"ntru112", DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0}, + {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0}, + {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0}, + {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256}, + {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, + {"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, {"aes192ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192}, - {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, - {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, + {"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, {"aes128ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128}, - {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0}, + {"aes192ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192}, {"aes192ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192}, - {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0}, - {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0}, + {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, {"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128}, - {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256}, - {"ntru128", DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0}, - {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, - {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0}, + {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0}, + {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, + {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, + {"ntru256", DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0}, {"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192}, - {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, {"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, - {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, + {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, {"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256}, - {"ntru192", DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0}, - {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0}, + {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, + {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, {"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256}, - {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, - {"ntru112", DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0}, - {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192}, - {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, {"camellia192ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, - {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, - {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0}, - {"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192}, {"camellia192ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192}, - {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, - {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0}, - {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192}, - {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, + {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128}, + {"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192}, {"camellia192ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192}, + {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192}, {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, - {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, - {"ntru256", DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0}, - {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, - {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128}, - {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, - {"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, + {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, {"camellia192ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192}, - {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, - {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128}, + {"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, {"camellia128ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128}, - {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0}, + {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, + {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0}, + {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128}, {"camellia128ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128}, + {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0}, + {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256}, + {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, + {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0}, {"camellia256ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, - {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0}, - {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, {"camellia256ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256}, + {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0}, {"camellia128ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128}, + {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, {"camellia256ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256}, - {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0}, - {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, - {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, - {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, {"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, - {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, - {"aes192gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192}, {"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192}, - {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192}, - {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, + {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, {"aes128gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128}, - {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128}, + {"aes192gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192}, {"aes192gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192}, - {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0}, + {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, {"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128}, - {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192}, - {"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0}, {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, - {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128}, - {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, + {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, + {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, + {"modpnone", DIFFIE_HELLMAN_GROUP, MODP_NONE, 0}, + {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0}, + {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, + {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, {"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192}, - {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0}, - {"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, + {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0}, {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, - {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0}, - {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, + {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0}, + {"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, - {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256}, - {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, - {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, + {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, + {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, {"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, - {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, - {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0}, - {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, - {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, - {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, - {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0}, - {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0}, - {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, - {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0}, - {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192}, + {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192}, + {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0}, + {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128}, {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0}, + {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0}, {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, - {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192}, - {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0}, - {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0}, - {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0}, - {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, + {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192}, + {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, + {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128}, + {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0}, + {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192}, + {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0}, + {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0}, + {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, + {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, + {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256}, + {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0}, + {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, - {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, - {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, - {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0}, + {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, + {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, - {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, + {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, + {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192}, {"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0}, + {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0}, + {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, + {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256}, + {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, + {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0}, + {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, + {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, + {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, - {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, + {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, - {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256}, - {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256}, - {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, - {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, - {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0}, - {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192}, {"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0}, - {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, + {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, + {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192}, {"chacha20poly1305", ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256}, + {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0}, + {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256}, + {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, + {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0}, {"ecp224bp", DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0}, - {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, - {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0} + {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0}, + {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0}, + {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192}, + {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0}, + {"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0}, + {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0}, + {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0} }; static const short lookup[] = { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 0, -1, - -1, -1, 1, 2, -1, 3, -1, 4, -1, -1, - 5, -1, -1, 6, -1, 7, -1, 8, -1, -1, - 9, -1, 10, 11, 12, 13, 14, 15, 16, 17, - 18, 19, 20, 21, 22, 23, 24, 25, -1, 26, - -1, 27, 28, -1, -1, 29, 30, 31, -1, 32, - -1, 33, 34, 35, 36, -1, -1, 37, 38, -1, - 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, - 49, 50, 51, -1, 52, 53, 54, 55, 56, -1, - 57, 58, 59, -1, -1, -1, 60, 61, 62, 63, - -1, -1, 64, 65, -1, 66, -1, -1, 67, -1, - -1, -1, -1, 68, -1, 69, -1, 70, 71, -1, - 72, -1, -1, 73, 74, 75, 76, 77, 78, 79, - 80, -1, 81, 82, 83, 84, 85, 86, 87, 88, - 89, 90, 91, 92, -1, 93, 94, 95, 96, -1, - 97, 98, -1, 99, 100, 101, -1, 102, -1, -1, - 103, -1, -1, 104, 105, 106, 107, -1, 108, 109, - -1, 110, 111, -1, -1, 112, 113, -1, 114, -1, - -1, -1, -1, 115, -1, 116, 117, -1, 118, -1, - 119, 120, 121, 122, 123, -1, 124, 125, -1, 126, - -1, -1, 127, -1, 128, 129, -1, -1, 130, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 131, -1, 132, 133, -1, -1, 134, -1, -1, -1, - -1, 135, -1, -1, -1, -1, -1, -1, 136, -1, + -1, 0, -1, -1, 1, -1, -1, -1, -1, -1, + -1, -1, -1, 2, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 3, + 4, -1, 5, -1, 6, 7, -1, 8, 9, -1, + -1, -1, -1, -1, -1, 10, -1, 11, 12, 13, + 14, -1, -1, -1, 15, -1, 16, 17, -1, 18, + 19, 20, 21, 22, 23, 24, 25, 26, 27, -1, + -1, -1, 28, 29, 30, -1, 31, -1, 32, 33, + 34, -1, 35, 36, 37, 38, -1, 39, 40, 41, + 42, -1, 43, 44, -1, -1, -1, -1, -1, 45, + -1, 46, 47, 48, 49, 50, 51, 52, 53, 54, + 55, 56, -1, 57, 58, 59, 60, 61, 62, 63, + 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, + 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, + 84, -1, 85, 86, -1, 87, 88, 89, 90, 91, + 92, -1, 93, 94, 95, 96, 97, 98, 99, 100, + -1, -1, 101, 102, 103, -1, -1, 104, 105, 106, + 107, 108, 109, -1, -1, 110, -1, 111, 112, 113, + 114, -1, 115, 116, -1, 117, 118, 119, 120, 121, + -1, -1, -1, -1, 122, 123, 124, -1, 125, -1, + -1, -1, 126, 127, 128, -1, 129, 130, 131, -1, + -1, 132, 133, -1, -1, -1, 134, -1, 135, 136, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 137, -1, -1, -1, 138 + -1, 137, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 138, -1, -1, 139 }; #ifdef __GNUC__ diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt index da92409ca..87602430d 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt @@ -25,8 +25,8 @@ struct proposal_token { char *name; transform_type_t type; - u_int16_t algorithm; - u_int16_t keysize; + uint16_t algorithm; + uint16_t keysize; }; %% null, ENCRYPTION_ALGORITHM, ENCR_NULL, 0 @@ -141,6 +141,7 @@ prfmd5, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0 prfaesxcbc, PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0 prfcamelliaxcbc, PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0 prfaescmac, PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0 +modpnone, DIFFIE_HELLMAN_GROUP, MODP_NONE, 0 modpnull, DIFFIE_HELLMAN_GROUP, MODP_NULL, 0 modp768, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0 modp1024, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0 diff --git a/src/libstrongswan/crypto/rngs/rng.c b/src/libstrongswan/crypto/rngs/rng.c index f8fd50d3f..1f39dedb8 100644 --- a/src/libstrongswan/crypto/rngs/rng.c +++ b/src/libstrongswan/crypto/rngs/rng.c @@ -25,9 +25,9 @@ ENUM(rng_quality_names, RNG_WEAK, RNG_TRUE, /* * Described in header. */ -bool rng_get_bytes_not_zero(rng_t *rng, size_t len, u_int8_t *buffer, bool all) +bool rng_get_bytes_not_zero(rng_t *rng, size_t len, uint8_t *buffer, bool all) { - u_int8_t *pos = buffer, *check = buffer + (all ? len : min(1, len)); + uint8_t *pos = buffer, *check = buffer + (all ? len : min(1, len)); if (!rng->get_bytes(rng, len, pos)) { diff --git a/src/libstrongswan/crypto/rngs/rng.h b/src/libstrongswan/crypto/rngs/rng.h index aee829d71..0ca2cb114 100644 --- a/src/libstrongswan/crypto/rngs/rng.h +++ b/src/libstrongswan/crypto/rngs/rng.h @@ -57,7 +57,7 @@ struct rng_t { * @return TRUE if bytes successfully written */ bool (*get_bytes)(rng_t *this, size_t len, - u_int8_t *buffer) __attribute__((warn_unused_result)); + uint8_t *buffer) __attribute__((warn_unused_result)); /** * Generates random bytes and allocate space for them. @@ -85,7 +85,7 @@ struct rng_t { * @param all TRUE if all bytes have to be non-zero, FALSE for first * @return TRUE if bytes successfully written */ -bool rng_get_bytes_not_zero(rng_t *rng, size_t len, u_int8_t *buffer, +bool rng_get_bytes_not_zero(rng_t *rng, size_t len, uint8_t *buffer, bool all) __attribute__((warn_unused_result)); /** diff --git a/src/libstrongswan/crypto/signers/mac_signer.c b/src/libstrongswan/crypto/signers/mac_signer.c index 1094c4473..4426782b4 100644 --- a/src/libstrongswan/crypto/signers/mac_signer.c +++ b/src/libstrongswan/crypto/signers/mac_signer.c @@ -41,11 +41,11 @@ struct private_signer_t { }; METHOD(signer_t, get_signature, bool, - private_signer_t *this, chunk_t data, u_int8_t *buffer) + private_signer_t *this, chunk_t data, uint8_t *buffer) { if (buffer) { - u_int8_t mac[this->mac->get_mac_size(this->mac)]; + uint8_t mac[this->mac->get_mac_size(this->mac)]; if (!this->mac->get_mac(this->mac, data, mac)) { @@ -62,7 +62,7 @@ METHOD(signer_t, allocate_signature, bool, { if (chunk) { - u_int8_t mac[this->mac->get_mac_size(this->mac)]; + uint8_t mac[this->mac->get_mac_size(this->mac)]; if (!this->mac->get_mac(this->mac, data, mac)) { @@ -78,7 +78,7 @@ METHOD(signer_t, allocate_signature, bool, METHOD(signer_t, verify_signature, bool, private_signer_t *this, chunk_t data, chunk_t signature) { - u_int8_t mac[this->mac->get_mac_size(this->mac)]; + uint8_t mac[this->mac->get_mac_size(this->mac)]; if (signature.len != this->truncation) { diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h index e0cf7eb5a..01b702da1 100644 --- a/src/libstrongswan/crypto/signers/signer.h +++ b/src/libstrongswan/crypto/signers/signer.h @@ -96,7 +96,7 @@ struct signer_t { * @return TRUE if signature created successfully */ bool (*get_signature)(signer_t *this, chunk_t data, - u_int8_t *buffer) __attribute__((warn_unused_result)); + uint8_t *buffer) __attribute__((warn_unused_result)); /** * Generate a signature and allocate space for it. diff --git a/src/libstrongswan/eap/eap.h b/src/libstrongswan/eap/eap.h index 08d88ba88..2d4a238cd 100644 --- a/src/libstrongswan/eap/eap.h +++ b/src/libstrongswan/eap/eap.h @@ -99,18 +99,18 @@ struct eap_vendor_type_t { /** * Vendor Id */ - u_int32_t vendor; + uint32_t vendor; }; /** * EAP packet format */ typedef struct __attribute__((packed)) { - u_int8_t code; - u_int8_t identifier; - u_int16_t length; - u_int8_t type; - u_int8_t data; + uint8_t code; + uint8_t identifier; + uint16_t length; + uint8_t type; + uint8_t data; } eap_packet_t; /** diff --git a/src/libstrongswan/ipsec/ipsec_types.c b/src/libstrongswan/ipsec/ipsec_types.c index f2ee11ee8..a52a1eb51 100644 --- a/src/libstrongswan/ipsec/ipsec_types.c +++ b/src/libstrongswan/ipsec/ipsec_types.c @@ -37,6 +37,22 @@ ENUM(ipcomp_transform_names, IPCOMP_NONE, IPCOMP_LZJH, "IPCOMP_LZJH" ); +/* + * See header + */ +bool ipsec_sa_cfg_equals(ipsec_sa_cfg_t *a, ipsec_sa_cfg_t *b) +{ + return a->mode == b->mode && + a->reqid == b->reqid && + a->policy_count == b->policy_count && + a->esp.use == b->esp.use && + a->esp.spi == b->esp.spi && + a->ah.use == b->ah.use && + a->ah.spi == b->ah.spi && + a->ipcomp.transform == b->ipcomp.transform && + a->ipcomp.cpi == b->ipcomp.cpi; +} + /* * See header */ diff --git a/src/libstrongswan/ipsec/ipsec_types.h b/src/libstrongswan/ipsec/ipsec_types.h index fa122af30..c93d95562 100644 --- a/src/libstrongswan/ipsec/ipsec_types.h +++ b/src/libstrongswan/ipsec/ipsec_types.h @@ -123,25 +123,34 @@ struct ipsec_sa_cfg_t { /** mode of SA (tunnel, transport) */ ipsec_mode_t mode; /** unique ID */ - u_int32_t reqid; + uint32_t reqid; /** number of policies of the same kind (in/out/fwd) attached to SA */ - u_int32_t policy_count; + uint32_t policy_count; /** details about ESP/AH */ struct { /** TRUE if this protocol is used */ bool use; /** SPI for ESP/AH */ - u_int32_t spi; + uint32_t spi; } esp, ah; /** details about IPComp */ struct { /** the IPComp transform used */ - u_int16_t transform; + uint16_t transform; /** CPI for IPComp */ - u_int16_t cpi; + uint16_t cpi; } ipcomp; }; +/** + * Compare two ipsec_sa_cfg_t objects for equality. + * + * @param a first object + * @param b second object + * @return TRUE if both objects are equal + */ +bool ipsec_sa_cfg_equals(ipsec_sa_cfg_t *a, ipsec_sa_cfg_t *b); + /** * A lifetime_cfg_t defines the lifetime limits of an SA. * @@ -150,11 +159,11 @@ struct ipsec_sa_cfg_t { struct lifetime_cfg_t { struct { /** Limit before the SA gets invalid. */ - u_int64_t life; + uint64_t life; /** Limit before the SA gets rekeyed. */ - u_int64_t rekey; + uint64_t rekey; /** The range of a random value subtracted from rekey. */ - u_int64_t jitter; + uint64_t jitter; } time, bytes, packets; }; @@ -163,9 +172,9 @@ struct lifetime_cfg_t { */ struct mark_t { /** Mark value */ - u_int32_t value; + uint32_t value; /** Mark mask */ - u_int32_t mask; + uint32_t mask; }; /** diff --git a/src/libstrongswan/networking/host.c b/src/libstrongswan/networking/host.c index 2e464b0ad..b71d2da16 100644 --- a/src/libstrongswan/networking/host.c +++ b/src/libstrongswan/networking/host.c @@ -79,7 +79,7 @@ METHOD(host_t, get_sockaddr_len, socklen_t*, METHOD(host_t, is_anyaddr, bool, private_host_t *this) { - static const u_int8_t zeroes[IPV6_LEN]; + static const uint8_t zeroes[IPV6_LEN]; switch (this->address.sa_family) { @@ -119,7 +119,7 @@ int host_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec, else { void *address; - u_int16_t port; + uint16_t port; int len; address = &this->address6.sin6_addr; @@ -191,7 +191,7 @@ METHOD(host_t, get_family, int, return this->address.sa_family; } -METHOD(host_t, get_port, u_int16_t, +METHOD(host_t, get_port, uint16_t, private_host_t *this) { switch (this->address.sa_family) @@ -212,7 +212,7 @@ METHOD(host_t, get_port, u_int16_t, } METHOD(host_t, set_port, void, - private_host_t *this, u_int16_t port) + private_host_t *this, uint16_t port) { switch (this->address.sa_family) { @@ -334,7 +334,7 @@ static private_host_t *host_create_empty(void) /* * Create a %any host with port */ -static host_t *host_create_any_port(int family, u_int16_t port) +static host_t *host_create_any_port(int family, uint16_t port) { host_t *this; @@ -347,7 +347,7 @@ static host_t *host_create_any_port(int family, u_int16_t port) * Described in header. */ host_t *host_create_from_string_and_family(char *string, int family, - u_int16_t port) + uint16_t port) { union { struct sockaddr_in v4; @@ -415,7 +415,7 @@ host_t *host_create_from_string_and_family(char *string, int family, /* * Described in header. */ -host_t *host_create_from_string(char *string, u_int16_t port) +host_t *host_create_from_string(char *string, uint16_t port) { return host_create_from_string_and_family(string, AF_UNSPEC, port); } @@ -455,7 +455,7 @@ host_t *host_create_from_sockaddr(sockaddr_t *sockaddr) /* * Described in header. */ -host_t *host_create_from_dns(char *string, int af, u_int16_t port) +host_t *host_create_from_dns(char *string, int af, uint16_t port) { host_t *this; @@ -474,7 +474,7 @@ host_t *host_create_from_dns(char *string, int af, u_int16_t port) /* * Described in header. */ -host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port) +host_t *host_create_from_chunk(int family, chunk_t address, uint16_t port) { private_host_t *this; @@ -646,7 +646,7 @@ host_t *host_create_netmask(int family, int netbits) if (bytes < len) { memset(target + bytes, 0x00, len - bytes); - target[bytes] = (u_int8_t)(0xff << bits); + target[bytes] = (uint8_t)(0xff << bits); } return &this->public; } diff --git a/src/libstrongswan/networking/host.h b/src/libstrongswan/networking/host.h index db6f4dd49..a777f9f97 100644 --- a/src/libstrongswan/networking/host.h +++ b/src/libstrongswan/networking/host.h @@ -99,14 +99,14 @@ struct host_t { * * @return port number */ - u_int16_t (*get_port) (host_t *this); + uint16_t (*get_port) (host_t *this); /** * Set the port of this host * * @param port port number */ - void (*set_port) (host_t *this, u_int16_t port); + void (*set_port) (host_t *this, uint16_t port); /** * Compare the ips of two hosts hosts. @@ -137,7 +137,7 @@ struct host_t { * @param port port number * @return host_t, NULL if string not an address. */ -host_t *host_create_from_string(char *string, u_int16_t port); +host_t *host_create_from_string(char *string, uint16_t port); /** * Same as host_create_from_string(), but with the option to enforce a family. @@ -148,7 +148,7 @@ host_t *host_create_from_string(char *string, u_int16_t port); * @return host_t, NULL if string not an address. */ host_t *host_create_from_string_and_family(char *string, int family, - u_int16_t port); + uint16_t port); /** * Constructor to create a host_t from a DNS name. @@ -158,7 +158,7 @@ host_t *host_create_from_string_and_family(char *string, int family, * @param port port number * @return host_t, NULL lookup failed */ -host_t *host_create_from_dns(char *string, int family, u_int16_t port); +host_t *host_create_from_dns(char *string, int family, uint16_t port); /** * Constructor to create a host_t object from an address chunk. @@ -170,7 +170,7 @@ host_t *host_create_from_dns(char *string, int family, u_int16_t port); * @param port port number * @return host_t, NULL if family not supported/chunk invalid */ -host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port); +host_t *host_create_from_chunk(int family, chunk_t address, uint16_t port); /** * Constructor to create a host_t object from a sockaddr struct diff --git a/src/libstrongswan/networking/packet.c b/src/libstrongswan/networking/packet.c index 4ff7fc48b..f76a85a4b 100644 --- a/src/libstrongswan/networking/packet.c +++ b/src/libstrongswan/networking/packet.c @@ -42,7 +42,7 @@ struct private_packet_t { /** * DSCP value on packet */ - u_int8_t dscp; + uint8_t dscp; /** * message data @@ -94,13 +94,13 @@ METHOD(packet_t, set_data, void, this->adjusted_data = this->data = data; } -METHOD(packet_t, get_dscp, u_int8_t, +METHOD(packet_t, get_dscp, uint8_t, private_packet_t *this) { return this->dscp; } METHOD(packet_t, set_dscp, void, - private_packet_t *this, u_int8_t value) + private_packet_t *this, uint8_t value) { this->dscp = value; } diff --git a/src/libstrongswan/networking/packet.h b/src/libstrongswan/networking/packet.h index 1492dd0b9..8699d4abe 100644 --- a/src/libstrongswan/networking/packet.h +++ b/src/libstrongswan/networking/packet.h @@ -85,14 +85,14 @@ struct packet_t { * * @return DSCP value */ - u_int8_t (*get_dscp)(packet_t *this); + uint8_t (*get_dscp)(packet_t *this); /** * Set the DiffServ Code Point to use on this packet. * * @param value DSCP value */ - void (*set_dscp)(packet_t *this, u_int8_t value); + void (*set_dscp)(packet_t *this, uint8_t value); /** * Increase the offset where the actual packet data starts. diff --git a/src/libstrongswan/networking/tun_device.c b/src/libstrongswan/networking/tun_device.c index 81d215677..de925553f 100644 --- a/src/libstrongswan/networking/tun_device.c +++ b/src/libstrongswan/networking/tun_device.c @@ -96,7 +96,7 @@ struct private_tun_device_t { /** * Netmask for address */ - u_int8_t netmask; + uint8_t netmask; }; /** @@ -105,7 +105,7 @@ struct private_tun_device_t { #if __FreeBSD__ >= 10 static bool set_address_and_mask(struct in_aliasreq *ifra, host_t *addr, - u_int8_t netmask) + uint8_t netmask) { host_t *mask; @@ -132,7 +132,7 @@ static bool set_address_and_mask(struct in_aliasreq *ifra, host_t *addr, * on FreeBSD 10 an newer. */ static bool set_address_impl(private_tun_device_t *this, host_t *addr, - u_int8_t netmask) + uint8_t netmask) { struct in_aliasreq ifra; @@ -171,7 +171,7 @@ static bool set_address_impl(private_tun_device_t *this, host_t *addr, * Set the address using the classic SIOCSIFADDR etc. commands on other systems. */ static bool set_address_impl(private_tun_device_t *this, host_t *addr, - u_int8_t netmask) + uint8_t netmask) { struct ifreq ifr; host_t *mask; @@ -218,7 +218,7 @@ static bool set_address_impl(private_tun_device_t *this, host_t *addr, #endif /* __FreeBSD__ */ METHOD(tun_device_t, set_address, bool, - private_tun_device_t *this, host_t *addr, u_int8_t netmask) + private_tun_device_t *this, host_t *addr, uint8_t netmask) { if (!set_address_impl(this, addr, netmask)) { @@ -231,7 +231,7 @@ METHOD(tun_device_t, set_address, bool, } METHOD(tun_device_t, get_address, host_t*, - private_tun_device_t *this, u_int8_t *netmask) + private_tun_device_t *this, uint8_t *netmask) { if (netmask && this->address) { @@ -326,7 +326,7 @@ METHOD(tun_device_t, write_packet, bool, #ifdef __APPLE__ /* UTUN's expect the packets to be prepended by a 32-bit protocol number * instead of parsing the packet again, we assume IPv4 for now */ - u_int32_t proto = htonl(AF_INET); + uint32_t proto = htonl(AF_INET); packet = chunk_cata("cc", chunk_from_thing(proto), packet); #endif s = write(this->tunfd, packet.ptr, packet.len); @@ -364,7 +364,7 @@ METHOD(tun_device_t, read_packet, bool, data.len = len; #ifdef __APPLE__ /* UTUN's prepend packets with a 32-bit protocol number */ - data = chunk_skip(data, sizeof(u_int32_t)); + data = chunk_skip(data, sizeof(uint32_t)); #endif *packet = chunk_clone(data); return TRUE; diff --git a/src/libstrongswan/networking/tun_device.h b/src/libstrongswan/networking/tun_device.h index 880369ba7..4f9eacb07 100644 --- a/src/libstrongswan/networking/tun_device.h +++ b/src/libstrongswan/networking/tun_device.h @@ -60,7 +60,7 @@ struct tun_device_t { * @param netmask the netmask to use * @return TRUE if operation successful */ - bool (*set_address)(tun_device_t *this, host_t *addr, u_int8_t netmask); + bool (*set_address)(tun_device_t *this, host_t *addr, uint8_t netmask); /** * Get the IP address previously assigned to using set_address(). @@ -68,7 +68,7 @@ struct tun_device_t { * @param netmask pointer receiving the configured netmask, or NULL * @return address previously set, NULL if none */ - host_t* (*get_address)(tun_device_t *this, u_int8_t *netmask); + host_t* (*get_address)(tun_device_t *this, uint8_t *netmask); /** * Bring the TUN device up diff --git a/src/libstrongswan/pen/pen.h b/src/libstrongswan/pen/pen.h index 2c5592330..50e63f7be 100644 --- a/src/libstrongswan/pen/pen.h +++ b/src/libstrongswan/pen/pen.h @@ -59,7 +59,7 @@ enum pen_t { */ struct pen_type_t { pen_t vendor_id; - u_int32_t type; + uint32_t type; }; /** @@ -69,7 +69,7 @@ struct pen_type_t { * @param type type to create a pen_type_t * @return created pen_type_t */ -static inline pen_type_t pen_type_create(pen_t vendor_id, u_int32_t type) +static inline pen_type_t pen_type_create(pen_t vendor_id, uint32_t type) { pen_type_t pen_type = { vendor_id, type }; return pen_type; @@ -96,7 +96,7 @@ static inline bool pen_type_equals(pen_type_t a, pen_type_t b) * @return TRUE if vendor_id and type matches pen_type */ static inline bool pen_type_is(pen_type_t pen_type, - pen_t vendor_id, u_int32_t type) + pen_t vendor_id, uint32_t type) { return pen_type.vendor_id == vendor_id && pen_type.type == type; } diff --git a/src/libstrongswan/plugins/acert/Makefile.in b/src/libstrongswan/plugins/acert/Makefile.in index 034ab48e0..a1ee0f83e 100644 --- a/src/libstrongswan/plugins/acert/Makefile.in +++ b/src/libstrongswan/plugins/acert/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/acert -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/acert/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/acert/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -772,6 +785,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in index 6ad68a55a..02cd0f832 100644 --- a/src/libstrongswan/plugins/aes/Makefile.in +++ b/src/libstrongswan/plugins/aes/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/aes -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/aes/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/aes/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/aes/aes_crypter.c b/src/libstrongswan/plugins/aes/aes_crypter.c index f9775c8b8..8829ba162 100644 --- a/src/libstrongswan/plugins/aes/aes_crypter.c +++ b/src/libstrongswan/plugins/aes/aes_crypter.c @@ -49,27 +49,27 @@ struct private_aes_crypter_t { /** * Number of words in the key input block. */ - u_int32_t aes_Nkey; + uint32_t aes_Nkey; /** * The number of cipher rounds. */ - u_int32_t aes_Nrnd; + uint32_t aes_Nrnd; /** * The encryption key schedule. */ - u_int32_t aes_e_key[AES_KS_LENGTH]; + uint32_t aes_e_key[AES_KS_LENGTH]; /** * The decryption key schedule. */ - u_int32_t aes_d_key[AES_KS_LENGTH]; + uint32_t aes_d_key[AES_KS_LENGTH]; /** * Key size of this AES cypher object. */ - u_int32_t key_size; + uint32_t key_size; }; /** @@ -88,7 +88,7 @@ struct private_aes_crypter_t { */ #define bval(x,n) ((unsigned char)((x) >> 8 * (n))) #define bytes2word(b0, b1, b2, b3) \ - ((u_int32_t)(b3) << 24 | (u_int32_t)(b2) << 16 | (u_int32_t)(b1) << 8 | (b0)) + ((uint32_t)(b3) << 24 | (uint32_t)(b2) << 16 | (uint32_t)(b1) << 8 | (b0)) /* little endian processor without data alignment restrictions: AES_LE_OK */ @@ -105,15 +105,15 @@ struct private_aes_crypter_t { #ifdef AES_LE_OK /* little endian processor without data alignment restrictions */ -#define word_in(x) *(u_int32_t*)(x) -#define const_word_in(x) *(const u_int32_t*)(x) -#define word_out(x,v) *(u_int32_t*)(x) = (v) -#define const_word_out(x,v) *(const u_int32_t*)(x) = (v) +#define word_in(x) *(uint32_t*)(x) +#define const_word_in(x) *(const uint32_t*)(x) +#define word_out(x,v) *(uint32_t*)(x) = (v) +#define const_word_out(x,v) *(const uint32_t*)(x) = (v) #else /* slower but generic big endian or with data alignment restrictions */ /* some additional "const" touches to stop "gcc -Wcast-qual" complains --jjo */ -#define word_in(x) ((u_int32_t)(((unsigned char *)(x))[0])|((u_int32_t)(((unsigned char *)(x))[1])<<8)|((u_int32_t)(((unsigned char *)(x))[2])<<16)|((u_int32_t)(((unsigned char *)(x))[3])<<24)) -#define const_word_in(x) ((const u_int32_t)(((const unsigned char *)(x))[0])|((const u_int32_t)(((const unsigned char *)(x))[1])<<8)|((const u_int32_t)(((const unsigned char *)(x))[2])<<16)|((const u_int32_t)(((const unsigned char *)(x))[3])<<24)) +#define word_in(x) ((uint32_t)(((unsigned char *)(x))[0])|((uint32_t)(((unsigned char *)(x))[1])<<8)|((uint32_t)(((unsigned char *)(x))[2])<<16)|((uint32_t)(((unsigned char *)(x))[3])<<24)) +#define const_word_in(x) ((const uint32_t)(((const unsigned char *)(x))[0])|((const uint32_t)(((const unsigned char *)(x))[1])<<8)|((const uint32_t)(((const unsigned char *)(x))[2])<<16)|((const uint32_t)(((const unsigned char *)(x))[3])<<24)) #define word_out(x,v) ((unsigned char *)(x))[0]=(v),((unsigned char *)(x))[1]=((v)>>8),((unsigned char *)(x))[2]=((v)>>16),((unsigned char *)(x))[3]=((v)>>24) #define const_word_out(x,v) ((const unsigned char *)(x))[0]=(v),((const unsigned char *)(x))[1]=((v)>>8),((const unsigned char *)(x))[2]=((v)>>16),((const unsigned char *)(x))[3]=((v)>>24) #endif @@ -156,7 +156,7 @@ struct private_aes_crypter_t { // this table can be a table of bytes if the key schedule // code is adjusted accordingly -static const u_int32_t rcon_tab[29] = +static const uint32_t rcon_tab[29] = { w0(01), w0(02), w0(04), w0(08), w0(10), w0(20), w0(40), w0(80), @@ -320,7 +320,7 @@ static const u_int32_t rcon_tab[29] = #undef r #define r r0 -static const u_int32_t ft_tab[4][256] = +static const uint32_t ft_tab[4][256] = { { f_table }, #undef r #define r r1 @@ -335,7 +335,7 @@ static const u_int32_t ft_tab[4][256] = #undef r #define r r0 -static const u_int32_t it_tab[4][256] = +static const uint32_t it_tab[4][256] = { { i_table }, #undef r #define r r1 @@ -386,7 +386,7 @@ static const u_int32_t it_tab[4][256] = #undef r #define r(p,q,r,s) w0(q) -static const u_int32_t fl_tab[4][256] = +static const uint32_t fl_tab[4][256] = { { f_table }, #undef r #define r(p,q,r,s) w1(q) @@ -401,7 +401,7 @@ static const u_int32_t fl_tab[4][256] = #undef w #define w w0 -static const u_int32_t il_tab[4][256] = +static const uint32_t il_tab[4][256] = { { li_table }, #undef w #define w w1 @@ -483,7 +483,7 @@ static const u_int32_t il_tab[4][256] = #undef r #define r r0 -static const u_int32_t im_tab[4][256] = +static const uint32_t im_tab[4][256] = { { m_table }, #undef r #define r r1 @@ -717,8 +717,8 @@ static const u_int32_t im_tab[4][256] = static void encrypt_block(const private_aes_crypter_t *this, const unsigned char in_blk[], unsigned char out_blk[]) { - u_int32_t locals(b0, b1); - const u_int32_t *kp = this->aes_e_key; + uint32_t locals(b0, b1); + const uint32_t *kp = this->aes_e_key; state_in(b0, in_blk, kp); kp += nc; @@ -754,8 +754,8 @@ static void encrypt_block(const private_aes_crypter_t *this, static void decrypt_block(const private_aes_crypter_t *this, const unsigned char in_blk[], unsigned char out_blk[]) { - u_int32_t locals(b0, b1); - const u_int32_t *kp = this->aes_d_key; + uint32_t locals(b0, b1); + const uint32_t *kp = this->aes_d_key; state_in(b0, in_blk, kp); kp += nc; @@ -789,8 +789,8 @@ METHOD(crypter_t, decrypt, bool, private_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted) { int pos; - const u_int32_t *iv_i; - u_int8_t *in, *out; + const uint32_t *iv_i; + uint8_t *in, *out; if (decrypted) { @@ -811,16 +811,16 @@ METHOD(crypter_t, decrypt, bool, decrypt_block(this, in, out); if (pos==0) { - iv_i=(const u_int32_t*) (iv.ptr); + iv_i=(const uint32_t*) (iv.ptr); } else { - iv_i=(const u_int32_t*) (in-16); + iv_i=(const uint32_t*) (in-16); } - *((u_int32_t *)(&out[ 0])) ^= iv_i[0]; - *((u_int32_t *)(&out[ 4])) ^= iv_i[1]; - *((u_int32_t *)(&out[ 8])) ^= iv_i[2]; - *((u_int32_t *)(&out[12])) ^= iv_i[3]; + *((uint32_t *)(&out[ 0])) ^= iv_i[0]; + *((uint32_t *)(&out[ 4])) ^= iv_i[1]; + *((uint32_t *)(&out[ 8])) ^= iv_i[2]; + *((uint32_t *)(&out[12])) ^= iv_i[3]; in-=16; out-=16; pos-=16; @@ -832,8 +832,8 @@ METHOD(crypter_t, encrypt, bool, private_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { int pos; - const u_int32_t *iv_i; - u_int8_t *in, *out; + const uint32_t *iv_i; + uint8_t *in, *out; in = data.ptr; out = data.ptr; @@ -848,16 +848,16 @@ METHOD(crypter_t, encrypt, bool, { if (pos==0) { - iv_i=(const u_int32_t*) iv.ptr; + iv_i=(const uint32_t*) iv.ptr; } else { - iv_i=(const u_int32_t*) (out-16); + iv_i=(const uint32_t*) (out-16); } - *((u_int32_t *)(&out[ 0])) = iv_i[0]^*((const u_int32_t *)(&in[ 0])); - *((u_int32_t *)(&out[ 4])) = iv_i[1]^*((const u_int32_t *)(&in[ 4])); - *((u_int32_t *)(&out[ 8])) = iv_i[2]^*((const u_int32_t *)(&in[ 8])); - *((u_int32_t *)(&out[12])) = iv_i[3]^*((const u_int32_t *)(&in[12])); + *((uint32_t *)(&out[ 0])) = iv_i[0]^*((const uint32_t *)(&in[ 0])); + *((uint32_t *)(&out[ 4])) = iv_i[1]^*((const uint32_t *)(&in[ 4])); + *((uint32_t *)(&out[ 8])) = iv_i[2]^*((const uint32_t *)(&in[ 8])); + *((uint32_t *)(&out[12])) = iv_i[3]^*((const uint32_t *)(&in[12])); encrypt_block(this, out, out); in+=16; out+=16; @@ -887,8 +887,8 @@ METHOD(crypter_t, get_key_size, size_t, METHOD(crypter_t, set_key, bool, private_aes_crypter_t *this, chunk_t key) { - u_int32_t *kf, *kt, rci, f = 0; - u_int8_t *in_key = key.ptr; + uint32_t *kf, *kt, rci, f = 0; + uint8_t *in_key = key.ptr; this->aes_Nrnd = (this->aes_Nkey > (nc) ? this->aes_Nkey : (nc)) + 6; @@ -948,7 +948,7 @@ METHOD(crypter_t, set_key, bool, if(!f) { - u_int32_t i; + uint32_t i; kt = this->aes_d_key + nc * this->aes_Nrnd; kf = this->aes_e_key; diff --git a/src/libstrongswan/plugins/aesni/Makefile.in b/src/libstrongswan/plugins/aesni/Makefile.in index 7f91e439c..576b6dafc 100644 --- a/src/libstrongswan/plugins/aesni/Makefile.in +++ b/src/libstrongswan/plugins/aesni/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/aesni -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -469,7 +483,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/aesni/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/aesni/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -789,6 +802,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/aesni/aesni_ccm.c b/src/libstrongswan/plugins/aesni/aesni_ccm.c index d523bc17a..12074860e 100644 --- a/src/libstrongswan/plugins/aesni/aesni_ccm.c +++ b/src/libstrongswan/plugins/aesni/aesni_ccm.c @@ -83,7 +83,7 @@ struct private_aesni_ccm_t { * First block with control information */ typedef struct __attribute__((packed)) { - BITFIELD4(u_int8_t, + BITFIELD4(uint8_t, /* size of p length field q, as q-1 */ q_len: 3, /* size of our ICV t, as (t-2)/2 */ @@ -105,7 +105,7 @@ typedef struct __attribute__((packed)) { * Counter block */ typedef struct __attribute__((packed)) { - BITFIELD3(u_int8_t, + BITFIELD3(uint8_t, /* size of p length field q, as q-1 */ q_len: 3, zero: 3, @@ -140,7 +140,7 @@ static void build_b0(private_aesni_ccm_t *this, size_t len, size_t alen, /** * Build a counter block for counter i */ -static void build_ctr(private_aesni_ccm_t *this, u_int32_t i, u_char *iv, +static void build_ctr(private_aesni_ccm_t *this, uint32_t i, u_char *iv, void *out) { ctr_t *ctr = out; @@ -157,7 +157,7 @@ static void build_ctr(private_aesni_ccm_t *this, u_int32_t i, u_char *iv, * Calculate the ICV for the b0 and associated data */ static __m128i icv_header(private_aesni_ccm_t *this, size_t len, u_char *iv, - u_int16_t alen, u_char *assoc) + uint16_t alen, u_char *assoc) { __m128i *ks, b, t, c; u_int i, round, blocks, rem; diff --git a/src/libstrongswan/plugins/aesni/aesni_cmac.c b/src/libstrongswan/plugins/aesni/aesni_cmac.c index d6a87e6d7..07580c822 100644 --- a/src/libstrongswan/plugins/aesni/aesni_cmac.c +++ b/src/libstrongswan/plugins/aesni/aesni_cmac.c @@ -65,7 +65,7 @@ struct private_mac_t { }; METHOD(mac_t, get_mac, bool, - private_mac_t *this, chunk_t data, u_int8_t *out) + private_mac_t *this, chunk_t data, uint8_t *out) { __m128i *ks, t, l, *bi; u_int blocks, rem, i; diff --git a/src/libstrongswan/plugins/aesni/aesni_ctr.c b/src/libstrongswan/plugins/aesni/aesni_ctr.c index 989813814..d9a555a85 100644 --- a/src/libstrongswan/plugins/aesni/aesni_ctr.c +++ b/src/libstrongswan/plugins/aesni/aesni_ctr.c @@ -61,7 +61,7 @@ struct private_aesni_ctr_t { struct { char nonce[4]; char iv[8]; - u_int32_t counter; + uint32_t counter; } __attribute__((packed, aligned(sizeof(__m128i)))) state; }; diff --git a/src/libstrongswan/plugins/aesni/aesni_gcm.c b/src/libstrongswan/plugins/aesni/aesni_gcm.c index 53c0b144e..330dc6cd3 100644 --- a/src/libstrongswan/plugins/aesni/aesni_gcm.c +++ b/src/libstrongswan/plugins/aesni/aesni_gcm.c @@ -316,7 +316,7 @@ static __m128i icv_tailer(private_aesni_gcm_t *this, __m128i y, __m128i b; htoun64(&b, alen * 8); - htoun64((u_char*)&b + sizeof(u_int64_t), dlen * 8); + htoun64((u_char*)&b + sizeof(uint64_t), dlen * 8); return ghash(this->h, y, b); } diff --git a/src/libstrongswan/plugins/aesni/aesni_xcbc.c b/src/libstrongswan/plugins/aesni/aesni_xcbc.c index 24a75cec0..974c5fedc 100644 --- a/src/libstrongswan/plugins/aesni/aesni_xcbc.c +++ b/src/libstrongswan/plugins/aesni/aesni_xcbc.c @@ -70,7 +70,7 @@ struct private_aesni_mac_t { }; METHOD(mac_t, get_mac, bool, - private_aesni_mac_t *this, chunk_t data, u_int8_t *out) + private_aesni_mac_t *this, chunk_t data, uint8_t *out) { __m128i *ks, e, *bi; u_int blocks, rem, i; diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in index 7aaea450c..1f092287b 100644 --- a/src/libstrongswan/plugins/af_alg/Makefile.in +++ b/src/libstrongswan/plugins/af_alg/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/af_alg -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -466,7 +480,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/af_alg/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/af_alg/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -784,6 +797,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/af_alg/af_alg_hasher.c b/src/libstrongswan/plugins/af_alg/af_alg_hasher.c index 611975533..62fea51cc 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_hasher.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_hasher.c @@ -107,7 +107,7 @@ METHOD(hasher_t, reset, bool, } METHOD(hasher_t, get_hash, bool, - private_af_alg_hasher_t *this, chunk_t chunk, u_int8_t *hash) + private_af_alg_hasher_t *this, chunk_t chunk, uint8_t *hash) { return this->ops->hash(this->ops, chunk, hash, this->size); } diff --git a/src/libstrongswan/plugins/af_alg/af_alg_ops.c b/src/libstrongswan/plugins/af_alg/af_alg_ops.c index 331d1e801..7e129300f 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_ops.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_ops.c @@ -108,7 +108,7 @@ METHOD(af_alg_ops_t, hash, bool, } METHOD(af_alg_ops_t, crypt, bool, - private_af_alg_ops_t *this, u_int32_t type, chunk_t iv, chunk_t data, + private_af_alg_ops_t *this, uint32_t type, chunk_t iv, chunk_t data, char *out) { struct msghdr msg = {}; diff --git a/src/libstrongswan/plugins/af_alg/af_alg_ops.h b/src/libstrongswan/plugins/af_alg/af_alg_ops.h index e34f22977..51342d71c 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_ops.h +++ b/src/libstrongswan/plugins/af_alg/af_alg_ops.h @@ -64,7 +64,7 @@ struct af_alg_ops_t { * @param out buffer write processed data to * @return TRUE if successful */ - bool (*crypt)(af_alg_ops_t *this, u_int32_t type, chunk_t iv, chunk_t data, + bool (*crypt)(af_alg_ops_t *this, uint32_t type, chunk_t iv, chunk_t data, char *out); /** diff --git a/src/libstrongswan/plugins/af_alg/af_alg_plugin.c b/src/libstrongswan/plugins/af_alg/af_alg_plugin.c index 445667507..571882cec 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_plugin.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_plugin.c @@ -22,6 +22,8 @@ #include "af_alg_prf.h" #include "af_alg_crypter.h" +#include + typedef struct private_af_alg_plugin_t private_af_alg_plugin_t; /** @@ -41,6 +43,19 @@ METHOD(plugin_t, get_name, char*, return "af-alg"; } +static bool af_alg_supported() +{ + int fd; + + fd = socket(AF_ALG, SOCK_SEQPACKET, 0); + if (fd != -1) + { + close(fd); + return true; + } + return false; +} + METHOD(plugin_t, get_features, int, private_af_alg_plugin_t *this, plugin_feature_t *features[]) { @@ -50,6 +65,10 @@ METHOD(plugin_t, get_features, int, if (!count) { /* initialize only once */ + if (!af_alg_supported()) + { + return 0; + } f[count++] = PLUGIN_REGISTER(HASHER, af_alg_hasher_create); af_alg_hasher_probe(f, &count); f[count++] = PLUGIN_REGISTER(SIGNER, af_alg_signer_create); diff --git a/src/libstrongswan/plugins/af_alg/af_alg_prf.c b/src/libstrongswan/plugins/af_alg/af_alg_prf.c index 2b7d51376..8c3627a22 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_prf.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_prf.c @@ -106,7 +106,7 @@ static size_t lookup_alg(pseudo_random_function_t algo, char **name, bool *xcbc) } METHOD(prf_t, get_bytes, bool, - private_af_alg_prf_t *this, chunk_t seed, u_int8_t *buffer) + private_af_alg_prf_t *this, chunk_t seed, uint8_t *buffer) { return this->ops->hash(this->ops, seed, buffer, this->block_size); } diff --git a/src/libstrongswan/plugins/af_alg/af_alg_signer.c b/src/libstrongswan/plugins/af_alg/af_alg_signer.c index 1403144ab..e54b457e7 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_signer.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_signer.c @@ -109,7 +109,7 @@ static size_t lookup_alg(integrity_algorithm_t algo, char **name, } METHOD(signer_t, get_signature, bool, - private_af_alg_signer_t *this, chunk_t data, u_int8_t *buffer) + private_af_alg_signer_t *this, chunk_t data, uint8_t *buffer) { return this->ops->hash(this->ops, data, buffer, this->block_size); } diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in index cbdc8e84e..5e1b1f38a 100644 --- a/src/libstrongswan/plugins/agent/Makefile.in +++ b/src/libstrongswan/plugins/agent/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/agent -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/agent/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/agent/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c index c2e82a9f1..bb55c45c0 100644 --- a/src/libstrongswan/plugins/agent/agent_private_key.c +++ b/src/libstrongswan/plugins/agent/agent_private_key.c @@ -98,18 +98,18 @@ static u_char read_byte(chunk_t *blob) } /** - * read a u_int32_t from a blob + * read a uint32_t from a blob */ -static u_int32_t read_uint32(chunk_t *blob) +static uint32_t read_uint32(chunk_t *blob) { - u_int32_t val; + uint32_t val; - if (blob->len < sizeof(u_int32_t)) + if (blob->len < sizeof(uint32_t)) { return 0; } - val = ntohl(*(u_int32_t*)blob->ptr); - *blob = chunk_skip(*blob, sizeof(u_int32_t)); + val = ntohl(*(uint32_t*)blob->ptr); + *blob = chunk_skip(*blob, sizeof(uint32_t)); return val; } @@ -182,7 +182,7 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey) blob = chunk_create(buf, sizeof(buf)); blob.len = read(this->socket, blob.ptr, blob.len); - if (blob.len < sizeof(u_int32_t) + sizeof(u_char) || + if (blob.len < sizeof(uint32_t) + sizeof(u_char) || read_uint32(&blob) != blob.len || read_byte(&blob) != SSH_AGENT_ID_RESPONSE) { @@ -236,7 +236,7 @@ METHOD(private_key_t, sign, bool, private_agent_private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature) { - u_int32_t len, flags; + uint32_t len, flags; char buf[2048]; chunk_t blob; @@ -247,7 +247,7 @@ METHOD(private_key_t, sign, bool, return FALSE; } - len = htonl(1 + sizeof(u_int32_t) * 3 + this->key.len + data.len); + len = htonl(1 + sizeof(uint32_t) * 3 + this->key.len + data.len); buf[0] = SSH_AGENT_SIGN_REQUEST; if (write(this->socket, &len, sizeof(len)) != sizeof(len) || write(this->socket, &buf, 1) != 1) @@ -281,7 +281,7 @@ METHOD(private_key_t, sign, bool, blob = chunk_create(buf, sizeof(buf)); blob.len = read(this->socket, blob.ptr, blob.len); - if (blob.len < sizeof(u_int32_t) + sizeof(u_char) || + if (blob.len < sizeof(uint32_t) + sizeof(u_char) || read_uint32(&blob) != blob.len || read_byte(&blob) != SSH_AGENT_SIGN_RESPONSE) { diff --git a/src/libstrongswan/plugins/bliss/Makefile.in b/src/libstrongswan/plugins/bliss/Makefile.in index 8f91cdcbe..389e20ed4 100644 --- a/src/libstrongswan/plugins/bliss/Makefile.in +++ b/src/libstrongswan/plugins/bliss/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -82,8 +92,6 @@ host_triplet = @host@ @MONOLITHIC_TRUE@am__append_1 = libstrongswan-bliss.la noinst_PROGRAMS = bliss_huffman$(EXEEXT) subdir = src/libstrongswan/plugins/bliss -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -97,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -220,12 +229,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -275,6 +286,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -309,6 +321,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -420,6 +433,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -502,7 +516,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/bliss/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/bliss/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -850,6 +863,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES tags tags-am uninstall uninstall-am \ uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + recreate-bliss-huffman : bliss_huffman bliss_huffman_code.h $(AM_V_GEN) \ diff --git a/src/libstrongswan/plugins/bliss/tests/Makefile.in b/src/libstrongswan/plugins/bliss/tests/Makefile.in index 43e508ba0..85619c551 100644 --- a/src/libstrongswan/plugins/bliss/tests/Makefile.in +++ b/src/libstrongswan/plugins/bliss/tests/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ host_triplet = @host@ TESTS = bliss_tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = src/libstrongswan/plugins/bliss/tests -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__tty_colors = { \ std=''; \ fi; \ } +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -471,7 +485,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/bliss/tests/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/bliss/tests/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -981,6 +994,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in index a6c3287f4..d54331163 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.in +++ b/src/libstrongswan/plugins/blowfish/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/blowfish -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/blowfish/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/blowfish/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c index 253f9b4a4..1708e078d 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c +++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c @@ -84,14 +84,14 @@ struct private_blowfish_crypter_t { /** * Key size of this Blowfish cipher object. */ - u_int32_t key_size; + uint32_t key_size; }; METHOD(crypter_t, decrypt, bool, private_blowfish_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted) { - u_int8_t *in, *out; + uint8_t *in, *out; if (decrypted) { @@ -116,7 +116,7 @@ METHOD(crypter_t, encrypt, bool, private_blowfish_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { - u_int8_t *in, *out; + uint8_t *in, *out; if (encrypted) { diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in index 3d56b9802..d93b0479c 100644 --- a/src/libstrongswan/plugins/ccm/Makefile.in +++ b/src/libstrongswan/plugins/ccm/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/ccm -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ccm/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/ccm/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -771,6 +784,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/ccm/ccm_aead.c b/src/libstrongswan/plugins/ccm/ccm_aead.c index 676d67681..9cf9bedf5 100644 --- a/src/libstrongswan/plugins/ccm/ccm_aead.c +++ b/src/libstrongswan/plugins/ccm/ccm_aead.c @@ -60,7 +60,7 @@ struct private_ccm_aead_t { * First block with control information */ typedef struct __attribute__((packed)) { - BITFIELD4(u_int8_t, + BITFIELD4(uint8_t, /* size of p length field q, as q-1 */ q_len: 3, /* size of our ICV t, as (t-2)/2 */ @@ -82,7 +82,7 @@ typedef struct __attribute__((packed)) { * Counter block */ typedef struct __attribute__((packed)) { - BITFIELD3(u_int8_t, + BITFIELD3(uint8_t, /* size of p length field q, as q-1 */ q_len: 3, zero: 3, @@ -117,7 +117,7 @@ static void build_b0(private_ccm_aead_t *this, chunk_t plain, chunk_t assoc, /** * Build a counter block for counter i */ -static void build_ctr(private_ccm_aead_t *this, u_int32_t i, chunk_t iv, +static void build_ctr(private_ccm_aead_t *this, uint32_t i, chunk_t iv, char *out) { ctr_t *ctr = (ctr_t*)out; diff --git a/src/libstrongswan/plugins/chapoly/Makefile.in b/src/libstrongswan/plugins/chapoly/Makefile.in index b3506587d..d5b77a990 100644 --- a/src/libstrongswan/plugins/chapoly/Makefile.in +++ b/src/libstrongswan/plugins/chapoly/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ @MONOLITHIC_TRUE@am__append_1 = libstrongswan-chapoly.la subdir = src/libstrongswan/plugins/chapoly -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -215,12 +224,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -270,6 +281,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -304,6 +316,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -415,6 +428,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -479,7 +493,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/chapoly/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/chapoly/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -806,6 +819,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/chapoly/chapoly_aead.c b/src/libstrongswan/plugins/chapoly/chapoly_aead.c index 50ad84b21..39d51e9f8 100644 --- a/src/libstrongswan/plugins/chapoly/chapoly_aead.c +++ b/src/libstrongswan/plugins/chapoly/chapoly_aead.c @@ -84,8 +84,8 @@ static bool poly_head(private_chapoly_aead_t *this, u_char *assoc, size_t len) static bool poly_tail(private_chapoly_aead_t *this, size_t alen, size_t clen) { struct { - u_int64_t alen; - u_int64_t clen; + uint64_t alen; + uint64_t clen; } b; b.alen = htole64(alen); @@ -190,7 +190,7 @@ METHOD(aead_t, encrypt, bool, { u_char *out; - if (sizeof(plain.len) > sizeof(u_int32_t) && plain.len > P_MAX) + if (sizeof(plain.len) > sizeof(uint32_t) && plain.len > P_MAX) { return FALSE; } @@ -220,7 +220,7 @@ METHOD(aead_t, decrypt, bool, return FALSE; } encr.len -= POLY_ICV_SIZE; - if (sizeof(encr.len) > sizeof(u_int32_t) && encr.len > P_MAX) + if (sizeof(encr.len) > sizeof(uint32_t) && encr.len > P_MAX) { return FALSE; } diff --git a/src/libstrongswan/plugins/chapoly/chapoly_drv_portable.c b/src/libstrongswan/plugins/chapoly/chapoly_drv_portable.c index dfed4d53d..59962b819 100644 --- a/src/libstrongswan/plugins/chapoly/chapoly_drv_portable.c +++ b/src/libstrongswan/plugins/chapoly/chapoly_drv_portable.c @@ -39,30 +39,30 @@ struct private_chapoly_drv_portable_t { /** * ChaCha20 state matrix */ - u_int32_t m[16]; + uint32_t m[16]; /** * Poly1305 update key */ - u_int32_t r[5]; + uint32_t r[5]; /** * Poly1305 state */ - u_int32_t h[5]; + uint32_t h[5]; /** * Poly1305 finalize key */ - u_int32_t s[4]; + uint32_t s[4]; }; /** * XOR a 32-bit integer into an unaligned destination */ -static inline void xor32u(void *p, u_int32_t x) +static inline void xor32u(void *p, uint32_t x) { - u_int32_t y; + uint32_t y; memcpy(&y, p, sizeof(y)); y ^= x; @@ -72,7 +72,7 @@ static inline void xor32u(void *p, u_int32_t x) /** * Multiply two 64-bit words */ -static inline u_int64_t mlt(u_int64_t a, u_int64_t b) +static inline uint64_t mlt(uint64_t a, uint64_t b) { return a * b; } @@ -80,7 +80,7 @@ static inline u_int64_t mlt(u_int64_t a, u_int64_t b) /** * Shift a 64-bit unsigned integer v right by n bits, clamp to 32 bit */ -static inline u_int32_t sr(u_int64_t v, u_char n) +static inline uint32_t sr(uint64_t v, u_char n) { return v >> n; } @@ -88,13 +88,13 @@ static inline u_int32_t sr(u_int64_t v, u_char n) /** * Circular left shift by n bits */ -static inline u_int32_t rotl32(u_int32_t v, u_char n) +static inline uint32_t rotl32(uint32_t v, u_char n) { return (v << n) | (v >> (sizeof(v) * 8 - n)); } /** - * AND two values, using a native integer size >= sizeof(u_int32_t) + * AND two values, using a native integer size >= sizeof(uint32_t) */ static inline u_long and(u_long v, u_long mask) { @@ -106,8 +106,8 @@ static inline u_long and(u_long v, u_long mask) */ static void chacha_block_xor(private_chapoly_drv_portable_t *this, void *data) { - u_int32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, xa, xb, xc, xd, xe, xf; - u_int32_t *out = data; + uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, xa, xb, xc, xd, xe, xf; + uint32_t *out = data; u_int i; x0 = this->m[ 0]; @@ -246,10 +246,10 @@ METHOD(chapoly_drv_t, init, bool, METHOD(chapoly_drv_t, poly, bool, private_chapoly_drv_portable_t *this, u_char *data, u_int blocks) { - u_int32_t r0, r1, r2, r3, r4; - u_int32_t s1, s2, s3, s4; - u_int32_t h0, h1, h2, h3, h4; - u_int64_t d0, d1, d2, d3, d4; + uint32_t r0, r1, r2, r3, r4; + uint32_t s1, s2, s3, s4; + uint32_t h0, h1, h2, h3, h4; + uint64_t d0, d1, d2, d3, d4; u_int i; r0 = this->r[0]; @@ -345,10 +345,10 @@ METHOD(chapoly_drv_t, decrypt, bool, METHOD(chapoly_drv_t, finish, bool, private_chapoly_drv_portable_t *this, u_char *mac) { - u_int32_t h0, h1, h2, h3, h4; - u_int32_t g0, g1, g2, g3, g4; - u_int32_t mask; - u_int64_t f = 0; + uint32_t h0, h1, h2, h3, h4; + uint32_t g0, g1, g2, g3, g4; + uint32_t mask; + uint64_t f = 0; /* fully carry h */ h0 = this->h[0]; @@ -371,7 +371,7 @@ METHOD(chapoly_drv_t, finish, bool, g4 = h4 + (g3 >> 26) - (1 << 26); g3 &= 0x3ffffff; /* select h if h < p, or h + -p if h >= p */ - mask = (g4 >> ((sizeof(u_int32_t) * 8) - 1)) - 1; + mask = (g4 >> ((sizeof(uint32_t) * 8) - 1)) - 1; g0 &= mask; g1 &= mask; g2 &= mask; diff --git a/src/libstrongswan/plugins/chapoly/chapoly_drv_ssse3.c b/src/libstrongswan/plugins/chapoly/chapoly_drv_ssse3.c index df88e7d77..3981ed522 100644 --- a/src/libstrongswan/plugins/chapoly/chapoly_drv_ssse3.c +++ b/src/libstrongswan/plugins/chapoly/chapoly_drv_ssse3.c @@ -45,30 +45,30 @@ struct private_chapoly_drv_ssse3_t { /** * Poly1305 update key */ - u_int32_t r[5]; + uint32_t r[5]; /** * Poly1305 update key r^2 */ - u_int32_t u[5]; + uint32_t u[5]; /** * Poly1305 state */ - u_int32_t h[5]; + uint32_t h[5]; /** * Poly1305 finalize key */ - u_int32_t s[4]; + uint32_t s[4]; }; /** * Read a 32-bit integer from an unaligned address */ -static inline u_int32_t ru32(void *p) +static inline uint32_t ru32(void *p) { - u_int32_t ret; + uint32_t ret; memcpy(&ret, p, sizeof(ret)); return ret; @@ -77,7 +77,7 @@ static inline u_int32_t ru32(void *p) /** * Write a 32-bit word to an unaligned address */ -static inline void wu32(void *p, u_int32_t v) +static inline void wu32(void *p, uint32_t v) { memcpy(p, &v, sizeof(v)); } @@ -85,13 +85,13 @@ static inline void wu32(void *p, u_int32_t v) /** * Shift a 64-bit unsigned integer v right by n bits, clamp to 32 bit */ -static inline u_int32_t sr(u_int64_t v, u_char n) +static inline uint32_t sr(uint64_t v, u_char n) { return v >> n; } /** - * AND two values, using a native integer size >= sizeof(u_int32_t) + * AND two values, using a native integer size >= sizeof(uint32_t) */ static inline u_long and(u_long v, u_long mask) { @@ -189,7 +189,7 @@ static void chacha_4block_xor(private_chapoly_drv_ssse3_t *this, void *data) { __m128i x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, xa, xb, xc, xd, xe, xf; __m128i r8, r16, ctrinc, t, *out = data; - u_int32_t *m = (u_int32_t*)this->m; + uint32_t *m = (uint32_t*)this->m; u_int i; r8 = _mm_set_epi8(14, 13, 12, 15, 10, 9, 8, 11, 6, 5, 4, 7, 2, 1, 0, 3); @@ -364,7 +364,7 @@ METHOD(chapoly_drv_t, set_key, bool, /** * r[127:64] = h[95:64] * a, r[63:0] = h[31:0] * b */ -static inline __m128i mul2(__m128i h, u_int32_t a, u_int32_t b) +static inline __m128i mul2(__m128i h, uint32_t a, uint32_t b) { return _mm_mul_epu32(h, _mm_set_epi32(0, a, 0, b)); } @@ -374,7 +374,7 @@ static inline __m128i mul2(__m128i h, u_int32_t a, u_int32_t b) * z = x[127:64] + x[63:0] + y[127:64] + y[63:0] */ static inline void sum2(__m128i a, __m128i b, __m128i x, __m128i y, - u_int64_t *c, u_int64_t *z) + uint64_t *c, uint64_t *z) { __m128i r, s; @@ -392,10 +392,10 @@ static inline void sum2(__m128i a, __m128i b, __m128i x, __m128i y, * r = a[127:64] + b[127:64] + c[127:64] + d[127:64] + e[127:64] * + a[63:0] + b[63:0] + c[63:0] + d[63:0] + e[63:0] */ -static inline u_int64_t sum5(__m128i a, __m128i b, __m128i c, +static inline uint64_t sum5(__m128i a, __m128i b, __m128i c, __m128i d, __m128i e) { - u_int64_t r; + uint64_t r; a = _mm_add_epi64(a, b); c = _mm_add_epi64(c, d); @@ -414,10 +414,10 @@ static inline u_int64_t sum5(__m128i a, __m128i b, __m128i c, static void make_u(private_chapoly_drv_ssse3_t *this) { __m128i r01, r23, r44, x0, x1, y0, y1, z0; - u_int32_t r0, r1, r2, r3, r4; - u_int32_t u0, u1, u2, u3, u4; - u_int32_t s1, s2, s3, s4; - u_int64_t d0, d1, d2, d3, d4; + uint32_t r0, r1, r2, r3, r4; + uint32_t u0, u1, u2, u3, u4; + uint32_t s1, s2, s3, s4; + uint64_t d0, d1, d2, d3, d4; r0 = this->r[0]; r1 = this->r[1]; @@ -513,12 +513,12 @@ METHOD(chapoly_drv_t, init, bool, */ static void poly2(private_chapoly_drv_ssse3_t *this, u_char *data, u_int dblks) { - u_int32_t r0, r1, r2, r3, r4, u0, u1, u2, u3, u4; - u_int32_t s1, s2, s3, s4, v1, v2, v3, v4; + uint32_t r0, r1, r2, r3, r4, u0, u1, u2, u3, u4; + uint32_t s1, s2, s3, s4, v1, v2, v3, v4; __m128i hc0, hc1, hc2, hc3, hc4; - u_int32_t h0, h1, h2, h3, h4; - u_int32_t c0, c1, c2, c3, c4; - u_int64_t d0, d1, d2, d3, d4; + uint32_t h0, h1, h2, h3, h4; + uint32_t c0, c1, c2, c3, c4; + uint64_t d0, d1, d2, d3, d4; u_int i; r0 = this->r[0]; @@ -622,13 +622,13 @@ static void poly2(private_chapoly_drv_ssse3_t *this, u_char *data, u_int dblks) */ static void poly1(private_chapoly_drv_ssse3_t *this, u_char *data) { - u_int32_t r0, r1, r2, r3, r4; - u_int32_t s1, s2, s3, s4; - u_int32_t h0, h1, h2, h3, h4; - u_int64_t d0, d1, d2, d3, d4; + uint32_t r0, r1, r2, r3, r4; + uint32_t s1, s2, s3, s4; + uint32_t h0, h1, h2, h3, h4; + uint64_t d0, d1, d2, d3, d4; __m128i h01, h23, h44; __m128i x0, x1, y0, y1, z0; - u_int32_t t0, t1; + uint32_t t0, t1; r0 = this->r[0]; r1 = this->r[1]; @@ -764,10 +764,10 @@ METHOD(chapoly_drv_t, decrypt, bool, METHOD(chapoly_drv_t, finish, bool, private_chapoly_drv_ssse3_t *this, u_char *mac) { - u_int32_t h0, h1, h2, h3, h4; - u_int32_t g0, g1, g2, g3, g4; - u_int32_t mask; - u_int64_t f = 0; + uint32_t h0, h1, h2, h3, h4; + uint32_t g0, g1, g2, g3, g4; + uint32_t mask; + uint64_t f = 0; /* fully carry h */ h0 = this->h[0]; @@ -790,7 +790,7 @@ METHOD(chapoly_drv_t, finish, bool, g4 = h4 + (g3 >> 26) - (1 << 26); g3 &= 0x3ffffff; /* select h if h < p, or h + -p if h >= p */ - mask = (g4 >> ((sizeof(u_int32_t) * 8) - 1)) - 1; + mask = (g4 >> ((sizeof(uint32_t) * 8) - 1)) - 1; g0 &= mask; g1 &= mask; g2 &= mask; diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in index 2ffaa0662..2703dc4cc 100644 --- a/src/libstrongswan/plugins/cmac/Makefile.in +++ b/src/libstrongswan/plugins/cmac/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/cmac -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/cmac/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/cmac/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/cmac/cmac.c b/src/libstrongswan/plugins/cmac/cmac.c index 4f222ff4e..22f077f58 100644 --- a/src/libstrongswan/plugins/cmac/cmac.c +++ b/src/libstrongswan/plugins/cmac/cmac.c @@ -39,7 +39,7 @@ struct private_mac_t { /** * Block size, in bytes */ - u_int8_t b; + uint8_t b; /** * Crypter with key K @@ -49,22 +49,22 @@ struct private_mac_t { /** * K1 */ - u_int8_t *k1; + uint8_t *k1; /** * K2 */ - u_int8_t *k2; + uint8_t *k2; /** * T */ - u_int8_t *t; + uint8_t *t; /** * remaining, unprocessed bytes in append mode */ - u_int8_t *remaining; + uint8_t *remaining; /** * number of bytes in remaining @@ -127,7 +127,7 @@ static bool update(private_mac_t *this, chunk_t data) /** * process last block M_last */ -static bool final(private_mac_t *this, u_int8_t *out) +static bool final(private_mac_t *this, uint8_t *out) { chunk_t iv; @@ -179,7 +179,7 @@ static bool final(private_mac_t *this, u_int8_t *out) } METHOD(mac_t, get_mac, bool, - private_mac_t *this, chunk_t data, u_int8_t *out) + private_mac_t *this, chunk_t data, uint8_t *out) { /* update T, do not process last block */ if (!update(this, data)) @@ -316,7 +316,7 @@ mac_t *cmac_create(encryption_algorithm_t algo, size_t key_size) { private_mac_t *this; crypter_t *crypter; - u_int8_t b; + uint8_t b; crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size); if (!crypter) diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in index f263f7764..90fd6bd6b 100644 --- a/src/libstrongswan/plugins/constraints/Makefile.in +++ b/src/libstrongswan/plugins/constraints/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/constraints -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/constraints/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/constraints/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in index 9558f878e..94a7f112c 100644 --- a/src/libstrongswan/plugins/ctr/Makefile.in +++ b/src/libstrongswan/plugins/ctr/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/ctr -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ctr/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/ctr/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -771,6 +784,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c index 59d201a6f..854030b8c 100644 --- a/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c +++ b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c @@ -38,7 +38,7 @@ struct private_ctr_ipsec_crypter_t { struct { char nonce[4]; char iv[8]; - u_int32_t counter; + uint32_t counter; } __attribute__((packed)) state; }; diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in index 8fc366cca..5092c542c 100644 --- a/src/libstrongswan/plugins/curl/Makefile.in +++ b/src/libstrongswan/plugins/curl/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/curl -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/curl/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/curl/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -771,6 +784,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c index 89296677e..42ae9cdd2 100644 --- a/src/libstrongswan/plugins/curl/curl_plugin.c +++ b/src/libstrongswan/plugins/curl/curl_plugin.c @@ -60,7 +60,7 @@ static void add_feature_with_ssl(private_curl_plugin_t *this, const char *ssl, char *proto, plugin_feature_t f) { /* http://curl.haxx.se/libcurl/c/libcurl-tutorial.html#Multi-threading */ - if (strpfx(ssl, "OpenSSL")) + if (strpfx(ssl, "OpenSSL") || strpfx(ssl, "LibreSSL")) { add_feature(this, f); add_feature(this, PLUGIN_DEPENDS(CUSTOM, "openssl-threading")); @@ -70,7 +70,8 @@ static void add_feature_with_ssl(private_curl_plugin_t *this, const char *ssl, add_feature(this, f); add_feature(this, PLUGIN_DEPENDS(CUSTOM, "gcrypt-threading")); } - else if (strpfx(ssl, "NSS")) + else if (strpfx(ssl, "NSS") || + strpfx(ssl, "BoringSSL")) { add_feature(this, f); } diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in index 6a09d63c9..c2e49b66f 100644 --- a/src/libstrongswan/plugins/des/Makefile.in +++ b/src/libstrongswan/plugins/des/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/des -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/des/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/des/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/des/des_crypter.c b/src/libstrongswan/plugins/des/des_crypter.c index 6010f9d8b..d236bd429 100644 --- a/src/libstrongswan/plugins/des/des_crypter.c +++ b/src/libstrongswan/plugins/des/des_crypter.c @@ -96,7 +96,7 @@ struct private_des_crypter_t { #define DES_ENCRYPT 1 #define DES_DECRYPT 0 -#define DES_LONG u_int32_t +#define DES_LONG uint32_t #if defined(WIN32) || defined(WIN16) #ifndef MSDOS @@ -1420,7 +1420,7 @@ METHOD(crypter_t, decrypt, bool, private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted) { des_cblock ivb; - u_int8_t *out; + uint8_t *out; out = data.ptr; if (decrypted) @@ -1439,7 +1439,7 @@ METHOD(crypter_t, encrypt, bool, private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { des_cblock ivb; - u_int8_t *out; + uint8_t *out; out = data.ptr; if (encrypted) @@ -1456,7 +1456,7 @@ METHOD(crypter_t, encrypt, bool, METHOD(crypter_t, decrypt_ecb, bool, private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted) { - u_int8_t *out; + uint8_t *out; out = data.ptr; if (decrypted) @@ -1472,7 +1472,7 @@ METHOD(crypter_t, decrypt_ecb, bool, METHOD(crypter_t, encrypt_ecb, bool, private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { - u_int8_t *out; + uint8_t *out; out = data.ptr; if (encrypted) @@ -1489,7 +1489,7 @@ METHOD(crypter_t, decrypt3, bool, private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted) { des_cblock ivb; - u_int8_t *out; + uint8_t *out; out = data.ptr; if (decrypted) @@ -1508,7 +1508,7 @@ METHOD(crypter_t, encrypt3, bool, private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { des_cblock ivb; - u_int8_t *out; + uint8_t *out; out = data.ptr; if (encrypted) diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in index 55ebb3419..1481f8dd8 100644 --- a/src/libstrongswan/plugins/dnskey/Makefile.in +++ b/src/libstrongswan/plugins/dnskey/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/dnskey -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/dnskey/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/dnskey/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/dnskey/dnskey_builder.c b/src/libstrongswan/plugins/dnskey/dnskey_builder.c index 71040437d..fd2471a48 100644 --- a/src/libstrongswan/plugins/dnskey/dnskey_builder.c +++ b/src/libstrongswan/plugins/dnskey/dnskey_builder.c @@ -26,10 +26,10 @@ typedef enum dnskey_algorithm_t dnskey_algorithm_t; * Header of a DNSKEY resource record */ struct dnskey_rr_t { - u_int16_t flags; - u_int8_t protocol; - u_int8_t algorithm; - u_int8_t data[]; + uint16_t flags; + uint8_t protocol; + uint8_t algorithm; + uint8_t data[]; } __attribute__((__packed__)); /** diff --git a/src/libstrongswan/plugins/files/Makefile.in b/src/libstrongswan/plugins/files/Makefile.in index 6c2e792f5..7623a9507 100644 --- a/src/libstrongswan/plugins/files/Makefile.in +++ b/src/libstrongswan/plugins/files/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/files -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/files/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/files/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -771,6 +784,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in index 252035ca8..7c2ae7ce5 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.in +++ b/src/libstrongswan/plugins/fips_prf/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/fips_prf -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/fips_prf/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/fips_prf/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -772,6 +785,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c index 92977909e..47676b32f 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c @@ -31,7 +31,7 @@ struct private_fips_prf_t { /** * key of prf function, "b" long */ - u_int8_t *key; + uint8_t *key; /** * size of "b" in bytes @@ -46,19 +46,19 @@ struct private_fips_prf_t { /** * G function, either SHA1 or DES */ - bool (*g)(private_fips_prf_t *this, chunk_t c, u_int8_t res[]); + bool (*g)(private_fips_prf_t *this, chunk_t c, uint8_t res[]); }; /** * sum = (a + b) mod 2 ^ (length * 8) */ -static void add_mod(size_t length, u_int8_t a[], u_int8_t b[], u_int8_t sum[]) +static void add_mod(size_t length, uint8_t a[], uint8_t b[], uint8_t sum[]) { int i, c = 0; for(i = length - 1; i >= 0; i--) { - u_int32_t tmp; + uint32_t tmp; tmp = a[i] + b[i] + c; sum[i] = 0xff & tmp; @@ -69,7 +69,7 @@ static void add_mod(size_t length, u_int8_t a[], u_int8_t b[], u_int8_t sum[]) /** * calculate "chunk mod 2^(length*8)" and save it into buffer */ -static void chunk_mod(size_t length, chunk_t chunk, u_int8_t buffer[]) +static void chunk_mod(size_t length, chunk_t chunk, uint8_t buffer[]) { if (chunk.len < length) { @@ -105,14 +105,14 @@ static void chunk_mod(size_t length, chunk_t chunk, u_int8_t buffer[]) * 0x8e, 0x20, 0xd7, 0x37, 0xa3, 0x27, 0x51, 0x16 */ METHOD(prf_t, get_bytes, bool, - private_fips_prf_t *this, chunk_t seed, u_int8_t w[]) + private_fips_prf_t *this, chunk_t seed, uint8_t w[]) { int i; - u_int8_t xval[this->b]; - u_int8_t xseed[this->b]; - u_int8_t sum[this->b]; - u_int8_t *xkey = this->key; - u_int8_t one[this->b]; + uint8_t xval[this->b]; + uint8_t xseed[this->b]; + uint8_t sum[this->b]; + uint8_t *xkey = this->key; + uint8_t one[this->b]; if (!w) { @@ -175,9 +175,9 @@ METHOD(prf_t, set_key, bool, /** * Implementation of the G() function based on SHA1 */ -static bool g_sha1(private_fips_prf_t *this, chunk_t c, u_int8_t res[]) +static bool g_sha1(private_fips_prf_t *this, chunk_t c, uint8_t res[]) { - u_int8_t buf[64]; + uint8_t buf[64]; if (c.len < sizeof(buf)) { diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in index f9c4a6950..eb4a0aef0 100644 --- a/src/libstrongswan/plugins/gcm/Makefile.in +++ b/src/libstrongswan/plugins/gcm/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/gcm -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcm/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcm/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -771,6 +784,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/gcm/gcm_aead.c b/src/libstrongswan/plugins/gcm/gcm_aead.c index 6e1694a34..e9a072461 100644 --- a/src/libstrongswan/plugins/gcm/gcm_aead.c +++ b/src/libstrongswan/plugins/gcm/gcm_aead.c @@ -67,11 +67,11 @@ struct private_gcm_aead_t { #if ULONG_MAX == 18446744073709551615UL && defined(htobe64) # define htobeword htobe64 # define bewordtoh be64toh -# define SHIFT_WORD_TYPE u_int64_t +# define SHIFT_WORD_TYPE uint64_t #else # define htobeword htonl # define bewordtoh ntohl -# define SHIFT_WORD_TYPE u_int32_t +# define SHIFT_WORD_TYPE uint32_t #endif /** diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in index 774c447f6..727cc2497 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.in +++ b/src/libstrongswan/plugins/gcrypt/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/gcrypt -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -467,7 +481,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcrypt/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcrypt/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -786,6 +799,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c index a737cb13d..80a8dc90d 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c @@ -52,7 +52,7 @@ struct private_gcrypt_crypter_t { struct { char nonce[4]; char iv[8]; - u_int32_t counter; + uint32_t counter; } __attribute__((packed)) ctr; }; diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c index af7993101..199c1d6c9 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c @@ -51,7 +51,7 @@ METHOD(hasher_t, reset, bool, } METHOD(hasher_t, get_hash, bool, - private_gcrypt_hasher_t *this, chunk_t chunk, u_int8_t *hash) + private_gcrypt_hasher_t *this, chunk_t chunk, uint8_t *hash) { gcry_md_write(this->hd, chunk.ptr, chunk.len); if (hash) diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c index dc34a8d66..bf11758b1 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c @@ -36,7 +36,7 @@ struct private_gcrypt_rng_t { }; METHOD(rng_t, get_bytes, bool, - private_gcrypt_rng_t *this, size_t bytes, u_int8_t *buffer) + private_gcrypt_rng_t *this, size_t bytes, uint8_t *buffer) { switch (this->quality) { diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in index 9a2d30192..32d5bebf0 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.in +++ b/src/libstrongswan/plugins/gmp/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/gmp -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gmp/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/gmp/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c index 052b10741..e5d418ea4 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c @@ -142,7 +142,7 @@ chunk_t gmp_mpz_to_chunk(const mpz_t value) static void mpz_clear_sensitive(mpz_t z) { size_t len = mpz_size(z) * GMP_LIMB_BITS / BITS_PER_BYTE; - u_int8_t *zeros = alloca(len); + uint8_t *zeros = alloca(len); memset(zeros, 0, len); /* overwrite mpz_t with zero bytes before clearing it */ diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in index 46fac4a8c..6d8a845c0 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.in +++ b/src/libstrongswan/plugins/hmac/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/hmac -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/hmac/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/hmac/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/hmac/hmac.c b/src/libstrongswan/plugins/hmac/hmac.c index 96a14aed9..c777b47cd 100644 --- a/src/libstrongswan/plugins/hmac/hmac.c +++ b/src/libstrongswan/plugins/hmac/hmac.c @@ -38,7 +38,7 @@ struct private_mac_t { /** * Block size, as in RFC. */ - u_int8_t b; + uint8_t b; /** * Hash function. @@ -57,7 +57,7 @@ struct private_mac_t { }; METHOD(mac_t, get_mac, bool, - private_mac_t *this, chunk_t data, u_int8_t *out) + private_mac_t *this, chunk_t data, uint8_t *out) { /* H(K XOR opad, H(K XOR ipad, text)) * @@ -66,7 +66,7 @@ METHOD(mac_t, get_mac, bool, * */ - u_int8_t buffer[this->h->get_hash_size(this->h)]; + uint8_t buffer[this->h->get_hash_size(this->h)]; chunk_t inner; if (out == NULL) @@ -96,7 +96,7 @@ METHOD(mac_t, set_key, bool, private_mac_t *this, chunk_t key) { int i; - u_int8_t buffer[this->b]; + uint8_t buffer[this->b]; memset(buffer, 0, this->b); diff --git a/src/libstrongswan/plugins/keychain/Makefile.in b/src/libstrongswan/plugins/keychain/Makefile.in index eb0bdf387..e290c807d 100644 --- a/src/libstrongswan/plugins/keychain/Makefile.in +++ b/src/libstrongswan/plugins/keychain/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/keychain -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/keychain/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/keychain/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -772,6 +785,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in index 0a03fd819..429cd9e8e 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.in +++ b/src/libstrongswan/plugins/ldap/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/ldap -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ldap/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/ldap/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -771,6 +784,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in index 4dbdbe020..669856c59 100644 --- a/src/libstrongswan/plugins/md4/Makefile.in +++ b/src/libstrongswan/plugins/md4/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/md4 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/md4/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/md4/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/md4/md4_hasher.c b/src/libstrongswan/plugins/md4/md4_hasher.c index 06c9ec2f8..ada6c05da 100644 --- a/src/libstrongswan/plugins/md4/md4_hasher.c +++ b/src/libstrongswan/plugins/md4/md4_hasher.c @@ -39,7 +39,7 @@ #define S33 11 #define S34 15 -static u_int8_t PADDING[64] = { +static uint8_t PADDING[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 @@ -65,11 +65,11 @@ static u_int8_t PADDING[64] = { (a) = ROTATE_LEFT ((a), (s)); \ } #define GG(a, b, c, d, x, s) { \ - (a) += G ((b), (c), (d)) + (x) + (u_int32_t)0x5a827999; \ + (a) += G ((b), (c), (d)) + (x) + (uint32_t)0x5a827999; \ (a) = ROTATE_LEFT ((a), (s)); \ } #define HH(a, b, c, d, x, s) { \ - (a) += H ((b), (c), (d)) + (x) + (u_int32_t)0x6ed9eba1; \ + (a) += H ((b), (c), (d)) + (x) + (uint32_t)0x6ed9eba1; \ (a) = ROTATE_LEFT ((a), (s)); \ } @@ -87,40 +87,40 @@ struct private_md4_hasher_t { /* * State of the hasher. */ - u_int32_t state[4]; - u_int32_t count[2]; - u_int8_t buffer[64]; + uint32_t state[4]; + uint32_t count[2]; + uint8_t buffer[64]; }; #if BYTE_ORDER != LITTLE_ENDIAN -/* Encodes input (u_int32_t) into output (u_int8_t). Assumes len is +/* Encodes input (uint32_t) into output (uint8_t). Assumes len is * a multiple of 4. */ -static void Encode (u_int8_t *output, u_int32_t *input, size_t len) +static void Encode (uint8_t *output, uint32_t *input, size_t len) { size_t i, j; for (i = 0, j = 0; j < len; i++, j += 4) { - output[j] = (u_int8_t)(input[i] & 0xff); - output[j+1] = (u_int8_t)((input[i] >> 8) & 0xff); - output[j+2] = (u_int8_t)((input[i] >> 16) & 0xff); - output[j+3] = (u_int8_t)((input[i] >> 24) & 0xff); + output[j] = (uint8_t)(input[i] & 0xff); + output[j+1] = (uint8_t)((input[i] >> 8) & 0xff); + output[j+2] = (uint8_t)((input[i] >> 16) & 0xff); + output[j+3] = (uint8_t)((input[i] >> 24) & 0xff); } } -/* Decodes input (u_int8_t) into output (u_int32_t). Assumes len is +/* Decodes input (uint8_t) into output (uint32_t). Assumes len is * a multiple of 4. */ -static void Decode(u_int32_t *output, u_int8_t *input, size_t len) +static void Decode(uint32_t *output, uint8_t *input, size_t len) { size_t i, j; for (i = 0, j = 0; j < len; i++, j += 4) { - output[i] = ((u_int32_t)input[j]) | (((u_int32_t)input[j+1]) << 8) | - (((u_int32_t)input[j+2]) << 16) | (((u_int32_t)input[j+3]) << 24); + output[i] = ((uint32_t)input[j]) | (((uint32_t)input[j+1]) << 8) | + (((uint32_t)input[j+2]) << 16) | (((uint32_t)input[j+3]) << 24); } } @@ -132,9 +132,9 @@ static void Decode(u_int32_t *output, u_int8_t *input, size_t len) /* * MD4 basic transformation. Transforms state based on block. */ -static void MD4Transform(u_int32_t state[4], u_int8_t block[64]) +static void MD4Transform(uint32_t state[4], uint8_t block[64]) { - u_int32_t a = state[0], b = state[1], c = state[2], d = state[3], x[16]; + uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[16]; Decode(x, block, 64); @@ -202,13 +202,13 @@ static void MD4Transform(u_int32_t state[4], u_int8_t block[64]) * operation, processing another message block, and updating the * context. */ -static void MD4Update(private_md4_hasher_t *this, u_int8_t *input, size_t inputLen) +static void MD4Update(private_md4_hasher_t *this, uint8_t *input, size_t inputLen) { - u_int32_t i; + uint32_t i; size_t index, partLen; /* Compute number of bytes mod 64 */ - index = (u_int8_t)((this->count[0] >> 3) & 0x3F); + index = (uint8_t)((this->count[0] >> 3) & 0x3F); /* Update number of bits */ if ((this->count[0] += (inputLen << 3)) < (inputLen << 3)) @@ -243,9 +243,9 @@ static void MD4Update(private_md4_hasher_t *this, u_int8_t *input, size_t inputL /* MD4 finalization. Ends an MD4 message-digest operation, writing the * the message digest and zeroizing the context. */ -static void MD4Final (private_md4_hasher_t *this, u_int8_t digest[16]) +static void MD4Final (private_md4_hasher_t *this, uint8_t digest[16]) { - u_int8_t bits[8]; + uint8_t bits[8]; size_t index, padLen; /* Save number of bits */ @@ -280,7 +280,7 @@ METHOD(hasher_t, reset, bool, } METHOD(hasher_t, get_hash, bool, - private_md4_hasher_t *this, chunk_t chunk, u_int8_t *buffer) + private_md4_hasher_t *this, chunk_t chunk, uint8_t *buffer) { MD4Update(this, chunk.ptr, chunk.len); if (buffer != NULL) diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in index 6fc25b023..d937ca348 100644 --- a/src/libstrongswan/plugins/md5/Makefile.in +++ b/src/libstrongswan/plugins/md5/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/md5 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/md5/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/md5/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/md5/md5_hasher.c b/src/libstrongswan/plugins/md5/md5_hasher.c index 99b505e58..d14c10ae5 100644 --- a/src/libstrongswan/plugins/md5/md5_hasher.c +++ b/src/libstrongswan/plugins/md5/md5_hasher.c @@ -42,7 +42,7 @@ #define S43 15 #define S44 21 -static u_int8_t PADDING[64] = { +static uint8_t PADDING[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 @@ -66,22 +66,22 @@ static u_int8_t PADDING[64] = { Rotation is separate from addition to prevent recomputation. */ #define FF(a, b, c, d, x, s, ac) { \ - (a) += F ((b), (c), (d)) + (x) + (u_int32_t)(ac); \ + (a) += F ((b), (c), (d)) + (x) + (uint32_t)(ac); \ (a) = ROTATE_LEFT ((a), (s)); \ (a) += (b); \ } #define GG(a, b, c, d, x, s, ac) { \ - (a) += G ((b), (c), (d)) + (x) + (u_int32_t)(ac); \ + (a) += G ((b), (c), (d)) + (x) + (uint32_t)(ac); \ (a) = ROTATE_LEFT ((a), (s)); \ (a) += (b); \ } #define HH(a, b, c, d, x, s, ac) { \ - (a) += H ((b), (c), (d)) + (x) + (u_int32_t)(ac); \ + (a) += H ((b), (c), (d)) + (x) + (uint32_t)(ac); \ (a) = ROTATE_LEFT ((a), (s)); \ (a) += (b); \ } #define II(a, b, c, d, x, s, ac) { \ - (a) += I ((b), (c), (d)) + (x) + (u_int32_t)(ac); \ + (a) += I ((b), (c), (d)) + (x) + (uint32_t)(ac); \ (a) = ROTATE_LEFT ((a), (s)); \ (a) += (b); \ } @@ -102,41 +102,41 @@ struct private_md5_hasher_t { /* * State of the hasher. */ - u_int32_t state[5]; - u_int32_t count[2]; - u_int8_t buffer[64]; + uint32_t state[5]; + uint32_t count[2]; + uint8_t buffer[64]; }; #if BYTE_ORDER != LITTLE_ENDIAN -/* Encodes input (u_int32_t) into output (u_int8_t). Assumes len is +/* Encodes input (uint32_t) into output (uint8_t). Assumes len is * a multiple of 4. */ -static void Encode (u_int8_t *output, u_int32_t *input, size_t len) +static void Encode (uint8_t *output, uint32_t *input, size_t len) { size_t i, j; for (i = 0, j = 0; j < len; i++, j += 4) { - output[j] = (u_int8_t)(input[i] & 0xff); - output[j+1] = (u_int8_t)((input[i] >> 8) & 0xff); - output[j+2] = (u_int8_t)((input[i] >> 16) & 0xff); - output[j+3] = (u_int8_t)((input[i] >> 24) & 0xff); + output[j] = (uint8_t)(input[i] & 0xff); + output[j+1] = (uint8_t)((input[i] >> 8) & 0xff); + output[j+2] = (uint8_t)((input[i] >> 16) & 0xff); + output[j+3] = (uint8_t)((input[i] >> 24) & 0xff); } } -/* Decodes input (u_int8_t) into output (u_int32_t). Assumes len is +/* Decodes input (uint8_t) into output (uint32_t). Assumes len is * a multiple of 4. */ -static void Decode(u_int32_t *output, u_int8_t *input, size_t len) +static void Decode(uint32_t *output, uint8_t *input, size_t len) { size_t i, j; for (i = 0, j = 0; j < len; i++, j += 4) { - output[i] = ((u_int32_t)input[j]) | (((u_int32_t)input[j+1]) << 8) | - (((u_int32_t)input[j+2]) << 16) | (((u_int32_t)input[j+3]) << 24); + output[i] = ((uint32_t)input[j]) | (((uint32_t)input[j+1]) << 8) | + (((uint32_t)input[j+2]) << 16) | (((uint32_t)input[j+3]) << 24); } } @@ -147,9 +147,9 @@ static void Decode(u_int32_t *output, u_int8_t *input, size_t len) /* MD5 basic transformation. Transforms state based on block. */ -static void MD5Transform(u_int32_t state[4], u_int8_t block[64]) +static void MD5Transform(uint32_t state[4], uint8_t block[64]) { - u_int32_t a = state[0], b = state[1], c = state[2], d = state[3], x[16]; + uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[16]; Decode(x, block, 64); @@ -235,13 +235,13 @@ static void MD5Transform(u_int32_t state[4], u_int8_t block[64]) * operation, processing another message block, and updating the * context. */ -static void MD5Update(private_md5_hasher_t *this, u_int8_t *input, size_t inputLen) +static void MD5Update(private_md5_hasher_t *this, uint8_t *input, size_t inputLen) { - u_int32_t i; + uint32_t i; size_t index, partLen; /* Compute number of bytes mod 64 */ - index = (u_int8_t)((this->count[0] >> 3) & 0x3F); + index = (uint8_t)((this->count[0] >> 3) & 0x3F); /* Update number of bits */ if ((this->count[0] += (inputLen << 3)) < (inputLen << 3)) @@ -276,9 +276,9 @@ static void MD5Update(private_md5_hasher_t *this, u_int8_t *input, size_t inputL /* MD5 finalization. Ends an MD5 message-digest operation, writing the * the message digest and zeroizing the context. */ -static void MD5Final (private_md5_hasher_t *this, u_int8_t digest[16]) +static void MD5Final (private_md5_hasher_t *this, uint8_t digest[16]) { - u_int8_t bits[8]; + uint8_t bits[8]; size_t index, padLen; /* Save number of bits */ @@ -313,7 +313,7 @@ METHOD(hasher_t, reset, bool, } METHOD(hasher_t, get_hash, bool, - private_md5_hasher_t *this, chunk_t chunk, u_int8_t *buffer) + private_md5_hasher_t *this, chunk_t chunk, uint8_t *buffer) { MD5Update(this, chunk.ptr, chunk.len); if (buffer != NULL) diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in index 17409dbc3..821dbc138 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.in +++ b/src/libstrongswan/plugins/mysql/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/mysql -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/mysql/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/mysql/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/nonce/Makefile.in b/src/libstrongswan/plugins/nonce/Makefile.in index 68be3f44a..58a27509b 100644 --- a/src/libstrongswan/plugins/nonce/Makefile.in +++ b/src/libstrongswan/plugins/nonce/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/nonce -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/nonce/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/nonce/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -772,6 +785,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/nonce/nonce_nonceg.c b/src/libstrongswan/plugins/nonce/nonce_nonceg.c index 64ed2e08d..22c161df6 100644 --- a/src/libstrongswan/plugins/nonce/nonce_nonceg.c +++ b/src/libstrongswan/plugins/nonce/nonce_nonceg.c @@ -36,7 +36,7 @@ struct private_nonce_nonceg_t { }; METHOD(nonce_gen_t, get_nonce, bool, - private_nonce_nonceg_t *this, size_t size, u_int8_t *buffer) + private_nonce_nonceg_t *this, size_t size, uint8_t *buffer) { return this->rng->get_bytes(this->rng, size, buffer); } diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in index 97a70679d..fd123a118 100644 --- a/src/libstrongswan/plugins/ntru/Makefile.in +++ b/src/libstrongswan/plugins/ntru/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/ntru -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -467,7 +481,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ntru/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/ntru/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -788,6 +801,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/ntru/ntru_drbg.c b/src/libstrongswan/plugins/ntru/ntru_drbg.c index ef0d3d9c8..b7a951d00 100644 --- a/src/libstrongswan/plugins/ntru/ntru_drbg.c +++ b/src/libstrongswan/plugins/ntru/ntru_drbg.c @@ -35,17 +35,17 @@ struct private_ntru_drbg_t { /** * Security strength in bits of the DRBG */ - u_int32_t strength; + uint32_t strength; /** * Number of requests for pseudorandom bits */ - u_int32_t reseed_counter; + uint32_t reseed_counter; /** * Maximum number of requests for pseudorandom bits */ - u_int32_t max_requests; + uint32_t max_requests; /** * True entropy source @@ -111,7 +111,7 @@ static bool update(private_ntru_drbg_t *this, chunk_t data) return TRUE; } -METHOD(ntru_drbg_t, get_strength, u_int32_t, +METHOD(ntru_drbg_t, get_strength, uint32_t, private_ntru_drbg_t *this) { return this->strength; @@ -142,7 +142,7 @@ METHOD(ntru_drbg_t, reseed, bool, } METHOD(ntru_drbg_t, generate, bool, - private_ntru_drbg_t *this, u_int32_t strength, u_int32_t len, u_int8_t *out) + private_ntru_drbg_t *this, uint32_t strength, uint32_t len, uint8_t *out) { size_t delta; chunk_t output; @@ -206,14 +206,14 @@ METHOD(ntru_drbg_t, destroy, void, /* * Described in header. */ -ntru_drbg_t *ntru_drbg_create(u_int32_t strength, chunk_t pers_str, +ntru_drbg_t *ntru_drbg_create(uint32_t strength, chunk_t pers_str, rng_t *entropy) { private_ntru_drbg_t *this; chunk_t seed; signer_t *hmac; size_t entropy_len; - u_int32_t max_requests; + uint32_t max_requests; if (strength > MAX_STRENGTH_BITS) { diff --git a/src/libstrongswan/plugins/ntru/ntru_drbg.h b/src/libstrongswan/plugins/ntru/ntru_drbg.h index 83cef11be..3fee1800b 100644 --- a/src/libstrongswan/plugins/ntru/ntru_drbg.h +++ b/src/libstrongswan/plugins/ntru/ntru_drbg.h @@ -36,7 +36,7 @@ struct ntru_drbg_t { * * @return configured security strength in bits */ - u_int32_t (*get_strength)(ntru_drbg_t *this); + uint32_t (*get_strength)(ntru_drbg_t *this); /** * Reseed the instantiated DRBG @@ -54,8 +54,8 @@ struct ntru_drbg_t { * @param out address of output buffer * @return TRUE if successful */ - bool (*generate)(ntru_drbg_t *this, u_int32_t strength, u_int32_t len, - u_int8_t *out); + bool (*generate)(ntru_drbg_t *this, uint32_t strength, uint32_t len, + uint8_t *out); /** * Get a reference on an ntru_drbg_t object increasing the count by one @@ -77,7 +77,7 @@ struct ntru_drbg_t { * @param pers_str personalization string * @param entropy entropy source to use */ -ntru_drbg_t *ntru_drbg_create(u_int32_t strength, chunk_t pers_str, +ntru_drbg_t *ntru_drbg_create(uint32_t strength, chunk_t pers_str, rng_t *entropy); #endif /** NTRU_DRBG_H_ @}*/ diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.c b/src/libstrongswan/plugins/ntru/ntru_ke.c index 3b5df81d9..efc660bed 100644 --- a/src/libstrongswan/plugins/ntru/ntru_ke.c +++ b/src/libstrongswan/plugins/ntru/ntru_ke.c @@ -66,7 +66,7 @@ struct private_ntru_ke_t { /** * Cryptographical strength in bits of the NTRU Parameter Set */ - u_int32_t strength; + uint32_t strength; /** * NTRU Public Key @@ -247,7 +247,7 @@ ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p) rng_t *entropy; ntru_drbg_t *drbg; char *parameter_set; - u_int32_t strength; + uint32_t strength; parameter_set = lib->settings->get_str(lib->settings, "%s.plugins.ntru.parameter_set", "optimum", lib->ns); diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index 302016937..f453f43b5 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/openssl -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -210,12 +219,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -265,6 +276,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -299,6 +311,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -410,6 +423,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -485,7 +499,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/openssl/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/openssl/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -815,6 +828,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c index cb02c663c..20bac6be5 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crl.c +++ b/src/libstrongswan/plugins/openssl/openssl_crl.c @@ -46,6 +46,17 @@ #include #include +#if OPENSSL_VERSION_NUMBER < 0x10100000L +static inline void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509_CRL *crl) { + if (psig) { *psig = crl->signature; } + if (palg) { *palg = crl->sig_alg; } +} +#define X509_REVOKED_get0_serialNumber(r) ({ (r)->serialNumber; }) +#define X509_REVOKED_get0_revocationDate(r) ({ (r)->revocationDate; }) +#define X509_CRL_get0_extensions(c) ({ (c)->crl->extensions; }) +#define X509_ALGOR_get0(oid, ppt, ppv, alg) ({ *(oid) = (alg)->algorithm; }) +#endif + typedef struct private_openssl_crl_t private_openssl_crl_t; /** @@ -141,11 +152,13 @@ METHOD(enumerator_t, crl_enumerate, bool, revoked = sk_X509_REVOKED_value(this->stack, this->i); if (serial) { - *serial = openssl_asn1_str2chunk(revoked->serialNumber); + *serial = openssl_asn1_str2chunk( + X509_REVOKED_get0_serialNumber(revoked)); } if (date) { - *date = openssl_asn1_to_time(revoked->revocationDate); + *date = openssl_asn1_to_time( + X509_REVOKED_get0_revocationDate(revoked)); } if (reason) { @@ -231,6 +244,7 @@ METHOD(certificate_t, issued_by, bool, chunk_t fingerprint, tbs; public_key_t *key; x509_t *x509; + ASN1_BIT_STRING *sig; bool valid; if (issuer->get_type(issuer) != CERT_X509) @@ -266,9 +280,14 @@ METHOD(certificate_t, issued_by, bool, { return FALSE; } + /* i2d_re_X509_CRL_tbs() was added with 1.1.0 when X509_CRL became opaque */ +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + tbs = openssl_i2chunk(re_X509_CRL_tbs, this->crl); +#else tbs = openssl_i2chunk(X509_CRL_INFO, this->crl->crl); - valid = key->verify(key, this->scheme, tbs, - openssl_asn1_str2chunk(this->crl->signature)); +#endif + X509_CRL_get0_signature(&sig, NULL, this->crl); + valid = key->verify(key, this->scheme, tbs, openssl_asn1_str2chunk(sig)); free(tbs.ptr); key->destroy(key); if (valid && scheme) @@ -448,7 +467,7 @@ static bool parse_extensions(private_openssl_crl_t *this) X509_EXTENSION *ext; STACK_OF(X509_EXTENSION) *extensions; - extensions = this->crl->crl->extensions; + extensions = X509_CRL_get0_extensions(this->crl); if (extensions) { num = sk_X509_EXTENSION_num(extensions); @@ -494,6 +513,8 @@ static bool parse_extensions(private_openssl_crl_t *this) static bool parse_crl(private_openssl_crl_t *this) { const unsigned char *ptr = this->encoding.ptr; + ASN1_OBJECT *oid; + X509_ALGOR *alg; this->crl = d2i_X509_CRL(NULL, &ptr, this->encoding.len); if (!this->crl) @@ -501,14 +522,28 @@ static bool parse_crl(private_openssl_crl_t *this) return FALSE; } + X509_CRL_get0_signature(NULL, &alg, this->crl); + X509_ALGOR_get0(&oid, NULL, NULL, alg); +#if OPENSSL_VERSION_NUMBER < 0x10100000L if (!chunk_equals( openssl_asn1_obj2chunk(this->crl->crl->sig_alg->algorithm), openssl_asn1_obj2chunk(this->crl->sig_alg->algorithm))) { return FALSE; } - this->scheme = signature_scheme_from_oid(openssl_asn1_known_oid( - this->crl->sig_alg->algorithm)); +#elif 0 + /* FIXME: we currently can't do this if X509_CRL is opaque (>= 1.1.0) as + * X509_CRL_get0_tbs_sigalg() does not exist and there does not seem to be + * another easy way to get the algorithm from the tbsCertList of the CRL */ + alg = X509_CRL_get0_tbs_sigalg(this->crl); + X509_ALGOR_get0(&oid_tbs, NULL, NULL, alg); + if (!chunk_equals(openssl_asn1_obj2chunk(oid), + openssl_asn1_obj2chunk(oid_tbs))) + { + return FALSE; + } +#endif + this->scheme = signature_scheme_from_oid(openssl_asn1_known_oid(oid)); this->issuer = openssl_x509_name2id(X509_CRL_get_issuer(this->crl)); if (!this->issuer) diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c index 26f4700b8..b9085f9aa 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crypter.c +++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c @@ -43,7 +43,7 @@ struct private_openssl_crypter_t { /** * Look up an OpenSSL algorithm name and validate its key size */ -static char* lookup_algorithm(u_int16_t ikev2_algo, size_t *key_size) +static char* lookup_algorithm(uint16_t ikev2_algo, size_t *key_size) { struct { /* identifier specified in IKEv2 */ @@ -57,12 +57,12 @@ static char* lookup_algorithm(u_int16_t ikev2_algo, size_t *key_size) /* maximum key size */ size_t key_max; } mappings[] = { - {ENCR_DES, "des", 8, 8, 8}, - {ENCR_3DES, "des3", 24, 24, 24}, - {ENCR_RC5, "rc5", 16, 5, 255}, - {ENCR_IDEA, "idea", 16, 16, 16}, - {ENCR_CAST, "cast", 16, 5, 16}, - {ENCR_BLOWFISH, "blowfish", 16, 5, 56}, + {ENCR_DES, "des-cbc", 8, 8, 8}, + {ENCR_3DES, "des-ede3-cbc", 24, 24, 24}, + {ENCR_RC5, "rc5-cbc", 16, 5, 255}, + {ENCR_IDEA, "idea-cbc", 16, 16, 16}, + {ENCR_CAST, "cast5-cbc", 16, 5, 16}, + {ENCR_BLOWFISH, "bf-cbc", 16, 5, 56}, }; int i; @@ -93,8 +93,10 @@ static char* lookup_algorithm(u_int16_t ikev2_algo, size_t *key_size) static bool crypt(private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst, int enc) { + EVP_CIPHER_CTX *ctx; int len; u_char *out; + bool success = FALSE; out = data.ptr; if (dst) @@ -102,16 +104,19 @@ static bool crypt(private_openssl_crypter_t *this, chunk_t data, chunk_t iv, *dst = chunk_alloc(data.len); out = dst->ptr; } - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - return EVP_CipherInit_ex(&ctx, this->cipher, NULL, NULL, NULL, enc) && - EVP_CIPHER_CTX_set_padding(&ctx, 0) /* disable padding */ && - EVP_CIPHER_CTX_set_key_length(&ctx, this->key.len) && - EVP_CipherInit_ex(&ctx, NULL, NULL, this->key.ptr, iv.ptr, enc) && - EVP_CipherUpdate(&ctx, out, &len, data.ptr, data.len) && - /* since padding is disabled this does nothing */ - EVP_CipherFinal_ex(&ctx, out + len, &len) && - EVP_CIPHER_CTX_cleanup(&ctx); + ctx = EVP_CIPHER_CTX_new(); + if (EVP_CipherInit_ex(ctx, this->cipher, NULL, NULL, NULL, enc) && + EVP_CIPHER_CTX_set_padding(ctx, 0) /* disable padding */ && + EVP_CIPHER_CTX_set_key_length(ctx, this->key.len) && + EVP_CipherInit_ex(ctx, NULL, NULL, this->key.ptr, iv.ptr, enc) && + EVP_CipherUpdate(ctx, out, &len, data.ptr, data.len) && + /* since padding is disabled this does nothing */ + EVP_CipherFinal_ex(ctx, out + len, &len)) + { + success = TRUE; + } + EVP_CIPHER_CTX_free(ctx); + return success; } METHOD(crypter_t, decrypt, bool, @@ -129,13 +134,13 @@ METHOD(crypter_t, encrypt, bool, METHOD(crypter_t, get_block_size, size_t, private_openssl_crypter_t *this) { - return this->cipher->block_size; + return EVP_CIPHER_block_size(this->cipher); } METHOD(crypter_t, get_iv_size, size_t, private_openssl_crypter_t *this) { - return this->cipher->iv_len; + return EVP_CIPHER_iv_length(this->cipher); } METHOD(crypter_t, get_key_size, size_t, @@ -193,13 +198,13 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, key_size = 16; /* FALL */ case 16: /* AES 128 */ - this->cipher = EVP_get_cipherbyname("aes128"); + this->cipher = EVP_get_cipherbyname("aes-128-cbc"); break; case 24: /* AES-192 */ - this->cipher = EVP_get_cipherbyname("aes192"); + this->cipher = EVP_get_cipherbyname("aes-192-cbc"); break; case 32: /* AES-256 */ - this->cipher = EVP_get_cipherbyname("aes256"); + this->cipher = EVP_get_cipherbyname("aes-256-cbc"); break; default: free(this); @@ -213,13 +218,13 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, key_size = 16; /* FALL */ case 16: /* CAMELLIA 128 */ - this->cipher = EVP_get_cipherbyname("camellia128"); + this->cipher = EVP_get_cipherbyname("camellia-128-cbc"); break; case 24: /* CAMELLIA 192 */ - this->cipher = EVP_get_cipherbyname("camellia192"); + this->cipher = EVP_get_cipherbyname("camellia-192-cbc"); break; case 32: /* CAMELLIA 256 */ - this->cipher = EVP_get_cipherbyname("camellia256"); + this->cipher = EVP_get_cipherbyname("camellia-256-cbc"); break; default: free(this); diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c index 49ec48804..f08dfff7e 100644 --- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c @@ -22,9 +22,17 @@ #include #include "openssl_diffie_hellman.h" +#include "openssl_util.h" #include +/* these were added with 1.1.0 when DH was made opaque */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L +OPENSSL_KEY_FALLBACK(DH, key, pub_key, priv_key) +OPENSSL_KEY_FALLBACK(DH, pqg, p, q, g) +#define DH_set_length(dh, len) ({ (dh)->length = len; 1; }) +#endif + typedef struct private_openssl_diffie_hellman_t private_openssl_diffie_hellman_t; /** @@ -65,10 +73,12 @@ struct private_openssl_diffie_hellman_t { METHOD(diffie_hellman_t, get_my_public_value, bool, private_openssl_diffie_hellman_t *this, chunk_t *value) { + const BIGNUM *pubkey; + *value = chunk_alloc(DH_size(this->dh)); memset(value->ptr, 0, value->len); - BN_bn2bin(this->dh->pub_key, - value->ptr + value->len - BN_num_bytes(this->dh->pub_key)); + DH_get0_key(this->dh, &pubkey, NULL); + BN_bn2bin(pubkey, value->ptr + value->len - BN_num_bytes(pubkey)); return TRUE; } @@ -116,8 +126,15 @@ METHOD(diffie_hellman_t, set_other_public_value, bool, METHOD(diffie_hellman_t, set_private_value, bool, private_openssl_diffie_hellman_t *this, chunk_t value) { - if (BN_bin2bn(value.ptr, value.len, this->dh->priv_key)) + BIGNUM *privkey; + + privkey = BN_bin2bn(value.ptr, value.len, NULL); + if (privkey) { + if (!DH_set0_key(this->dh, NULL, privkey)) + { + return FALSE; + } chunk_clear(&this->shared_secret); this->computed = FALSE; return DH_generate_key(this->dh); @@ -136,16 +153,29 @@ METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t, */ static status_t set_modulus(private_openssl_diffie_hellman_t *this) { + BIGNUM *p, *g; + diffie_hellman_params_t *params = diffie_hellman_get_params(this->group); if (!params) { return NOT_FOUND; } - this->dh->p = BN_bin2bn(params->prime.ptr, params->prime.len, NULL); - this->dh->g = BN_bin2bn(params->generator.ptr, params->generator.len, NULL); + p = BN_bin2bn(params->prime.ptr, params->prime.len, NULL); + g = BN_bin2bn(params->generator.ptr, params->generator.len, NULL); + if (!DH_set0_pqg(this->dh, p, NULL, g)) + { + return FAILED; + } if (params->exp_len != params->prime.len) { - this->dh->length = params->exp_len * 8; +#ifdef OPENSSL_IS_BORINGSSL + this->dh->priv_length = params->exp_len * 8; +#else + if (!DH_set_length(this->dh, params->exp_len * 8)) + { + return FAILED; + } +#endif } return SUCCESS; } @@ -166,6 +196,7 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create( diffie_hellman_group_t group, chunk_t g, chunk_t p) { private_openssl_diffie_hellman_t *this; + const BIGNUM *privkey; INIT(this, .public = { @@ -194,8 +225,12 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create( if (group == MODP_CUSTOM) { - this->dh->p = BN_bin2bn(p.ptr, p.len, NULL); - this->dh->g = BN_bin2bn(g.ptr, g.len, NULL); + if (!DH_set0_pqg(this->dh, BN_bin2bn(p.ptr, p.len, NULL), NULL, + BN_bin2bn(g.ptr, g.len, NULL))) + { + destroy(this); + return NULL; + } } else { @@ -213,9 +248,8 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create( destroy(this); return NULL; } - DBG2(DBG_LIB, "size of DH secret exponent: %d bits", - BN_num_bits(this->dh->priv_key)); - + DH_get0_key(this->dh, NULL, &privkey); + DBG2(DBG_LIB, "size of DH secret exponent: %d bits", BN_num_bits(privkey)); return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c index bc7884c99..24fe623eb 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c @@ -28,6 +28,10 @@ #include #include +#if OPENSSL_VERSION_NUMBER < 0x10100000L +OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s) +#endif + typedef struct private_openssl_ec_private_key_t private_openssl_ec_private_key_t; /** @@ -59,15 +63,17 @@ bool openssl_ec_fingerprint(EC_KEY *ec, cred_encoding_type_t type, chunk_t *fp); static bool build_signature(private_openssl_ec_private_key_t *this, chunk_t hash, chunk_t *signature) { - bool built = FALSE; + const BIGNUM *r, *s; ECDSA_SIG *sig; + bool built = FALSE; sig = ECDSA_do_sign(hash.ptr, hash.len, this->ec); if (sig) { + ECDSA_SIG_get0(sig, &r, &s); /* concatenate BNs r/s to a signature chunk */ built = openssl_bn_cat(EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec)), - sig->r, sig->s, signature); + r, s, signature); ECDSA_SIG_free(sig); } return built; diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c index 21dcb0120..a1e56fc5e 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c @@ -27,6 +27,10 @@ #include #include +#if OPENSSL_VERSION_NUMBER < 0x10100000L +OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s) +#endif + typedef struct private_openssl_ec_public_key_t private_openssl_ec_public_key_t; /** @@ -55,14 +59,23 @@ struct private_openssl_ec_public_key_t { static bool verify_signature(private_openssl_ec_public_key_t *this, chunk_t hash, chunk_t signature) { - bool valid = FALSE; + BIGNUM *r, *s; ECDSA_SIG *sig; + bool valid = FALSE; sig = ECDSA_SIG_new(); if (sig) { - /* split the signature chunk in r and s */ - if (openssl_bn_split(signature, sig->r, sig->s)) + r = BN_new(); + s = BN_new(); + if (!openssl_bn_split(signature, r, s)) + { + BN_free(r); + BN_free(s); + ECDSA_SIG_free(sig); + return FALSE; + } + if (ECDSA_SIG_set0(sig, r, s)) { valid = (ECDSA_do_verify(hash.ptr, hash.len, sig, this->ec) == 1); } diff --git a/src/libstrongswan/plugins/openssl/openssl_gcm.c b/src/libstrongswan/plugins/openssl/openssl_gcm.c index 147e4afb4..6bbe4af95 100644 --- a/src/libstrongswan/plugins/openssl/openssl_gcm.c +++ b/src/libstrongswan/plugins/openssl/openssl_gcm.c @@ -71,7 +71,7 @@ struct private_aead_t { static bool crypt(private_aead_t *this, chunk_t data, chunk_t assoc, chunk_t iv, u_char *out, int enc) { - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; u_char nonce[NONCE_LEN]; bool success = FALSE; int len; @@ -79,29 +79,29 @@ static bool crypt(private_aead_t *this, chunk_t data, chunk_t assoc, chunk_t iv, memcpy(nonce, this->salt, SALT_LEN); memcpy(nonce + SALT_LEN, iv.ptr, IV_LEN); - EVP_CIPHER_CTX_init(&ctx); - EVP_CIPHER_CTX_set_padding(&ctx, 0); - if (!EVP_CipherInit_ex(&ctx, this->cipher, NULL, NULL, NULL, enc) || - !EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, NONCE_LEN, NULL) || - !EVP_CipherInit_ex(&ctx, NULL, NULL, this->key.ptr, nonce, enc)) + ctx = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX_set_padding(ctx, 0); + if (!EVP_CipherInit_ex(ctx, this->cipher, NULL, NULL, NULL, enc) || + !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, NONCE_LEN, NULL) || + !EVP_CipherInit_ex(ctx, NULL, NULL, this->key.ptr, nonce, enc)) { goto done; } - if (!enc && !EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, this->icv_size, + if (!enc && !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, this->icv_size, data.ptr + data.len)) { /* set ICV for verification on decryption */ goto done; } - if (assoc.len && !EVP_CipherUpdate(&ctx, NULL, &len, assoc.ptr, assoc.len)) + if (assoc.len && !EVP_CipherUpdate(ctx, NULL, &len, assoc.ptr, assoc.len)) { /* set AAD if specified */ goto done; } - if (!EVP_CipherUpdate(&ctx, out, &len, data.ptr, data.len) || - !EVP_CipherFinal_ex(&ctx, out + len, &len)) + if (!EVP_CipherUpdate(ctx, out, &len, data.ptr, data.len) || + !EVP_CipherFinal_ex(ctx, out + len, &len)) { /* EVP_CipherFinal_ex fails if ICV is incorrect on decryption */ goto done; } - if (enc && !EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, this->icv_size, + if (enc && !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, this->icv_size, out + data.len)) { /* copy back the ICV when encrypting */ goto done; @@ -109,7 +109,7 @@ static bool crypt(private_aead_t *this, chunk_t data, chunk_t assoc, chunk_t iv, success = TRUE; done: - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_free(ctx); return success; } @@ -152,7 +152,7 @@ METHOD(aead_t, decrypt, bool, METHOD(aead_t, get_block_size, size_t, private_aead_t *this) { - return this->cipher->block_size; + return EVP_CIPHER_block_size(this->cipher); } METHOD(aead_t, get_icv_size, size_t, diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.c b/src/libstrongswan/plugins/openssl/openssl_hasher.c index 50b14698b..96ee230c9 100644 --- a/src/libstrongswan/plugins/openssl/openssl_hasher.c +++ b/src/libstrongswan/plugins/openssl/openssl_hasher.c @@ -43,7 +43,7 @@ struct private_openssl_hasher_t { METHOD(hasher_t, get_hash_size, size_t, private_openssl_hasher_t *this) { - return this->hasher->md_size; + return EVP_MD_size(this->hasher); } METHOD(hasher_t, reset, bool, @@ -53,7 +53,7 @@ METHOD(hasher_t, reset, bool, } METHOD(hasher_t, get_hash, bool, - private_openssl_hasher_t *this, chunk_t chunk, u_int8_t *hash) + private_openssl_hasher_t *this, chunk_t chunk, uint8_t *hash) { if (EVP_DigestUpdate(this->ctx, chunk.ptr, chunk.len) != 1) { diff --git a/src/libstrongswan/plugins/openssl/openssl_hmac.c b/src/libstrongswan/plugins/openssl/openssl_hmac.c index 065187a8c..16e707116 100644 --- a/src/libstrongswan/plugins/openssl/openssl_hmac.c +++ b/src/libstrongswan/plugins/openssl/openssl_hmac.c @@ -68,7 +68,14 @@ struct private_mac_t { /** * Current HMAC context */ - HMAC_CTX hmac; + HMAC_CTX *hmac; + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + /** + * Static context for OpenSSL < 1.1.0 + */ + HMAC_CTX hmac_ctx; +#endif /** * Key set on HMAC_CTX? @@ -80,28 +87,28 @@ METHOD(mac_t, set_key, bool, private_mac_t *this, chunk_t key) { #if OPENSSL_VERSION_NUMBER >= 0x10000000L - if (HMAC_Init_ex(&this->hmac, key.ptr, key.len, this->hasher, NULL)) + if (HMAC_Init_ex(this->hmac, key.ptr, key.len, this->hasher, NULL)) { this->key_set = TRUE; return TRUE; } return FALSE; #else /* OPENSSL_VERSION_NUMBER < 1.0 */ - HMAC_Init_ex(&this->hmac, key.ptr, key.len, this->hasher, NULL); + HMAC_Init_ex(this->hmac, key.ptr, key.len, this->hasher, NULL); this->key_set = TRUE; return TRUE; #endif } METHOD(mac_t, get_mac, bool, - private_mac_t *this, chunk_t data, u_int8_t *out) + private_mac_t *this, chunk_t data, uint8_t *out) { if (!this->key_set) { return FALSE; } #if OPENSSL_VERSION_NUMBER >= 0x10000000L - if (!HMAC_Update(&this->hmac, data.ptr, data.len)) + if (!HMAC_Update(this->hmac, data.ptr, data.len)) { return FALSE; } @@ -109,17 +116,17 @@ METHOD(mac_t, get_mac, bool, { return TRUE; } - if (!HMAC_Final(&this->hmac, out, NULL)) + if (!HMAC_Final(this->hmac, out, NULL)) { return FALSE; } #else /* OPENSSL_VERSION_NUMBER < 1.0 */ - HMAC_Update(&this->hmac, data.ptr, data.len); + HMAC_Update(this->hmac, data.ptr, data.len); if (out == NULL) { return TRUE; } - HMAC_Final(&this->hmac, out, NULL); + HMAC_Final(this->hmac, out, NULL); #endif return set_key(this, chunk_empty); } @@ -133,7 +140,11 @@ METHOD(mac_t, get_mac_size, size_t, METHOD(mac_t, destroy, void, private_mac_t *this) { - HMAC_CTX_cleanup(&this->hmac); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + HMAC_CTX_free(this->hmac); +#else + HMAC_CTX_cleanup(&this->hmac_ctx); +#endif free(this); } @@ -167,7 +178,12 @@ static mac_t *hmac_create(hash_algorithm_t algo) return NULL; } - HMAC_CTX_init(&this->hmac); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + this->hmac = HMAC_CTX_new(); +#else + HMAC_CTX_init(&this->hmac_ctx); + this->hmac = &this->hmac_ctx; +#endif return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs12.c b/src/libstrongswan/plugins/openssl/openssl_pkcs12.c index d16b2cc05..705e96c69 100644 --- a/src/libstrongswan/plugins/openssl/openssl_pkcs12.c +++ b/src/libstrongswan/plugins/openssl/openssl_pkcs12.c @@ -23,6 +23,10 @@ #include #include +#ifdef OPENSSL_IS_BORINGSSL +#define EVP_PKEY_base_id(p) EVP_PKEY_type(p->type) +#endif + typedef struct private_pkcs12_t private_pkcs12_t; /** @@ -110,7 +114,7 @@ static bool add_key(private_pkcs12_t *this, EVP_PKEY *private) { /* no private key is ok */ return TRUE; } - switch (EVP_PKEY_type(private->type)) + switch (EVP_PKEY_base_id(private)) { case EVP_PKEY_RSA: type = KEY_RSA; diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c index 891e829ae..5752d96de 100644 --- a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c +++ b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c @@ -29,6 +29,10 @@ #include +#if OPENSSL_VERSION_NUMBER < 0x10100000L +#define X509_ATTRIBUTE_get0_object(attr) ({ (attr)->object; }) +#endif + typedef struct private_openssl_pkcs7_t private_openssl_pkcs7_t; /** @@ -432,11 +436,11 @@ METHOD(pkcs7_t, get_attribute, bool, for (i = 0; i < CMS_signed_get_attr_count(si); i++) { attr = CMS_signed_get_attr(si, i); - if (!attr->single && sk_ASN1_TYPE_num(attr->value.set) == 1 && - openssl_asn1_known_oid(attr->object) == oid) + if (X509_ATTRIBUTE_count(attr) == 1 && + openssl_asn1_known_oid(X509_ATTRIBUTE_get0_object(attr)) == oid) { /* get first value in SET */ - type = sk_ASN1_TYPE_value(attr->value.set, 0); + type = X509_ATTRIBUTE_get0_type(attr, 0); chunk = wrapped = openssl_i2chunk(ASN1_TYPE, type); if (asn1_unwrap(&chunk, &chunk) != 0x100 /* ASN1_INVALID */) { @@ -503,7 +507,7 @@ static bool decrypt_symmetric(private_openssl_pkcs7_t *this, chunk_t key, chunk_t iv; size_t key_size; - /* read encryption algorithm from interal structures; TODO fixup */ + /* read encryption algorithm from internal structures; TODO fixup */ alg = this->cms->envelopedData->encryptedContentInfo-> contentEncryptionAlgorithm; encr = encryption_algorithm_from_oid(openssl_asn1_known_oid(alg->algorithm), diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index aeb9be409..3e3b986df 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -65,6 +65,11 @@ struct private_openssl_plugin_t { openssl_plugin_t public; }; +/** + * OpenSSL is thread-safe since 1.1.0 + */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L + /** * Array of static mutexs, with CRYPTO_num_locks() mutex */ @@ -227,6 +232,14 @@ static void threading_cleanup() cleanup->destroy(cleanup); } +#else /* OPENSSL_VERSION_NUMBER */ + +#define threading_init() + +#define threading_cleanup() + +#endif + /** * Seed the OpenSSL RNG, if required */ @@ -502,8 +515,14 @@ METHOD(plugin_t, get_features, int, METHOD(plugin_t, destroy, void, private_openssl_plugin_t *this) { +/* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we + * can't call it as we couldn't re-initialize the library (as required by the + * unit tests and the Android app) */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L +#ifndef OPENSSL_IS_BORINGSSL CONF_modules_free(); OBJ_cleanup(); +#endif EVP_cleanup(); #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); @@ -511,6 +530,7 @@ METHOD(plugin_t, destroy, void, CRYPTO_cleanup_all_ex_data(); threading_cleanup(); ERR_free_strings(); +#endif /* OPENSSL_VERSION_NUMBER */ free(this); } @@ -553,10 +573,23 @@ plugin_t *openssl_plugin_create() }, ); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + /* note that we can't call OPENSSL_cleanup() when the plugin is destroyed + * as we couldn't initialize the library again afterwards */ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG | + OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); +#else /* OPENSSL_VERSION_NUMBER */ threading_init(); - +#ifndef OPENSSL_IS_BORINGSSL OPENSSL_config(NULL); +#endif OpenSSL_add_all_algorithms(); +#ifndef OPENSSL_NO_ENGINE + /* activate support for hardware accelerators */ + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); +#endif /* OPENSSL_NO_ENGINE */ +#endif /* OPENSSL_VERSION_NUMBER */ #ifdef OPENSSL_FIPS /* we do this here as it may have been enabled via openssl.conf */ @@ -565,12 +598,6 @@ plugin_t *openssl_plugin_create() "openssl FIPS mode(%d) - %sabled ", fips_mode, fips_mode ? "en" : "dis"); #endif /* OPENSSL_FIPS */ -#ifndef OPENSSL_NO_ENGINE - /* activate support for hardware accelerators */ - ENGINE_load_builtin_engines(); - ENGINE_register_all_complete(); -#endif /* OPENSSL_NO_ENGINE */ - if (!seed_rng()) { DBG1(DBG_CFG, "no RNG found to seed OpenSSL"); diff --git a/src/libstrongswan/plugins/openssl/openssl_rng.c b/src/libstrongswan/plugins/openssl/openssl_rng.c index c807bb607..a25b6b4b6 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rng.c +++ b/src/libstrongswan/plugins/openssl/openssl_rng.c @@ -47,15 +47,8 @@ struct private_openssl_rng_t { }; METHOD(rng_t, get_bytes, bool, - private_openssl_rng_t *this, size_t bytes, u_int8_t *buffer) + private_openssl_rng_t *this, size_t bytes, uint8_t *buffer) { - if (this->quality == RNG_WEAK) - { - /* RAND_pseudo_bytes() returns 1 if returned bytes are strong, - * 0 if of not. Both is acceptable for RNG_WEAK. */ - return RAND_pseudo_bytes((char*)buffer, bytes) != -1; - } - /* A 0 return value is a failure for RAND_bytes() */ return RAND_bytes((char*)buffer, bytes) == 1; } diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index de02f302d..485e0bbc7 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -20,6 +20,7 @@ #include "openssl_rsa_private_key.h" #include "openssl_rsa_public_key.h" +#include "openssl_util.h" #include @@ -35,6 +36,12 @@ */ #define PUBLIC_EXPONENT 0x10001 +#if OPENSSL_VERSION_NUMBER < 0x10100000L +OPENSSL_KEY_FALLBACK(RSA, key, n, e, d) +OPENSSL_KEY_FALLBACK(RSA, factors, p, q) +OPENSSL_KEY_FALLBACK(RSA, crt_params, dmp1, dmq1, iqmp) +#endif + typedef struct private_openssl_rsa_private_key_t private_openssl_rsa_private_key_t; /** @@ -436,22 +443,38 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type, } else if (n.ptr && e.ptr && d.ptr && p.ptr && q.ptr && coeff.ptr) { + BIGNUM *bn_n, *bn_e, *bn_d, *bn_p, *bn_q; + BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; + this->rsa = RSA_new(); - this->rsa->n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL); - this->rsa->e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL); - this->rsa->d = BN_bin2bn((const u_char*)d.ptr, d.len, NULL); - this->rsa->p = BN_bin2bn((const u_char*)p.ptr, p.len, NULL); - this->rsa->q = BN_bin2bn((const u_char*)q.ptr, q.len, NULL); + + bn_n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL); + bn_e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL); + bn_d = BN_bin2bn((const u_char*)d.ptr, d.len, NULL); + if (!RSA_set0_key(this->rsa, bn_n, bn_e, bn_d)) + { + destroy(this); + return NULL; + + } + bn_p = BN_bin2bn((const u_char*)p.ptr, p.len, NULL); + bn_q = BN_bin2bn((const u_char*)q.ptr, q.len, NULL); + if (!RSA_set0_factors(this->rsa, bn_p, bn_q)) + { + destroy(this); + return NULL; + } if (exp1.ptr) { - this->rsa->dmp1 = BN_bin2bn((const u_char*)exp1.ptr, exp1.len, NULL); + dmp1 = BN_bin2bn((const u_char*)exp1.ptr, exp1.len, NULL); } if (exp2.ptr) { - this->rsa->dmq1 = BN_bin2bn((const u_char*)exp2.ptr, exp2.len, NULL); + dmq1 = BN_bin2bn((const u_char*)exp2.ptr, exp2.len, NULL); } - this->rsa->iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL); - if (RSA_check_key(this->rsa) == 1) + iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL); + if (RSA_set0_crt_params(this->rsa, dmp1, dmq1, iqmp) && + RSA_check_key(this->rsa) == 1) { return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index db928569f..d66d5016e 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -28,6 +28,10 @@ #include #include +#if OPENSSL_VERSION_NUMBER < 0x10100000L +OPENSSL_KEY_FALLBACK(RSA, key, n, e, d) +#endif + typedef struct private_openssl_rsa_public_key_t private_openssl_rsa_public_key_t; /** @@ -224,11 +228,13 @@ bool openssl_rsa_fingerprint(RSA *rsa, cred_encoding_type_t type, chunk_t *fp) break; default: { + const BIGNUM *bn_n, *bn_e; chunk_t n = chunk_empty, e = chunk_empty; bool success = FALSE; - if (openssl_bn2chunk(rsa->n, &n) && - openssl_bn2chunk(rsa->e, &e)) + RSA_get0_key(rsa, &bn_n, &bn_e, NULL); + if (openssl_bn2chunk(bn_n, &n) && + openssl_bn2chunk(bn_e, &e)) { success = lib->encoding->encode(lib->encoding, type, rsa, fp, CRED_PART_RSA_MODULUS, n, @@ -297,10 +303,12 @@ METHOD(public_key_t, get_encoding, bool, } default: { + const BIGNUM *bn_n, *bn_e; chunk_t n = chunk_empty, e = chunk_empty; - if (openssl_bn2chunk(this->rsa->n, &n) && - openssl_bn2chunk(this->rsa->e, &e)) + RSA_get0_key(this->rsa, &bn_n, &bn_e, NULL); + if (openssl_bn2chunk(bn_n, &n) && + openssl_bn2chunk(bn_e, &e)) { success = lib->encoding->encode(lib->encoding, type, NULL, encoding, CRED_PART_RSA_MODULUS, n, @@ -416,10 +424,15 @@ openssl_rsa_public_key_t *openssl_rsa_public_key_load(key_type_t type, } else if (n.ptr && e.ptr && type == KEY_RSA) { + BIGNUM *bn_n, *bn_e; + this->rsa = RSA_new(); - this->rsa->n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL); - this->rsa->e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL); - return &this->public; + bn_n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL); + bn_e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL); + if (RSA_set0_key(this->rsa, bn_n, bn_e, NULL)) + { + return &this->public; + } } destroy(this); return NULL; diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c index 446c93e2b..f6df03f12 100644 --- a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c +++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c @@ -40,7 +40,7 @@ struct private_openssl_sha1_prf_t { }; METHOD(prf_t, get_bytes, bool, - private_openssl_sha1_prf_t *this, chunk_t seed, u_int8_t *bytes) + private_openssl_sha1_prf_t *this, chunk_t seed, uint8_t *bytes) { #if OPENSSL_VERSION_NUMBER >= 0x10000000L if (!SHA1_Update(&this->ctx, seed.ptr, seed.len)) @@ -53,7 +53,7 @@ METHOD(prf_t, get_bytes, bool, if (bytes) { - u_int32_t *hash = (u_int32_t*)bytes; + uint32_t *hash = (uint32_t*)bytes; hash[0] = htonl(this->ctx.h0); hash[1] = htonl(this->ctx.h1); diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c index 2f9813701..6580e1c7d 100644 --- a/src/libstrongswan/plugins/openssl/openssl_util.c +++ b/src/libstrongswan/plugins/openssl/openssl_util.c @@ -22,6 +22,12 @@ #include #include +/* these were added with 1.1.0 when ASN1_OBJECT was made opaque */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L +#define OBJ_get0_data(o) ((o)->data) +#define OBJ_length(o) ((o)->length) +#endif + /** * Described in header. */ @@ -51,7 +57,7 @@ bool openssl_hash_chunk(int hash_type, chunk_t data, chunk_t *hash) goto error; } - *hash = chunk_alloc(hasher->md_size); + *hash = chunk_alloc(EVP_MD_size(hasher)); if (!EVP_DigestFinal_ex(ctx, hash->ptr, NULL)) { chunk_free(hash); @@ -70,7 +76,8 @@ error: /** * Described in header. */ -bool openssl_bn_cat(int len, BIGNUM *a, BIGNUM *b, chunk_t *chunk) +bool openssl_bn_cat(const int len, const BIGNUM *a, const BIGNUM *b, + chunk_t *chunk) { int offset; @@ -127,7 +134,7 @@ bool openssl_bn_split(chunk_t chunk, BIGNUM *a, BIGNUM *b) /** * Described in header. */ -bool openssl_bn2chunk(BIGNUM *bn, chunk_t *chunk) +bool openssl_bn2chunk(const BIGNUM *bn, chunk_t *chunk) { *chunk = chunk_alloc(BN_num_bytes(bn)); if (BN_bn2bin(bn, chunk->ptr) == chunk->len) @@ -149,7 +156,7 @@ chunk_t openssl_asn1_obj2chunk(ASN1_OBJECT *asn1) { if (asn1) { - return chunk_create((u_char*)asn1->data, asn1->length); + return chunk_create((u_char*)OBJ_get0_data(asn1), OBJ_length(asn1)); } return chunk_empty; } diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h index 2db073139..f4186e8c4 100644 --- a/src/libstrongswan/plugins/openssl/openssl_util.h +++ b/src/libstrongswan/plugins/openssl/openssl_util.h @@ -60,7 +60,8 @@ bool openssl_hash_chunk(int hash_type, chunk_t data, chunk_t *hash); * @param chunk resulting chunk * @return TRUE on success, FALSE otherwise */ -bool openssl_bn_cat(int len, BIGNUM *a, BIGNUM *b, chunk_t *chunk); +bool openssl_bn_cat(const int len, const BIGNUM *a, const BIGNUM *b, + chunk_t *chunk); /** * Splits a chunk into two bignums of equal binary length. @@ -80,7 +81,7 @@ bool openssl_bn_split(chunk_t chunk, BIGNUM *a, BIGNUM *b); * @param chunk the chunk (data gets allocated) * @return TRUE on success, FALSE otherwise */ -bool openssl_bn2chunk(BIGNUM *bn, chunk_t *chunk); +bool openssl_bn2chunk(const BIGNUM *bn, chunk_t *chunk); /** * Allocate a chunk using the i2d function of a given object @@ -134,4 +135,42 @@ int openssl_asn1_known_oid(ASN1_OBJECT *obj); */ time_t openssl_asn1_to_time(ASN1_TIME *time); +/** + * Macros to define fallback getters/setters to access keys (BIGNUM*) for types + * that were made opaque with OpenSSL 1.1.0. + */ +#define OPENSSL_KEY_FALLBACK(...) VA_ARGS_DISPATCH(OPENSSL_KEY_FALLBACK, __VA_ARGS__)(__VA_ARGS__) +#define OPENSSL_KEY_FALLBACK3(type, k1, k2) \ +__attribute__((unused)) \ +static inline void type##_get0(const type *o, const BIGNUM **k1, const BIGNUM **k2) { \ + if (k1) *k1 = o->k1; \ + if (k2) *k2 = o->k2; } \ +__attribute__((unused)) \ +static inline int type##_set0(type *o, BIGNUM *k1, BIGNUM *k2) { \ + if (k1) { BN_clear_free(o->k1); o->k1 = k1; } \ + if (k2) { BN_clear_free(o->k2); o->k2 = k2; } \ + return 1; } +#define OPENSSL_KEY_FALLBACK4(type, name, k1, k2) \ +__attribute__((unused)) \ +static inline void type##_get0_##name(const type *o, const BIGNUM **k1, const BIGNUM **k2) { \ + if (k1) *k1 = o->k1; \ + if (k2) *k2 = o->k2; } \ +__attribute__((unused)) \ +static inline int type##_set0_##name(type *o, BIGNUM *k1, BIGNUM *k2) { \ + if (k1) { BN_clear_free(o->k1); o->k1 = k1; } \ + if (k2) { BN_clear_free(o->k2); o->k2 = k2; } \ + return 1; } +#define OPENSSL_KEY_FALLBACK5(type, name, k1, k2, k3) \ +__attribute__((unused)) \ +static inline void type##_get0_##name(const type *o, const BIGNUM **k1, const BIGNUM **k2, const BIGNUM **k3) { \ + if (k1) *k1 = o->k1; \ + if (k2) *k2 = o->k2; \ + if (k3) *k3 = o->k3; } \ +__attribute__((unused)) \ +static inline int type##_set0_##name(type *o, BIGNUM *k1, BIGNUM *k2, BIGNUM *k3) { \ + if (k1) { BN_clear_free(o->k1); o->k1 = k1; } \ + if (k2) { BN_clear_free(o->k2); o->k2 = k2; } \ + if (k3) { BN_clear_free(o->k3); o->k3 = k3; } \ + return 1; } + #endif /** OPENSSL_UTIL_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index 7a5b206dd..e95eb729b 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -60,6 +60,25 @@ #define OPENSSL_NO_RFC3779 #endif +/* added with 1.0.2 */ +#if OPENSSL_VERSION_NUMBER < 0x10002000L +static inline void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509 *x) { + if (psig) { *psig = x->signature; } + if (palg) { *palg = x->sig_alg; } +} +#endif + +/* added with 1.1.0 when X509 etc. was made opaque */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L +#define X509_get0_extensions(x509) ({ (x509)->cert_info->extensions; }) +#define X509_get0_tbs_sigalg(x509) ({ (x509)->cert_info->signature; }) +#define X509_ALGOR_get0(oid, ppt, ppv, alg) ({ *(oid) = (alg)->algorithm; }) +#define X509_PUBKEY_get0_param(oid, pk, len, pa, pub) X509_ALGOR_get0(oid, NULL, NULL, (pub)->algor) +#define X509v3_addr_get_afi v3_addr_get_afi +#define X509v3_addr_get_range v3_addr_get_range +#define X509v3_addr_is_canonical v3_addr_is_canonical +#endif + typedef struct private_openssl_x509_t private_openssl_x509_t; /** @@ -380,6 +399,7 @@ METHOD(certificate_t, issued_by, bool, public_key_t *key; bool valid; x509_t *x509 = (x509_t*)issuer; + ASN1_BIT_STRING *sig; chunk_t tbs; if (&this->public.x509.interface == issuer) @@ -413,9 +433,14 @@ METHOD(certificate_t, issued_by, bool, { return FALSE; } + /* i2d_re_X509_tbs() was added with 1.1.0 when X509 was made opaque */ +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + tbs = openssl_i2chunk(re_X509_tbs, this->x509); +#else tbs = openssl_i2chunk(X509_CINF, this->x509->cert_info); - valid = key->verify(key, this->scheme, tbs, - openssl_asn1_str2chunk(this->x509->signature)); +#endif + X509_get0_signature(&sig, NULL, this->x509); + valid = key->verify(key, this->scheme, tbs, openssl_asn1_str2chunk(sig)); free(tbs.ptr); key->destroy(key); if (valid && scheme) @@ -850,7 +875,7 @@ static void parse_ipAddrBlock_ext_fam(private_openssl_x509_t *this, return; } - afi = v3_addr_get_afi(fam); + afi = X509v3_addr_get_afi(fam); switch (afi) { case IANA_AFI_IPV4: @@ -871,7 +896,7 @@ static void parse_ipAddrBlock_ext_fam(private_openssl_x509_t *this, for (i = 0; i < sk_IPAddressOrRange_num(list); i++) { aor = sk_IPAddressOrRange_value(list, i); - if (v3_addr_get_range(aor, afi, from.ptr, to.ptr, from.len) > 0) + if (X509v3_addr_get_range(aor, afi, from.ptr, to.ptr, from.len) > 0) { ts = traffic_selector_create_from_bytes(0, type, from, 0, to, 65535); if (ts) @@ -897,7 +922,7 @@ static bool parse_ipAddrBlock_ext(private_openssl_x509_t *this, return FALSE; } - if (!v3_addr_is_canonical(blocks)) + if (!X509v3_addr_is_canonical(blocks)) { sk_IPAddressFamily_free(blocks); return FALSE; @@ -964,7 +989,7 @@ static bool parse_extensions(private_openssl_x509_t *this) STACK_OF(X509_EXTENSION) *extensions; int i, num; - extensions = this->x509->cert_info->extensions; + extensions = X509_get0_extensions(this->x509); if (extensions) { num = sk_X509_EXTENSION_num(extensions); @@ -1041,6 +1066,8 @@ static bool parse_certificate(private_openssl_x509_t *this) const unsigned char *ptr = this->encoding.ptr; hasher_t *hasher; chunk_t chunk; + ASN1_OBJECT *oid, *oid_tbs; + X509_ALGOR *alg; this->x509 = d2i_X509(NULL, &ptr, this->encoding.len); if (!this->x509) @@ -1057,7 +1084,12 @@ static bool parse_certificate(private_openssl_x509_t *this) this->subject = openssl_x509_name2id(X509_get_subject_name(this->x509)); this->issuer = openssl_x509_name2id(X509_get_issuer_name(this->x509)); - switch (openssl_asn1_known_oid(this->x509->cert_info->key->algor->algorithm)) + if (!X509_PUBKEY_get0_param(&oid, NULL, NULL, NULL, + X509_get_X509_PUBKEY(this->x509))) + { + return FALSE; + } + switch (openssl_asn1_known_oid(oid)) { case OID_RSA_ENCRYPTION: this->pubkey = lib->creds->create(lib->creds, @@ -1086,14 +1118,18 @@ static bool parse_certificate(private_openssl_x509_t *this) this->notBefore = openssl_asn1_to_time(X509_get_notBefore(this->x509)); this->notAfter = openssl_asn1_to_time(X509_get_notAfter(this->x509)); - if (!chunk_equals( - openssl_asn1_obj2chunk(this->x509->cert_info->signature->algorithm), - openssl_asn1_obj2chunk(this->x509->sig_alg->algorithm))) + /* while X509_ALGOR_cmp() is declared in the headers of older OpenSSL + * versions, at least on Ubuntu 14.04 it is not actually defined */ + X509_get0_signature(NULL, &alg, this->x509); + X509_ALGOR_get0(&oid, NULL, NULL, alg); + alg = X509_get0_tbs_sigalg(this->x509); + X509_ALGOR_get0(&oid_tbs, NULL, NULL, alg); + if (!chunk_equals(openssl_asn1_obj2chunk(oid), + openssl_asn1_obj2chunk(oid_tbs))) { return FALSE; } - this->scheme = signature_scheme_from_oid(openssl_asn1_known_oid( - this->x509->sig_alg->algorithm)); + this->scheme = signature_scheme_from_oid(openssl_asn1_known_oid(oid)); if (!parse_extensions(this)) { diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in index 2d6006bca..e1cf497c8 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.in +++ b/src/libstrongswan/plugins/padlock/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/padlock -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/padlock/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/padlock/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -778,6 +791,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/padlock/padlock_rng.c b/src/libstrongswan/plugins/padlock/padlock_rng.c index 517914ab5..6b337d82c 100644 --- a/src/libstrongswan/plugins/padlock/padlock_rng.c +++ b/src/libstrongswan/plugins/padlock/padlock_rng.c @@ -81,7 +81,7 @@ METHOD(rng_t, allocate_bytes, bool, } METHOD(rng_t, get_bytes, bool, - private_padlock_rng_t *this, size_t bytes, u_int8_t *buffer) + private_padlock_rng_t *this, size_t bytes, uint8_t *buffer) { chunk_t chunk; diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c index 4489b902a..107ade09b 100644 --- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c +++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c @@ -54,9 +54,9 @@ static void padlock_sha1(int len, u_char *in, u_char *out) /** * sha1() a buffer of data into digest */ -static void sha1(chunk_t data, u_int32_t *digest) +static void sha1(chunk_t data, uint32_t *digest) { - u_int32_t hash[128] PADLOCK_ALIGN; + uint32_t hash[128] PADLOCK_ALIGN; hash[0] = 0x67452301; hash[1] = 0xefcdab89; @@ -91,18 +91,18 @@ METHOD(hasher_t, reset, bool, } METHOD(hasher_t, get_hash, bool, - private_padlock_sha1_hasher_t *this, chunk_t chunk, u_int8_t *hash) + private_padlock_sha1_hasher_t *this, chunk_t chunk, uint8_t *hash) { if (hash) { if (this->data.len) { append_data(this, chunk); - sha1(this->data, (u_int32_t*)hash); + sha1(this->data, (uint32_t*)hash); } else { /* hash directly if no previous data found */ - sha1(chunk, (u_int32_t*)hash); + sha1(chunk, (uint32_t*)hash); } reset(this); } diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in index 16dfbed3a..3e6b8d0bb 100644 --- a/src/libstrongswan/plugins/pem/Makefile.in +++ b/src/libstrongswan/plugins/pem/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/pem -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pem/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/pem/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c index f0e508abf..719a2a69e 100644 --- a/src/libstrongswan/plugins/pem/pem_builder.c +++ b/src/libstrongswan/plugins/pem/pem_builder.c @@ -93,7 +93,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, chunk_t hash; chunk_t decrypted; chunk_t key = {alloca(key_size), key_size}; - u_int8_t padding, *last_padding_pos, *first_padding_pos; + uint8_t padding, *last_padding_pos, *first_padding_pos; /* build key from passphrase and IV */ hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in index a55877952..e9c85e57f 100644 --- a/src/libstrongswan/plugins/pgp/Makefile.in +++ b/src/libstrongswan/plugins/pgp/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/pgp -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pgp/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/pgp/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -778,6 +791,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.c b/src/libstrongswan/plugins/pgp/pgp_builder.c index 152e83aaa..fe0be45d9 100644 --- a/src/libstrongswan/plugins/pgp/pgp_builder.c +++ b/src/libstrongswan/plugins/pgp/pgp_builder.c @@ -26,7 +26,7 @@ */ static public_key_t *parse_public_key(chunk_t blob) { - u_int32_t alg; + uint32_t alg; public_key_t *key; if (!pgp_read_scalar(&blob, 1, &alg)) @@ -74,7 +74,7 @@ static public_key_t *parse_rsa_public_key(chunk_t blob) static private_key_t *parse_rsa_private_key(chunk_t blob) { chunk_t mpi[6]; - u_int32_t s2k; + uint32_t s2k; int i; for (i = 0; i < 2; i++) @@ -143,7 +143,7 @@ static private_key_t *parse_private_key(chunk_t blob) { chunk_t packet; pgp_packet_tag_t tag; - u_int32_t version, created, days, alg; + uint32_t version, created, days, alg; private_key_t *key; if (!pgp_read_packet(&blob, &packet, &tag)) diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.c b/src/libstrongswan/plugins/pgp/pgp_cert.c index 89d7094ad..0ffce4cfc 100644 --- a/src/libstrongswan/plugins/pgp/pgp_cert.c +++ b/src/libstrongswan/plugins/pgp/pgp_cert.c @@ -40,17 +40,17 @@ struct private_pgp_cert_t { /** * version of the public key */ - u_int32_t version; + uint32_t version; /** * creation time */ - u_int32_t created; + uint32_t created; /** * days the certificate is valid */ - u_int32_t valid; + uint32_t valid; /** * userid of the certificate @@ -349,7 +349,7 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet) */ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet) { - u_int32_t version, len, type, created; + uint32_t version, len, type, created; if (!pgp_read_scalar(&packet, 1, &version)) { diff --git a/src/libstrongswan/plugins/pgp/pgp_utils.c b/src/libstrongswan/plugins/pgp/pgp_utils.c index bb15627fd..283bf8c36 100644 --- a/src/libstrongswan/plugins/pgp/pgp_utils.c +++ b/src/libstrongswan/plugins/pgp/pgp_utils.c @@ -73,9 +73,9 @@ ENUM_END(pgp_packet_tag_names, PGP_PKT_MOD_DETECT_CODE); /** * Read a PGP scalar of bytes length, advance blob */ -bool pgp_read_scalar(chunk_t *blob, size_t bytes, u_int32_t *scalar) +bool pgp_read_scalar(chunk_t *blob, size_t bytes, uint32_t *scalar) { - u_int32_t res = 0; + uint32_t res = 0; if (bytes > blob->len) { @@ -96,7 +96,7 @@ bool pgp_read_scalar(chunk_t *blob, size_t bytes, u_int32_t *scalar) */ bool pgp_read_mpi(chunk_t *blob, chunk_t *mpi) { - u_int32_t bits, bytes; + uint32_t bits, bytes; if (!pgp_read_scalar(blob, 2, &bits)) { @@ -117,7 +117,7 @@ bool pgp_read_mpi(chunk_t *blob, chunk_t *mpi) /** * Read length of an PGP old packet length encoding */ -static bool pgp_old_packet_length(chunk_t *blob, u_int32_t *length) +static bool pgp_old_packet_length(chunk_t *blob, uint32_t *length) { /* bits 0 and 1 define the packet length type */ u_char type; @@ -141,7 +141,7 @@ static bool pgp_old_packet_length(chunk_t *blob, u_int32_t *length) */ bool pgp_read_packet(chunk_t *blob, chunk_t *data, pgp_packet_tag_t *tag) { - u_int32_t len; + uint32_t len; u_char t; if (!blob->len) diff --git a/src/libstrongswan/plugins/pgp/pgp_utils.h b/src/libstrongswan/plugins/pgp/pgp_utils.h index 203a0a85d..180292a7a 100644 --- a/src/libstrongswan/plugins/pgp/pgp_utils.h +++ b/src/libstrongswan/plugins/pgp/pgp_utils.h @@ -115,7 +115,7 @@ bool pgp_read_mpi(chunk_t *blob, chunk_t *mpi); * @param scalar resultin scalar * @return TRUE if scalar parsed successfully */ -bool pgp_read_scalar(chunk_t *blob, size_t bytes, u_int32_t *scalar); +bool pgp_read_scalar(chunk_t *blob, size_t bytes, uint32_t *scalar); /** * Parse a PGP packet. diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in index a265818b0..a61eb1ab2 100644 --- a/src/libstrongswan/plugins/pkcs1/Makefile.in +++ b/src/libstrongswan/plugins/pkcs1/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/pkcs1 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs1/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs1/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in index f4bded41a..61919e3dd 100644 --- a/src/libstrongswan/plugins/pkcs11/Makefile.in +++ b/src/libstrongswan/plugins/pkcs11/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/pkcs11 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -469,7 +483,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs11/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs11/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -790,6 +803,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c index 80079b9a9..847f03115 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c @@ -146,7 +146,7 @@ METHOD(hasher_t, reset, bool, } METHOD(hasher_t, get_hash, bool, - private_pkcs11_hasher_t *this, chunk_t chunk, u_int8_t *hash) + private_pkcs11_hasher_t *this, chunk_t chunk, uint8_t *hash) { CK_RV rv; CK_ULONG len; diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c index bfc545972..aec4550ce 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c @@ -295,13 +295,19 @@ METHOD(private_key_t, sign, bool, case SIGN_ECDSA_WITH_SHA256_DER: case SIGN_ECDSA_WITH_SHA384_DER: case SIGN_ECDSA_WITH_SHA512_DER: - /* return an ASN.1 encoded sequence of integers r and s */ + { + chunk_t r, s; + + /* return an ASN.1 encoded sequence of integers r and s, removing + * any zero-padding */ len /= 2; + r = chunk_skip_zero(chunk_create(buf, len)); + s = chunk_skip_zero(chunk_create(buf+len, len)); *signature = asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_integer("c", chunk_create(buf, len)), - asn1_integer("c", chunk_create(buf+len, len))); + asn1_integer("c", r), asn1_integer("c", s)); free(buf); break; + } default: *signature = chunk_create(buf, len); break; diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c index d18028b45..753835187 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c @@ -44,7 +44,7 @@ struct private_pkcs11_rng_t { }; METHOD(rng_t, get_bytes, bool, - private_pkcs11_rng_t *this, size_t bytes, u_int8_t *buffer) + private_pkcs11_rng_t *this, size_t bytes, uint8_t *buffer) { CK_RV rv; rv = this->lib->f->C_GenerateRandom(this->session, buffer, bytes); diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.in b/src/libstrongswan/plugins/pkcs12/Makefile.in index 7fd31583b..02b7d2902 100644 --- a/src/libstrongswan/plugins/pkcs12/Makefile.in +++ b/src/libstrongswan/plugins/pkcs12/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/pkcs12 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs12/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs12/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/pkcs12/pkcs12_decode.c b/src/libstrongswan/plugins/pkcs12/pkcs12_decode.c index 4441b278f..82fc0c0b9 100644 --- a/src/libstrongswan/plugins/pkcs12/pkcs12_decode.c +++ b/src/libstrongswan/plugins/pkcs12/pkcs12_decode.c @@ -324,7 +324,7 @@ end: * Verify the given MAC with available passwords. */ static bool verify_mac(hash_algorithm_t hash, chunk_t salt, - u_int64_t iterations, chunk_t data, chunk_t mac) + uint64_t iterations, chunk_t data, chunk_t mac) { integrity_algorithm_t integ; enumerator_t *enumerator; @@ -450,7 +450,7 @@ static bool parse_PFX(private_pkcs12_t *this, chunk_t blob) data = chunk_empty; hash_algorithm_t hash = HASH_UNKNOWN; container_t *container = NULL; - u_int64_t iterations = 0; + uint64_t iterations = 0; bool success = FALSE; parser = asn1_parser_create(PFXObjects, blob); diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.in b/src/libstrongswan/plugins/pkcs7/Makefile.in index 5fc439b99..5a758aa14 100644 --- a/src/libstrongswan/plugins/pkcs7/Makefile.in +++ b/src/libstrongswan/plugins/pkcs7/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/pkcs7 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -466,7 +480,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs7/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs7/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -785,6 +798,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in index 162868af5..92f751a61 100644 --- a/src/libstrongswan/plugins/pkcs8/Makefile.in +++ b/src/libstrongswan/plugins/pkcs8/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/pkcs8 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs8/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs8/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -772,6 +785,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/plugin_feature.c b/src/libstrongswan/plugins/plugin_feature.c index 0ea5eeaf8..4c92c412c 100644 --- a/src/libstrongswan/plugins/plugin_feature.c +++ b/src/libstrongswan/plugins/plugin_feature.c @@ -57,7 +57,7 @@ ENUM(plugin_feature_names, FEATURE_NONE, FEATURE_CUSTOM, /** * See header. */ -u_int32_t plugin_feature_hash(plugin_feature_t *feature) +uint32_t plugin_feature_hash(plugin_feature_t *feature) { chunk_t data = chunk_empty; diff --git a/src/libstrongswan/plugins/plugin_feature.h b/src/libstrongswan/plugins/plugin_feature.h index 03f1ba8cc..ee7808a94 100644 --- a/src/libstrongswan/plugins/plugin_feature.h +++ b/src/libstrongswan/plugins/plugin_feature.h @@ -362,7 +362,7 @@ static inline void plugin_features_add(plugin_feature_t *features, * @param feature feature to hash * @return hash value of the feature */ -u_int32_t plugin_feature_hash(plugin_feature_t *feature); +uint32_t plugin_feature_hash(plugin_feature_t *feature); /** * Check if feature a matches to feature b. diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c index 01d0495be..5787eac00 100644 --- a/src/libstrongswan/plugins/plugin_loader.c +++ b/src/libstrongswan/plugins/plugin_loader.c @@ -1024,6 +1024,15 @@ static int plugin_priority_cmp(const plugin_priority_t *a, return diff; } +/** + * Convert enumerated plugin_priority_t to a plugin name + */ +static bool plugin_priority_filter(void *null, plugin_priority_t **prio, + char **name) +{ + *name = (*prio)->name; + return TRUE; +} /** * Determine the list of plugins to load via load option in each plugin's @@ -1036,12 +1045,7 @@ static char *modular_pluginlist(char *list) plugin_priority_t item, *current, found; char *plugin, *plugins = NULL; int i = 0, max_prio; - - if (!lib->settings->get_bool(lib->settings, "%s.load_modular", FALSE, - lib->ns)) - { - return list; - } + bool load_def = FALSE; given = array_create(sizeof(plugin_priority_t), 0); final = array_create(sizeof(plugin_priority_t), 0); @@ -1058,16 +1062,26 @@ static char *modular_pluginlist(char *list) /* the maximum priority used for plugins not found in this list */ max_prio = i + 1; - enumerator = lib->settings->create_section_enumerator(lib->settings, + if (lib->settings->get_bool(lib->settings, "%s.load_modular", FALSE, + lib->ns)) + { + enumerator = lib->settings->create_section_enumerator(lib->settings, "%s.plugins", lib->ns); + } + else + { + enumerator = enumerator_create_filter(array_create_enumerator(given), + (void*)plugin_priority_filter, NULL, NULL); + load_def = TRUE; + } while (enumerator->enumerate(enumerator, &plugin)) { item.prio = lib->settings->get_int(lib->settings, - "%s.plugins.%s.load", 0, lib->ns, plugin); + "%s.plugins.%s.load", 0, lib->ns, plugin); if (!item.prio) { if (!lib->settings->get_bool(lib->settings, - "%s.plugins.%s.load", FALSE, lib->ns, plugin)) + "%s.plugins.%s.load", load_def, lib->ns, plugin)) { continue; } @@ -1083,7 +1097,6 @@ static char *modular_pluginlist(char *list) array_insert(final, ARRAY_TAIL, &item); } enumerator->destroy(enumerator); - array_destroy_function(given, (void*)plugin_priority_free, NULL); array_sort(final, (void*)plugin_priority_cmp, NULL); @@ -1100,6 +1113,7 @@ static char *modular_pluginlist(char *list) free(prev); } enumerator->destroy(enumerator); + array_destroy_function(given, (void*)plugin_priority_free, NULL); array_destroy(final); return plugins; } diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in index 007bdbd00..c5decc3a4 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.in +++ b/src/libstrongswan/plugins/pubkey/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/pubkey -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pubkey/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/pubkey/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in index f6dc73e09..b78e62732 100644 --- a/src/libstrongswan/plugins/random/Makefile.in +++ b/src/libstrongswan/plugins/random/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/random -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/random/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/random/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c index 177b3c2e5..3760630ab 100644 --- a/src/libstrongswan/plugins/random/random_rng.c +++ b/src/libstrongswan/plugins/random/random_rng.c @@ -41,7 +41,7 @@ struct private_random_rng_t { }; METHOD(rng_t, get_bytes, bool, - private_random_rng_t *this, size_t bytes, u_int8_t *buffer) + private_random_rng_t *this, size_t bytes, uint8_t *buffer) { size_t done; ssize_t got; diff --git a/src/libstrongswan/plugins/rc2/Makefile.in b/src/libstrongswan/plugins/rc2/Makefile.in index b9fc8bdf6..51f6a17a7 100644 --- a/src/libstrongswan/plugins/rc2/Makefile.in +++ b/src/libstrongswan/plugins/rc2/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/rc2 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/rc2/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/rc2/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/rc2/rc2_crypter.c b/src/libstrongswan/plugins/rc2/rc2_crypter.c index 256acf817..d9681e834 100644 --- a/src/libstrongswan/plugins/rc2/rc2_crypter.c +++ b/src/libstrongswan/plugins/rc2/rc2_crypter.c @@ -19,11 +19,11 @@ typedef struct private_rc2_crypter_t private_rc2_crypter_t; #define RC2_BLOCK_SIZE 8 -#define ROL16(x, k) ({ u_int16_t _x = (x); (_x << (k)) | (_x >> (16 - (k))); }) -#define ROR16(x, k) ({ u_int16_t _x = (x); (_x >> (k)) | (_x << (16 - (k))); }) +#define ROL16(x, k) ({ uint16_t _x = (x); (_x << (k)) | (_x >> (16 - (k))); }) +#define ROR16(x, k) ({ uint16_t _x = (x); (_x >> (k)) | (_x << (16 - (k))); }) -#define GET16(x) ({ u_char *_x = (x); (u_int16_t)_x[0] | ((u_int16_t)_x[1] << 8); }) -#define PUT16(x, v) ({ u_char *_x = (x); u_int16_t _v = (v); _x[0] = _v, _x[1] = _v >> 8; }) +#define GET16(x) ({ u_char *_x = (x); (uint16_t)_x[0] | ((uint16_t)_x[1] << 8); }) +#define PUT16(x, v) ({ u_char *_x = (x); uint16_t _v = (v); _x[0] = _v, _x[1] = _v >> 8; }) /** * Private data of rc2_crypter_t @@ -38,7 +38,7 @@ struct private_rc2_crypter_t { /** * The expanded key in 16-bit words */ - u_int16_t K[64]; + uint16_t K[64]; /** * Key size in bytes @@ -95,7 +95,7 @@ static const u_char PITABLE[256] = */ static void encrypt_block(private_rc2_crypter_t *this, u_char R[]) { - register u_int16_t R0, R1, R2, R3, *Kj; + register uint16_t R0, R1, R2, R3, *Kj; int rounds = 3, mix = 5; R0 = GET16(R); @@ -139,7 +139,7 @@ static void encrypt_block(private_rc2_crypter_t *this, u_char R[]) */ static void decrypt_block(private_rc2_crypter_t *this, u_char R[]) { - register u_int16_t R0, R1, R2, R3, *Kj; + register uint16_t R0, R1, R2, R3, *Kj; int rounds = 3, mix = 5; R0 = GET16(R); @@ -185,7 +185,7 @@ static void decrypt_block(private_rc2_crypter_t *this, u_char R[]) METHOD(crypter_t, decrypt, bool, private_rc2_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted) { - u_int8_t *in, *out, *prev; + uint8_t *in, *out, *prev; if (data.len % RC2_BLOCK_SIZE || iv.len != RC2_BLOCK_SIZE) { @@ -222,7 +222,7 @@ METHOD(crypter_t, decrypt, bool, METHOD(crypter_t, encrypt, bool, private_rc2_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { - u_int8_t *in, *out, *end, *prev; + uint8_t *in, *out, *end, *prev; if (data.len % RC2_BLOCK_SIZE || iv.len != RC2_BLOCK_SIZE) { @@ -273,7 +273,7 @@ METHOD(crypter_t, get_key_size, size_t, METHOD(crypter_t, set_key, bool, private_rc2_crypter_t *this, chunk_t key) { - u_int8_t L[128], T8, TM, idx; + uint8_t L[128], T8, TM, idx; int i; if (key.len != this->T) diff --git a/src/libstrongswan/plugins/rdrand/Makefile.in b/src/libstrongswan/plugins/rdrand/Makefile.in index f6bdf9c59..ff853b691 100644 --- a/src/libstrongswan/plugins/rdrand/Makefile.in +++ b/src/libstrongswan/plugins/rdrand/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/rdrand -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/rdrand/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/rdrand/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/rdrand/rdrand_rng.c b/src/libstrongswan/plugins/rdrand/rdrand_rng.c index fa66f3ad7..b7225b6a2 100644 --- a/src/libstrongswan/plugins/rdrand/rdrand_rng.c +++ b/src/libstrongswan/plugins/rdrand/rdrand_rng.c @@ -54,7 +54,7 @@ struct private_rdrand_rng_t { /** * Get a two byte word using RDRAND */ -static bool rdrand16(u_int16_t *out) +static bool rdrand16(uint16_t *out) { u_char res; int i; @@ -76,7 +76,7 @@ static bool rdrand16(u_int16_t *out) /** * Get a four byte word using RDRAND */ -static bool rdrand32(u_int32_t *out) +static bool rdrand32(uint32_t *out) { u_char res; int i; @@ -99,7 +99,7 @@ static bool rdrand32(u_int32_t *out) /** * Get a eight byte word using RDRAND */ -static bool rdrand64(u_int64_t *out) +static bool rdrand64(uint64_t *out) { u_char res; int i; @@ -122,9 +122,9 @@ static bool rdrand64(u_int64_t *out) /** * Get a one byte word using RDRAND */ -static bool rdrand8(u_int8_t *out) +static bool rdrand8(uint8_t *out) { - u_int16_t u16; + uint16_t u16; if (!rdrand16(&u16)) { @@ -141,15 +141,15 @@ static bool rdrand128(void *out) { #ifdef __x86_64__ if (!rdrand64(out) || - !rdrand64(out + sizeof(u_int64_t))) + !rdrand64(out + sizeof(uint64_t))) { return FALSE; } #else /* __i386__ */ if (!rdrand32(out) || - !rdrand32(out + 1 * sizeof(u_int32_t)) || - !rdrand32(out + 2 * sizeof(u_int32_t)) || - !rdrand32(out + 3 * sizeof(u_int32_t))) + !rdrand32(out + 1 * sizeof(uint32_t)) || + !rdrand32(out + 2 * sizeof(uint32_t)) || + !rdrand32(out + 3 * sizeof(uint32_t))) { return FALSE; } @@ -165,9 +165,9 @@ static bool reseed() int i; #ifdef __x86_64__ - u_int64_t tmp; + uint64_t tmp; - for (i = 0; i < 511 * 16 / sizeof(u_int64_t); i++) + for (i = 0; i < 511 * 16 / sizeof(uint64_t); i++) { if (!rdrand64(&tmp)) { @@ -175,9 +175,9 @@ static bool reseed() } } #else /* __i386__ */ - u_int32_t tmp; + uint32_t tmp; - for (i = 0; i < 511 * 16 / sizeof(u_int32_t); i++) + for (i = 0; i < 511 * 16 / sizeof(uint32_t); i++) { if (!rdrand32(&tmp)) { @@ -202,48 +202,48 @@ static bool rdrand_chunk(private_rdrand_rng_t *this, chunk_t chunk) } /* align to 2 byte */ - if (chunk.len >= sizeof(u_int8_t)) + if (chunk.len >= sizeof(uint8_t)) { if ((uintptr_t)chunk.ptr % 2) { - if (!rdrand8((u_int8_t*)chunk.ptr)) + if (!rdrand8((uint8_t*)chunk.ptr)) { return FALSE; } - chunk = chunk_skip(chunk, sizeof(u_int8_t)); + chunk = chunk_skip(chunk, sizeof(uint8_t)); } } /* align to 4 byte */ - if (chunk.len >= sizeof(u_int16_t)) + if (chunk.len >= sizeof(uint16_t)) { if ((uintptr_t)chunk.ptr % 4) { - if (!rdrand16((u_int16_t*)chunk.ptr)) + if (!rdrand16((uint16_t*)chunk.ptr)) { return FALSE; } - chunk = chunk_skip(chunk, sizeof(u_int16_t)); + chunk = chunk_skip(chunk, sizeof(uint16_t)); } } #ifdef __x86_64__ /* align to 8 byte */ - if (chunk.len >= sizeof(u_int32_t)) + if (chunk.len >= sizeof(uint32_t)) { if ((uintptr_t)chunk.ptr % 8) { - if (!rdrand32((u_int32_t*)chunk.ptr)) + if (!rdrand32((uint32_t*)chunk.ptr)) { return FALSE; } - chunk = chunk_skip(chunk, sizeof(u_int32_t)); + chunk = chunk_skip(chunk, sizeof(uint32_t)); } } /* fill with 8 byte words */ - while (chunk.len >= sizeof(u_int64_t)) + while (chunk.len >= sizeof(uint64_t)) { if (this->quality == RNG_STRONG && chunk.len % FORCE_RESEED == 0) { @@ -252,27 +252,27 @@ static bool rdrand_chunk(private_rdrand_rng_t *this, chunk_t chunk) return FALSE; } } - if (!rdrand64((u_int64_t*)chunk.ptr)) + if (!rdrand64((uint64_t*)chunk.ptr)) { return FALSE; } - chunk = chunk_skip(chunk, sizeof(u_int64_t)); + chunk = chunk_skip(chunk, sizeof(uint64_t)); } /* append 4 byte word */ - if (chunk.len >= sizeof(u_int32_t)) + if (chunk.len >= sizeof(uint32_t)) { - if (!rdrand32((u_int32_t*)chunk.ptr)) + if (!rdrand32((uint32_t*)chunk.ptr)) { return FALSE; } - chunk = chunk_skip(chunk, sizeof(u_int32_t)); + chunk = chunk_skip(chunk, sizeof(uint32_t)); } #else /* __i386__ */ /* fill with 4 byte words */ - while (chunk.len >= sizeof(u_int32_t)) + while (chunk.len >= sizeof(uint32_t)) { if (this->quality == RNG_STRONG && chunk.len % FORCE_RESEED == 0) { @@ -281,11 +281,11 @@ static bool rdrand_chunk(private_rdrand_rng_t *this, chunk_t chunk) return FALSE; } } - if (!rdrand32((u_int32_t*)chunk.ptr)) + if (!rdrand32((uint32_t*)chunk.ptr)) { return FALSE; } - chunk = chunk_skip(chunk, sizeof(u_int32_t)); + chunk = chunk_skip(chunk, sizeof(uint32_t)); } #endif /* __x86_64__ / __i386__ */ @@ -299,23 +299,23 @@ static bool rdrand_chunk(private_rdrand_rng_t *this, chunk_t chunk) } /* append 2 byte word */ - if (chunk.len >= sizeof(u_int16_t)) + if (chunk.len >= sizeof(uint16_t)) { - if (!rdrand16((u_int16_t*)chunk.ptr)) + if (!rdrand16((uint16_t*)chunk.ptr)) { return FALSE; } - chunk = chunk_skip(chunk, sizeof(u_int16_t)); + chunk = chunk_skip(chunk, sizeof(uint16_t)); } /* append 1 byte word */ - if (chunk.len >= sizeof(u_int8_t)) + if (chunk.len >= sizeof(uint8_t)) { - if (!rdrand8((u_int8_t*)chunk.ptr)) + if (!rdrand8((uint8_t*)chunk.ptr)) { return FALSE; } - chunk = chunk_skip(chunk, sizeof(u_int8_t)); + chunk = chunk_skip(chunk, sizeof(uint8_t)); } return TRUE; @@ -378,7 +378,7 @@ static bool rdrand_mixed(private_rdrand_rng_t *this, chunk_t chunk) } METHOD(rng_t, get_bytes, bool, - private_rdrand_rng_t *this, size_t bytes, u_int8_t *buffer) + private_rdrand_rng_t *this, size_t bytes, uint8_t *buffer) { switch (this->quality) { diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in index 4c7f2723b..e6ce51936 100644 --- a/src/libstrongswan/plugins/revocation/Makefile.in +++ b/src/libstrongswan/plugins/revocation/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/revocation -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/revocation/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/revocation/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in index 1de07d754..14d3430a6 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.in +++ b/src/libstrongswan/plugins/sha1/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/sha1 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha1/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha1/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/sha1/sha1_hasher.c b/src/libstrongswan/plugins/sha1/sha1_hasher.c index b51a26152..fca65dfa2 100644 --- a/src/libstrongswan/plugins/sha1/sha1_hasher.c +++ b/src/libstrongswan/plugins/sha1/sha1_hasher.c @@ -59,20 +59,20 @@ struct private_sha1_hasher_t { /* * State of the hasher. Shared with sha1_prf.c, do not change it!!! */ - u_int32_t state[5]; - u_int32_t count[2]; - u_int8_t buffer[64]; + uint32_t state[5]; + uint32_t count[2]; + uint8_t buffer[64]; }; /* * Hash a single 512-bit block. This is the core of the algorithm. * */ -static void SHA1Transform(u_int32_t state[5], const unsigned char buffer[64]) +static void SHA1Transform(uint32_t state[5], const unsigned char buffer[64]) { - u_int32_t a, b, c, d, e; + uint32_t a, b, c, d, e; typedef union { - u_int8_t c[64]; - u_int32_t l[16]; + uint8_t c[64]; + uint32_t l[16]; } CHAR64LONG16; CHAR64LONG16 block[1]; /* use array to appear as a pointer */ memcpy(block, buffer, 64); @@ -118,10 +118,10 @@ static void SHA1Transform(u_int32_t state[5], const unsigned char buffer[64]) /** * Run your data through this. Also used in sha1_prf. */ -void SHA1Update(private_sha1_hasher_t* this, u_int8_t *data, u_int32_t len) +void SHA1Update(private_sha1_hasher_t* this, uint8_t *data, uint32_t len) { - u_int32_t i; - u_int32_t j; + uint32_t i; + uint32_t j; j = this->count[0]; if ((this->count[0] += len << 3) < j) @@ -151,15 +151,15 @@ void SHA1Update(private_sha1_hasher_t* this, u_int8_t *data, u_int32_t len) /* * Add padding and return the message digest. */ -static void SHA1Final(private_sha1_hasher_t *this, u_int8_t *digest) +static void SHA1Final(private_sha1_hasher_t *this, uint8_t *digest) { - u_int32_t i; - u_int8_t finalcount[8]; - u_int8_t c; + uint32_t i; + uint8_t finalcount[8]; + uint8_t c; for (i = 0; i < 8; i++) { - finalcount[i] = (u_int8_t)((this->count[(i >= 4 ? 0 : 1)] + finalcount[i] = (uint8_t)((this->count[(i >= 4 ? 0 : 1)] >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ } c = 0200; @@ -172,7 +172,7 @@ static void SHA1Final(private_sha1_hasher_t *this, u_int8_t *digest) SHA1Update(this, finalcount, 8); /* Should cause a SHA1Transform() */ for (i = 0; i < 20; i++) { - digest[i] = (u_int8_t)((this->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); + digest[i] = (uint8_t)((this->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); } } @@ -191,7 +191,7 @@ METHOD(hasher_t, reset, bool, } METHOD(hasher_t, get_hash, bool, - private_sha1_hasher_t *this, chunk_t chunk, u_int8_t *buffer) + private_sha1_hasher_t *this, chunk_t chunk, uint8_t *buffer) { SHA1Update(this, chunk.ptr, chunk.len); if (buffer != NULL) diff --git a/src/libstrongswan/plugins/sha1/sha1_prf.c b/src/libstrongswan/plugins/sha1/sha1_prf.c index cc4924a80..464f4c9ec 100644 --- a/src/libstrongswan/plugins/sha1/sha1_prf.c +++ b/src/libstrongswan/plugins/sha1/sha1_prf.c @@ -33,9 +33,9 @@ struct private_sha1_hasher_t { /* * State of the hasher. From sha1_hasher.c, do not change it! */ - u_int32_t state[5]; - u_int32_t count[2]; - u_int8_t buffer[64]; + uint32_t state[5]; + uint32_t count[2]; + uint8_t buffer[64]; }; /** @@ -57,12 +57,12 @@ struct private_sha1_prf_t { /** * From sha1_hasher.c */ -extern void SHA1Update(private_sha1_hasher_t* this, u_int8_t *data, u_int32_t len); +extern void SHA1Update(private_sha1_hasher_t* this, uint8_t *data, uint32_t len); METHOD(prf_t, get_bytes, bool, - private_sha1_prf_t *this, chunk_t seed, u_int8_t *bytes) + private_sha1_prf_t *this, chunk_t seed, uint8_t *bytes) { - u_int32_t *hash = (u_int32_t*)bytes; + uint32_t *hash = (uint32_t*)bytes; SHA1Update(this->hasher, seed.ptr, seed.len); @@ -98,14 +98,14 @@ METHOD(prf_t, set_key, bool, private_sha1_prf_t *this, chunk_t key) { int i, rounds; - u_int32_t *iv = (u_int32_t*)key.ptr; + uint32_t *iv = (uint32_t*)key.ptr; if (!this->hasher->public.hasher_interface.reset( &this->hasher->public.hasher_interface)) { return FALSE; } - rounds = min(key.len/sizeof(u_int32_t), sizeof(this->hasher->state)); + rounds = min(key.len/sizeof(uint32_t), sizeof(this->hasher->state)); for (i = 0; i < rounds; i++) { this->hasher->state[i] ^= htonl(iv[i]); diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in index d4af8fbcf..de341503b 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.in +++ b/src/libstrongswan/plugins/sha2/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/sha2 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha2/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha2/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/sha2/sha2_hasher.c b/src/libstrongswan/plugins/sha2/sha2_hasher.c index 1c6dd2533..89e7675e3 100644 --- a/src/libstrongswan/plugins/sha2/sha2_hasher.c +++ b/src/libstrongswan/plugins/sha2/sha2_hasher.c @@ -33,9 +33,9 @@ struct private_sha512_hasher_t { sha2_hasher_t public; unsigned char sha_out[128]; /* results are here, bytes 0..47/0..63 */ - u_int64_t sha_H[8]; - u_int64_t sha_blocks; - u_int64_t sha_blocksMSB; + uint64_t sha_H[8]; + uint64_t sha_blocks; + uint64_t sha_blocksMSB; int sha_bufCnt; }; @@ -52,23 +52,23 @@ struct private_sha256_hasher_t { sha2_hasher_t public; unsigned char sha_out[64]; /* results are here, bytes 0...31 */ - u_int32_t sha_H[8]; - u_int64_t sha_blocks; + uint32_t sha_H[8]; + uint64_t sha_blocks; int sha_bufCnt; }; -static const u_int32_t sha224_hashInit[8] = { +static const uint32_t sha224_hashInit[8] = { 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4 }; -static const u_int32_t sha256_hashInit[8] = { +static const uint32_t sha256_hashInit[8] = { 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 }; -static const u_int32_t sha256_K[64] = { +static const uint32_t sha256_K[64] = { 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, @@ -82,19 +82,19 @@ static const u_int32_t sha256_K[64] = { 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 }; -static const u_int64_t sha512_hashInit[8] = { +static const uint64_t sha512_hashInit[8] = { 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL }; -static const u_int64_t sha384_hashInit[8] = { +static const uint64_t sha384_hashInit[8] = { 0xcbbb9d5dc1059ed8ULL, 0x629a292a367cd507ULL, 0x9159015a3070dd17ULL, 0x152fecd8f70e5939ULL, 0x67332667ffc00b31ULL, 0x8eb44a8768581511ULL, 0xdb0c2e0d64f98fa7ULL, 0x47b5481dbefa4fa4ULL }; -static const u_int64_t sha512_K[80] = { +static const uint64_t sha512_K[80] = { 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL, @@ -143,14 +143,14 @@ static void sha256_transform(private_sha256_hasher_t *ctx, const unsigned char *datap) { register int j; - u_int32_t a, b, c, d, e, f, g, h; - u_int32_t T1, T2, W[64], Wm2, Wm15; + uint32_t a, b, c, d, e, f, g, h; + uint32_t T1, T2, W[64], Wm2, Wm15; /* read the data, big endian byte order */ j = 0; do { - W[j] = (((u_int32_t)(datap[0]))<<24) | (((u_int32_t)(datap[1]))<<16) | - (((u_int32_t)(datap[2]))<<8 ) | ((u_int32_t)(datap[3])); + W[j] = (((uint32_t)(datap[0]))<<24) | (((uint32_t)(datap[1]))<<16) | + (((uint32_t)(datap[2]))<<8 ) | ((uint32_t)(datap[3])); datap += 4; } while(++j < 16); @@ -229,8 +229,8 @@ static void sha256_write(private_sha256_hasher_t *ctx, static void sha256_final(private_sha256_hasher_t *ctx) { register int j; - u_int64_t bitLength; - u_int32_t i; + uint64_t bitLength; + uint32_t i; unsigned char padByte, *datap; bitLength = (ctx->sha_blocks << 9) | (ctx->sha_bufCnt << 3); @@ -287,16 +287,16 @@ static void sha512_transform(private_sha512_hasher_t *ctx, const unsigned char *datap) { register int j; - u_int64_t a, b, c, d, e, f, g, h; - u_int64_t T1, T2, W[80], Wm2, Wm15; + uint64_t a, b, c, d, e, f, g, h; + uint64_t T1, T2, W[80], Wm2, Wm15; /* read the data, big endian byte order */ j = 0; do { - W[j] = (((u_int64_t)(datap[0]))<<56) | (((u_int64_t)(datap[1]))<<48) | - (((u_int64_t)(datap[2]))<<40) | (((u_int64_t)(datap[3]))<<32) | - (((u_int64_t)(datap[4]))<<24) | (((u_int64_t)(datap[5]))<<16) | - (((u_int64_t)(datap[6]))<<8 ) | ((u_int64_t)(datap[7])); + W[j] = (((uint64_t)(datap[0]))<<56) | (((uint64_t)(datap[1]))<<48) | + (((uint64_t)(datap[2]))<<40) | (((uint64_t)(datap[3]))<<32) | + (((uint64_t)(datap[4]))<<24) | (((uint64_t)(datap[5]))<<16) | + (((uint64_t)(datap[6]))<<8 ) | ((uint64_t)(datap[7])); datap += 8; } while(++j < 16); @@ -374,8 +374,8 @@ static void sha512_write(private_sha512_hasher_t *ctx, static void sha512_final(private_sha512_hasher_t *ctx) { register int j; - u_int64_t bitLength, bitLengthMSB; - u_int64_t i; + uint64_t bitLength, bitLengthMSB; + uint64_t i; unsigned char padByte, *datap; bitLength = (ctx->sha_blocks << 10) | (ctx->sha_bufCnt << 3); @@ -469,7 +469,7 @@ METHOD(hasher_t, reset512, bool, } METHOD(hasher_t, get_hash224, bool, - private_sha256_hasher_t *this, chunk_t chunk, u_int8_t *buffer) + private_sha256_hasher_t *this, chunk_t chunk, uint8_t *buffer) { sha256_write(this, chunk.ptr, chunk.len); if (buffer != NULL) @@ -482,7 +482,7 @@ METHOD(hasher_t, get_hash224, bool, } METHOD(hasher_t, get_hash256, bool, - private_sha256_hasher_t *this, chunk_t chunk, u_int8_t *buffer) + private_sha256_hasher_t *this, chunk_t chunk, uint8_t *buffer) { sha256_write(this, chunk.ptr, chunk.len); if (buffer != NULL) @@ -495,7 +495,7 @@ METHOD(hasher_t, get_hash256, bool, } METHOD(hasher_t, get_hash384, bool, - private_sha512_hasher_t *this, chunk_t chunk, u_int8_t *buffer) + private_sha512_hasher_t *this, chunk_t chunk, uint8_t *buffer) { sha512_write(this, chunk.ptr, chunk.len); if (buffer != NULL) @@ -508,7 +508,7 @@ METHOD(hasher_t, get_hash384, bool, } METHOD(hasher_t, get_hash512, bool, - private_sha512_hasher_t *this, chunk_t chunk, u_int8_t *buffer) + private_sha512_hasher_t *this, chunk_t chunk, uint8_t *buffer) { sha512_write(this, chunk.ptr, chunk.len); if (buffer != NULL) diff --git a/src/libstrongswan/plugins/sha3/Makefile.in b/src/libstrongswan/plugins/sha3/Makefile.in index 9aa58e236..0d29fcb4b 100644 --- a/src/libstrongswan/plugins/sha3/Makefile.in +++ b/src/libstrongswan/plugins/sha3/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/sha3 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha3/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha3/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in index acb05d570..6563f8335 100644 --- a/src/libstrongswan/plugins/soup/Makefile.in +++ b/src/libstrongswan/plugins/soup/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/soup -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/soup/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/soup/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in index ca59bb7df..268730e14 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.in +++ b/src/libstrongswan/plugins/sqlite/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/sqlite -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sqlite/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/sqlite/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/sshkey/Makefile.in b/src/libstrongswan/plugins/sshkey/Makefile.in index feb9313ff..d50b29565 100644 --- a/src/libstrongswan/plugins/sshkey/Makefile.in +++ b/src/libstrongswan/plugins/sshkey/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/sshkey -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sshkey/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/sshkey/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in index 431b60724..6721909f0 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.in +++ b/src/libstrongswan/plugins/test_vectors/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/test_vectors -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -219,12 +228,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -274,6 +285,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -308,6 +320,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -419,6 +432,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -510,7 +524,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/test_vectors/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/test_vectors/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -939,6 +952,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/unbound/Makefile.in index 59590d1a9..ea27fd384 100644 --- a/src/libstrongswan/plugins/unbound/Makefile.in +++ b/src/libstrongswan/plugins/unbound/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/unbound -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -464,7 +478,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/unbound/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/unbound/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -780,6 +793,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/winhttp/Makefile.in b/src/libstrongswan/plugins/winhttp/Makefile.in index acfc57bb6..0bf311c38 100644 --- a/src/libstrongswan/plugins/winhttp/Makefile.in +++ b/src/libstrongswan/plugins/winhttp/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/winhttp -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/winhttp/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/winhttp/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/winhttp/winhttp_fetcher.c b/src/libstrongswan/plugins/winhttp/winhttp_fetcher.c index 5f0b58479..da56954ab 100644 --- a/src/libstrongswan/plugins/winhttp/winhttp_fetcher.c +++ b/src/libstrongswan/plugins/winhttp/winhttp_fetcher.c @@ -120,7 +120,7 @@ static bool read_result(private_winhttp_fetcher_t *this, HINTERNET request, { DWORD received; char buf[1024]; - u_int32_t code; + uint32_t code; DWORD codelen = sizeof(code); if (!WinHttpReceiveResponse(request, NULL)) diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in index c58dfe210..6288e0f40 100644 --- a/src/libstrongswan/plugins/x509/Makefile.in +++ b/src/libstrongswan/plugins/x509/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/x509 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -464,7 +478,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/x509/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/x509/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -783,6 +796,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index bfc200421..aea8eb53d 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -706,6 +706,7 @@ static chunk_t build_authorityKeyIdentifier(private_x509_ac_t *this) if (public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &keyIdentifier)) { this->authKeyIdentifier = chunk_clone(keyIdentifier); + keyIdentifier = asn1_simple_object(ASN1_CONTEXT_S_0, keyIdentifier); } public->destroy(public); } @@ -716,7 +717,7 @@ static chunk_t build_authorityKeyIdentifier(private_x509_ac_t *this) return asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(OID_AUTHORITY_KEY_ID), asn1_wrap(ASN1_OCTET_STRING, "m", - asn1_wrap(ASN1_SEQUENCE, "cmm", + asn1_wrap(ASN1_SEQUENCE, "mmm", keyIdentifier, authorityCertIssuer, authorityCertSerialNumber diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in index 6f69fb100..98fad6f8f 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.in +++ b/src/libstrongswan/plugins/xcbc/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/xcbc -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/xcbc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/xcbc/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/xcbc/xcbc.c b/src/libstrongswan/plugins/xcbc/xcbc.c index d852a2932..820298e27 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc.c +++ b/src/libstrongswan/plugins/xcbc/xcbc.c @@ -40,7 +40,7 @@ struct private_mac_t { /** * Block size, in bytes */ - u_int8_t b; + uint8_t b; /** * crypter using k1 @@ -50,22 +50,22 @@ struct private_mac_t { /** * k2 */ - u_int8_t *k2; + uint8_t *k2; /** * k3 */ - u_int8_t *k3; + uint8_t *k3; /** * E */ - u_int8_t *e; + uint8_t *e; /** * remaining, unprocessed bytes in append mode */ - u_int8_t *remaining; + uint8_t *remaining; /** * number of bytes in remaining @@ -138,7 +138,7 @@ static bool update(private_mac_t *this, chunk_t data) /** * run last round, data is in this->e */ -static bool final(private_mac_t *this, u_int8_t *out) +static bool final(private_mac_t *this, uint8_t *out) { chunk_t iv; @@ -193,7 +193,7 @@ static bool final(private_mac_t *this, u_int8_t *out) } METHOD(mac_t, get_mac, bool, - private_mac_t *this, chunk_t data, u_int8_t *out) + private_mac_t *this, chunk_t data, uint8_t *out) { /* update E, do not process last block */ if (!update(this, data)) @@ -294,7 +294,7 @@ static mac_t *xcbc_create(encryption_algorithm_t algo, size_t key_size) { private_mac_t *this; crypter_t *crypter; - u_int8_t b; + uint8_t b; crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size); if (!crypter) diff --git a/src/libstrongswan/processing/jobs/job.h b/src/libstrongswan/processing/jobs/job.h index 64454718a..5b3a8a30b 100644 --- a/src/libstrongswan/processing/jobs/job.h +++ b/src/libstrongswan/processing/jobs/job.h @@ -96,7 +96,7 @@ struct job_requeue_t { } schedule; /** Time to reschedule the job */ union { - u_int32_t rel; + uint32_t rel; timeval_t abs; } time; }; diff --git a/src/libstrongswan/processing/scheduler.c b/src/libstrongswan/processing/scheduler.c index d90852561..374742939 100644 --- a/src/libstrongswan/processing/scheduler.c +++ b/src/libstrongswan/processing/scheduler.c @@ -276,7 +276,7 @@ METHOD(scheduler_t, schedule_job_tv, void, } METHOD(scheduler_t, schedule_job, void, - private_scheduler_t *this, job_t *job, u_int32_t s) + private_scheduler_t *this, job_t *job, uint32_t s) { timeval_t tv; @@ -287,7 +287,7 @@ METHOD(scheduler_t, schedule_job, void, } METHOD(scheduler_t, schedule_job_ms, void, - private_scheduler_t *this, job_t *job, u_int32_t ms) + private_scheduler_t *this, job_t *job, uint32_t ms) { timeval_t tv, add; diff --git a/src/libstrongswan/processing/scheduler.h b/src/libstrongswan/processing/scheduler.h index 7f91fcc59..1cd96d976 100644 --- a/src/libstrongswan/processing/scheduler.h +++ b/src/libstrongswan/processing/scheduler.h @@ -86,7 +86,7 @@ struct scheduler_t { * @param job job to schedule * @param time relative time to schedule job, in s */ - void (*schedule_job) (scheduler_t *this, job_t *job, u_int32_t s); + void (*schedule_job) (scheduler_t *this, job_t *job, uint32_t s); /** * Adds a event to the queue, using a relative time offset in ms. @@ -94,7 +94,7 @@ struct scheduler_t { * @param job job to schedule * @param time relative time to schedule job, in ms */ - void (*schedule_job_ms) (scheduler_t *this, job_t *job, u_int32_t ms); + void (*schedule_job_ms) (scheduler_t *this, job_t *job, uint32_t ms); /** * Adds a event to the queue, using an absolut time. diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c index a6298b394..da3ba97cf 100644 --- a/src/libstrongswan/selectors/traffic_selector.c +++ b/src/libstrongswan/selectors/traffic_selector.c @@ -52,7 +52,7 @@ struct private_traffic_selector_t { /** * IP protocol (UDP, TCP, ICMP, ...) */ - u_int8_t protocol; + uint8_t protocol; /** * narrow this traffic selector to hosts external ip @@ -63,7 +63,7 @@ struct private_traffic_selector_t { /** * subnet size in CIDR notation, 255 means a non-subnet address range */ - u_int8_t netbits; + uint8_t netbits; /** * begin of address range, network order @@ -72,9 +72,9 @@ struct private_traffic_selector_t { /** dummy char for common address manipulation */ char from[0]; /** IPv4 address */ - u_int32_t from4[1]; + uint32_t from4[1]; /** IPv6 address */ - u_int32_t from6[4]; + uint32_t from6[4]; }; /** @@ -84,30 +84,30 @@ struct private_traffic_selector_t { /** dummy char for common address manipulation */ char to[0]; /** IPv4 address */ - u_int32_t to4[1]; + uint32_t to4[1]; /** IPv6 address */ - u_int32_t to6[4]; + uint32_t to6[4]; }; /** * begin of port range */ - u_int16_t from_port; + uint16_t from_port; /** * end of port range */ - u_int16_t to_port; + uint16_t to_port; }; /** * calculate the "to"-address for the "from" address and a subnet size */ -static void calc_range(private_traffic_selector_t *this, u_int8_t netbits) +static void calc_range(private_traffic_selector_t *this, uint8_t netbits) { size_t len; int bytes, bits; - u_int8_t mask; + uint8_t mask; this->netbits = netbits; @@ -126,10 +126,10 @@ static void calc_range(private_traffic_selector_t *this, u_int8_t netbits) /** * calculate the subnet size from the "to" and "from" addresses */ -static u_int8_t calc_netbits(private_traffic_selector_t *this) +static uint8_t calc_netbits(private_traffic_selector_t *this) { int byte, bit; - u_int8_t netbits; + uint8_t netbits; size_t size = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16; bool prefix = TRUE; @@ -144,7 +144,7 @@ static u_int8_t calc_netbits(private_traffic_selector_t *this) { for (bit = 7; bit >= 0; bit--) { - u_int8_t bitmask = 1 << bit; + uint8_t bitmask = 1 << bit; if (prefix) { @@ -173,8 +173,8 @@ static u_int8_t calc_netbits(private_traffic_selector_t *this) /** * internal generic constructor */ -static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, - ts_type_t type, u_int16_t from_port, u_int16_t to_port); +static private_traffic_selector_t *traffic_selector_create(uint8_t protocol, + ts_type_t type, uint16_t from_port, uint16_t to_port); /** * Check if TS contains "opaque" ports @@ -195,9 +195,9 @@ static bool is_any(private_traffic_selector_t *this) /** * Print ICMP/ICMPv6 type and code */ -static int print_icmp(printf_hook_data_t *data, u_int16_t port) +static int print_icmp(printf_hook_data_t *data, uint16_t port) { - u_int8_t type, code; + uint8_t type, code; type = traffic_selector_icmp_type(port); code = traffic_selector_icmp_code(port); @@ -222,7 +222,7 @@ int traffic_selector_printf_hook(printf_hook_data_t *data, char *serv_proto = NULL, *sep = ""; bool has_proto, has_ports; size_t written = 0; - u_int32_t from[4], to[4]; + uint32_t from[4], to[4]; if (this == NULL) { @@ -361,9 +361,9 @@ METHOD(traffic_selector_t, get_subset, traffic_selector_t*, private_traffic_selector_t *this, traffic_selector_t *other_public) { private_traffic_selector_t *other, *subset; - u_int16_t from_port, to_port; + uint16_t from_port, to_port; u_char *from, *to; - u_int8_t protocol; + uint8_t protocol; size_t size; other = (private_traffic_selector_t*)other_public; @@ -481,13 +481,13 @@ METHOD(traffic_selector_t, get_to_address, chunk_t, } } -METHOD(traffic_selector_t, get_from_port, u_int16_t, +METHOD(traffic_selector_t, get_from_port, uint16_t, private_traffic_selector_t *this) { return this->from_port; } -METHOD(traffic_selector_t, get_to_port, u_int16_t, +METHOD(traffic_selector_t, get_to_port, uint16_t, private_traffic_selector_t *this) { return this->to_port; @@ -499,7 +499,7 @@ METHOD(traffic_selector_t, get_type, ts_type_t, return this->type; } -METHOD(traffic_selector_t, get_protocol, u_int8_t, +METHOD(traffic_selector_t, get_protocol, uint8_t, private_traffic_selector_t *this) { return this->protocol; @@ -610,14 +610,14 @@ METHOD(traffic_selector_t, includes, bool, } METHOD(traffic_selector_t, to_subnet, bool, - private_traffic_selector_t *this, host_t **net, u_int8_t *mask) + private_traffic_selector_t *this, host_t **net, uint8_t *mask) { /* there is no way to do this cleanly, as the address range may * be anything else but a subnet. We use from_addr as subnet * and try to calculate a usable subnet mask. */ int family, non_zero_bytes; - u_int16_t port = 0; + uint16_t port = 0; chunk_t net_chunk; *mask = (this->netbits == NON_SUBNET_ADDRESS_RANGE) ? calc_netbits(this) @@ -777,10 +777,10 @@ int traffic_selector_cmp(traffic_selector_t *a_pub, traffic_selector_t *b_pub, /* * see header */ -traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, +traffic_selector_t *traffic_selector_create_from_bytes(uint8_t protocol, ts_type_t type, - chunk_t from, u_int16_t from_port, - chunk_t to, u_int16_t to_port) + chunk_t from, uint16_t from_port, + chunk_t to, uint16_t to_port) { private_traffic_selector_t *this = traffic_selector_create(protocol, type, from_port, to_port); @@ -843,7 +843,7 @@ traffic_selector_t *traffic_selector_create_from_rfc3779_format(ts_type_t type, } if (to.len > 1) { - u_int8_t mask = to.ptr[0] ? (1 << to.ptr[0]) - 1 : 0; + uint8_t mask = to.ptr[0] ? (1 << to.ptr[0]) - 1 : 0; memcpy(this->to, to.ptr+1, to.len-1); this->to[to.len-2] |= mask; @@ -856,8 +856,8 @@ traffic_selector_t *traffic_selector_create_from_rfc3779_format(ts_type_t type, * see header */ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, - u_int8_t netbits, u_int8_t protocol, - u_int16_t from_port, u_int16_t to_port) + uint8_t netbits, uint8_t protocol, + uint16_t from_port, uint16_t to_port) { private_traffic_selector_t *this; chunk_t from; @@ -890,9 +890,9 @@ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, * see header */ traffic_selector_t *traffic_selector_create_from_string( - u_int8_t protocol, ts_type_t type, - char *from_addr, u_int16_t from_port, - char *to_addr, u_int16_t to_port) + uint8_t protocol, ts_type_t type, + char *from_addr, uint16_t from_port, + char *to_addr, uint16_t to_port) { private_traffic_selector_t *this; int family; @@ -926,8 +926,8 @@ traffic_selector_t *traffic_selector_create_from_string( * see header */ traffic_selector_t *traffic_selector_create_from_cidr( - char *string, u_int8_t protocol, - u_int16_t from_port, u_int16_t to_port) + char *string, uint8_t protocol, + uint16_t from_port, uint16_t to_port) { host_t *net; int bits; @@ -944,8 +944,8 @@ traffic_selector_t *traffic_selector_create_from_cidr( /* * see header */ -traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol, - u_int16_t from_port, u_int16_t to_port) +traffic_selector_t *traffic_selector_create_dynamic(uint8_t protocol, + uint16_t from_port, uint16_t to_port) { private_traffic_selector_t *this = traffic_selector_create( protocol, TS_IPV4_ADDR_RANGE, from_port, to_port); @@ -961,8 +961,8 @@ traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol, /* * see declaration */ -static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, - ts_type_t type, u_int16_t from_port, u_int16_t to_port) +static private_traffic_selector_t *traffic_selector_create(uint8_t protocol, + ts_type_t type, uint16_t from_port, uint16_t to_port) { private_traffic_selector_t *this; diff --git a/src/libstrongswan/selectors/traffic_selector.h b/src/libstrongswan/selectors/traffic_selector.h index cf9a2861b..cc66c3453 100644 --- a/src/libstrongswan/selectors/traffic_selector.h +++ b/src/libstrongswan/selectors/traffic_selector.h @@ -122,7 +122,7 @@ struct traffic_selector_t { * * @return port */ - u_int16_t (*get_from_port) (traffic_selector_t *this); + uint16_t (*get_from_port) (traffic_selector_t *this); /** * Get ending port of this ts. @@ -136,7 +136,7 @@ struct traffic_selector_t { * * @return port */ - u_int16_t (*get_to_port) (traffic_selector_t *this); + uint16_t (*get_to_port) (traffic_selector_t *this); /** * Get the type of the traffic selector. @@ -150,7 +150,7 @@ struct traffic_selector_t { * * @return protocol id */ - u_int8_t (*get_protocol) (traffic_selector_t *this); + uint8_t (*get_protocol) (traffic_selector_t *this); /** * Check if the traffic selector is for a single host. @@ -218,7 +218,7 @@ struct traffic_selector_t { * @param mask converted net mask * @return TRUE if traffic selector matches exactly to the subnet */ - bool (*to_subnet) (traffic_selector_t *this, host_t **net, u_int8_t *mask); + bool (*to_subnet) (traffic_selector_t *this, host_t **net, uint8_t *mask); /** * Create a hash value for the traffic selector. @@ -240,7 +240,7 @@ struct traffic_selector_t { * @param port port number in host order * @return ICMP/ICMPv6 message type */ -static inline u_int8_t traffic_selector_icmp_type(u_int16_t port) +static inline uint8_t traffic_selector_icmp_type(uint16_t port) { return port >> 8; } @@ -251,7 +251,7 @@ static inline u_int8_t traffic_selector_icmp_type(u_int16_t port) * @param port port number in host order * @return ICMP/ICMPv6 message code */ -static inline u_int8_t traffic_selector_icmp_code(u_int16_t port) +static inline uint8_t traffic_selector_icmp_code(uint16_t port) { return port & 0xff; } @@ -286,9 +286,9 @@ int traffic_selector_cmp(traffic_selector_t *a, traffic_selector_t *b, * - NULL if invalid address strings/protocol */ traffic_selector_t *traffic_selector_create_from_string( - u_int8_t protocol, ts_type_t type, - char *from_addr, u_int16_t from_port, - char *to_addr, u_int16_t to_port); + uint8_t protocol, ts_type_t type, + char *from_addr, uint16_t from_port, + char *to_addr, uint16_t to_port); @@ -307,8 +307,8 @@ traffic_selector_t *traffic_selector_create_from_string( * @return traffic selector, NULL if string invalid */ traffic_selector_t *traffic_selector_create_from_cidr( - char *string, u_int8_t protocol, - u_int16_t from_port, u_int16_t to_port); + char *string, uint8_t protocol, + uint16_t from_port, uint16_t to_port); /** * Create a new traffic selector using data read from the net. @@ -331,9 +331,9 @@ traffic_selector_t *traffic_selector_create_from_cidr( * @return traffic_selector_t object */ traffic_selector_t *traffic_selector_create_from_bytes( - u_int8_t protocol, ts_type_t type, - chunk_t from_address, u_int16_t from_port, - chunk_t to_address, u_int16_t to_port); + uint8_t protocol, ts_type_t type, + chunk_t from_address, uint16_t from_port, + chunk_t to_address, uint16_t to_port); /** * Create a new traffic selector using the RFC 3779 ASN.1 min/max address format @@ -370,8 +370,8 @@ traffic_selector_t *traffic_selector_create_from_rfc3779_format(ts_type_t type, * - NULL if address family of net not supported */ traffic_selector_t *traffic_selector_create_from_subnet( - host_t *net, u_int8_t netbits, u_int8_t protocol, - u_int16_t from_port, u_int16_t to_port); + host_t *net, uint8_t netbits, uint8_t protocol, + uint16_t from_port, uint16_t to_port); /** * Create a traffic selector for host-to-host cases. @@ -392,8 +392,8 @@ traffic_selector_t *traffic_selector_create_from_subnet( * - traffic_selector_t object * - NULL if type not supported */ -traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol, - u_int16_t from_port, u_int16_t to_port); +traffic_selector_t *traffic_selector_create_dynamic(uint8_t protocol, + uint16_t from_port, uint16_t to_port); /** * printf hook function for traffic_selector_t. diff --git a/src/libstrongswan/settings/settings.c b/src/libstrongswan/settings/settings.c index 56cc2f19b..829e78482 100644 --- a/src/libstrongswan/settings/settings.c +++ b/src/libstrongswan/settings/settings.c @@ -540,9 +540,9 @@ METHOD(settings_t, get_int, int, /** * Described in header */ -inline u_int64_t settings_value_as_uint64(char *value, u_int64_t def) +inline uint64_t settings_value_as_uint64(char *value, uint64_t def) { - u_int64_t intval; + uint64_t intval; char *end; int base = 10; @@ -597,10 +597,10 @@ METHOD(settings_t, get_double, double, /** * Described in header */ -inline u_int32_t settings_value_as_time(char *value, u_int32_t def) +inline uint32_t settings_value_as_time(char *value, uint32_t def) { char *endptr; - u_int32_t timeval; + uint32_t timeval; if (value) { errno = 0; @@ -638,8 +638,8 @@ inline u_int32_t settings_value_as_time(char *value, u_int32_t def) return def; } -METHOD(settings_t, get_time, u_int32_t, - private_settings_t *this, char *key, u_int32_t def, ...) +METHOD(settings_t, get_time, uint32_t, + private_settings_t *this, char *key, uint32_t def, ...) { char *value; va_list args; @@ -695,7 +695,7 @@ METHOD(settings_t, set_double, void, } METHOD(settings_t, set_time, void, - private_settings_t *this, char *key, u_int32_t value, ...) + private_settings_t *this, char *key, uint32_t value, ...) { char val[16]; va_list args; diff --git a/src/libstrongswan/settings/settings.h b/src/libstrongswan/settings/settings.h index a133a3681..eec5ece6c 100644 --- a/src/libstrongswan/settings/settings.h +++ b/src/libstrongswan/settings/settings.h @@ -51,13 +51,13 @@ bool settings_value_as_bool(char *value, bool def); int settings_value_as_int(char *value, int def); /** - * Convert a string value returned by a key/value enumerator to an u_int64_t. + * Convert a string value returned by a key/value enumerator to an uint64_t. * * @see settings_t.create_key_value_enumerator() * @param value the string value * @param def the default value, if value is NULL or invalid */ -u_int64_t settings_value_as_uint64(char *value, u_int64_t def); +uint64_t settings_value_as_uint64(char *value, uint64_t def); /** * Convert a string value returned by a key/value enumerator to a double. @@ -77,7 +77,7 @@ double settings_value_as_double(char *value, double def); * @param value the string value * @param def the default value, if value is NULL or invalid */ -u_int32_t settings_value_as_time(char *value, u_int32_t def); +uint32_t settings_value_as_time(char *value, uint32_t def); /** * Generic configuration options read from a config file. @@ -203,7 +203,7 @@ struct settings_t { * @param ... argument list for key * @return value of the key (in seconds) */ - u_int32_t (*get_time)(settings_t *this, char *key, u_int32_t def, ...); + uint32_t (*get_time)(settings_t *this, char *key, uint32_t def, ...); /** * Set a string value. @@ -248,7 +248,7 @@ struct settings_t { * @param def value to set * @param ... argument list for key */ - void (*set_time)(settings_t *this, char *key, u_int32_t value, ...); + void (*set_time)(settings_t *this, char *key, uint32_t value, ...); /** * Set a default for string value. diff --git a/src/libstrongswan/settings/settings_lexer.c b/src/libstrongswan/settings/settings_lexer.c index 6e64e15a6..2151e930b 100644 --- a/src/libstrongswan/settings/settings_lexer.c +++ b/src/libstrongswan/settings/settings_lexer.c @@ -16,8 +16,8 @@ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 -#define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 35 +#define YY_FLEX_MINOR_VERSION 6 +#define YY_FLEX_SUBMINOR_VERSION 0 #if YY_FLEX_SUBMINOR_VERSION > 0 #define FLEX_BETA #endif @@ -221,6 +221,11 @@ typedef void* yyscan_t; typedef struct yy_buffer_state *YY_BUFFER_STATE; #endif +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef size_t yy_size_t; +#endif + /* %if-not-reentrant */ /* %endif */ @@ -247,6 +252,13 @@ typedef struct yy_buffer_state *YY_BUFFER_STATE; if ( yytext[yyl] == '\n' )\ --yylineno;\ }while(0) + #define YY_LINENO_REWIND_TO(dst) \ + do {\ + const char *p;\ + for ( p = yy_cp-1; p >= (dst); --p)\ + if ( *p == '\n' )\ + --yylineno;\ + }while(0) /* Return all but the first "n" matched characters back to the input stream. */ #define yyless(n) \ @@ -264,11 +276,6 @@ typedef struct yy_buffer_state *YY_BUFFER_STATE; #define unput(c) yyunput( c, yyg->yytext_ptr , yyscanner ) -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T -typedef size_t yy_size_t; -#endif - #ifndef YY_STRUCT_YY_BUFFER_STATE #define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state @@ -388,7 +395,7 @@ static void settings_parser__init_buffer (YY_BUFFER_STATE b,FILE *file ,yyscan_t YY_BUFFER_STATE settings_parser__scan_buffer (char *base,yy_size_t size ,yyscan_t yyscanner ); YY_BUFFER_STATE settings_parser__scan_string (yyconst char *yy_str ,yyscan_t yyscanner ); -YY_BUFFER_STATE settings_parser__scan_bytes (yyconst char *bytes,int len ,yyscan_t yyscanner ); +YY_BUFFER_STATE settings_parser__scan_bytes (yyconst char *bytes,yy_size_t len ,yyscan_t yyscanner ); /* %endif */ @@ -423,7 +430,7 @@ void settings_parser_free (void * ,yyscan_t yyscanner ); /* %% [1.0] yytext/yyin/yyout/yy_state_type/yylineno etc. def's & init go here */ /* Begin user sect3 */ -#define settings_parser_wrap(n) 1 +#define settings_parser_wrap(yyscanner) (/*CONSTCOND*/1) #define YY_SKIP_YYWRAP #define FLEX_DEBUG @@ -434,11 +441,16 @@ typedef int yy_state_type; #define yytext_ptr yytext_r +/* %% [1.5] DFA */ + /* %if-c-only Standard (non-C++) definition */ static yy_state_type yy_get_previous_state (yyscan_t yyscanner ); static yy_state_type yy_try_NUL_trans (yy_state_type current_state ,yyscan_t yyscanner); static int yy_get_next_buffer (yyscan_t yyscanner ); +#if defined(__GNUC__) && __GNUC__ >= 3 +__attribute__((__noreturn__)) +#endif static void yy_fatal_error (yyconst char msg[] ,yyscan_t yyscanner ); /* %endif */ @@ -474,7 +486,7 @@ static yyconst flex_int16_t yy_accept[49] = 9, 9, 9, 9, 0, 7, 7, 0 } ; -static yyconst flex_int32_t yy_ec[256] = +static yyconst YY_CHAR yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, @@ -506,13 +518,13 @@ static yyconst flex_int32_t yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst flex_int32_t yy_meta[21] = +static yyconst YY_CHAR yy_meta[21] = { 0, 1, 2, 3, 1, 4, 5, 4, 6, 7, 1, 1, 1, 1, 1, 1, 1, 1, 1, 8, 9 } ; -static yyconst flex_int16_t yy_base[60] = +static yyconst flex_uint16_t yy_base[60] = { 0, 0, 0, 19, 38, 21, 23, 55, 0, 47, 161, 161, 50, 161, 37, 161, 161, 0, 161, 161, 0, @@ -532,7 +544,7 @@ static yyconst flex_int16_t yy_def[60] = 48, 48, 48, 48, 48, 48, 48, 48, 48 } ; -static yyconst flex_int16_t yy_nxt[182] = +static yyconst flex_uint16_t yy_nxt[182] = { 0, 8, 9, 10, 8, 9, 11, 12, 13, 8, 8, 8, 8, 14, 8, 8, 8, 8, 8, 15, 16, @@ -638,7 +650,7 @@ static void include_files(parser_helper_t *ctx); /* state used to scan quoted strings */ -#line 642 "settings/settings_lexer.c" +#line 654 "settings/settings_lexer.c" #define INITIAL 0 #define inc 1 @@ -675,7 +687,7 @@ struct yyguts_t YY_BUFFER_STATE * yy_buffer_stack; /**< Stack as an array. */ char yy_hold_char; int yy_n_chars; - int yyleng_r; + yy_size_t yyleng_r; char *yy_c_buf_p; int yy_init; int yy_start; @@ -732,19 +744,23 @@ void settings_parser_set_extra (YY_EXTRA_TYPE user_defined ,yyscan_t yyscanner ) FILE *settings_parser_get_in (yyscan_t yyscanner ); -void settings_parser_set_in (FILE * in_str ,yyscan_t yyscanner ); +void settings_parser_set_in (FILE * _in_str ,yyscan_t yyscanner ); FILE *settings_parser_get_out (yyscan_t yyscanner ); -void settings_parser_set_out (FILE * out_str ,yyscan_t yyscanner ); +void settings_parser_set_out (FILE * _out_str ,yyscan_t yyscanner ); -int settings_parser_get_leng (yyscan_t yyscanner ); +yy_size_t settings_parser_get_leng (yyscan_t yyscanner ); char *settings_parser_get_text (yyscan_t yyscanner ); int settings_parser_get_lineno (yyscan_t yyscanner ); -void settings_parser_set_lineno (int line_number ,yyscan_t yyscanner ); +void settings_parser_set_lineno (int _line_number ,yyscan_t yyscanner ); + +int settings_parser_get_column (yyscan_t yyscanner ); + +void settings_parser_set_column (int _column_no ,yyscan_t yyscanner ); /* %if-bison-bridge */ @@ -768,8 +784,11 @@ extern int settings_parser_wrap (yyscan_t yyscanner ); /* %not-for-header */ +#ifndef YY_NO_UNPUT + static void yyunput (int c,char *buf_ptr ,yyscan_t yyscanner); +#endif /* %ok-for-header */ /* %endif */ @@ -798,7 +817,7 @@ static int input (yyscan_t yyscanner ); /* %if-c-only */ - static void yy_push_state (int new_state ,yyscan_t yyscanner); + static void yy_push_state (int _new_state ,yyscan_t yyscanner); static void yy_pop_state (yyscan_t yyscanner ); @@ -928,7 +947,7 @@ extern int settings_parser_lex \ /* Code executed at the end of each rule. */ #ifndef YY_BREAK -#define YY_BREAK break; +#define YY_BREAK /*LINTED*/break; #endif /* %% [6.0] YY_RULE_SETUP definition goes here */ @@ -941,17 +960,11 @@ extern int settings_parser_lex \ */ YY_DECL { - register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; - register int yy_act; + yy_state_type yy_current_state; + char *yy_cp, *yy_bp; + int yy_act; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; -/* %% [7.0] user's declarations go here */ -#line 57 "settings/settings_lexer.l" - - -#line 954 "settings/settings_lexer.c" - yylval = yylval_param; if ( !yyg->yy_init ) @@ -988,7 +1001,14 @@ YY_DECL settings_parser__load_buffer_state(yyscanner ); } - while ( 1 ) /* loops until end-of-file is reached */ + { +/* %% [7.0] user's declarations go here */ +#line 57 "settings/settings_lexer.l" + + +#line 1010 "settings/settings_lexer.c" + + while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { /* %% [8.0] yymore()-related code goes here */ yy_cp = yyg->yy_c_buf_p; @@ -1006,7 +1026,7 @@ YY_DECL yy_match: do { - register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; + YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)] ; if ( yy_accept[yy_current_state] ) { yyg->yy_last_accepting_state = yy_current_state; @@ -1039,7 +1059,7 @@ yy_find_action: if ( yy_act != YY_END_OF_BUFFER && yy_rule_can_match_eol[yy_act] ) { - int yyl; + yy_size_t yyl; for ( yyl = 0; yyl < yyleng; ++yyl ) if ( yytext[yyl] == '\n' ) @@ -1106,6 +1126,7 @@ return yytext[0]; case 7: /* rule 7 can match eol */ *yy_cp = yyg->yy_hold_char; /* undo effects of setting up yytext */ +YY_LINENO_REWIND_TO(yy_cp - 1); yyg->yy_c_buf_p = yy_cp -= 1; YY_DO_BEFORE_ACTION; /* set up yytext again */ YY_RULE_SETUP @@ -1192,6 +1213,7 @@ YY_RULE_SETUP case 15: #line 121 "settings/settings_lexer.l" +YY_RULE_SETUP case YY_STATE_EOF(str): #line 121 "settings/settings_lexer.l" case 16: @@ -1267,7 +1289,7 @@ YY_RULE_SETUP #line 159 "settings/settings_lexer.l" YY_FATAL_ERROR( "flex scanner jammed" ); YY_BREAK -#line 1271 "settings/settings_lexer.c" +#line 1293 "settings/settings_lexer.c" case YY_END_OF_BUFFER: { @@ -1290,7 +1312,11 @@ YY_FATAL_ERROR( "flex scanner jammed" ); * back-up) that will match for the new input source. */ yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; +/* %if-c-only */ YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; +/* %endif */ +/* %if-c++-only */ +/* %endif */ YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; } @@ -1397,6 +1423,7 @@ YY_FATAL_ERROR( "flex scanner jammed" ); "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ + } /* end of user's declarations */ } /* end of settings_parser_lex */ /* %ok-for-header */ @@ -1421,9 +1448,9 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - register char *source = yyg->yytext_ptr; - register int number_to_move, i; + char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; + char *source = yyg->yytext_ptr; + yy_size_t number_to_move, i; int ret_val; if ( yyg->yy_c_buf_p > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars + 1] ) @@ -1452,7 +1479,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) (yyg->yy_c_buf_p - yyg->yytext_ptr) - 1; + number_to_move = (yy_size_t) (yyg->yy_c_buf_p - yyg->yytext_ptr) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); @@ -1465,21 +1492,21 @@ static int yy_get_next_buffer (yyscan_t yyscanner) else { - int num_to_read = + yy_size_t num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE; int yy_c_buf_p_offset = (int) (yyg->yy_c_buf_p - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { - int new_size = b->yy_buf_size * 2; + yy_size_t new_size = b->yy_buf_size * 2; if ( new_size <= 0 ) b->yy_buf_size += b->yy_buf_size / 8; @@ -1510,7 +1537,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - yyg->yy_n_chars, (size_t) num_to_read ); + yyg->yy_n_chars, num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars; } @@ -1534,9 +1561,9 @@ static int yy_get_next_buffer (yyscan_t yyscanner) else ret_val = EOB_ACT_CONTINUE_SCAN; - if ((yy_size_t) (yyg->yy_n_chars + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { + if ((int) (yyg->yy_n_chars + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { /* Extend the array by 50%, plus the number we really need. */ - yy_size_t new_size = yyg->yy_n_chars + number_to_move + (yyg->yy_n_chars >> 1); + int new_size = yyg->yy_n_chars + number_to_move + (yyg->yy_n_chars >> 1); YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) settings_parser_realloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ,yyscanner ); if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); @@ -1561,8 +1588,8 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %if-c++-only */ /* %endif */ { - register yy_state_type yy_current_state; - register char *yy_cp; + yy_state_type yy_current_state; + char *yy_cp; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* %% [15.0] code to get the start state into yy_current_state goes here */ @@ -1571,7 +1598,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) for ( yy_cp = yyg->yytext_ptr + YY_MORE_ADJ; yy_cp < yyg->yy_c_buf_p; ++yy_cp ) { /* %% [16.0] code to find the next state goes here */ - register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); + YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { yyg->yy_last_accepting_state = yy_current_state; @@ -1600,12 +1627,12 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %if-c++-only */ /* %endif */ { - register int yy_is_jam; + int yy_is_jam; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* This var may be unused depending upon options. */ /* %% [17.0] code to find the next state, and perhaps do backing up, goes here */ - register char *yy_cp = yyg->yy_c_buf_p; + char *yy_cp = yyg->yy_c_buf_p; - register YY_CHAR yy_c = 1; + YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { yyg->yy_last_accepting_state = yy_current_state; @@ -1620,17 +1647,19 @@ static int yy_get_next_buffer (yyscan_t yyscanner) yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; yy_is_jam = (yy_current_state == 48); + (void)yyg; return yy_is_jam ? 0 : yy_current_state; } +#ifndef YY_NO_UNPUT /* %if-c-only */ - static void yyunput (int c, register char * yy_bp , yyscan_t yyscanner) + static void yyunput (int c, char * yy_bp , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { - register char *yy_cp; + char *yy_cp; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yy_cp = yyg->yy_c_buf_p; @@ -1641,10 +1670,10 @@ static int yy_get_next_buffer (yyscan_t yyscanner) if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = yyg->yy_n_chars + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ + yy_size_t number_to_move = yyg->yy_n_chars + 2; + char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; - register char *source = + char *source = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) @@ -1674,6 +1703,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %if-c-only */ /* %endif */ +#endif /* %if-c-only */ #ifndef YY_NO_INPUT @@ -1704,7 +1734,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) else { /* need more input */ - int offset = yyg->yy_c_buf_p - yyg->yytext_ptr; + yy_size_t offset = yyg->yy_c_buf_p - yyg->yytext_ptr; ++yyg->yy_c_buf_p; switch ( yy_get_next_buffer( yyscanner ) ) @@ -1787,6 +1817,9 @@ static int yy_get_next_buffer (yyscan_t yyscanner) settings_parser__load_buffer_state(yyscanner ); } +/* %if-c++-only */ +/* %endif */ + /** Switch to a different input buffer. * @param new_buffer The new input buffer. * @param yyscanner The scanner object. @@ -1836,7 +1869,11 @@ static void settings_parser__load_buffer_state (yyscan_t yyscanner) struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; yyg->yytext_ptr = yyg->yy_c_buf_p = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; +/* %if-c-only */ yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; +/* %endif */ +/* %if-c++-only */ +/* %endif */ yyg->yy_hold_char = *yyg->yy_c_buf_p; } @@ -1858,7 +1895,7 @@ static void settings_parser__load_buffer_state (yyscan_t yyscanner) if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in settings_parser__create_buffer()" ); - b->yy_buf_size = size; + b->yy_buf_size = (yy_size_t)size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. @@ -1874,6 +1911,9 @@ static void settings_parser__load_buffer_state (yyscan_t yyscanner) return b; } +/* %if-c++-only */ +/* %endif */ + /** Destroy the buffer. * @param b a buffer created with settings_parser__create_buffer() * @param yyscanner The scanner object. @@ -1898,17 +1938,6 @@ static void settings_parser__load_buffer_state (yyscan_t yyscanner) settings_parser_free((void *) b ,yyscanner ); } -/* %if-c-only */ - -#ifndef __cplusplus -extern int isatty (int ); -#endif /* __cplusplus */ - -/* %endif */ - -/* %if-c++-only */ -/* %endif */ - /* Initializes or reinitializes a buffer. * This function is sometimes called more than once on the same buffer, * such as during a settings_parser_restart() or at EOF. @@ -1925,7 +1954,11 @@ extern int isatty (int ); settings_parser__flush_buffer(b ,yyscanner); +/* %if-c-only */ b->yy_input_file = file; +/* %endif */ +/* %if-c++-only */ +/* %endif */ b->yy_fill_buffer = 1; /* If b is the current buffer, then settings_parser__init_buffer was _probably_ @@ -2055,7 +2088,7 @@ static void settings_parser_ensure_buffer_stack (yyscan_t yyscanner) /* %if-c++-only */ /* %endif */ { - int num_to_alloc; + yy_size_t num_to_alloc; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if (!yyg->yy_buffer_stack) { @@ -2064,7 +2097,7 @@ static void settings_parser_ensure_buffer_stack (yyscan_t yyscanner) * scanner will even need a stack. We use 2 instead of 1 to avoid an * immediate realloc on the next call. */ - num_to_alloc = 1; + num_to_alloc = 1; /* After all that talk, this was set to 1 anyways... */ yyg->yy_buffer_stack = (struct yy_buffer_state**)settings_parser_alloc (num_to_alloc * sizeof(struct yy_buffer_state*) , yyscanner); @@ -2081,7 +2114,7 @@ static void settings_parser_ensure_buffer_stack (yyscan_t yyscanner) if (yyg->yy_buffer_stack_top >= (yyg->yy_buffer_stack_max) - 1){ /* Increase the buffer to prepare for a possible push. */ - int grow_size = 8 /* arbitrary grow size */; + yy_size_t grow_size = 8 /* arbitrary grow size */; num_to_alloc = yyg->yy_buffer_stack_max + grow_size; yyg->yy_buffer_stack = (struct yy_buffer_state**)settings_parser_realloc @@ -2159,12 +2192,12 @@ YY_BUFFER_STATE settings_parser__scan_string (yyconst char * yystr , yyscan_t yy * @param yyscanner The scanner object. * @return the newly allocated buffer state object. */ -YY_BUFFER_STATE settings_parser__scan_bytes (yyconst char * yybytes, int _yybytes_len , yyscan_t yyscanner) +YY_BUFFER_STATE settings_parser__scan_bytes (yyconst char * yybytes, yy_size_t _yybytes_len , yyscan_t yyscanner) { YY_BUFFER_STATE b; char *buf; yy_size_t n; - int i; + yy_size_t i; /* Get memory for full buffer, including space for trailing EOB's. */ n = _yybytes_len + 2; @@ -2191,7 +2224,7 @@ YY_BUFFER_STATE settings_parser__scan_bytes (yyconst char * yybytes, int _yyby /* %endif */ /* %if-c-only */ - static void yy_push_state (int new_state , yyscan_t yyscanner) + static void yy_push_state (int _new_state , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ @@ -2216,7 +2249,7 @@ YY_BUFFER_STATE settings_parser__scan_bytes (yyconst char * yybytes, int _yyby yyg->yy_start_stack[yyg->yy_start_stack_ptr++] = YY_START; - BEGIN(new_state); + BEGIN(_new_state); } /* %if-c-only */ @@ -2249,7 +2282,9 @@ YY_BUFFER_STATE settings_parser__scan_bytes (yyconst char * yybytes, int _yyby /* %if-c-only */ static void yy_fatal_error (yyconst char* msg , yyscan_t yyscanner) { - (void) fprintf( stderr, "%s\n", msg ); + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + (void) fprintf( stderr, "%s\n", msg ); exit( YY_EXIT_FAILURE ); } /* %endif */ @@ -2336,7 +2371,7 @@ FILE *settings_parser_get_out (yyscan_t yyscanner) /** Get the length of the current token. * @param yyscanner The scanner object. */ -int settings_parser_get_leng (yyscan_t yyscanner) +yy_size_t settings_parser_get_leng (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yyleng; @@ -2367,51 +2402,51 @@ void settings_parser_set_extra (YY_EXTRA_TYPE user_defined , yyscan_t yyscanner /* %endif */ /** Set the current line number. - * @param line_number + * @param _line_number line number * @param yyscanner The scanner object. */ -void settings_parser_set_lineno (int line_number , yyscan_t yyscanner) +void settings_parser_set_lineno (int _line_number , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* lineno is only valid if an input buffer exists. */ if (! YY_CURRENT_BUFFER ) - yy_fatal_error( "settings_parser_set_lineno called with no buffer" , yyscanner); + YY_FATAL_ERROR( "settings_parser_set_lineno called with no buffer" ); - yylineno = line_number; + yylineno = _line_number; } /** Set the current column. - * @param line_number + * @param _column_no column number * @param yyscanner The scanner object. */ -void settings_parser_set_column (int column_no , yyscan_t yyscanner) +void settings_parser_set_column (int _column_no , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* column is only valid if an input buffer exists. */ if (! YY_CURRENT_BUFFER ) - yy_fatal_error( "settings_parser_set_column called with no buffer" , yyscanner); + YY_FATAL_ERROR( "settings_parser_set_column called with no buffer" ); - yycolumn = column_no; + yycolumn = _column_no; } /** Set the input stream. This does not discard the current * input buffer. - * @param in_str A readable stream. + * @param _in_str A readable stream. * @param yyscanner The scanner object. * @see settings_parser__switch_to_buffer */ -void settings_parser_set_in (FILE * in_str , yyscan_t yyscanner) +void settings_parser_set_in (FILE * _in_str , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - yyin = in_str ; + yyin = _in_str ; } -void settings_parser_set_out (FILE * out_str , yyscan_t yyscanner) +void settings_parser_set_out (FILE * _out_str , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - yyout = out_str ; + yyout = _out_str ; } int settings_parser_get_debug (yyscan_t yyscanner) @@ -2420,10 +2455,10 @@ int settings_parser_get_debug (yyscan_t yyscanner) return yy_flex_debug; } -void settings_parser_set_debug (int bdebug , yyscan_t yyscanner) +void settings_parser_set_debug (int _bdebug , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - yy_flex_debug = bdebug ; + yy_flex_debug = _bdebug ; } /* %endif */ @@ -2589,7 +2624,10 @@ int settings_parser_lex_destroy (yyscan_t yyscanner) #ifndef yytext_ptr static void yy_flex_strncpy (char* s1, yyconst char * s2, int n , yyscan_t yyscanner) { - register int i; + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + + int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; } @@ -2598,7 +2636,7 @@ static void yy_flex_strncpy (char* s1, yyconst char * s2, int n , yyscan_t yysca #ifdef YY_NEED_STRLEN static int yy_flex_strlen (yyconst char * s , yyscan_t yyscanner) { - register int n; + int n; for ( n = 0; s[n]; ++n ) ; @@ -2608,11 +2646,16 @@ static int yy_flex_strlen (yyconst char * s , yyscan_t yyscanner) void *settings_parser_alloc (yy_size_t size , yyscan_t yyscanner) { + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; return (void *) malloc( size ); } void *settings_parser_realloc (void * ptr, yy_size_t size , yyscan_t yyscanner) { + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -2625,6 +2668,8 @@ void *settings_parser_realloc (void * ptr, yy_size_t size , yyscan_t yyscanner void settings_parser_free (void * ptr , yyscan_t yyscanner) { + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; free( (char *) ptr ); /* see settings_parser_realloc() for (char *) cast */ } diff --git a/src/libstrongswan/settings/settings_parser.c b/src/libstrongswan/settings/settings_parser.c index 6cd3b177a..47cf8ebd4 100644 --- a/src/libstrongswan/settings/settings_parser.c +++ b/src/libstrongswan/settings/settings_parser.c @@ -1,8 +1,8 @@ -/* A Bison parser, made by GNU Bison 3.0.2. */ +/* A Bison parser, made by GNU Bison 3.0.4. */ /* Bison implementation for Yacc-like parsers in C - Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc. + Copyright (C) 1984, 1989-1990, 2000-2015 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -44,7 +44,7 @@ #define YYBISON 1 /* Bison version. */ -#define YYBISON_VERSION "3.0.2" +#define YYBISON_VERSION "3.0.4" /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" @@ -180,7 +180,7 @@ extern int settings_parser_debug; /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -typedef union YYSTYPE YYSTYPE; + union YYSTYPE { #line 77 "settings/settings_parser.y" /* yacc.c:355 */ @@ -191,6 +191,8 @@ union YYSTYPE #line 193 "settings/settings_parser.c" /* yacc.c:355 */ }; + +typedef union YYSTYPE YYSTYPE; # define YYSTYPE_IS_TRIVIAL 1 # define YYSTYPE_IS_DECLARED 1 #endif @@ -203,7 +205,7 @@ int settings_parser_parse (parser_helper_t *ctx); /* Copy the second part of user declarations. */ -#line 207 "settings/settings_parser.c" /* yacc.c:358 */ +#line 209 "settings/settings_parser.c" /* yacc.c:358 */ #ifdef short # undef short @@ -1027,43 +1029,43 @@ yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep, parser_helper_t *c case 3: /* NAME */ #line 91 "settings/settings_parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1031 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1033 "settings/settings_parser.c" /* yacc.c:1257 */ break; case 4: /* STRING */ #line 91 "settings/settings_parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1037 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1039 "settings/settings_parser.c" /* yacc.c:1257 */ break; case 13: /* section */ #line 93 "settings/settings_parser.y" /* yacc.c:1257 */ { pop_section(ctx); settings_section_destroy(((*yyvaluep).sec), NULL); } -#line 1043 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1045 "settings/settings_parser.c" /* yacc.c:1257 */ break; case 14: /* section_start */ #line 93 "settings/settings_parser.y" /* yacc.c:1257 */ { pop_section(ctx); settings_section_destroy(((*yyvaluep).sec), NULL); } -#line 1049 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1051 "settings/settings_parser.c" /* yacc.c:1257 */ break; case 15: /* setting */ #line 94 "settings/settings_parser.y" /* yacc.c:1257 */ { settings_kv_destroy(((*yyvaluep).kv), NULL); } -#line 1055 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1057 "settings/settings_parser.c" /* yacc.c:1257 */ break; case 16: /* value */ #line 91 "settings/settings_parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1061 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1063 "settings/settings_parser.c" /* yacc.c:1257 */ break; case 17: /* valuepart */ #line 91 "settings/settings_parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1067 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1069 "settings/settings_parser.c" /* yacc.c:1257 */ break; @@ -1333,7 +1335,7 @@ yyreduce: { add_section(ctx, (yyvsp[0].sec)); } -#line 1337 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1339 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 6: @@ -1341,7 +1343,7 @@ yyreduce: { add_setting(ctx, (yyvsp[0].kv)); } -#line 1345 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1347 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 7: @@ -1350,7 +1352,7 @@ yyreduce: pop_section(ctx); (yyval.sec) = (yyvsp[-2].sec); } -#line 1354 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1356 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 8: @@ -1358,7 +1360,7 @@ yyreduce: { (yyval.sec) = push_section(ctx, (yyvsp[-1].s)); } -#line 1362 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1364 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 9: @@ -1366,7 +1368,7 @@ yyreduce: { (yyval.sec) = push_section(ctx, (yyvsp[-2].s)); } -#line 1370 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1372 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 10: @@ -1374,7 +1376,7 @@ yyreduce: { (yyval.kv) = settings_kv_create((yyvsp[-2].s), (yyvsp[0].s)); } -#line 1378 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1380 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 11: @@ -1382,7 +1384,7 @@ yyreduce: { (yyval.kv) = settings_kv_create((yyvsp[-1].s), NULL); } -#line 1386 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1388 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 13: @@ -1397,11 +1399,11 @@ yyreduce: free((yyvsp[-1].s)); free((yyvsp[0].s)); } -#line 1401 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1403 "settings/settings_parser.c" /* yacc.c:1646 */ break; -#line 1405 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1407 "settings/settings_parser.c" /* yacc.c:1646 */ default: break; } /* User semantic actions sometimes alter yychar, and that requires diff --git a/src/libstrongswan/settings/settings_parser.h b/src/libstrongswan/settings/settings_parser.h index d887777a2..b41e0d56f 100644 --- a/src/libstrongswan/settings/settings_parser.h +++ b/src/libstrongswan/settings/settings_parser.h @@ -1,8 +1,8 @@ -/* A Bison parser, made by GNU Bison 3.0.2. */ +/* A Bison parser, made by GNU Bison 3.0.4. */ /* Bison interface for Yacc-like parsers in C - Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc. + Copyright (C) 1984, 1989-1990, 2000-2015 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -59,7 +59,7 @@ extern int settings_parser_debug; /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -typedef union YYSTYPE YYSTYPE; + union YYSTYPE { #line 77 "settings/settings_parser.y" /* yacc.c:1909 */ @@ -70,6 +70,8 @@ union YYSTYPE #line 72 "settings/settings_parser.h" /* yacc.c:1909 */ }; + +typedef union YYSTYPE YYSTYPE; # define YYSTYPE_IS_TRIVIAL 1 # define YYSTYPE_IS_DECLARED 1 #endif diff --git a/src/libstrongswan/tests/Makefile.am b/src/libstrongswan/tests/Makefile.am index b2d456035..caa9d3a6a 100644 --- a/src/libstrongswan/tests/Makefile.am +++ b/src/libstrongswan/tests/Makefile.am @@ -12,7 +12,7 @@ libtest_la_CFLAGS = \ libtest_la_LDFLAGS = @COVERAGE_LDFLAGS@ libtest_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(PTHREADLIB) + $(PTHREADLIB) $(ATOMICLIB) TESTS = tests diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in index 0a0f5893d..4e5321755 100644 --- a/src/libstrongswan/tests/Makefile.in +++ b/src/libstrongswan/tests/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ host_triplet = @host@ TESTS = tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = src/libstrongswan/tests -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -102,7 +111,7 @@ CONFIG_CLEAN_VPATH_FILES = am__DEPENDENCIES_1 = libtest_la_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am__dirstamp = $(am__leading_dot)dirstamp am_libtest_la_OBJECTS = libtest_la-test_suite.lo \ libtest_la-test_runner.lo utils/libtest_la-test_rng.lo @@ -240,12 +249,14 @@ am__tty_colors = { \ std=''; \ fi; \ } +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -295,6 +306,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -329,6 +341,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -440,6 +453,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -481,7 +495,7 @@ libtest_la_CFLAGS = \ libtest_la_LDFLAGS = @COVERAGE_LDFLAGS@ libtest_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(PTHREADLIB) + $(PTHREADLIB) $(ATOMICLIB) tests_SOURCES = tests.h tests.c \ suites/test_linked_list.c \ @@ -549,7 +563,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/tests/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/tests/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -1603,6 +1616,8 @@ uninstall-am: mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/tests/suites/test_array.c b/src/libstrongswan/tests/suites/test_array.c index eda72e10a..eed8fba56 100644 --- a/src/libstrongswan/tests/suites/test_array.c +++ b/src/libstrongswan/tests/suites/test_array.c @@ -512,7 +512,7 @@ END_TEST START_TEST(test_insert_create_value) { array_t *array = NULL; - u_int16_t v; + uint16_t v; v = 1; array_insert_create_value(&array, sizeof(v), ARRAY_TAIL, &v); diff --git a/src/libstrongswan/tests/suites/test_asn1.c b/src/libstrongswan/tests/suites/test_asn1.c index ac7c5519e..fa02df9ca 100644 --- a/src/libstrongswan/tests/suites/test_asn1.c +++ b/src/libstrongswan/tests/suites/test_asn1.c @@ -462,7 +462,7 @@ START_TEST(test_asn1_to_time) { typedef struct { time_t time; - u_int8_t type; + uint8_t type; char *string; } testdata_t; @@ -525,7 +525,7 @@ START_TEST(test_asn1_from_time) { typedef struct { time_t time; - u_int8_t type; + uint8_t type; chunk_t chunk; } testdata_t; @@ -759,7 +759,7 @@ END_TEST START_TEST(test_asn1_parse_integer_uint64) { typedef struct { - u_int64_t n; + uint64_t n; chunk_t chunk; } testdata_t; diff --git a/src/libstrongswan/tests/suites/test_bio_reader.c b/src/libstrongswan/tests/suites/test_bio_reader.c index 6a9743d62..d3b4b4358 100644 --- a/src/libstrongswan/tests/suites/test_bio_reader.c +++ b/src/libstrongswan/tests/suites/test_bio_reader.c @@ -65,7 +65,7 @@ START_TEST(test_read_uint8) { chunk_t data = chunk_from_chars(0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07); - u_int8_t val; + uint8_t val; assert_integer_read(data, 8, val); assert_basic_read(8, val); @@ -76,7 +76,7 @@ END_TEST START_TEST(test_read_uint16) { chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03); - u_int16_t val; + uint16_t val; assert_integer_read(data, 16, val); assert_basic_read(16, val); @@ -87,7 +87,7 @@ END_TEST START_TEST(test_read_uint24) { chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0x03); - u_int32_t val; + uint32_t val; assert_integer_read(data, 24, val); assert_basic_read(24, val); @@ -99,7 +99,7 @@ START_TEST(test_read_uint32) { chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x03); - u_int32_t val; + uint32_t val; assert_integer_read(data, 32, val); assert_basic_read(32, val); @@ -113,7 +113,7 @@ START_TEST(test_read_uint64) 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03); - u_int64_t val; + uint64_t val; assert_integer_read(data, 64, val); assert_basic_read(64, val); @@ -170,7 +170,7 @@ END_TEST START_TEST(test_read_uint8_end) { chunk_t data = chunk_from_chars(0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00); - u_int8_t val; + uint8_t val; assert_integer_read_end(data, 8, val); assert_basic_read_end(8, val); @@ -181,7 +181,7 @@ END_TEST START_TEST(test_read_uint16_end) { chunk_t data = chunk_from_chars(0x00, 0x03, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00); - u_int16_t val; + uint16_t val; assert_integer_read_end(data, 16, val); assert_basic_read_end(16, val); @@ -192,7 +192,7 @@ END_TEST START_TEST(test_read_uint24_end) { chunk_t data = chunk_from_chars(0x00, 0x00, 0x03, 0x00, 0x00, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00); - u_int32_t val; + uint32_t val; assert_integer_read_end(data, 24, val); assert_basic_read_end(24, val); @@ -204,7 +204,7 @@ START_TEST(test_read_uint32_end) { chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00); - u_int32_t val; + uint32_t val; assert_integer_read_end(data, 32, val); assert_basic_read_end(32, val); @@ -218,7 +218,7 @@ START_TEST(test_read_uint64_end) 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00); - u_int64_t val; + uint64_t val; assert_integer_read_end(data, 64, val); assert_basic_read_end(64, val); diff --git a/src/libstrongswan/tests/suites/test_chunk.c b/src/libstrongswan/tests/suites/test_chunk.c index 6272ca795..b82b1436f 100644 --- a/src/libstrongswan/tests/suites/test_chunk.c +++ b/src/libstrongswan/tests/suites/test_chunk.c @@ -316,11 +316,11 @@ START_TEST(test_chunk_skip) foobar = chunk_from_str("foobar"); a = foobar; a = chunk_skip(a, 0); - ck_assert(chunk_equals(a, foobar)); + ck_assert_chunk_eq(a, foobar); a = chunk_skip(a, 1); - ck_assert(chunk_equals(a, chunk_from_str("oobar"))); + ck_assert_chunk_eq(a, chunk_from_str("oobar")); a = chunk_skip(a, 2); - ck_assert(chunk_equals(a, chunk_from_str("bar"))); + ck_assert_chunk_eq(a, chunk_from_str("bar")); a = chunk_skip(a, 3); assert_chunk_empty(a); @@ -338,20 +338,24 @@ START_TEST(test_chunk_skip_zero) { chunk_t foobar, a; - a = chunk_empty; - a = chunk_skip_zero(a); + a = chunk_skip_zero(chunk_empty); assert_chunk_empty(a); foobar = chunk_from_str("foobar"); - a = foobar; - a = chunk_skip_zero(a); - ck_assert(chunk_equals(a, foobar)); + a = chunk_skip_zero(foobar); + ck_assert_chunk_eq(a, foobar); - a = chunk_from_chars(0x00, 0xaa, 0xbb, 0xcc); - a = chunk_skip_zero(a); - ck_assert(chunk_equals(a, chunk_from_chars(0xaa, 0xbb, 0xcc))); + foobar = chunk_from_chars(0x00); + a = chunk_skip_zero(foobar); + ck_assert_chunk_eq(a, foobar); + + a = chunk_skip_zero(chunk_from_chars(0x00, 0xaa, 0xbb, 0xcc)); + ck_assert_chunk_eq(a, chunk_from_chars(0xaa, 0xbb, 0xcc)); a = chunk_skip_zero(a); - ck_assert(chunk_equals(a, chunk_from_chars(0xaa, 0xbb, 0xcc))); + ck_assert_chunk_eq(a, chunk_from_chars(0xaa, 0xbb, 0xcc)); + + a = chunk_skip_zero(chunk_from_chars(0x00, 0x00, 0xaa, 0xbb, 0xcc)); + ck_assert_chunk_eq(a, chunk_from_chars(0xaa, 0xbb, 0xcc)); } END_TEST @@ -736,7 +740,7 @@ START_TEST(test_chunk_mac) { chunk_t in; u_char key[16]; - u_int64_t out; + uint64_t out; int i, count; count = countof(sip_vectors); @@ -765,7 +769,7 @@ END_TEST START_TEST(test_chunk_hash) { chunk_t chunk; - u_int32_t hash_a, hash_b, hash_c; + uint32_t hash_a, hash_b, hash_c; chunk = chunk_from_str("asdf"); @@ -787,7 +791,7 @@ END_TEST START_TEST(test_chunk_hash_static) { chunk_t in; - u_int32_t out, hash_a, hash_b, hash_inc = 0x7b891a95; + uint32_t out, hash_a, hash_b, hash_inc = 0x7b891a95; int i, count; count = countof(sip_vectors); @@ -813,7 +817,7 @@ END_TEST * test for chunk_internet_checksum[_inc]() */ -static inline u_int16_t compensate_alignment(u_int16_t val) +static inline uint16_t compensate_alignment(uint16_t val) { return ((val & 0xff) << 8) | (val >> 8); } @@ -821,7 +825,7 @@ static inline u_int16_t compensate_alignment(u_int16_t val) START_TEST(test_chunk_internet_checksum) { chunk_t chunk; - u_int16_t sum; + uint16_t sum; chunk = chunk_from_chars(0x45,0x00,0x00,0x30,0x44,0x22,0x40,0x00,0x80,0x06, 0x00,0x00,0x8c,0x7c,0x19,0xac,0xae,0x24,0x1e,0x2b); diff --git a/src/libstrongswan/tests/suites/test_host.c b/src/libstrongswan/tests/suites/test_host.c index 5cb8013ff..5d054577a 100644 --- a/src/libstrongswan/tests/suites/test_host.c +++ b/src/libstrongswan/tests/suites/test_host.c @@ -46,7 +46,7 @@ static void verify_netmask(chunk_t addr, int mask) * host_create_any */ -static void verify_any(host_t *host, int family, u_int16_t port) +static void verify_any(host_t *host, int family, uint16_t port) { verify_netmask(host->get_address(host), 0); ck_assert(host->is_anyaddr(host)); @@ -88,7 +88,7 @@ END_TEST * host_create_from_string */ -static void verify_address(host_t *host, chunk_t addr, int family, u_int16_t port) +static void verify_address(host_t *host, chunk_t addr, int family, uint16_t port) { ck_assert(chunk_equals(host->get_address(host), addr)); ck_assert(!host->is_anyaddr(host)); @@ -656,7 +656,7 @@ END_TEST static struct { char *addr; - u_int16_t port; + uint16_t port; /* results for %H, %+H, %#H (falls back to [0]) */ char *result[3]; } printf_data[] = { diff --git a/src/libstrongswan/tests/suites/test_iv_gen.c b/src/libstrongswan/tests/suites/test_iv_gen.c index 4e45c8538..8b0a14b79 100644 --- a/src/libstrongswan/tests/suites/test_iv_gen.c +++ b/src/libstrongswan/tests/suites/test_iv_gen.c @@ -21,17 +21,17 @@ START_TEST(test_iv_gen_seq) { iv_gen_t *iv_gen; - u_int64_t iv0, iv1_1, iv1_2; + uint64_t iv0, iv1_1, iv1_2; iv_gen = iv_gen_seq_create(); - ck_assert(iv_gen->get_iv(iv_gen, 0, 8, (u_int8_t*)&iv0)); - ck_assert(iv_gen->get_iv(iv_gen, 1, 8, (u_int8_t*)&iv1_1)); + ck_assert(iv_gen->get_iv(iv_gen, 0, 8, (uint8_t*)&iv0)); + ck_assert(iv_gen->get_iv(iv_gen, 1, 8, (uint8_t*)&iv1_1)); ck_assert(iv0 != iv1_1); /* every sequence number may be used twice, but results in a different IV */ - ck_assert(iv_gen->get_iv(iv_gen, 1, 8, (u_int8_t*)&iv1_2)); + ck_assert(iv_gen->get_iv(iv_gen, 1, 8, (uint8_t*)&iv1_2)); ck_assert(iv0 != iv1_2); ck_assert(iv1_1 != iv1_2); - ck_assert(!iv_gen->get_iv(iv_gen, 1, 8, (u_int8_t*)&iv1_2)); + ck_assert(!iv_gen->get_iv(iv_gen, 1, 8, (uint8_t*)&iv1_2)); iv_gen->destroy(iv_gen); } END_TEST @@ -39,19 +39,19 @@ END_TEST START_TEST(test_iv_gen_seq_len) { iv_gen_t *iv_gen; - u_int64_t iv; - u_int8_t buf[9]; + uint64_t iv; + uint8_t buf[9]; iv_gen = iv_gen_seq_create(); - ck_assert(!iv_gen->get_iv(iv_gen, 0, 0, (u_int8_t*)&iv)); - ck_assert(!iv_gen->get_iv(iv_gen, 0, 1, (u_int8_t*)&iv)); - ck_assert(!iv_gen->get_iv(iv_gen, 0, 2, (u_int8_t*)&iv)); - ck_assert(!iv_gen->get_iv(iv_gen, 0, 3, (u_int8_t*)&iv)); - ck_assert(!iv_gen->get_iv(iv_gen, 0, 4, (u_int8_t*)&iv)); - ck_assert(!iv_gen->get_iv(iv_gen, 0, 5, (u_int8_t*)&iv)); - ck_assert(!iv_gen->get_iv(iv_gen, 0, 6, (u_int8_t*)&iv)); - ck_assert(!iv_gen->get_iv(iv_gen, 0, 7, (u_int8_t*)&iv)); - ck_assert(iv_gen->get_iv(iv_gen, 0, 8, (u_int8_t*)&iv)); + ck_assert(!iv_gen->get_iv(iv_gen, 0, 0, (uint8_t*)&iv)); + ck_assert(!iv_gen->get_iv(iv_gen, 0, 1, (uint8_t*)&iv)); + ck_assert(!iv_gen->get_iv(iv_gen, 0, 2, (uint8_t*)&iv)); + ck_assert(!iv_gen->get_iv(iv_gen, 0, 3, (uint8_t*)&iv)); + ck_assert(!iv_gen->get_iv(iv_gen, 0, 4, (uint8_t*)&iv)); + ck_assert(!iv_gen->get_iv(iv_gen, 0, 5, (uint8_t*)&iv)); + ck_assert(!iv_gen->get_iv(iv_gen, 0, 6, (uint8_t*)&iv)); + ck_assert(!iv_gen->get_iv(iv_gen, 0, 7, (uint8_t*)&iv)); + ck_assert(iv_gen->get_iv(iv_gen, 0, 8, (uint8_t*)&iv)); ck_assert(iv_gen->get_iv(iv_gen, 0, 9, buf)); iv_gen->destroy(iv_gen); } diff --git a/src/libstrongswan/tests/suites/test_ntru.c b/src/libstrongswan/tests/suites/test_ntru.c index d209fa2bc..0a6d24d04 100644 --- a/src/libstrongswan/tests/suites/test_ntru.c +++ b/src/libstrongswan/tests/suites/test_ntru.c @@ -25,7 +25,7 @@ #include IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_drbg_create, ntru_drbg_t*, - u_int32_t strength, chunk_t pers_str, rng_t *entropy) + uint32_t strength, chunk_t pers_str, rng_t *entropy) IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*, size_t len, hash_algorithm_t alg, chunk_t seed) @@ -36,7 +36,7 @@ IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_seed, ntru_poly_t*, uint32_t indices_len_m, bool is_product_form) IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_data, ntru_poly_t*, - u_int16_t *data, uint16_t N, uint16_t q, + uint16_t *data, uint16_t N, uint16_t q, uint32_t indices_len_p, uint32_t indices_len_m, bool is_product_form) @@ -73,8 +73,8 @@ char *parameter_sets[] = { }; typedef struct { - u_int32_t requested; - u_int32_t standard; + uint32_t requested; + uint32_t standard; }strength_t; strength_t strengths[] = { diff --git a/src/libstrongswan/tests/suites/test_printf.c b/src/libstrongswan/tests/suites/test_printf.c index 9e40d1fc0..377f2a767 100644 --- a/src/libstrongswan/tests/suites/test_printf.c +++ b/src/libstrongswan/tests/suites/test_printf.c @@ -75,7 +75,7 @@ END_TEST START_TEST(test_printf_unsigned) { - verify("1 23 456", "%u %lu %llu", 1, (u_long)23, (u_int64_t)456); + verify("1 23 456", "%u %lu %llu", 1, (u_long)23, (uint64_t)456); verify("65535 255", "%hu %hhu", 0x1ffff, 0x1ff); verify("123456789", "%zu", (size_t)123456789); verify(" 12", "%5u", 12); @@ -99,7 +99,7 @@ END_TEST START_TEST(test_printf_hex) { - verify("1 23 456", "%x %lx %llx", 1, (u_long)0x23, (u_int64_t)0x456); + verify("1 23 456", "%x %lx %llx", 1, (u_long)0x23, (uint64_t)0x456); verify("12abcdef 12ABCDEF", "%x %X", 0x12ABCDEF, 0x12ABCDEF); verify("ffff ff", "%hx %hhx", 0x1ffff, 0x1ff); verify("23456789", "%zx", (size_t)0x23456789); @@ -170,10 +170,10 @@ END_TEST START_TEST(test_printf_pri) { - verify("255", "%" PRIu8, (u_int8_t)0xFF); - verify("65535", "%" PRIu16, (u_int16_t)0xFFFF); - verify("4294967295", "%" PRIu32, (u_int32_t)0x1FFFFFFFFll); - verify("18446744073709551615", "%" PRIu64, (u_int64_t)0xFFFFFFFFFFFFFFFFll); + verify("255", "%" PRIu8, (uint8_t)0xFF); + verify("65535", "%" PRIu16, (uint16_t)0xFFFF); + verify("4294967295", "%" PRIu32, (uint32_t)0x1FFFFFFFFll); + verify("18446744073709551615", "%" PRIu64, (uint64_t)0xFFFFFFFFFFFFFFFFll); verify("-1", "%" PRId8, (int8_t)-1); verify("-1", "%" PRId16, (int16_t)-1); diff --git a/src/libstrongswan/tests/suites/test_traffic_selector.c b/src/libstrongswan/tests/suites/test_traffic_selector.c index 5c0fb754d..0d5d877ac 100644 --- a/src/libstrongswan/tests/suites/test_traffic_selector.c +++ b/src/libstrongswan/tests/suites/test_traffic_selector.c @@ -198,7 +198,7 @@ struct { char *from; char *to; char *net; - u_int8_t mask; + uint8_t mask; bool exact; } to_subnet_tests[] = { { TS_IPV4_ADDR_RANGE, "10.0.0.1", "10.0.0.1", "10.0.0.1", 32, TRUE }, @@ -218,7 +218,7 @@ START_TEST(test_to_subnet) { traffic_selector_t *ts; host_t *net, *exp_net; - u_int8_t mask; + uint8_t mask; ts = traffic_selector_create_from_string(0, to_subnet_tests[_i].type, to_subnet_tests[_i].from, 0, to_subnet_tests[_i].to, 0); @@ -234,9 +234,9 @@ END_TEST struct { char *cidr; - u_int16_t from_port; - u_int16_t to_port; - u_int16_t port; + uint16_t from_port; + uint16_t to_port; + uint16_t port; } to_subnet_port_tests[] = { { "10.0.0.0/8", 0, 0, 0 }, { "10.0.0.1/32", 80, 80, 80 }, @@ -252,7 +252,7 @@ START_TEST(test_to_subnet_port) { traffic_selector_t *ts; host_t *net, *exp_net; - u_int8_t mask; + uint8_t mask; int exp_mask; ts = traffic_selector_create_from_cidr(to_subnet_port_tests[_i].cidr, 0, @@ -431,9 +431,9 @@ struct { bool contained; struct { char *net; - u_int8_t proto; - u_int16_t from_port; - u_int16_t to_port; + uint8_t proto; + uint16_t from_port; + uint16_t to_port; } a, b; } is_contained_in_tests[] = { { TRUE, { "10.0.0.0/16", 0, 0, 65535 }, { "10.0.0.0/16", 0, 0, 65535 }, }, @@ -555,9 +555,9 @@ struct { int res; struct { char *net; - u_int8_t proto; - u_int16_t from_port; - u_int16_t to_port; + uint8_t proto; + uint16_t from_port; + uint16_t to_port; } a, b; } cmp_tests[] = { { 0, { "10.0.0.0/8", 0, 0, 65535 }, { "10.0.0.0/8", 0, 0, 65535 }, }, @@ -706,13 +706,13 @@ START_TEST(test_hash) END_TEST struct { - u_int8_t proto; - u_int16_t from_port; - u_int16_t to_port; - u_int8_t from_type; - u_int8_t from_code; - u_int8_t to_type; - u_int8_t to_code; + uint8_t proto; + uint16_t from_port; + uint16_t to_port; + uint8_t from_type; + uint8_t from_code; + uint8_t to_type; + uint8_t to_code; char *str; char *str_alt; } icmp_tests[] = { @@ -731,7 +731,7 @@ struct { START_TEST(test_icmp) { traffic_selector_t *ts; - u_int16_t from, to; + uint16_t from, to; ts = traffic_selector_create_dynamic(icmp_tests[_i].proto, icmp_tests[_i].from_port, icmp_tests[_i].to_port); diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c index 104b0b2c0..1eb3c8bc3 100644 --- a/src/libstrongswan/tests/suites/test_utils.c +++ b/src/libstrongswan/tests/suites/test_utils.c @@ -121,9 +121,9 @@ END_TEST START_TEST(test_htoun) { chunk_t net64, expected; - u_int16_t host16 = 513; - u_int32_t net16 = 0, host32 = 67305985; - u_int64_t net32 = 0, host64 = 578437695752307201ULL; + uint16_t host16 = 513; + uint32_t net16 = 0, host32 = 67305985; + uint64_t net32 = 0, host64 = 578437695752307201ULL; net64 = chunk_alloca(16); memset(net64.ptr, 0, net64.len); @@ -133,14 +133,14 @@ START_TEST(test_htoun) ck_assert(chunk_equals(expected, chunk_from_thing(net16))); expected = chunk_from_chars(0x00, 0x00, 0x04, 0x03, 0x02, 0x01, 0x00, 0x00); - htoun32((u_int16_t*)&net32 + 1, host32); + htoun32((uint16_t*)&net32 + 1, host32); ck_assert(chunk_equals(expected, chunk_from_thing(net32))); expected = chunk_from_chars(0x00, 0x00, 0x00, 0x00, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x00, 0x00, 0x00); - htoun64((u_int32_t*)net64.ptr + 1, host64); + htoun64((uint32_t*)net64.ptr + 1, host64); ck_assert(chunk_equals(expected, net64)); } END_TEST @@ -148,9 +148,9 @@ END_TEST START_TEST(test_untoh) { chunk_t net; - u_int16_t host16; - u_int32_t host32; - u_int64_t host64; + uint16_t host16; + uint32_t host32; + uint64_t host64; net = chunk_from_chars(0x00, 0x02, 0x01, 0x00); host16 = untoh16(net.ptr + 1); @@ -196,6 +196,82 @@ START_TEST(test_round) } END_TEST +/******************************************************************************* + * streq + */ + +static struct { + char *a; + char *b; + bool eq; + bool case_eq; +} streq_data[] = { + {NULL, NULL, TRUE, TRUE}, + {NULL, "", FALSE, FALSE}, + {"", NULL, FALSE, FALSE}, + {"abc", "", FALSE, FALSE}, + {"abc", "abc", TRUE, TRUE}, + {"abc", "ABC", FALSE, TRUE}, +}; + +START_TEST(test_streq) +{ + bool eq; + + ck_assert(streq(streq_data[_i].a, streq_data[_i].a)); + ck_assert(streq(streq_data[_i].b, streq_data[_i].b)); + eq = streq(streq_data[_i].a, streq_data[_i].b); + ck_assert(eq == streq_data[_i].eq); + + ck_assert(strcaseeq(streq_data[_i].a, streq_data[_i].a)); + ck_assert(strcaseeq(streq_data[_i].b, streq_data[_i].b)); + eq = strcaseeq(streq_data[_i].a, streq_data[_i].b); + ck_assert(eq == streq_data[_i].case_eq); +} +END_TEST + +/******************************************************************************* + * strneq + */ + +static struct { + char *a; + char *b; + size_t n; + bool eq; + bool case_eq; +} strneq_data[] = { + {NULL, NULL, 0, TRUE, TRUE}, + {NULL, NULL, 10, TRUE, TRUE}, + {NULL, "", 0, FALSE, FALSE}, + {"", NULL, 0, FALSE, FALSE}, + {"abc", "", 0, TRUE, TRUE}, + {"abc", "", 1, FALSE, FALSE}, + {"abc", "ab", 1, TRUE, TRUE}, + {"abc", "ab", 2, TRUE, TRUE}, + {"abc", "ab", 3, FALSE, FALSE}, + {"abc", "abc", 3, TRUE, TRUE}, + {"abc", "abc", 4, TRUE, TRUE}, + {"abc", "abC", 2, TRUE, TRUE}, + {"abc", "abC", 3, FALSE, TRUE}, +}; + +START_TEST(test_strneq) +{ + bool eq; + + ck_assert(strneq(strneq_data[_i].a, strneq_data[_i].a, strneq_data[_i].n)); + ck_assert(strneq(strneq_data[_i].b, strneq_data[_i].b, strneq_data[_i].n)); + eq = strneq(strneq_data[_i].a, strneq_data[_i].b, strneq_data[_i].n); + ck_assert(eq == strneq_data[_i].eq); + + ck_assert(strncaseeq(strneq_data[_i].a, strneq_data[_i].a, strneq_data[_i].n)); + ck_assert(strncaseeq(strneq_data[_i].b, strneq_data[_i].b, strneq_data[_i].n)); + eq = strncaseeq(strneq_data[_i].a, strneq_data[_i].b, strneq_data[_i].n); + ck_assert(eq == strneq_data[_i].case_eq); +} +END_TEST + /******************************************************************************* * strpfx */ @@ -308,7 +384,7 @@ END_TEST START_TEST(test_memxor_aligned) { - u_int64_t a = 0, b = 0; + uint64_t a = 0, b = 0; chunk_t ca, cb; int i; @@ -848,6 +924,8 @@ Suite *utils_suite_create() suite_add_tcase(s, tc); tc = tcase_create("string helper"); + tcase_add_loop_test(tc, test_streq, 0, countof(streq_data)); + tcase_add_loop_test(tc, test_strneq, 0, countof(strneq_data)); tcase_add_loop_test(tc, test_strpfx, 0, countof(strpfx_data)); suite_add_tcase(s, tc); diff --git a/src/libstrongswan/tests/test_runner.c b/src/libstrongswan/tests/test_runner.c index 66d0e612d..ed77b3c86 100644 --- a/src/libstrongswan/tests/test_runner.c +++ b/src/libstrongswan/tests/test_runner.c @@ -89,6 +89,28 @@ static void apply_filter(array_t *loaded, char *filter, bool exclude) names->destroy(names); } +/** + * Check if the given string is contained in the filter string. + */ +static bool is_in_filter(const char *find, char *filter) +{ + enumerator_t *names; + bool found = FALSE; + char *name; + + names = enumerator_create_token(filter, ",", " "); + while (names->enumerate(names, &name)) + { + if (streq(name, find)) + { + found = TRUE; + break; + } + } + names->destroy(names); + return found; +} + /** * Removes and destroys test suites that are not selected or * explicitly excluded. @@ -524,11 +546,17 @@ int test_runner_run(const char *name, test_configuration_t configs[], enumerator_t *enumerator; int passed = 0, result; level_t level = LEVEL_SILENT; - char *cfg, *verbosity; + char *cfg, *runners, *verbosity; /* redirect all output to stderr (to redirect make's stdout to /dev/null) */ dup2(2, 1); + runners = getenv("TESTS_RUNNERS"); + if (runners && !is_in_filter(name, runners)) + { + return EXIT_SUCCESS; + } + cfg = getenv("TESTS_STRONGSWAN_CONF"); suites = load_suites(configs, init, cfg); diff --git a/src/libstrongswan/tests/test_runner.h b/src/libstrongswan/tests/test_runner.h index 5c3057096..e0fe767c5 100644 --- a/src/libstrongswan/tests/test_runner.h +++ b/src/libstrongswan/tests/test_runner.h @@ -70,6 +70,7 @@ struct test_configuration_t { * - TESTS_VERBOSITY: Numerical loglevel for debug log * - TESTS_STRONGSWAN_CONF: Specify a path to a custom strongswan.conf * - TESTS_PLUGINS: Specify an explicit list of plugins to load + * - TESTS_RUNNERS: Run specific test runners only * - TESTS_SUITES: Run specific test suites only * - TESTS_SUITES_EXCLUDE: Don't run specific test suites * - TESTS_REDUCED_KEYLENGTHS: Test minimal keylengths for public key tests only @@ -77,6 +78,9 @@ struct test_configuration_t { * Please note that TESTS_PLUGINS actually must be implemented by the init * callback function, as plugin loading is delegated. * + * EXIT_SUCCESS is returned right away if TESTS_RUNNERS is defined but the name + * passed to this function is not contained in it. + * * @param name name of test runner * @param config test suite constructors with dependencies * @param init_cb init/deinit callback diff --git a/src/libstrongswan/tests/utils/test_rng.c b/src/libstrongswan/tests/utils/test_rng.c index 01569509b..2985a56e3 100644 --- a/src/libstrongswan/tests/utils/test_rng.c +++ b/src/libstrongswan/tests/utils/test_rng.c @@ -34,7 +34,7 @@ struct private_rng_t { }; METHOD(rng_t, get_bytes, bool, - private_rng_t *this, size_t bytes, u_int8_t *buffer) + private_rng_t *this, size_t bytes, uint8_t *buffer) { if (bytes > this->entropy.len) { diff --git a/src/libstrongswan/threading/thread.c b/src/libstrongswan/threading/thread.c index 3d87e7fca..de5cbaa21 100644 --- a/src/libstrongswan/threading/thread.c +++ b/src/libstrongswan/threading/thread.c @@ -278,18 +278,27 @@ static private_thread_t *thread_create_internal() } /** - * Main cleanup function for threads. + * Remove and run all cleanup handlers in reverse order. */ -static void thread_cleanup(private_thread_t *this) +static void thread_cleanup_popall_internal(private_thread_t *this) { cleanup_handler_t *handler; - this->mutex->lock(this->mutex); + while (this->cleanup_handlers->remove_last(this->cleanup_handlers, - (void**)&handler) == SUCCESS) + (void**)&handler) == SUCCESS) { handler->cleanup(handler->arg); free(handler); } +} + +/** + * Main cleanup function for threads. + */ +static void thread_cleanup(private_thread_t *this) +{ + thread_cleanup_popall_internal(this); + this->mutex->lock(this->mutex); this->terminated = TRUE; thread_destroy(this); } @@ -417,15 +426,8 @@ void thread_cleanup_pop(bool execute) void thread_cleanup_popall() { private_thread_t *this = (private_thread_t*)thread_current(); - cleanup_handler_t *handler; - while (this->cleanup_handlers->get_count(this->cleanup_handlers)) - { - this->cleanup_handlers->remove_last(this->cleanup_handlers, - (void**)&handler); - handler->cleanup(handler->arg); - free(handler); - } + thread_cleanup_popall_internal(this); } /** diff --git a/src/libstrongswan/utils/chunk.c b/src/libstrongswan/utils/chunk.c index c4471be70..2f824a259 100644 --- a/src/libstrongswan/utils/chunk.c +++ b/src/libstrongswan/utils/chunk.c @@ -775,25 +775,25 @@ bool chunk_printable(chunk_t chunk, chunk_t *sane, char replace) /** * Helper functions for chunk_mac() */ -static inline u_int64_t sipget(u_char *in) +static inline uint64_t sipget(u_char *in) { - u_int64_t v = 0; + uint64_t v = 0; int i; for (i = 0; i < 64; i += 8, ++in) { - v |= ((u_int64_t)*in) << i; + v |= ((uint64_t)*in) << i; } return v; } -static inline u_int64_t siprotate(u_int64_t v, int shift) +static inline uint64_t siprotate(uint64_t v, int shift) { return (v << shift) | (v >> (64 - shift)); } -static inline void sipround(u_int64_t *v0, u_int64_t *v1, u_int64_t *v2, - u_int64_t *v3) +static inline void sipround(uint64_t *v0, uint64_t *v1, uint64_t *v2, + uint64_t *v3) { *v0 += *v1; *v1 = siprotate(*v1, 13); @@ -814,8 +814,8 @@ static inline void sipround(u_int64_t *v0, u_int64_t *v1, u_int64_t *v2, *v3 ^= *v0; } -static inline void sipcompress(u_int64_t *v0, u_int64_t *v1, u_int64_t *v2, - u_int64_t *v3, u_int64_t m) +static inline void sipcompress(uint64_t *v0, uint64_t *v1, uint64_t *v2, + uint64_t *v3, uint64_t m) { *v3 ^= m; sipround(v0, v1, v2, v3); @@ -823,28 +823,28 @@ static inline void sipcompress(u_int64_t *v0, u_int64_t *v1, u_int64_t *v2, *v0 ^= m; } -static inline u_int64_t siplast(size_t len, u_char *pos) +static inline uint64_t siplast(size_t len, u_char *pos) { - u_int64_t b; + uint64_t b; int rem = len & 7; - b = ((u_int64_t)len) << 56; + b = ((uint64_t)len) << 56; switch (rem) { case 7: - b |= ((u_int64_t)pos[6]) << 48; + b |= ((uint64_t)pos[6]) << 48; case 6: - b |= ((u_int64_t)pos[5]) << 40; + b |= ((uint64_t)pos[5]) << 40; case 5: - b |= ((u_int64_t)pos[4]) << 32; + b |= ((uint64_t)pos[4]) << 32; case 4: - b |= ((u_int64_t)pos[3]) << 24; + b |= ((uint64_t)pos[3]) << 24; case 3: - b |= ((u_int64_t)pos[2]) << 16; + b |= ((uint64_t)pos[2]) << 16; case 2: - b |= ((u_int64_t)pos[1]) << 8; + b |= ((uint64_t)pos[1]) << 8; case 1: - b |= ((u_int64_t)pos[0]); + b |= ((uint64_t)pos[0]); break; case 0: break; @@ -855,9 +855,9 @@ static inline u_int64_t siplast(size_t len, u_char *pos) /** * Caculate SipHash-2-4 with an optional first block given as argument. */ -static u_int64_t chunk_mac_inc(chunk_t chunk, u_char *key, u_int64_t m) +static uint64_t chunk_mac_inc(chunk_t chunk, u_char *key, uint64_t m) { - u_int64_t v0, v1, v2, v3, k0, k1; + uint64_t v0, v1, v2, v3, k0, k1; size_t len = chunk.len; u_char *pos = chunk.ptr, *end; @@ -896,7 +896,7 @@ static u_int64_t chunk_mac_inc(chunk_t chunk, u_char *key, u_int64_t m) /** * Described in header. */ -u_int64_t chunk_mac(chunk_t chunk, u_char *key) +uint64_t chunk_mac(chunk_t chunk, u_char *key) { return chunk_mac_inc(chunk, key, 0); } @@ -957,16 +957,16 @@ void chunk_hash_seed() /** * Described in header. */ -u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash) +uint32_t chunk_hash_inc(chunk_t chunk, uint32_t hash) { /* we could use a mac of the previous hash, but this is faster */ - return chunk_mac_inc(chunk, key, ((u_int64_t)hash) << 32 | hash); + return chunk_mac_inc(chunk, key, ((uint64_t)hash) << 32 | hash); } /** * Described in header. */ -u_int32_t chunk_hash(chunk_t chunk) +uint32_t chunk_hash(chunk_t chunk) { return chunk_mac(chunk, key); } @@ -974,15 +974,15 @@ u_int32_t chunk_hash(chunk_t chunk) /** * Described in header. */ -u_int32_t chunk_hash_static_inc(chunk_t chunk, u_int32_t hash) +uint32_t chunk_hash_static_inc(chunk_t chunk, uint32_t hash) { /* we could use a mac of the previous hash, but this is faster */ - return chunk_mac_inc(chunk, static_key, ((u_int64_t)hash) << 32 | hash); + return chunk_mac_inc(chunk, static_key, ((uint64_t)hash) << 32 | hash); } /** * Described in header. */ -u_int32_t chunk_hash_static(chunk_t chunk) +uint32_t chunk_hash_static(chunk_t chunk) { return chunk_mac(chunk, static_key); } @@ -990,9 +990,9 @@ u_int32_t chunk_hash_static(chunk_t chunk) /** * Described in header. */ -u_int16_t chunk_internet_checksum_inc(chunk_t data, u_int16_t checksum) +uint16_t chunk_internet_checksum_inc(chunk_t data, uint16_t checksum) { - u_int32_t sum = ntohs((u_int16_t)~checksum); + uint32_t sum = ntohs((uint16_t)~checksum); while (data.len > 1) { @@ -1001,7 +1001,7 @@ u_int16_t chunk_internet_checksum_inc(chunk_t data, u_int16_t checksum) } if (data.len) { - sum += (u_int16_t)*data.ptr << 8; + sum += (uint16_t)*data.ptr << 8; } while (sum >> 16) { @@ -1013,7 +1013,7 @@ u_int16_t chunk_internet_checksum_inc(chunk_t data, u_int16_t checksum) /** * Described in header. */ -u_int16_t chunk_internet_checksum(chunk_t data) +uint16_t chunk_internet_checksum(chunk_t data) { return chunk_internet_checksum_inc(data, 0xffff); } diff --git a/src/libstrongswan/utils/chunk.h b/src/libstrongswan/utils/chunk.h index 2ec7f7543..160d09944 100644 --- a/src/libstrongswan/utils/chunk.h +++ b/src/libstrongswan/utils/chunk.h @@ -280,11 +280,11 @@ static inline chunk_t chunk_skip(chunk_t chunk, size_t bytes) } /** - * Skip a leading zero-valued byte + * Skip any leading zero-valued bytes */ static inline chunk_t chunk_skip_zero(chunk_t chunk) { - if (chunk.len > 1 && *chunk.ptr == 0x00) + while (chunk.len > 1 && *chunk.ptr == 0x00) { chunk.ptr++; chunk.len--; @@ -375,7 +375,7 @@ void chunk_hash_seed(); * @param chunk data to hash * @return hash value */ -u_int32_t chunk_hash(chunk_t chunk); +uint32_t chunk_hash(chunk_t chunk); /** * Incremental version of chunk_hash. Use this to hash two or more chunks. @@ -384,7 +384,7 @@ u_int32_t chunk_hash(chunk_t chunk); * @param hash previous hash value * @return hash value */ -u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash); +uint32_t chunk_hash_inc(chunk_t chunk, uint32_t hash); /** * Computes a 32 bit hash of the given chunk. @@ -398,7 +398,7 @@ u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash); * @param chunk data to hash * @return hash value */ -u_int32_t chunk_hash_static(chunk_t chunk); +uint32_t chunk_hash_static(chunk_t chunk); /** * Incremental version of chunk_hash_static(). Use this to hash two or more @@ -408,7 +408,7 @@ u_int32_t chunk_hash_static(chunk_t chunk); * @param hash previous hash value * @return hash value */ -u_int32_t chunk_hash_static_inc(chunk_t chunk, u_int32_t hash); +uint32_t chunk_hash_static_inc(chunk_t chunk, uint32_t hash); /** * Computes a quick MAC from the given chunk and key using SipHash. @@ -422,7 +422,7 @@ u_int32_t chunk_hash_static_inc(chunk_t chunk, u_int32_t hash); * @param key key to use * @return MAC for given input and key */ -u_int64_t chunk_mac(chunk_t chunk, u_char *key); +uint64_t chunk_mac(chunk_t chunk, u_char *key); /** * Calculate the Internet Checksum according to RFC 1071 for the given chunk. @@ -434,7 +434,7 @@ u_int64_t chunk_mac(chunk_t chunk, u_char *key); * @param data data to process * @return checksum (one's complement, network order) */ -u_int16_t chunk_internet_checksum(chunk_t data); +uint16_t chunk_internet_checksum(chunk_t data); /** * Extend the given Internet Checksum (one's complement, in network byte order) @@ -447,7 +447,7 @@ u_int16_t chunk_internet_checksum(chunk_t data); * @param checksum previous checksum (one's complement, network order) * @return checksum (one's complement, network order) */ -u_int16_t chunk_internet_checksum_inc(chunk_t data, u_int16_t checksum); +uint16_t chunk_internet_checksum_inc(chunk_t data, uint16_t checksum); /** * printf hook function for chunk_t. diff --git a/src/libstrongswan/utils/compat/android.h b/src/libstrongswan/utils/compat/android.h index b3ea9c475..6edd3effb 100644 --- a/src/libstrongswan/utils/compat/android.h +++ b/src/libstrongswan/utils/compat/android.h @@ -21,6 +21,8 @@ #ifndef ANDROID_H_ #define ANDROID_H_ +#include + /* stuff defined in AndroidConfig.h, which is included using the -include * command-line option, thus cannot be undefined using -U CFLAGS options. * the reason we have to undefine these flags in the first place, is that @@ -28,4 +30,19 @@ * actually defined. */ #undef HAVE_BACKTRACE +/* API level 21 changed quite a few things, we define some stuff here and not + * via CFLAGS in Android.mk files as it is easier to compare versions */ +#if __ANDROID_API__ >= 21 + +#define HAVE_PTHREAD_CONDATTR_INIT 1 +#define HAVE_CONDATTR_CLOCK_MONOTONIC 1 + +#define HAVE_SYS_CAPABILITY_H 1 + +#else /* __ANDROID_API__ */ + +#define HAVE_PTHREAD_COND_TIMEDWAIT_MONOTONIC 1 + +#endif /* __ANDROID_API__ */ + #endif /** ANDROID_H_ @}*/ diff --git a/src/libstrongswan/utils/cpu_feature.c b/src/libstrongswan/utils/cpu_feature.c index d86ca6bd8..0529701ea 100644 --- a/src/libstrongswan/utils/cpu_feature.c +++ b/src/libstrongswan/utils/cpu_feature.c @@ -102,7 +102,7 @@ static cpu_feature_t get_via_features() */ cpu_feature_t cpu_feature_get_all() { - char vendor[3 * sizeof(u_int32_t) + 1]; + char vendor[3 * sizeof(uint32_t) + 1]; cpu_feature_t f = 0; u_int a, b, c, d; diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index 2b2e907f0..384bd6c92 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -80,6 +80,7 @@ static const x501rdn_t x501rdns[] = { {"G", OID_GIVEN_NAME, ASN1_PRINTABLESTRING}, {"I", OID_INITIALS, ASN1_PRINTABLESTRING}, {"dnQualifier", OID_DN_QUALIFIER, ASN1_PRINTABLESTRING}, + {"dmdName", OID_DMD_NAME, ASN1_PRINTABLESTRING}, {"pseudonym", OID_PSEUDONYM, ASN1_PRINTABLESTRING}, {"ID", OID_UNIQUE_IDENTIFIER, ASN1_PRINTABLESTRING}, {"EN", OID_EMPLOYEE_NUMBER, ASN1_PRINTABLESTRING}, @@ -220,6 +221,7 @@ METHOD(enumerator_t, rdn_part_enumerate, bool, {OID_GIVEN_NAME, ID_PART_RDN_G}, {OID_INITIALS, ID_PART_RDN_I}, {OID_DN_QUALIFIER, ID_PART_RDN_DNQ}, + {OID_DMD_NAME, ID_PART_RDN_DMDN}, {OID_PSEUDONYM, ID_PART_RDN_PN}, {OID_UNIQUE_IDENTIFIER, ID_PART_RDN_ID}, {OID_EMAIL_ADDRESS, ID_PART_RDN_E}, @@ -727,7 +729,8 @@ METHOD(identification_t, equals_strcasecmp, bool, /* we do some extra sanity checks to check for invalid IDs with a * terminating null in it. */ - if (this->encoded.len == encoded.len && + if (this->type == other->get_type(other) && + this->encoded.len == encoded.len && memchr(this->encoded.ptr, 0, this->encoded.len) == NULL && memchr(encoded.ptr, 0, encoded.len) == NULL && strncasecmp(this->encoded.ptr, encoded.ptr, this->encoded.len) == 0) @@ -1152,15 +1155,15 @@ static private_identification_t *identification_create(id_type_t type) { case ID_ANY: this->public.hash = _hash_binary; - this->public.matches = _matches_any; this->public.equals = _equals_binary; + this->public.matches = _matches_any; this->public.contains_wildcards = return_true; break; case ID_FQDN: case ID_RFC822_ADDR: this->public.hash = _hash_binary; - this->public.matches = _matches_string; this->public.equals = _equals_strcasecmp; + this->public.matches = _matches_string; this->public.contains_wildcards = _contains_wildcards_memchr; break; case ID_DER_ASN1_DN: diff --git a/src/libstrongswan/utils/identification.h b/src/libstrongswan/utils/identification.h index 51d132491..206f7c3e0 100644 --- a/src/libstrongswan/utils/identification.h +++ b/src/libstrongswan/utils/identification.h @@ -168,6 +168,8 @@ enum id_part_t { ID_PART_RDN_I, /** DN Qualifier RDN of a DN */ ID_PART_RDN_DNQ, + /** dmdName RDN of a DN */ + ID_PART_RDN_DMDN, /** Pseudonym RDN of a DN */ ID_PART_RDN_PN, /** UniqueIdentifier RDN of a DN */ diff --git a/src/libstrongswan/utils/integrity_checker.c b/src/libstrongswan/utils/integrity_checker.c index b66df02e7..6f9510b3e 100644 --- a/src/libstrongswan/utils/integrity_checker.c +++ b/src/libstrongswan/utils/integrity_checker.c @@ -56,10 +56,10 @@ struct private_integrity_checker_t { int checksum_count; }; -METHOD(integrity_checker_t, build_file, u_int32_t, +METHOD(integrity_checker_t, build_file, uint32_t, private_integrity_checker_t *this, char *file, size_t *len) { - u_int32_t checksum; + uint32_t checksum; chunk_t *contents; contents = chunk_map(file, FALSE); @@ -109,7 +109,7 @@ static int callback(struct dl_phdr_info *dlpi, size_t size, Dl_info *dli) return 0; } -METHOD(integrity_checker_t, build_segment, u_int32_t, +METHOD(integrity_checker_t, build_segment, uint32_t, private_integrity_checker_t *this, void *sym, size_t *len) { chunk_t segment; @@ -154,7 +154,7 @@ METHOD(integrity_checker_t, check_file, bool, private_integrity_checker_t *this, char *name, char *file) { integrity_checksum_t *cs; - u_int32_t sum; + uint32_t sum; size_t len = 0; cs = find_checksum(this, name); @@ -188,7 +188,7 @@ METHOD(integrity_checker_t, check_segment, bool, private_integrity_checker_t *this, char *name, void *sym) { integrity_checksum_t *cs; - u_int32_t sum; + uint32_t sum; size_t len = 0; cs = find_checksum(this, name); diff --git a/src/libstrongswan/utils/integrity_checker.h b/src/libstrongswan/utils/integrity_checker.h index afaa114b3..2ac21c608 100644 --- a/src/libstrongswan/utils/integrity_checker.h +++ b/src/libstrongswan/utils/integrity_checker.h @@ -35,11 +35,11 @@ struct integrity_checksum_t { /* size in bytes of the file on disk */ size_t file_len; /* checksum of the file on disk */ - u_int32_t file; + uint32_t file; /* size in bytes of executable segment in memory */ size_t segment_len; /* checksum of the executable segment in memory */ - u_int32_t segment; + uint32_t segment; }; /** @@ -66,7 +66,7 @@ struct integrity_checker_t { * @param len return length in bytes of file * @return checksum, 0 on error */ - u_int32_t (*build_file)(integrity_checker_t *this, char *file, size_t *len); + uint32_t (*build_file)(integrity_checker_t *this, char *file, size_t *len); /** * Check the integrity of the code segment in memory. @@ -83,7 +83,7 @@ struct integrity_checker_t { * @param len return length in bytes of code segment in memory * @return checksum, 0 on error */ - u_int32_t (*build_segment)(integrity_checker_t *this, void *sym, size_t *len); + uint32_t (*build_segment)(integrity_checker_t *this, void *sym, size_t *len); /** * Check both, on disk file integrity and loaded segment. diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index 99f4843ad..d0f646c31 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -120,17 +120,17 @@ struct memory_header_t { /** * Padding to make sizeof(memory_header_t) == 32 */ - u_int32_t padding[sizeof(void*) == sizeof(u_int32_t) ? 3 : 0]; + uint32_t padding[sizeof(void*) == sizeof(uint32_t) ? 3 : 0]; /** * Number of bytes following after the header */ - u_int32_t bytes; + uint32_t bytes; /** * magic bytes to detect bad free or heap underflow, MEMORY_HEADER_MAGIC */ - u_int32_t magic; + uint32_t magic; }__attribute__((__packed__)); @@ -142,7 +142,7 @@ struct memory_tail_t { /** * Magic bytes to detect heap overflow, MEMORY_TAIL_MAGIC */ - u_int32_t magic; + uint32_t magic; }__attribute__((__packed__)); @@ -522,6 +522,7 @@ char *whitelist[] = { "vsyslog", "__syslog_chk", "__vsyslog_chk", + "__fprintf_chk", "getaddrinfo", "setlocale", "getpass", @@ -532,6 +533,7 @@ char *whitelist[] = { "getpwuid_r", "initgroups", "tzset", + "_IO_file_doallocate", /* ignore dlopen, as we do not dlclose to get proper leak reports */ "dlopen", "dlerror", @@ -562,6 +564,10 @@ char *whitelist[] = { "ECDSA_do_sign_ex", "ECDSA_verify", "RSA_new_method", + /* OpenSSL 1.1.0 does not cleanup anymore until the library is unloaded */ + "OPENSSL_init_crypto", + "CRYPTO_THREAD_lock_new", + "ERR_add_error_data", /* OpenSSL libssl */ "SSL_COMP_get_compression_methods", /* NSPR */ @@ -808,10 +814,11 @@ HOOK(void*, malloc, size_t bytes) HOOK(void*, calloc, size_t nmemb, size_t size) { void *ptr; + volatile size_t total; - size *= nmemb; - ptr = malloc(size); - memset(ptr, 0, size); + total = nmemb * size; + ptr = malloc(total); + memset(ptr, 0, total); return ptr; } @@ -837,6 +844,18 @@ HOOK(void, free, void *ptr) if (!enabled || thread_disabled->get(thread_disabled)) { + /* after deinitialization we might have to free stuff we allocated + * while we were enabled */ + if (!first_header.magic && ptr) + { + hdr = ptr - sizeof(memory_header_t); + tail = ptr + hdr->bytes; + if (hdr->magic == MEMORY_HEADER_MAGIC && + tail->magic == MEMORY_TAIL_MAGIC) + { + ptr = hdr; + } + } real_free(ptr); return; } @@ -953,6 +972,7 @@ METHOD(leak_detective_t, destroy, void, lock->destroy(lock); thread_disabled->destroy(thread_disabled); free(this); + first_header.magic = 0; first_header.next = NULL; } diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c index 40cb43d90..4deba0fe7 100644 --- a/src/libstrongswan/utils/utils.c +++ b/src/libstrongswan/utils/utils.c @@ -33,7 +33,7 @@ /* This is from the kernel sources. We limit the length of directory names to * 256 as we only use it to enumerate FDs. */ struct linux_dirent64 { - u_int64_t d_ino; + uint64_t d_ino; int64_t d_off; unsigned short d_reclen; unsigned char d_type; diff --git a/src/libstrongswan/utils/utils/align.c b/src/libstrongswan/utils/utils/align.c index 29f110ff1..ffdb1b5ce 100644 --- a/src/libstrongswan/utils/utils/align.c +++ b/src/libstrongswan/utils/utils/align.c @@ -20,9 +20,9 @@ /** * Described in header. */ -void* malloc_align(size_t size, u_int8_t align) +void* malloc_align(size_t size, uint8_t align) { - u_int8_t pad; + uint8_t pad; void *ptr; if (align == 0) @@ -46,7 +46,7 @@ void* malloc_align(size_t size, u_int8_t align) */ void free_align(void *ptr) { - u_int8_t pad, *pos; + uint8_t pad, *pos; pos = ptr - 1; /* verify padding to check any corruption */ diff --git a/src/libstrongswan/utils/utils/align.h b/src/libstrongswan/utils/utils/align.h index 39cde10c8..a28dc3668 100644 --- a/src/libstrongswan/utils/utils/align.h +++ b/src/libstrongswan/utils/utils/align.h @@ -74,7 +74,7 @@ static inline size_t round_down(size_t size, size_t alignment) * @param align alignment, up to 255 bytes, usually a power of 2 * @return allocated hunk, aligned to align bytes */ -void* malloc_align(size_t size, u_int8_t align); +void* malloc_align(size_t size, uint8_t align); /** * Free a hunk allocated by malloc_align(). diff --git a/src/libstrongswan/utils/utils/byteorder.h b/src/libstrongswan/utils/utils/byteorder.h index 3ccbad5f1..7c7e53420 100644 --- a/src/libstrongswan/utils/utils/byteorder.h +++ b/src/libstrongswan/utils/utils/byteorder.h @@ -26,7 +26,7 @@ * Architecture independent bitfield definition helpers (at least with GCC). * * Defines a bitfield with a type t and a fixed size of bitfield members, e.g.: - * BITFIELD2(u_int8_t, + * BITFIELD2(uint8_t, * low: 4, * high: 4, * ) flags; @@ -47,9 +47,14 @@ #ifndef le32toh # if BYTE_ORDER == BIG_ENDIAN # define le32toh(x) __builtin_bswap32(x) -# define htole32(x) __builtin_bswap32(x) # else # define le32toh(x) (x) +# endif +#endif +#ifndef htole32 +# if BYTE_ORDER == BIG_ENDIAN +# define htole32(x) __builtin_bswap32(x) +# else # define htole32(x) (x) # endif #endif @@ -57,9 +62,14 @@ #ifndef le64toh # if BYTE_ORDER == BIG_ENDIAN # define le64toh(x) __builtin_bswap64(x) -# define htole64(x) __builtin_bswap64(x) # else # define le64toh(x) (x) +# endif +#endif +#ifndef htole64 +# if BYTE_ORDER == BIG_ENDIAN +# define htole64(x) __builtin_bswap64(x) +# else # define htole64(x) (x) # endif #endif @@ -67,9 +77,14 @@ #ifndef be64toh # if BYTE_ORDER == BIG_ENDIAN # define be64toh(x) (x) -# define htobe64(x) (x) # else # define be64toh(x) __builtin_bswap64(x) +# endif +#endif +#ifndef htobe64 +# if BYTE_ORDER == BIG_ENDIAN +# define htobe64(x) (x) +# else # define htobe64(x) __builtin_bswap64(x) # endif #endif @@ -80,7 +95,7 @@ * @param host host order 16-bit value * @param network unaligned address to write network order value to */ -static inline void htoun16(void *network, u_int16_t host) +static inline void htoun16(void *network, uint16_t host) { char *unaligned = (char*)network; @@ -94,7 +109,7 @@ static inline void htoun16(void *network, u_int16_t host) * @param host host order 32-bit value * @param network unaligned address to write network order value to */ -static inline void htoun32(void *network, u_int32_t host) +static inline void htoun32(void *network, uint32_t host) { char *unaligned = (char*)network; @@ -108,7 +123,7 @@ static inline void htoun32(void *network, u_int32_t host) * @param host host order 64-bit value * @param network unaligned address to write network order value to */ -static inline void htoun64(void *network, u_int64_t host) +static inline void htoun64(void *network, uint64_t host) { char *unaligned = (char*)network; @@ -122,10 +137,10 @@ static inline void htoun64(void *network, u_int64_t host) * @param network unaligned address to read network order value from * @return host order value */ -static inline u_int16_t untoh16(void *network) +static inline uint16_t untoh16(void *network) { char *unaligned = (char*)network; - u_int16_t tmp; + uint16_t tmp; memcpy(&tmp, unaligned, sizeof(tmp)); return ntohs(tmp); @@ -137,10 +152,10 @@ static inline u_int16_t untoh16(void *network) * @param network unaligned address to read network order value from * @return host order value */ -static inline u_int32_t untoh32(void *network) +static inline uint32_t untoh32(void *network) { char *unaligned = (char*)network; - u_int32_t tmp; + uint32_t tmp; memcpy(&tmp, unaligned, sizeof(tmp)); return ntohl(tmp); @@ -152,10 +167,10 @@ static inline u_int32_t untoh32(void *network) * @param network unaligned address to read network order value from * @return host order value */ -static inline u_int64_t untoh64(void *network) +static inline uint64_t untoh64(void *network) { char *unaligned = (char*)network; - u_int64_t tmp; + uint64_t tmp; memcpy(&tmp, unaligned, sizeof(tmp)); return be64toh(tmp); @@ -167,9 +182,9 @@ static inline u_int64_t untoh64(void *network) * @param p unaligned address to read little endian value from * @return host order value */ -static inline u_int32_t uletoh32(void *p) +static inline uint32_t uletoh32(void *p) { - u_int32_t ret; + uint32_t ret; memcpy(&ret, p, sizeof(ret)); ret = le32toh(ret); @@ -182,7 +197,7 @@ static inline u_int32_t uletoh32(void *p) * @param p host order 32-bit value * @param v unaligned address to write little endian value to */ -static inline void htoule32(void *p, u_int32_t v) +static inline void htoule32(void *p, uint32_t v) { v = htole32(v); memcpy(p, &v, sizeof(v)); diff --git a/src/libstrongswan/utils/utils/memory.c b/src/libstrongswan/utils/utils/memory.c index a15371518..30c6f546c 100644 --- a/src/libstrongswan/utils/utils/memory.c +++ b/src/libstrongswan/utils/utils/memory.c @@ -20,7 +20,7 @@ /** * Described in header. */ -void memxor(u_int8_t dst[], u_int8_t src[], size_t n) +void memxor(uint8_t dst[], uint8_t src[], size_t n) { int m, i; diff --git a/src/libstrongswan/utils/utils/memory.h b/src/libstrongswan/utils/utils/memory.h index aef318f6c..b978e7c48 100644 --- a/src/libstrongswan/utils/utils/memory.h +++ b/src/libstrongswan/utils/utils/memory.h @@ -80,7 +80,7 @@ static inline void *memset_noop(void *s, int c, size_t n) /** * Same as memcpy, but XORs src into dst instead of copy */ -void memxor(u_int8_t dest[], u_int8_t src[], size_t n); +void memxor(uint8_t dest[], uint8_t src[], size_t n); /** * Safely overwrite n bytes of memory at ptr with zero, non-inlining variant. diff --git a/src/libstrongswan/utils/utils/string.h b/src/libstrongswan/utils/utils/string.h index 60eaaae22..562516b91 100644 --- a/src/libstrongswan/utils/utils/string.h +++ b/src/libstrongswan/utils/utils/string.h @@ -27,7 +27,7 @@ */ static inline bool streq(const char *x, const char *y) { - return strcmp(x, y) == 0; + return (x == y) || (x && y && strcmp(x, y) == 0); } /** @@ -35,7 +35,7 @@ static inline bool streq(const char *x, const char *y) */ static inline bool strneq(const char *x, const char *y, size_t len) { - return strncmp(x, y, len) == 0; + return (x == y) || (x && y && strncmp(x, y, len) == 0); } /** @@ -51,7 +51,7 @@ static inline bool strpfx(const char *x, const char *prefix) */ static inline bool strcaseeq(const char *x, const char *y) { - return strcasecmp(x, y) == 0; + return (x == y) || (x && y && strcasecmp(x, y) == 0); } /** @@ -59,7 +59,7 @@ static inline bool strcaseeq(const char *x, const char *y) */ static inline bool strncaseeq(const char *x, const char *y, size_t len) { - return strncasecmp(x, y, len) == 0; + return (x == y) || (x && y && strncasecmp(x, y, len) == 0); } /** diff --git a/src/libstrongswan/utils/utils/time.c b/src/libstrongswan/utils/utils/time.c index c67ae93f2..48e5151c0 100644 --- a/src/libstrongswan/utils/utils/time.c +++ b/src/libstrongswan/utils/utils/time.c @@ -121,7 +121,7 @@ int time_delta_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec, char* unit = "second"; time_t *arg1 = *((time_t**)(args[0])); time_t *arg2 = *((time_t**)(args[1])); - u_int64_t delta = llabs(*arg1 - *arg2); + uint64_t delta = llabs(*arg1 - *arg2); if (delta > 2 * 60 * 60 * 24) { diff --git a/src/libstrongswan/utils/utils/types.h b/src/libstrongswan/utils/utils/types.h index 056c2e0c2..45b5043bf 100644 --- a/src/libstrongswan/utils/utils/types.h +++ b/src/libstrongswan/utils/utils/types.h @@ -43,19 +43,6 @@ # define TRUE true #endif /* TRUE */ -/** - * define some missing fixed width int types on OpenSolaris. - * TODO: since the uintXX_t types are defined by the C99 standard we should - * probably use those anyway - */ -#if defined __sun || defined WIN32 -#include -typedef uint8_t u_int8_t; -typedef uint16_t u_int16_t; -typedef uint32_t u_int32_t; -typedef uint64_t u_int64_t; -#endif - #ifdef HAVE_INT128 /** * 128 bit wide signed integer, if supported @@ -70,7 +57,7 @@ typedef unsigned __int128 u_int128_t; # define MAX_UINT_TYPE u_int128_t #else # define MAX_INT_TYPE int64_t -# define MAX_UINT_TYPE u_int64_t +# define MAX_UINT_TYPE uint64_t #endif /** diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in index 8d16059f3..0bd5f741e 100644 --- a/src/libtls/Makefile.in +++ b/src/libtls/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ @USE_WINDOWS_TRUE@am__append_1 = -lws2_32 subdir = src/libtls -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp $(am__nobase_tls_include_HEADERS_DIST) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am \ + $(am__nobase_tls_include_HEADERS_DIST) $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -227,6 +237,7 @@ am__define_uniq_tagged_files = \ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -258,6 +269,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -307,6 +319,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -341,6 +354,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -452,6 +466,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -518,7 +533,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtls/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libtls/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -937,6 +951,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES \ uninstall-ipseclibLTLIBRARIES \ uninstall-nobase_tls_includeHEADERS +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libtls/tests/Makefile.in b/src/libtls/tests/Makefile.in index e57a95f4f..e00de3f47 100644 --- a/src/libtls/tests/Makefile.in +++ b/src/libtls/tests/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ host_triplet = @host@ TESTS = tls_tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = src/libtls/tests -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -197,12 +206,14 @@ am__tty_colors = { \ std=''; \ fi; \ } +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -252,6 +263,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -286,6 +298,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -397,6 +410,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtls/tests/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libtls/tests/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -885,6 +898,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libtls/tests/suites/test_socket.c b/src/libtls/tests/suites/test_socket.c index 42a4607b7..d105dd372 100644 --- a/src/libtls/tests/suites/test_socket.c +++ b/src/libtls/tests/suites/test_socket.c @@ -267,7 +267,7 @@ END_TEARDOWN */ typedef struct { tls_version_t version; - u_int16_t port; + uint16_t port; char *addr; chunk_t data; int fd; @@ -411,7 +411,7 @@ static void run_echo_client(echo_server_config_t *config) /** * Common test wrapper function for different test variants */ -static void test_tls(tls_version_t version, u_int16_t port, bool cauth, u_int i) +static void test_tls(tls_version_t version, uint16_t port, bool cauth, u_int i) { echo_server_config_t *config; tls_cipher_suite_t *suites; diff --git a/src/libtls/tls.c b/src/libtls/tls.c index 08a06f5ef..ea39f7fd1 100644 --- a/src/libtls/tls.c +++ b/src/libtls/tls.c @@ -83,9 +83,9 @@ ENUM_END(tls_extension_names, TLS_EXT_RENEGOTIATION_INFO); * TLS record */ typedef struct __attribute__((packed)) { - u_int8_t type; - u_int16_t version; - u_int16_t length; + uint8_t type; + uint16_t version; + uint16_t length; char data[]; } tls_record_t; diff --git a/src/libtls/tls_aead.c b/src/libtls/tls_aead.c index 67cfd3a75..f1daa6f45 100644 --- a/src/libtls/tls_aead.c +++ b/src/libtls/tls_aead.c @@ -44,18 +44,18 @@ struct private_tls_aead_t { * Associated header data to create signature over */ typedef struct __attribute__((__packed__)) { - u_int64_t seq; - u_int8_t type; - u_int16_t version; - u_int16_t length; + uint64_t seq; + uint8_t type; + uint16_t version; + uint16_t length; } sigheader_t; METHOD(tls_aead_t, encrypt, bool, private_tls_aead_t *this, tls_version_t version, tls_content_type_t type, - u_int64_t seq, chunk_t *data) + uint64_t seq, chunk_t *data) { chunk_t assoc, encrypted, iv, plain; - u_int8_t icvlen; + uint8_t icvlen; sigheader_t hdr; iv_gen_t *gen; @@ -92,10 +92,10 @@ METHOD(tls_aead_t, encrypt, bool, METHOD(tls_aead_t, decrypt, bool, private_tls_aead_t *this, tls_version_t version, tls_content_type_t type, - u_int64_t seq, chunk_t *data) + uint64_t seq, chunk_t *data) { chunk_t assoc, iv; - u_int8_t icvlen; + uint8_t icvlen; sigheader_t hdr; iv.len = this->aead->get_iv_size(this->aead); diff --git a/src/libtls/tls_aead.h b/src/libtls/tls_aead.h index 1d5ba92b5..8b5cda5a7 100644 --- a/src/libtls/tls_aead.h +++ b/src/libtls/tls_aead.h @@ -50,7 +50,7 @@ struct tls_aead_t { * @return TRUE if successfully encrypted */ bool (*encrypt)(tls_aead_t *this, tls_version_t version, - tls_content_type_t type, u_int64_t seq, chunk_t *data); + tls_content_type_t type, uint64_t seq, chunk_t *data); /** * Decrypt and verify a TLS record. @@ -65,7 +65,7 @@ struct tls_aead_t { * @return TRUE if successfully decrypted */ bool (*decrypt)(tls_aead_t *this, tls_version_t version, - tls_content_type_t type, u_int64_t seq, chunk_t *data); + tls_content_type_t type, uint64_t seq, chunk_t *data); /** * Get the authentication key size. diff --git a/src/libtls/tls_aead_expl.c b/src/libtls/tls_aead_expl.c index 80b0db38c..201c9bcf8 100644 --- a/src/libtls/tls_aead_expl.c +++ b/src/libtls/tls_aead_expl.c @@ -49,18 +49,18 @@ struct private_tls_aead_t { * Associated header data to create signature over */ typedef struct __attribute__((__packed__)) { - u_int64_t seq; - u_int8_t type; - u_int16_t version; - u_int16_t length; + uint64_t seq; + uint8_t type; + uint16_t version; + uint16_t length; } sigheader_t; METHOD(tls_aead_t, encrypt, bool, private_tls_aead_t *this, tls_version_t version, tls_content_type_t type, - u_int64_t seq, chunk_t *data) + uint64_t seq, chunk_t *data) { chunk_t assoc, mac, padding, iv; - u_int8_t bs, padlen; + uint8_t bs, padlen; sigheader_t hdr; hdr.type = type; @@ -100,10 +100,10 @@ METHOD(tls_aead_t, encrypt, bool, METHOD(tls_aead_t, decrypt, bool, private_tls_aead_t *this, tls_version_t version, tls_content_type_t type, - u_int64_t seq, chunk_t *data) + uint64_t seq, chunk_t *data) { chunk_t assoc, mac, iv; - u_int8_t bs, padlen; + uint8_t bs, padlen; sigheader_t hdr; size_t i; diff --git a/src/libtls/tls_aead_impl.c b/src/libtls/tls_aead_impl.c index d529ceba7..8f83cb456 100644 --- a/src/libtls/tls_aead_impl.c +++ b/src/libtls/tls_aead_impl.c @@ -47,18 +47,18 @@ struct private_tls_aead_t { * Associated header data to create signature over */ typedef struct __attribute__((__packed__)) { - u_int64_t seq; - u_int8_t type; - u_int16_t version; - u_int16_t length; + uint64_t seq; + uint8_t type; + uint16_t version; + uint16_t length; } sigheader_t; METHOD(tls_aead_t, encrypt, bool, private_tls_aead_t *this, tls_version_t version, - tls_content_type_t type, u_int64_t seq, chunk_t *data) + tls_content_type_t type, uint64_t seq, chunk_t *data) { chunk_t assoc, mac, padding; - u_int8_t bs, padlen; + uint8_t bs, padlen; sigheader_t hdr; hdr.type = type; @@ -95,10 +95,10 @@ METHOD(tls_aead_t, encrypt, bool, METHOD(tls_aead_t, decrypt, bool, private_tls_aead_t *this, tls_version_t version, - tls_content_type_t type, u_int64_t seq, chunk_t *data) + tls_content_type_t type, uint64_t seq, chunk_t *data) { chunk_t assoc, mac, iv; - u_int8_t bs, padlen; + uint8_t bs, padlen; sigheader_t hdr; size_t i; diff --git a/src/libtls/tls_aead_null.c b/src/libtls/tls_aead_null.c index 595b64000..cb4c10633 100644 --- a/src/libtls/tls_aead_null.c +++ b/src/libtls/tls_aead_null.c @@ -37,15 +37,15 @@ struct private_tls_aead_t { * Associated header data to create signature over */ typedef struct __attribute__((__packed__)) { - u_int64_t seq; - u_int8_t type; - u_int16_t version; - u_int16_t length; + uint64_t seq; + uint8_t type; + uint16_t version; + uint16_t length; } sigheader_t; METHOD(tls_aead_t, encrypt, bool, private_tls_aead_t *this, tls_version_t version, - tls_content_type_t type, u_int64_t seq, chunk_t *data) + tls_content_type_t type, uint64_t seq, chunk_t *data) { chunk_t assoc, mac; sigheader_t hdr; @@ -67,7 +67,7 @@ METHOD(tls_aead_t, encrypt, bool, METHOD(tls_aead_t, decrypt, bool, private_tls_aead_t *this, tls_version_t version, - tls_content_type_t type, u_int64_t seq, chunk_t *data) + tls_content_type_t type, uint64_t seq, chunk_t *data) { chunk_t assoc, mac; sigheader_t hdr; diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c index 2cffeb820..6bbd95873 100644 --- a/src/libtls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -1340,7 +1340,7 @@ METHOD(tls_crypto_t, set_protection, void, METHOD(tls_crypto_t, append_handshake, void, private_tls_crypto_t *this, tls_handshake_type_t type, chunk_t data) { - u_int32_t header; + uint32_t header; /* reconstruct handshake header */ header = htonl(data.len | (type << 24)); @@ -1407,7 +1407,7 @@ METHOD(tls_crypto_t, sign, bool, { signature_scheme_t scheme; bio_reader_t *reader; - u_int8_t hash, alg; + uint8_t hash, alg; chunk_t sig; bool done = FALSE; @@ -1487,7 +1487,7 @@ METHOD(tls_crypto_t, verify, bool, if (this->tls->get_version(this->tls) >= TLS_1_2) { signature_scheme_t scheme = SIGN_UNKNOWN; - u_int8_t hash, alg; + uint8_t hash, alg; chunk_t sig; if (!reader->read_uint8(reader, &hash) || diff --git a/src/libtls/tls_fragmentation.c b/src/libtls/tls_fragmentation.c index a97ca1eaa..3607aa3cb 100644 --- a/src/libtls/tls_fragmentation.c +++ b/src/libtls/tls_fragmentation.c @@ -127,7 +127,7 @@ static bool send_close_notify(private_tls_fragmentation_t *this) static status_t process_alert(private_tls_fragmentation_t *this, bio_reader_t *reader) { - u_int8_t level, description; + uint8_t level, description; if (!reader->read_uint8(reader, &level) || !reader->read_uint8(reader, &description)) @@ -147,8 +147,8 @@ static status_t process_handshake(private_tls_fragmentation_t *this, while (reader->remaining(reader)) { bio_reader_t *msg; - u_int8_t type; - u_int32_t len; + uint8_t type; + uint32_t len; status_t status; chunk_t data; diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c index 8087e2e2d..2ba6dd2a6 100644 --- a/src/libtls/tls_peer.c +++ b/src/libtls/tls_peer.c @@ -141,8 +141,8 @@ struct private_tls_peer_t { static status_t process_server_hello(private_tls_peer_t *this, bio_reader_t *reader) { - u_int8_t compression; - u_int16_t version, cipher; + uint8_t compression; + uint16_t version, cipher; chunk_t random, session, ext = chunk_empty; tls_cipher_suite_t suite = 0; @@ -434,8 +434,8 @@ static status_t process_ec_key_exchange(private_tls_peer_t *this, { diffie_hellman_group_t group; public_key_t *public; - u_int8_t type; - u_int16_t curve; + uint8_t type; + uint16_t curve; chunk_t pub, chunk; chunk = reader->peek(reader); @@ -833,7 +833,7 @@ static private_key_t *find_private_key(private_tls_peer_t *this) private_key_t *key = NULL; bio_reader_t *reader; key_type_t type; - u_int8_t cert; + uint8_t cert; if (!this->peer) { diff --git a/src/libtls/tls_protection.c b/src/libtls/tls_protection.c index e73fedc5d..cea3eca14 100644 --- a/src/libtls/tls_protection.c +++ b/src/libtls/tls_protection.c @@ -47,12 +47,12 @@ struct private_tls_protection_t { /** * Sequence number of incoming records */ - u_int64_t seq_in; + uint64_t seq_in; /** * Sequence number for outgoing records */ - u_int64_t seq_out; + uint64_t seq_out; /** * AEAD transform for inbound traffic diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c index cfbe02037..422211afa 100644 --- a/src/libtls/tls_server.c +++ b/src/libtls/tls_server.c @@ -213,7 +213,7 @@ static bool select_suite_and_key(private_tls_server_t *this, static status_t process_client_hello(private_tls_server_t *this, bio_reader_t *reader) { - u_int16_t version, extension; + uint16_t version, extension; chunk_t random, session, ciphers, compression, ext = chunk_empty; bio_reader_t *extensions; tls_cipher_suite_t *suites; @@ -304,12 +304,12 @@ static status_t process_client_hello(private_tls_server_t *this, } else { - count = ciphers.len / sizeof(u_int16_t); + count = ciphers.len / sizeof(uint16_t); suites = alloca(count * sizeof(tls_cipher_suite_t)); DBG2(DBG_TLS, "received %d TLS cipher suites:", count); for (i = 0; i < count; i++) { - suites[i] = untoh16(&ciphers.ptr[i * sizeof(u_int16_t)]); + suites[i] = untoh16(&ciphers.ptr[i * sizeof(uint16_t)]); DBG2(DBG_TLS, " %N", tls_cipher_suite_names, suites[i]); } if (!select_suite_and_key(this, suites, count)) @@ -831,7 +831,7 @@ static tls_named_curve_t ec_group_to_curve(private_tls_server_t *this, bool peer_supports_curve(private_tls_server_t *this, tls_named_curve_t curve) { bio_reader_t *reader; - u_int16_t current; + uint16_t current; if (!this->curves_received) { /* none received, assume yes */ diff --git a/src/libtnccs/Makefile.in b/src/libtnccs/Makefile.in index 85d2581a2..af02b7549 100644 --- a/src/libtnccs/Makefile.in +++ b/src/libtnccs/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -92,8 +102,6 @@ host_triplet = @host@ @USE_TNCCS_DYNAMIC_TRUE@am__append_12 = plugins/tnccs_dynamic @MONOLITHIC_TRUE@@USE_TNCCS_DYNAMIC_TRUE@am__append_13 = plugins/tnccs_dynamic/libstrongswan-tnccs-dynamic.la subdir = src/libtnccs -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -107,6 +115,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -232,6 +241,7 @@ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = . plugins/tnc_tnccs plugins/tnc_imc plugins/tnc_imv \ plugins/tnccs_11 plugins/tnccs_20 plugins/tnccs_dynamic +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -263,6 +273,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -312,6 +323,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -346,6 +358,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -457,6 +470,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -533,7 +547,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtnccs/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libtnccs/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -952,6 +965,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipseclibLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.in b/src/libtnccs/plugins/tnc_imc/Makefile.in index 963e1f0eb..d93bded57 100644 --- a/src/libtnccs/plugins/tnc_imc/Makefile.in +++ b/src/libtnccs/plugins/tnc_imc/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libtnccs/plugins/tnc_imc -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -469,7 +483,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtnccs/plugins/tnc_imc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libtnccs/plugins/tnc_imc/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -785,6 +798,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.in b/src/libtnccs/plugins/tnc_imv/Makefile.in index f77db91c4..3987e79cf 100644 --- a/src/libtnccs/plugins/tnc_imv/Makefile.in +++ b/src/libtnccs/plugins/tnc_imv/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libtnccs/plugins/tnc_imv -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -206,12 +215,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -261,6 +272,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -295,6 +307,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -406,6 +419,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -471,7 +485,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtnccs/plugins/tnc_imv/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libtnccs/plugins/tnc_imv/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -788,6 +801,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.in b/src/libtnccs/plugins/tnc_tnccs/Makefile.in index 577f53776..b4357b911 100644 --- a/src/libtnccs/plugins/tnc_tnccs/Makefile.in +++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libtnccs/plugins/tnc_tnccs -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -469,7 +483,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtnccs/plugins/tnc_tnccs/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libtnccs/plugins/tnc_tnccs/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -783,6 +796,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c b/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c index 67c33ee63..5ac2c85a5 100644 --- a/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c +++ b/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c @@ -87,7 +87,7 @@ struct tnccs_connection_entry_t { /** * Maximum size of a PA-TNC message */ - u_int32_t max_msg_len; + uint32_t max_msg_len; /** * collection of IMV recommendations @@ -199,7 +199,7 @@ METHOD(tnccs_manager_t, create_instance, tnccs_t*, METHOD(tnccs_manager_t, create_connection, TNC_ConnectionID, private_tnc_tnccs_manager_t *this, tnccs_type_t type, tnccs_t *tnccs, tnccs_send_message_t send_message, bool* request_handshake_retry, - u_int32_t max_msg_len, recommendations_t **recs) + uint32_t max_msg_len, recommendations_t **recs) { tnccs_connection_entry_t *entry; @@ -414,14 +414,14 @@ static TNC_Result bool_attribute(TNC_UInt32 buffer_len, } /** - * Write the value of an u_int32_t attribute into the buffer + * Write the value of an uint32_t attribute into the buffer */ static TNC_Result uint_attribute(TNC_UInt32 buffer_len, TNC_BufferReference buffer, TNC_UInt32 *value_len, - u_int32_t value) + uint32_t value) { - *value_len = sizeof(u_int32_t); + *value_len = sizeof(uint32_t); if (buffer && buffer_len >= *value_len) { @@ -465,7 +465,7 @@ static TNC_Result identity_attribute(TNC_UInt32 buffer_len, { bio_writer_t *writer; enumerator_t *enumerator; - u_int32_t count; + uint32_t count; chunk_t value; tncif_identity_t *tnc_id; TNC_Result result = TNC_RESULT_INVALID_PARAMETER; @@ -721,7 +721,7 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result, host_t *peer_ip; tnccs_t *tnccs; tncif_identity_t *tnc_id; - u_int32_t id_type, subject_type; + uint32_t id_type, subject_type; chunk_t id_value; char *id_str; TNC_Result result; diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.in b/src/libtnccs/plugins/tnccs_11/Makefile.in index ec5de0f11..653e1f4d4 100644 --- a/src/libtnccs/plugins/tnccs_11/Makefile.in +++ b/src/libtnccs/plugins/tnccs_11/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -83,8 +93,6 @@ host_triplet = @host@ @MONOLITHIC_FALSE@ $(top_builddir)/src/libtnccs/libtnccs.la subdir = src/libtnccs/plugins/tnccs_11 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -98,6 +106,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -215,12 +224,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -270,6 +281,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -304,6 +316,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -415,6 +428,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -484,7 +498,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtnccs/plugins/tnccs_11/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libtnccs/plugins/tnccs_11/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -844,6 +857,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libtnccs/plugins/tnccs_11/tnccs_11.c b/src/libtnccs/plugins/tnccs_11/tnccs_11.c index 0918a2bad..5c34d5748 100644 --- a/src/libtnccs/plugins/tnccs_11/tnccs_11.c +++ b/src/libtnccs/plugins/tnccs_11/tnccs_11.c @@ -79,7 +79,7 @@ struct private_tnccs_11_t { /** * Type of TNC client authentication */ - u_int32_t auth_type; + uint32_t auth_type; /** * Connection ID assigned to this TNCCS connection @@ -205,7 +205,7 @@ static void handle_message(private_tnccs_11_t *this, tnccs_msg_t *msg) imc_imv_msg_t *imc_imv_msg; TNC_MessageType msg_type; chunk_t msg_body; - u_int32_t msg_vid, msg_subtype; + uint32_t msg_vid, msg_subtype; enum_name_t *pa_subtype_names; imc_imv_msg = (imc_imv_msg_t*)msg; @@ -622,20 +622,20 @@ METHOD(tnccs_t, set_transport, void, this->transport = transport; } -METHOD(tnccs_t, get_auth_type, u_int32_t, +METHOD(tnccs_t, get_auth_type, uint32_t, private_tnccs_11_t *this) { return this->auth_type; } METHOD(tnccs_t, set_auth_type, void, - private_tnccs_11_t *this, u_int32_t auth_type) + private_tnccs_11_t *this, uint32_t auth_type) { this->auth_type = auth_type; } METHOD(tnccs_t, get_pdp_server, chunk_t, - private_tnccs_11_t *this, u_int16_t *port) + private_tnccs_11_t *this, uint16_t *port) { *port = 0; diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.in b/src/libtnccs/plugins/tnccs_20/Makefile.in index 5037a9517..1a50c7b23 100644 --- a/src/libtnccs/plugins/tnccs_20/Makefile.in +++ b/src/libtnccs/plugins/tnccs_20/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libtnccs/plugins/tnccs_20 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -218,12 +227,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -273,6 +284,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -307,6 +319,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -418,6 +431,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -497,7 +511,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtnccs/plugins/tnccs_20/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libtnccs/plugins/tnccs_20/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -926,6 +939,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c index b239c20dc..2663e3985 100644 --- a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c +++ b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c @@ -122,7 +122,7 @@ struct private_pb_tnc_batch_t { /** * Offset into encoding (used for error reporting) */ - u_int32_t offset; + uint32_t offset; }; METHOD(pb_tnc_batch_t, get_type, pb_tnc_batch_type_t, @@ -179,8 +179,8 @@ METHOD(pb_tnc_batch_t, add_msg, bool, METHOD(pb_tnc_batch_t, build, void, private_pb_tnc_batch_t *this) { - u_int8_t version; - u_int32_t msg_len; + uint8_t version; + uint32_t msg_len; chunk_t msg_value; enumerator_t *enumerator; pen_type_t msg_type; @@ -205,7 +205,7 @@ METHOD(pb_tnc_batch_t, build, void, enumerator = this->messages->create_enumerator(this->messages); while (enumerator->enumerate(enumerator, &msg)) { - u_int8_t flags = PB_TNC_FLAG_NONE; + uint8_t flags = PB_TNC_FLAG_NONE; /* build PB-TNC message */ msg_value = msg->get_encoding(msg); @@ -247,8 +247,8 @@ METHOD(pb_tnc_batch_t, process_header, status_t, bio_reader_t *reader; pb_tnc_msg_t *msg; pb_error_msg_t *err_msg; - u_int8_t version, flags, reserved, type; - u_int32_t batch_len; + uint8_t version, flags, reserved, type; + uint32_t batch_len; if (this->encoding.len < PB_TNC_BATCH_HEADER_SIZE) { @@ -324,8 +324,8 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this) bio_reader_t *reader; pb_tnc_msg_t *pb_tnc_msg, *msg; pb_tnc_msg_info_t *msg_infos; - u_int8_t flags; - u_int32_t vendor_id, msg_type, msg_len, offset; + uint8_t flags; + uint32_t vendor_id, msg_type, msg_len, offset; chunk_t data, msg_value; bool noskip_flag; enum_name_t *msg_type_names; diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.c index 5c4b5ae00..f306540e3 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.c @@ -57,7 +57,7 @@ struct private_pb_access_recommendation_msg_t { /** * Access recommendation code */ - u_int16_t recommendation; + uint16_t recommendation; /** * Encoded message @@ -95,10 +95,10 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_access_recommendation_msg_t *this, u_int32_t *offset) + private_pb_access_recommendation_msg_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int16_t reserved; + uint16_t reserved; reader = bio_reader_create(this->encoding); reader->read_uint16(reader, &reserved); @@ -124,7 +124,7 @@ METHOD(pb_tnc_msg_t, destroy, void, free(this); } -METHOD(pb_access_recommendation_msg_t, get_access_recommendation, u_int16_t, +METHOD(pb_access_recommendation_msg_t, get_access_recommendation, uint16_t, private_pb_access_recommendation_msg_t *this) { return this->recommendation; @@ -158,7 +158,7 @@ pb_tnc_msg_t *pb_access_recommendation_msg_create_from_data(chunk_t data) /** * See header */ -pb_tnc_msg_t *pb_access_recommendation_msg_create(u_int16_t recommendation) +pb_tnc_msg_t *pb_access_recommendation_msg_create(uint16_t recommendation) { private_pb_access_recommendation_msg_t *this; diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.h index d0dc6358b..84b8d1a94 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.h +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.h @@ -56,7 +56,7 @@ struct pb_access_recommendation_msg_t { * * @return PB Access Recommendation */ - u_int16_t (*get_access_recommendation)(pb_access_recommendation_msg_t *this); + uint16_t (*get_access_recommendation)(pb_access_recommendation_msg_t *this); }; /** @@ -64,7 +64,7 @@ struct pb_access_recommendation_msg_t { * * @param recommendation Access Recommendation code */ -pb_tnc_msg_t* pb_access_recommendation_msg_create(u_int16_t recommendation); +pb_tnc_msg_t* pb_access_recommendation_msg_create(uint16_t recommendation); /** * Create an unprocessed PB-Access-Recommendation message from raw data diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.c index e23493569..a4cdb7e6a 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.c @@ -53,7 +53,7 @@ struct private_pb_assessment_result_msg_t { /** * Assessment result code */ - u_int32_t assessment_result; + uint32_t assessment_result; /** * Encoded message @@ -90,7 +90,7 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_assessment_result_msg_t *this, u_int32_t *offset) + private_pb_assessment_result_msg_t *this, uint32_t *offset) { bio_reader_t *reader; @@ -117,7 +117,7 @@ METHOD(pb_tnc_msg_t, destroy, void, free(this); } -METHOD(pb_assessment_result_msg_t, get_assessment_result, u_int32_t, +METHOD(pb_assessment_result_msg_t, get_assessment_result, uint32_t, private_pb_assessment_result_msg_t *this) { return this->assessment_result; @@ -151,7 +151,7 @@ pb_tnc_msg_t *pb_assessment_result_msg_create_from_data(chunk_t data) /** * See header */ -pb_tnc_msg_t *pb_assessment_result_msg_create(u_int32_t assessment_result) +pb_tnc_msg_t *pb_assessment_result_msg_create(uint32_t assessment_result) { private_pb_assessment_result_msg_t *this; diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.h index 11cfdbef2..25f9f9fab 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.h +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.h @@ -40,7 +40,7 @@ struct pb_assessment_result_msg_t { * * @return PB Assessment result */ - u_int32_t (*get_assessment_result)(pb_assessment_result_msg_t *this); + uint32_t (*get_assessment_result)(pb_assessment_result_msg_t *this); }; /** @@ -48,7 +48,7 @@ struct pb_assessment_result_msg_t { * * @param assessment_result Assessment result code */ -pb_tnc_msg_t* pb_assessment_result_msg_create(u_int32_t assessment_result); +pb_tnc_msg_t* pb_assessment_result_msg_create(uint32_t assessment_result); /** * Create an unprocessed PB-Assessment-Result message from raw data diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.c index d9910f660..05621b7cb 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.c @@ -75,22 +75,22 @@ struct private_pb_error_msg_t { /** * PB Error Code Vendor ID */ - u_int32_t vendor_id; + uint32_t vendor_id; /** * PB Error Code */ - u_int16_t error_code; + uint16_t error_code; /** * PB Error Offset */ - u_int32_t error_offset; + uint32_t error_offset; /** * Bad PB-TNC version received */ - u_int8_t bad_version; + uint8_t bad_version; /** * Encoded message @@ -153,10 +153,10 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_error_msg_t *this, u_int32_t *offset) + private_pb_error_msg_t *this, uint32_t *offset) { - u_int8_t flags, max_version, min_version; - u_int16_t reserved; + uint8_t flags, max_version, min_version; + uint16_t reserved; bio_reader_t *reader; if (this->encoding.len < ERROR_HEADER_SIZE) @@ -216,32 +216,32 @@ METHOD(pb_error_msg_t, get_fatal_flag, bool, return this->fatal; } -METHOD(pb_error_msg_t, get_vendor_id, u_int32_t, +METHOD(pb_error_msg_t, get_vendor_id, uint32_t, private_pb_error_msg_t *this) { return this->vendor_id; } -METHOD(pb_error_msg_t, get_error_code, u_int16_t, +METHOD(pb_error_msg_t, get_error_code, uint16_t, private_pb_error_msg_t *this) { return this->error_code; } -METHOD(pb_error_msg_t, get_offset, u_int32_t, +METHOD(pb_error_msg_t, get_offset, uint32_t, private_pb_error_msg_t *this) { return this->error_offset; } -METHOD(pb_error_msg_t, get_bad_version, u_int8_t, +METHOD(pb_error_msg_t, get_bad_version, uint8_t, private_pb_error_msg_t *this) { return this->bad_version; } METHOD(pb_error_msg_t, set_bad_version, void, - private_pb_error_msg_t *this, u_int8_t version) + private_pb_error_msg_t *this, uint8_t version) { this->bad_version = version; } @@ -249,7 +249,7 @@ METHOD(pb_error_msg_t, set_bad_version, void, /** * See header */ -pb_tnc_msg_t* pb_error_msg_create(bool fatal, u_int32_t vendor_id, +pb_tnc_msg_t* pb_error_msg_create(bool fatal, uint32_t vendor_id, pb_tnc_error_code_t error_code) { private_pb_error_msg_t *this; @@ -284,9 +284,9 @@ pb_tnc_msg_t* pb_error_msg_create(bool fatal, u_int32_t vendor_id, /** * See header */ -pb_tnc_msg_t* pb_error_msg_create_with_offset(bool fatal, u_int32_t vendor_id, +pb_tnc_msg_t* pb_error_msg_create_with_offset(bool fatal, uint32_t vendor_id, pb_tnc_error_code_t error_code, - u_int32_t error_offset) + uint32_t error_offset) { private_pb_error_msg_t *this; diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.h index 9c0ad82a6..34fc20886 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.h +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.h @@ -64,35 +64,35 @@ struct pb_error_msg_t { * * @return PB Error Code Vendor ID */ - u_int32_t (*get_vendor_id)(pb_error_msg_t *this); + uint32_t (*get_vendor_id)(pb_error_msg_t *this); /** * Get PB Error Code * * @return PB Error Code */ - u_int16_t (*get_error_code)(pb_error_msg_t *this); + uint16_t (*get_error_code)(pb_error_msg_t *this); /** * Get the PB Error Offset * * @return PB Error Offset */ - u_int32_t (*get_offset)(pb_error_msg_t *this); + uint32_t (*get_offset)(pb_error_msg_t *this); /** * Get the PB Bad Version * * @return PB Bad Version */ - u_int8_t (*get_bad_version)(pb_error_msg_t *this); + uint8_t (*get_bad_version)(pb_error_msg_t *this); /** * Set the PB Bad Version * * @param version PB Bad Version */ - void (*set_bad_version)(pb_error_msg_t *this, u_int8_t version); + void (*set_bad_version)(pb_error_msg_t *this, uint8_t version); }; /** @@ -102,7 +102,7 @@ struct pb_error_msg_t { * @param vendor_id Error Code Vendor ID * @param error_code Error Code */ -pb_tnc_msg_t* pb_error_msg_create(bool fatal, u_int32_t vendor_id, +pb_tnc_msg_t* pb_error_msg_create(bool fatal, uint32_t vendor_id, pb_tnc_error_code_t error_code); /** @@ -113,9 +113,9 @@ pb_tnc_msg_t* pb_error_msg_create(bool fatal, u_int32_t vendor_id, * @param error_code Error Code * @param error_offset Error Offset */ -pb_tnc_msg_t* pb_error_msg_create_with_offset(bool fatal, u_int32_t vendor_id, +pb_tnc_msg_t* pb_error_msg_create_with_offset(bool fatal, uint32_t vendor_id, pb_tnc_error_code_t error_code, - u_int32_t error_offset); + uint32_t error_offset); /** * Create an unprocessed PB-Error message from raw data diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_experimental_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_experimental_msg.c index c6290887c..da834ab67 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_experimental_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_experimental_msg.c @@ -57,7 +57,7 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_experimental_msg_t *this, u_int32_t *offset) + private_pb_experimental_msg_t *this, uint32_t *offset) { return SUCCESS; } diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_language_preference_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_language_preference_msg.c index f14f28980..1a288abb5 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_language_preference_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_language_preference_msg.c @@ -85,7 +85,7 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_language_preference_msg_t *this, u_int32_t *offset) + private_pb_language_preference_msg_t *this, uint32_t *offset) { chunk_t lang; diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c index 263af3224..2c7aa8965 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c @@ -75,12 +75,12 @@ struct private_pb_pa_msg_t { /** * Posture Validator Identifier */ - u_int16_t collector_id; + uint16_t collector_id; /** * Posture Validator Identifier */ - u_int16_t validator_id; + uint16_t validator_id; /** * PA Message Body @@ -131,9 +131,9 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_pa_msg_t *this, u_int32_t *offset) + private_pb_pa_msg_t *this, uint32_t *offset) { - u_int8_t flags; + uint8_t flags; size_t msg_body_len; bio_reader_t *reader; @@ -186,13 +186,13 @@ METHOD(pb_pa_msg_t, get_subtype, pen_type_t, return this->subtype; } -METHOD(pb_pa_msg_t, get_collector_id, u_int16_t, +METHOD(pb_pa_msg_t, get_collector_id, uint16_t, private_pb_pa_msg_t *this) { return this->collector_id; } -METHOD(pb_pa_msg_t, get_validator_id, u_int16_t, +METHOD(pb_pa_msg_t, get_validator_id, uint16_t, private_pb_pa_msg_t *this) { return this->validator_id; @@ -241,8 +241,8 @@ pb_tnc_msg_t *pb_pa_msg_create_from_data(chunk_t data) /** * See header */ -pb_tnc_msg_t *pb_pa_msg_create(u_int32_t vendor_id, u_int32_t subtype, - u_int16_t collector_id, u_int16_t validator_id, +pb_tnc_msg_t *pb_pa_msg_create(uint32_t vendor_id, uint32_t subtype, + uint16_t collector_id, uint16_t validator_id, bool excl, chunk_t msg_body) { private_pb_pa_msg_t *this; diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h index f3b6b1518..f73f11627 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h @@ -51,14 +51,14 @@ struct pb_pa_msg_t { * * @return Posture Collector ID */ - u_int16_t (*get_collector_id)(pb_pa_msg_t *this); + uint16_t (*get_collector_id)(pb_pa_msg_t *this); /** * Get Posture Validator ID * * @return Posture Validator ID */ - u_int16_t (*get_validator_id)(pb_pa_msg_t *this); + uint16_t (*get_validator_id)(pb_pa_msg_t *this); /** * Get the PA Message Body @@ -86,8 +86,8 @@ struct pb_pa_msg_t { * @param excl Exclusive Flag * @param msg_body PA Message Body */ -pb_tnc_msg_t *pb_pa_msg_create(u_int32_t vendor_id, u_int32_t subtype, - u_int16_t collector_id, u_int16_t validator_id, +pb_tnc_msg_t *pb_pa_msg_create(uint32_t vendor_id, uint32_t subtype, + uint16_t collector_id, uint16_t validator_id, bool excl, chunk_t msg_body); /** diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_reason_string_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_reason_string_msg.c index cafc4ec54..25291d581 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_reason_string_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_reason_string_msg.c @@ -97,7 +97,7 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_reason_string_msg_t *this, u_int32_t *offset) + private_pb_reason_string_msg_t *this, uint32_t *offset) { bio_reader_t *reader; diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_remediation_parameters_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_remediation_parameters_msg.c index 8dc590657..9eae707a5 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_remediation_parameters_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_remediation_parameters_msg.c @@ -123,10 +123,10 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_remediation_parameters_msg_t *this, u_int32_t *offset) + private_pb_remediation_parameters_msg_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int8_t reserved; + uint8_t reserved; status_t status = SUCCESS; u_char *pos; diff --git a/src/libtnccs/plugins/tnccs_20/messages/ita/pb_mutual_capability_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ita/pb_mutual_capability_msg.c index 1f35cae6b..c31752019 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ita/pb_mutual_capability_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ita/pb_mutual_capability_msg.c @@ -95,7 +95,7 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_mutual_capability_msg_t *this, u_int32_t *offset) + private_pb_mutual_capability_msg_t *this, uint32_t *offset) { bio_reader_t *reader; diff --git a/src/libtnccs/plugins/tnccs_20/messages/ita/pb_noskip_test_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ita/pb_noskip_test_msg.c index c95222e3a..4e8be79f2 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ita/pb_noskip_test_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ita/pb_noskip_test_msg.c @@ -57,7 +57,7 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_noskip_test_msg_t *this, u_int32_t *offset) + private_pb_noskip_test_msg_t *this, uint32_t *offset) { return SUCCESS; } diff --git a/src/libtnccs/plugins/tnccs_20/messages/pb_tnc_msg.h b/src/libtnccs/plugins/tnccs_20/messages/pb_tnc_msg.h index 395284366..cfa92aa74 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/pb_tnc_msg.h +++ b/src/libtnccs/plugins/tnccs_20/messages/pb_tnc_msg.h @@ -82,7 +82,7 @@ extern enum_name_t *pb_tnc_ita_msg_type_names; * Information entry describing a PB-TNC Message Type */ struct pb_tnc_msg_info_t { - u_int32_t min_size; + uint32_t min_size; bool exact_size; bool in_result_batch; signed char has_noskip_flag; @@ -138,7 +138,7 @@ struct pb_tnc_msg_t { * @param relative offset where an error occurred * @return return processing status */ - status_t (*process)(pb_tnc_msg_t *this, u_int32_t *offset); + status_t (*process)(pb_tnc_msg_t *this, uint32_t *offset); /** * Get a new reference to the message. diff --git a/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.c b/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.c index 1c8538e6b..7c518e8d5 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.c @@ -117,12 +117,12 @@ struct private_pb_pdp_referral_msg_t { /** * PT protocol the PDP is using */ - u_int8_t protocol; + uint8_t protocol; /** * PT port the PDP is using */ - u_int16_t port; + uint16_t port; /** * Encoded message @@ -163,10 +163,10 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_pdp_referral_msg_t *this, u_int32_t *offset) + private_pb_pdp_referral_msg_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int8_t reserved; + uint8_t reserved; *offset = 0; @@ -223,7 +223,7 @@ METHOD(pb_pdp_referral_msg_t, get_identifier, chunk_t, } METHOD(pb_pdp_referral_msg_t, get_fqdn, chunk_t, - private_pb_pdp_referral_msg_t *this, u_int8_t *protocol, u_int16_t *port) + private_pb_pdp_referral_msg_t *this, uint8_t *protocol, uint16_t *port) { if (protocol) { @@ -267,7 +267,7 @@ pb_tnc_msg_t* pb_pdp_referral_msg_create(pen_type_t identifier_type, /** * See header */ -pb_tnc_msg_t* pb_pdp_referral_msg_create_from_fqdn(chunk_t fqdn, u_int16_t port) +pb_tnc_msg_t* pb_pdp_referral_msg_create_from_fqdn(chunk_t fqdn, uint16_t port) { pb_tnc_msg_t *msg; bio_writer_t *writer; diff --git a/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.h b/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.h index b225f3381..0923c8ba4 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.h +++ b/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.h @@ -74,8 +74,8 @@ struct pb_pdp_referral_msg_t { * @param port PT port the PDP is listening on * @return Fully Qualified Domain Name of PDP */ - chunk_t (*get_fqdn)(pb_pdp_referral_msg_t *this, u_int8_t *protocol, - u_int16_t *port); + chunk_t (*get_fqdn)(pb_pdp_referral_msg_t *this, uint8_t *protocol, + uint16_t *port); }; @@ -94,7 +94,7 @@ pb_tnc_msg_t* pb_pdp_referral_msg_create(pen_type_t identifier_type, * @param fqdn Fully Qualified Domain Name of PDP * @param port PT-TLS port the PDP is listening on */ -pb_tnc_msg_t* pb_pdp_referral_msg_create_from_fqdn(chunk_t fqdn, u_int16_t port); +pb_tnc_msg_t* pb_pdp_referral_msg_create_from_fqdn(chunk_t fqdn, uint16_t port); /** * Create an unprocessed PB-PDP-Referral message from raw data diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20.c b/src/libtnccs/plugins/tnccs_20/tnccs_20.c index 35d297842..041faa389 100644 --- a/src/libtnccs/plugins/tnccs_20/tnccs_20.c +++ b/src/libtnccs/plugins/tnccs_20/tnccs_20.c @@ -77,7 +77,7 @@ struct private_tnccs_20_t { /** * Type of TNC client authentication */ - u_int32_t auth_type; + uint32_t auth_type; /** * Mutual PB-TNC protocol enabled @@ -423,20 +423,20 @@ METHOD(tnccs_t, set_transport, void, this->transport = transport; } -METHOD(tnccs_t, get_auth_type, u_int32_t, +METHOD(tnccs_t, get_auth_type, uint32_t, private_tnccs_20_t *this) { return this->auth_type; } METHOD(tnccs_t, set_auth_type, void, - private_tnccs_20_t *this, u_int32_t auth_type) + private_tnccs_20_t *this, uint32_t auth_type) { this->auth_type = auth_type; } METHOD(tnccs_t, get_pdp_server, chunk_t, - private_tnccs_20_t *this, u_int16_t *port) + private_tnccs_20_t *this, uint16_t *port) { if (this->tnc_client) { diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20_client.c b/src/libtnccs/plugins/tnccs_20/tnccs_20_client.c index 4ba8221d0..04e404225 100644 --- a/src/libtnccs/plugins/tnccs_20/tnccs_20_client.c +++ b/src/libtnccs/plugins/tnccs_20/tnccs_20_client.c @@ -104,7 +104,7 @@ struct private_tnccs_20_client_t { /** * PDP server port */ - u_int16_t pdp_port; + uint16_t pdp_port; /** * Mutual PB-TNC protocol enabled @@ -124,8 +124,8 @@ struct private_tnccs_20_client_t { void tnccs_20_handle_ietf_error_msg(pb_tnc_msg_t *msg, bool *fatal_error) { pb_error_msg_t *err_msg; - u_int32_t vendor_id; - u_int16_t error_code; + uint32_t vendor_id; + uint16_t error_code; bool fatal; err_msg = (pb_error_msg_t*)msg; @@ -238,7 +238,7 @@ static void handle_ietf_message(private_tnccs_20_client_t *this, pb_tnc_msg_t *m { pb_pa_msg_t *pa_msg; pen_type_t msg_subtype; - u_int16_t imc_id, imv_id; + uint16_t imc_id, imv_id; chunk_t msg_body; bool excl; enum_name_t *pa_subtype_names; @@ -274,7 +274,7 @@ static void handle_ietf_message(private_tnccs_20_client_t *this, pb_tnc_msg_t *m case PB_MSG_ASSESSMENT_RESULT: { pb_assessment_result_msg_t *assess_msg; - u_int32_t result; + uint32_t result; assess_msg = (pb_assessment_result_msg_t*)msg; result = assess_msg->get_assessment_result(assess_msg); @@ -375,7 +375,7 @@ static void handle_tcg_message(private_tnccs_20_client_t *this, pb_tnc_msg_t *ms { pb_pdp_referral_msg_t *pdp_msg; pen_type_t pdp_id_type; - u_int8_t pdp_protocol; + uint8_t pdp_protocol; pdp_msg = (pb_pdp_referral_msg_t*)msg; pdp_id_type = pdp_msg->get_identifier_type(pdp_msg); @@ -765,7 +765,7 @@ METHOD(tnccs_20_handler_t, destroy, void, } METHOD(tnccs_20_client_t, get_pdp_server, chunk_t, - private_tnccs_20_client_t *this, u_int16_t *port) + private_tnccs_20_client_t *this, uint16_t *port) { *port = this->pdp_port; diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20_client.h b/src/libtnccs/plugins/tnccs_20/tnccs_20_client.h index 7a5f33ebc..3b34638a8 100644 --- a/src/libtnccs/plugins/tnccs_20/tnccs_20_client.h +++ b/src/libtnccs/plugins/tnccs_20/tnccs_20_client.h @@ -45,7 +45,7 @@ struct tnccs_20_client_t { * @param port PT-TLS port of the PDP server * @return FQDN of PDP server */ - chunk_t (*get_pdp_server)(tnccs_20_client_t *this, u_int16_t *port); + chunk_t (*get_pdp_server)(tnccs_20_client_t *this, uint16_t *port); }; diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c b/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c index 038fc178b..86ae1c099 100644 --- a/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c +++ b/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c @@ -166,7 +166,7 @@ static void handle_ietf_message(private_tnccs_20_server_t *this, pb_tnc_msg_t *m { pb_pa_msg_t *pa_msg; pen_type_t msg_subtype; - u_int16_t imc_id, imv_id; + uint16_t imc_id, imv_id; chunk_t msg_body; bool excl; enum_name_t *pa_subtype_names; @@ -531,14 +531,14 @@ METHOD(tnccs_20_handler_t, begin_handshake, void, { pb_tnc_msg_t *msg; identification_t *pdp_server; - u_int16_t *pdp_port; + uint16_t *pdp_port; tnc->imvs->notify_connection_change(tnc->imvs, this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE); /* Send a PB-TNC TCG PDP Referral message if PDP is known */ pdp_server = (identification_t*)lib->get(lib, "pt-tls-server"); - pdp_port = (u_int16_t*)lib->get(lib, "pt-tls-port"); + pdp_port = (uint16_t*)lib->get(lib, "pt-tls-port"); if (this->eap_transport && pdp_server && pdp_port) { diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in index 949532a09..59efdbb9b 100644 --- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in +++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libtnccs/plugins/tnccs_dynamic -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -468,7 +482,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtnccs/plugins/tnccs_dynamic/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libtnccs/plugins/tnccs_dynamic/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -782,6 +795,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libtnccs/plugins/tnccs_dynamic/tnccs_dynamic.c b/src/libtnccs/plugins/tnccs_dynamic/tnccs_dynamic.c index 44b804fb2..c366e77ab 100644 --- a/src/libtnccs/plugins/tnccs_dynamic/tnccs_dynamic.c +++ b/src/libtnccs/plugins/tnccs_dynamic/tnccs_dynamic.c @@ -64,7 +64,7 @@ struct private_tnccs_dynamic_t { /** * Type of TNC client authentication */ - u_int32_t auth_type; + uint32_t auth_type; /** * Callback function to communicate recommendation (TNC Server only) @@ -223,20 +223,20 @@ METHOD(tnccs_t, set_transport, void, this->transport = transport; } -METHOD(tnccs_t, get_auth_type, u_int32_t, +METHOD(tnccs_t, get_auth_type, uint32_t, private_tnccs_dynamic_t *this) { return this->auth_type; } METHOD(tnccs_t, set_auth_type, void, - private_tnccs_dynamic_t *this, u_int32_t auth_type) + private_tnccs_dynamic_t *this, uint32_t auth_type) { this->auth_type = auth_type; } METHOD(tnccs_t, get_pdp_server, chunk_t, - private_tnccs_dynamic_t *this, u_int16_t *port) + private_tnccs_dynamic_t *this, uint16_t *port) { tnccs_t *tnccs = (tnccs_t*)this->tls; diff --git a/src/libtnccs/tnc/tnccs/tnccs.h b/src/libtnccs/tnc/tnccs/tnccs.h index 8ff295bcc..d367a15a7 100644 --- a/src/libtnccs/tnc/tnccs/tnccs.h +++ b/src/libtnccs/tnc/tnccs/tnccs.h @@ -119,14 +119,14 @@ struct tnccs_t { * * @return TNC Client authentication type */ - u_int32_t (*get_auth_type)(tnccs_t *this); + uint32_t (*get_auth_type)(tnccs_t *this); /** * Set type of TNC Client authentication * * @param auth_type TNC Client authentication type */ - void (*set_auth_type)(tnccs_t *this, u_int32_t auth_type); + void (*set_auth_type)(tnccs_t *this, uint32_t auth_type); /** * Get PDP server name and port number @@ -134,7 +134,7 @@ struct tnccs_t { * @param port PDP port number * @return PDP server name */ - chunk_t (*get_pdp_server)(tnccs_t *this, u_int16_t *port); + chunk_t (*get_pdp_server)(tnccs_t *this, uint16_t *port); /** * Get a new reference to the TNCCS object. diff --git a/src/libtnccs/tnc/tnccs/tnccs_manager.h b/src/libtnccs/tnc/tnccs/tnccs_manager.h index b5c85f3c0..bd1573f7b 100644 --- a/src/libtnccs/tnc/tnccs/tnccs_manager.h +++ b/src/libtnccs/tnc/tnccs/tnccs_manager.h @@ -87,7 +87,7 @@ struct tnccs_manager_t { tnccs_type_t type, tnccs_t *tnccs, tnccs_send_message_t send_message, bool *request_handshake_retry, - u_int32_t max_msg_len, + uint32_t max_msg_len, recommendations_t **recs); /** diff --git a/src/libtncif/Makefile.in b/src/libtncif/Makefile.in index 4be7ae1a8..9d7ba9a1a 100644 --- a/src/libtncif/Makefile.in +++ b/src/libtncif/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libtncif -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -167,12 +176,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -222,6 +233,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -256,6 +268,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -367,6 +380,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -422,7 +436,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtncif/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libtncif/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -699,6 +712,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libtncif/tncif_identity.c b/src/libtncif/tncif_identity.c index 7ee215c77..5eecb9cca 100644 --- a/src/libtncif/tncif_identity.c +++ b/src/libtncif/tncif_identity.c @@ -121,8 +121,8 @@ METHOD(tncif_identity_t, build, void, METHOD(tncif_identity_t, process, bool, private_tncif_identity_t *this, bio_reader_t *reader) { - u_int8_t reserved; - u_int32_t vendor_id, type; + uint8_t reserved; + uint32_t vendor_id, type; chunk_t identity_value; if (reader->remaining(reader) < TNCIF_IDENTITY_MIN_SIZE) diff --git a/src/libtpmtss/Makefile.am b/src/libtpmtss/Makefile.am new file mode 100644 index 000000000..8fcb44f6a --- /dev/null +++ b/src/libtpmtss/Makefile.am @@ -0,0 +1,25 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan + +AM_LDFLAGS = \ + -no-undefined + +ipseclib_LTLIBRARIES = libtpmtss.la +libtpmtss_la_SOURCES = \ + tpm_tss.h tpm_tss.c \ + tpm_tss_quote_info.h tpm_tss_quote_info.c \ + tpm_tss_trousers.h tpm_tss_trousers.c \ + tpm_tss_tss2.h tpm_tss_tss2.c \ + tpm_tss_tss2_names.h tpm_tss_tss2_names.c + +libtpmtss_la_LIBADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la + +if USE_TSS2 +libtpmtss_la_LIBADD += -ltctisocket -ltss2 +endif + +if USE_TROUSERS +libtpmtss_la_LIBADD += -ltspi +endif + diff --git a/src/libtpmtss/Makefile.in b/src/libtpmtss/Makefile.in new file mode 100644 index 000000000..fcee04fc3 --- /dev/null +++ b/src/libtpmtss/Makefile.in @@ -0,0 +1,788 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +@USE_TSS2_TRUE@am__append_1 = -ltctisocket -ltss2 +@USE_TROUSERS_TRUE@am__append_2 = -ltspi +subdir = src/libtpmtss +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(ipseclibdir)" +LTLIBRARIES = $(ipseclib_LTLIBRARIES) +am__DEPENDENCIES_1 = +libtpmtss_la_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +am_libtpmtss_la_OBJECTS = tpm_tss.lo tpm_tss_quote_info.lo \ + tpm_tss_trousers.lo tpm_tss_tss2.lo tpm_tss_tss2_names.lo +libtpmtss_la_OBJECTS = $(am_libtpmtss_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(libtpmtss_la_SOURCES) +DIST_SOURCES = $(libtpmtss_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATOMICLIB = @ATOMICLIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +RUBYINCLUDE = @RUBYINCLUDE@ +RUBYLIB = @RUBYLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan + +AM_LDFLAGS = \ + -no-undefined + +ipseclib_LTLIBRARIES = libtpmtss.la +libtpmtss_la_SOURCES = \ + tpm_tss.h tpm_tss.c \ + tpm_tss_quote_info.h tpm_tss_quote_info.c \ + tpm_tss_trousers.h tpm_tss_trousers.c \ + tpm_tss_tss2.h tpm_tss_tss2.c \ + tpm_tss_tss2_names.h tpm_tss_tss2_names.c + +libtpmtss_la_LIBADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(am__append_1) $(am__append_2) +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtpmtss/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libtpmtss/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +install-ipseclibLTLIBRARIES: $(ipseclib_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(ipseclibdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(ipseclibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(ipseclibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(ipseclibdir)"; \ + } + +uninstall-ipseclibLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(ipseclibdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(ipseclibdir)/$$f"; \ + done + +clean-ipseclibLTLIBRARIES: + -test -z "$(ipseclib_LTLIBRARIES)" || rm -f $(ipseclib_LTLIBRARIES) + @list='$(ipseclib_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +libtpmtss.la: $(libtpmtss_la_OBJECTS) $(libtpmtss_la_DEPENDENCIES) $(EXTRA_libtpmtss_la_DEPENDENCIES) + $(AM_V_CCLD)$(LINK) -rpath $(ipseclibdir) $(libtpmtss_la_OBJECTS) $(libtpmtss_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_quote_info.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_trousers.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2_names.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(ipseclibdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-ipseclibLTLIBRARIES clean-libtool \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-ipseclibLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-ipseclibLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-ipseclibLTLIBRARIES clean-libtool cscopelist-am ctags \ + ctags-am distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-ipseclibLTLIBRARIES install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ + uninstall-ipseclibLTLIBRARIES + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libtpmtss/tpm_tss.c b/src/libtpmtss/tpm_tss.c new file mode 100644 index 000000000..b7b970c8d --- /dev/null +++ b/src/libtpmtss/tpm_tss.c @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tpm_tss.h" +#include "tpm_tss_tss2.h" +#include "tpm_tss_trousers.h" + +/** + * Described in header. + */ +void libtpmtss_init(void) +{ + /* empty */ +} + +typedef tpm_tss_t*(*tpm_tss_create)(); + +/** + * See header. + */ +tpm_tss_t *tpm_tss_probe(tpm_version_t version) +{ + tpm_tss_create stacks[] = { + tpm_tss_tss2_create, + tpm_tss_trousers_create, + }; + tpm_tss_t *tpm; + int i; + + for (i = 0; i < countof(stacks); i++) + { + tpm = stacks[i](); + if (tpm) + { + if (version == TPM_VERSION_ANY || version == tpm->get_version(tpm)) + { + return tpm; + } + } + } + return NULL; +} diff --git a/src/libtpmtss/tpm_tss.h b/src/libtpmtss/tpm_tss.h new file mode 100644 index 000000000..4f4b9e2cf --- /dev/null +++ b/src/libtpmtss/tpm_tss.h @@ -0,0 +1,140 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup libtpmtss libtpmtss + * + * @addtogroup libtpmtss + * @{ + */ + +#ifndef TPM_TSS_H_ +#define TPM_TSS_H_ + +#include "tpm_tss_quote_info.h" + +#include +#include + +typedef enum tpm_version_t tpm_version_t; +typedef struct tpm_tss_t tpm_tss_t; + +/** + * TPM Versions + */ +enum tpm_version_t { + TPM_VERSION_ANY, + TPM_VERSION_1_2, + TPM_VERSION_2_0, +}; + +/** + * TPM access via TSS public interface + */ +struct tpm_tss_t { + + /** + * Get TPM version supported by TSS + * + * @return TPM version + */ + tpm_version_t (*get_version)(tpm_tss_t *this); + + /** + * Get TPM version info (TPM 1.2 only) + * + * @return TPM version info struct + */ + chunk_t (*get_version_info)(tpm_tss_t *this); + + /** + * Generate AIK key pair bound to TPM (TPM 1.2 only) + * + * @param ca_modulus RSA modulus of CA public key + * @param aik_blob AIK private key blob + * @param aik_pubkey AIK public key + * @return TRUE if AIK key generation succeeded + */ + bool (*generate_aik)(tpm_tss_t *this, chunk_t ca_modulus, + chunk_t *aik_blob, chunk_t *aik_pubkey, + chunk_t *identity_req); + + /** + * Get public key from TPM using its object handle (TPM 2.0 only) + * + * @param handle key object handle + * @return public key in PKCS#1 format + */ + chunk_t (*get_public)(tpm_tss_t *this, uint32_t handle); + + /** + * Retrieve the current value of a PCR register in a given PCR bank + * + * @param pcr_num PCR number + * @param pcr_value PCR value returned + * @param alg hash algorithm, selects PCR bank (TPM 2.0 only) + * @return TRUE if PCR value retrieval succeeded + */ + bool (*read_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value, + hash_algorithm_t alg); + + /** + * Extend a PCR register in a given PCR bank with a hash value + * + * @param pcr_num PCR number + * @param pcr_value extended PCR value returned + * @param hash data to be extended into the PCR + * @param alg hash algorithm, selects PCR bank (TPM 2.0 only) + * @return TRUE if PCR extension succeeded + */ + bool (*extend_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value, + chunk_t data, hash_algorithm_t alg); + + /** + * Do a quote signature over a selection of PCR registers + * + * @param aik_handle object handle of AIK to be used for quote signature + * @param pcr_sel selection of PCR registers + * @param alg hash algorithm to be used for quote signature + * @param data additional data to be hashed into the quote + * @param quote_mode define current and legacy TPM quote modes + * @param quote_info returns various info covered by quote signature + * @param quote_sig returns quote signature + * @return TRUE if quote signature succeeded + */ + bool (*quote)(tpm_tss_t *this, uint32_t aik_handle, uint32_t pcr_sel, + hash_algorithm_t alg, chunk_t data, + tpm_quote_mode_t *quote_mode, + tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig); + + /** + * Destroy a tpm_tss_t. + */ + void (*destroy)(tpm_tss_t *this); +}; + +/** + * Create a tpm_tss instance. + * + * @param version TPM version that must be supported by TSS + */ +tpm_tss_t *tpm_tss_probe(tpm_version_t version); + +/** + * Dummy libtpmtss initialization function needed for integrity test + */ +void libtpmtss_init(void); + +#endif /** TPM_TSS_H_ @}*/ diff --git a/src/libtpmtss/tpm_tss_quote_info.c b/src/libtpmtss/tpm_tss_quote_info.c new file mode 100644 index 000000000..0341738e0 --- /dev/null +++ b/src/libtpmtss/tpm_tss_quote_info.c @@ -0,0 +1,330 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +#include + +#ifndef TPM_TAG_QUOTE_INFO2 +#define TPM_TAG_QUOTE_INFO2 0x0036 +#endif +#ifndef TPM_LOC_ZERO +#define TPM_LOC_ZERO 0x01 +#endif + +typedef struct private_tpm_tss_quote_info_t private_tpm_tss_quote_info_t; + +/** + * Private data of an tpm_tss_quote_info_t object. + */ +struct private_tpm_tss_quote_info_t { + + /** + * Public tpm_tss_quote_info_t interface. + */ + tpm_tss_quote_info_t public; + + /** + * TPM Quote Mode + */ + tpm_quote_mode_t quote_mode; + + /** + * TPM Qualified Signer + */ + chunk_t qualified_signer; + + /** + * TPM Clock Info + */ + chunk_t clock_info; + + /** + * TPM Version Info + */ + chunk_t version_info; + + /** + * TPM PCR Selection + */ + chunk_t pcr_select; + + /** + * TPM PCR Composite Hash + */ + chunk_t pcr_digest; + + /** + * TPM PCR Composite Hash algorithm + */ + hash_algorithm_t pcr_digest_alg; + + /** + * Reference count + */ + refcount_t ref; + +}; + +METHOD(tpm_tss_quote_info_t, get_quote_mode, tpm_quote_mode_t, + private_tpm_tss_quote_info_t *this) +{ + return this->quote_mode; +} + +METHOD(tpm_tss_quote_info_t, get_pcr_digest_alg, hash_algorithm_t, + private_tpm_tss_quote_info_t *this) +{ + return this->pcr_digest_alg; +} + +METHOD(tpm_tss_quote_info_t, get_pcr_digest, chunk_t, + private_tpm_tss_quote_info_t *this) +{ + return this->pcr_digest; +} + +METHOD(tpm_tss_quote_info_t, get_quote, bool, + private_tpm_tss_quote_info_t *this, chunk_t nonce, + tpm_tss_pcr_composite_t *composite, chunk_t *quoted) +{ + chunk_t pcr_composite, pcr_digest; + bio_writer_t *writer; + hasher_t *hasher; + bool equal_digests; + + /* Construct PCR Composite */ + writer = bio_writer_create(32); + + switch (this->quote_mode) + { + case TPM_QUOTE: + case TPM_QUOTE2: + case TPM_QUOTE2_VERSION_INFO: + writer->write_data16(writer, composite->pcr_select); + writer->write_data32(writer, composite->pcr_composite); + + break; + case TPM_QUOTE_TPM2: + writer->write_data(writer, composite->pcr_composite); + break; + case TPM_QUOTE_NONE: + break; + } + + pcr_composite = writer->extract_buf(writer); + writer->destroy(writer); + + DBG2(DBG_PTS, "constructed PCR Composite: %B", &pcr_composite); + + /* Compute PCR Composite Hash */ + hasher = lib->crypto->create_hasher(lib->crypto, this->pcr_digest_alg); + if (!hasher || !hasher->allocate_hash(hasher, pcr_composite, &pcr_digest)) + { + DESTROY_IF(hasher); + chunk_free(&pcr_composite); + return FALSE; + } + hasher->destroy(hasher); + chunk_free(&pcr_composite); + + DBG2(DBG_PTS, "constructed PCR Composite digest: %B", &pcr_digest); + + equal_digests = chunk_equals(pcr_digest, this->pcr_digest); + + /* Construct Quote Info */ + writer = bio_writer_create(32); + + switch (this->quote_mode) + { + case TPM_QUOTE: + /* Version number */ + writer->write_data(writer, chunk_from_chars(1, 1, 0, 0)); + + /* Magic QUOT value */ + writer->write_data(writer, chunk_from_str("QUOT")); + + /* PCR Composite Hash */ + writer->write_data(writer, pcr_digest); + + /* Secret assessment value 20 bytes (nonce) */ + writer->write_data(writer, nonce); + break; + case TPM_QUOTE2: + case TPM_QUOTE2_VERSION_INFO: + /* TPM Structure Tag */ + writer->write_uint16(writer, TPM_TAG_QUOTE_INFO2); + + /* Magic QUT2 value */ + writer->write_data(writer, chunk_from_str("QUT2")); + + /* Secret assessment value 20 bytes (nonce) */ + writer->write_data(writer, nonce); + + /* PCR selection */ + writer->write_data16(writer, composite->pcr_select); + + /* TPM Locality Selection */ + writer->write_uint8(writer, TPM_LOC_ZERO); + + /* PCR Composite Hash */ + writer->write_data(writer, pcr_digest); + + if (this->quote_mode == TPM_QUOTE2_VERSION_INFO) + { + /* TPM version Info */ + writer->write_data(writer, this->version_info); + } + break; + case TPM_QUOTE_TPM2: + /* Magic */ + writer->write_data(writer, chunk_from_chars(0xff,0x54,0x43,0x47)); + + /* Type */ + writer->write_uint16(writer, 0x8018); + + /* Qualified Signer */ + writer->write_data16(writer, this->qualified_signer); + + /* Extra Data */ + writer->write_data16(writer, nonce); + + /* Clock Info */ + writer->write_data(writer, this->clock_info); + + /* Firmware Version */ + writer->write_data(writer, this->version_info); + + /* PCR Selection */ + writer->write_data(writer, this->pcr_select); + + /* PCR Composite Hash */ + writer->write_data16(writer, pcr_digest); + break; + case TPM_QUOTE_NONE: + break; + } + chunk_free(&pcr_digest); + *quoted = writer->extract_buf(writer); + writer->destroy(writer); + + DBG2(DBG_PTS, "constructed TPM Quote Info: %B", quoted); + + if (!equal_digests) + { + DBG1(DBG_IMV, "received PCR Composite digest does not match " + "constructed one"); + chunk_free(quoted); + } + return equal_digests; +} + +METHOD(tpm_tss_quote_info_t, set_version_info, void, + private_tpm_tss_quote_info_t *this, chunk_t version_info) +{ + chunk_free(&this->version_info); + this->version_info = chunk_clone(version_info); +} + +METHOD(tpm_tss_quote_info_t, get_version_info, chunk_t, + private_tpm_tss_quote_info_t *this) +{ + return this->version_info; +} + +METHOD(tpm_tss_quote_info_t, set_tpm2_info, void, + private_tpm_tss_quote_info_t *this, chunk_t qualified_signer, + chunk_t clock_info, chunk_t pcr_select) +{ + chunk_free(&this->qualified_signer); + this->qualified_signer = chunk_clone(qualified_signer); + + chunk_free(&this->clock_info); + this->clock_info = chunk_clone(clock_info); + + chunk_free(&this->pcr_select); + this->pcr_select = chunk_clone(pcr_select); +} + +METHOD(tpm_tss_quote_info_t, get_tpm2_info, void, + private_tpm_tss_quote_info_t *this, chunk_t *qualified_signer, + chunk_t *clock_info, chunk_t *pcr_select) +{ + if (qualified_signer) + { + *qualified_signer = this->qualified_signer; + } + if (clock_info) + { + *clock_info = this->clock_info; + } + if (pcr_select) + { + *pcr_select = this->pcr_select; + } +} + +METHOD(tpm_tss_quote_info_t, get_ref, tpm_tss_quote_info_t*, + private_tpm_tss_quote_info_t *this) +{ + ref_get(&this->ref); + + return &this->public; +} + +METHOD(tpm_tss_quote_info_t, destroy, void, + private_tpm_tss_quote_info_t *this) +{ + if (ref_put(&this->ref)) + { + chunk_free(&this->qualified_signer); + chunk_free(&this->clock_info); + chunk_free(&this->version_info); + chunk_free(&this->pcr_select); + chunk_free(&this->pcr_digest); + free(this); + } +} + +/** + * See header + */ +tpm_tss_quote_info_t *tpm_tss_quote_info_create(tpm_quote_mode_t quote_mode, + hash_algorithm_t pcr_digest_alg, chunk_t pcr_digest) + +{ + private_tpm_tss_quote_info_t *this; + + INIT(this, + .public = { + .get_quote_mode = _get_quote_mode, + .get_pcr_digest_alg = _get_pcr_digest_alg, + .get_pcr_digest = _get_pcr_digest, + .get_quote = _get_quote, + .set_version_info = _set_version_info, + .get_version_info = _get_version_info, + .set_tpm2_info = _set_tpm2_info, + .get_tpm2_info = _get_tpm2_info, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .quote_mode = quote_mode, + .pcr_digest_alg = pcr_digest_alg, + .pcr_digest = chunk_clone(pcr_digest), + .ref = 1, + ); + + return &this->public; +} diff --git a/src/libtpmtss/tpm_tss_quote_info.h b/src/libtpmtss/tpm_tss_quote_info.h new file mode 100644 index 000000000..5b1c45794 --- /dev/null +++ b/src/libtpmtss/tpm_tss_quote_info.h @@ -0,0 +1,151 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tpm_tss_quote_info tpm_tss_quote_info + * @{ @ingroup libtpmtss + */ + +#ifndef TPM_TSS_QUOTE_INFO_H_ +#define TPM_TSS_QUOTE_INFO_H_ + +#include + +#include + +typedef enum tpm_quote_mode_t tpm_quote_mode_t; +typedef struct tpm_tss_quote_info_t tpm_tss_quote_info_t; +typedef struct tpm_tss_pcr_composite_t tpm_tss_pcr_composite_t; + +/** + * TPM Quote Modes + */ +enum tpm_quote_mode_t { + TPM_QUOTE_NONE, + TPM_QUOTE, + TPM_QUOTE2, + TPM_QUOTE2_VERSION_INFO, + TPM_QUOTE_TPM2 +}; + +struct tpm_tss_pcr_composite_t { + + /** + * Bit map of selected PCRs + */ + chunk_t pcr_select; + + /** + * Array of selected PCRs + */ + chunk_t pcr_composite; + +}; + +/** + * TPM Quote Information needed to verify the Quote Signature + */ +struct tpm_tss_quote_info_t { + + /** + * Get TPM Quote Mode + * + * @return TPM Quote Mode + */ + tpm_quote_mode_t (*get_quote_mode)(tpm_tss_quote_info_t *this); + + /** + * Get PCR Composite digest algorithm + * + * @return PCR Composite digest algorithm + */ + hash_algorithm_t (*get_pcr_digest_alg)(tpm_tss_quote_info_t *this); + + /** + * Get PCR Composite digest + * + * @return PCR Composite digest + */ + chunk_t (*get_pcr_digest)(tpm_tss_quote_info_t *this); + + /** + * Get TPM Quote Info digest, the basis of the TPM Quote Singature + * + * @param nonce Derived from the Diffie-Hellman exchange + * @param composite PCR Composite as computed by IMV + * @param quoted Encoded TPM Quote + * @return TRUE if TPM Quote was successfully constructed + */ + bool (*get_quote)(tpm_tss_quote_info_t *this, chunk_t nonce, + tpm_tss_pcr_composite_t *composite, + chunk_t *quoted); + + /** + * Set TPM version info (needed for TPM 1.2) + * + * @param version_info TPM 1.2 version info + */ + void (*set_version_info)(tpm_tss_quote_info_t *this, chunk_t version_info); + + /** + * Get TPM 2.0 version info (needed for TPM 2.0) + * + * @return TPM 2.0 firmwareVersioin + */ + chunk_t (*get_version_info)(tpm_tss_quote_info_t *this); + + /** + * Set TPM 2.0 info parameters (needed for TPM 2.0) + * + * @param qualified_signer TPM 2.0 qualifiedSigner + * @param clock_info TPM 2.0 clockInfo + * @param pcr_select TPM 2.0 pcrSelect + */ + void (*set_tpm2_info)(tpm_tss_quote_info_t *this, chunk_t qualified_signer, + chunk_t clock_info, chunk_t pcr_select); + + + /** + * Get TPM 2.0 info parameters (needed for TPM 2.0) + * + * @param qualified_signer TPM 2.0 qualifiedSigner + * @param clock_info TPM 2.0 clockInfo + * @param pcr_select TPM 2.0 pcrSelect + */ + void (*get_tpm2_info)(tpm_tss_quote_info_t *this, chunk_t *qualified_signer, + chunk_t *clock_info, chunk_t *pcr_select); + + /** + * Get reference to Quote Info object. + */ + tpm_tss_quote_info_t* (*get_ref)(tpm_tss_quote_info_t *this); + + /** + * Destroy a tpm_tss_quote_info_t. + */ + void (*destroy)(tpm_tss_quote_info_t *this); +}; + +/** + * Create a tpm_tss_quote_info instance. + * + * @param quote_mode TPM Quote mode + * @param pcr_digest_alg PCR Composite digest algorithm + * @param pcr_digest PCR Composite digest + */ +tpm_tss_quote_info_t *tpm_tss_quote_info_create(tpm_quote_mode_t quote_mode, + hash_algorithm_t pcr_digest_alg, chunk_t pcr_digest); + +#endif /** TPM_TSS_QUOTE_INFO_H_ @}*/ diff --git a/src/libtpmtss/tpm_tss_trousers.c b/src/libtpmtss/tpm_tss_trousers.c new file mode 100644 index 000000000..8be3ad877 --- /dev/null +++ b/src/libtpmtss/tpm_tss_trousers.c @@ -0,0 +1,655 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (c) 2008 Hal Finney + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "tpm_tss_trousers.h" + +#ifdef TSS_TROUSERS + +#ifdef _BASETSD_H_ +/* MinGW defines _BASETSD_H_, but TSS checks for _BASETSD_H */ +# define _BASETSD_H +#endif + +#include +#include + +#define LABEL "TPM 1.2 -" + +/* size in bytes of a TSS AIK public key blob */ +#define AIK_PUBKEY_BLOB_SIZE 284 + +/* maximum number of PCR registers */ +#define PCR_NUM_MAX 24 + +typedef struct private_tpm_tss_trousers_t private_tpm_tss_trousers_t; +typedef struct aik_t aik_t; + +/** + * Private data of an tpm_tss_trousers_t object. + */ +struct private_tpm_tss_trousers_t { + + /** + * Public tpm_tss_trousers_t interface. + */ + tpm_tss_trousers_t interface; + + /** + * TSS context + */ + TSS_HCONTEXT hContext; + + /** + * TPM handle + */ + TSS_HTPM hTPM; + + /** + * TPM version info + */ + chunk_t version_info; + + /** + * List of AIKs retrievable by an object handle + */ + linked_list_t *aik_list; + +}; + +struct aik_t { + /** AIK object handle */ + uint32_t handle; + + /** AIK private key blob */ + chunk_t blob; + + /** AIK public key */ + chunk_t pubkey; +}; + +static void free_aik(aik_t *this) +{ + free(this->blob.ptr); + free(this->pubkey.ptr); + free(this); +} + +/** + * Initialize TSS context + * + * TPM 1.2 Specification, Part 2 TPM Structures, 21.6 TPM_CAP_VERSION_INFO + * + * typedef struct tdTPM_VERSION { + * TPM_VERSION_BYTE major; + * TPM_VERSION_BYTE minor; + * BYTE revMajor; + * BYTE revMinor; + * } TPM_VERSION; + * + * typedef struct tdTPM_CAP_VERSION_INFO { + * TPM_STRUCTURE_TAG tag; + * TPM_VERSION version; + * UINT16 specLevel; + * BYTE errataRev; + * BYTE tpmVendorID[4]; + * UINT16 vendorSpecificSize; + * [size_is(vendorSpecificSize)] BYTE* vendorSpecific; + * } TPM_CAP_VERSION_INFO; + */ +static bool initialize_context(private_tpm_tss_trousers_t *this) +{ + uint8_t *version_ptr; + uint32_t version_len; + + TSS_RESULT result; + TPM_CAP_VERSION_INFO *info; + + result = Tspi_Context_Create(&this->hContext); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s could not created context: 0x%x", + LABEL, result); + return FALSE; + } + + result = Tspi_Context_Connect(this->hContext, NULL); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s could not connect with context: 0x%x", + LABEL, result); + return FALSE; + } + + result = Tspi_Context_GetTpmObject (this->hContext, &this->hTPM); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s could not get TPM object: 0x%x", + LABEL, result); + return FALSE; + } + + result = Tspi_TPM_GetCapability(this->hTPM, TSS_TPMCAP_VERSION_VAL, 0, + NULL, &version_len, &version_ptr); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_TPM_GetCapability failed: 0x%x", + LABEL, result); + return FALSE; + } + + info = (TPM_CAP_VERSION_INFO *)version_ptr; + DBG2(DBG_PTS, "TPM Version Info: Chip Version: %u.%u.%u.%u, " + "Spec Level: %u, Errata Rev: %u, Vendor ID: %.4s", + info->version.major, info->version.minor, + info->version.revMajor, info->version.revMinor, + untoh16(&info->specLevel), info->errataRev, info->tpmVendorID); + + this->version_info = chunk_clone(chunk_create(version_ptr, version_len)); + + return TRUE; +} + +/** + * Finalize TSS context + */ +static void finalize_context(private_tpm_tss_trousers_t *this) +{ + if (this->hContext) + { + Tspi_Context_FreeMemory(this->hContext, NULL); + Tspi_Context_Close(this->hContext); + } +} + +METHOD(tpm_tss_t, get_version, tpm_version_t, + private_tpm_tss_trousers_t *this) +{ + return TPM_VERSION_1_2; +} + +METHOD(tpm_tss_t, get_version_info, chunk_t, + private_tpm_tss_trousers_t *this) +{ + return this->version_info; +} + +METHOD(tpm_tss_t, generate_aik, bool, + private_tpm_tss_trousers_t *this, chunk_t ca_modulus, chunk_t *aik_blob, + chunk_t *aik_pubkey, chunk_t *identity_req) +{ + chunk_t aik_pubkey_blob; + chunk_t aik_modulus; + chunk_t aik_exponent; + + TSS_RESULT result; + TSS_HKEY hSRK; + TSS_HKEY hPCAKey; + TSS_HPOLICY hSrkPolicy; + TSS_HPOLICY hTPMPolicy; + TSS_HKEY hIdentKey; + TSS_UUID SRK_UUID = TSS_UUID_SRK; + BYTE secret[] = TSS_WELL_KNOWN_SECRET; + BYTE *IdentityReq; + UINT32 IdentityReqLen; + BYTE *blob; + UINT32 blobLen; + + /* get SRK plus SRK policy and set SRK secret */ + result = Tspi_Context_LoadKeyByUUID(this->hContext, TSS_PS_TYPE_SYSTEM, + SRK_UUID, &hSRK); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_Context_LoadKeyByUUID for SRK failed: 0x%x", + LABEL, result); + return FALSE; + } + result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSrkPolicy); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_GetPolicyObject or SRK failed: 0x%x ", + LABEL, result); + return FALSE; + } + result = Tspi_Policy_SetSecret(hSrkPolicy, TSS_SECRET_MODE_SHA1, 20, secret); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_Policy_SetSecret for SRK failed: 0x%x ", + LABEL, result); + return FALSE; + } + + /* get TPM plus TPM policy and set TPM secret */ + result = Tspi_Context_GetTpmObject (this->hContext, &this->hTPM); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_Context_GetTpmObject failed: 0x%x", + LABEL, result); + return FALSE; + } + result = Tspi_GetPolicyObject(this->hTPM, TSS_POLICY_USAGE, &hTPMPolicy); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_GetPolicyObject for TPM failed: 0x%x", + LABEL, result); + return FALSE; + } + result = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_SHA1, 20, secret); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS,"%s Tspi_Policy_SetSecret for TPM failed: 0x%x", + LABEL, result); + return FALSE; + } + + /* create context for a 2048 bit AIK */ + result = Tspi_Context_CreateObject(this->hContext, TSS_OBJECT_TYPE_RSAKEY, + TSS_KEY_TYPE_IDENTITY | TSS_KEY_SIZE_2048 | + TSS_KEY_VOLATILE | TSS_KEY_NOT_MIGRATABLE, &hIdentKey); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_Context_CreateObject for key failed: 0x%x", + LABEL, result); + return FALSE; + } + + /* create context for the Privacy CA public key and assign modulus */ + result = Tspi_Context_CreateObject(this->hContext, TSS_OBJECT_TYPE_RSAKEY, + TSS_KEY_TYPE_LEGACY|TSS_KEY_SIZE_2048, &hPCAKey); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_Context_CreateObject for PCA failed: 0x%x", + LABEL, result); + return FALSE; + } + result = Tspi_SetAttribData (hPCAKey, TSS_TSPATTRIB_RSAKEY_INFO, + TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, ca_modulus.len, + ca_modulus.ptr); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_SetAttribData for PCA modulus failed: 0x%x", + LABEL, result); + return FALSE; + } + result = Tspi_SetAttribUint32(hPCAKey, TSS_TSPATTRIB_KEY_INFO, + TSS_TSPATTRIB_KEYINFO_ENCSCHEME, TSS_ES_RSAESPKCSV15); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS,"%s Tspi_SetAttribUint32 for PCA encryption scheme " + "failed: 0x%x", LABEL, result); + return FALSE; + } + + /* generate AIK */ + DBG1(DBG_LIB, "Generating identity key..."); + result = Tspi_TPM_CollateIdentityRequest(this->hTPM, hSRK, hPCAKey, 0, NULL, + hIdentKey, TSS_ALG_AES, &IdentityReqLen, &IdentityReq); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_TPM_CollateIdentityRequest failed: 0x%x", + LABEL, result); + return FALSE; + } + *identity_req = chunk_create(IdentityReq, IdentityReqLen); + DBG3(DBG_LIB, "%s Identity Request: %B", LABEL, identity_req); + + /* load identity key */ + result = Tspi_Key_LoadKey (hIdentKey, hSRK); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_Key_LoadKey for AIK failed: 0x%x", + LABEL, result); + return FALSE; + } + + /* output AIK private key in TSS blob format */ + result = Tspi_GetAttribData (hIdentKey, TSS_TSPATTRIB_KEY_BLOB, + TSS_TSPATTRIB_KEYBLOB_BLOB, &blobLen, &blob); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_GetAttribData for private key blob failed: 0x%x", + LABEL, result); + return FALSE; + } + *aik_blob = chunk_create(blob, blobLen); + DBG3(DBG_LIB, "%s AIK private key blob: %B", LABEL, aik_blob); + + /* output AIK Public Key in TSS blob format */ + result = Tspi_GetAttribData (hIdentKey, TSS_TSPATTRIB_KEY_BLOB, + TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobLen, &blob); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_GetAttribData for public key blob failed: 0x%x", + LABEL, result); + return FALSE; + } + aik_pubkey_blob = chunk_create(blob, blobLen); + DBG3(DBG_LIB, "%s AIK public key blob: %B", LABEL, &aik_pubkey_blob); + + /* create a trusted AIK public key */ + if (aik_pubkey_blob.len != AIK_PUBKEY_BLOB_SIZE) + { + DBG1(DBG_PTS, "%s AIK public key is not in TSS blob format", + LABEL); + return FALSE; + } + aik_modulus = chunk_skip(aik_pubkey_blob, AIK_PUBKEY_BLOB_SIZE - 256); + aik_exponent = chunk_from_chars(0x01, 0x00, 0x01); + + /* output subjectPublicKeyInfo encoding of AIK public key */ + if (!lib->encoding->encode(lib->encoding, PUBKEY_SPKI_ASN1_DER, NULL, + aik_pubkey, CRED_PART_RSA_MODULUS, aik_modulus, + CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END)) + { + DBG1(DBG_PTS, "%s subjectPublicKeyInfo encoding of AIK key failed", + LABEL); + return FALSE; + } + return TRUE; +} + +METHOD(tpm_tss_t, get_public, chunk_t, + private_tpm_tss_trousers_t *this, uint32_t handle) +{ + enumerator_t *enumerator; + chunk_t aik_pubkey = chunk_empty; + aik_t *aik; + + enumerator = this->aik_list->create_enumerator(this->aik_list); + while (enumerator->enumerate(enumerator, &aik)) + { + if (aik->handle == handle) + { + aik_pubkey = chunk_clone(aik->pubkey); + break; + } + } + enumerator->destroy(enumerator); + + return aik_pubkey; +} + +METHOD(tpm_tss_t, read_pcr, bool, + private_tpm_tss_trousers_t *this, uint32_t pcr_num, chunk_t *pcr_value, + hash_algorithm_t alg) +{ + TSS_RESULT result; + uint8_t *value; + uint32_t len; + + result = Tspi_TPM_PcrRead(this->hTPM, pcr_num, &len, &value); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_TPM_PcrRead failed: 0x%x", LABEL, result); + return FALSE; + } + *pcr_value = chunk_clone(chunk_create(value, len)); + + return TRUE; +} + +METHOD(tpm_tss_t, extend_pcr, bool, + private_tpm_tss_trousers_t *this, uint32_t pcr_num, chunk_t *pcr_value, + chunk_t data, hash_algorithm_t alg) +{ + TSS_RESULT result; + uint32_t pcr_len; + uint8_t *pcr_ptr; + + result = Tspi_TPM_PcrExtend(this->hTPM, pcr_num, data.len, data.ptr, + NULL, &pcr_len, &pcr_ptr); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_TPM_PcrExtend failed: 0x%x", LABEL, result); + return FALSE; + } + *pcr_value = chunk_clone(chunk_create(pcr_ptr, pcr_len)); + + return TRUE; +} + +METHOD(tpm_tss_t, quote, bool, + private_tpm_tss_trousers_t *this, uint32_t aik_handle, uint32_t pcr_sel, + hash_algorithm_t alg, chunk_t data, tpm_quote_mode_t *quote_mode, + tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig) +{ + TSS_HKEY hAIK; + TSS_HKEY hSRK; + TSS_HPOLICY srkUsagePolicy; + TSS_UUID SRK_UUID = TSS_UUID_SRK; + TSS_HPCRS hPcrComposite; + TSS_VALIDATION valData; + TSS_RESULT result; + uint8_t secret[] = TSS_WELL_KNOWN_SECRET; + uint8_t *version_info, *comp_hash; + uint32_t version_info_size, pcr; + aik_t *aik; + chunk_t aik_blob = chunk_empty; + chunk_t quote_chunk, pcr_digest; + enumerator_t *enumerator; + bool success = FALSE; + + /* Retrieve SRK from TPM and set the authentication to well known secret*/ + result = Tspi_Context_LoadKeyByUUID(this->hContext, TSS_PS_TYPE_SYSTEM, + SRK_UUID, &hSRK); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_Context_LoadKeyByUUID for SRK failed: 0x%x", + LABEL, result); + return FALSE; + } + result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_GetPolicyObject for SRK failed: 0x%x", + LABEL, result); + return FALSE; + } + result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_SHA1, + 20, secret); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_Policy_SetSecret for SRK failed: 0x%x", + LABEL, result); + return FALSE; + } + + /* Retrieve AIK using its handle and load private key into TPM 1.2 */ + enumerator = this->aik_list->create_enumerator(this->aik_list); + while (enumerator->enumerate(enumerator, &aik)) + { + if (aik->handle == aik_handle) + { + aik_blob = aik->blob; + break; + } + } + enumerator->destroy(enumerator); + + if (aik_blob.len == 0) + { + DBG1(DBG_PTS, "%s AIK private key for handle 0x%80x not found", LABEL); + return FALSE; + } + result = Tspi_Context_LoadKeyByBlob(this->hContext, hSRK, aik_blob.len, + aik_blob.ptr, &hAIK); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_Context_LoadKeyByBlob for AIK failed: 0x%x", + LABEL, result); + return FALSE; + } + + /* Create PCR composite object */ + result = Tspi_Context_CreateObject(this->hContext, TSS_OBJECT_TYPE_PCRS, + (*quote_mode == TPM_QUOTE) ? TSS_PCRS_STRUCT_INFO : + TSS_PCRS_STRUCT_INFO_SHORT, + &hPcrComposite); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_Context_CreateObject for pcrComposite failed: " + "0x%x", LABEL, result); + goto err1; + } + + /* Select PCRs */ + for (pcr = 0; pcr < PCR_NUM_MAX; pcr++) + { + if (pcr_sel & (1 << pcr)) + { + result = (*quote_mode == TPM_QUOTE) ? + Tspi_PcrComposite_SelectPcrIndex(hPcrComposite, pcr) : + Tspi_PcrComposite_SelectPcrIndexEx(hPcrComposite, pcr, + TSS_PCRS_DIRECTION_RELEASE); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_PcrComposite_SelectPcrIndex failed: " + "0x%x", LABEL, result); + goto err2; + } + } + } + + /* Set the Validation Data */ + valData.ulExternalDataLength = data.len; + valData.rgbExternalData = data.ptr; + + /* TPM Quote */ + result = (*quote_mode == TPM_QUOTE) ? + Tspi_TPM_Quote (this->hTPM, hAIK, hPcrComposite, &valData) : + Tspi_TPM_Quote2(this->hTPM, hAIK, + *quote_mode == TPM_QUOTE2_VERSION_INFO, + hPcrComposite, &valData, &version_info_size, + &version_info); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_TPM_Quote%s failed: 0x%x", LABEL, + (*quote_mode == TPM_QUOTE) ? "" : "2", result); + goto err2; + } + + if (*quote_mode == TPM_QUOTE) + { + /* TPM_Composite_Hash starts at byte 8 of TPM_Quote_Info structure */ + comp_hash = valData.rgbData + 8; + } + else + { + /* TPM_Composite_Hash is last 20 bytes of TPM_Quote_Info2 structure */ + comp_hash = valData.rgbData + valData.ulDataLength - version_info_size - + HASH_SIZE_SHA1; + } + pcr_digest = chunk_create(comp_hash, HASH_SIZE_SHA1); + DBG2(DBG_PTS, "PCR composite digest: %B", &pcr_digest); + + quote_chunk = chunk_create(valData.rgbData, valData.ulDataLength); + DBG2(DBG_PTS, "TPM Quote Info: %B", "e_chunk); + + *quote_info = tpm_tss_quote_info_create(*quote_mode, HASH_SHA1, pcr_digest); + + *quote_sig = chunk_clone(chunk_create(valData.rgbValidationData, + valData.ulValidationDataLength)); + DBG2(DBG_PTS, "TPM Quote Signature: %B", quote_sig); + + success = TRUE; + +err2: + Tspi_Context_CloseObject(this->hContext, hPcrComposite); +err1: + Tspi_Context_CloseObject(this->hContext, hAIK); + + return success; +} + +METHOD(tpm_tss_t, destroy, void, + private_tpm_tss_trousers_t *this) +{ + finalize_context(this); + this->aik_list->destroy_function(this->aik_list, (void*)free_aik); + free(this->version_info.ptr); + free(this); +} + +METHOD(tpm_tss_trousers_t, load_aik, void, + private_tpm_tss_trousers_t *this, chunk_t blob, chunk_t pubkey, + uint32_t handle) +{ + aik_t *item; + + INIT(item, + .handle = handle, + .blob = blob, + .pubkey = pubkey, + ); + + this->aik_list->insert_last(this->aik_list, item); +} + +/** + * See header + */ +tpm_tss_t *tpm_tss_trousers_create() +{ + private_tpm_tss_trousers_t *this; + bool available; + + INIT(this, + .interface = { + .public = { + .get_version = _get_version, + .get_version_info = _get_version_info, + .generate_aik = _generate_aik, + .get_public = _get_public, + .read_pcr = _read_pcr, + .quote = _quote, + .extend_pcr = _extend_pcr, + .destroy = _destroy, + }, + .load_aik = _load_aik, + }, + .aik_list = linked_list_create(), + ); + + available = initialize_context(this); + DBG1(DBG_PTS, "TPM 1.2 via TrouSerS %savailable", available ? "" : "not "); + + if (!available) + { + destroy(this); + return NULL; + } + return &this->interface.public; +} + +#else /* TSS_TROUSERS */ + +tpm_tss_t *tpm_tss_trousers_create() +{ + return NULL; +} + +#endif /* TSS_TROUSERS */ + + + diff --git a/src/libtpmtss/tpm_tss_trousers.h b/src/libtpmtss/tpm_tss_trousers.h new file mode 100644 index 000000000..3afba0db2 --- /dev/null +++ b/src/libtpmtss/tpm_tss_trousers.h @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tpm_tss_trousers tpm_tss_trousers + * @{ @ingroup libtpmtss + */ + +#ifndef TPM_TSS_TROUSERS_H_ +#define TPM_TSS_TROUSERS_H_ + +#include "tpm_tss.h" + +typedef struct tpm_tss_trousers_t tpm_tss_trousers_t; + +/** + * TPM 1.2 access via TrouSerS public interface + */ +struct tpm_tss_trousers_t { + + tpm_tss_t public; + + /** + * Load AIK public and private key pair and save it under an object handle + * + * @param blob encrypted AIK private key + * @param pubkey AIK public key + * @param handle object handle under which the AIK key is stored + */ + void (*load_aik)(tpm_tss_trousers_t *this, chunk_t blob, chunk_t pubkey, + uint32_t handle); + +}; + +/** + * Create a tpm_tss_trousers instance. + */ +tpm_tss_t *tpm_tss_trousers_create(); + +#endif /** TPM_TSS_TROUSERS_H_ @}*/ diff --git a/src/libtpmtss/tpm_tss_tss2.c b/src/libtpmtss/tpm_tss_tss2.c new file mode 100644 index 000000000..39d9f2e4d --- /dev/null +++ b/src/libtpmtss/tpm_tss_tss2.c @@ -0,0 +1,696 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tpm_tss_tss2.h" +#include "tpm_tss_tss2_names.h" + +#ifdef TSS_TSS2 + +#include +#include +#include + +#include +#include + +#define LABEL "TPM 2.0 -" + +typedef struct private_tpm_tss_tss2_t private_tpm_tss_tss2_t; + +/** + * Private data of an tpm_tss_tss2_t object. + */ +struct private_tpm_tss_tss2_t { + + /** + * Public tpm_tss_tss2_t interface. + */ + tpm_tss_t public; + + /** + * TCTI context + */ + TSS2_TCTI_CONTEXT *tcti_context; + + /** + * SYS context + */ + TSS2_SYS_CONTEXT *sys_context; + + /** + * Number of supported algorithms + */ + size_t supported_algs_count; + + /** + * List of supported algorithms + */ + TPM_ALG_ID supported_algs[TPM_PT_ALGORITHM_SET]; +}; + +/** + * Some symbols required by libtctisocket + */ +FILE *outFp; +uint8_t simulator = 1; + +int TpmClientPrintf (uint8_t type, const char *format, ...) +{ + return 0; +} + +/** + * Convert hash algorithm to TPM_ALG_ID + */ +static TPM_ALG_ID hash_alg_to_tpm_alg_id(hash_algorithm_t alg) +{ + switch (alg) + { + case HASH_SHA1: + return TPM_ALG_SHA1; + case HASH_SHA256: + return TPM_ALG_SHA256; + case HASH_SHA384: + return TPM_ALG_SHA384; + case HASH_SHA512: + return TPM_ALG_SHA512; + default: + return TPM_ALG_ERROR; + } +} + +/** + * Convert TPM_ALG_ID to hash algorithm + */ +static hash_algorithm_t hash_alg_from_tpm_alg_id(TPM_ALG_ID alg) +{ + switch (alg) + { + case TPM_ALG_SHA1: + return HASH_SHA1; + case TPM_ALG_SHA256: + return HASH_SHA256; + case TPM_ALG_SHA384: + return HASH_SHA384; + case TPM_ALG_SHA512: + return HASH_SHA512; + default: + return HASH_UNKNOWN; + } +} + +/** + * Check if an algorithm given by its TPM_ALG_ID is supported by the TPM + */ +static bool is_supported_alg(private_tpm_tss_tss2_t *this, TPM_ALG_ID alg_id) +{ + int i; + + if (alg_id == TPM_ALG_ERROR) + { + return FALSE; + } + + for (i = 0; i < this->supported_algs_count; i++) + { + if (this->supported_algs[i] == alg_id) + { + return TRUE; + } + } + + return FALSE; +} + +/** + * Get a list of supported algorithms + */ +static bool get_algs_capability(private_tpm_tss_tss2_t *this) +{ + TPMS_CAPABILITY_DATA cap_data; + TPMI_YES_NO more_data; + TPM_ALG_ID alg; + uint32_t rval, i; + size_t len = BUF_LEN; + char buf[BUF_LEN]; + char *pos = buf; + int written; + + /* get supported algorithms */ + rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM_CAP_ALGS, + 0, TPM_PT_ALGORITHM_SET, &more_data, &cap_data, 0); + if (rval != TPM_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s GetCapability failed for TPM_CAP_ALGS: 0x%06x", + LABEL, rval); + return FALSE; + } + + /* Number of supported algorithms */ + this->supported_algs_count = cap_data.data.algorithms.count; + + /* store and print supported algorithms */ + for (i = 0; i < this->supported_algs_count; i++) + { + alg = cap_data.data.algorithms.algProperties[i].alg; + this->supported_algs[i] = alg; + + written = snprintf(pos, len, " %N", tpm_alg_id_names, alg); + if (written < 0 || written >= len) + { + break; + } + pos += written; + len -= written; + } + DBG2(DBG_PTS, "%s algorithms:%s", LABEL, buf); + + /* get supported ECC curves */ + rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM_CAP_ECC_CURVES, + 0, TPM_PT_LOADED_CURVES, &more_data, &cap_data, 0); + if (rval != TPM_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s GetCapability failed for TPM_ECC_CURVES: 0x%06x", + LABEL, rval); + return FALSE; + } + + /* reset print buffer */ + pos = buf; + len = BUF_LEN; + + /* print supported ECC curves */ + for (i = 0; i < cap_data.data.eccCurves.count; i++) + { + written = snprintf(pos, len, " %N", tpm_ecc_curve_names, + cap_data.data.eccCurves.eccCurves[i]); + if (written < 0 || written >= len) + { + break; + } + pos += written; + len -= written; + } + DBG2(DBG_PTS, "%s ECC curves:%s", LABEL, buf); + + return TRUE; +} + +/** + * Initialize TSS context + */ +static bool initialize_context(private_tpm_tss_tss2_t *this) +{ + size_t tcti_context_size; + uint32_t sys_context_size; + uint32_t rval; + + TCTI_SOCKET_CONF rm_if_config = { DEFAULT_HOSTNAME, + DEFAULT_RESMGR_TPM_PORT + }; + + TSS2_ABI_VERSION abi_version = { TSSWG_INTEROP, + TSS_SAPI_FIRST_FAMILY, + TSS_SAPI_FIRST_LEVEL, + TSS_SAPI_FIRST_VERSION + }; + + /* determine size of tcti context */ + rval = InitSocketTcti(NULL, &tcti_context_size, &rm_if_config, 0); + if (rval != TSS2_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s could not get tcti_context size: 0x%06x", + LABEL, rval); + return FALSE; + } + + /* allocate memory for tcti context */ + this->tcti_context = (TSS2_TCTI_CONTEXT*)malloc(tcti_context_size); + + /* initialize tcti context */ + rval = InitSocketTcti(this->tcti_context, &tcti_context_size, + &rm_if_config, 0); + if (rval != TSS2_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s could not get tcti_context: 0x%06x", + LABEL, rval); + return FALSE; + } + + /* determine size of sys context */ + sys_context_size = Tss2_Sys_GetContextSize(0); + + /* allocate memory for sys context */ + this->sys_context = malloc(sys_context_size); + + /* initialize sys context */ + rval = Tss2_Sys_Initialize(this->sys_context, sys_context_size, + this->tcti_context, &abi_version); + if (rval != TSS2_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s could not get sys_context: 0x%06x", + LABEL, rval); + return FALSE; + } + + /* get a list of supported algorithms and ECC curves */ + return get_algs_capability(this); +} + +/** + * Finalize TSS context + */ +static void finalize_context(private_tpm_tss_tss2_t *this) +{ + if (this->tcti_context) + { + TeardownSocketTcti(this->tcti_context); + } + if (this->sys_context) + { + Tss2_Sys_Finalize(this->sys_context); + free(this->sys_context); + } +} + +METHOD(tpm_tss_t, get_version, tpm_version_t, + private_tpm_tss_tss2_t *this) +{ + return TPM_VERSION_2_0; +} + +METHOD(tpm_tss_t, get_version_info, chunk_t, + private_tpm_tss_tss2_t *this) +{ + return chunk_empty; +} + +/** + * read the public key portion of a TSS 2.0 AIK key from NVRAM + */ +bool read_public(private_tpm_tss_tss2_t *this, TPMI_DH_OBJECT handle, + TPM2B_PUBLIC *public) +{ + uint32_t rval; + + TPM2B_NAME name = { { sizeof(TPM2B_NAME)-2, } }; + TPM2B_NAME qualified_name = { { sizeof(TPM2B_NAME)-2, } }; + + TPMS_AUTH_RESPONSE session_data; + TSS2_SYS_RSP_AUTHS sessions_data; + TPMS_AUTH_RESPONSE *session_data_array[1]; + + session_data_array[0] = &session_data; + sessions_data.rspAuths = &session_data_array[0]; + sessions_data.rspAuthsCount = 1; + + /* always send simulator platform command, ignored by true RM */ + PlatformCommand(this->tcti_context ,MS_SIM_POWER_ON ); + PlatformCommand(this->tcti_context, MS_SIM_NV_ON ); + + /* read public key for a given object handle from TPM 2.0 NVRAM */ + rval = Tss2_Sys_ReadPublic(this->sys_context, handle, 0, public, &name, + &qualified_name, &sessions_data); + + PlatformCommand(this->tcti_context, MS_SIM_POWER_OFF); + + if (rval != TPM_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s could not read public key from handle 0x%08x: 0x%06x", + LABEL, handle, rval); + return FALSE; + } + return TRUE; +} + +METHOD(tpm_tss_t, generate_aik, bool, + private_tpm_tss_tss2_t *this, chunk_t ca_modulus, chunk_t *aik_blob, + chunk_t *aik_pubkey, chunk_t *identity_req) +{ + return FALSE; +} + +METHOD(tpm_tss_t, get_public, chunk_t, + private_tpm_tss_tss2_t *this, uint32_t handle) +{ + TPM2B_PUBLIC public = { { 0, } }; + TPM_ALG_ID sig_alg, digest_alg; + chunk_t aik_blob, aik_pubkey = chunk_empty; + + if (!read_public(this, handle, &public)) + { + return chunk_empty; + } + + aik_blob = chunk_create((u_char*)&public, sizeof(public)); + DBG3(DBG_LIB, "%s AIK public key blob: %B", LABEL, &aik_blob); + + /* convert TSS 2.0 AIK public key blot into PKCS#1 format */ + switch (public.t.publicArea.type) + { + case TPM_ALG_RSA: + { + TPM2B_PUBLIC_KEY_RSA *rsa; + TPMT_RSA_SCHEME *scheme; + chunk_t aik_exponent, aik_modulus; + + scheme = &public.t.publicArea.parameters.rsaDetail.scheme; + sig_alg = scheme->scheme; + digest_alg = scheme->details.anySig.hashAlg; + + rsa = &public.t.publicArea.unique.rsa; + aik_modulus = chunk_create(rsa->t.buffer, rsa->t.size); + aik_exponent = chunk_from_chars(0x01, 0x00, 0x01); + + /* subjectPublicKeyInfo encoding of AIK RSA key */ + if (!lib->encoding->encode(lib->encoding, PUBKEY_SPKI_ASN1_DER, + NULL, &aik_pubkey, CRED_PART_RSA_MODULUS, aik_modulus, + CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END)) + { + DBG1(DBG_PTS, "%s subjectPublicKeyInfo encoding of AIK key " + "failed", LABEL); + } + break; + } + case TPM_ALG_ECC: + { + TPMS_ECC_POINT *ecc; + TPMT_ECC_SCHEME *scheme; + chunk_t ecc_point; + uint8_t *pos; + + scheme = &public.t.publicArea.parameters.eccDetail.scheme; + sig_alg = scheme->scheme; + digest_alg = scheme->details.anySig.hashAlg; + + ecc = &public.t.publicArea.unique.ecc; + + /* allocate space for bit string */ + pos = asn1_build_object(&ecc_point, ASN1_BIT_STRING, + 2 + ecc->x.t.size + ecc->y.t.size); + /* bit string length is a multiple of octets */ + *pos++ = 0x00; + /* uncompressed ECC point format */ + *pos++ = 0x04; + /* copy x coordinate of ECC point */ + memcpy(pos, ecc->x.t.buffer, ecc->x.t.size); + pos += ecc->x.t.size; + /* copy y coordinate of ECC point */ + memcpy(pos, ecc->y.t.buffer, ecc->y.t.size); + /* subjectPublicKeyInfo encoding of AIK ECC key */ + aik_pubkey = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_EC_PUBLICKEY), + asn1_build_known_oid(ecc->x.t.size == 32 ? + OID_PRIME256V1 : OID_SECT384R1)), + ecc_point); + break; + } + default: + DBG1(DBG_PTS, "%s unsupported AIK key type", LABEL); + return chunk_empty; + } + DBG1(DBG_PTS, "AIK signature algorithm is %N with %N hash", + tpm_alg_id_names, sig_alg, tpm_alg_id_names, digest_alg); + return aik_pubkey; +} + +/** + * Configure a PCR Selection assuming a maximum of 24 registers + */ +static bool init_pcr_selection(private_tpm_tss_tss2_t *this, uint32_t pcrs, + hash_algorithm_t alg, TPML_PCR_SELECTION *pcr_sel) +{ + TPM_ALG_ID alg_id; + uint32_t pcr; + + /* check if hash algorithm is supported by TPM */ + alg_id = hash_alg_to_tpm_alg_id(alg); + if (!is_supported_alg(this, alg_id)) + { + DBG1(DBG_PTS, "%s %N hash algorithm not supported by TPM", + LABEL, hash_algorithm_short_names, alg); + return FALSE; + } + + /* initialize the PCR Selection structure,*/ + pcr_sel->count = 1; + pcr_sel->pcrSelections[0].hash = alg_id; + pcr_sel->pcrSelections[0].sizeofSelect = 3; + pcr_sel->pcrSelections[0].pcrSelect[0] = 0; + pcr_sel->pcrSelections[0].pcrSelect[1] = 0; + pcr_sel->pcrSelections[0].pcrSelect[2] = 0; + + /* set the selected PCRs */ + for (pcr = 0; pcr < PLATFORM_PCR; pcr++) + { + if (pcrs & (1 << pcr)) + { + pcr_sel->pcrSelections[0].pcrSelect[pcr / 8] |= ( 1 << (pcr % 8) ); + } + } + return TRUE; +} + +METHOD(tpm_tss_t, read_pcr, bool, + private_tpm_tss_tss2_t *this, uint32_t pcr_num, chunk_t *pcr_value, + hash_algorithm_t alg) +{ + TPML_PCR_SELECTION pcr_selection; + TPML_DIGEST pcr_values; + + uint32_t pcr_update_counter, rval; + uint8_t *pcr_value_ptr; + size_t pcr_value_len; + + if (pcr_num >= PLATFORM_PCR) + { + DBG1(DBG_PTS, "%s maximum number of supported PCR is %d", + LABEL, PLATFORM_PCR); + return FALSE; + } + + if (!init_pcr_selection(this, (1 << pcr_num), alg, &pcr_selection)) + { + return FALSE; + } + + /* initialize the PCR Digest structure */ + memset(&pcr_values, 0, sizeof(TPML_DIGEST)); + + /* read the PCR value */ + rval = Tss2_Sys_PCR_Read(this->sys_context, 0, &pcr_selection, + &pcr_update_counter, &pcr_selection, &pcr_values, 0); + if (rval != TPM_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s PCR bank could not be read: 0x%60x", + LABEL, rval); + return FALSE; + } + pcr_value_ptr = (uint8_t *)pcr_values.digests[0].t.buffer; + pcr_value_len = (size_t) pcr_values.digests[0].t.size; + + *pcr_value = chunk_clone(chunk_create(pcr_value_ptr, pcr_value_len)); + + return TRUE; +} + +METHOD(tpm_tss_t, extend_pcr, bool, + private_tpm_tss_tss2_t *this, uint32_t pcr_num, chunk_t *pcr_value, + chunk_t data, hash_algorithm_t alg) +{ + /* TODO */ + return FALSE; +} + +METHOD(tpm_tss_t, quote, bool, + private_tpm_tss_tss2_t *this, uint32_t aik_handle, uint32_t pcr_sel, + hash_algorithm_t alg, chunk_t data, tpm_quote_mode_t *quote_mode, + tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig) +{ + chunk_t quoted_chunk, qualified_signer, extra_data, clock_info, + firmware_version, pcr_select, pcr_digest; + hash_algorithm_t pcr_digest_alg; + bio_reader_t *reader; + uint32_t rval; + + TPM2B_DATA qualifying_data; + TPML_PCR_SELECTION pcr_selection; + TPM2B_ATTEST quoted = { { sizeof(TPM2B_ATTEST)-2, } }; + TPMT_SIG_SCHEME scheme; + TPMT_SIGNATURE sig; + TPMI_ALG_HASH hash_alg; + TPMS_AUTH_COMMAND session_data_cmd; + TPMS_AUTH_RESPONSE session_data_rsp; + TSS2_SYS_CMD_AUTHS sessions_data_cmd; + TSS2_SYS_RSP_AUTHS sessions_data_rsp; + TPMS_AUTH_COMMAND *session_data_cmd_array[1]; + TPMS_AUTH_RESPONSE *session_data_rsp_array[1]; + + session_data_cmd_array[0] = &session_data_cmd; + session_data_rsp_array[0] = &session_data_rsp; + + sessions_data_cmd.cmdAuths = &session_data_cmd_array[0]; + sessions_data_rsp.rspAuths = &session_data_rsp_array[0]; + + sessions_data_cmd.cmdAuthsCount = 1; + sessions_data_rsp.rspAuthsCount = 1; + + session_data_cmd.sessionHandle = TPM_RS_PW; + session_data_cmd.hmac.t.size = 0; + session_data_cmd.nonce.t.size = 0; + + *( (uint8_t *)((void *)&session_data_cmd.sessionAttributes ) ) = 0; + + qualifying_data.t.size = data.len; + memcpy(qualifying_data.t.buffer, data.ptr, data.len); + + scheme.scheme = TPM_ALG_NULL; + memset(&sig, 0x00, sizeof(sig)); + + /* set Quote mode */ + *quote_mode = TPM_QUOTE_TPM2; + + if (!init_pcr_selection(this, pcr_sel, alg, &pcr_selection)) + { + return FALSE; + } + + rval = Tss2_Sys_Quote(this->sys_context, aik_handle, &sessions_data_cmd, + &qualifying_data, &scheme, &pcr_selection, "ed, + &sig, &sessions_data_rsp); + if (rval != TPM_RC_SUCCESS) + { + DBG1(DBG_PTS,"%s Tss2_Sys_Quote failed: 0x%06x", LABEL, rval); + return FALSE; + } + quoted_chunk = chunk_create(quoted.t.attestationData, quoted.t.size); + + reader = bio_reader_create(chunk_skip(quoted_chunk, 6)); + if (!reader->read_data16(reader, &qualified_signer) || + !reader->read_data16(reader, &extra_data) || + !reader->read_data (reader, 17, &clock_info) || + !reader->read_data (reader, 8, &firmware_version) || + !reader->read_data (reader, 10, &pcr_select) || + !reader->read_data16(reader, &pcr_digest)) + { + DBG1(DBG_PTS, "%s parsing of quoted struct failed", LABEL); + reader->destroy(reader); + return FALSE; + } + reader->destroy(reader); + + DBG2(DBG_PTS, "PCR Composite digest: %B", &pcr_digest); + DBG2(DBG_PTS, "TPM Quote Info: %B", "ed_chunk); + DBG2(DBG_PTS, "qualifiedSigner: %B", &qualified_signer); + DBG2(DBG_PTS, "extraData: %B", &extra_data); + DBG2(DBG_PTS, "clockInfo: %B", &clock_info); + DBG2(DBG_PTS, "firmwareVersion: %B", &firmware_version); + DBG2(DBG_PTS, "pcrSelect: %B", &pcr_select); + + /* extract signature */ + switch (sig.sigAlg) + { + case TPM_ALG_RSASSA: + case TPM_ALG_RSAPSS: + *quote_sig = chunk_clone( + chunk_create( + sig.signature.rsassa.sig.t.buffer, + sig.signature.rsassa.sig.t.size)); + hash_alg = sig.signature.rsassa.hash; + break; + case TPM_ALG_ECDSA: + case TPM_ALG_ECDAA: + case TPM_ALG_SM2: + case TPM_ALG_ECSCHNORR: + *quote_sig = chunk_cat("cc", + chunk_create( + sig.signature.ecdsa.signatureR.t.buffer, + sig.signature.ecdsa.signatureR.t.size), + chunk_create( + sig.signature.ecdsa.signatureS.t.buffer, + sig.signature.ecdsa.signatureS.t.size)); + hash_alg = sig.signature.ecdsa.hash; + break; + default: + DBG1(DBG_PTS, "%s unsupported %N signature algorithm", + LABEL, tpm_alg_id_names, sig.sigAlg); + return FALSE; + }; + + DBG2(DBG_PTS, "PCR digest algorithm is %N", tpm_alg_id_names, hash_alg); + pcr_digest_alg = hash_alg_from_tpm_alg_id(hash_alg); + + DBG2(DBG_PTS, "TPM Quote Signature: %B", quote_sig); + + /* Create and initialize Quote Info object */ + *quote_info = tpm_tss_quote_info_create(*quote_mode, pcr_digest_alg, + pcr_digest); + (*quote_info)->set_tpm2_info(*quote_info, qualified_signer, clock_info, + pcr_select); + (*quote_info)->set_version_info(*quote_info, firmware_version); + + return TRUE; +} + +METHOD(tpm_tss_t, destroy, void, + private_tpm_tss_tss2_t *this) +{ + finalize_context(this); + free(this); +} + +/** + * See header + */ +tpm_tss_t *tpm_tss_tss2_create() +{ + private_tpm_tss_tss2_t *this; + bool available; + + INIT(this, + .public = { + .get_version = _get_version, + .get_version_info = _get_version_info, + .generate_aik = _generate_aik, + .get_public = _get_public, + .read_pcr = _read_pcr, + .extend_pcr = _extend_pcr, + .quote = _quote, + .destroy = _destroy, + }, + ); + + available = initialize_context(this); + DBG1(DBG_PTS, "TPM 2.0 via TSS2 %savailable", available ? "" : "not "); + + if (!available) + { + destroy(this); + return NULL; + } + return &this->public; +} + +#else /* TSS_TSS2 */ + +tpm_tss_t *tpm_tss_tss2_create() +{ + return NULL; +} + +#endif /* TSS_TSS2 */ + + diff --git a/src/libtpmtss/tpm_tss_tss2.h b/src/libtpmtss/tpm_tss_tss2.h new file mode 100644 index 000000000..f3a11e5fd --- /dev/null +++ b/src/libtpmtss/tpm_tss_tss2.h @@ -0,0 +1,31 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tpm_tss_tss2 tpm_tss_tss2 + * @{ @ingroup libtpmtss + */ + +#ifndef TPM_TSS_TSS2_H_ +#define TPM_TSS_TSS2_H_ + +#include "tpm_tss.h" + +/** + * Create a tpm_tss_tss2 instance. + */ +tpm_tss_t *tpm_tss_tss2_create(); + +#endif /** TPM_TSS_TSS2_H_ @}*/ diff --git a/src/libtpmtss/tpm_tss_tss2_names.c b/src/libtpmtss/tpm_tss_tss2_names.c new file mode 100644 index 000000000..9185aa374 --- /dev/null +++ b/src/libtpmtss/tpm_tss_tss2_names.c @@ -0,0 +1,123 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tpm_tss_tss2_names.h" + +#ifdef TSS_TSS2 + +#include + +#ifndef TPM_ALG_ECMQV +#define TPM_ALG_ECMQV (TPM_ALG_ID)0x001D +#endif + +#ifndef TPM_ALG_CAMELLIA +#define TPM_ALG_CAMELLIA (TPM_ALG_ID)0x0026 +#endif + +/** + * TPM 2.0 algorithm ID names + */ +ENUM_BEGIN(tpm_alg_id_names, TPM_ALG_ERROR, TPM_ALG_RSA, + "ERROR", + "RSA" +); +ENUM_NEXT(tpm_alg_id_names, TPM_ALG_SHA1, TPM_ALG_KEYEDHASH, TPM_ALG_RSA, + "SHA1", + "HMAC", + "AES", + "MGF1", + "KEYEDHASH" +); +ENUM_NEXT(tpm_alg_id_names, TPM_ALG_XOR, TPM_ALG_SHA512, TPM_ALG_KEYEDHASH, + "XOR", + "SHA256", + "SHA384", + "SHA512" +); +ENUM_NEXT(tpm_alg_id_names, TPM_ALG_NULL, TPM_ALG_NULL, TPM_ALG_SHA512, + "NULL" +); +ENUM_NEXT(tpm_alg_id_names, TPM_ALG_SM3_256, TPM_ALG_ECMQV, TPM_ALG_NULL, + "SM3_256", + "SM4", + "RSASSA", + "RSAES", + "RSAPSS", + "OAEP", + "ECDSA", + "ECDH", + "SM2", + "ECSCHNORR", + "ECMQV" +); +ENUM_NEXT(tpm_alg_id_names, TPM_ALG_KDF1_SP800_56A, TPM_ALG_ECC, TPM_ALG_ECMQV, + "KDF1_SP800_56A", + "KDF2", + "KDF1_SP800_108", + "ECC" +); +ENUM_NEXT(tpm_alg_id_names, TPM_ALG_SYMCIPHER, TPM_ALG_CAMELLIA, TPM_ALG_ECC, + "SYMCIPHER", + "CAMELLIA" +); +ENUM_NEXT(tpm_alg_id_names, TPM_ALG_CTR, TPM_ALG_ECB, TPM_ALG_CAMELLIA, + "CTR", + "OFB", + "CBC", + "CFB", + "ECB" +); +ENUM_END(tpm_alg_id_names, TPM_ALG_ECB); + +/** + * TPM 2.0 ECC curve names + */ +ENUM_BEGIN(tpm_ecc_curve_names, TPM_ECC_NONE, TPM_ECC_NIST_P521, + "NONE", + "NIST_P192", + "NIST_P224", + "NIST_P256", + "NIST_P384", + "NIST_P521" +); +ENUM_NEXT(tpm_ecc_curve_names, TPM_ECC_BN_P256, TPM_ECC_BN_P638, TPM_ECC_NIST_P521, + "BN_P256", + "BN_P638" +); +ENUM_NEXT(tpm_ecc_curve_names, TPM_ECC_SM2_P256, TPM_ECC_SM2_P256, TPM_ECC_BN_P638, + "SM2_P256" +); +ENUM_END(tpm_ecc_curve_names, TPM_ECC_SM2_P256); + +#else /* TSS_TSS2 */ + +/** + * TPM 2.0 algorithm ID names + */ +ENUM(tpm_alg_id_names, 0, 0, + "ERROR" +); + +/** + * TPM 2.0 ECC curve names + */ +ENUM(tpm_ecc_curve_names, 0, 0, + "NONE" +); + +#endif /* TSS_TSS2 */ + + diff --git a/src/libtpmtss/tpm_tss_tss2_names.h b/src/libtpmtss/tpm_tss_tss2_names.h new file mode 100644 index 000000000..c2a834493 --- /dev/null +++ b/src/libtpmtss/tpm_tss_tss2_names.h @@ -0,0 +1,30 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tpm_tss_tss2_names tpm_tss_tss2_names + * @{ @ingroup libtpmtss + */ + +#ifndef TPM_TSS_TSS2_NAMES_H_ +#define TPM_TSS_TSS2_NAMES_H_ + +#include + +extern enum_name_t *tpm_alg_id_names; + +extern enum_name_t *tpm_ecc_curve_names; + +#endif /** TPM_TSS_TSS2_NAMES_H_ @}*/ diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in index 9beaab0a3..a1ad709f4 100644 --- a/src/manager/Makefile.in +++ b/src/manager/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ manager_PROGRAMS = manager.fcgi$(EXEEXT) subdir = src/manager -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -219,12 +228,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -274,6 +285,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -308,6 +320,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -419,6 +432,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -518,7 +532,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/manager/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/manager/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -1036,6 +1049,8 @@ uninstall-am: uninstall-managerPROGRAMS \ uninstall-manager_templates_ikesaDATA \ uninstall-manager_templates_staticDATA +.PRECIOUS: Makefile + main.o : $(top_builddir)/config.status # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/manager/controller/control_controller.c b/src/manager/controller/control_controller.c index f275986d2..a8db2f272 100644 --- a/src/manager/controller/control_controller.c +++ b/src/manager/controller/control_controller.c @@ -109,7 +109,7 @@ static void initiate(private_control_controller_t *this, fast_request_t *r, * terminate an IKE or CHILD SA */ static void terminate(private_control_controller_t *this, fast_request_t *r, - bool ike, u_int32_t id) + bool ike, uint32_t id) { gateway_t *gateway; enumerator_t *e; @@ -140,7 +140,7 @@ METHOD(fast_controller_t, handle, void, } if (action) { - u_int32_t id; + uint32_t id; if (streq(action, "terminateike")) { diff --git a/src/manager/gateway.c b/src/manager/gateway.c index 8a8fbe895..58ee6ab54 100644 --- a/src/manager/gateway.c +++ b/src/manager/gateway.c @@ -317,7 +317,7 @@ METHOD(gateway_t, initiate, enumerator_t*, } METHOD(gateway_t, terminate, enumerator_t*, - private_gateway_t *this, bool ike, u_int32_t id) + private_gateway_t *this, bool ike, uint32_t id) { char *str, *kind; diff --git a/src/manager/gateway.h b/src/manager/gateway.h index 5792ebf02..1f62d2365 100644 --- a/src/manager/gateway.h +++ b/src/manager/gateway.h @@ -61,7 +61,7 @@ struct gateway_t { * @param id ID of the SA to terminate * @return enumerator over control response XML children */ - enumerator_t* (*terminate)(gateway_t *this, bool ike, u_int32_t id); + enumerator_t* (*terminate)(gateway_t *this, bool ike, uint32_t id); /** * Initiate an IKE or a CHILD SA. diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in index c367841df..44ed9f82f 100644 --- a/src/medsrv/Makefile.in +++ b/src/medsrv/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ medsrv_PROGRAMS = medsrv.fcgi$(EXEEXT) subdir = src/medsrv -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -208,12 +217,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -263,6 +274,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -297,6 +309,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -408,6 +421,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -493,7 +507,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/medsrv/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/medsrv/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -934,6 +947,8 @@ uninstall-am: uninstall-medsrvPROGRAMS uninstall-medsrv_templatesDATA \ uninstall-medsrv_templates_staticDATA \ uninstall-medsrv_templates_userDATA +.PRECIOUS: Makefile + main.o : $(top_builddir)/config.status # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/pki/Makefile.am b/src/pki/Makefile.am index 261e41c16..1153794cd 100644 --- a/src/pki/Makefile.am +++ b/src/pki/Makefile.am @@ -19,7 +19,7 @@ pki_SOURCES = pki.c pki.h command.c command.h \ pki_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(PTHREADLIB) $(DLLIB) + $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) pki.o : $(top_builddir)/config.status diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in index 4b206c9c9..7b900f238 100644 --- a/src/pki/Makefile.in +++ b/src/pki/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ bin_PROGRAMS = pki$(EXEEXT) subdir = src/pki -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -113,7 +122,8 @@ am_pki_OBJECTS = pki.$(OBJEXT) command.$(OBJEXT) \ pki_OBJECTS = $(am_pki_OBJECTS) am__DEPENDENCIES_1 = pki_DEPENDENCIES = $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -195,6 +205,7 @@ am__define_uniq_tagged_files = \ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -226,6 +237,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -275,6 +287,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -309,6 +322,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -420,6 +434,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -466,7 +481,7 @@ pki_SOURCES = pki.c pki.h command.c command.h \ pki_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(PTHREADLIB) $(DLLIB) + $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ @@ -488,7 +503,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/pki/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/pki/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -926,6 +940,8 @@ uninstall-am: uninstall-binPROGRAMS mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-binPROGRAMS +.PRECIOUS: Makefile + pki.o : $(top_builddir)/config.status diff --git a/src/pki/man/Makefile.in b/src/pki/man/Makefile.in index e61230929..982a1175f 100644 --- a/src/pki/man/Makefile.in +++ b/src/pki/man/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,14 +88,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/pki/man -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/pki.1.in $(srcdir)/pki---acert.1.in \ - $(srcdir)/pki---dn.1.in $(srcdir)/pki---gen.1.in \ - $(srcdir)/pki---issue.1.in $(srcdir)/pki---keyid.1.in \ - $(srcdir)/pki---pkcs12.1.in $(srcdir)/pki---pkcs7.1.in \ - $(srcdir)/pki---print.1.in $(srcdir)/pki---pub.1.in \ - $(srcdir)/pki---req.1.in $(srcdir)/pki---self.1.in \ - $(srcdir)/pki---signcrl.1.in $(srcdir)/pki---verify.1.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -99,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = pki.1 pki---acert.1 pki---dn.1 pki---gen.1 \ @@ -157,12 +160,21 @@ am__installdirs = "$(DESTDIR)$(man1dir)" NROFF = nroff MANS = $(man1_MANS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/pki---acert.1.in \ + $(srcdir)/pki---dn.1.in $(srcdir)/pki---gen.1.in \ + $(srcdir)/pki---issue.1.in $(srcdir)/pki---keyid.1.in \ + $(srcdir)/pki---pkcs12.1.in $(srcdir)/pki---pkcs7.1.in \ + $(srcdir)/pki---print.1.in $(srcdir)/pki---pub.1.in \ + $(srcdir)/pki---req.1.in $(srcdir)/pki---self.1.in \ + $(srcdir)/pki---signcrl.1.in $(srcdir)/pki---verify.1.in \ + $(srcdir)/pki.1.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -212,6 +224,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -246,6 +259,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -357,6 +371,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -416,7 +431,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/pki/man/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/pki/man/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -667,6 +681,8 @@ uninstall-man: uninstall-man1 ps ps-am tags-am uninstall uninstall-am uninstall-man \ uninstall-man1 +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/pool/Makefile.in b/src/pool/Makefile.in index 3d9adb14d..8b73403e7 100644 --- a/src/pool/Makefile.in +++ b/src/pool/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ @USE_ATTR_SQL_TRUE@ipsec_PROGRAMS = pool$(EXEEXT) subdir = src/pool -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp $(dist_templates_DATA) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(dist_templates_DATA) \ + $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/pool/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/pool/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -802,6 +816,8 @@ uninstall-am: uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS tags tags-am uninstall uninstall-am \ uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS +.PRECIOUS: Makefile + @USE_ATTR_SQL_TRUE@pool.o : $(top_builddir)/config.status diff --git a/src/pool/sqlite.sql b/src/pool/sqlite.sql index 78012630b..a35094073 100644 --- a/src/pool/sqlite.sql +++ b/src/pool/sqlite.sql @@ -37,7 +37,7 @@ CREATE TABLE child_config_traffic_selector ( traffic_selector INTEGER NOT NULL, kind INTEGER NOT NULL ); -DROP INDEX IF EXISTS child_config_traffic_selector; +DROP INDEX IF EXISTS child_config_traffic_selector_all; CREATE INDEX child_config_traffic_selector_all ON child_config_traffic_selector ( child_cfg, traffic_selector ); diff --git a/src/pt-tls-client/Makefile.in b/src/pt-tls-client/Makefile.in index 2ab3cbf3d..b2c9c9598 100644 --- a/src/pt-tls-client/Makefile.in +++ b/src/pt-tls-client/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = pt-tls-client$(EXEEXT) subdir = src/pt-tls-client -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -172,12 +181,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -227,6 +238,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -261,6 +273,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -372,6 +385,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -432,7 +446,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/pt-tls-client/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/pt-tls-client/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -748,6 +761,8 @@ uninstall-am: uninstall-ipsecPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS +.PRECIOUS: Makefile + pt-tls-client.o : $(top_builddir)/config.status diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c index 3a179af17..b91997ddd 100644 --- a/src/pt-tls-client/pt-tls-client.c +++ b/src/pt-tls-client/pt-tls-client.c @@ -50,7 +50,7 @@ static void usage(FILE *out) /** * Client routine */ -static int client(char *address, u_int16_t port, char *identity) +static int client(char *address, uint16_t port, char *identity) { pt_tls_client_t *assessment; tls_t *tnccs; diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in index 141db6993..1fdea8a7b 100644 --- a/src/scepclient/Makefile.in +++ b/src/scepclient/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = scepclient$(EXEEXT) subdir = src/scepclient -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp $(dist_man_MANS) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -199,12 +208,15 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \ + $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -254,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -288,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -399,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/scepclient/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/scepclient/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -819,6 +833,8 @@ uninstall-man: uninstall-man8 pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipsecPROGRAMS uninstall-man uninstall-man8 +.PRECIOUS: Makefile + scepclient.o : $(top_builddir)/config.status diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am index 8341ca3ee..873c20ace 100644 --- a/src/starter/Makefile.am +++ b/src/starter/Makefile.am @@ -28,13 +28,16 @@ AM_CPPFLAGS = \ -DPLUGINS=\""${starter_plugins}\"" \ -DDEBUG +AM_CFLAGS = \ + @COVERAGE_CFLAGS@ + AM_YFLAGS = -v -d starter_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ libstarter.la \ - $(SOCKLIB) $(PTHREADLIB) + $(SOCKLIB) $(PTHREADLIB) $(ATOMICLIB) EXTRA_DIST = keywords.txt ipsec.conf Android.mk MAINTAINERCLEANFILES = keywords.c diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in index 31e0e9d42..19753de4f 100644 --- a/src/starter/Makefile.in +++ b/src/starter/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -83,9 +93,6 @@ ipsec_PROGRAMS = starter$(EXEEXT) @USE_LOAD_WARNING_TRUE@am__append_1 = -DLOAD_WARNING @USE_SCEPCLIENT_TRUE@am__append_2 = -DGENERATE_SELFCERT subdir = src/starter -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - parser/parser.h parser/parser.c parser/lexer.c \ - $(top_srcdir)/depcomp $(top_srcdir)/ylwrap ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -99,6 +106,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -124,7 +132,8 @@ am__DEPENDENCIES_1 = starter_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la libstarter.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -219,6 +228,9 @@ am__define_uniq_tagged_files = \ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \ + $(top_srcdir)/ylwrap parser/lexer.c parser/parser.c \ + parser/parser.h DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -250,6 +262,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -299,6 +312,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -333,6 +347,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -444,6 +459,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -495,12 +511,15 @@ AM_CPPFLAGS = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \ -DDEV_URANDOM=\"${urandom_device}\" \ -DPLUGINS=\""${starter_plugins}\"" -DDEBUG $(am__append_1) \ $(am__append_2) +AM_CFLAGS = \ + @COVERAGE_CFLAGS@ + AM_YFLAGS = -v -d starter_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ libstarter.la \ - $(SOCKLIB) $(PTHREADLIB) + $(SOCKLIB) $(PTHREADLIB) $(ATOMICLIB) EXTRA_DIST = keywords.txt ipsec.conf Android.mk MAINTAINERCLEANFILES = keywords.c @@ -522,7 +541,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/starter/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/starter/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -971,6 +989,8 @@ uninstall-am: uninstall-ipsecPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS +.PRECIOUS: Makefile + keywords.c: $(srcdir)/keywords.txt $(srcdir)/keywords.h $(AM_V_GEN) \ diff --git a/src/starter/confread.c b/src/starter/confread.c index 897aa423e..33924b065 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -331,7 +331,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token, DBG1(DBG_APP, "# bad protocol: %s=%s", key, value); goto err; } - end->protocol = (u_int8_t)p; + end->protocol = (uint8_t)p; } } if (streq(port, "%any")) diff --git a/src/starter/confread.h b/src/starter/confread.h index 457327f18..45f34ce23 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -106,9 +106,9 @@ struct starter_end { bool hostaccess; bool allow_any; char *updown; - u_int16_t from_port; - u_int16_t to_port; - u_int8_t protocol; + uint16_t from_port; + uint16_t to_port; + uint8_t protocol; char *sourceip; char *dns; }; @@ -133,17 +133,17 @@ struct starter_conn { time_t sa_ike_life_seconds; time_t sa_ipsec_life_seconds; time_t sa_rekey_margin; - u_int64_t sa_ipsec_life_bytes; - u_int64_t sa_ipsec_margin_bytes; - u_int64_t sa_ipsec_life_packets; - u_int64_t sa_ipsec_margin_packets; + uint64_t sa_ipsec_life_bytes; + uint64_t sa_ipsec_margin_bytes; + uint64_t sa_ipsec_life_packets; + uint64_t sa_ipsec_margin_packets; unsigned long sa_keying_tries; unsigned long sa_rekey_fuzz; - u_int32_t reqid; + uint32_t reqid; mark_t mark_in; mark_t mark_out; - u_int32_t replay_window; - u_int32_t tfc; + uint32_t replay_window; + uint32_t tfc; bool install_policy; bool aggressive; starter_end_t left, right; diff --git a/src/starter/parser/lexer.c b/src/starter/parser/lexer.c index a0937710e..afca86341 100644 --- a/src/starter/parser/lexer.c +++ b/src/starter/parser/lexer.c @@ -16,8 +16,8 @@ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 -#define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 35 +#define YY_FLEX_MINOR_VERSION 6 +#define YY_FLEX_SUBMINOR_VERSION 0 #if YY_FLEX_SUBMINOR_VERSION > 0 #define FLEX_BETA #endif @@ -221,6 +221,11 @@ typedef void* yyscan_t; typedef struct yy_buffer_state *YY_BUFFER_STATE; #endif +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef size_t yy_size_t; +#endif + /* %if-not-reentrant */ /* %endif */ @@ -247,6 +252,13 @@ typedef struct yy_buffer_state *YY_BUFFER_STATE; if ( yytext[yyl] == '\n' )\ --yylineno;\ }while(0) + #define YY_LINENO_REWIND_TO(dst) \ + do {\ + const char *p;\ + for ( p = yy_cp-1; p >= (dst); --p)\ + if ( *p == '\n' )\ + --yylineno;\ + }while(0) /* Return all but the first "n" matched characters back to the input stream. */ #define yyless(n) \ @@ -264,11 +276,6 @@ typedef struct yy_buffer_state *YY_BUFFER_STATE; #define unput(c) yyunput( c, yyg->yytext_ptr , yyscanner ) -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T -typedef size_t yy_size_t; -#endif - #ifndef YY_STRUCT_YY_BUFFER_STATE #define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state @@ -388,7 +395,7 @@ static void conf_parser__init_buffer (YY_BUFFER_STATE b,FILE *file ,yyscan_t yys YY_BUFFER_STATE conf_parser__scan_buffer (char *base,yy_size_t size ,yyscan_t yyscanner ); YY_BUFFER_STATE conf_parser__scan_string (yyconst char *yy_str ,yyscan_t yyscanner ); -YY_BUFFER_STATE conf_parser__scan_bytes (yyconst char *bytes,int len ,yyscan_t yyscanner ); +YY_BUFFER_STATE conf_parser__scan_bytes (yyconst char *bytes,yy_size_t len ,yyscan_t yyscanner ); /* %endif */ @@ -423,7 +430,7 @@ void conf_parser_free (void * ,yyscan_t yyscanner ); /* %% [1.0] yytext/yyin/yyout/yy_state_type/yylineno etc. def's & init go here */ /* Begin user sect3 */ -#define conf_parser_wrap(n) 1 +#define conf_parser_wrap(yyscanner) (/*CONSTCOND*/1) #define YY_SKIP_YYWRAP #define FLEX_DEBUG @@ -434,11 +441,16 @@ typedef int yy_state_type; #define yytext_ptr yytext_r +/* %% [1.5] DFA */ + /* %if-c-only Standard (non-C++) definition */ static yy_state_type yy_get_previous_state (yyscan_t yyscanner ); static yy_state_type yy_try_NUL_trans (yy_state_type current_state ,yyscan_t yyscanner); static int yy_get_next_buffer (yyscan_t yyscanner ); +#if defined(__GNUC__) && __GNUC__ >= 3 +__attribute__((__noreturn__)) +#endif static void yy_fatal_error (yyconst char msg[] ,yyscan_t yyscanner ); /* %endif */ @@ -477,7 +489,7 @@ static yyconst flex_int16_t yy_accept[80] = 0, 1, 10, 10, 0, 0, 0, 7, 0 } ; -static yyconst flex_int32_t yy_ec[256] = +static yyconst YY_CHAR yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, @@ -509,14 +521,14 @@ static yyconst flex_int32_t yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst flex_int32_t yy_meta[28] = +static yyconst YY_CHAR yy_meta[28] = { 0, 1, 2, 3, 1, 2, 4, 2, 5, 1, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 } ; -static yyconst flex_int16_t yy_base[91] = +static yyconst flex_uint16_t yy_base[91] = { 0, 0, 16, 41, 50, 4, 5, 101, 0, 24, 184, 184, 0, 184, 92, 79, 32, 16, 83, 0, 184, @@ -542,7 +554,7 @@ static yyconst flex_int16_t yy_def[91] = 79, 79, 79, 79, 79, 79, 79, 79, 79, 79 } ; -static yyconst flex_int16_t yy_nxt[212] = +static yyconst flex_uint16_t yy_nxt[212] = { 0, 79, 9, 10, 79, 9, 11, 12, 13, 14, 24, 24, 79, 79, 25, 25, 52, 15, 16, 10, 53, @@ -657,7 +669,7 @@ static void include_files(parser_helper_t *ctx); /* state used to scan quoted strings */ -#line 661 "parser/lexer.c" +#line 673 "parser/lexer.c" #define INITIAL 0 #define inc 1 @@ -694,7 +706,7 @@ struct yyguts_t YY_BUFFER_STATE * yy_buffer_stack; /**< Stack as an array. */ char yy_hold_char; int yy_n_chars; - int yyleng_r; + yy_size_t yyleng_r; char *yy_c_buf_p; int yy_init; int yy_start; @@ -751,19 +763,23 @@ void conf_parser_set_extra (YY_EXTRA_TYPE user_defined ,yyscan_t yyscanner ); FILE *conf_parser_get_in (yyscan_t yyscanner ); -void conf_parser_set_in (FILE * in_str ,yyscan_t yyscanner ); +void conf_parser_set_in (FILE * _in_str ,yyscan_t yyscanner ); FILE *conf_parser_get_out (yyscan_t yyscanner ); -void conf_parser_set_out (FILE * out_str ,yyscan_t yyscanner ); +void conf_parser_set_out (FILE * _out_str ,yyscan_t yyscanner ); -int conf_parser_get_leng (yyscan_t yyscanner ); +yy_size_t conf_parser_get_leng (yyscan_t yyscanner ); char *conf_parser_get_text (yyscan_t yyscanner ); int conf_parser_get_lineno (yyscan_t yyscanner ); -void conf_parser_set_lineno (int line_number ,yyscan_t yyscanner ); +void conf_parser_set_lineno (int _line_number ,yyscan_t yyscanner ); + +int conf_parser_get_column (yyscan_t yyscanner ); + +void conf_parser_set_column (int _column_no ,yyscan_t yyscanner ); /* %if-bison-bridge */ @@ -787,8 +803,11 @@ extern int conf_parser_wrap (yyscan_t yyscanner ); /* %not-for-header */ +#ifndef YY_NO_UNPUT + static void yyunput (int c,char *buf_ptr ,yyscan_t yyscanner); +#endif /* %ok-for-header */ /* %endif */ @@ -817,7 +836,7 @@ static int input (yyscan_t yyscanner ); /* %if-c-only */ - static void yy_push_state (int new_state ,yyscan_t yyscanner); + static void yy_push_state (int _new_state ,yyscan_t yyscanner); static void yy_pop_state (yyscan_t yyscanner ); @@ -947,7 +966,7 @@ extern int conf_parser_lex \ /* Code executed at the end of each rule. */ #ifndef YY_BREAK -#define YY_BREAK break; +#define YY_BREAK /*LINTED*/break; #endif /* %% [6.0] YY_RULE_SETUP definition goes here */ @@ -963,17 +982,11 @@ extern int conf_parser_lex \ */ YY_DECL { - register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; - register int yy_act; + yy_state_type yy_current_state; + char *yy_cp, *yy_bp; + int yy_act; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; -/* %% [7.0] user's declarations go here */ -#line 58 "parser/lexer.l" - - -#line 976 "parser/lexer.c" - yylval = yylval_param; if ( !yyg->yy_init ) @@ -1010,7 +1023,14 @@ YY_DECL conf_parser__load_buffer_state(yyscanner ); } - while ( 1 ) /* loops until end-of-file is reached */ + { +/* %% [7.0] user's declarations go here */ +#line 58 "parser/lexer.l" + + +#line 1032 "parser/lexer.c" + + while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { /* %% [8.0] yymore()-related code goes here */ yy_cp = yyg->yy_c_buf_p; @@ -1029,7 +1049,7 @@ YY_DECL yy_match: do { - register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; + YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)] ; if ( yy_accept[yy_current_state] ) { yyg->yy_last_accepting_state = yy_current_state; @@ -1062,7 +1082,7 @@ yy_find_action: if ( yy_act != YY_END_OF_BUFFER && yy_rule_can_match_eol[yy_act] ) { - int yyl; + yy_size_t yyl; for ( yyl = 0; yyl < yyleng; ++yyl ) if ( yytext[yyl] == '\n' ) @@ -1153,6 +1173,7 @@ return CA; case 10: /* rule 10 can match eol */ *yy_cp = yyg->yy_hold_char; /* undo effects of setting up yytext */ +YY_LINENO_REWIND_TO(yy_cp - 1); yyg->yy_c_buf_p = yy_cp -= 1; YY_DO_BEFORE_ACTION; /* set up yytext again */ YY_RULE_SETUP @@ -1238,6 +1259,7 @@ YY_RULE_SETUP case 18: #line 125 "parser/lexer.l" +YY_RULE_SETUP case YY_STATE_EOF(str): #line 125 "parser/lexer.l" case 19: @@ -1313,7 +1335,7 @@ YY_RULE_SETUP #line 163 "parser/lexer.l" YY_FATAL_ERROR( "flex scanner jammed" ); YY_BREAK -#line 1317 "parser/lexer.c" +#line 1339 "parser/lexer.c" case YY_END_OF_BUFFER: { @@ -1336,7 +1358,11 @@ YY_FATAL_ERROR( "flex scanner jammed" ); * back-up) that will match for the new input source. */ yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; +/* %if-c-only */ YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; +/* %endif */ +/* %if-c++-only */ +/* %endif */ YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; } @@ -1443,6 +1469,7 @@ YY_FATAL_ERROR( "flex scanner jammed" ); "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ + } /* end of user's declarations */ } /* end of conf_parser_lex */ /* %ok-for-header */ @@ -1467,9 +1494,9 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - register char *source = yyg->yytext_ptr; - register int number_to_move, i; + char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; + char *source = yyg->yytext_ptr; + yy_size_t number_to_move, i; int ret_val; if ( yyg->yy_c_buf_p > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars + 1] ) @@ -1498,7 +1525,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) (yyg->yy_c_buf_p - yyg->yytext_ptr) - 1; + number_to_move = (yy_size_t) (yyg->yy_c_buf_p - yyg->yytext_ptr) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); @@ -1511,21 +1538,21 @@ static int yy_get_next_buffer (yyscan_t yyscanner) else { - int num_to_read = + yy_size_t num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE; int yy_c_buf_p_offset = (int) (yyg->yy_c_buf_p - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { - int new_size = b->yy_buf_size * 2; + yy_size_t new_size = b->yy_buf_size * 2; if ( new_size <= 0 ) b->yy_buf_size += b->yy_buf_size / 8; @@ -1556,7 +1583,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - yyg->yy_n_chars, (size_t) num_to_read ); + yyg->yy_n_chars, num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars; } @@ -1580,9 +1607,9 @@ static int yy_get_next_buffer (yyscan_t yyscanner) else ret_val = EOB_ACT_CONTINUE_SCAN; - if ((yy_size_t) (yyg->yy_n_chars + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { + if ((int) (yyg->yy_n_chars + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { /* Extend the array by 50%, plus the number we really need. */ - yy_size_t new_size = yyg->yy_n_chars + number_to_move + (yyg->yy_n_chars >> 1); + int new_size = yyg->yy_n_chars + number_to_move + (yyg->yy_n_chars >> 1); YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) conf_parser_realloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ,yyscanner ); if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); @@ -1607,8 +1634,8 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %if-c++-only */ /* %endif */ { - register yy_state_type yy_current_state; - register char *yy_cp; + yy_state_type yy_current_state; + char *yy_cp; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* %% [15.0] code to get the start state into yy_current_state goes here */ @@ -1618,7 +1645,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) for ( yy_cp = yyg->yytext_ptr + YY_MORE_ADJ; yy_cp < yyg->yy_c_buf_p; ++yy_cp ) { /* %% [16.0] code to find the next state goes here */ - register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); + YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { yyg->yy_last_accepting_state = yy_current_state; @@ -1647,12 +1674,12 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %if-c++-only */ /* %endif */ { - register int yy_is_jam; + int yy_is_jam; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* This var may be unused depending upon options. */ /* %% [17.0] code to find the next state, and perhaps do backing up, goes here */ - register char *yy_cp = yyg->yy_c_buf_p; + char *yy_cp = yyg->yy_c_buf_p; - register YY_CHAR yy_c = 1; + YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { yyg->yy_last_accepting_state = yy_current_state; @@ -1667,17 +1694,19 @@ static int yy_get_next_buffer (yyscan_t yyscanner) yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; yy_is_jam = (yy_current_state == 79); + (void)yyg; return yy_is_jam ? 0 : yy_current_state; } +#ifndef YY_NO_UNPUT /* %if-c-only */ - static void yyunput (int c, register char * yy_bp , yyscan_t yyscanner) + static void yyunput (int c, char * yy_bp , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { - register char *yy_cp; + char *yy_cp; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yy_cp = yyg->yy_c_buf_p; @@ -1688,10 +1717,10 @@ static int yy_get_next_buffer (yyscan_t yyscanner) if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = yyg->yy_n_chars + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ + yy_size_t number_to_move = yyg->yy_n_chars + 2; + char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; - register char *source = + char *source = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) @@ -1721,6 +1750,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %if-c-only */ /* %endif */ +#endif /* %if-c-only */ #ifndef YY_NO_INPUT @@ -1751,7 +1781,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) else { /* need more input */ - int offset = yyg->yy_c_buf_p - yyg->yytext_ptr; + yy_size_t offset = yyg->yy_c_buf_p - yyg->yytext_ptr; ++yyg->yy_c_buf_p; switch ( yy_get_next_buffer( yyscanner ) ) @@ -1835,6 +1865,9 @@ static int yy_get_next_buffer (yyscan_t yyscanner) conf_parser__load_buffer_state(yyscanner ); } +/* %if-c++-only */ +/* %endif */ + /** Switch to a different input buffer. * @param new_buffer The new input buffer. * @param yyscanner The scanner object. @@ -1884,7 +1917,11 @@ static void conf_parser__load_buffer_state (yyscan_t yyscanner) struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; yyg->yytext_ptr = yyg->yy_c_buf_p = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; +/* %if-c-only */ yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; +/* %endif */ +/* %if-c++-only */ +/* %endif */ yyg->yy_hold_char = *yyg->yy_c_buf_p; } @@ -1906,7 +1943,7 @@ static void conf_parser__load_buffer_state (yyscan_t yyscanner) if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in conf_parser__create_buffer()" ); - b->yy_buf_size = size; + b->yy_buf_size = (yy_size_t)size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. @@ -1922,6 +1959,9 @@ static void conf_parser__load_buffer_state (yyscan_t yyscanner) return b; } +/* %if-c++-only */ +/* %endif */ + /** Destroy the buffer. * @param b a buffer created with conf_parser__create_buffer() * @param yyscanner The scanner object. @@ -1946,17 +1986,6 @@ static void conf_parser__load_buffer_state (yyscan_t yyscanner) conf_parser_free((void *) b ,yyscanner ); } -/* %if-c-only */ - -#ifndef __cplusplus -extern int isatty (int ); -#endif /* __cplusplus */ - -/* %endif */ - -/* %if-c++-only */ -/* %endif */ - /* Initializes or reinitializes a buffer. * This function is sometimes called more than once on the same buffer, * such as during a conf_parser_restart() or at EOF. @@ -1973,7 +2002,11 @@ extern int isatty (int ); conf_parser__flush_buffer(b ,yyscanner); +/* %if-c-only */ b->yy_input_file = file; +/* %endif */ +/* %if-c++-only */ +/* %endif */ b->yy_fill_buffer = 1; /* If b is the current buffer, then conf_parser__init_buffer was _probably_ @@ -2103,7 +2136,7 @@ static void conf_parser_ensure_buffer_stack (yyscan_t yyscanner) /* %if-c++-only */ /* %endif */ { - int num_to_alloc; + yy_size_t num_to_alloc; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if (!yyg->yy_buffer_stack) { @@ -2112,7 +2145,7 @@ static void conf_parser_ensure_buffer_stack (yyscan_t yyscanner) * scanner will even need a stack. We use 2 instead of 1 to avoid an * immediate realloc on the next call. */ - num_to_alloc = 1; + num_to_alloc = 1; /* After all that talk, this was set to 1 anyways... */ yyg->yy_buffer_stack = (struct yy_buffer_state**)conf_parser_alloc (num_to_alloc * sizeof(struct yy_buffer_state*) , yyscanner); @@ -2129,7 +2162,7 @@ static void conf_parser_ensure_buffer_stack (yyscan_t yyscanner) if (yyg->yy_buffer_stack_top >= (yyg->yy_buffer_stack_max) - 1){ /* Increase the buffer to prepare for a possible push. */ - int grow_size = 8 /* arbitrary grow size */; + yy_size_t grow_size = 8 /* arbitrary grow size */; num_to_alloc = yyg->yy_buffer_stack_max + grow_size; yyg->yy_buffer_stack = (struct yy_buffer_state**)conf_parser_realloc @@ -2207,12 +2240,12 @@ YY_BUFFER_STATE conf_parser__scan_string (yyconst char * yystr , yyscan_t yyscan * @param yyscanner The scanner object. * @return the newly allocated buffer state object. */ -YY_BUFFER_STATE conf_parser__scan_bytes (yyconst char * yybytes, int _yybytes_len , yyscan_t yyscanner) +YY_BUFFER_STATE conf_parser__scan_bytes (yyconst char * yybytes, yy_size_t _yybytes_len , yyscan_t yyscanner) { YY_BUFFER_STATE b; char *buf; yy_size_t n; - int i; + yy_size_t i; /* Get memory for full buffer, including space for trailing EOB's. */ n = _yybytes_len + 2; @@ -2239,7 +2272,7 @@ YY_BUFFER_STATE conf_parser__scan_bytes (yyconst char * yybytes, int _yybytes_ /* %endif */ /* %if-c-only */ - static void yy_push_state (int new_state , yyscan_t yyscanner) + static void yy_push_state (int _new_state , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ @@ -2264,7 +2297,7 @@ YY_BUFFER_STATE conf_parser__scan_bytes (yyconst char * yybytes, int _yybytes_ yyg->yy_start_stack[yyg->yy_start_stack_ptr++] = YY_START; - BEGIN(new_state); + BEGIN(_new_state); } /* %if-c-only */ @@ -2297,7 +2330,9 @@ YY_BUFFER_STATE conf_parser__scan_bytes (yyconst char * yybytes, int _yybytes_ /* %if-c-only */ static void yy_fatal_error (yyconst char* msg , yyscan_t yyscanner) { - (void) fprintf( stderr, "%s\n", msg ); + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + (void) fprintf( stderr, "%s\n", msg ); exit( YY_EXIT_FAILURE ); } /* %endif */ @@ -2384,7 +2419,7 @@ FILE *conf_parser_get_out (yyscan_t yyscanner) /** Get the length of the current token. * @param yyscanner The scanner object. */ -int conf_parser_get_leng (yyscan_t yyscanner) +yy_size_t conf_parser_get_leng (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yyleng; @@ -2415,51 +2450,51 @@ void conf_parser_set_extra (YY_EXTRA_TYPE user_defined , yyscan_t yyscanner) /* %endif */ /** Set the current line number. - * @param line_number + * @param _line_number line number * @param yyscanner The scanner object. */ -void conf_parser_set_lineno (int line_number , yyscan_t yyscanner) +void conf_parser_set_lineno (int _line_number , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* lineno is only valid if an input buffer exists. */ if (! YY_CURRENT_BUFFER ) - yy_fatal_error( "conf_parser_set_lineno called with no buffer" , yyscanner); + YY_FATAL_ERROR( "conf_parser_set_lineno called with no buffer" ); - yylineno = line_number; + yylineno = _line_number; } /** Set the current column. - * @param line_number + * @param _column_no column number * @param yyscanner The scanner object. */ -void conf_parser_set_column (int column_no , yyscan_t yyscanner) +void conf_parser_set_column (int _column_no , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* column is only valid if an input buffer exists. */ if (! YY_CURRENT_BUFFER ) - yy_fatal_error( "conf_parser_set_column called with no buffer" , yyscanner); + YY_FATAL_ERROR( "conf_parser_set_column called with no buffer" ); - yycolumn = column_no; + yycolumn = _column_no; } /** Set the input stream. This does not discard the current * input buffer. - * @param in_str A readable stream. + * @param _in_str A readable stream. * @param yyscanner The scanner object. * @see conf_parser__switch_to_buffer */ -void conf_parser_set_in (FILE * in_str , yyscan_t yyscanner) +void conf_parser_set_in (FILE * _in_str , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - yyin = in_str ; + yyin = _in_str ; } -void conf_parser_set_out (FILE * out_str , yyscan_t yyscanner) +void conf_parser_set_out (FILE * _out_str , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - yyout = out_str ; + yyout = _out_str ; } int conf_parser_get_debug (yyscan_t yyscanner) @@ -2468,10 +2503,10 @@ int conf_parser_get_debug (yyscan_t yyscanner) return yy_flex_debug; } -void conf_parser_set_debug (int bdebug , yyscan_t yyscanner) +void conf_parser_set_debug (int _bdebug , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - yy_flex_debug = bdebug ; + yy_flex_debug = _bdebug ; } /* %endif */ @@ -2637,7 +2672,10 @@ int conf_parser_lex_destroy (yyscan_t yyscanner) #ifndef yytext_ptr static void yy_flex_strncpy (char* s1, yyconst char * s2, int n , yyscan_t yyscanner) { - register int i; + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + + int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; } @@ -2646,7 +2684,7 @@ static void yy_flex_strncpy (char* s1, yyconst char * s2, int n , yyscan_t yysca #ifdef YY_NEED_STRLEN static int yy_flex_strlen (yyconst char * s , yyscan_t yyscanner) { - register int n; + int n; for ( n = 0; s[n]; ++n ) ; @@ -2656,11 +2694,16 @@ static int yy_flex_strlen (yyconst char * s , yyscan_t yyscanner) void *conf_parser_alloc (yy_size_t size , yyscan_t yyscanner) { + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; return (void *) malloc( size ); } void *conf_parser_realloc (void * ptr, yy_size_t size , yyscan_t yyscanner) { + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -2673,6 +2716,8 @@ void *conf_parser_realloc (void * ptr, yy_size_t size , yyscan_t yyscanner) void conf_parser_free (void * ptr , yyscan_t yyscanner) { + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; free( (char *) ptr ); /* see conf_parser_realloc() for (char *) cast */ } diff --git a/src/starter/parser/parser.c b/src/starter/parser/parser.c index 41ab515cb..7204cc61d 100644 --- a/src/starter/parser/parser.c +++ b/src/starter/parser/parser.c @@ -1,8 +1,8 @@ -/* A Bison parser, made by GNU Bison 3.0.2. */ +/* A Bison parser, made by GNU Bison 3.0.4. */ /* Bison implementation for Yacc-like parsers in C - Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc. + Copyright (C) 1984, 1989-1990, 2000-2015 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -44,7 +44,7 @@ #define YYBISON 1 /* Bison version. */ -#define YYBISON_VERSION "3.0.2" +#define YYBISON_VERSION "3.0.4" /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" @@ -182,7 +182,7 @@ extern int conf_parser_debug; /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -typedef union YYSTYPE YYSTYPE; + union YYSTYPE { #line 71 "parser/parser.y" /* yacc.c:355 */ @@ -192,6 +192,8 @@ union YYSTYPE #line 194 "parser/parser.c" /* yacc.c:355 */ }; + +typedef union YYSTYPE YYSTYPE; # define YYSTYPE_IS_TRIVIAL 1 # define YYSTYPE_IS_DECLARED 1 #endif @@ -204,7 +206,7 @@ int conf_parser_parse (parser_helper_t *ctx); /* Copy the second part of user declarations. */ -#line 208 "parser/parser.c" /* yacc.c:358 */ +#line 210 "parser/parser.c" /* yacc.c:358 */ #ifdef short # undef short @@ -1030,19 +1032,19 @@ yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep, parser_helper_t *c case 3: /* STRING */ #line 86 "parser/parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1034 "parser/parser.c" /* yacc.c:1257 */ +#line 1036 "parser/parser.c" /* yacc.c:1257 */ break; case 16: /* section_name */ #line 86 "parser/parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1040 "parser/parser.c" /* yacc.c:1257 */ +#line 1042 "parser/parser.c" /* yacc.c:1257 */ break; case 18: /* value */ #line 86 "parser/parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1046 "parser/parser.c" /* yacc.c:1257 */ +#line 1048 "parser/parser.c" /* yacc.c:1257 */ break; @@ -1319,7 +1321,7 @@ yyreduce: conf_parser_t *parser = (conf_parser_t*)ctx->context; parser->add_section(parser, (yyvsp[-1].t), (yyvsp[0].s)); } -#line 1323 "parser/parser.c" /* yacc.c:1646 */ +#line 1325 "parser/parser.c" /* yacc.c:1646 */ break; case 8: @@ -1327,7 +1329,7 @@ yyreduce: { (yyval.t) = CONF_PARSER_CONFIG_SETUP; } -#line 1331 "parser/parser.c" /* yacc.c:1646 */ +#line 1333 "parser/parser.c" /* yacc.c:1646 */ break; case 9: @@ -1335,7 +1337,7 @@ yyreduce: { (yyval.t) = CONF_PARSER_CONN; } -#line 1339 "parser/parser.c" /* yacc.c:1646 */ +#line 1341 "parser/parser.c" /* yacc.c:1646 */ break; case 10: @@ -1343,7 +1345,7 @@ yyreduce: { (yyval.t) = CONF_PARSER_CA; } -#line 1347 "parser/parser.c" /* yacc.c:1646 */ +#line 1349 "parser/parser.c" /* yacc.c:1646 */ break; case 11: @@ -1351,7 +1353,7 @@ yyreduce: { (yyval.s) = NULL; } -#line 1355 "parser/parser.c" /* yacc.c:1646 */ +#line 1357 "parser/parser.c" /* yacc.c:1646 */ break; case 12: @@ -1359,7 +1361,7 @@ yyreduce: { (yyval.s) = (yyvsp[0].s); } -#line 1363 "parser/parser.c" /* yacc.c:1646 */ +#line 1365 "parser/parser.c" /* yacc.c:1646 */ break; case 14: @@ -1375,7 +1377,7 @@ yyreduce: conf_parser_t *parser = (conf_parser_t*)ctx->context; parser->add_setting(parser, (yyvsp[-2].s), (yyvsp[0].s)); } -#line 1379 "parser/parser.c" /* yacc.c:1646 */ +#line 1381 "parser/parser.c" /* yacc.c:1646 */ break; case 15: @@ -1390,7 +1392,7 @@ yyreduce: conf_parser_t *parser = (conf_parser_t*)ctx->context; parser->add_setting(parser, (yyvsp[-1].s), NULL); } -#line 1394 "parser/parser.c" /* yacc.c:1646 */ +#line 1396 "parser/parser.c" /* yacc.c:1646 */ break; case 16: @@ -1400,7 +1402,7 @@ yyreduce: free((yyvsp[0].s)); YYERROR; } -#line 1404 "parser/parser.c" /* yacc.c:1646 */ +#line 1406 "parser/parser.c" /* yacc.c:1646 */ break; case 18: @@ -1415,11 +1417,11 @@ yyreduce: free((yyvsp[-1].s)); free((yyvsp[0].s)); } -#line 1419 "parser/parser.c" /* yacc.c:1646 */ +#line 1421 "parser/parser.c" /* yacc.c:1646 */ break; -#line 1423 "parser/parser.c" /* yacc.c:1646 */ +#line 1425 "parser/parser.c" /* yacc.c:1646 */ default: break; } /* User semantic actions sometimes alter yychar, and that requires diff --git a/src/starter/parser/parser.h b/src/starter/parser/parser.h index ed6ed2bf5..05c965daf 100644 --- a/src/starter/parser/parser.h +++ b/src/starter/parser/parser.h @@ -1,8 +1,8 @@ -/* A Bison parser, made by GNU Bison 3.0.2. */ +/* A Bison parser, made by GNU Bison 3.0.4. */ /* Bison interface for Yacc-like parsers in C - Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc. + Copyright (C) 1984, 1989-1990, 2000-2015 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -67,7 +67,7 @@ extern int conf_parser_debug; /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -typedef union YYSTYPE YYSTYPE; + union YYSTYPE { #line 71 "parser/parser.y" /* yacc.c:1909 */ @@ -77,6 +77,8 @@ union YYSTYPE #line 79 "parser/parser.h" /* yacc.c:1909 */ }; + +typedef union YYSTYPE YYSTYPE; # define YYSTYPE_IS_TRIVIAL 1 # define YYSTYPE_IS_DECLARED 1 #endif diff --git a/src/starter/tests/Makefile.in b/src/starter/tests/Makefile.in index 58daacfb3..25e3e7488 100644 --- a/src/starter/tests/Makefile.in +++ b/src/starter/tests/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ host_triplet = @host@ TESTS = starter_tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = src/starter/tests -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -197,12 +206,14 @@ am__tty_colors = { \ std=''; \ fi; \ } +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -252,6 +263,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -286,6 +298,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -397,6 +410,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/starter/tests/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/starter/tests/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -865,6 +878,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in index e7bfd9d57..4673f5961 100644 --- a/src/stroke/Makefile.in +++ b/src/stroke/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = stroke$(EXEEXT) subdir = src/stroke -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -171,12 +180,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -226,6 +237,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -260,6 +272,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -371,6 +384,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -427,7 +441,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/stroke/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/stroke/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -748,6 +761,8 @@ uninstall-am: uninstall-ipsecPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS +.PRECIOUS: Makefile + stroke_keywords.c: $(srcdir)/stroke_keywords.txt $(srcdir)/stroke_keywords.h $(AM_V_GEN) \ diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h index 17f8a4326..a3b911d0f 100644 --- a/src/stroke/stroke_msg.h +++ b/src/stroke/stroke_msg.h @@ -157,7 +157,7 @@ struct stroke_end_t { char *cert_policy; char *updown; char *address; - u_int16_t ikeport; + uint16_t ikeport; char *sourceip; char *dns; char *subnets; @@ -165,9 +165,9 @@ struct stroke_end_t { int hostaccess; int tohost; int allow_any; - u_int8_t protocol; - u_int16_t from_port; - u_int16_t to_port; + uint8_t protocol; + uint16_t from_port; + uint16_t to_port; }; typedef struct stroke_msg_t stroke_msg_t; @@ -177,7 +177,7 @@ typedef struct stroke_msg_t stroke_msg_t; */ struct stroke_msg_t { /* length of this message with all strings */ - u_int16_t length; + uint16_t length; /* type of the message */ enum { @@ -263,9 +263,9 @@ struct stroke_msg_t { int proxy_mode; int install_policy; int close_action; - u_int32_t reqid; - u_int32_t tfc; - u_int8_t ikedscp; + uint32_t reqid; + uint32_t tfc; + uint8_t ikedscp; crl_policy_t crl_policy; int unique; @@ -279,10 +279,10 @@ struct stroke_msg_t { time_t ipsec_lifetime; time_t ike_lifetime; time_t margin; - u_int64_t life_bytes; - u_int64_t margin_bytes; - u_int64_t life_packets; - u_int64_t margin_packets; + uint64_t life_bytes; + uint64_t margin_bytes; + uint64_t life_packets; + uint64_t margin_packets; unsigned long tries; unsigned long fuzz; } rekey; @@ -297,11 +297,11 @@ struct stroke_msg_t { char *peerid; } ikeme; struct { - u_int32_t value; - u_int32_t mask; + uint32_t value; + uint32_t mask; } mark_in, mark_out; stroke_end_t me, other; - u_int32_t replay_window; + uint32_t replay_window; } add_conn; /* data for STR_ADD_CA */ @@ -369,7 +369,7 @@ struct stroke_msg_t { } counters; }; /* length of the string buffer */ - u_int16_t buflen; + uint16_t buflen; /* string buffer */ char buffer[]; }; diff --git a/src/swanctl/Makefile.am b/src/swanctl/Makefile.am index fb027149a..37a0224c3 100644 --- a/src/swanctl/Makefile.am +++ b/src/swanctl/Makefile.am @@ -27,7 +27,7 @@ swanctl_SOURCES = \ swanctl_LDADD = \ $(top_builddir)/src/libcharon/plugins/vici/libvici.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(PTHREADLIB) $(DLLIB) + $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) swanctl.o : $(top_builddir)/config.status diff --git a/src/swanctl/Makefile.in b/src/swanctl/Makefile.in index 94921af6d..ebe1aba0d 100644 --- a/src/swanctl/Makefile.in +++ b/src/swanctl/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,9 +90,6 @@ build_triplet = @build@ host_triplet = @host@ sbin_PROGRAMS = swanctl$(EXEEXT) subdir = src/swanctl -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/swanctl.8.in $(srcdir)/swanctl.conf.5.head.in \ - $(srcdir)/swanctl.conf.5.tail.in $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = swanctl.8 swanctl.conf.5.head swanctl.conf.5.tail @@ -122,7 +130,8 @@ am__DEPENDENCIES_1 = swanctl_DEPENDENCIES = \ $(top_builddir)/src/libcharon/plugins/vici/libvici.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -218,12 +227,16 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/swanctl.8.in \ + $(srcdir)/swanctl.conf.5.head.in \ + $(srcdir)/swanctl.conf.5.tail.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -273,6 +286,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -307,6 +321,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -418,6 +433,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -473,7 +489,7 @@ swanctl_SOURCES = \ swanctl_LDADD = \ $(top_builddir)/src/libcharon/plugins/vici/libvici.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(PTHREADLIB) $(DLLIB) + $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ @@ -505,7 +521,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/swanctl/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/swanctl/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -993,6 +1008,8 @@ uninstall-man: uninstall-man5 uninstall-man8 uninstall-man uninstall-man5 uninstall-man8 \ uninstall-sbinPROGRAMS +.PRECIOUS: Makefile + swanctl.o : $(top_builddir)/config.status diff --git a/src/swanctl/commands/list_conns.c b/src/swanctl/commands/list_conns.c index 019c88888..19e7050da 100644 --- a/src/swanctl/commands/list_conns.c +++ b/src/swanctl/commands/list_conns.c @@ -2,6 +2,9 @@ * Copyright (C) 2014 Martin Willi * Copyright (C) 2014 revosec AG * + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your @@ -80,15 +83,64 @@ CALLBACK(children_sn, int, hashtable_t *ike, vici_res_t *res, char *name) { hashtable_t *child; + char *mode, *interface, *priority; + char *rekey_time, *rekey_bytes, *rekey_packets; + bool no_time, no_bytes, no_packets, or = FALSE; int ret; child = hashtable_create(hashtable_hash_str, hashtable_equals_str, 1); ret = vici_parse_cb(res, NULL, values, list, child); if (ret == 0) { - printf(" %s: %s\n", name, child->get(child, "mode")); + mode = child->get(child, "mode"); + printf(" %s: %s, ", name, mode); + + rekey_time = child->get(child, "rekey_time"); + rekey_bytes = child->get(child, "rekey_bytes"); + rekey_packets = child->get(child, "rekey_packets"); + no_time = streq(rekey_time, "0"); + no_bytes = streq(rekey_bytes, "0"); + no_packets = streq(rekey_packets, "0"); + + if (strcaseeq(mode, "PASS") || strcaseeq(mode, "DROP") || + (no_time && no_bytes && no_packets)) + { + printf("no rekeying\n"); + } + else + { + printf("rekeying every"); + if (!no_time) + { + printf(" %ss", rekey_time); + or = TRUE; + } + if (!no_bytes) + { + printf("%s %s bytes", or ? " or" : "", rekey_bytes); + or = TRUE; + } + if (!no_packets) + { + printf("%s %s packets", or ? " or" : "", rekey_packets); + } + printf("\n"); + } + printf(" local: %s\n", child->get(child, "local-ts")); printf(" remote: %s\n", child->get(child, "remote-ts")); + + interface = child->get(child, "interface"); + if (interface) + { + printf(" interface: %s\n", interface); + } + + priority = child->get(child, "priority"); + if (priority) + { + printf(" priority: %s\n", priority); + } } free_hashtable(child); return ret; @@ -106,18 +158,35 @@ CALLBACK(conn_sn, int, if (strpfx(name, "local") || strpfx(name, "remote")) { hashtable_t *auth; + char *class; auth = hashtable_create(hashtable_hash_str, hashtable_equals_str, 1); ret = vici_parse_cb(res, NULL, values, list, auth); if (ret == 0) { + class = auth->get(auth, "class") ?: "unspecified"; + if (strcaseeq(class, "EAP")) + { + class = auth->get(auth, "eap-type") ?: class; + } printf(" %s %s authentication:\n", - strpfx(name, "local") ? "local" : "remote", - auth->get(auth, "class") ?: "unspecified"); + strpfx(name, "local") ? "local" : "remote", class); if (auth->get(auth, "id")) { printf(" id: %s\n", auth->get(auth, "id")); } + if (auth->get(auth, "eap_id")) + { + printf(" eap_id: %s\n", auth->get(auth, "eap_id")); + } + if (auth->get(auth, "xauth_id")) + { + printf(" xauth_id: %s\n", auth->get(auth, "xauth_id")); + } + if (auth->get(auth, "aaa_id")) + { + printf(" aaa_id: %s\n", auth->get(auth, "aaa_id")); + } if (auth->get(auth, "groups")) { printf(" groups: %s\n", auth->get(auth, "groups")); @@ -156,8 +225,43 @@ CALLBACK(conn_list, int, CALLBACK(conns, int, void *null, vici_res_t *res, char *name) { - printf("%s: %s\n", name, vici_find_str(res, "", "%s.version", name)); + char *version, *reauth_time, *rekey_time; + + version = vici_find_str(res, "", "%s.version", name); + reauth_time = vici_find_str(res, "", "%s.reauth_time", name); + rekey_time = vici_find_str(res, "", "%s.rekey_time", name); + printf("%s: %s, ", name, version); + if (streq(version, "IKEv1")) + { + if (streq(reauth_time, "0")) + { + reauth_time = rekey_time; + } + } + if (streq(reauth_time, "0")) + { + printf("no reauthentication"); + } + else + { + printf("reauthentication every %ss", reauth_time); + } + if (streq(version, "IKEv1")) + { + printf("\n"); + } + else + { + if (streq(rekey_time, "0")) + { + printf(", no rekeying\n"); + } + else + { + printf(", rekeying every %ss\n", rekey_time); + } + } return vici_parse_cb(res, conn_sn, NULL, conn_list, NULL); } diff --git a/src/swanctl/commands/list_sas.c b/src/swanctl/commands/list_sas.c index fd080227d..e5f251d17 100644 --- a/src/swanctl/commands/list_sas.c +++ b/src/swanctl/commands/list_sas.c @@ -196,10 +196,13 @@ CALLBACK(ike_sa, int, { if (streq(name, "child-sas")) { - printf("%s: #%s, %s, IKEv%s, %s:%s\n", + bool is_initiator = streq(ike->get(ike, "initiator"), "yes"); + + printf("%s: #%s, %s, IKEv%s, %s_i%s %s_r%s\n", ike->get(ike, "name"), ike->get(ike, "uniqueid"), ike->get(ike, "state"), ike->get(ike, "version"), - ike->get(ike, "initiator-spi"), ike->get(ike, "responder-spi")); + ike->get(ike, "initiator-spi"), is_initiator ? "*" : "", + ike->get(ike, "responder-spi"), is_initiator ? "" : "*"); printf(" local '%s' @ %s[%s]", ike->get(ike, "local-id"), ike->get(ike, "local-host"), diff --git a/src/swanctl/commands/load_authorities.c b/src/swanctl/commands/load_authorities.c index 88dde6aaf..352a185e8 100644 --- a/src/swanctl/commands/load_authorities.c +++ b/src/swanctl/commands/load_authorities.c @@ -292,7 +292,7 @@ int load_authorities_cfg(vici_conn_t *conn, command_format_options_t format, } if (found == 0) { - printf("no authorities found, %u unloaded\n", unloaded); + fprintf(stderr, "no authorities found, %u unloaded\n", unloaded); return 0; } if (loaded == found) diff --git a/src/swanctl/commands/load_conns.c b/src/swanctl/commands/load_conns.c index bbc700d5c..87526bc79 100644 --- a/src/swanctl/commands/load_conns.c +++ b/src/swanctl/commands/load_conns.c @@ -396,7 +396,7 @@ int load_conns_cfg(vici_conn_t *conn, command_format_options_t format, } if (found == 0) { - printf("no connections found, %u unloaded\n", unloaded); + fprintf(stderr, "no connections found, %u unloaded\n", unloaded); return 0; } if (loaded == found) diff --git a/src/swanctl/commands/load_pools.c b/src/swanctl/commands/load_pools.c index d7fbd1341..2b9fa2d42 100644 --- a/src/swanctl/commands/load_pools.c +++ b/src/swanctl/commands/load_pools.c @@ -235,7 +235,7 @@ int load_pools_cfg(vici_conn_t *conn, command_format_options_t format, } if (found == 0) { - printf("no pools found, %u unloaded\n", unloaded); + fprintf(stderr, "no pools found, %u unloaded\n", unloaded); return 0; } if (loaded == found) diff --git a/src/swanctl/swanctl.conf b/src/swanctl/swanctl.conf index 428be91e7..6bc81becf 100644 --- a/src/swanctl/swanctl.conf +++ b/src/swanctl/swanctl.conf @@ -213,6 +213,12 @@ # Fixed reqid to use for this CHILD_SA. # reqid = 0 + # Optional fixed priority for IPsec policies. + # priority = 0 + + # Optional interface name to restrict IPsec policies. + # interface = + # Netfilter mark and mask for input traffic. # mark_in = 0/0x00000000 diff --git a/src/swanctl/swanctl.conf.5.main b/src/swanctl/swanctl.conf.5.main index a5b2a731f..013e35fb7 100644 --- a/src/swanctl/swanctl.conf.5.main +++ b/src/swanctl/swanctl.conf.5.main @@ -519,7 +519,7 @@ an absolute path. Comma separated list of raw public keys to accept for authentication. The public keys may use a relative path from the .RB "" "swanctl" "" -.RI "" "x509" "" +.RI "" "pubkey" "" directory or an absolute path. @@ -855,6 +855,18 @@ once. The default of .RI "" "0" "" uses dynamic reqids, allocated incrementally. +.TP +.BR connections..children..priority " [0]" +Optional fixed priority for IPsec policies. This could be useful to install +high\-priority drop policies. The default of +.RI "" "0" "" +uses dynamically calculated +priorities based on the size of the traffic selectors. + +.TP +.BR connections..children..interface " []" +Optional interface name to restrict IPsec policies. + .TP .BR connections..children..mark_in " [0/0x00000000]" Netfilter mark and mask for input traffic. On Linux Netfilter may require marks diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index 145fab28d..fe5b293fb 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -416,7 +416,7 @@ connections..remote.pubkeys = Comma separated list of raw public keys to accept for authentication. Comma separated list of raw public keys to accept for authentication. - The public keys may use a relative path from the **swanctl** _x509_ + The public keys may use a relative path from the **swanctl** _pubkey_ directory or an absolute path. connections..remote.revocation = relaxed @@ -684,6 +684,16 @@ connections..children..reqid = 0 not more than once. The default of _0_ uses dynamic reqids, allocated incrementally. +connections..children..priority = 0 + Optional fixed priority for IPsec policies. + + Optional fixed priority for IPsec policies. This could be useful to install + high-priority drop policies. The default of _0_ uses dynamically calculated + priorities based on the size of the traffic selectors. + +connections..children..interface = + Optional interface name to restrict IPsec policies. + connections..children..mark_in = 0/0x00000000 Netfilter mark and mask for input traffic. diff --git a/testing/Makefile.in b/testing/Makefile.in index f797f1767..b6ad617b9 100644 --- a/testing/Makefile.in +++ b/testing/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,7 +88,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = testing -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am README ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -92,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -116,12 +126,14 @@ am__can_run_installinfo = \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in README DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -171,6 +183,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -205,6 +218,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -316,6 +330,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -363,7 +378,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu testing/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu testing/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -538,6 +552,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/testing/config/kernel/config-4.0 b/testing/config/kernel/config-4.0 index 33771a260..2d79ba6ed 100644 --- a/testing/config/kernel/config-4.0 +++ b/testing/config/kernel/config-4.0 @@ -131,7 +131,16 @@ CONFIG_LOG_BUF_SHIFT=14 CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y CONFIG_ARCH_SUPPORTS_INT128=y -# CONFIG_CGROUPS is not set +CONFIG_CGROUPS=y +# CONFIG_CGROUP_DEBUG is not set +# CONFIG_CGROUP_FREEZER is not set +# CONFIG_CGROUP_DEVICE is not set +# CONFIG_CPUSETS is not set +# CONFIG_CGROUP_CPUACCT is not set +# CONFIG_MEMCG is not set +# CONFIG_CGROUP_PERF is not set +# CONFIG_CGROUP_SCHED is not set +# CONFIG_BLK_CGROUP is not set # CONFIG_CHECKPOINT_RESTORE is not set CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set @@ -663,6 +672,7 @@ CONFIG_NETFILTER_XT_TARGET_TCPMSS=y # CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y # CONFIG_NETFILTER_XT_MATCH_BPF is not set +# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set CONFIG_NETFILTER_XT_MATCH_CLUSTER=y CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y @@ -812,6 +822,8 @@ CONFIG_HAVE_NET_DSA=y # CONFIG_NET_MPLS_GSO is not set # CONFIG_HSR is not set # CONFIG_NET_SWITCHDEV is not set +# CONFIG_CGROUP_NET_PRIO is not set +# CONFIG_CGROUP_NET_CLASSID is not set CONFIG_NET_RX_BUSY_POLL=y CONFIG_BQL=y @@ -851,7 +863,8 @@ CONFIG_HAVE_BPF_JIT=y # CONFIG_UEVENT_HELPER=y CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" -# CONFIG_DEVTMPFS is not set +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y CONFIG_FW_LOADER=y diff --git a/testing/config/kernel/config-4.1 b/testing/config/kernel/config-4.1 index 9cd28ca8e..03364090b 100644 --- a/testing/config/kernel/config-4.1 +++ b/testing/config/kernel/config-4.1 @@ -132,7 +132,16 @@ CONFIG_LOG_BUF_SHIFT=14 CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y CONFIG_ARCH_SUPPORTS_INT128=y -# CONFIG_CGROUPS is not set +CONFIG_CGROUPS=y +# CONFIG_CGROUP_DEBUG is not set +# CONFIG_CGROUP_FREEZER is not set +# CONFIG_CGROUP_DEVICE is not set +# CONFIG_CPUSETS is not set +# CONFIG_CGROUP_CPUACCT is not set +# CONFIG_MEMCG is not set +# CONFIG_CGROUP_PERF is not set +# CONFIG_CGROUP_SCHED is not set +# CONFIG_BLK_CGROUP is not set # CONFIG_CHECKPOINT_RESTORE is not set CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set @@ -664,6 +673,7 @@ CONFIG_NETFILTER_XT_TARGET_TCPMSS=y # CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y # CONFIG_NETFILTER_XT_MATCH_BPF is not set +# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set CONFIG_NETFILTER_XT_MATCH_CLUSTER=y CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y @@ -813,6 +823,8 @@ CONFIG_HAVE_NET_DSA=y # CONFIG_MPLS is not set # CONFIG_HSR is not set # CONFIG_NET_SWITCHDEV is not set +# CONFIG_CGROUP_NET_PRIO is not set +# CONFIG_CGROUP_NET_CLASSID is not set CONFIG_NET_RX_BUSY_POLL=y CONFIG_BQL=y @@ -852,7 +864,8 @@ CONFIG_HAVE_BPF_JIT=y # CONFIG_UEVENT_HELPER=y CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" -# CONFIG_DEVTMPFS is not set +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y CONFIG_FW_LOADER=y diff --git a/testing/config/kernel/config-4.2 b/testing/config/kernel/config-4.2 index 72d5b93dd..c13a53db0 100644 --- a/testing/config/kernel/config-4.2 +++ b/testing/config/kernel/config-4.2 @@ -133,7 +133,16 @@ CONFIG_LOG_BUF_SHIFT=14 CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y CONFIG_ARCH_SUPPORTS_INT128=y -# CONFIG_CGROUPS is not set +CONFIG_CGROUPS=y +# CONFIG_CGROUP_DEBUG is not set +# CONFIG_CGROUP_FREEZER is not set +# CONFIG_CGROUP_DEVICE is not set +# CONFIG_CPUSETS is not set +# CONFIG_CGROUP_CPUACCT is not set +# CONFIG_MEMCG is not set +# CONFIG_CGROUP_PERF is not set +# CONFIG_CGROUP_SCHED is not set +# CONFIG_BLK_CGROUP is not set # CONFIG_CHECKPOINT_RESTORE is not set CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set @@ -677,6 +686,7 @@ CONFIG_NETFILTER_XT_TARGET_TCPMSS=y # CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y # CONFIG_NETFILTER_XT_MATCH_BPF is not set +# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set CONFIG_NETFILTER_XT_MATCH_CLUSTER=y CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y @@ -826,6 +836,8 @@ CONFIG_HAVE_NET_DSA=y # CONFIG_MPLS is not set # CONFIG_HSR is not set # CONFIG_NET_SWITCHDEV is not set +# CONFIG_CGROUP_NET_PRIO is not set +# CONFIG_CGROUP_NET_CLASSID is not set CONFIG_NET_RX_BUSY_POLL=y CONFIG_BQL=y @@ -866,7 +878,8 @@ CONFIG_HAVE_BPF_JIT=y # CONFIG_UEVENT_HELPER=y CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" -# CONFIG_DEVTMPFS is not set +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y CONFIG_FW_LOADER=y @@ -2221,6 +2234,7 @@ CONFIG_GENERIC_FIND_FIRST_BIT=y CONFIG_GENERIC_PCI_IOMAP=y CONFIG_GENERIC_IOMAP=y CONFIG_GENERIC_IO=y +CONFIG_PERCPU_RWSEM=y CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y CONFIG_ARCH_HAS_FAST_MULTIPLIER=y CONFIG_CRC_CCITT=y diff --git a/testing/config/kernel/config-4.3 b/testing/config/kernel/config-4.3 new file mode 100644 index 000000000..a7670c363 --- /dev/null +++ b/testing/config/kernel/config-4.3 @@ -0,0 +1,2329 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86 4.3.3 Kernel Configuration +# +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_INSTRUCTION_DECODER=y +CONFIG_PERF_EVENTS_INTEL_UNCORE=y +CONFIG_OUTPUT_FORMAT="elf64-x86-64" +CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig" +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_HAVE_LATENCYTOP_SUPPORT=y +CONFIG_MMU=y +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_GENERIC_ISA_DMA=y +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_GENERIC_HWEIGHT=y +CONFIG_ARCH_MAY_HAVE_PC_FDC=y +CONFIG_RWSEM_XCHGADD_ALGORITHM=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_HAS_CPU_RELAX=y +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_SUSPEND_POSSIBLE=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_ZONE_DMA32=y +CONFIG_AUDIT_ARCH=y +CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11" +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_PGTABLE_LEVELS=4 +CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_EXTABLE_SORT=y + +# +# General setup +# +CONFIG_BROKEN_ON_SMP=y +CONFIG_INIT_ENV_ARG_LIMIT=32 +CONFIG_CROSS_COMPILE="" +# CONFIG_COMPILE_TEST is not set +CONFIG_LOCALVERSION="" +CONFIG_LOCALVERSION_AUTO=y +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_BZIP2=y +CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_HAVE_KERNEL_LZ4=y +CONFIG_KERNEL_GZIP=y +# CONFIG_KERNEL_BZIP2 is not set +# CONFIG_KERNEL_LZMA is not set +# CONFIG_KERNEL_XZ is not set +# CONFIG_KERNEL_LZO is not set +# CONFIG_KERNEL_LZ4 is not set +CONFIG_DEFAULT_HOSTNAME="(none)" +CONFIG_SWAP=y +CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y +CONFIG_POSIX_MQUEUE=y +CONFIG_POSIX_MQUEUE_SYSCTL=y +CONFIG_CROSS_MEMORY_ATTACH=y +# CONFIG_FHANDLE is not set +CONFIG_USELIB=y +# CONFIG_AUDIT is not set +CONFIG_HAVE_ARCH_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_MSI_IRQ=y +CONFIG_GENERIC_MSI_IRQ_DOMAIN=y +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_ARCH_CLOCKSOURCE_DATA=y +CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +CONFIG_NO_HZ_IDLE=y +CONFIG_NO_HZ=y +CONFIG_HIGH_RES_TIMERS=y + +# +# CPU/Task time and stats accounting +# +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set +# CONFIG_IRQ_TIME_ACCOUNTING is not set +CONFIG_BSD_PROCESS_ACCT=y +# CONFIG_BSD_PROCESS_ACCT_V3 is not set +# CONFIG_TASKSTATS is not set + +# +# RCU Subsystem +# +CONFIG_TINY_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_SRCU=y +# CONFIG_TASKS_RCU is not set +# CONFIG_RCU_STALL_COMMON is not set +# CONFIG_TREE_RCU_TRACE is not set +# CONFIG_RCU_EXPEDITE_BOOT is not set +CONFIG_BUILD_BIN2C=y +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +CONFIG_LOG_BUF_SHIFT=14 +CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_SUPPORTS_INT128=y +CONFIG_CGROUPS=y +# CONFIG_CGROUP_DEBUG is not set +CONFIG_CGROUP_FREEZER=y +CONFIG_CGROUP_PIDS=y +CONFIG_CGROUP_DEVICE=y +CONFIG_CPUSETS=y +CONFIG_PROC_PID_CPUSET=y +CONFIG_CGROUP_CPUACCT=y +CONFIG_PAGE_COUNTER=y +CONFIG_MEMCG=y +CONFIG_MEMCG_SWAP=y +CONFIG_MEMCG_SWAP_ENABLED=y +CONFIG_MEMCG_KMEM=y +CONFIG_CGROUP_PERF=y +CONFIG_CGROUP_SCHED=y +CONFIG_FAIR_GROUP_SCHED=y +# CONFIG_CFS_BANDWIDTH is not set +# CONFIG_RT_GROUP_SCHED is not set +CONFIG_BLK_CGROUP=y +# CONFIG_DEBUG_BLK_CGROUP is not set +CONFIG_CGROUP_WRITEBACK=y +# CONFIG_CHECKPOINT_RESTORE is not set +CONFIG_NAMESPACES=y +# CONFIG_UTS_NS is not set +# CONFIG_IPC_NS is not set +# CONFIG_USER_NS is not set +# CONFIG_PID_NS is not set +# CONFIG_NET_NS is not set +# CONFIG_SCHED_AUTOGROUP is not set +# CONFIG_SYSFS_DEPRECATED is not set +# CONFIG_RELAY is not set +# CONFIG_BLK_DEV_INITRD is not set +CONFIG_CC_OPTIMIZE_FOR_SIZE=y +CONFIG_SYSCTL=y +CONFIG_ANON_INODES=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_HAVE_PCSPKR_PLATFORM=y +CONFIG_BPF=y +# CONFIG_EXPERT is not set +CONFIG_MULTIUSER=y +CONFIG_SGETMASK_SYSCALL=y +CONFIG_SYSFS_SYSCALL=y +# CONFIG_SYSCTL_SYSCALL is not set +CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_ALL is not set +CONFIG_PRINTK=y +CONFIG_BUG=y +CONFIG_ELF_CORE=y +CONFIG_PCSPKR_PLATFORM=y +CONFIG_BASE_FULL=y +CONFIG_FUTEX=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +# CONFIG_BPF_SYSCALL is not set +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_ADVISE_SYSCALLS=y +# CONFIG_USERFAULTFD is not set +CONFIG_PCI_QUIRKS=y +CONFIG_MEMBARRIER=y +# CONFIG_EMBEDDED is not set +CONFIG_HAVE_PERF_EVENTS=y + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +CONFIG_VM_EVENT_COUNTERS=y +CONFIG_COMPAT_BRK=y +CONFIG_SLAB=y +# CONFIG_SLUB is not set +# CONFIG_SYSTEM_DATA_VERIFICATION is not set +# CONFIG_PROFILING is not set +CONFIG_HAVE_OPROFILE=y +CONFIG_OPROFILE_NMI_TIMER=y +# CONFIG_JUMP_LABEL is not set +# CONFIG_UPROBES is not set +# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_ARCH_USE_BUILTIN_BSWAP=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KPROBES=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_OPTPROBES=y +CONFIG_HAVE_KPROBES_ON_FTRACE=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_ATTRS=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_DMA_API_DEBUG=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y +CONFIG_HAVE_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP_FILTER=y +CONFIG_HAVE_CC_STACKPROTECTOR=y +CONFIG_CC_STACKPROTECTOR=y +# CONFIG_CC_STACKPROTECTOR_NONE is not set +CONFIG_CC_STACKPROTECTOR_REGULAR=y +# CONFIG_CC_STACKPROTECTOR_STRONG is not set +CONFIG_HAVE_CONTEXT_TRACKING=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_HAVE_ARCH_SOFT_DIRTY=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_COPY_THREAD_TLS=y + +# +# GCOV-based kernel profiling +# +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set +CONFIG_SLABINFO=y +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=0 +# CONFIG_MODULES is not set +CONFIG_MODULES_TREE_LOOKUP=y +CONFIG_BLOCK=y +# CONFIG_BLK_DEV_BSG is not set +# CONFIG_BLK_DEV_BSGLIB is not set +# CONFIG_BLK_DEV_INTEGRITY is not set +# CONFIG_BLK_DEV_THROTTLING is not set +# CONFIG_BLK_CMDLINE_PARSER is not set + +# +# Partition Types +# +# CONFIG_PARTITION_ADVANCED is not set +CONFIG_MSDOS_PARTITION=y +CONFIG_EFI_PARTITION=y + +# +# IO Schedulers +# +CONFIG_IOSCHED_NOOP=y +CONFIG_IOSCHED_DEADLINE=y +CONFIG_IOSCHED_CFQ=y +# CONFIG_CFQ_GROUP_IOSCHED is not set +# CONFIG_DEFAULT_DEADLINE is not set +CONFIG_DEFAULT_CFQ=y +# CONFIG_DEFAULT_NOOP is not set +CONFIG_DEFAULT_IOSCHED="cfq" +CONFIG_INLINE_SPIN_UNLOCK_IRQ=y +CONFIG_INLINE_READ_UNLOCK=y +CONFIG_INLINE_READ_UNLOCK_IRQ=y +CONFIG_INLINE_WRITE_UNLOCK=y +CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_FREEZER=y + +# +# Processor type and features +# +CONFIG_ZONE_DMA=y +# CONFIG_SMP is not set +CONFIG_X86_FEATURE_NAMES=y +CONFIG_X86_MPPARSE=y +CONFIG_X86_EXTENDED_PLATFORM=y +# CONFIG_X86_GOLDFISH is not set +# CONFIG_X86_INTEL_LPSS is not set +# CONFIG_X86_AMD_PLATFORM_DEVICE is not set +CONFIG_IOSF_MBI=y +CONFIG_SCHED_OMIT_FRAME_POINTER=y +# CONFIG_HYPERVISOR_GUEST is not set +CONFIG_NO_BOOTMEM=y +# CONFIG_MK8 is not set +# CONFIG_MPSC is not set +CONFIG_MCORE2=y +# CONFIG_MATOM is not set +# CONFIG_GENERIC_CPU is not set +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 +CONFIG_X86_L1_CACHE_SHIFT=6 +CONFIG_X86_INTEL_USERCOPY=y +CONFIG_X86_USE_PPRO_CHECKSUM=y +CONFIG_X86_P6_NOP=y +CONFIG_X86_TSC=y +CONFIG_X86_CMPXCHG64=y +CONFIG_X86_CMOV=y +CONFIG_X86_MINIMUM_CPU_FAMILY=64 +CONFIG_X86_DEBUGCTLMSR=y +CONFIG_CPU_SUP_INTEL=y +CONFIG_CPU_SUP_AMD=y +CONFIG_CPU_SUP_CENTAUR=y +CONFIG_HPET_TIMER=y +CONFIG_DMI=y +CONFIG_GART_IOMMU=y +# CONFIG_CALGARY_IOMMU is not set +CONFIG_SWIOTLB=y +CONFIG_IOMMU_HELPER=y +CONFIG_NR_CPUS=1 +CONFIG_PREEMPT_NONE=y +# CONFIG_PREEMPT_VOLUNTARY is not set +# CONFIG_PREEMPT is not set +CONFIG_UP_LATE_INIT=y +CONFIG_X86_LOCAL_APIC=y +CONFIG_X86_IO_APIC=y +# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set +# CONFIG_X86_MCE is not set +# CONFIG_VM86 is not set +CONFIG_X86_16BIT=y +CONFIG_X86_ESPFIX64=y +CONFIG_X86_VSYSCALL_EMULATION=y +# CONFIG_I8K is not set +# CONFIG_MICROCODE is not set +# CONFIG_X86_MSR is not set +# CONFIG_X86_CPUID is not set +CONFIG_ARCH_PHYS_ADDR_T_64BIT=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_X86_DIRECT_GBPAGES=y +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_DEFAULT=y +CONFIG_ARCH_SELECT_MEMORY_MODEL=y +CONFIG_ARCH_MEMORY_PROBE=y +CONFIG_ARCH_PROC_KCORE_TEXT=y +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +CONFIG_SELECT_MEMORY_MODEL=y +CONFIG_SPARSEMEM_MANUAL=y +CONFIG_SPARSEMEM=y +CONFIG_HAVE_MEMORY_PRESENT=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_HAVE_MEMBLOCK=y +CONFIG_HAVE_MEMBLOCK_NODE_MAP=y +CONFIG_ARCH_DISCARD_MEMBLOCK=y +CONFIG_MEMORY_ISOLATION=y +CONFIG_HAVE_BOOTMEM_INFO_NODE=y +CONFIG_MEMORY_HOTPLUG=y +CONFIG_MEMORY_HOTPLUG_SPARSE=y +CONFIG_MEMORY_HOTREMOVE=y +CONFIG_PAGEFLAGS_EXTENDED=y +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +CONFIG_MEMORY_BALLOON=y +# CONFIG_COMPACTION is not set +CONFIG_MIGRATION=y +CONFIG_PHYS_ADDR_T_64BIT=y +CONFIG_ZONE_DMA_FLAG=1 +CONFIG_BOUNCE=y +CONFIG_VIRT_TO_BUS=y +# CONFIG_KSM is not set +CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +# CONFIG_TRANSPARENT_HUGEPAGE is not set +CONFIG_NEED_PER_CPU_KM=y +# CONFIG_CLEANCACHE is not set +# CONFIG_FRONTSWAP is not set +# CONFIG_CMA is not set +# CONFIG_ZPOOL is not set +# CONFIG_ZBUD is not set +# CONFIG_ZSMALLOC is not set +CONFIG_GENERIC_EARLY_IOREMAP=y +CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y +# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set +# CONFIG_IDLE_PAGE_TRACKING is not set +# CONFIG_X86_PMEM_LEGACY is not set +# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set +CONFIG_X86_RESERVE_LOW=64 +CONFIG_MTRR=y +CONFIG_MTRR_SANITIZER=y +CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0 +CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 +CONFIG_X86_PAT=y +CONFIG_ARCH_USES_PG_UNCACHED=y +CONFIG_ARCH_RANDOM=y +CONFIG_X86_SMAP=y +# CONFIG_X86_INTEL_MPX is not set +# CONFIG_EFI is not set +CONFIG_SECCOMP=y +# CONFIG_HZ_100 is not set +CONFIG_HZ_250=y +# CONFIG_HZ_300 is not set +# CONFIG_HZ_1000 is not set +CONFIG_HZ=250 +CONFIG_SCHED_HRTICK=y +# CONFIG_KEXEC is not set +# CONFIG_KEXEC_FILE is not set +# CONFIG_CRASH_DUMP is not set +CONFIG_PHYSICAL_START=0x1000000 +CONFIG_RELOCATABLE=y +# CONFIG_RANDOMIZE_BASE is not set +CONFIG_PHYSICAL_ALIGN=0x1000000 +# CONFIG_CMDLINE_BOOL is not set +CONFIG_MODIFY_LDT_SYSCALL=y +CONFIG_HAVE_LIVEPATCH=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y + +# +# Power management and ACPI options +# +CONFIG_SUSPEND=y +CONFIG_SUSPEND_FREEZER=y +# CONFIG_HIBERNATION is not set +CONFIG_PM_SLEEP=y +# CONFIG_PM_AUTOSLEEP is not set +# CONFIG_PM_WAKELOCKS is not set +CONFIG_PM=y +# CONFIG_PM_DEBUG is not set +# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +CONFIG_ACPI_SLEEP=y +# CONFIG_ACPI_PROCFS_POWER is not set +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +# CONFIG_ACPI_EC_DEBUGFS is not set +CONFIG_ACPI_AC=y +CONFIG_ACPI_BATTERY=y +CONFIG_ACPI_BUTTON=y +CONFIG_ACPI_FAN=y +# CONFIG_ACPI_DOCK is not set +CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_PROCESSOR=y +# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set +CONFIG_ACPI_THERMAL=y +# CONFIG_ACPI_CUSTOM_DSDT is not set +# CONFIG_ACPI_DEBUG is not set +# CONFIG_ACPI_PCI_SLOT is not set +CONFIG_X86_PM_TIMER=y +# CONFIG_ACPI_CONTAINER is not set +# CONFIG_ACPI_HOTPLUG_MEMORY is not set +CONFIG_ACPI_HOTPLUG_IOAPIC=y +# CONFIG_ACPI_SBS is not set +# CONFIG_ACPI_HED is not set +# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set +# CONFIG_ACPI_NFIT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +# CONFIG_ACPI_APEI is not set +# CONFIG_PMIC_OPREGION is not set +# CONFIG_SFI is not set + +# +# CPU Frequency scaling +# +# CONFIG_CPU_FREQ is not set + +# +# CPU Idle +# +CONFIG_CPU_IDLE=y +CONFIG_CPU_IDLE_GOV_LADDER=y +CONFIG_CPU_IDLE_GOV_MENU=y +# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set +# CONFIG_INTEL_IDLE is not set + +# +# Memory power savings +# +# CONFIG_I7300_IDLE is not set + +# +# Bus options (PCI etc.) +# +CONFIG_PCI=y +CONFIG_PCI_DIRECT=y +# CONFIG_PCI_MMCONFIG is not set +CONFIG_PCI_DOMAINS=y +# CONFIG_PCIEPORTBUS is not set +CONFIG_PCI_BUS_ADDR_T_64BIT=y +CONFIG_PCI_MSI=y +CONFIG_PCI_MSI_IRQ_DOMAIN=y +# CONFIG_PCI_DEBUG is not set +# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set +# CONFIG_PCI_STUB is not set +CONFIG_HT_IRQ=y +# CONFIG_PCI_IOV is not set +# CONFIG_PCI_PRI is not set +# CONFIG_PCI_PASID is not set +CONFIG_PCI_LABEL=y + +# +# PCI host controller drivers +# +CONFIG_ISA_DMA_API=y +CONFIG_AMD_NB=y +# CONFIG_PCCARD is not set +# CONFIG_HOTPLUG_PCI is not set +# CONFIG_RAPIDIO is not set +# CONFIG_X86_SYSFB is not set + +# +# Executable file formats / Emulations +# +CONFIG_BINFMT_ELF=y +# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set +CONFIG_BINFMT_SCRIPT=y +# CONFIG_HAVE_AOUT is not set +# CONFIG_BINFMT_MISC is not set +CONFIG_COREDUMP=y +# CONFIG_IA32_EMULATION is not set +# CONFIG_X86_X32 is not set +CONFIG_X86_DEV_DMA_OPS=y +CONFIG_PMC_ATOM=y +CONFIG_NET=y +CONFIG_NET_INGRESS=y + +# +# Networking options +# +CONFIG_PACKET=y +# CONFIG_PACKET_DIAG is not set +CONFIG_UNIX=y +# CONFIG_UNIX_DIAG is not set +CONFIG_XFRM=y +CONFIG_XFRM_ALGO=y +CONFIG_XFRM_USER=y +CONFIG_XFRM_SUB_POLICY=y +CONFIG_XFRM_MIGRATE=y +CONFIG_XFRM_STATISTICS=y +CONFIG_XFRM_IPCOMP=y +CONFIG_NET_KEY=y +CONFIG_NET_KEY_MIGRATE=y +CONFIG_INET=y +# CONFIG_IP_MULTICAST is not set +CONFIG_IP_ADVANCED_ROUTER=y +# CONFIG_IP_FIB_TRIE_STATS is not set +CONFIG_IP_MULTIPLE_TABLES=y +# CONFIG_IP_ROUTE_MULTIPATH is not set +# CONFIG_IP_ROUTE_VERBOSE is not set +CONFIG_IP_ROUTE_CLASSID=y +# CONFIG_IP_PNP is not set +# CONFIG_NET_IPIP is not set +# CONFIG_NET_IPGRE_DEMUX is not set +CONFIG_NET_IP_TUNNEL=y +# CONFIG_SYN_COOKIES is not set +# CONFIG_NET_IPVTI is not set +CONFIG_NET_UDP_TUNNEL=y +# CONFIG_NET_FOU is not set +CONFIG_INET_AH=y +CONFIG_INET_ESP=y +CONFIG_INET_IPCOMP=y +CONFIG_INET_XFRM_TUNNEL=y +CONFIG_INET_TUNNEL=y +CONFIG_INET_XFRM_MODE_TRANSPORT=y +CONFIG_INET_XFRM_MODE_TUNNEL=y +CONFIG_INET_XFRM_MODE_BEET=y +# CONFIG_INET_LRO is not set +CONFIG_INET_DIAG=y +CONFIG_INET_TCP_DIAG=y +# CONFIG_INET_UDP_DIAG is not set +# CONFIG_TCP_CONG_ADVANCED is not set +CONFIG_TCP_CONG_CUBIC=y +CONFIG_DEFAULT_TCP_CONG="cubic" +# CONFIG_TCP_MD5SIG is not set +CONFIG_IPV6=y +# CONFIG_IPV6_ROUTER_PREF is not set +CONFIG_IPV6_OPTIMISTIC_DAD=y +CONFIG_INET6_AH=y +CONFIG_INET6_ESP=y +CONFIG_INET6_IPCOMP=y +CONFIG_IPV6_MIP6=y +# CONFIG_IPV6_ILA is not set +CONFIG_INET6_XFRM_TUNNEL=y +CONFIG_INET6_TUNNEL=y +CONFIG_INET6_XFRM_MODE_TRANSPORT=y +CONFIG_INET6_XFRM_MODE_TUNNEL=y +CONFIG_INET6_XFRM_MODE_BEET=y +# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set +# CONFIG_IPV6_VTI is not set +# CONFIG_IPV6_SIT is not set +CONFIG_IPV6_TUNNEL=y +CONFIG_IPV6_GRE=y +CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_IPV6_SUBTREES=y +# CONFIG_IPV6_MROUTE is not set +# CONFIG_NETWORK_SECMARK is not set +# CONFIG_NET_PTP_CLASSIFY is not set +# CONFIG_NETWORK_PHY_TIMESTAMPING is not set +CONFIG_NETFILTER=y +# CONFIG_NETFILTER_DEBUG is not set +CONFIG_NETFILTER_ADVANCED=y + +# +# Core Netfilter Configuration +# +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_NETLINK=y +# CONFIG_NETFILTER_NETLINK_ACCT is not set +CONFIG_NETFILTER_NETLINK_QUEUE=y +CONFIG_NETFILTER_NETLINK_LOG=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_LOG_COMMON=y +CONFIG_NF_CONNTRACK_MARK=y +# CONFIG_NF_CONNTRACK_ZONES is not set +CONFIG_NF_CONNTRACK_PROCFS=y +CONFIG_NF_CONNTRACK_EVENTS=y +# CONFIG_NF_CONNTRACK_TIMEOUT is not set +# CONFIG_NF_CONNTRACK_TIMESTAMP is not set +# CONFIG_NF_CT_PROTO_DCCP is not set +# CONFIG_NF_CT_PROTO_SCTP is not set +CONFIG_NF_CT_PROTO_UDPLITE=y +# CONFIG_NF_CONNTRACK_AMANDA is not set +# CONFIG_NF_CONNTRACK_FTP is not set +# CONFIG_NF_CONNTRACK_H323 is not set +# CONFIG_NF_CONNTRACK_IRC is not set +# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set +# CONFIG_NF_CONNTRACK_SNMP is not set +# CONFIG_NF_CONNTRACK_PPTP is not set +CONFIG_NF_CONNTRACK_SANE=y +# CONFIG_NF_CONNTRACK_SIP is not set +# CONFIG_NF_CONNTRACK_TFTP is not set +CONFIG_NF_CT_NETLINK=y +# CONFIG_NF_CT_NETLINK_TIMEOUT is not set +# CONFIG_NETFILTER_NETLINK_QUEUE_CT is not set +CONFIG_NF_NAT=y +CONFIG_NF_NAT_NEEDED=y +CONFIG_NF_NAT_PROTO_UDPLITE=y +# CONFIG_NF_NAT_AMANDA is not set +# CONFIG_NF_NAT_FTP is not set +# CONFIG_NF_NAT_IRC is not set +# CONFIG_NF_NAT_SIP is not set +# CONFIG_NF_NAT_TFTP is not set +CONFIG_NF_NAT_REDIRECT=y +# CONFIG_NF_TABLES is not set +CONFIG_NETFILTER_XTABLES=y + +# +# Xtables combined modules +# +CONFIG_NETFILTER_XT_MARK=y +CONFIG_NETFILTER_XT_CONNMARK=y +CONFIG_NETFILTER_XT_SET=y + +# +# Xtables targets +# +# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y +CONFIG_NETFILTER_XT_TARGET_CONNMARK=y +CONFIG_NETFILTER_XT_TARGET_CT=y +CONFIG_NETFILTER_XT_TARGET_DSCP=y +CONFIG_NETFILTER_XT_TARGET_HL=y +# CONFIG_NETFILTER_XT_TARGET_HMARK is not set +# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set +CONFIG_NETFILTER_XT_TARGET_LOG=y +CONFIG_NETFILTER_XT_TARGET_MARK=y +CONFIG_NETFILTER_XT_NAT=y +CONFIG_NETFILTER_XT_TARGET_NETMAP=y +CONFIG_NETFILTER_XT_TARGET_NFLOG=y +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y +CONFIG_NETFILTER_XT_TARGET_NOTRACK=y +# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set +CONFIG_NETFILTER_XT_TARGET_REDIRECT=y +# CONFIG_NETFILTER_XT_TARGET_TEE is not set +# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set +CONFIG_NETFILTER_XT_TARGET_TRACE=y +CONFIG_NETFILTER_XT_TARGET_TCPMSS=y +# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set + +# +# Xtables matches +# +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y +# CONFIG_NETFILTER_XT_MATCH_BPF is not set +# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set +CONFIG_NETFILTER_XT_MATCH_CLUSTER=y +CONFIG_NETFILTER_XT_MATCH_COMMENT=y +CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y +# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y +CONFIG_NETFILTER_XT_MATCH_CONNMARK=y +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y +# CONFIG_NETFILTER_XT_MATCH_CPU is not set +CONFIG_NETFILTER_XT_MATCH_DCCP=y +CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y +CONFIG_NETFILTER_XT_MATCH_DSCP=y +CONFIG_NETFILTER_XT_MATCH_ECN=y +CONFIG_NETFILTER_XT_MATCH_ESP=y +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y +CONFIG_NETFILTER_XT_MATCH_HELPER=y +CONFIG_NETFILTER_XT_MATCH_HL=y +# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set +# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set +CONFIG_NETFILTER_XT_MATCH_L2TP=y +CONFIG_NETFILTER_XT_MATCH_LENGTH=y +CONFIG_NETFILTER_XT_MATCH_LIMIT=y +CONFIG_NETFILTER_XT_MATCH_MAC=y +CONFIG_NETFILTER_XT_MATCH_MARK=y +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y +# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set +# CONFIG_NETFILTER_XT_MATCH_OSF is not set +# CONFIG_NETFILTER_XT_MATCH_OWNER is not set +CONFIG_NETFILTER_XT_MATCH_POLICY=y +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y +CONFIG_NETFILTER_XT_MATCH_QUOTA=y +# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set +CONFIG_NETFILTER_XT_MATCH_REALM=y +# CONFIG_NETFILTER_XT_MATCH_RECENT is not set +CONFIG_NETFILTER_XT_MATCH_SCTP=y +# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set +CONFIG_NETFILTER_XT_MATCH_STATE=y +CONFIG_NETFILTER_XT_MATCH_STATISTIC=y +CONFIG_NETFILTER_XT_MATCH_STRING=y +CONFIG_NETFILTER_XT_MATCH_TCPMSS=y +# CONFIG_NETFILTER_XT_MATCH_TIME is not set +CONFIG_NETFILTER_XT_MATCH_U32=y +CONFIG_IP_SET=y +CONFIG_IP_SET_MAX=256 +CONFIG_IP_SET_BITMAP_IP=y +CONFIG_IP_SET_BITMAP_IPMAC=y +CONFIG_IP_SET_BITMAP_PORT=y +CONFIG_IP_SET_HASH_IP=y +# CONFIG_IP_SET_HASH_IPMARK is not set +CONFIG_IP_SET_HASH_IPPORT=y +CONFIG_IP_SET_HASH_IPPORTIP=y +CONFIG_IP_SET_HASH_IPPORTNET=y +# CONFIG_IP_SET_HASH_MAC is not set +# CONFIG_IP_SET_HASH_NETPORTNET is not set +CONFIG_IP_SET_HASH_NET=y +# CONFIG_IP_SET_HASH_NETNET is not set +CONFIG_IP_SET_HASH_NETPORT=y +# CONFIG_IP_SET_HASH_NETIFACE is not set +CONFIG_IP_SET_LIST_SET=y +# CONFIG_IP_VS is not set + +# +# IP: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV4=y +CONFIG_NF_CONNTRACK_IPV4=y +CONFIG_NF_CONNTRACK_PROC_COMPAT=y +# CONFIG_NF_DUP_IPV4 is not set +# CONFIG_NF_LOG_ARP is not set +CONFIG_NF_LOG_IPV4=y +CONFIG_NF_REJECT_IPV4=y +CONFIG_NF_NAT_IPV4=y +CONFIG_NF_NAT_MASQUERADE_IPV4=y +# CONFIG_NF_NAT_PPTP is not set +# CONFIG_NF_NAT_H323 is not set +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MATCH_AH=y +CONFIG_IP_NF_MATCH_ECN=y +# CONFIG_IP_NF_MATCH_RPFILTER is not set +CONFIG_IP_NF_MATCH_TTL=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_TARGET_REJECT=y +# CONFIG_IP_NF_TARGET_SYNPROXY is not set +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_TARGET_NETMAP=y +CONFIG_IP_NF_TARGET_REDIRECT=y +CONFIG_IP_NF_MANGLE=y +CONFIG_IP_NF_TARGET_CLUSTERIP=y +CONFIG_IP_NF_TARGET_ECN=y +CONFIG_IP_NF_TARGET_TTL=y +CONFIG_IP_NF_RAW=y +CONFIG_IP_NF_ARPTABLES=y +CONFIG_IP_NF_ARPFILTER=y +CONFIG_IP_NF_ARP_MANGLE=y + +# +# IPv6: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV6=y +CONFIG_NF_CONNTRACK_IPV6=y +# CONFIG_NF_DUP_IPV6 is not set +CONFIG_NF_REJECT_IPV6=y +CONFIG_NF_LOG_IPV6=y +CONFIG_NF_NAT_IPV6=y +CONFIG_NF_NAT_MASQUERADE_IPV6=y +CONFIG_IP6_NF_IPTABLES=y +CONFIG_IP6_NF_MATCH_AH=y +CONFIG_IP6_NF_MATCH_EUI64=y +CONFIG_IP6_NF_MATCH_FRAG=y +CONFIG_IP6_NF_MATCH_OPTS=y +CONFIG_IP6_NF_MATCH_HL=y +CONFIG_IP6_NF_MATCH_IPV6HEADER=y +CONFIG_IP6_NF_MATCH_MH=y +# CONFIG_IP6_NF_MATCH_RPFILTER is not set +CONFIG_IP6_NF_MATCH_RT=y +CONFIG_IP6_NF_TARGET_HL=y +CONFIG_IP6_NF_FILTER=y +CONFIG_IP6_NF_TARGET_REJECT=y +# CONFIG_IP6_NF_TARGET_SYNPROXY is not set +CONFIG_IP6_NF_MANGLE=y +CONFIG_IP6_NF_RAW=y +# CONFIG_IP6_NF_NAT is not set +# CONFIG_IP_DCCP is not set +# CONFIG_IP_SCTP is not set +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +CONFIG_L2TP=y +# CONFIG_L2TP_V3 is not set +# CONFIG_BRIDGE is not set +CONFIG_HAVE_NET_DSA=y +# CONFIG_VLAN_8021Q is not set +# CONFIG_DECNET is not set +# CONFIG_LLC2 is not set +# CONFIG_IPX is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_6LOWPAN is not set +# CONFIG_IEEE802154 is not set +# CONFIG_NET_SCHED is not set +# CONFIG_DCB is not set +# CONFIG_BATMAN_ADV is not set +# CONFIG_OPENVSWITCH is not set +# CONFIG_VSOCKETS is not set +# CONFIG_NETLINK_MMAP is not set +# CONFIG_NETLINK_DIAG is not set +# CONFIG_MPLS is not set +# CONFIG_HSR is not set +# CONFIG_NET_SWITCHDEV is not set +# CONFIG_CGROUP_NET_PRIO is not set +# CONFIG_CGROUP_NET_CLASSID is not set +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +# CONFIG_HAMRADIO is not set +# CONFIG_CAN is not set +# CONFIG_IRDA is not set +# CONFIG_BT is not set +# CONFIG_AF_RXRPC is not set +CONFIG_FIB_RULES=y +CONFIG_WIRELESS=y +# CONFIG_CFG80211 is not set +# CONFIG_LIB80211 is not set + +# +# CFG80211 needs to be enabled for MAC80211 +# +CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 +# CONFIG_WIMAX is not set +# CONFIG_RFKILL is not set +CONFIG_NET_9P=y +CONFIG_NET_9P_VIRTIO=y +# CONFIG_NET_9P_DEBUG is not set +# CONFIG_CAIF is not set +# CONFIG_CEPH_LIB is not set +# CONFIG_NFC is not set +# CONFIG_LWTUNNEL is not set +CONFIG_HAVE_BPF_JIT=y + +# +# Device Drivers +# + +# +# Generic Driver Options +# +CONFIG_UEVENT_HELPER=y +CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +CONFIG_STANDALONE=y +CONFIG_PREVENT_FIRMWARE_BUILD=y +CONFIG_FW_LOADER=y +CONFIG_FIRMWARE_IN_KERNEL=y +CONFIG_EXTRA_FIRMWARE="" +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set +CONFIG_ALLOW_DEV_COREDUMP=y +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_SYS_HYPERVISOR is not set +# CONFIG_GENERIC_CPU_DEVICES is not set +CONFIG_GENERIC_CPU_AUTOPROBE=y +# CONFIG_DMA_SHARED_BUFFER is not set + +# +# Bus devices +# +# CONFIG_CONNECTOR is not set +# CONFIG_MTD is not set +# CONFIG_OF is not set +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +CONFIG_PNP_DEBUG_MESSAGES=y + +# +# Protocols +# +CONFIG_PNPACPI=y +CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set +# CONFIG_BLK_DEV_FD is not set +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +# CONFIG_BLK_CPQ_CISS_DA is not set +# CONFIG_BLK_DEV_DAC960 is not set +# CONFIG_BLK_DEV_UMEM is not set +# CONFIG_BLK_DEV_COW_COMMON is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +# CONFIG_BLK_DEV_CRYPTOLOOP is not set +# CONFIG_BLK_DEV_DRBD is not set +CONFIG_BLK_DEV_NBD=y +# CONFIG_BLK_DEV_NVME is not set +# CONFIG_BLK_DEV_SKD is not set +# CONFIG_BLK_DEV_SX8 is not set +# CONFIG_BLK_DEV_RAM is not set +# CONFIG_CDROM_PKTCDVD is not set +# CONFIG_ATA_OVER_ETH is not set +CONFIG_VIRTIO_BLK=y +# CONFIG_BLK_DEV_HD is not set +# CONFIG_BLK_DEV_RBD is not set +# CONFIG_BLK_DEV_RSXX is not set + +# +# Misc devices +# +# CONFIG_SENSORS_LIS3LV02D is not set +# CONFIG_DUMMY_IRQ is not set +# CONFIG_IBM_ASM is not set +# CONFIG_PHANTOM is not set +# CONFIG_SGI_IOC4 is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_SRAM is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_93CX6 is not set +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# + +# +# Altera FPGA firmware download module +# +# CONFIG_VMWARE_VMCI is not set + +# +# Intel MIC Bus Driver +# +# CONFIG_INTEL_MIC_BUS is not set + +# +# SCIF Bus Driver +# +# CONFIG_SCIF_BUS is not set + +# +# Intel MIC Host Driver +# + +# +# Intel MIC Card Driver +# + +# +# SCIF Driver +# +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_CXL_BASE is not set +# CONFIG_CXL_KERNEL_API is not set +# CONFIG_CXL_EEH is not set +CONFIG_HAVE_IDE=y +# CONFIG_IDE is not set + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +# CONFIG_RAID_ATTRS is not set +# CONFIG_SCSI is not set +# CONFIG_SCSI_DMA is not set +# CONFIG_SCSI_NETLINK is not set +# CONFIG_ATA is not set +# CONFIG_MD is not set +# CONFIG_FUSION is not set + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# CONFIG_MACINTOSH_DRIVERS is not set +CONFIG_NETDEVICES=y +CONFIG_NET_CORE=y +# CONFIG_BONDING is not set +CONFIG_DUMMY=y +# CONFIG_EQUALIZER is not set +# CONFIG_NET_TEAM is not set +# CONFIG_MACVLAN is not set +# CONFIG_IPVLAN is not set +# CONFIG_VXLAN is not set +# CONFIG_GENEVE is not set +# CONFIG_NETCONSOLE is not set +# CONFIG_NETPOLL is not set +# CONFIG_NET_POLL_CONTROLLER is not set +CONFIG_TUN=y +# CONFIG_TUN_VNET_CROSS_LE is not set +# CONFIG_VETH is not set +CONFIG_VIRTIO_NET=y +# CONFIG_NLMON is not set +# CONFIG_NET_VRF is not set +# CONFIG_ARCNET is not set + +# +# CAIF transport drivers +# +# CONFIG_VHOST_NET is not set +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set + +# +# Distributed Switch Architecture drivers +# +# CONFIG_NET_DSA_MV88E6XXX is not set +# CONFIG_NET_DSA_MV88E6XXX_NEED_PPU is not set +CONFIG_ETHERNET=y +CONFIG_NET_VENDOR_3COM=y +# CONFIG_VORTEX is not set +# CONFIG_TYPHOON is not set +CONFIG_NET_VENDOR_ADAPTEC=y +# CONFIG_ADAPTEC_STARFIRE is not set +CONFIG_NET_VENDOR_AGERE=y +# CONFIG_ET131X is not set +CONFIG_NET_VENDOR_ALTEON=y +# CONFIG_ACENIC is not set +# CONFIG_ALTERA_TSE is not set +CONFIG_NET_VENDOR_AMD=y +# CONFIG_AMD8111_ETH is not set +# CONFIG_PCNET32 is not set +# CONFIG_NET_VENDOR_ARC is not set +CONFIG_NET_VENDOR_ATHEROS=y +# CONFIG_ATL2 is not set +# CONFIG_ATL1 is not set +# CONFIG_ATL1E is not set +# CONFIG_ATL1C is not set +# CONFIG_ALX is not set +CONFIG_NET_CADENCE=y +# CONFIG_MACB is not set +CONFIG_NET_VENDOR_BROADCOM=y +# CONFIG_B44 is not set +# CONFIG_BCMGENET is not set +# CONFIG_BNX2 is not set +# CONFIG_CNIC is not set +# CONFIG_TIGON3 is not set +# CONFIG_BNX2X is not set +CONFIG_NET_VENDOR_BROCADE=y +# CONFIG_BNA is not set +CONFIG_NET_VENDOR_CAVIUM=y +# CONFIG_THUNDER_NIC_PF is not set +# CONFIG_THUNDER_NIC_VF is not set +# CONFIG_THUNDER_NIC_BGX is not set +# CONFIG_LIQUIDIO is not set +CONFIG_NET_VENDOR_CHELSIO=y +# CONFIG_CHELSIO_T1 is not set +# CONFIG_CHELSIO_T3 is not set +# CONFIG_CHELSIO_T4 is not set +# CONFIG_CHELSIO_T4VF is not set +CONFIG_NET_VENDOR_CISCO=y +# CONFIG_ENIC is not set +# CONFIG_CX_ECAT is not set +# CONFIG_DNET is not set +CONFIG_NET_VENDOR_DEC=y +# CONFIG_NET_TULIP is not set +CONFIG_NET_VENDOR_DLINK=y +# CONFIG_DL2K is not set +# CONFIG_SUNDANCE is not set +CONFIG_NET_VENDOR_EMULEX=y +# CONFIG_BE2NET is not set +CONFIG_NET_VENDOR_EZCHIP=y +CONFIG_NET_VENDOR_EXAR=y +# CONFIG_S2IO is not set +# CONFIG_VXGE is not set +CONFIG_NET_VENDOR_HP=y +# CONFIG_HP100 is not set +CONFIG_NET_VENDOR_INTEL=y +# CONFIG_E100 is not set +# CONFIG_E1000 is not set +# CONFIG_E1000E is not set +# CONFIG_IGB is not set +# CONFIG_IGBVF is not set +# CONFIG_IXGB is not set +# CONFIG_IXGBE is not set +# CONFIG_IXGBEVF is not set +# CONFIG_I40E is not set +# CONFIG_I40EVF is not set +# CONFIG_FM10K is not set +CONFIG_NET_VENDOR_I825XX=y +# CONFIG_IP1000 is not set +# CONFIG_JME is not set +CONFIG_NET_VENDOR_MARVELL=y +# CONFIG_MVMDIO is not set +# CONFIG_SKGE is not set +# CONFIG_SKY2 is not set +CONFIG_NET_VENDOR_MELLANOX=y +# CONFIG_MLX4_EN is not set +# CONFIG_MLX4_CORE is not set +# CONFIG_MLX5_CORE is not set +# CONFIG_MLXSW_CORE is not set +CONFIG_NET_VENDOR_MICREL=y +# CONFIG_KS8851_MLL is not set +# CONFIG_KSZ884X_PCI is not set +CONFIG_NET_VENDOR_MYRI=y +# CONFIG_MYRI10GE is not set +# CONFIG_FEALNX is not set +CONFIG_NET_VENDOR_NATSEMI=y +# CONFIG_NATSEMI is not set +# CONFIG_NS83820 is not set +CONFIG_NET_VENDOR_8390=y +# CONFIG_NE2K_PCI is not set +CONFIG_NET_VENDOR_NVIDIA=y +# CONFIG_FORCEDETH is not set +CONFIG_NET_VENDOR_OKI=y +# CONFIG_ETHOC is not set +CONFIG_NET_PACKET_ENGINE=y +# CONFIG_HAMACHI is not set +# CONFIG_YELLOWFIN is not set +CONFIG_NET_VENDOR_QLOGIC=y +# CONFIG_QLA3XXX is not set +# CONFIG_QLCNIC is not set +# CONFIG_QLGE is not set +# CONFIG_NETXEN_NIC is not set +CONFIG_NET_VENDOR_QUALCOMM=y +CONFIG_NET_VENDOR_REALTEK=y +# CONFIG_8139CP is not set +# CONFIG_8139TOO is not set +# CONFIG_R8169 is not set +CONFIG_NET_VENDOR_RENESAS=y +CONFIG_NET_VENDOR_RDC=y +# CONFIG_R6040 is not set +CONFIG_NET_VENDOR_ROCKER=y +CONFIG_NET_VENDOR_SAMSUNG=y +# CONFIG_SXGBE_ETH is not set +CONFIG_NET_VENDOR_SEEQ=y +CONFIG_NET_VENDOR_SILAN=y +# CONFIG_SC92031 is not set +CONFIG_NET_VENDOR_SIS=y +# CONFIG_SIS900 is not set +# CONFIG_SIS190 is not set +# CONFIG_SFC is not set +CONFIG_NET_VENDOR_SMSC=y +# CONFIG_EPIC100 is not set +# CONFIG_SMSC911X is not set +# CONFIG_SMSC9420 is not set +CONFIG_NET_VENDOR_STMICRO=y +# CONFIG_STMMAC_ETH is not set +CONFIG_NET_VENDOR_SUN=y +# CONFIG_HAPPYMEAL is not set +# CONFIG_SUNGEM is not set +# CONFIG_CASSINI is not set +# CONFIG_NIU is not set +CONFIG_NET_VENDOR_SYNOPSYS=y +CONFIG_NET_VENDOR_TEHUTI=y +# CONFIG_TEHUTI is not set +CONFIG_NET_VENDOR_TI=y +# CONFIG_TI_CPSW_ALE is not set +# CONFIG_TLAN is not set +CONFIG_NET_VENDOR_VIA=y +# CONFIG_VIA_RHINE is not set +# CONFIG_VIA_VELOCITY is not set +CONFIG_NET_VENDOR_WIZNET=y +# CONFIG_WIZNET_W5100 is not set +# CONFIG_WIZNET_W5300 is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +# CONFIG_NET_SB1000 is not set +# CONFIG_PHYLIB is not set +# CONFIG_PPP is not set +# CONFIG_SLIP is not set + +# +# Host-side USB support is needed for USB Network Adapter support +# +CONFIG_WLAN=y +# CONFIG_PRISM54 is not set +# CONFIG_HOSTAP is not set +# CONFIG_WL_MEDIATEK is not set +# CONFIG_WL_TI is not set + +# +# Enable WiMAX (Networking options) to see the WiMAX drivers +# +# CONFIG_WAN is not set +# CONFIG_VMXNET3 is not set +# CONFIG_FUJITSU_ES is not set +# CONFIG_ISDN is not set + +# +# Input device support +# +CONFIG_INPUT=y +# CONFIG_INPUT_FF_MEMLESS is not set +# CONFIG_INPUT_POLLDEV is not set +# CONFIG_INPUT_SPARSEKMAP is not set +# CONFIG_INPUT_MATRIXKMAP is not set + +# +# Userland interfaces +# +CONFIG_INPUT_MOUSEDEV=y +CONFIG_INPUT_MOUSEDEV_PSAUX=y +CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 +CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 +# CONFIG_INPUT_JOYDEV is not set +CONFIG_INPUT_EVDEV=y +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +CONFIG_INPUT_KEYBOARD=y +CONFIG_KEYBOARD_ATKBD=y +# CONFIG_KEYBOARD_LKKBD is not set +# CONFIG_KEYBOARD_NEWTON is not set +# CONFIG_KEYBOARD_OPENCORES is not set +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_XTKBD is not set +CONFIG_INPUT_MOUSE=y +CONFIG_MOUSE_PS2=y +CONFIG_MOUSE_PS2_ALPS=y +CONFIG_MOUSE_PS2_LOGIPS2PP=y +CONFIG_MOUSE_PS2_SYNAPTICS=y +CONFIG_MOUSE_PS2_CYPRESS=y +CONFIG_MOUSE_PS2_LIFEBOOK=y +CONFIG_MOUSE_PS2_TRACKPOINT=y +# CONFIG_MOUSE_PS2_ELANTECH is not set +# CONFIG_MOUSE_PS2_SENTELIC is not set +# CONFIG_MOUSE_PS2_TOUCHKIT is not set +CONFIG_MOUSE_PS2_FOCALTECH=y +# CONFIG_MOUSE_SERIAL is not set +# CONFIG_MOUSE_APPLETOUCH is not set +# CONFIG_MOUSE_BCM5974 is not set +# CONFIG_MOUSE_VSXXXAA is not set +# CONFIG_MOUSE_SYNAPTICS_USB is not set +# CONFIG_INPUT_JOYSTICK is not set +# CONFIG_INPUT_TABLET is not set +# CONFIG_INPUT_TOUCHSCREEN is not set +# CONFIG_INPUT_MISC is not set + +# +# Hardware I/O ports +# +CONFIG_SERIO=y +CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y +CONFIG_SERIO_I8042=y +CONFIG_SERIO_SERPORT=y +# CONFIG_SERIO_CT82C710 is not set +# CONFIG_SERIO_PCIPS2 is not set +CONFIG_SERIO_LIBPS2=y +# CONFIG_SERIO_RAW is not set +# CONFIG_SERIO_ALTERA_PS2 is not set +# CONFIG_SERIO_PS2MULT is not set +# CONFIG_SERIO_ARC_PS2 is not set +# CONFIG_GAMEPORT is not set + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_VT_CONSOLE_SLEEP=y +CONFIG_HW_CONSOLE=y +# CONFIG_VT_HW_CONSOLE_BINDING is not set +CONFIG_UNIX98_PTYS=y +# CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set +CONFIG_LEGACY_PTYS=y +CONFIG_LEGACY_PTY_COUNT=256 +# CONFIG_SERIAL_NONSTANDARD is not set +# CONFIG_NOZOMI is not set +# CONFIG_N_GSM is not set +# CONFIG_TRACE_SINK is not set +CONFIG_DEVMEM=y +CONFIG_DEVKMEM=y + +# +# Serial drivers +# +# CONFIG_SERIAL_8250 is not set + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_UARTLITE is not set +# CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_ARC is not set +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +CONFIG_HVC_DRIVER=y +CONFIG_VIRTIO_CONSOLE=y +# CONFIG_IPMI_HANDLER is not set +# CONFIG_HW_RANDOM is not set +# CONFIG_NVRAM is not set +# CONFIG_R3964 is not set +# CONFIG_APPLICOM is not set +# CONFIG_MWAVE is not set +# CONFIG_RAW_DRIVER is not set +# CONFIG_HPET is not set +# CONFIG_HANGCHECK_TIMER is not set +# CONFIG_TCG_TPM is not set +# CONFIG_TELCLOCK is not set +CONFIG_DEVPORT=y +# CONFIG_XILLYBUS is not set + +# +# I2C support +# +# CONFIG_I2C is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set + +# +# PPS support +# +# CONFIG_PPS is not set + +# +# PPS generators support +# + +# +# PTP clock support +# +# CONFIG_PTP_1588_CLOCK is not set + +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y +# CONFIG_GPIOLIB is not set +# CONFIG_W1 is not set +CONFIG_POWER_SUPPLY=y +# CONFIG_POWER_SUPPLY_DEBUG is not set +# CONFIG_PDA_POWER is not set +# CONFIG_TEST_POWER is not set +# CONFIG_BATTERY_DS2780 is not set +# CONFIG_BATTERY_DS2781 is not set +# CONFIG_BATTERY_BQ27x00 is not set +# CONFIG_CHARGER_MAX8903 is not set +# CONFIG_POWER_RESET is not set +# CONFIG_POWER_AVS is not set +CONFIG_HWMON=y +# CONFIG_HWMON_VID is not set +# CONFIG_HWMON_DEBUG_CHIP is not set + +# +# Native drivers +# +# CONFIG_SENSORS_ABITUGURU is not set +# CONFIG_SENSORS_ABITUGURU3 is not set +# CONFIG_SENSORS_K8TEMP is not set +# CONFIG_SENSORS_K10TEMP is not set +# CONFIG_SENSORS_FAM15H_POWER is not set +# CONFIG_SENSORS_APPLESMC is not set +# CONFIG_SENSORS_DELL_SMM is not set +# CONFIG_SENSORS_I5K_AMB is not set +# CONFIG_SENSORS_F71805F is not set +# CONFIG_SENSORS_F71882FG is not set +# CONFIG_SENSORS_I5500 is not set +# CONFIG_SENSORS_CORETEMP is not set +# CONFIG_SENSORS_IT87 is not set +# CONFIG_SENSORS_MAX197 is not set +# CONFIG_SENSORS_PC87360 is not set +# CONFIG_SENSORS_PC87427 is not set +# CONFIG_SENSORS_NTC_THERMISTOR is not set +# CONFIG_SENSORS_NCT6683 is not set +# CONFIG_SENSORS_NCT6775 is not set +# CONFIG_SENSORS_SIS5595 is not set +# CONFIG_SENSORS_SMSC47M1 is not set +# CONFIG_SENSORS_SMSC47B397 is not set +# CONFIG_SENSORS_SCH56XX_COMMON is not set +# CONFIG_SENSORS_VIA_CPUTEMP is not set +# CONFIG_SENSORS_VIA686A is not set +# CONFIG_SENSORS_VT1211 is not set +# CONFIG_SENSORS_VT8231 is not set +# CONFIG_SENSORS_W83627HF is not set +# CONFIG_SENSORS_W83627EHF is not set + +# +# ACPI drivers +# +# CONFIG_SENSORS_ACPI_POWER is not set +# CONFIG_SENSORS_ATK0110 is not set +CONFIG_THERMAL=y +CONFIG_THERMAL_HWMON=y +# CONFIG_THERMAL_WRITABLE_TRIPS is not set +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_THERMAL_DEFAULT_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_GOV_FAIR_SHARE is not set +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +# CONFIG_THERMAL_GOV_USER_SPACE is not set +# CONFIG_THERMAL_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_EMULATION is not set +# CONFIG_INTEL_POWERCLAMP is not set +# CONFIG_INTEL_SOC_DTS_THERMAL is not set +# CONFIG_INT340X_THERMAL is not set +# CONFIG_INTEL_PCH_THERMAL is not set +# CONFIG_WATCHDOG is not set +CONFIG_SSB_POSSIBLE=y + +# +# Sonics Silicon Backplane +# +# CONFIG_SSB is not set +CONFIG_BCMA_POSSIBLE=y + +# +# Broadcom specific AMBA +# +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +# CONFIG_MFD_CORE is not set +# CONFIG_MFD_CROS_EC is not set +# CONFIG_HTC_PASIC3 is not set +# CONFIG_LPC_ICH is not set +# CONFIG_LPC_SCH is not set +# CONFIG_MFD_INTEL_LPSS_ACPI is not set +# CONFIG_MFD_INTEL_LPSS_PCI is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_RTSX_PCI is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_ABX500_CORE is not set +# CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_TI_AM335X_TSCADC is not set +# CONFIG_MFD_TMIO is not set +# CONFIG_MFD_VX855 is not set +# CONFIG_REGULATOR is not set +# CONFIG_MEDIA_SUPPORT is not set + +# +# Graphics support +# +# CONFIG_AGP is not set +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +# CONFIG_VGA_SWITCHEROO is not set +# CONFIG_DRM is not set + +# +# Frame buffer Devices +# +# CONFIG_FB is not set +# CONFIG_BACKLIGHT_LCD_SUPPORT is not set +# CONFIG_VGASTATE is not set + +# +# Console display driver support +# +CONFIG_VGA_CONSOLE=y +# CONFIG_VGACON_SOFT_SCROLLBACK is not set +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +CONFIG_SOUND=y +# CONFIG_SOUND_OSS_CORE is not set +# CONFIG_SND is not set +# CONFIG_SOUND_PRIME is not set + +# +# HID support +# +CONFIG_HID=y +# CONFIG_HID_BATTERY_STRENGTH is not set +# CONFIG_HIDRAW is not set +# CONFIG_UHID is not set +CONFIG_HID_GENERIC=y + +# +# Special HID drivers +# +CONFIG_HID_A4TECH=y +# CONFIG_HID_ACRUX is not set +CONFIG_HID_APPLE=y +# CONFIG_HID_AUREAL is not set +CONFIG_HID_BELKIN=y +CONFIG_HID_CHERRY=y +CONFIG_HID_CHICONY=y +CONFIG_HID_CYPRESS=y +# CONFIG_HID_DRAGONRISE is not set +# CONFIG_HID_EMS_FF is not set +# CONFIG_HID_ELECOM is not set +CONFIG_HID_EZKEY=y +# CONFIG_HID_GEMBIRD is not set +# CONFIG_HID_KEYTOUCH is not set +# CONFIG_HID_KYE is not set +# CONFIG_HID_WALTOP is not set +# CONFIG_HID_GYRATION is not set +# CONFIG_HID_ICADE is not set +# CONFIG_HID_TWINHAN is not set +CONFIG_HID_KENSINGTON=y +# CONFIG_HID_LCPOWER is not set +# CONFIG_HID_LENOVO is not set +CONFIG_HID_LOGITECH=y +# CONFIG_HID_LOGITECH_HIDPP is not set +# CONFIG_LOGITECH_FF is not set +# CONFIG_LOGIRUMBLEPAD2_FF is not set +# CONFIG_LOGIG940_FF is not set +# CONFIG_LOGIWHEELS_FF is not set +# CONFIG_HID_MAGICMOUSE is not set +CONFIG_HID_MICROSOFT=y +CONFIG_HID_MONTEREY=y +# CONFIG_HID_MULTITOUCH is not set +# CONFIG_HID_ORTEK is not set +# CONFIG_HID_PANTHERLORD is not set +# CONFIG_HID_PETALYNX is not set +# CONFIG_HID_PICOLCD is not set +CONFIG_HID_PLANTRONICS=y +# CONFIG_HID_PRIMAX is not set +# CONFIG_HID_SAITEK is not set +# CONFIG_HID_SAMSUNG is not set +# CONFIG_HID_SPEEDLINK is not set +# CONFIG_HID_STEELSERIES is not set +# CONFIG_HID_SUNPLUS is not set +# CONFIG_HID_RMI is not set +# CONFIG_HID_GREENASIA is not set +# CONFIG_HID_SMARTJOYPLUS is not set +# CONFIG_HID_TIVO is not set +# CONFIG_HID_TOPSEED is not set +# CONFIG_HID_THRUSTMASTER is not set +# CONFIG_HID_WACOM is not set +# CONFIG_HID_XINMO is not set +# CONFIG_HID_ZEROPLUS is not set +# CONFIG_HID_ZYDACRON is not set +# CONFIG_HID_SENSOR_HUB is not set +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +CONFIG_USB_SUPPORT=y +CONFIG_USB_ARCH_HAS_HCD=y +# CONFIG_USB is not set + +# +# USB port drivers +# + +# +# USB Physical Layer drivers +# +# CONFIG_USB_PHY is not set +# CONFIG_NOP_USB_XCEIV is not set +# CONFIG_USB_GADGET is not set +# CONFIG_UWB is not set +# CONFIG_MMC is not set +# CONFIG_MEMSTICK is not set +# CONFIG_NEW_LEDS is not set +# CONFIG_ACCESSIBILITY is not set +# CONFIG_INFINIBAND is not set +CONFIG_EDAC_ATOMIC_SCRUB=y +CONFIG_EDAC_SUPPORT=y +# CONFIG_EDAC is not set +CONFIG_RTC_LIB=y +# CONFIG_RTC_CLASS is not set +# CONFIG_DMADEVICES is not set +# CONFIG_AUXDISPLAY is not set +# CONFIG_UIO is not set +# CONFIG_VIRT_DRIVERS is not set +CONFIG_VIRTIO=y + +# +# Virtio drivers +# +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_BALLOON=y +# CONFIG_VIRTIO_INPUT is not set +CONFIG_VIRTIO_MMIO=y +# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set + +# +# Microsoft Hyper-V guest support +# +# CONFIG_STAGING is not set +CONFIG_X86_PLATFORM_DEVICES=y +# CONFIG_ACERHDF is not set +# CONFIG_DELL_SMO8800 is not set +# CONFIG_FUJITSU_TABLET is not set +# CONFIG_HP_ACCEL is not set +# CONFIG_HP_WIRELESS is not set +# CONFIG_SENSORS_HDAPS is not set +# CONFIG_INTEL_MENLOW is not set +# CONFIG_ACPI_WMI is not set +# CONFIG_TOPSTAR_LAPTOP is not set +# CONFIG_TOSHIBA_BT_RFKILL is not set +# CONFIG_TOSHIBA_HAPS is not set +# CONFIG_ACPI_CMPC is not set +# CONFIG_INTEL_IPS is not set +# CONFIG_IBM_RTL is not set +# CONFIG_SAMSUNG_Q10 is not set +# CONFIG_INTEL_RST is not set +# CONFIG_INTEL_SMARTCONNECT is not set +# CONFIG_PVPANIC is not set +# CONFIG_INTEL_PMC_IPC is not set +# CONFIG_SURFACE_PRO3_BUTTON is not set +# CONFIG_CHROME_PLATFORMS is not set + +# +# Hardware Spinlock drivers +# + +# +# Clock Source drivers +# +CONFIG_CLKEVT_I8253=y +CONFIG_I8253_LOCK=y +CONFIG_CLKBLD_I8253=y +# CONFIG_ATMEL_PIT is not set +# CONFIG_SH_TIMER_CMT is not set +# CONFIG_SH_TIMER_MTU2 is not set +# CONFIG_SH_TIMER_TMU is not set +# CONFIG_EM_TIMER_STI is not set +# CONFIG_MAILBOX is not set +CONFIG_IOMMU_SUPPORT=y + +# +# Generic IOMMU Pagetable Support +# +# CONFIG_AMD_IOMMU is not set +# CONFIG_INTEL_IOMMU is not set +# CONFIG_IRQ_REMAP is not set + +# +# Remoteproc drivers +# +# CONFIG_STE_MODEM_RPROC is not set + +# +# Rpmsg drivers +# + +# +# SOC (System On Chip) specific Drivers +# +# CONFIG_SUNXI_SRAM is not set +# CONFIG_SOC_TI is not set +# CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +# CONFIG_IIO is not set +# CONFIG_NTB is not set +# CONFIG_VME_BUS is not set +# CONFIG_PWM is not set +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set +# CONFIG_FMC is not set + +# +# PHY Subsystem +# +# CONFIG_GENERIC_PHY is not set +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# CONFIG_BCM_KONA_USB2_PHY is not set +# CONFIG_POWERCAP is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# CONFIG_RAS is not set +# CONFIG_THUNDERBOLT is not set + +# +# Android +# +# CONFIG_ANDROID is not set +# CONFIG_LIBNVDIMM is not set +# CONFIG_NVMEM is not set + +# +# Firmware Drivers +# +# CONFIG_EDD is not set +CONFIG_FIRMWARE_MEMMAP=y +# CONFIG_DELL_RBU is not set +# CONFIG_DCDBAS is not set +CONFIG_DMIID=y +# CONFIG_DMI_SYSFS is not set +CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y +# CONFIG_ISCSI_IBFT_FIND is not set +# CONFIG_GOOGLE_FIRMWARE is not set + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +CONFIG_EXT2_FS=y +# CONFIG_EXT2_FS_XATTR is not set +CONFIG_EXT3_FS=y +# CONFIG_EXT3_FS_POSIX_ACL is not set +# CONFIG_EXT3_FS_SECURITY is not set +CONFIG_EXT4_FS=y +# CONFIG_EXT4_FS_POSIX_ACL is not set +# CONFIG_EXT4_FS_SECURITY is not set +# CONFIG_EXT4_ENCRYPTION is not set +# CONFIG_EXT4_DEBUG is not set +CONFIG_JBD2=y +# CONFIG_JBD2_DEBUG is not set +CONFIG_FS_MBCACHE=y +CONFIG_REISERFS_FS=y +# CONFIG_REISERFS_CHECK is not set +# CONFIG_REISERFS_PROC_INFO is not set +# CONFIG_REISERFS_FS_XATTR is not set +# CONFIG_JFS_FS is not set +# CONFIG_XFS_FS is not set +# CONFIG_GFS2_FS is not set +# CONFIG_BTRFS_FS is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +# CONFIG_FS_DAX is not set +CONFIG_FS_POSIX_ACL=y +CONFIG_FILE_LOCKING=y +CONFIG_FSNOTIFY=y +CONFIG_DNOTIFY=y +CONFIG_INOTIFY_USER=y +# CONFIG_FANOTIFY is not set +CONFIG_QUOTA=y +# CONFIG_QUOTA_NETLINK_INTERFACE is not set +CONFIG_PRINT_QUOTA_WARNING=y +# CONFIG_QUOTA_DEBUG is not set +# CONFIG_QFMT_V1 is not set +# CONFIG_QFMT_V2 is not set +CONFIG_QUOTACTL=y +CONFIG_AUTOFS4_FS=y +# CONFIG_FUSE_FS is not set +# CONFIG_OVERLAY_FS is not set + +# +# Caches +# +# CONFIG_FSCACHE is not set + +# +# CD-ROM/DVD Filesystems +# +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +# CONFIG_ZISOFS is not set +# CONFIG_UDF_FS is not set + +# +# DOS/FAT/NT Filesystems +# +# CONFIG_MSDOS_FS is not set +# CONFIG_VFAT_FS is not set +# CONFIG_NTFS_FS is not set + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +CONFIG_PROC_KCORE=y +CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y +# CONFIG_PROC_CHILDREN is not set +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +# CONFIG_TMPFS_POSIX_ACL is not set +# CONFIG_TMPFS_XATTR is not set +# CONFIG_HUGETLBFS is not set +# CONFIG_HUGETLB_PAGE is not set +# CONFIG_CONFIGFS_FS is not set +CONFIG_MISC_FILESYSTEMS=y +# CONFIG_ADFS_FS is not set +# CONFIG_AFFS_FS is not set +# CONFIG_HFS_FS is not set +# CONFIG_HFSPLUS_FS is not set +# CONFIG_BEFS_FS is not set +# CONFIG_BFS_FS is not set +# CONFIG_EFS_FS is not set +# CONFIG_LOGFS is not set +# CONFIG_CRAMFS is not set +# CONFIG_SQUASHFS is not set +# CONFIG_VXFS_FS is not set +# CONFIG_MINIX_FS is not set +# CONFIG_OMFS_FS is not set +# CONFIG_HPFS_FS is not set +# CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set +# CONFIG_ROMFS_FS is not set +# CONFIG_PSTORE is not set +# CONFIG_SYSV_FS is not set +# CONFIG_UFS_FS is not set +CONFIG_NETWORK_FILESYSTEMS=y +# CONFIG_NFS_FS is not set +# CONFIG_NFSD is not set +# CONFIG_CEPH_FS is not set +# CONFIG_CIFS is not set +# CONFIG_NCP_FS is not set +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_9P_FS=y +CONFIG_9P_FS_POSIX_ACL=y +# CONFIG_9P_FS_SECURITY is not set +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="iso8859-1" +# CONFIG_NLS_CODEPAGE_437 is not set +# CONFIG_NLS_CODEPAGE_737 is not set +# CONFIG_NLS_CODEPAGE_775 is not set +# CONFIG_NLS_CODEPAGE_850 is not set +# CONFIG_NLS_CODEPAGE_852 is not set +# CONFIG_NLS_CODEPAGE_855 is not set +# CONFIG_NLS_CODEPAGE_857 is not set +# CONFIG_NLS_CODEPAGE_860 is not set +# CONFIG_NLS_CODEPAGE_861 is not set +# CONFIG_NLS_CODEPAGE_862 is not set +# CONFIG_NLS_CODEPAGE_863 is not set +# CONFIG_NLS_CODEPAGE_864 is not set +# CONFIG_NLS_CODEPAGE_865 is not set +# CONFIG_NLS_CODEPAGE_866 is not set +# CONFIG_NLS_CODEPAGE_869 is not set +# CONFIG_NLS_CODEPAGE_936 is not set +# CONFIG_NLS_CODEPAGE_950 is not set +# CONFIG_NLS_CODEPAGE_932 is not set +# CONFIG_NLS_CODEPAGE_949 is not set +# CONFIG_NLS_CODEPAGE_874 is not set +# CONFIG_NLS_ISO8859_8 is not set +# CONFIG_NLS_CODEPAGE_1250 is not set +# CONFIG_NLS_CODEPAGE_1251 is not set +# CONFIG_NLS_ASCII is not set +# CONFIG_NLS_ISO8859_1 is not set +# CONFIG_NLS_ISO8859_2 is not set +# CONFIG_NLS_ISO8859_3 is not set +# CONFIG_NLS_ISO8859_4 is not set +# CONFIG_NLS_ISO8859_5 is not set +# CONFIG_NLS_ISO8859_6 is not set +# CONFIG_NLS_ISO8859_7 is not set +# CONFIG_NLS_ISO8859_9 is not set +# CONFIG_NLS_ISO8859_13 is not set +# CONFIG_NLS_ISO8859_14 is not set +# CONFIG_NLS_ISO8859_15 is not set +# CONFIG_NLS_KOI8_R is not set +# CONFIG_NLS_KOI8_U is not set +# CONFIG_NLS_MAC_ROMAN is not set +# CONFIG_NLS_MAC_CELTIC is not set +# CONFIG_NLS_MAC_CENTEURO is not set +# CONFIG_NLS_MAC_CROATIAN is not set +# CONFIG_NLS_MAC_CYRILLIC is not set +# CONFIG_NLS_MAC_GAELIC is not set +# CONFIG_NLS_MAC_GREEK is not set +# CONFIG_NLS_MAC_ICELAND is not set +# CONFIG_NLS_MAC_INUIT is not set +# CONFIG_NLS_MAC_ROMANIAN is not set +# CONFIG_NLS_MAC_TURKISH is not set +# CONFIG_NLS_UTF8 is not set + +# +# Kernel hacking +# +CONFIG_TRACE_IRQFLAGS_SUPPORT=y + +# +# printk and dmesg options +# +# CONFIG_PRINTK_TIME is not set +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_BOOT_PRINTK_DELAY is not set + +# +# Compile-time checks and compiler options +# +CONFIG_DEBUG_INFO=y +# CONFIG_DEBUG_INFO_REDUCED is not set +# CONFIG_DEBUG_INFO_SPLIT is not set +# CONFIG_DEBUG_INFO_DWARF4 is not set +# CONFIG_GDB_SCRIPTS is not set +CONFIG_ENABLE_WARN_DEPRECATED=y +CONFIG_ENABLE_MUST_CHECK=y +CONFIG_FRAME_WARN=1024 +# CONFIG_STRIP_ASM_SYMS is not set +# CONFIG_READABLE_ASM is not set +# CONFIG_UNUSED_SYMBOLS is not set +# CONFIG_PAGE_OWNER is not set +# CONFIG_DEBUG_FS is not set +# CONFIG_HEADERS_CHECK is not set +# CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_ARCH_WANT_FRAME_POINTERS=y +CONFIG_FRAME_POINTER=y +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +# CONFIG_MAGIC_SYSRQ is not set +CONFIG_DEBUG_KERNEL=y + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +# CONFIG_DEBUG_OBJECTS is not set +# CONFIG_DEBUG_SLAB is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_DEBUG_STACK_USAGE is not set +# CONFIG_DEBUG_VM is not set +# CONFIG_DEBUG_VIRTUAL is not set +CONFIG_DEBUG_MEMORY_INIT=y +CONFIG_HAVE_DEBUG_STACKOVERFLOW=y +# CONFIG_DEBUG_STACKOVERFLOW is not set +CONFIG_HAVE_ARCH_KMEMCHECK=y +CONFIG_HAVE_ARCH_KASAN=y +# CONFIG_DEBUG_SHIRQ is not set + +# +# Debug Lockups and Hangs +# +# CONFIG_LOCKUP_DETECTOR is not set +CONFIG_DETECT_HUNG_TASK=y +CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 +# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set +CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0 +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 +CONFIG_PANIC_TIMEOUT=0 +# CONFIG_SCHED_DEBUG is not set +# CONFIG_SCHED_INFO is not set +# CONFIG_SCHEDSTATS is not set +# CONFIG_SCHED_STACK_END_CHECK is not set +# CONFIG_DEBUG_TIMEKEEPING is not set +# CONFIG_TIMER_STATS is not set + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set +# CONFIG_STACKTRACE is not set +# CONFIG_DEBUG_KOBJECT is not set +CONFIG_DEBUG_BUGVERBOSE=y +# CONFIG_DEBUG_LIST is not set +# CONFIG_DEBUG_PI_LIST is not set +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_NOTIFIERS is not set +# CONFIG_DEBUG_CREDENTIALS is not set + +# +# RCU Debugging +# +# CONFIG_PROVE_RCU is not set +# CONFIG_SPARSE_RCU_POINTER is not set +# CONFIG_TORTURE_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +# CONFIG_RCU_TRACE is not set +# CONFIG_RCU_EQS_DEBUG is not set +# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set +# CONFIG_LATENCYTOP is not set +CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y +# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set +CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_TRACING_SUPPORT=y +CONFIG_FTRACE=y +# CONFIG_FUNCTION_TRACER is not set +# CONFIG_IRQSOFF_TRACER is not set +# CONFIG_SCHED_TRACER is not set +# CONFIG_ENABLE_DEFAULT_TRACERS is not set +# CONFIG_FTRACE_SYSCALLS is not set +# CONFIG_TRACER_SNAPSHOT is not set +CONFIG_BRANCH_PROFILE_NONE=y +# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set +# CONFIG_PROFILE_ALL_BRANCHES is not set +# CONFIG_STACK_TRACER is not set +# CONFIG_BLK_DEV_IO_TRACE is not set +# CONFIG_UPROBE_EVENT is not set +# CONFIG_PROBE_EVENTS is not set +# CONFIG_MMIOTRACE is not set +# CONFIG_TRACEPOINT_BENCHMARK is not set + +# +# Runtime Testing +# +# CONFIG_TEST_LIST_SORT is not set +# CONFIG_BACKTRACE_SELF_TEST is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_ATOMIC64_SELFTEST is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_TEST_STRING_HELPERS is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set +# CONFIG_DMA_API_DEBUG is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_MEMTEST is not set +# CONFIG_SAMPLES is not set +CONFIG_HAVE_ARCH_KGDB=y +# CONFIG_KGDB is not set +# CONFIG_STRICT_DEVMEM is not set +CONFIG_X86_VERBOSE_BOOTUP=y +CONFIG_EARLY_PRINTK=y +# CONFIG_EARLY_PRINTK_DBGP is not set +# CONFIG_X86_PTDUMP is not set +CONFIG_DEBUG_RODATA=y +CONFIG_DEBUG_RODATA_TEST=y +CONFIG_DOUBLEFAULT=y +# CONFIG_DEBUG_TLBFLUSH is not set +# CONFIG_IOMMU_DEBUG is not set +# CONFIG_IOMMU_STRESS is not set +CONFIG_HAVE_MMIOTRACE_SUPPORT=y +CONFIG_IO_DELAY_TYPE_0X80=0 +CONFIG_IO_DELAY_TYPE_0XED=1 +CONFIG_IO_DELAY_TYPE_UDELAY=2 +CONFIG_IO_DELAY_TYPE_NONE=3 +CONFIG_IO_DELAY_0X80=y +# CONFIG_IO_DELAY_0XED is not set +# CONFIG_IO_DELAY_UDELAY is not set +# CONFIG_IO_DELAY_NONE is not set +CONFIG_DEFAULT_IO_DELAY_TYPE=0 +# CONFIG_CPA_DEBUG is not set +# CONFIG_OPTIMIZE_INLINING is not set +# CONFIG_DEBUG_ENTRY is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set +# CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set +CONFIG_X86_DEBUG_FPU=y +# CONFIG_PUNIT_ATOM_DEBUG is not set + +# +# Security options +# +# CONFIG_KEYS is not set +# CONFIG_SECURITY_DMESG_RESTRICT is not set +# CONFIG_SECURITY is not set +# CONFIG_SECURITYFS is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_DEFAULT_SECURITY="" +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_BLKCIPHER=y +CONFIG_CRYPTO_BLKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_RNG_DEFAULT=y +CONFIG_CRYPTO_PCOMP=y +CONFIG_CRYPTO_PCOMP2=y +CONFIG_CRYPTO_AKCIPHER2=y +# CONFIG_CRYPTO_RSA is not set +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +CONFIG_CRYPTO_USER=y +CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y +CONFIG_CRYPTO_GF128MUL=y +CONFIG_CRYPTO_NULL=y +CONFIG_CRYPTO_NULL2=y +CONFIG_CRYPTO_WORKQUEUE=y +CONFIG_CRYPTO_CRYPTD=y +# CONFIG_CRYPTO_MCRYPTD is not set +CONFIG_CRYPTO_AUTHENC=y +CONFIG_CRYPTO_ABLK_HELPER=y +CONFIG_CRYPTO_GLUE_HELPER_X86=y + +# +# Authenticated Encryption with Associated Data +# +CONFIG_CRYPTO_CCM=y +CONFIG_CRYPTO_GCM=y +CONFIG_CRYPTO_CHACHA20POLY1305=y +CONFIG_CRYPTO_SEQIV=y +CONFIG_CRYPTO_ECHAINIV=y + +# +# Block modes +# +CONFIG_CRYPTO_CBC=y +CONFIG_CRYPTO_CTR=y +# CONFIG_CRYPTO_CTS is not set +CONFIG_CRYPTO_ECB=y +CONFIG_CRYPTO_LRW=y +CONFIG_CRYPTO_PCBC=y +CONFIG_CRYPTO_XTS=y + +# +# Hash modes +# +CONFIG_CRYPTO_CMAC=y +CONFIG_CRYPTO_HMAC=y +CONFIG_CRYPTO_XCBC=y +# CONFIG_CRYPTO_VMAC is not set + +# +# Digest +# +CONFIG_CRYPTO_CRC32C=y +# CONFIG_CRYPTO_CRC32C_INTEL is not set +# CONFIG_CRYPTO_CRC32 is not set +# CONFIG_CRYPTO_CRC32_PCLMUL is not set +# CONFIG_CRYPTO_CRCT10DIF is not set +CONFIG_CRYPTO_GHASH=y +CONFIG_CRYPTO_POLY1305=y +CONFIG_CRYPTO_POLY1305_X86_64=y +CONFIG_CRYPTO_MD4=y +CONFIG_CRYPTO_MD5=y +CONFIG_CRYPTO_MICHAEL_MIC=y +CONFIG_CRYPTO_RMD128=y +CONFIG_CRYPTO_RMD160=y +CONFIG_CRYPTO_RMD256=y +CONFIG_CRYPTO_RMD320=y +CONFIG_CRYPTO_SHA1=y +# CONFIG_CRYPTO_SHA1_SSSE3 is not set +CONFIG_CRYPTO_SHA256_SSSE3=y +CONFIG_CRYPTO_SHA512_SSSE3=y +# CONFIG_CRYPTO_SHA1_MB is not set +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA512=y +CONFIG_CRYPTO_TGR192=y +CONFIG_CRYPTO_WP512=y +# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set + +# +# Ciphers +# +CONFIG_CRYPTO_AES=y +CONFIG_CRYPTO_AES_X86_64=y +CONFIG_CRYPTO_AES_NI_INTEL=y +CONFIG_CRYPTO_ANUBIS=y +CONFIG_CRYPTO_ARC4=y +CONFIG_CRYPTO_BLOWFISH=y +CONFIG_CRYPTO_BLOWFISH_COMMON=y +CONFIG_CRYPTO_BLOWFISH_X86_64=y +CONFIG_CRYPTO_CAMELLIA=y +CONFIG_CRYPTO_CAMELLIA_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y +CONFIG_CRYPTO_CAST_COMMON=y +CONFIG_CRYPTO_CAST5=y +CONFIG_CRYPTO_CAST5_AVX_X86_64=y +CONFIG_CRYPTO_CAST6=y +CONFIG_CRYPTO_CAST6_AVX_X86_64=y +CONFIG_CRYPTO_DES=y +# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set +CONFIG_CRYPTO_FCRYPT=y +CONFIG_CRYPTO_KHAZAD=y +CONFIG_CRYPTO_SALSA20=y +CONFIG_CRYPTO_SALSA20_X86_64=y +CONFIG_CRYPTO_CHACHA20=y +CONFIG_CRYPTO_CHACHA20_X86_64=y +CONFIG_CRYPTO_SEED=y +CONFIG_CRYPTO_SERPENT=y +CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX2_X86_64=y +CONFIG_CRYPTO_TEA=y +CONFIG_CRYPTO_TWOFISH=y +CONFIG_CRYPTO_TWOFISH_COMMON=y +CONFIG_CRYPTO_TWOFISH_X86_64=y +CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y +CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y + +# +# Compression +# +CONFIG_CRYPTO_DEFLATE=y +CONFIG_CRYPTO_ZLIB=y +CONFIG_CRYPTO_LZO=y +CONFIG_CRYPTO_842=y +CONFIG_CRYPTO_LZ4=y +CONFIG_CRYPTO_LZ4HC=y + +# +# Random Number Generation +# +# CONFIG_CRYPTO_ANSI_CPRNG is not set +CONFIG_CRYPTO_DRBG_MENU=y +CONFIG_CRYPTO_DRBG_HMAC=y +CONFIG_CRYPTO_DRBG_HASH=y +CONFIG_CRYPTO_DRBG_CTR=y +CONFIG_CRYPTO_DRBG=y +CONFIG_CRYPTO_JITTERENTROPY=y +CONFIG_CRYPTO_USER_API=y +CONFIG_CRYPTO_USER_API_HASH=y +CONFIG_CRYPTO_USER_API_SKCIPHER=y +# CONFIG_CRYPTO_USER_API_RNG is not set +CONFIG_CRYPTO_USER_API_AEAD=y +# CONFIG_CRYPTO_HW is not set + +# +# Certificates for signature checking +# +CONFIG_HAVE_KVM=y +CONFIG_VIRTUALIZATION=y +# CONFIG_KVM is not set +# CONFIG_BINARY_PRINTF is not set + +# +# Library routines +# +CONFIG_BITREVERSE=y +# CONFIG_HAVE_ARCH_BITREVERSE is not set +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +CONFIG_GENERIC_FIND_FIRST_BIT=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y +CONFIG_GENERIC_IO=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_CRC_CCITT=y +CONFIG_CRC16=y +# CONFIG_CRC_T10DIF is not set +CONFIG_CRC_ITU_T=y +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +CONFIG_CRC7=y +CONFIG_LIBCRC32C=y +# CONFIG_CRC8 is not set +# CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set +# CONFIG_RANDOM32_SELFTEST is not set +CONFIG_842_COMPRESS=y +CONFIG_842_DECOMPRESS=y +CONFIG_ZLIB_INFLATE=y +CONFIG_ZLIB_DEFLATE=y +CONFIG_LZO_COMPRESS=y +CONFIG_LZO_DECOMPRESS=y +CONFIG_LZ4_COMPRESS=y +CONFIG_LZ4HC_COMPRESS=y +CONFIG_LZ4_DECOMPRESS=y +# CONFIG_XZ_DEC is not set +# CONFIG_XZ_DEC_BCJ is not set +CONFIG_TEXTSEARCH=y +CONFIG_TEXTSEARCH_KMP=y +CONFIG_TEXTSEARCH_BM=y +CONFIG_TEXTSEARCH_FSM=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +CONFIG_DQL=y +CONFIG_NLATTR=y +CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y +# CONFIG_CORDIC is not set +# CONFIG_DDR is not set +# CONFIG_SG_SPLIT is not set +CONFIG_ARCH_HAS_SG_CHAIN=y +CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_ARCH_HAS_MMIO_FLUSH=y diff --git a/testing/config/kernel/config-4.4 b/testing/config/kernel/config-4.4 new file mode 100644 index 000000000..b89dab57f --- /dev/null +++ b/testing/config/kernel/config-4.4 @@ -0,0 +1,2354 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86 4.4.3 Kernel Configuration +# +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_INSTRUCTION_DECODER=y +CONFIG_PERF_EVENTS_INTEL_UNCORE=y +CONFIG_OUTPUT_FORMAT="elf64-x86-64" +CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig" +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_HAVE_LATENCYTOP_SUPPORT=y +CONFIG_MMU=y +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_GENERIC_ISA_DMA=y +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_GENERIC_HWEIGHT=y +CONFIG_ARCH_MAY_HAVE_PC_FDC=y +CONFIG_RWSEM_XCHGADD_ALGORITHM=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_HAS_CPU_RELAX=y +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_SUSPEND_POSSIBLE=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_ZONE_DMA32=y +CONFIG_AUDIT_ARCH=y +CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11" +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_PGTABLE_LEVELS=4 +CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_EXTABLE_SORT=y + +# +# General setup +# +CONFIG_BROKEN_ON_SMP=y +CONFIG_INIT_ENV_ARG_LIMIT=32 +CONFIG_CROSS_COMPILE="" +# CONFIG_COMPILE_TEST is not set +CONFIG_LOCALVERSION="" +CONFIG_LOCALVERSION_AUTO=y +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_BZIP2=y +CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_HAVE_KERNEL_LZ4=y +CONFIG_KERNEL_GZIP=y +# CONFIG_KERNEL_BZIP2 is not set +# CONFIG_KERNEL_LZMA is not set +# CONFIG_KERNEL_XZ is not set +# CONFIG_KERNEL_LZO is not set +# CONFIG_KERNEL_LZ4 is not set +CONFIG_DEFAULT_HOSTNAME="(none)" +CONFIG_SWAP=y +CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y +CONFIG_POSIX_MQUEUE=y +CONFIG_POSIX_MQUEUE_SYSCTL=y +CONFIG_CROSS_MEMORY_ATTACH=y +# CONFIG_FHANDLE is not set +CONFIG_USELIB=y +# CONFIG_AUDIT is not set +CONFIG_HAVE_ARCH_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_MSI_IRQ=y +CONFIG_GENERIC_MSI_IRQ_DOMAIN=y +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_ARCH_CLOCKSOURCE_DATA=y +CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +CONFIG_NO_HZ_IDLE=y +CONFIG_NO_HZ=y +CONFIG_HIGH_RES_TIMERS=y + +# +# CPU/Task time and stats accounting +# +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set +# CONFIG_IRQ_TIME_ACCOUNTING is not set +CONFIG_BSD_PROCESS_ACCT=y +# CONFIG_BSD_PROCESS_ACCT_V3 is not set +# CONFIG_TASKSTATS is not set + +# +# RCU Subsystem +# +CONFIG_TINY_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_SRCU=y +# CONFIG_TASKS_RCU is not set +# CONFIG_RCU_STALL_COMMON is not set +# CONFIG_TREE_RCU_TRACE is not set +# CONFIG_RCU_EXPEDITE_BOOT is not set +CONFIG_BUILD_BIN2C=y +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +CONFIG_LOG_BUF_SHIFT=14 +CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_SUPPORTS_INT128=y +CONFIG_CGROUPS=y +# CONFIG_CGROUP_DEBUG is not set +CONFIG_CGROUP_FREEZER=y +CONFIG_CGROUP_PIDS=y +CONFIG_CGROUP_DEVICE=y +CONFIG_CPUSETS=y +CONFIG_PROC_PID_CPUSET=y +CONFIG_CGROUP_CPUACCT=y +CONFIG_PAGE_COUNTER=y +CONFIG_MEMCG=y +CONFIG_MEMCG_SWAP=y +CONFIG_MEMCG_SWAP_ENABLED=y +CONFIG_MEMCG_KMEM=y +CONFIG_CGROUP_PERF=y +CONFIG_CGROUP_SCHED=y +CONFIG_FAIR_GROUP_SCHED=y +CONFIG_CFS_BANDWIDTH=y +# CONFIG_RT_GROUP_SCHED is not set +CONFIG_BLK_CGROUP=y +# CONFIG_DEBUG_BLK_CGROUP is not set +CONFIG_CGROUP_WRITEBACK=y +# CONFIG_CHECKPOINT_RESTORE is not set +CONFIG_NAMESPACES=y +# CONFIG_UTS_NS is not set +# CONFIG_IPC_NS is not set +# CONFIG_USER_NS is not set +# CONFIG_PID_NS is not set +# CONFIG_NET_NS is not set +# CONFIG_SCHED_AUTOGROUP is not set +# CONFIG_SYSFS_DEPRECATED is not set +# CONFIG_RELAY is not set +# CONFIG_BLK_DEV_INITRD is not set +CONFIG_CC_OPTIMIZE_FOR_SIZE=y +CONFIG_SYSCTL=y +CONFIG_ANON_INODES=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_HAVE_PCSPKR_PLATFORM=y +CONFIG_BPF=y +# CONFIG_EXPERT is not set +CONFIG_MULTIUSER=y +CONFIG_SGETMASK_SYSCALL=y +CONFIG_SYSFS_SYSCALL=y +# CONFIG_SYSCTL_SYSCALL is not set +CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_ALL is not set +CONFIG_PRINTK=y +CONFIG_BUG=y +CONFIG_ELF_CORE=y +CONFIG_PCSPKR_PLATFORM=y +CONFIG_BASE_FULL=y +CONFIG_FUTEX=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +# CONFIG_BPF_SYSCALL is not set +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_ADVISE_SYSCALLS=y +# CONFIG_USERFAULTFD is not set +CONFIG_PCI_QUIRKS=y +CONFIG_MEMBARRIER=y +# CONFIG_EMBEDDED is not set +CONFIG_HAVE_PERF_EVENTS=y + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +CONFIG_VM_EVENT_COUNTERS=y +CONFIG_COMPAT_BRK=y +CONFIG_SLAB=y +# CONFIG_SLUB is not set +# CONFIG_SYSTEM_DATA_VERIFICATION is not set +# CONFIG_PROFILING is not set +CONFIG_HAVE_OPROFILE=y +CONFIG_OPROFILE_NMI_TIMER=y +# CONFIG_JUMP_LABEL is not set +# CONFIG_UPROBES is not set +# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_ARCH_USE_BUILTIN_BSWAP=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KPROBES=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_OPTPROBES=y +CONFIG_HAVE_KPROBES_ON_FTRACE=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_ATTRS=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_DMA_API_DEBUG=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y +CONFIG_HAVE_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP_FILTER=y +CONFIG_HAVE_CC_STACKPROTECTOR=y +CONFIG_CC_STACKPROTECTOR=y +# CONFIG_CC_STACKPROTECTOR_NONE is not set +CONFIG_CC_STACKPROTECTOR_REGULAR=y +# CONFIG_CC_STACKPROTECTOR_STRONG is not set +CONFIG_HAVE_CONTEXT_TRACKING=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_HAVE_ARCH_SOFT_DIRTY=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_COPY_THREAD_TLS=y + +# +# GCOV-based kernel profiling +# +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set +CONFIG_SLABINFO=y +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=0 +# CONFIG_MODULES is not set +CONFIG_MODULES_TREE_LOOKUP=y +CONFIG_BLOCK=y +# CONFIG_BLK_DEV_BSG is not set +# CONFIG_BLK_DEV_BSGLIB is not set +# CONFIG_BLK_DEV_INTEGRITY is not set +# CONFIG_BLK_DEV_THROTTLING is not set +# CONFIG_BLK_CMDLINE_PARSER is not set + +# +# Partition Types +# +# CONFIG_PARTITION_ADVANCED is not set +CONFIG_MSDOS_PARTITION=y +CONFIG_EFI_PARTITION=y + +# +# IO Schedulers +# +CONFIG_IOSCHED_NOOP=y +CONFIG_IOSCHED_DEADLINE=y +CONFIG_IOSCHED_CFQ=y +# CONFIG_CFQ_GROUP_IOSCHED is not set +# CONFIG_DEFAULT_DEADLINE is not set +CONFIG_DEFAULT_CFQ=y +# CONFIG_DEFAULT_NOOP is not set +CONFIG_DEFAULT_IOSCHED="cfq" +CONFIG_INLINE_SPIN_UNLOCK_IRQ=y +CONFIG_INLINE_READ_UNLOCK=y +CONFIG_INLINE_READ_UNLOCK_IRQ=y +CONFIG_INLINE_WRITE_UNLOCK=y +CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_FREEZER=y + +# +# Processor type and features +# +CONFIG_ZONE_DMA=y +# CONFIG_SMP is not set +CONFIG_X86_FEATURE_NAMES=y +CONFIG_X86_MPPARSE=y +CONFIG_X86_EXTENDED_PLATFORM=y +# CONFIG_X86_GOLDFISH is not set +# CONFIG_X86_INTEL_LPSS is not set +# CONFIG_X86_AMD_PLATFORM_DEVICE is not set +CONFIG_IOSF_MBI=y +CONFIG_SCHED_OMIT_FRAME_POINTER=y +# CONFIG_HYPERVISOR_GUEST is not set +CONFIG_NO_BOOTMEM=y +# CONFIG_MK8 is not set +# CONFIG_MPSC is not set +CONFIG_MCORE2=y +# CONFIG_MATOM is not set +# CONFIG_GENERIC_CPU is not set +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 +CONFIG_X86_L1_CACHE_SHIFT=6 +CONFIG_X86_INTEL_USERCOPY=y +CONFIG_X86_USE_PPRO_CHECKSUM=y +CONFIG_X86_P6_NOP=y +CONFIG_X86_TSC=y +CONFIG_X86_CMPXCHG64=y +CONFIG_X86_CMOV=y +CONFIG_X86_MINIMUM_CPU_FAMILY=64 +CONFIG_X86_DEBUGCTLMSR=y +CONFIG_CPU_SUP_INTEL=y +CONFIG_CPU_SUP_AMD=y +CONFIG_CPU_SUP_CENTAUR=y +CONFIG_HPET_TIMER=y +CONFIG_DMI=y +CONFIG_GART_IOMMU=y +# CONFIG_CALGARY_IOMMU is not set +CONFIG_SWIOTLB=y +CONFIG_IOMMU_HELPER=y +CONFIG_NR_CPUS=1 +CONFIG_PREEMPT_NONE=y +# CONFIG_PREEMPT_VOLUNTARY is not set +# CONFIG_PREEMPT is not set +CONFIG_UP_LATE_INIT=y +CONFIG_X86_LOCAL_APIC=y +CONFIG_X86_IO_APIC=y +# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set +# CONFIG_X86_MCE is not set +# CONFIG_VM86 is not set +CONFIG_X86_16BIT=y +CONFIG_X86_ESPFIX64=y +CONFIG_X86_VSYSCALL_EMULATION=y +# CONFIG_I8K is not set +# CONFIG_X86_MSR is not set +# CONFIG_X86_CPUID is not set +CONFIG_ARCH_PHYS_ADDR_T_64BIT=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_X86_DIRECT_GBPAGES=y +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_DEFAULT=y +CONFIG_ARCH_SELECT_MEMORY_MODEL=y +CONFIG_ARCH_MEMORY_PROBE=y +CONFIG_ARCH_PROC_KCORE_TEXT=y +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +CONFIG_SELECT_MEMORY_MODEL=y +CONFIG_SPARSEMEM_MANUAL=y +CONFIG_SPARSEMEM=y +CONFIG_HAVE_MEMORY_PRESENT=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_HAVE_MEMBLOCK=y +CONFIG_HAVE_MEMBLOCK_NODE_MAP=y +CONFIG_ARCH_DISCARD_MEMBLOCK=y +CONFIG_MEMORY_ISOLATION=y +CONFIG_HAVE_BOOTMEM_INFO_NODE=y +CONFIG_MEMORY_HOTPLUG=y +CONFIG_MEMORY_HOTPLUG_SPARSE=y +CONFIG_MEMORY_HOTREMOVE=y +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +CONFIG_MEMORY_BALLOON=y +# CONFIG_COMPACTION is not set +CONFIG_MIGRATION=y +CONFIG_PHYS_ADDR_T_64BIT=y +CONFIG_ZONE_DMA_FLAG=1 +CONFIG_BOUNCE=y +CONFIG_VIRT_TO_BUS=y +# CONFIG_KSM is not set +CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +# CONFIG_TRANSPARENT_HUGEPAGE is not set +CONFIG_NEED_PER_CPU_KM=y +# CONFIG_CLEANCACHE is not set +# CONFIG_FRONTSWAP is not set +# CONFIG_CMA is not set +# CONFIG_ZPOOL is not set +# CONFIG_ZBUD is not set +# CONFIG_ZSMALLOC is not set +CONFIG_GENERIC_EARLY_IOREMAP=y +CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y +# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set +# CONFIG_IDLE_PAGE_TRACKING is not set +# CONFIG_X86_PMEM_LEGACY is not set +# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set +CONFIG_X86_RESERVE_LOW=64 +CONFIG_MTRR=y +CONFIG_MTRR_SANITIZER=y +CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0 +CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 +CONFIG_X86_PAT=y +CONFIG_ARCH_USES_PG_UNCACHED=y +CONFIG_ARCH_RANDOM=y +CONFIG_X86_SMAP=y +# CONFIG_X86_INTEL_MPX is not set +# CONFIG_EFI is not set +CONFIG_SECCOMP=y +# CONFIG_HZ_100 is not set +CONFIG_HZ_250=y +# CONFIG_HZ_300 is not set +# CONFIG_HZ_1000 is not set +CONFIG_HZ=250 +CONFIG_SCHED_HRTICK=y +# CONFIG_KEXEC is not set +# CONFIG_KEXEC_FILE is not set +# CONFIG_CRASH_DUMP is not set +CONFIG_PHYSICAL_START=0x1000000 +CONFIG_RELOCATABLE=y +# CONFIG_RANDOMIZE_BASE is not set +CONFIG_PHYSICAL_ALIGN=0x1000000 +# CONFIG_LEGACY_VSYSCALL_NATIVE is not set +CONFIG_LEGACY_VSYSCALL_EMULATE=y +# CONFIG_LEGACY_VSYSCALL_NONE is not set +# CONFIG_CMDLINE_BOOL is not set +CONFIG_MODIFY_LDT_SYSCALL=y +CONFIG_HAVE_LIVEPATCH=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y + +# +# Power management and ACPI options +# +CONFIG_SUSPEND=y +CONFIG_SUSPEND_FREEZER=y +# CONFIG_HIBERNATION is not set +CONFIG_PM_SLEEP=y +# CONFIG_PM_AUTOSLEEP is not set +# CONFIG_PM_WAKELOCKS is not set +CONFIG_PM=y +# CONFIG_PM_DEBUG is not set +# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +# CONFIG_ACPI_DEBUGGER is not set +CONFIG_ACPI_SLEEP=y +# CONFIG_ACPI_PROCFS_POWER is not set +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +# CONFIG_ACPI_EC_DEBUGFS is not set +CONFIG_ACPI_AC=y +CONFIG_ACPI_BATTERY=y +CONFIG_ACPI_BUTTON=y +CONFIG_ACPI_FAN=y +# CONFIG_ACPI_DOCK is not set +CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_PROCESSOR=y +# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set +CONFIG_ACPI_THERMAL=y +# CONFIG_ACPI_CUSTOM_DSDT is not set +# CONFIG_ACPI_DEBUG is not set +# CONFIG_ACPI_PCI_SLOT is not set +CONFIG_X86_PM_TIMER=y +# CONFIG_ACPI_CONTAINER is not set +# CONFIG_ACPI_HOTPLUG_MEMORY is not set +CONFIG_ACPI_HOTPLUG_IOAPIC=y +# CONFIG_ACPI_SBS is not set +# CONFIG_ACPI_HED is not set +# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set +# CONFIG_ACPI_NFIT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +# CONFIG_ACPI_APEI is not set +# CONFIG_PMIC_OPREGION is not set +# CONFIG_SFI is not set + +# +# CPU Frequency scaling +# +# CONFIG_CPU_FREQ is not set + +# +# CPU Idle +# +CONFIG_CPU_IDLE=y +CONFIG_CPU_IDLE_GOV_LADDER=y +CONFIG_CPU_IDLE_GOV_MENU=y +# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set +# CONFIG_INTEL_IDLE is not set + +# +# Memory power savings +# +# CONFIG_I7300_IDLE is not set + +# +# Bus options (PCI etc.) +# +CONFIG_PCI=y +CONFIG_PCI_DIRECT=y +# CONFIG_PCI_MMCONFIG is not set +CONFIG_PCI_DOMAINS=y +# CONFIG_PCIEPORTBUS is not set +CONFIG_PCI_BUS_ADDR_T_64BIT=y +CONFIG_PCI_MSI=y +CONFIG_PCI_MSI_IRQ_DOMAIN=y +# CONFIG_PCI_DEBUG is not set +# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set +# CONFIG_PCI_STUB is not set +CONFIG_HT_IRQ=y +# CONFIG_PCI_IOV is not set +# CONFIG_PCI_PRI is not set +# CONFIG_PCI_PASID is not set +CONFIG_PCI_LABEL=y + +# +# PCI host controller drivers +# +CONFIG_ISA_DMA_API=y +CONFIG_AMD_NB=y +# CONFIG_PCCARD is not set +# CONFIG_HOTPLUG_PCI is not set +# CONFIG_RAPIDIO is not set +# CONFIG_X86_SYSFB is not set + +# +# Executable file formats / Emulations +# +CONFIG_BINFMT_ELF=y +# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set +CONFIG_BINFMT_SCRIPT=y +# CONFIG_HAVE_AOUT is not set +# CONFIG_BINFMT_MISC is not set +CONFIG_COREDUMP=y +# CONFIG_IA32_EMULATION is not set +# CONFIG_X86_X32 is not set +CONFIG_X86_DEV_DMA_OPS=y +CONFIG_PMC_ATOM=y +CONFIG_NET=y +CONFIG_NET_INGRESS=y + +# +# Networking options +# +CONFIG_PACKET=y +# CONFIG_PACKET_DIAG is not set +CONFIG_UNIX=y +# CONFIG_UNIX_DIAG is not set +CONFIG_XFRM=y +CONFIG_XFRM_ALGO=y +CONFIG_XFRM_USER=y +CONFIG_XFRM_SUB_POLICY=y +CONFIG_XFRM_MIGRATE=y +CONFIG_XFRM_STATISTICS=y +CONFIG_XFRM_IPCOMP=y +CONFIG_NET_KEY=y +CONFIG_NET_KEY_MIGRATE=y +CONFIG_INET=y +# CONFIG_IP_MULTICAST is not set +CONFIG_IP_ADVANCED_ROUTER=y +# CONFIG_IP_FIB_TRIE_STATS is not set +CONFIG_IP_MULTIPLE_TABLES=y +# CONFIG_IP_ROUTE_MULTIPATH is not set +# CONFIG_IP_ROUTE_VERBOSE is not set +CONFIG_IP_ROUTE_CLASSID=y +# CONFIG_IP_PNP is not set +# CONFIG_NET_IPIP is not set +# CONFIG_NET_IPGRE_DEMUX is not set +CONFIG_NET_IP_TUNNEL=y +# CONFIG_SYN_COOKIES is not set +# CONFIG_NET_IPVTI is not set +CONFIG_NET_UDP_TUNNEL=y +# CONFIG_NET_FOU is not set +CONFIG_INET_AH=y +CONFIG_INET_ESP=y +CONFIG_INET_IPCOMP=y +CONFIG_INET_XFRM_TUNNEL=y +CONFIG_INET_TUNNEL=y +CONFIG_INET_XFRM_MODE_TRANSPORT=y +CONFIG_INET_XFRM_MODE_TUNNEL=y +CONFIG_INET_XFRM_MODE_BEET=y +# CONFIG_INET_LRO is not set +CONFIG_INET_DIAG=y +CONFIG_INET_TCP_DIAG=y +# CONFIG_INET_UDP_DIAG is not set +# CONFIG_TCP_CONG_ADVANCED is not set +CONFIG_TCP_CONG_CUBIC=y +CONFIG_DEFAULT_TCP_CONG="cubic" +# CONFIG_TCP_MD5SIG is not set +CONFIG_IPV6=y +# CONFIG_IPV6_ROUTER_PREF is not set +CONFIG_IPV6_OPTIMISTIC_DAD=y +CONFIG_INET6_AH=y +CONFIG_INET6_ESP=y +CONFIG_INET6_IPCOMP=y +CONFIG_IPV6_MIP6=y +# CONFIG_IPV6_ILA is not set +CONFIG_INET6_XFRM_TUNNEL=y +CONFIG_INET6_TUNNEL=y +CONFIG_INET6_XFRM_MODE_TRANSPORT=y +CONFIG_INET6_XFRM_MODE_TUNNEL=y +CONFIG_INET6_XFRM_MODE_BEET=y +# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set +# CONFIG_IPV6_VTI is not set +# CONFIG_IPV6_SIT is not set +CONFIG_IPV6_TUNNEL=y +CONFIG_IPV6_GRE=y +CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_IPV6_SUBTREES=y +# CONFIG_IPV6_MROUTE is not set +# CONFIG_NETWORK_SECMARK is not set +# CONFIG_NET_PTP_CLASSIFY is not set +# CONFIG_NETWORK_PHY_TIMESTAMPING is not set +CONFIG_NETFILTER=y +# CONFIG_NETFILTER_DEBUG is not set +CONFIG_NETFILTER_ADVANCED=y + +# +# Core Netfilter Configuration +# +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_NETLINK=y +# CONFIG_NETFILTER_NETLINK_ACCT is not set +CONFIG_NETFILTER_NETLINK_QUEUE=y +CONFIG_NETFILTER_NETLINK_LOG=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_LOG_COMMON=y +CONFIG_NF_CONNTRACK_MARK=y +# CONFIG_NF_CONNTRACK_ZONES is not set +CONFIG_NF_CONNTRACK_PROCFS=y +CONFIG_NF_CONNTRACK_EVENTS=y +# CONFIG_NF_CONNTRACK_TIMEOUT is not set +# CONFIG_NF_CONNTRACK_TIMESTAMP is not set +# CONFIG_NF_CT_PROTO_DCCP is not set +# CONFIG_NF_CT_PROTO_SCTP is not set +CONFIG_NF_CT_PROTO_UDPLITE=y +# CONFIG_NF_CONNTRACK_AMANDA is not set +# CONFIG_NF_CONNTRACK_FTP is not set +# CONFIG_NF_CONNTRACK_H323 is not set +# CONFIG_NF_CONNTRACK_IRC is not set +# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set +# CONFIG_NF_CONNTRACK_SNMP is not set +# CONFIG_NF_CONNTRACK_PPTP is not set +CONFIG_NF_CONNTRACK_SANE=y +# CONFIG_NF_CONNTRACK_SIP is not set +# CONFIG_NF_CONNTRACK_TFTP is not set +CONFIG_NF_CT_NETLINK=y +# CONFIG_NF_CT_NETLINK_TIMEOUT is not set +# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set +CONFIG_NF_NAT=y +CONFIG_NF_NAT_NEEDED=y +CONFIG_NF_NAT_PROTO_UDPLITE=y +# CONFIG_NF_NAT_AMANDA is not set +# CONFIG_NF_NAT_FTP is not set +# CONFIG_NF_NAT_IRC is not set +# CONFIG_NF_NAT_SIP is not set +# CONFIG_NF_NAT_TFTP is not set +CONFIG_NF_NAT_REDIRECT=y +# CONFIG_NF_TABLES is not set +CONFIG_NETFILTER_XTABLES=y + +# +# Xtables combined modules +# +CONFIG_NETFILTER_XT_MARK=y +CONFIG_NETFILTER_XT_CONNMARK=y +CONFIG_NETFILTER_XT_SET=y + +# +# Xtables targets +# +# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y +CONFIG_NETFILTER_XT_TARGET_CONNMARK=y +CONFIG_NETFILTER_XT_TARGET_CT=y +CONFIG_NETFILTER_XT_TARGET_DSCP=y +CONFIG_NETFILTER_XT_TARGET_HL=y +# CONFIG_NETFILTER_XT_TARGET_HMARK is not set +# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set +CONFIG_NETFILTER_XT_TARGET_LOG=y +CONFIG_NETFILTER_XT_TARGET_MARK=y +CONFIG_NETFILTER_XT_NAT=y +CONFIG_NETFILTER_XT_TARGET_NETMAP=y +CONFIG_NETFILTER_XT_TARGET_NFLOG=y +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y +CONFIG_NETFILTER_XT_TARGET_NOTRACK=y +# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set +CONFIG_NETFILTER_XT_TARGET_REDIRECT=y +# CONFIG_NETFILTER_XT_TARGET_TEE is not set +# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set +CONFIG_NETFILTER_XT_TARGET_TRACE=y +CONFIG_NETFILTER_XT_TARGET_TCPMSS=y +# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set + +# +# Xtables matches +# +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y +# CONFIG_NETFILTER_XT_MATCH_BPF is not set +# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set +CONFIG_NETFILTER_XT_MATCH_CLUSTER=y +CONFIG_NETFILTER_XT_MATCH_COMMENT=y +CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y +# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y +CONFIG_NETFILTER_XT_MATCH_CONNMARK=y +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y +# CONFIG_NETFILTER_XT_MATCH_CPU is not set +CONFIG_NETFILTER_XT_MATCH_DCCP=y +CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y +CONFIG_NETFILTER_XT_MATCH_DSCP=y +CONFIG_NETFILTER_XT_MATCH_ECN=y +CONFIG_NETFILTER_XT_MATCH_ESP=y +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y +CONFIG_NETFILTER_XT_MATCH_HELPER=y +CONFIG_NETFILTER_XT_MATCH_HL=y +# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set +# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set +CONFIG_NETFILTER_XT_MATCH_L2TP=y +CONFIG_NETFILTER_XT_MATCH_LENGTH=y +CONFIG_NETFILTER_XT_MATCH_LIMIT=y +CONFIG_NETFILTER_XT_MATCH_MAC=y +CONFIG_NETFILTER_XT_MATCH_MARK=y +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y +# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set +# CONFIG_NETFILTER_XT_MATCH_OSF is not set +# CONFIG_NETFILTER_XT_MATCH_OWNER is not set +CONFIG_NETFILTER_XT_MATCH_POLICY=y +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y +CONFIG_NETFILTER_XT_MATCH_QUOTA=y +# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set +CONFIG_NETFILTER_XT_MATCH_REALM=y +# CONFIG_NETFILTER_XT_MATCH_RECENT is not set +CONFIG_NETFILTER_XT_MATCH_SCTP=y +# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set +CONFIG_NETFILTER_XT_MATCH_STATE=y +CONFIG_NETFILTER_XT_MATCH_STATISTIC=y +CONFIG_NETFILTER_XT_MATCH_STRING=y +CONFIG_NETFILTER_XT_MATCH_TCPMSS=y +# CONFIG_NETFILTER_XT_MATCH_TIME is not set +CONFIG_NETFILTER_XT_MATCH_U32=y +CONFIG_IP_SET=y +CONFIG_IP_SET_MAX=256 +CONFIG_IP_SET_BITMAP_IP=y +CONFIG_IP_SET_BITMAP_IPMAC=y +CONFIG_IP_SET_BITMAP_PORT=y +CONFIG_IP_SET_HASH_IP=y +# CONFIG_IP_SET_HASH_IPMARK is not set +CONFIG_IP_SET_HASH_IPPORT=y +CONFIG_IP_SET_HASH_IPPORTIP=y +CONFIG_IP_SET_HASH_IPPORTNET=y +# CONFIG_IP_SET_HASH_MAC is not set +# CONFIG_IP_SET_HASH_NETPORTNET is not set +CONFIG_IP_SET_HASH_NET=y +# CONFIG_IP_SET_HASH_NETNET is not set +CONFIG_IP_SET_HASH_NETPORT=y +# CONFIG_IP_SET_HASH_NETIFACE is not set +CONFIG_IP_SET_LIST_SET=y +# CONFIG_IP_VS is not set + +# +# IP: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV4=y +CONFIG_NF_CONNTRACK_IPV4=y +CONFIG_NF_CONNTRACK_PROC_COMPAT=y +# CONFIG_NF_DUP_IPV4 is not set +# CONFIG_NF_LOG_ARP is not set +CONFIG_NF_LOG_IPV4=y +CONFIG_NF_REJECT_IPV4=y +CONFIG_NF_NAT_IPV4=y +CONFIG_NF_NAT_MASQUERADE_IPV4=y +# CONFIG_NF_NAT_PPTP is not set +# CONFIG_NF_NAT_H323 is not set +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MATCH_AH=y +CONFIG_IP_NF_MATCH_ECN=y +# CONFIG_IP_NF_MATCH_RPFILTER is not set +CONFIG_IP_NF_MATCH_TTL=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_TARGET_REJECT=y +# CONFIG_IP_NF_TARGET_SYNPROXY is not set +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_TARGET_NETMAP=y +CONFIG_IP_NF_TARGET_REDIRECT=y +CONFIG_IP_NF_MANGLE=y +CONFIG_IP_NF_TARGET_CLUSTERIP=y +CONFIG_IP_NF_TARGET_ECN=y +CONFIG_IP_NF_TARGET_TTL=y +CONFIG_IP_NF_RAW=y +CONFIG_IP_NF_ARPTABLES=y +CONFIG_IP_NF_ARPFILTER=y +CONFIG_IP_NF_ARP_MANGLE=y + +# +# IPv6: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV6=y +CONFIG_NF_CONNTRACK_IPV6=y +# CONFIG_NF_DUP_IPV6 is not set +CONFIG_NF_REJECT_IPV6=y +CONFIG_NF_LOG_IPV6=y +CONFIG_NF_NAT_IPV6=y +CONFIG_NF_NAT_MASQUERADE_IPV6=y +CONFIG_IP6_NF_IPTABLES=y +CONFIG_IP6_NF_MATCH_AH=y +CONFIG_IP6_NF_MATCH_EUI64=y +CONFIG_IP6_NF_MATCH_FRAG=y +CONFIG_IP6_NF_MATCH_OPTS=y +CONFIG_IP6_NF_MATCH_HL=y +CONFIG_IP6_NF_MATCH_IPV6HEADER=y +CONFIG_IP6_NF_MATCH_MH=y +# CONFIG_IP6_NF_MATCH_RPFILTER is not set +CONFIG_IP6_NF_MATCH_RT=y +CONFIG_IP6_NF_TARGET_HL=y +CONFIG_IP6_NF_FILTER=y +CONFIG_IP6_NF_TARGET_REJECT=y +# CONFIG_IP6_NF_TARGET_SYNPROXY is not set +CONFIG_IP6_NF_MANGLE=y +CONFIG_IP6_NF_RAW=y +# CONFIG_IP6_NF_NAT is not set +# CONFIG_IP_DCCP is not set +# CONFIG_IP_SCTP is not set +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +CONFIG_L2TP=y +# CONFIG_L2TP_V3 is not set +# CONFIG_BRIDGE is not set +CONFIG_HAVE_NET_DSA=y +# CONFIG_VLAN_8021Q is not set +# CONFIG_DECNET is not set +# CONFIG_LLC2 is not set +# CONFIG_IPX is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_6LOWPAN is not set +# CONFIG_IEEE802154 is not set +# CONFIG_NET_SCHED is not set +# CONFIG_DCB is not set +# CONFIG_BATMAN_ADV is not set +# CONFIG_OPENVSWITCH is not set +# CONFIG_VSOCKETS is not set +# CONFIG_NETLINK_MMAP is not set +# CONFIG_NETLINK_DIAG is not set +# CONFIG_MPLS is not set +# CONFIG_HSR is not set +# CONFIG_NET_SWITCHDEV is not set +# CONFIG_NET_L3_MASTER_DEV is not set +CONFIG_CGROUP_NET_PRIO=y +CONFIG_CGROUP_NET_CLASSID=y +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +# CONFIG_HAMRADIO is not set +# CONFIG_CAN is not set +# CONFIG_IRDA is not set +# CONFIG_BT is not set +# CONFIG_AF_RXRPC is not set +CONFIG_FIB_RULES=y +CONFIG_WIRELESS=y +# CONFIG_CFG80211 is not set +# CONFIG_LIB80211 is not set + +# +# CFG80211 needs to be enabled for MAC80211 +# +CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 +# CONFIG_WIMAX is not set +# CONFIG_RFKILL is not set +CONFIG_NET_9P=y +CONFIG_NET_9P_VIRTIO=y +# CONFIG_NET_9P_DEBUG is not set +# CONFIG_CAIF is not set +# CONFIG_CEPH_LIB is not set +# CONFIG_NFC is not set +# CONFIG_LWTUNNEL is not set +CONFIG_HAVE_BPF_JIT=y + +# +# Device Drivers +# + +# +# Generic Driver Options +# +CONFIG_UEVENT_HELPER=y +CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +CONFIG_STANDALONE=y +CONFIG_PREVENT_FIRMWARE_BUILD=y +CONFIG_FW_LOADER=y +CONFIG_FIRMWARE_IN_KERNEL=y +CONFIG_EXTRA_FIRMWARE="" +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set +CONFIG_ALLOW_DEV_COREDUMP=y +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_SYS_HYPERVISOR is not set +# CONFIG_GENERIC_CPU_DEVICES is not set +CONFIG_GENERIC_CPU_AUTOPROBE=y +# CONFIG_DMA_SHARED_BUFFER is not set + +# +# Bus devices +# +# CONFIG_CONNECTOR is not set +# CONFIG_MTD is not set +# CONFIG_OF is not set +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +CONFIG_PNP_DEBUG_MESSAGES=y + +# +# Protocols +# +CONFIG_PNPACPI=y +CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set +# CONFIG_BLK_DEV_FD is not set +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +# CONFIG_BLK_CPQ_CISS_DA is not set +# CONFIG_BLK_DEV_DAC960 is not set +# CONFIG_BLK_DEV_UMEM is not set +# CONFIG_BLK_DEV_COW_COMMON is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +# CONFIG_BLK_DEV_CRYPTOLOOP is not set +# CONFIG_BLK_DEV_DRBD is not set +CONFIG_BLK_DEV_NBD=y +# CONFIG_BLK_DEV_SKD is not set +# CONFIG_BLK_DEV_SX8 is not set +# CONFIG_BLK_DEV_RAM is not set +# CONFIG_CDROM_PKTCDVD is not set +# CONFIG_ATA_OVER_ETH is not set +CONFIG_VIRTIO_BLK=y +# CONFIG_BLK_DEV_HD is not set +# CONFIG_BLK_DEV_RBD is not set +# CONFIG_BLK_DEV_RSXX is not set +# CONFIG_BLK_DEV_NVME is not set + +# +# Misc devices +# +# CONFIG_SENSORS_LIS3LV02D is not set +# CONFIG_DUMMY_IRQ is not set +# CONFIG_IBM_ASM is not set +# CONFIG_PHANTOM is not set +# CONFIG_SGI_IOC4 is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_SRAM is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_93CX6 is not set +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# + +# +# Altera FPGA firmware download module +# +# CONFIG_VMWARE_VMCI is not set + +# +# Intel MIC Bus Driver +# +# CONFIG_INTEL_MIC_BUS is not set + +# +# SCIF Bus Driver +# +# CONFIG_SCIF_BUS is not set + +# +# Intel MIC Host Driver +# + +# +# Intel MIC Card Driver +# + +# +# SCIF Driver +# + +# +# Intel MIC Coprocessor State Management (COSM) Drivers +# +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_CXL_BASE is not set +# CONFIG_CXL_KERNEL_API is not set +# CONFIG_CXL_EEH is not set +CONFIG_HAVE_IDE=y +# CONFIG_IDE is not set + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +# CONFIG_RAID_ATTRS is not set +# CONFIG_SCSI is not set +# CONFIG_SCSI_DMA is not set +# CONFIG_SCSI_NETLINK is not set +# CONFIG_ATA is not set +# CONFIG_MD is not set +# CONFIG_FUSION is not set + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# CONFIG_MACINTOSH_DRIVERS is not set +CONFIG_NETDEVICES=y +CONFIG_NET_CORE=y +# CONFIG_BONDING is not set +CONFIG_DUMMY=y +# CONFIG_EQUALIZER is not set +# CONFIG_NET_TEAM is not set +# CONFIG_MACVLAN is not set +# CONFIG_IPVLAN is not set +# CONFIG_VXLAN is not set +# CONFIG_GENEVE is not set +# CONFIG_NETCONSOLE is not set +# CONFIG_NETPOLL is not set +# CONFIG_NET_POLL_CONTROLLER is not set +CONFIG_TUN=y +# CONFIG_TUN_VNET_CROSS_LE is not set +# CONFIG_VETH is not set +CONFIG_VIRTIO_NET=y +# CONFIG_NLMON is not set +# CONFIG_ARCNET is not set + +# +# CAIF transport drivers +# +# CONFIG_VHOST_NET is not set +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set + +# +# Distributed Switch Architecture drivers +# +# CONFIG_NET_DSA_MV88E6XXX is not set +# CONFIG_NET_DSA_MV88E6XXX_NEED_PPU is not set +CONFIG_ETHERNET=y +CONFIG_NET_VENDOR_3COM=y +# CONFIG_VORTEX is not set +# CONFIG_TYPHOON is not set +CONFIG_NET_VENDOR_ADAPTEC=y +# CONFIG_ADAPTEC_STARFIRE is not set +CONFIG_NET_VENDOR_AGERE=y +# CONFIG_ET131X is not set +CONFIG_NET_VENDOR_ALTEON=y +# CONFIG_ACENIC is not set +# CONFIG_ALTERA_TSE is not set +CONFIG_NET_VENDOR_AMD=y +# CONFIG_AMD8111_ETH is not set +# CONFIG_PCNET32 is not set +# CONFIG_NET_VENDOR_ARC is not set +CONFIG_NET_VENDOR_ATHEROS=y +# CONFIG_ATL2 is not set +# CONFIG_ATL1 is not set +# CONFIG_ATL1E is not set +# CONFIG_ATL1C is not set +# CONFIG_ALX is not set +# CONFIG_NET_VENDOR_AURORA is not set +CONFIG_NET_CADENCE=y +# CONFIG_MACB is not set +CONFIG_NET_VENDOR_BROADCOM=y +# CONFIG_B44 is not set +# CONFIG_BCMGENET is not set +# CONFIG_BNX2 is not set +# CONFIG_CNIC is not set +# CONFIG_TIGON3 is not set +# CONFIG_BNX2X is not set +# CONFIG_BNXT is not set +CONFIG_NET_VENDOR_BROCADE=y +# CONFIG_BNA is not set +CONFIG_NET_VENDOR_CAVIUM=y +# CONFIG_THUNDER_NIC_PF is not set +# CONFIG_THUNDER_NIC_VF is not set +# CONFIG_THUNDER_NIC_BGX is not set +# CONFIG_LIQUIDIO is not set +CONFIG_NET_VENDOR_CHELSIO=y +# CONFIG_CHELSIO_T1 is not set +# CONFIG_CHELSIO_T3 is not set +# CONFIG_CHELSIO_T4 is not set +# CONFIG_CHELSIO_T4VF is not set +CONFIG_NET_VENDOR_CISCO=y +# CONFIG_ENIC is not set +# CONFIG_CX_ECAT is not set +# CONFIG_DNET is not set +CONFIG_NET_VENDOR_DEC=y +# CONFIG_NET_TULIP is not set +CONFIG_NET_VENDOR_DLINK=y +# CONFIG_DL2K is not set +# CONFIG_SUNDANCE is not set +CONFIG_NET_VENDOR_EMULEX=y +# CONFIG_BE2NET is not set +CONFIG_NET_VENDOR_EZCHIP=y +CONFIG_NET_VENDOR_EXAR=y +# CONFIG_S2IO is not set +# CONFIG_VXGE is not set +CONFIG_NET_VENDOR_HP=y +# CONFIG_HP100 is not set +CONFIG_NET_VENDOR_INTEL=y +# CONFIG_E100 is not set +# CONFIG_E1000 is not set +# CONFIG_E1000E is not set +# CONFIG_IGB is not set +# CONFIG_IGBVF is not set +# CONFIG_IXGB is not set +# CONFIG_IXGBE is not set +# CONFIG_IXGBEVF is not set +# CONFIG_I40E is not set +# CONFIG_I40EVF is not set +# CONFIG_FM10K is not set +CONFIG_NET_VENDOR_I825XX=y +# CONFIG_JME is not set +CONFIG_NET_VENDOR_MARVELL=y +# CONFIG_MVMDIO is not set +# CONFIG_SKGE is not set +# CONFIG_SKY2 is not set +CONFIG_NET_VENDOR_MELLANOX=y +# CONFIG_MLX4_EN is not set +# CONFIG_MLX4_CORE is not set +# CONFIG_MLX5_CORE is not set +# CONFIG_MLXSW_CORE is not set +CONFIG_NET_VENDOR_MICREL=y +# CONFIG_KS8851_MLL is not set +# CONFIG_KSZ884X_PCI is not set +CONFIG_NET_VENDOR_MYRI=y +# CONFIG_MYRI10GE is not set +# CONFIG_FEALNX is not set +CONFIG_NET_VENDOR_NATSEMI=y +# CONFIG_NATSEMI is not set +# CONFIG_NS83820 is not set +CONFIG_NET_VENDOR_8390=y +# CONFIG_NE2K_PCI is not set +CONFIG_NET_VENDOR_NVIDIA=y +# CONFIG_FORCEDETH is not set +CONFIG_NET_VENDOR_OKI=y +# CONFIG_ETHOC is not set +CONFIG_NET_PACKET_ENGINE=y +# CONFIG_HAMACHI is not set +# CONFIG_YELLOWFIN is not set +CONFIG_NET_VENDOR_QLOGIC=y +# CONFIG_QLA3XXX is not set +# CONFIG_QLCNIC is not set +# CONFIG_QLGE is not set +# CONFIG_NETXEN_NIC is not set +# CONFIG_QED is not set +CONFIG_NET_VENDOR_QUALCOMM=y +CONFIG_NET_VENDOR_REALTEK=y +# CONFIG_8139CP is not set +# CONFIG_8139TOO is not set +# CONFIG_R8169 is not set +CONFIG_NET_VENDOR_RENESAS=y +CONFIG_NET_VENDOR_RDC=y +# CONFIG_R6040 is not set +CONFIG_NET_VENDOR_ROCKER=y +CONFIG_NET_VENDOR_SAMSUNG=y +# CONFIG_SXGBE_ETH is not set +CONFIG_NET_VENDOR_SEEQ=y +CONFIG_NET_VENDOR_SILAN=y +# CONFIG_SC92031 is not set +CONFIG_NET_VENDOR_SIS=y +# CONFIG_SIS900 is not set +# CONFIG_SIS190 is not set +# CONFIG_SFC is not set +CONFIG_NET_VENDOR_SMSC=y +# CONFIG_EPIC100 is not set +# CONFIG_SMSC911X is not set +# CONFIG_SMSC9420 is not set +CONFIG_NET_VENDOR_STMICRO=y +# CONFIG_STMMAC_ETH is not set +CONFIG_NET_VENDOR_SUN=y +# CONFIG_HAPPYMEAL is not set +# CONFIG_SUNGEM is not set +# CONFIG_CASSINI is not set +# CONFIG_NIU is not set +CONFIG_NET_VENDOR_SYNOPSYS=y +CONFIG_NET_VENDOR_TEHUTI=y +# CONFIG_TEHUTI is not set +CONFIG_NET_VENDOR_TI=y +# CONFIG_TI_CPSW_ALE is not set +# CONFIG_TLAN is not set +CONFIG_NET_VENDOR_VIA=y +# CONFIG_VIA_RHINE is not set +# CONFIG_VIA_VELOCITY is not set +CONFIG_NET_VENDOR_WIZNET=y +# CONFIG_WIZNET_W5100 is not set +# CONFIG_WIZNET_W5300 is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +# CONFIG_NET_SB1000 is not set +# CONFIG_PHYLIB is not set +# CONFIG_PPP is not set +# CONFIG_SLIP is not set + +# +# Host-side USB support is needed for USB Network Adapter support +# +CONFIG_WLAN=y +# CONFIG_PRISM54 is not set +# CONFIG_HOSTAP is not set +# CONFIG_WL_MEDIATEK is not set +# CONFIG_WL_TI is not set + +# +# Enable WiMAX (Networking options) to see the WiMAX drivers +# +# CONFIG_WAN is not set +# CONFIG_VMXNET3 is not set +# CONFIG_FUJITSU_ES is not set +# CONFIG_ISDN is not set +# CONFIG_NVM is not set + +# +# Input device support +# +CONFIG_INPUT=y +# CONFIG_INPUT_FF_MEMLESS is not set +# CONFIG_INPUT_POLLDEV is not set +# CONFIG_INPUT_SPARSEKMAP is not set +# CONFIG_INPUT_MATRIXKMAP is not set + +# +# Userland interfaces +# +CONFIG_INPUT_MOUSEDEV=y +CONFIG_INPUT_MOUSEDEV_PSAUX=y +CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 +CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 +# CONFIG_INPUT_JOYDEV is not set +CONFIG_INPUT_EVDEV=y +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +CONFIG_INPUT_KEYBOARD=y +CONFIG_KEYBOARD_ATKBD=y +# CONFIG_KEYBOARD_LKKBD is not set +# CONFIG_KEYBOARD_NEWTON is not set +# CONFIG_KEYBOARD_OPENCORES is not set +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_XTKBD is not set +CONFIG_INPUT_MOUSE=y +CONFIG_MOUSE_PS2=y +CONFIG_MOUSE_PS2_ALPS=y +CONFIG_MOUSE_PS2_LOGIPS2PP=y +CONFIG_MOUSE_PS2_SYNAPTICS=y +CONFIG_MOUSE_PS2_CYPRESS=y +CONFIG_MOUSE_PS2_LIFEBOOK=y +CONFIG_MOUSE_PS2_TRACKPOINT=y +# CONFIG_MOUSE_PS2_ELANTECH is not set +# CONFIG_MOUSE_PS2_SENTELIC is not set +# CONFIG_MOUSE_PS2_TOUCHKIT is not set +CONFIG_MOUSE_PS2_FOCALTECH=y +# CONFIG_MOUSE_SERIAL is not set +# CONFIG_MOUSE_APPLETOUCH is not set +# CONFIG_MOUSE_BCM5974 is not set +# CONFIG_MOUSE_VSXXXAA is not set +# CONFIG_MOUSE_SYNAPTICS_USB is not set +# CONFIG_INPUT_JOYSTICK is not set +# CONFIG_INPUT_TABLET is not set +# CONFIG_INPUT_TOUCHSCREEN is not set +# CONFIG_INPUT_MISC is not set + +# +# Hardware I/O ports +# +CONFIG_SERIO=y +CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y +CONFIG_SERIO_I8042=y +CONFIG_SERIO_SERPORT=y +# CONFIG_SERIO_CT82C710 is not set +# CONFIG_SERIO_PCIPS2 is not set +CONFIG_SERIO_LIBPS2=y +# CONFIG_SERIO_RAW is not set +# CONFIG_SERIO_ALTERA_PS2 is not set +# CONFIG_SERIO_PS2MULT is not set +# CONFIG_SERIO_ARC_PS2 is not set +# CONFIG_USERIO is not set +# CONFIG_GAMEPORT is not set + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_VT_CONSOLE_SLEEP=y +CONFIG_HW_CONSOLE=y +# CONFIG_VT_HW_CONSOLE_BINDING is not set +CONFIG_UNIX98_PTYS=y +# CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set +CONFIG_LEGACY_PTYS=y +CONFIG_LEGACY_PTY_COUNT=256 +# CONFIG_SERIAL_NONSTANDARD is not set +# CONFIG_NOZOMI is not set +# CONFIG_N_GSM is not set +# CONFIG_TRACE_SINK is not set +CONFIG_DEVMEM=y +CONFIG_DEVKMEM=y + +# +# Serial drivers +# +# CONFIG_SERIAL_8250 is not set + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_UARTLITE is not set +# CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_ARC is not set +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +CONFIG_HVC_DRIVER=y +CONFIG_VIRTIO_CONSOLE=y +# CONFIG_IPMI_HANDLER is not set +# CONFIG_HW_RANDOM is not set +# CONFIG_NVRAM is not set +# CONFIG_R3964 is not set +# CONFIG_APPLICOM is not set +# CONFIG_MWAVE is not set +# CONFIG_RAW_DRIVER is not set +# CONFIG_HPET is not set +# CONFIG_HANGCHECK_TIMER is not set +# CONFIG_TCG_TPM is not set +# CONFIG_TELCLOCK is not set +CONFIG_DEVPORT=y +# CONFIG_XILLYBUS is not set + +# +# I2C support +# +# CONFIG_I2C is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set + +# +# PPS support +# +# CONFIG_PPS is not set + +# +# PPS generators support +# + +# +# PTP clock support +# +# CONFIG_PTP_1588_CLOCK is not set + +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y +# CONFIG_GPIOLIB is not set +# CONFIG_W1 is not set +CONFIG_POWER_SUPPLY=y +# CONFIG_POWER_SUPPLY_DEBUG is not set +# CONFIG_PDA_POWER is not set +# CONFIG_TEST_POWER is not set +# CONFIG_BATTERY_DS2780 is not set +# CONFIG_BATTERY_DS2781 is not set +# CONFIG_BATTERY_BQ27XXX is not set +# CONFIG_CHARGER_MAX8903 is not set +# CONFIG_POWER_RESET is not set +# CONFIG_POWER_AVS is not set +CONFIG_HWMON=y +# CONFIG_HWMON_VID is not set +# CONFIG_HWMON_DEBUG_CHIP is not set + +# +# Native drivers +# +# CONFIG_SENSORS_ABITUGURU is not set +# CONFIG_SENSORS_ABITUGURU3 is not set +# CONFIG_SENSORS_K8TEMP is not set +# CONFIG_SENSORS_K10TEMP is not set +# CONFIG_SENSORS_FAM15H_POWER is not set +# CONFIG_SENSORS_APPLESMC is not set +# CONFIG_SENSORS_DELL_SMM is not set +# CONFIG_SENSORS_I5K_AMB is not set +# CONFIG_SENSORS_F71805F is not set +# CONFIG_SENSORS_F71882FG is not set +# CONFIG_SENSORS_I5500 is not set +# CONFIG_SENSORS_CORETEMP is not set +# CONFIG_SENSORS_IT87 is not set +# CONFIG_SENSORS_MAX197 is not set +# CONFIG_SENSORS_PC87360 is not set +# CONFIG_SENSORS_PC87427 is not set +# CONFIG_SENSORS_NTC_THERMISTOR is not set +# CONFIG_SENSORS_NCT6683 is not set +# CONFIG_SENSORS_NCT6775 is not set +# CONFIG_SENSORS_SIS5595 is not set +# CONFIG_SENSORS_SMSC47M1 is not set +# CONFIG_SENSORS_SMSC47B397 is not set +# CONFIG_SENSORS_SCH56XX_COMMON is not set +# CONFIG_SENSORS_VIA_CPUTEMP is not set +# CONFIG_SENSORS_VIA686A is not set +# CONFIG_SENSORS_VT1211 is not set +# CONFIG_SENSORS_VT8231 is not set +# CONFIG_SENSORS_W83627HF is not set +# CONFIG_SENSORS_W83627EHF is not set + +# +# ACPI drivers +# +# CONFIG_SENSORS_ACPI_POWER is not set +# CONFIG_SENSORS_ATK0110 is not set +CONFIG_THERMAL=y +CONFIG_THERMAL_HWMON=y +# CONFIG_THERMAL_WRITABLE_TRIPS is not set +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_THERMAL_DEFAULT_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_GOV_FAIR_SHARE is not set +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +# CONFIG_THERMAL_GOV_USER_SPACE is not set +# CONFIG_THERMAL_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_EMULATION is not set +# CONFIG_INTEL_POWERCLAMP is not set +# CONFIG_INTEL_SOC_DTS_THERMAL is not set +# CONFIG_INT340X_THERMAL is not set +# CONFIG_INTEL_PCH_THERMAL is not set +# CONFIG_WATCHDOG is not set +CONFIG_SSB_POSSIBLE=y + +# +# Sonics Silicon Backplane +# +# CONFIG_SSB is not set +CONFIG_BCMA_POSSIBLE=y + +# +# Broadcom specific AMBA +# +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +# CONFIG_MFD_CORE is not set +# CONFIG_MFD_CROS_EC is not set +# CONFIG_HTC_PASIC3 is not set +# CONFIG_LPC_ICH is not set +# CONFIG_LPC_SCH is not set +# CONFIG_MFD_INTEL_LPSS_ACPI is not set +# CONFIG_MFD_INTEL_LPSS_PCI is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_RTSX_PCI is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_ABX500_CORE is not set +# CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_TI_AM335X_TSCADC is not set +# CONFIG_MFD_TMIO is not set +# CONFIG_MFD_VX855 is not set +# CONFIG_REGULATOR is not set +# CONFIG_MEDIA_SUPPORT is not set + +# +# Graphics support +# +# CONFIG_AGP is not set +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +# CONFIG_VGA_SWITCHEROO is not set +# CONFIG_DRM is not set + +# +# Frame buffer Devices +# +# CONFIG_FB is not set +# CONFIG_BACKLIGHT_LCD_SUPPORT is not set +# CONFIG_VGASTATE is not set + +# +# Console display driver support +# +CONFIG_VGA_CONSOLE=y +# CONFIG_VGACON_SOFT_SCROLLBACK is not set +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +CONFIG_SOUND=y +# CONFIG_SOUND_OSS_CORE is not set +# CONFIG_SND is not set +# CONFIG_SOUND_PRIME is not set + +# +# HID support +# +CONFIG_HID=y +# CONFIG_HID_BATTERY_STRENGTH is not set +# CONFIG_HIDRAW is not set +# CONFIG_UHID is not set +CONFIG_HID_GENERIC=y + +# +# Special HID drivers +# +CONFIG_HID_A4TECH=y +# CONFIG_HID_ACRUX is not set +CONFIG_HID_APPLE=y +# CONFIG_HID_AUREAL is not set +CONFIG_HID_BELKIN=y +CONFIG_HID_CHERRY=y +CONFIG_HID_CHICONY=y +CONFIG_HID_CYPRESS=y +# CONFIG_HID_DRAGONRISE is not set +# CONFIG_HID_EMS_FF is not set +# CONFIG_HID_ELECOM is not set +CONFIG_HID_EZKEY=y +# CONFIG_HID_GEMBIRD is not set +# CONFIG_HID_GFRM is not set +# CONFIG_HID_KEYTOUCH is not set +# CONFIG_HID_KYE is not set +# CONFIG_HID_WALTOP is not set +# CONFIG_HID_GYRATION is not set +# CONFIG_HID_ICADE is not set +# CONFIG_HID_TWINHAN is not set +CONFIG_HID_KENSINGTON=y +# CONFIG_HID_LCPOWER is not set +# CONFIG_HID_LENOVO is not set +CONFIG_HID_LOGITECH=y +# CONFIG_HID_LOGITECH_HIDPP is not set +# CONFIG_LOGITECH_FF is not set +# CONFIG_LOGIRUMBLEPAD2_FF is not set +# CONFIG_LOGIG940_FF is not set +# CONFIG_LOGIWHEELS_FF is not set +# CONFIG_HID_MAGICMOUSE is not set +CONFIG_HID_MICROSOFT=y +CONFIG_HID_MONTEREY=y +# CONFIG_HID_MULTITOUCH is not set +# CONFIG_HID_ORTEK is not set +# CONFIG_HID_PANTHERLORD is not set +# CONFIG_HID_PETALYNX is not set +# CONFIG_HID_PICOLCD is not set +CONFIG_HID_PLANTRONICS=y +# CONFIG_HID_PRIMAX is not set +# CONFIG_HID_SAITEK is not set +# CONFIG_HID_SAMSUNG is not set +# CONFIG_HID_SPEEDLINK is not set +# CONFIG_HID_STEELSERIES is not set +# CONFIG_HID_SUNPLUS is not set +# CONFIG_HID_RMI is not set +# CONFIG_HID_GREENASIA is not set +# CONFIG_HID_SMARTJOYPLUS is not set +# CONFIG_HID_TIVO is not set +# CONFIG_HID_TOPSEED is not set +# CONFIG_HID_THRUSTMASTER is not set +# CONFIG_HID_WACOM is not set +# CONFIG_HID_XINMO is not set +# CONFIG_HID_ZEROPLUS is not set +# CONFIG_HID_ZYDACRON is not set +# CONFIG_HID_SENSOR_HUB is not set +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +CONFIG_USB_SUPPORT=y +CONFIG_USB_ARCH_HAS_HCD=y +# CONFIG_USB is not set + +# +# USB port drivers +# + +# +# USB Physical Layer drivers +# +# CONFIG_USB_PHY is not set +# CONFIG_NOP_USB_XCEIV is not set +# CONFIG_USB_GADGET is not set +# CONFIG_UWB is not set +# CONFIG_MMC is not set +# CONFIG_MEMSTICK is not set +# CONFIG_NEW_LEDS is not set +# CONFIG_ACCESSIBILITY is not set +# CONFIG_INFINIBAND is not set +CONFIG_EDAC_ATOMIC_SCRUB=y +CONFIG_EDAC_SUPPORT=y +# CONFIG_EDAC is not set +CONFIG_RTC_LIB=y +# CONFIG_RTC_CLASS is not set +# CONFIG_DMADEVICES is not set +# CONFIG_AUXDISPLAY is not set +# CONFIG_UIO is not set +# CONFIG_VIRT_DRIVERS is not set +CONFIG_VIRTIO=y + +# +# Virtio drivers +# +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_BALLOON=y +# CONFIG_VIRTIO_INPUT is not set +CONFIG_VIRTIO_MMIO=y +# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set + +# +# Microsoft Hyper-V guest support +# +# CONFIG_STAGING is not set +CONFIG_X86_PLATFORM_DEVICES=y +# CONFIG_ACERHDF is not set +# CONFIG_DELL_SMO8800 is not set +# CONFIG_FUJITSU_TABLET is not set +# CONFIG_HP_ACCEL is not set +# CONFIG_HP_WIRELESS is not set +# CONFIG_SENSORS_HDAPS is not set +# CONFIG_INTEL_MENLOW is not set +# CONFIG_ACPI_WMI is not set +# CONFIG_TOPSTAR_LAPTOP is not set +# CONFIG_TOSHIBA_BT_RFKILL is not set +# CONFIG_TOSHIBA_HAPS is not set +# CONFIG_ACPI_CMPC is not set +# CONFIG_INTEL_IPS is not set +# CONFIG_IBM_RTL is not set +# CONFIG_SAMSUNG_Q10 is not set +# CONFIG_INTEL_RST is not set +# CONFIG_INTEL_SMARTCONNECT is not set +# CONFIG_PVPANIC is not set +# CONFIG_INTEL_PMC_IPC is not set +# CONFIG_SURFACE_PRO3_BUTTON is not set +# CONFIG_CHROME_PLATFORMS is not set + +# +# Hardware Spinlock drivers +# + +# +# Clock Source drivers +# +CONFIG_CLKEVT_I8253=y +CONFIG_I8253_LOCK=y +CONFIG_CLKBLD_I8253=y +# CONFIG_ATMEL_PIT is not set +# CONFIG_SH_TIMER_CMT is not set +# CONFIG_SH_TIMER_MTU2 is not set +# CONFIG_SH_TIMER_TMU is not set +# CONFIG_EM_TIMER_STI is not set +# CONFIG_MAILBOX is not set +CONFIG_IOMMU_SUPPORT=y + +# +# Generic IOMMU Pagetable Support +# +# CONFIG_AMD_IOMMU is not set +# CONFIG_INTEL_IOMMU is not set +# CONFIG_IRQ_REMAP is not set + +# +# Remoteproc drivers +# +# CONFIG_STE_MODEM_RPROC is not set + +# +# Rpmsg drivers +# + +# +# SOC (System On Chip) specific Drivers +# +# CONFIG_SUNXI_SRAM is not set +# CONFIG_SOC_TI is not set +# CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +# CONFIG_IIO is not set +# CONFIG_NTB is not set +# CONFIG_VME_BUS is not set +# CONFIG_PWM is not set +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set +# CONFIG_FMC is not set + +# +# PHY Subsystem +# +# CONFIG_GENERIC_PHY is not set +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# CONFIG_BCM_KONA_USB2_PHY is not set +# CONFIG_POWERCAP is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# CONFIG_RAS is not set +# CONFIG_THUNDERBOLT is not set + +# +# Android +# +# CONFIG_ANDROID is not set +# CONFIG_LIBNVDIMM is not set +# CONFIG_NVMEM is not set +# CONFIG_STM is not set +# CONFIG_STM_DUMMY is not set +# CONFIG_STM_SOURCE_CONSOLE is not set +# CONFIG_INTEL_TH is not set + +# +# FPGA Configuration Support +# +# CONFIG_FPGA is not set + +# +# Firmware Drivers +# +# CONFIG_EDD is not set +CONFIG_FIRMWARE_MEMMAP=y +# CONFIG_DELL_RBU is not set +# CONFIG_DCDBAS is not set +CONFIG_DMIID=y +# CONFIG_DMI_SYSFS is not set +CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y +# CONFIG_ISCSI_IBFT_FIND is not set +# CONFIG_GOOGLE_FIRMWARE is not set + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +CONFIG_EXT2_FS=y +# CONFIG_EXT2_FS_XATTR is not set +CONFIG_EXT3_FS=y +# CONFIG_EXT3_FS_POSIX_ACL is not set +# CONFIG_EXT3_FS_SECURITY is not set +CONFIG_EXT4_FS=y +# CONFIG_EXT4_FS_POSIX_ACL is not set +# CONFIG_EXT4_FS_SECURITY is not set +# CONFIG_EXT4_ENCRYPTION is not set +# CONFIG_EXT4_DEBUG is not set +CONFIG_JBD2=y +# CONFIG_JBD2_DEBUG is not set +CONFIG_FS_MBCACHE=y +CONFIG_REISERFS_FS=y +# CONFIG_REISERFS_CHECK is not set +# CONFIG_REISERFS_PROC_INFO is not set +# CONFIG_REISERFS_FS_XATTR is not set +# CONFIG_JFS_FS is not set +# CONFIG_XFS_FS is not set +# CONFIG_GFS2_FS is not set +# CONFIG_BTRFS_FS is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +# CONFIG_FS_DAX is not set +CONFIG_FS_POSIX_ACL=y +CONFIG_FILE_LOCKING=y +CONFIG_FSNOTIFY=y +CONFIG_DNOTIFY=y +CONFIG_INOTIFY_USER=y +# CONFIG_FANOTIFY is not set +CONFIG_QUOTA=y +# CONFIG_QUOTA_NETLINK_INTERFACE is not set +CONFIG_PRINT_QUOTA_WARNING=y +# CONFIG_QUOTA_DEBUG is not set +# CONFIG_QFMT_V1 is not set +# CONFIG_QFMT_V2 is not set +CONFIG_QUOTACTL=y +CONFIG_AUTOFS4_FS=y +# CONFIG_FUSE_FS is not set +# CONFIG_OVERLAY_FS is not set + +# +# Caches +# +# CONFIG_FSCACHE is not set + +# +# CD-ROM/DVD Filesystems +# +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +# CONFIG_ZISOFS is not set +# CONFIG_UDF_FS is not set + +# +# DOS/FAT/NT Filesystems +# +# CONFIG_MSDOS_FS is not set +# CONFIG_VFAT_FS is not set +# CONFIG_NTFS_FS is not set + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +CONFIG_PROC_KCORE=y +CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y +# CONFIG_PROC_CHILDREN is not set +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +# CONFIG_TMPFS_POSIX_ACL is not set +# CONFIG_TMPFS_XATTR is not set +# CONFIG_HUGETLBFS is not set +# CONFIG_HUGETLB_PAGE is not set +# CONFIG_CONFIGFS_FS is not set +CONFIG_MISC_FILESYSTEMS=y +# CONFIG_ADFS_FS is not set +# CONFIG_AFFS_FS is not set +# CONFIG_HFS_FS is not set +# CONFIG_HFSPLUS_FS is not set +# CONFIG_BEFS_FS is not set +# CONFIG_BFS_FS is not set +# CONFIG_EFS_FS is not set +# CONFIG_LOGFS is not set +# CONFIG_CRAMFS is not set +# CONFIG_SQUASHFS is not set +# CONFIG_VXFS_FS is not set +# CONFIG_MINIX_FS is not set +# CONFIG_OMFS_FS is not set +# CONFIG_HPFS_FS is not set +# CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set +# CONFIG_ROMFS_FS is not set +# CONFIG_PSTORE is not set +# CONFIG_SYSV_FS is not set +# CONFIG_UFS_FS is not set +CONFIG_NETWORK_FILESYSTEMS=y +# CONFIG_NFS_FS is not set +# CONFIG_NFSD is not set +# CONFIG_CEPH_FS is not set +# CONFIG_CIFS is not set +# CONFIG_NCP_FS is not set +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_9P_FS=y +CONFIG_9P_FS_POSIX_ACL=y +# CONFIG_9P_FS_SECURITY is not set +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="iso8859-1" +# CONFIG_NLS_CODEPAGE_437 is not set +# CONFIG_NLS_CODEPAGE_737 is not set +# CONFIG_NLS_CODEPAGE_775 is not set +# CONFIG_NLS_CODEPAGE_850 is not set +# CONFIG_NLS_CODEPAGE_852 is not set +# CONFIG_NLS_CODEPAGE_855 is not set +# CONFIG_NLS_CODEPAGE_857 is not set +# CONFIG_NLS_CODEPAGE_860 is not set +# CONFIG_NLS_CODEPAGE_861 is not set +# CONFIG_NLS_CODEPAGE_862 is not set +# CONFIG_NLS_CODEPAGE_863 is not set +# CONFIG_NLS_CODEPAGE_864 is not set +# CONFIG_NLS_CODEPAGE_865 is not set +# CONFIG_NLS_CODEPAGE_866 is not set +# CONFIG_NLS_CODEPAGE_869 is not set +# CONFIG_NLS_CODEPAGE_936 is not set +# CONFIG_NLS_CODEPAGE_950 is not set +# CONFIG_NLS_CODEPAGE_932 is not set +# CONFIG_NLS_CODEPAGE_949 is not set +# CONFIG_NLS_CODEPAGE_874 is not set +# CONFIG_NLS_ISO8859_8 is not set +# CONFIG_NLS_CODEPAGE_1250 is not set +# CONFIG_NLS_CODEPAGE_1251 is not set +# CONFIG_NLS_ASCII is not set +# CONFIG_NLS_ISO8859_1 is not set +# CONFIG_NLS_ISO8859_2 is not set +# CONFIG_NLS_ISO8859_3 is not set +# CONFIG_NLS_ISO8859_4 is not set +# CONFIG_NLS_ISO8859_5 is not set +# CONFIG_NLS_ISO8859_6 is not set +# CONFIG_NLS_ISO8859_7 is not set +# CONFIG_NLS_ISO8859_9 is not set +# CONFIG_NLS_ISO8859_13 is not set +# CONFIG_NLS_ISO8859_14 is not set +# CONFIG_NLS_ISO8859_15 is not set +# CONFIG_NLS_KOI8_R is not set +# CONFIG_NLS_KOI8_U is not set +# CONFIG_NLS_MAC_ROMAN is not set +# CONFIG_NLS_MAC_CELTIC is not set +# CONFIG_NLS_MAC_CENTEURO is not set +# CONFIG_NLS_MAC_CROATIAN is not set +# CONFIG_NLS_MAC_CYRILLIC is not set +# CONFIG_NLS_MAC_GAELIC is not set +# CONFIG_NLS_MAC_GREEK is not set +# CONFIG_NLS_MAC_ICELAND is not set +# CONFIG_NLS_MAC_INUIT is not set +# CONFIG_NLS_MAC_ROMANIAN is not set +# CONFIG_NLS_MAC_TURKISH is not set +# CONFIG_NLS_UTF8 is not set + +# +# Kernel hacking +# +CONFIG_TRACE_IRQFLAGS_SUPPORT=y + +# +# printk and dmesg options +# +# CONFIG_PRINTK_TIME is not set +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_BOOT_PRINTK_DELAY is not set + +# +# Compile-time checks and compiler options +# +CONFIG_DEBUG_INFO=y +# CONFIG_DEBUG_INFO_REDUCED is not set +# CONFIG_DEBUG_INFO_SPLIT is not set +# CONFIG_DEBUG_INFO_DWARF4 is not set +# CONFIG_GDB_SCRIPTS is not set +CONFIG_ENABLE_WARN_DEPRECATED=y +CONFIG_ENABLE_MUST_CHECK=y +CONFIG_FRAME_WARN=1024 +# CONFIG_STRIP_ASM_SYMS is not set +# CONFIG_READABLE_ASM is not set +# CONFIG_UNUSED_SYMBOLS is not set +# CONFIG_PAGE_OWNER is not set +# CONFIG_DEBUG_FS is not set +# CONFIG_HEADERS_CHECK is not set +# CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +CONFIG_ARCH_WANT_FRAME_POINTERS=y +CONFIG_FRAME_POINTER=y +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +# CONFIG_MAGIC_SYSRQ is not set +CONFIG_DEBUG_KERNEL=y + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +# CONFIG_DEBUG_OBJECTS is not set +# CONFIG_DEBUG_SLAB is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_DEBUG_STACK_USAGE is not set +# CONFIG_DEBUG_VM is not set +# CONFIG_DEBUG_VIRTUAL is not set +CONFIG_DEBUG_MEMORY_INIT=y +CONFIG_HAVE_DEBUG_STACKOVERFLOW=y +# CONFIG_DEBUG_STACKOVERFLOW is not set +CONFIG_HAVE_ARCH_KMEMCHECK=y +CONFIG_HAVE_ARCH_KASAN=y +# CONFIG_DEBUG_SHIRQ is not set + +# +# Debug Lockups and Hangs +# +# CONFIG_LOCKUP_DETECTOR is not set +CONFIG_DETECT_HUNG_TASK=y +CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 +# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set +CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0 +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 +CONFIG_PANIC_TIMEOUT=0 +# CONFIG_SCHED_DEBUG is not set +# CONFIG_SCHED_INFO is not set +# CONFIG_SCHEDSTATS is not set +# CONFIG_SCHED_STACK_END_CHECK is not set +# CONFIG_DEBUG_TIMEKEEPING is not set +# CONFIG_TIMER_STATS is not set + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set +# CONFIG_STACKTRACE is not set +# CONFIG_DEBUG_KOBJECT is not set +CONFIG_DEBUG_BUGVERBOSE=y +# CONFIG_DEBUG_LIST is not set +# CONFIG_DEBUG_PI_LIST is not set +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_NOTIFIERS is not set +# CONFIG_DEBUG_CREDENTIALS is not set + +# +# RCU Debugging +# +# CONFIG_PROVE_RCU is not set +# CONFIG_SPARSE_RCU_POINTER is not set +# CONFIG_TORTURE_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +# CONFIG_RCU_TRACE is not set +# CONFIG_RCU_EQS_DEBUG is not set +# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set +# CONFIG_LATENCYTOP is not set +CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y +# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set +CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_TRACING_SUPPORT=y +CONFIG_FTRACE=y +# CONFIG_FUNCTION_TRACER is not set +# CONFIG_IRQSOFF_TRACER is not set +# CONFIG_SCHED_TRACER is not set +# CONFIG_ENABLE_DEFAULT_TRACERS is not set +# CONFIG_FTRACE_SYSCALLS is not set +# CONFIG_TRACER_SNAPSHOT is not set +CONFIG_BRANCH_PROFILE_NONE=y +# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set +# CONFIG_PROFILE_ALL_BRANCHES is not set +# CONFIG_STACK_TRACER is not set +# CONFIG_BLK_DEV_IO_TRACE is not set +# CONFIG_UPROBE_EVENT is not set +# CONFIG_PROBE_EVENTS is not set +# CONFIG_MMIOTRACE is not set +# CONFIG_TRACEPOINT_BENCHMARK is not set + +# +# Runtime Testing +# +# CONFIG_TEST_LIST_SORT is not set +# CONFIG_BACKTRACE_SELF_TEST is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_ATOMIC64_SELFTEST is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_TEST_STRING_HELPERS is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_PRINTF is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set +# CONFIG_DMA_API_DEBUG is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_MEMTEST is not set +# CONFIG_SAMPLES is not set +CONFIG_HAVE_ARCH_KGDB=y +# CONFIG_KGDB is not set +# CONFIG_STRICT_DEVMEM is not set +CONFIG_X86_VERBOSE_BOOTUP=y +CONFIG_EARLY_PRINTK=y +# CONFIG_EARLY_PRINTK_DBGP is not set +# CONFIG_X86_PTDUMP_CORE is not set +# CONFIG_X86_PTDUMP is not set +CONFIG_DEBUG_RODATA=y +CONFIG_DEBUG_RODATA_TEST=y +# CONFIG_DEBUG_WX is not set +CONFIG_DOUBLEFAULT=y +# CONFIG_DEBUG_TLBFLUSH is not set +# CONFIG_IOMMU_DEBUG is not set +# CONFIG_IOMMU_STRESS is not set +CONFIG_HAVE_MMIOTRACE_SUPPORT=y +CONFIG_IO_DELAY_TYPE_0X80=0 +CONFIG_IO_DELAY_TYPE_0XED=1 +CONFIG_IO_DELAY_TYPE_UDELAY=2 +CONFIG_IO_DELAY_TYPE_NONE=3 +CONFIG_IO_DELAY_0X80=y +# CONFIG_IO_DELAY_0XED is not set +# CONFIG_IO_DELAY_UDELAY is not set +# CONFIG_IO_DELAY_NONE is not set +CONFIG_DEFAULT_IO_DELAY_TYPE=0 +# CONFIG_CPA_DEBUG is not set +# CONFIG_OPTIMIZE_INLINING is not set +# CONFIG_DEBUG_ENTRY is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set +# CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set +CONFIG_X86_DEBUG_FPU=y +# CONFIG_PUNIT_ATOM_DEBUG is not set + +# +# Security options +# +# CONFIG_KEYS is not set +# CONFIG_SECURITY_DMESG_RESTRICT is not set +# CONFIG_SECURITY is not set +# CONFIG_SECURITYFS is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_DEFAULT_SECURITY="" +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_BLKCIPHER=y +CONFIG_CRYPTO_BLKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_RNG_DEFAULT=y +CONFIG_CRYPTO_PCOMP=y +CONFIG_CRYPTO_PCOMP2=y +CONFIG_CRYPTO_AKCIPHER2=y +# CONFIG_CRYPTO_RSA is not set +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +CONFIG_CRYPTO_USER=y +CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y +CONFIG_CRYPTO_GF128MUL=y +CONFIG_CRYPTO_NULL=y +CONFIG_CRYPTO_NULL2=y +CONFIG_CRYPTO_WORKQUEUE=y +CONFIG_CRYPTO_CRYPTD=y +# CONFIG_CRYPTO_MCRYPTD is not set +CONFIG_CRYPTO_AUTHENC=y +CONFIG_CRYPTO_ABLK_HELPER=y +CONFIG_CRYPTO_GLUE_HELPER_X86=y + +# +# Authenticated Encryption with Associated Data +# +CONFIG_CRYPTO_CCM=y +CONFIG_CRYPTO_GCM=y +CONFIG_CRYPTO_CHACHA20POLY1305=y +CONFIG_CRYPTO_SEQIV=y +CONFIG_CRYPTO_ECHAINIV=y + +# +# Block modes +# +CONFIG_CRYPTO_CBC=y +CONFIG_CRYPTO_CTR=y +# CONFIG_CRYPTO_CTS is not set +CONFIG_CRYPTO_ECB=y +CONFIG_CRYPTO_LRW=y +CONFIG_CRYPTO_PCBC=y +CONFIG_CRYPTO_XTS=y +# CONFIG_CRYPTO_KEYWRAP is not set + +# +# Hash modes +# +CONFIG_CRYPTO_CMAC=y +CONFIG_CRYPTO_HMAC=y +CONFIG_CRYPTO_XCBC=y +# CONFIG_CRYPTO_VMAC is not set + +# +# Digest +# +CONFIG_CRYPTO_CRC32C=y +# CONFIG_CRYPTO_CRC32C_INTEL is not set +# CONFIG_CRYPTO_CRC32 is not set +# CONFIG_CRYPTO_CRC32_PCLMUL is not set +# CONFIG_CRYPTO_CRCT10DIF is not set +CONFIG_CRYPTO_GHASH=y +CONFIG_CRYPTO_POLY1305=y +CONFIG_CRYPTO_POLY1305_X86_64=y +CONFIG_CRYPTO_MD4=y +CONFIG_CRYPTO_MD5=y +CONFIG_CRYPTO_MICHAEL_MIC=y +CONFIG_CRYPTO_RMD128=y +CONFIG_CRYPTO_RMD160=y +CONFIG_CRYPTO_RMD256=y +CONFIG_CRYPTO_RMD320=y +CONFIG_CRYPTO_SHA1=y +# CONFIG_CRYPTO_SHA1_SSSE3 is not set +CONFIG_CRYPTO_SHA256_SSSE3=y +CONFIG_CRYPTO_SHA512_SSSE3=y +# CONFIG_CRYPTO_SHA1_MB is not set +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA512=y +CONFIG_CRYPTO_TGR192=y +CONFIG_CRYPTO_WP512=y +# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set + +# +# Ciphers +# +CONFIG_CRYPTO_AES=y +CONFIG_CRYPTO_AES_X86_64=y +CONFIG_CRYPTO_AES_NI_INTEL=y +CONFIG_CRYPTO_ANUBIS=y +CONFIG_CRYPTO_ARC4=y +CONFIG_CRYPTO_BLOWFISH=y +CONFIG_CRYPTO_BLOWFISH_COMMON=y +CONFIG_CRYPTO_BLOWFISH_X86_64=y +CONFIG_CRYPTO_CAMELLIA=y +CONFIG_CRYPTO_CAMELLIA_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y +CONFIG_CRYPTO_CAST_COMMON=y +CONFIG_CRYPTO_CAST5=y +CONFIG_CRYPTO_CAST5_AVX_X86_64=y +CONFIG_CRYPTO_CAST6=y +CONFIG_CRYPTO_CAST6_AVX_X86_64=y +CONFIG_CRYPTO_DES=y +# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set +CONFIG_CRYPTO_FCRYPT=y +CONFIG_CRYPTO_KHAZAD=y +CONFIG_CRYPTO_SALSA20=y +CONFIG_CRYPTO_SALSA20_X86_64=y +CONFIG_CRYPTO_CHACHA20=y +CONFIG_CRYPTO_CHACHA20_X86_64=y +CONFIG_CRYPTO_SEED=y +CONFIG_CRYPTO_SERPENT=y +CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX2_X86_64=y +CONFIG_CRYPTO_TEA=y +CONFIG_CRYPTO_TWOFISH=y +CONFIG_CRYPTO_TWOFISH_COMMON=y +CONFIG_CRYPTO_TWOFISH_X86_64=y +CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y +CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y + +# +# Compression +# +CONFIG_CRYPTO_DEFLATE=y +CONFIG_CRYPTO_ZLIB=y +CONFIG_CRYPTO_LZO=y +CONFIG_CRYPTO_842=y +CONFIG_CRYPTO_LZ4=y +CONFIG_CRYPTO_LZ4HC=y + +# +# Random Number Generation +# +# CONFIG_CRYPTO_ANSI_CPRNG is not set +CONFIG_CRYPTO_DRBG_MENU=y +CONFIG_CRYPTO_DRBG_HMAC=y +CONFIG_CRYPTO_DRBG_HASH=y +CONFIG_CRYPTO_DRBG_CTR=y +CONFIG_CRYPTO_DRBG=y +CONFIG_CRYPTO_JITTERENTROPY=y +CONFIG_CRYPTO_USER_API=y +CONFIG_CRYPTO_USER_API_HASH=y +CONFIG_CRYPTO_USER_API_SKCIPHER=y +# CONFIG_CRYPTO_USER_API_RNG is not set +CONFIG_CRYPTO_USER_API_AEAD=y +# CONFIG_CRYPTO_HW is not set + +# +# Certificates for signature checking +# +CONFIG_HAVE_KVM=y +CONFIG_VIRTUALIZATION=y +# CONFIG_KVM is not set +# CONFIG_BINARY_PRINTF is not set + +# +# Library routines +# +CONFIG_BITREVERSE=y +# CONFIG_HAVE_ARCH_BITREVERSE is not set +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +CONFIG_GENERIC_FIND_FIRST_BIT=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y +CONFIG_GENERIC_IO=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_CRC_CCITT=y +CONFIG_CRC16=y +# CONFIG_CRC_T10DIF is not set +CONFIG_CRC_ITU_T=y +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +CONFIG_CRC7=y +CONFIG_LIBCRC32C=y +# CONFIG_CRC8 is not set +# CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set +# CONFIG_RANDOM32_SELFTEST is not set +CONFIG_842_COMPRESS=y +CONFIG_842_DECOMPRESS=y +CONFIG_ZLIB_INFLATE=y +CONFIG_ZLIB_DEFLATE=y +CONFIG_LZO_COMPRESS=y +CONFIG_LZO_DECOMPRESS=y +CONFIG_LZ4_COMPRESS=y +CONFIG_LZ4HC_COMPRESS=y +CONFIG_LZ4_DECOMPRESS=y +# CONFIG_XZ_DEC is not set +# CONFIG_XZ_DEC_BCJ is not set +CONFIG_TEXTSEARCH=y +CONFIG_TEXTSEARCH_KMP=y +CONFIG_TEXTSEARCH_BM=y +CONFIG_TEXTSEARCH_FSM=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +CONFIG_DQL=y +CONFIG_NLATTR=y +CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y +# CONFIG_CORDIC is not set +# CONFIG_DDR is not set +# CONFIG_SG_SPLIT is not set +CONFIG_ARCH_HAS_SG_CHAIN=y +CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_ARCH_HAS_MMIO_FLUSH=y diff --git a/testing/config/kernel/config-4.5 b/testing/config/kernel/config-4.5 new file mode 100644 index 000000000..541ffdcd0 --- /dev/null +++ b/testing/config/kernel/config-4.5 @@ -0,0 +1,2391 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86 4.5.0 Kernel Configuration +# +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_INSTRUCTION_DECODER=y +CONFIG_PERF_EVENTS_INTEL_UNCORE=y +CONFIG_OUTPUT_FORMAT="elf64-x86-64" +CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig" +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_MMU=y +CONFIG_ARCH_MMAP_RND_BITS_MIN=28 +CONFIG_ARCH_MMAP_RND_BITS_MAX=32 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_GENERIC_ISA_DMA=y +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_GENERIC_HWEIGHT=y +CONFIG_ARCH_MAY_HAVE_PC_FDC=y +CONFIG_RWSEM_XCHGADD_ALGORITHM=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_HAS_CPU_RELAX=y +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_SUSPEND_POSSIBLE=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_ZONE_DMA32=y +CONFIG_AUDIT_ARCH=y +CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11" +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_PGTABLE_LEVELS=4 +CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_EXTABLE_SORT=y + +# +# General setup +# +CONFIG_BROKEN_ON_SMP=y +CONFIG_INIT_ENV_ARG_LIMIT=32 +CONFIG_CROSS_COMPILE="" +# CONFIG_COMPILE_TEST is not set +CONFIG_LOCALVERSION="" +CONFIG_LOCALVERSION_AUTO=y +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_BZIP2=y +CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_HAVE_KERNEL_LZ4=y +CONFIG_KERNEL_GZIP=y +# CONFIG_KERNEL_BZIP2 is not set +# CONFIG_KERNEL_LZMA is not set +# CONFIG_KERNEL_XZ is not set +# CONFIG_KERNEL_LZO is not set +# CONFIG_KERNEL_LZ4 is not set +CONFIG_DEFAULT_HOSTNAME="(none)" +CONFIG_SWAP=y +CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y +CONFIG_POSIX_MQUEUE=y +CONFIG_POSIX_MQUEUE_SYSCTL=y +CONFIG_CROSS_MEMORY_ATTACH=y +# CONFIG_FHANDLE is not set +CONFIG_USELIB=y +# CONFIG_AUDIT is not set +CONFIG_HAVE_ARCH_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_MSI_IRQ=y +CONFIG_GENERIC_MSI_IRQ_DOMAIN=y +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_ARCH_CLOCKSOURCE_DATA=y +CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +CONFIG_NO_HZ_IDLE=y +CONFIG_NO_HZ=y +CONFIG_HIGH_RES_TIMERS=y + +# +# CPU/Task time and stats accounting +# +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set +# CONFIG_IRQ_TIME_ACCOUNTING is not set +CONFIG_BSD_PROCESS_ACCT=y +# CONFIG_BSD_PROCESS_ACCT_V3 is not set +# CONFIG_TASKSTATS is not set + +# +# RCU Subsystem +# +CONFIG_TINY_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_SRCU=y +# CONFIG_TASKS_RCU is not set +# CONFIG_RCU_STALL_COMMON is not set +# CONFIG_TREE_RCU_TRACE is not set +# CONFIG_RCU_EXPEDITE_BOOT is not set +CONFIG_BUILD_BIN2C=y +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +CONFIG_LOG_BUF_SHIFT=14 +CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_SUPPORTS_INT128=y +CONFIG_CGROUPS=y +CONFIG_PAGE_COUNTER=y +CONFIG_MEMCG=y +CONFIG_MEMCG_SWAP=y +CONFIG_MEMCG_SWAP_ENABLED=y +CONFIG_BLK_CGROUP=y +# CONFIG_DEBUG_BLK_CGROUP is not set +CONFIG_CGROUP_WRITEBACK=y +CONFIG_CGROUP_SCHED=y +CONFIG_FAIR_GROUP_SCHED=y +CONFIG_CFS_BANDWIDTH=y +# CONFIG_RT_GROUP_SCHED is not set +CONFIG_CGROUP_PIDS=y +CONFIG_CGROUP_FREEZER=y +CONFIG_CPUSETS=y +CONFIG_PROC_PID_CPUSET=y +CONFIG_CGROUP_DEVICE=y +CONFIG_CGROUP_CPUACCT=y +CONFIG_CGROUP_PERF=y +# CONFIG_CGROUP_DEBUG is not set +# CONFIG_CHECKPOINT_RESTORE is not set +CONFIG_NAMESPACES=y +# CONFIG_UTS_NS is not set +# CONFIG_IPC_NS is not set +# CONFIG_USER_NS is not set +# CONFIG_PID_NS is not set +# CONFIG_NET_NS is not set +# CONFIG_SCHED_AUTOGROUP is not set +# CONFIG_SYSFS_DEPRECATED is not set +# CONFIG_RELAY is not set +# CONFIG_BLK_DEV_INITRD is not set +CONFIG_CC_OPTIMIZE_FOR_SIZE=y +CONFIG_SYSCTL=y +CONFIG_ANON_INODES=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_HAVE_PCSPKR_PLATFORM=y +CONFIG_BPF=y +# CONFIG_EXPERT is not set +CONFIG_MULTIUSER=y +CONFIG_SGETMASK_SYSCALL=y +CONFIG_SYSFS_SYSCALL=y +# CONFIG_SYSCTL_SYSCALL is not set +CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_ALL is not set +CONFIG_PRINTK=y +CONFIG_BUG=y +CONFIG_ELF_CORE=y +CONFIG_PCSPKR_PLATFORM=y +CONFIG_BASE_FULL=y +CONFIG_FUTEX=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +# CONFIG_BPF_SYSCALL is not set +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_ADVISE_SYSCALLS=y +# CONFIG_USERFAULTFD is not set +CONFIG_PCI_QUIRKS=y +CONFIG_MEMBARRIER=y +# CONFIG_EMBEDDED is not set +CONFIG_HAVE_PERF_EVENTS=y + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +CONFIG_VM_EVENT_COUNTERS=y +CONFIG_COMPAT_BRK=y +CONFIG_SLAB=y +# CONFIG_SLUB is not set +# CONFIG_SYSTEM_DATA_VERIFICATION is not set +# CONFIG_PROFILING is not set +CONFIG_HAVE_OPROFILE=y +CONFIG_OPROFILE_NMI_TIMER=y +# CONFIG_JUMP_LABEL is not set +# CONFIG_UPROBES is not set +# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_ARCH_USE_BUILTIN_BSWAP=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KPROBES=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_OPTPROBES=y +CONFIG_HAVE_KPROBES_ON_FTRACE=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_DMA_API_DEBUG=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y +CONFIG_HAVE_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP_FILTER=y +CONFIG_HAVE_CC_STACKPROTECTOR=y +CONFIG_CC_STACKPROTECTOR=y +# CONFIG_CC_STACKPROTECTOR_NONE is not set +CONFIG_CC_STACKPROTECTOR_REGULAR=y +# CONFIG_CC_STACKPROTECTOR_STRONG is not set +CONFIG_HAVE_CONTEXT_TRACKING=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_HAVE_ARCH_SOFT_DIRTY=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_ARCH_MMAP_RND_BITS=y +CONFIG_ARCH_MMAP_RND_BITS=28 +CONFIG_HAVE_COPY_THREAD_TLS=y + +# +# GCOV-based kernel profiling +# +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set +CONFIG_SLABINFO=y +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=0 +# CONFIG_MODULES is not set +CONFIG_MODULES_TREE_LOOKUP=y +CONFIG_BLOCK=y +# CONFIG_BLK_DEV_BSG is not set +# CONFIG_BLK_DEV_BSGLIB is not set +# CONFIG_BLK_DEV_INTEGRITY is not set +# CONFIG_BLK_DEV_THROTTLING is not set +# CONFIG_BLK_CMDLINE_PARSER is not set + +# +# Partition Types +# +# CONFIG_PARTITION_ADVANCED is not set +CONFIG_MSDOS_PARTITION=y +CONFIG_EFI_PARTITION=y + +# +# IO Schedulers +# +CONFIG_IOSCHED_NOOP=y +CONFIG_IOSCHED_DEADLINE=y +CONFIG_IOSCHED_CFQ=y +# CONFIG_CFQ_GROUP_IOSCHED is not set +# CONFIG_DEFAULT_DEADLINE is not set +CONFIG_DEFAULT_CFQ=y +# CONFIG_DEFAULT_NOOP is not set +CONFIG_DEFAULT_IOSCHED="cfq" +CONFIG_INLINE_SPIN_UNLOCK_IRQ=y +CONFIG_INLINE_READ_UNLOCK=y +CONFIG_INLINE_READ_UNLOCK_IRQ=y +CONFIG_INLINE_WRITE_UNLOCK=y +CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_FREEZER=y + +# +# Processor type and features +# +CONFIG_ZONE_DMA=y +# CONFIG_SMP is not set +CONFIG_X86_FEATURE_NAMES=y +CONFIG_X86_FAST_FEATURE_TESTS=y +CONFIG_X86_MPPARSE=y +CONFIG_X86_EXTENDED_PLATFORM=y +# CONFIG_X86_GOLDFISH is not set +# CONFIG_X86_INTEL_MID is not set +# CONFIG_X86_INTEL_LPSS is not set +# CONFIG_X86_AMD_PLATFORM_DEVICE is not set +CONFIG_IOSF_MBI=y +CONFIG_SCHED_OMIT_FRAME_POINTER=y +# CONFIG_HYPERVISOR_GUEST is not set +CONFIG_NO_BOOTMEM=y +# CONFIG_MK8 is not set +# CONFIG_MPSC is not set +CONFIG_MCORE2=y +# CONFIG_MATOM is not set +# CONFIG_GENERIC_CPU is not set +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 +CONFIG_X86_L1_CACHE_SHIFT=6 +CONFIG_X86_INTEL_USERCOPY=y +CONFIG_X86_USE_PPRO_CHECKSUM=y +CONFIG_X86_P6_NOP=y +CONFIG_X86_TSC=y +CONFIG_X86_CMPXCHG64=y +CONFIG_X86_CMOV=y +CONFIG_X86_MINIMUM_CPU_FAMILY=64 +CONFIG_X86_DEBUGCTLMSR=y +CONFIG_CPU_SUP_INTEL=y +CONFIG_CPU_SUP_AMD=y +CONFIG_CPU_SUP_CENTAUR=y +CONFIG_HPET_TIMER=y +CONFIG_DMI=y +CONFIG_GART_IOMMU=y +# CONFIG_CALGARY_IOMMU is not set +CONFIG_SWIOTLB=y +CONFIG_IOMMU_HELPER=y +CONFIG_NR_CPUS=1 +CONFIG_PREEMPT_NONE=y +# CONFIG_PREEMPT_VOLUNTARY is not set +# CONFIG_PREEMPT is not set +CONFIG_UP_LATE_INIT=y +CONFIG_X86_LOCAL_APIC=y +CONFIG_X86_IO_APIC=y +# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set +# CONFIG_X86_MCE is not set +# CONFIG_VM86 is not set +CONFIG_X86_16BIT=y +CONFIG_X86_ESPFIX64=y +CONFIG_X86_VSYSCALL_EMULATION=y +# CONFIG_I8K is not set +# CONFIG_X86_MSR is not set +# CONFIG_X86_CPUID is not set +CONFIG_ARCH_PHYS_ADDR_T_64BIT=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_X86_DIRECT_GBPAGES=y +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_DEFAULT=y +CONFIG_ARCH_SELECT_MEMORY_MODEL=y +CONFIG_ARCH_MEMORY_PROBE=y +CONFIG_ARCH_PROC_KCORE_TEXT=y +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +CONFIG_SELECT_MEMORY_MODEL=y +CONFIG_SPARSEMEM_MANUAL=y +CONFIG_SPARSEMEM=y +CONFIG_HAVE_MEMORY_PRESENT=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_HAVE_MEMBLOCK=y +CONFIG_HAVE_MEMBLOCK_NODE_MAP=y +CONFIG_ARCH_DISCARD_MEMBLOCK=y +CONFIG_MEMORY_ISOLATION=y +CONFIG_HAVE_BOOTMEM_INFO_NODE=y +CONFIG_MEMORY_HOTPLUG=y +CONFIG_MEMORY_HOTPLUG_SPARSE=y +CONFIG_MEMORY_HOTREMOVE=y +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +CONFIG_MEMORY_BALLOON=y +# CONFIG_COMPACTION is not set +CONFIG_MIGRATION=y +CONFIG_PHYS_ADDR_T_64BIT=y +CONFIG_ZONE_DMA_FLAG=1 +CONFIG_BOUNCE=y +CONFIG_VIRT_TO_BUS=y +# CONFIG_KSM is not set +CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +# CONFIG_TRANSPARENT_HUGEPAGE is not set +CONFIG_NEED_PER_CPU_KM=y +# CONFIG_CLEANCACHE is not set +# CONFIG_FRONTSWAP is not set +# CONFIG_CMA is not set +# CONFIG_ZPOOL is not set +# CONFIG_ZBUD is not set +# CONFIG_ZSMALLOC is not set +CONFIG_GENERIC_EARLY_IOREMAP=y +CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y +# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set +# CONFIG_IDLE_PAGE_TRACKING is not set +# CONFIG_X86_PMEM_LEGACY is not set +# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set +CONFIG_X86_RESERVE_LOW=64 +CONFIG_MTRR=y +CONFIG_MTRR_SANITIZER=y +CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0 +CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 +CONFIG_X86_PAT=y +CONFIG_ARCH_USES_PG_UNCACHED=y +CONFIG_ARCH_RANDOM=y +CONFIG_X86_SMAP=y +# CONFIG_X86_INTEL_MPX is not set +# CONFIG_EFI is not set +CONFIG_SECCOMP=y +# CONFIG_HZ_100 is not set +CONFIG_HZ_250=y +# CONFIG_HZ_300 is not set +# CONFIG_HZ_1000 is not set +CONFIG_HZ=250 +CONFIG_SCHED_HRTICK=y +# CONFIG_KEXEC is not set +# CONFIG_KEXEC_FILE is not set +# CONFIG_CRASH_DUMP is not set +CONFIG_PHYSICAL_START=0x1000000 +CONFIG_RELOCATABLE=y +# CONFIG_RANDOMIZE_BASE is not set +CONFIG_PHYSICAL_ALIGN=0x1000000 +# CONFIG_LEGACY_VSYSCALL_NATIVE is not set +CONFIG_LEGACY_VSYSCALL_EMULATE=y +# CONFIG_LEGACY_VSYSCALL_NONE is not set +# CONFIG_CMDLINE_BOOL is not set +CONFIG_MODIFY_LDT_SYSCALL=y +CONFIG_HAVE_LIVEPATCH=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y + +# +# Power management and ACPI options +# +CONFIG_SUSPEND=y +CONFIG_SUSPEND_FREEZER=y +# CONFIG_HIBERNATION is not set +CONFIG_PM_SLEEP=y +# CONFIG_PM_AUTOSLEEP is not set +# CONFIG_PM_WAKELOCKS is not set +CONFIG_PM=y +# CONFIG_PM_DEBUG is not set +# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +# CONFIG_ACPI_DEBUGGER is not set +CONFIG_ACPI_SLEEP=y +# CONFIG_ACPI_PROCFS_POWER is not set +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +# CONFIG_ACPI_EC_DEBUGFS is not set +CONFIG_ACPI_AC=y +CONFIG_ACPI_BATTERY=y +CONFIG_ACPI_BUTTON=y +CONFIG_ACPI_FAN=y +# CONFIG_ACPI_DOCK is not set +CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_PROCESSOR=y +# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set +CONFIG_ACPI_THERMAL=y +# CONFIG_ACPI_CUSTOM_DSDT is not set +# CONFIG_ACPI_DEBUG is not set +# CONFIG_ACPI_PCI_SLOT is not set +CONFIG_X86_PM_TIMER=y +# CONFIG_ACPI_CONTAINER is not set +# CONFIG_ACPI_HOTPLUG_MEMORY is not set +CONFIG_ACPI_HOTPLUG_IOAPIC=y +# CONFIG_ACPI_SBS is not set +# CONFIG_ACPI_HED is not set +# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set +# CONFIG_ACPI_NFIT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +# CONFIG_ACPI_APEI is not set +# CONFIG_PMIC_OPREGION is not set +# CONFIG_SFI is not set + +# +# CPU Frequency scaling +# +# CONFIG_CPU_FREQ is not set + +# +# CPU Idle +# +CONFIG_CPU_IDLE=y +CONFIG_CPU_IDLE_GOV_LADDER=y +CONFIG_CPU_IDLE_GOV_MENU=y +# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set +# CONFIG_INTEL_IDLE is not set + +# +# Memory power savings +# +# CONFIG_I7300_IDLE is not set + +# +# Bus options (PCI etc.) +# +CONFIG_PCI=y +CONFIG_PCI_DIRECT=y +# CONFIG_PCI_MMCONFIG is not set +CONFIG_PCI_DOMAINS=y +# CONFIG_PCIEPORTBUS is not set +CONFIG_PCI_BUS_ADDR_T_64BIT=y +CONFIG_PCI_MSI=y +CONFIG_PCI_MSI_IRQ_DOMAIN=y +# CONFIG_PCI_DEBUG is not set +# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set +# CONFIG_PCI_STUB is not set +CONFIG_HT_IRQ=y +# CONFIG_PCI_IOV is not set +# CONFIG_PCI_PRI is not set +# CONFIG_PCI_PASID is not set +CONFIG_PCI_LABEL=y + +# +# PCI host controller drivers +# +CONFIG_ISA_DMA_API=y +CONFIG_AMD_NB=y +# CONFIG_PCCARD is not set +# CONFIG_HOTPLUG_PCI is not set +# CONFIG_RAPIDIO is not set +# CONFIG_X86_SYSFB is not set + +# +# Executable file formats / Emulations +# +CONFIG_BINFMT_ELF=y +# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set +CONFIG_BINFMT_SCRIPT=y +# CONFIG_HAVE_AOUT is not set +# CONFIG_BINFMT_MISC is not set +CONFIG_COREDUMP=y +# CONFIG_IA32_EMULATION is not set +# CONFIG_X86_X32 is not set +CONFIG_X86_DEV_DMA_OPS=y +CONFIG_PMC_ATOM=y +# CONFIG_VMD is not set +CONFIG_NET=y +CONFIG_NET_INGRESS=y + +# +# Networking options +# +CONFIG_PACKET=y +# CONFIG_PACKET_DIAG is not set +CONFIG_UNIX=y +# CONFIG_UNIX_DIAG is not set +CONFIG_XFRM=y +CONFIG_XFRM_ALGO=y +CONFIG_XFRM_USER=y +CONFIG_XFRM_SUB_POLICY=y +CONFIG_XFRM_MIGRATE=y +CONFIG_XFRM_STATISTICS=y +CONFIG_XFRM_IPCOMP=y +CONFIG_NET_KEY=y +CONFIG_NET_KEY_MIGRATE=y +CONFIG_INET=y +# CONFIG_IP_MULTICAST is not set +CONFIG_IP_ADVANCED_ROUTER=y +# CONFIG_IP_FIB_TRIE_STATS is not set +CONFIG_IP_MULTIPLE_TABLES=y +# CONFIG_IP_ROUTE_MULTIPATH is not set +# CONFIG_IP_ROUTE_VERBOSE is not set +CONFIG_IP_ROUTE_CLASSID=y +# CONFIG_IP_PNP is not set +# CONFIG_NET_IPIP is not set +# CONFIG_NET_IPGRE_DEMUX is not set +CONFIG_NET_IP_TUNNEL=y +# CONFIG_SYN_COOKIES is not set +# CONFIG_NET_IPVTI is not set +CONFIG_NET_UDP_TUNNEL=y +# CONFIG_NET_FOU is not set +CONFIG_INET_AH=y +CONFIG_INET_ESP=y +CONFIG_INET_IPCOMP=y +CONFIG_INET_XFRM_TUNNEL=y +CONFIG_INET_TUNNEL=y +CONFIG_INET_XFRM_MODE_TRANSPORT=y +CONFIG_INET_XFRM_MODE_TUNNEL=y +CONFIG_INET_XFRM_MODE_BEET=y +# CONFIG_INET_LRO is not set +CONFIG_INET_DIAG=y +CONFIG_INET_TCP_DIAG=y +# CONFIG_INET_UDP_DIAG is not set +# CONFIG_INET_DIAG_DESTROY is not set +# CONFIG_TCP_CONG_ADVANCED is not set +CONFIG_TCP_CONG_CUBIC=y +CONFIG_DEFAULT_TCP_CONG="cubic" +# CONFIG_TCP_MD5SIG is not set +CONFIG_IPV6=y +# CONFIG_IPV6_ROUTER_PREF is not set +CONFIG_IPV6_OPTIMISTIC_DAD=y +CONFIG_INET6_AH=y +CONFIG_INET6_ESP=y +CONFIG_INET6_IPCOMP=y +CONFIG_IPV6_MIP6=y +# CONFIG_IPV6_ILA is not set +CONFIG_INET6_XFRM_TUNNEL=y +CONFIG_INET6_TUNNEL=y +CONFIG_INET6_XFRM_MODE_TRANSPORT=y +CONFIG_INET6_XFRM_MODE_TUNNEL=y +CONFIG_INET6_XFRM_MODE_BEET=y +# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set +# CONFIG_IPV6_VTI is not set +# CONFIG_IPV6_SIT is not set +CONFIG_IPV6_TUNNEL=y +CONFIG_IPV6_GRE=y +CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_IPV6_SUBTREES=y +# CONFIG_IPV6_MROUTE is not set +# CONFIG_NETWORK_SECMARK is not set +# CONFIG_NET_PTP_CLASSIFY is not set +# CONFIG_NETWORK_PHY_TIMESTAMPING is not set +CONFIG_NETFILTER=y +# CONFIG_NETFILTER_DEBUG is not set +CONFIG_NETFILTER_ADVANCED=y + +# +# Core Netfilter Configuration +# +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_NETLINK=y +# CONFIG_NETFILTER_NETLINK_ACCT is not set +CONFIG_NETFILTER_NETLINK_QUEUE=y +CONFIG_NETFILTER_NETLINK_LOG=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_LOG_COMMON=y +CONFIG_NF_CONNTRACK_MARK=y +# CONFIG_NF_CONNTRACK_ZONES is not set +CONFIG_NF_CONNTRACK_PROCFS=y +CONFIG_NF_CONNTRACK_EVENTS=y +# CONFIG_NF_CONNTRACK_TIMEOUT is not set +# CONFIG_NF_CONNTRACK_TIMESTAMP is not set +# CONFIG_NF_CT_PROTO_DCCP is not set +# CONFIG_NF_CT_PROTO_SCTP is not set +CONFIG_NF_CT_PROTO_UDPLITE=y +# CONFIG_NF_CONNTRACK_AMANDA is not set +# CONFIG_NF_CONNTRACK_FTP is not set +# CONFIG_NF_CONNTRACK_H323 is not set +# CONFIG_NF_CONNTRACK_IRC is not set +# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set +# CONFIG_NF_CONNTRACK_SNMP is not set +# CONFIG_NF_CONNTRACK_PPTP is not set +CONFIG_NF_CONNTRACK_SANE=y +# CONFIG_NF_CONNTRACK_SIP is not set +# CONFIG_NF_CONNTRACK_TFTP is not set +CONFIG_NF_CT_NETLINK=y +# CONFIG_NF_CT_NETLINK_TIMEOUT is not set +# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set +CONFIG_NF_NAT=y +CONFIG_NF_NAT_NEEDED=y +CONFIG_NF_NAT_PROTO_UDPLITE=y +# CONFIG_NF_NAT_AMANDA is not set +# CONFIG_NF_NAT_FTP is not set +# CONFIG_NF_NAT_IRC is not set +# CONFIG_NF_NAT_SIP is not set +# CONFIG_NF_NAT_TFTP is not set +CONFIG_NF_NAT_REDIRECT=y +# CONFIG_NF_TABLES is not set +CONFIG_NETFILTER_XTABLES=y + +# +# Xtables combined modules +# +CONFIG_NETFILTER_XT_MARK=y +CONFIG_NETFILTER_XT_CONNMARK=y +CONFIG_NETFILTER_XT_SET=y + +# +# Xtables targets +# +# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y +CONFIG_NETFILTER_XT_TARGET_CONNMARK=y +CONFIG_NETFILTER_XT_TARGET_CT=y +CONFIG_NETFILTER_XT_TARGET_DSCP=y +CONFIG_NETFILTER_XT_TARGET_HL=y +# CONFIG_NETFILTER_XT_TARGET_HMARK is not set +# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set +CONFIG_NETFILTER_XT_TARGET_LOG=y +CONFIG_NETFILTER_XT_TARGET_MARK=y +CONFIG_NETFILTER_XT_NAT=y +CONFIG_NETFILTER_XT_TARGET_NETMAP=y +CONFIG_NETFILTER_XT_TARGET_NFLOG=y +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y +CONFIG_NETFILTER_XT_TARGET_NOTRACK=y +# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set +CONFIG_NETFILTER_XT_TARGET_REDIRECT=y +# CONFIG_NETFILTER_XT_TARGET_TEE is not set +# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set +CONFIG_NETFILTER_XT_TARGET_TRACE=y +CONFIG_NETFILTER_XT_TARGET_TCPMSS=y +# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set + +# +# Xtables matches +# +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y +# CONFIG_NETFILTER_XT_MATCH_BPF is not set +# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set +CONFIG_NETFILTER_XT_MATCH_CLUSTER=y +CONFIG_NETFILTER_XT_MATCH_COMMENT=y +CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y +# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y +CONFIG_NETFILTER_XT_MATCH_CONNMARK=y +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y +# CONFIG_NETFILTER_XT_MATCH_CPU is not set +CONFIG_NETFILTER_XT_MATCH_DCCP=y +CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y +CONFIG_NETFILTER_XT_MATCH_DSCP=y +CONFIG_NETFILTER_XT_MATCH_ECN=y +CONFIG_NETFILTER_XT_MATCH_ESP=y +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y +CONFIG_NETFILTER_XT_MATCH_HELPER=y +CONFIG_NETFILTER_XT_MATCH_HL=y +# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set +# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set +CONFIG_NETFILTER_XT_MATCH_L2TP=y +CONFIG_NETFILTER_XT_MATCH_LENGTH=y +CONFIG_NETFILTER_XT_MATCH_LIMIT=y +CONFIG_NETFILTER_XT_MATCH_MAC=y +CONFIG_NETFILTER_XT_MATCH_MARK=y +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y +# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set +# CONFIG_NETFILTER_XT_MATCH_OSF is not set +# CONFIG_NETFILTER_XT_MATCH_OWNER is not set +CONFIG_NETFILTER_XT_MATCH_POLICY=y +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y +CONFIG_NETFILTER_XT_MATCH_QUOTA=y +# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set +CONFIG_NETFILTER_XT_MATCH_REALM=y +# CONFIG_NETFILTER_XT_MATCH_RECENT is not set +CONFIG_NETFILTER_XT_MATCH_SCTP=y +# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set +CONFIG_NETFILTER_XT_MATCH_STATE=y +CONFIG_NETFILTER_XT_MATCH_STATISTIC=y +CONFIG_NETFILTER_XT_MATCH_STRING=y +CONFIG_NETFILTER_XT_MATCH_TCPMSS=y +# CONFIG_NETFILTER_XT_MATCH_TIME is not set +CONFIG_NETFILTER_XT_MATCH_U32=y +CONFIG_IP_SET=y +CONFIG_IP_SET_MAX=256 +CONFIG_IP_SET_BITMAP_IP=y +CONFIG_IP_SET_BITMAP_IPMAC=y +CONFIG_IP_SET_BITMAP_PORT=y +CONFIG_IP_SET_HASH_IP=y +# CONFIG_IP_SET_HASH_IPMARK is not set +CONFIG_IP_SET_HASH_IPPORT=y +CONFIG_IP_SET_HASH_IPPORTIP=y +CONFIG_IP_SET_HASH_IPPORTNET=y +# CONFIG_IP_SET_HASH_MAC is not set +# CONFIG_IP_SET_HASH_NETPORTNET is not set +CONFIG_IP_SET_HASH_NET=y +# CONFIG_IP_SET_HASH_NETNET is not set +CONFIG_IP_SET_HASH_NETPORT=y +# CONFIG_IP_SET_HASH_NETIFACE is not set +CONFIG_IP_SET_LIST_SET=y +# CONFIG_IP_VS is not set + +# +# IP: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV4=y +CONFIG_NF_CONNTRACK_IPV4=y +CONFIG_NF_CONNTRACK_PROC_COMPAT=y +# CONFIG_NF_DUP_IPV4 is not set +# CONFIG_NF_LOG_ARP is not set +CONFIG_NF_LOG_IPV4=y +CONFIG_NF_REJECT_IPV4=y +CONFIG_NF_NAT_IPV4=y +CONFIG_NF_NAT_MASQUERADE_IPV4=y +# CONFIG_NF_NAT_PPTP is not set +# CONFIG_NF_NAT_H323 is not set +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MATCH_AH=y +CONFIG_IP_NF_MATCH_ECN=y +# CONFIG_IP_NF_MATCH_RPFILTER is not set +CONFIG_IP_NF_MATCH_TTL=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_TARGET_REJECT=y +# CONFIG_IP_NF_TARGET_SYNPROXY is not set +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_TARGET_NETMAP=y +CONFIG_IP_NF_TARGET_REDIRECT=y +CONFIG_IP_NF_MANGLE=y +CONFIG_IP_NF_TARGET_CLUSTERIP=y +CONFIG_IP_NF_TARGET_ECN=y +CONFIG_IP_NF_TARGET_TTL=y +CONFIG_IP_NF_RAW=y +CONFIG_IP_NF_ARPTABLES=y +CONFIG_IP_NF_ARPFILTER=y +CONFIG_IP_NF_ARP_MANGLE=y + +# +# IPv6: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV6=y +CONFIG_NF_CONNTRACK_IPV6=y +# CONFIG_NF_DUP_IPV6 is not set +CONFIG_NF_REJECT_IPV6=y +CONFIG_NF_LOG_IPV6=y +CONFIG_NF_NAT_IPV6=y +CONFIG_NF_NAT_MASQUERADE_IPV6=y +CONFIG_IP6_NF_IPTABLES=y +CONFIG_IP6_NF_MATCH_AH=y +CONFIG_IP6_NF_MATCH_EUI64=y +CONFIG_IP6_NF_MATCH_FRAG=y +CONFIG_IP6_NF_MATCH_OPTS=y +CONFIG_IP6_NF_MATCH_HL=y +CONFIG_IP6_NF_MATCH_IPV6HEADER=y +CONFIG_IP6_NF_MATCH_MH=y +# CONFIG_IP6_NF_MATCH_RPFILTER is not set +CONFIG_IP6_NF_MATCH_RT=y +CONFIG_IP6_NF_TARGET_HL=y +CONFIG_IP6_NF_FILTER=y +CONFIG_IP6_NF_TARGET_REJECT=y +# CONFIG_IP6_NF_TARGET_SYNPROXY is not set +CONFIG_IP6_NF_MANGLE=y +CONFIG_IP6_NF_RAW=y +# CONFIG_IP6_NF_NAT is not set +# CONFIG_IP_DCCP is not set +# CONFIG_IP_SCTP is not set +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +CONFIG_L2TP=y +# CONFIG_L2TP_V3 is not set +# CONFIG_BRIDGE is not set +CONFIG_HAVE_NET_DSA=y +# CONFIG_VLAN_8021Q is not set +# CONFIG_DECNET is not set +# CONFIG_LLC2 is not set +# CONFIG_IPX is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_6LOWPAN is not set +# CONFIG_IEEE802154 is not set +# CONFIG_NET_SCHED is not set +# CONFIG_DCB is not set +# CONFIG_BATMAN_ADV is not set +# CONFIG_OPENVSWITCH is not set +# CONFIG_VSOCKETS is not set +# CONFIG_NETLINK_MMAP is not set +# CONFIG_NETLINK_DIAG is not set +# CONFIG_MPLS is not set +# CONFIG_HSR is not set +# CONFIG_NET_SWITCHDEV is not set +# CONFIG_NET_L3_MASTER_DEV is not set +CONFIG_SOCK_CGROUP_DATA=y +CONFIG_CGROUP_NET_PRIO=y +CONFIG_CGROUP_NET_CLASSID=y +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +# CONFIG_HAMRADIO is not set +# CONFIG_CAN is not set +# CONFIG_IRDA is not set +# CONFIG_BT is not set +# CONFIG_AF_RXRPC is not set +CONFIG_FIB_RULES=y +CONFIG_WIRELESS=y +# CONFIG_CFG80211 is not set +# CONFIG_LIB80211 is not set + +# +# CFG80211 needs to be enabled for MAC80211 +# +CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 +# CONFIG_WIMAX is not set +# CONFIG_RFKILL is not set +CONFIG_NET_9P=y +CONFIG_NET_9P_VIRTIO=y +# CONFIG_NET_9P_DEBUG is not set +# CONFIG_CAIF is not set +# CONFIG_CEPH_LIB is not set +# CONFIG_NFC is not set +# CONFIG_LWTUNNEL is not set +CONFIG_HAVE_BPF_JIT=y + +# +# Device Drivers +# + +# +# Generic Driver Options +# +CONFIG_UEVENT_HELPER=y +CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +CONFIG_STANDALONE=y +CONFIG_PREVENT_FIRMWARE_BUILD=y +CONFIG_FW_LOADER=y +CONFIG_FIRMWARE_IN_KERNEL=y +CONFIG_EXTRA_FIRMWARE="" +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set +CONFIG_ALLOW_DEV_COREDUMP=y +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_SYS_HYPERVISOR is not set +# CONFIG_GENERIC_CPU_DEVICES is not set +CONFIG_GENERIC_CPU_AUTOPROBE=y +# CONFIG_DMA_SHARED_BUFFER is not set + +# +# Bus devices +# +# CONFIG_CONNECTOR is not set +# CONFIG_MTD is not set +# CONFIG_OF is not set +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +CONFIG_PNP_DEBUG_MESSAGES=y + +# +# Protocols +# +CONFIG_PNPACPI=y +CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set +# CONFIG_BLK_DEV_FD is not set +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +# CONFIG_BLK_CPQ_CISS_DA is not set +# CONFIG_BLK_DEV_DAC960 is not set +# CONFIG_BLK_DEV_UMEM is not set +# CONFIG_BLK_DEV_COW_COMMON is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +# CONFIG_BLK_DEV_CRYPTOLOOP is not set +# CONFIG_BLK_DEV_DRBD is not set +CONFIG_BLK_DEV_NBD=y +# CONFIG_BLK_DEV_SKD is not set +# CONFIG_BLK_DEV_SX8 is not set +# CONFIG_BLK_DEV_RAM is not set +# CONFIG_CDROM_PKTCDVD is not set +# CONFIG_ATA_OVER_ETH is not set +CONFIG_VIRTIO_BLK=y +# CONFIG_BLK_DEV_HD is not set +# CONFIG_BLK_DEV_RBD is not set +# CONFIG_BLK_DEV_RSXX is not set +# CONFIG_BLK_DEV_NVME is not set + +# +# Misc devices +# +# CONFIG_SENSORS_LIS3LV02D is not set +# CONFIG_DUMMY_IRQ is not set +# CONFIG_IBM_ASM is not set +# CONFIG_PHANTOM is not set +# CONFIG_SGI_IOC4 is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_SRAM is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_93CX6 is not set +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# + +# +# Altera FPGA firmware download module +# +# CONFIG_VMWARE_VMCI is not set + +# +# Intel MIC Bus Driver +# +# CONFIG_INTEL_MIC_BUS is not set + +# +# SCIF Bus Driver +# +# CONFIG_SCIF_BUS is not set + +# +# Intel MIC Host Driver +# + +# +# Intel MIC Card Driver +# + +# +# SCIF Driver +# + +# +# Intel MIC Coprocessor State Management (COSM) Drivers +# +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_CXL_BASE is not set +# CONFIG_CXL_KERNEL_API is not set +# CONFIG_CXL_EEH is not set +CONFIG_HAVE_IDE=y +# CONFIG_IDE is not set + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +# CONFIG_RAID_ATTRS is not set +# CONFIG_SCSI is not set +# CONFIG_SCSI_DMA is not set +# CONFIG_SCSI_NETLINK is not set +# CONFIG_ATA is not set +# CONFIG_MD is not set +# CONFIG_FUSION is not set + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# CONFIG_MACINTOSH_DRIVERS is not set +CONFIG_NETDEVICES=y +CONFIG_NET_CORE=y +# CONFIG_BONDING is not set +CONFIG_DUMMY=y +# CONFIG_EQUALIZER is not set +# CONFIG_NET_TEAM is not set +# CONFIG_MACVLAN is not set +# CONFIG_IPVLAN is not set +# CONFIG_VXLAN is not set +# CONFIG_GENEVE is not set +# CONFIG_NETCONSOLE is not set +# CONFIG_NETPOLL is not set +# CONFIG_NET_POLL_CONTROLLER is not set +CONFIG_TUN=y +# CONFIG_TUN_VNET_CROSS_LE is not set +# CONFIG_VETH is not set +CONFIG_VIRTIO_NET=y +# CONFIG_NLMON is not set +# CONFIG_ARCNET is not set + +# +# CAIF transport drivers +# +# CONFIG_VHOST_NET is not set +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set + +# +# Distributed Switch Architecture drivers +# +# CONFIG_NET_DSA_MV88E6XXX is not set +# CONFIG_NET_DSA_MV88E6XXX_NEED_PPU is not set +CONFIG_ETHERNET=y +CONFIG_NET_VENDOR_3COM=y +# CONFIG_VORTEX is not set +# CONFIG_TYPHOON is not set +CONFIG_NET_VENDOR_ADAPTEC=y +# CONFIG_ADAPTEC_STARFIRE is not set +CONFIG_NET_VENDOR_AGERE=y +# CONFIG_ET131X is not set +CONFIG_NET_VENDOR_ALTEON=y +# CONFIG_ACENIC is not set +# CONFIG_ALTERA_TSE is not set +CONFIG_NET_VENDOR_AMD=y +# CONFIG_AMD8111_ETH is not set +# CONFIG_PCNET32 is not set +# CONFIG_NET_VENDOR_ARC is not set +CONFIG_NET_VENDOR_ATHEROS=y +# CONFIG_ATL2 is not set +# CONFIG_ATL1 is not set +# CONFIG_ATL1E is not set +# CONFIG_ATL1C is not set +# CONFIG_ALX is not set +# CONFIG_NET_VENDOR_AURORA is not set +CONFIG_NET_CADENCE=y +# CONFIG_MACB is not set +CONFIG_NET_VENDOR_BROADCOM=y +# CONFIG_B44 is not set +# CONFIG_BCMGENET is not set +# CONFIG_BNX2 is not set +# CONFIG_CNIC is not set +# CONFIG_TIGON3 is not set +# CONFIG_BNX2X is not set +# CONFIG_BNXT is not set +CONFIG_NET_VENDOR_BROCADE=y +# CONFIG_BNA is not set +CONFIG_NET_VENDOR_CAVIUM=y +# CONFIG_THUNDER_NIC_PF is not set +# CONFIG_THUNDER_NIC_VF is not set +# CONFIG_THUNDER_NIC_BGX is not set +# CONFIG_LIQUIDIO is not set +CONFIG_NET_VENDOR_CHELSIO=y +# CONFIG_CHELSIO_T1 is not set +# CONFIG_CHELSIO_T3 is not set +# CONFIG_CHELSIO_T4 is not set +# CONFIG_CHELSIO_T4VF is not set +CONFIG_NET_VENDOR_CISCO=y +# CONFIG_ENIC is not set +# CONFIG_CX_ECAT is not set +# CONFIG_DNET is not set +CONFIG_NET_VENDOR_DEC=y +# CONFIG_NET_TULIP is not set +CONFIG_NET_VENDOR_DLINK=y +# CONFIG_DL2K is not set +# CONFIG_SUNDANCE is not set +CONFIG_NET_VENDOR_EMULEX=y +# CONFIG_BE2NET is not set +CONFIG_NET_VENDOR_EZCHIP=y +CONFIG_NET_VENDOR_EXAR=y +# CONFIG_S2IO is not set +# CONFIG_VXGE is not set +CONFIG_NET_VENDOR_HP=y +# CONFIG_HP100 is not set +CONFIG_NET_VENDOR_INTEL=y +# CONFIG_E100 is not set +# CONFIG_E1000 is not set +# CONFIG_E1000E is not set +# CONFIG_IGB is not set +# CONFIG_IGBVF is not set +# CONFIG_IXGB is not set +# CONFIG_IXGBE is not set +# CONFIG_IXGBEVF is not set +# CONFIG_I40E is not set +# CONFIG_I40EVF is not set +# CONFIG_FM10K is not set +CONFIG_NET_VENDOR_I825XX=y +# CONFIG_JME is not set +CONFIG_NET_VENDOR_MARVELL=y +# CONFIG_MVMDIO is not set +# CONFIG_SKGE is not set +# CONFIG_SKY2 is not set +CONFIG_NET_VENDOR_MELLANOX=y +# CONFIG_MLX4_EN is not set +# CONFIG_MLX4_CORE is not set +# CONFIG_MLX5_CORE is not set +# CONFIG_MLXSW_CORE is not set +CONFIG_NET_VENDOR_MICREL=y +# CONFIG_KS8851_MLL is not set +# CONFIG_KSZ884X_PCI is not set +CONFIG_NET_VENDOR_MYRI=y +# CONFIG_MYRI10GE is not set +# CONFIG_FEALNX is not set +CONFIG_NET_VENDOR_NATSEMI=y +# CONFIG_NATSEMI is not set +# CONFIG_NS83820 is not set +CONFIG_NET_VENDOR_NETRONOME=y +# CONFIG_NFP_NETVF is not set +CONFIG_NET_VENDOR_8390=y +# CONFIG_NE2K_PCI is not set +CONFIG_NET_VENDOR_NVIDIA=y +# CONFIG_FORCEDETH is not set +CONFIG_NET_VENDOR_OKI=y +# CONFIG_ETHOC is not set +CONFIG_NET_PACKET_ENGINE=y +# CONFIG_HAMACHI is not set +# CONFIG_YELLOWFIN is not set +CONFIG_NET_VENDOR_QLOGIC=y +# CONFIG_QLA3XXX is not set +# CONFIG_QLCNIC is not set +# CONFIG_QLGE is not set +# CONFIG_NETXEN_NIC is not set +# CONFIG_QED is not set +CONFIG_NET_VENDOR_QUALCOMM=y +CONFIG_NET_VENDOR_REALTEK=y +# CONFIG_8139CP is not set +# CONFIG_8139TOO is not set +# CONFIG_R8169 is not set +CONFIG_NET_VENDOR_RENESAS=y +CONFIG_NET_VENDOR_RDC=y +# CONFIG_R6040 is not set +CONFIG_NET_VENDOR_ROCKER=y +CONFIG_NET_VENDOR_SAMSUNG=y +# CONFIG_SXGBE_ETH is not set +CONFIG_NET_VENDOR_SEEQ=y +CONFIG_NET_VENDOR_SILAN=y +# CONFIG_SC92031 is not set +CONFIG_NET_VENDOR_SIS=y +# CONFIG_SIS900 is not set +# CONFIG_SIS190 is not set +# CONFIG_SFC is not set +CONFIG_NET_VENDOR_SMSC=y +# CONFIG_EPIC100 is not set +# CONFIG_SMSC911X is not set +# CONFIG_SMSC9420 is not set +CONFIG_NET_VENDOR_STMICRO=y +# CONFIG_STMMAC_ETH is not set +CONFIG_NET_VENDOR_SUN=y +# CONFIG_HAPPYMEAL is not set +# CONFIG_SUNGEM is not set +# CONFIG_CASSINI is not set +# CONFIG_NIU is not set +CONFIG_NET_VENDOR_SYNOPSYS=y +CONFIG_NET_VENDOR_TEHUTI=y +# CONFIG_TEHUTI is not set +CONFIG_NET_VENDOR_TI=y +# CONFIG_TI_CPSW_ALE is not set +# CONFIG_TLAN is not set +CONFIG_NET_VENDOR_VIA=y +# CONFIG_VIA_RHINE is not set +# CONFIG_VIA_VELOCITY is not set +CONFIG_NET_VENDOR_WIZNET=y +# CONFIG_WIZNET_W5100 is not set +# CONFIG_WIZNET_W5300 is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +# CONFIG_NET_SB1000 is not set +# CONFIG_PHYLIB is not set +# CONFIG_PPP is not set +# CONFIG_SLIP is not set + +# +# Host-side USB support is needed for USB Network Adapter support +# +CONFIG_WLAN=y +CONFIG_WLAN_VENDOR_ADMTEK=y +CONFIG_WLAN_VENDOR_ATH=y +# CONFIG_ATH_DEBUG is not set +# CONFIG_ATH5K_PCI is not set +CONFIG_WLAN_VENDOR_ATMEL=y +CONFIG_WLAN_VENDOR_BROADCOM=y +CONFIG_WLAN_VENDOR_CISCO=y +CONFIG_WLAN_VENDOR_INTEL=y +CONFIG_WLAN_VENDOR_INTERSIL=y +# CONFIG_HOSTAP is not set +# CONFIG_PRISM54 is not set +CONFIG_WLAN_VENDOR_MARVELL=y +CONFIG_WLAN_VENDOR_MEDIATEK=y +CONFIG_WLAN_VENDOR_RALINK=y +CONFIG_WLAN_VENDOR_REALTEK=y +CONFIG_WLAN_VENDOR_RSI=y +CONFIG_WLAN_VENDOR_ST=y +CONFIG_WLAN_VENDOR_TI=y +CONFIG_WLAN_VENDOR_ZYDAS=y + +# +# Enable WiMAX (Networking options) to see the WiMAX drivers +# +# CONFIG_WAN is not set +# CONFIG_VMXNET3 is not set +# CONFIG_FUJITSU_ES is not set +# CONFIG_ISDN is not set +# CONFIG_NVM is not set + +# +# Input device support +# +CONFIG_INPUT=y +# CONFIG_INPUT_FF_MEMLESS is not set +# CONFIG_INPUT_POLLDEV is not set +# CONFIG_INPUT_SPARSEKMAP is not set +# CONFIG_INPUT_MATRIXKMAP is not set + +# +# Userland interfaces +# +CONFIG_INPUT_MOUSEDEV=y +CONFIG_INPUT_MOUSEDEV_PSAUX=y +CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 +CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 +# CONFIG_INPUT_JOYDEV is not set +CONFIG_INPUT_EVDEV=y +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +CONFIG_INPUT_KEYBOARD=y +CONFIG_KEYBOARD_ATKBD=y +# CONFIG_KEYBOARD_LKKBD is not set +# CONFIG_KEYBOARD_NEWTON is not set +# CONFIG_KEYBOARD_OPENCORES is not set +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_XTKBD is not set +CONFIG_INPUT_MOUSE=y +CONFIG_MOUSE_PS2=y +CONFIG_MOUSE_PS2_ALPS=y +CONFIG_MOUSE_PS2_LOGIPS2PP=y +CONFIG_MOUSE_PS2_SYNAPTICS=y +CONFIG_MOUSE_PS2_CYPRESS=y +CONFIG_MOUSE_PS2_LIFEBOOK=y +CONFIG_MOUSE_PS2_TRACKPOINT=y +# CONFIG_MOUSE_PS2_ELANTECH is not set +# CONFIG_MOUSE_PS2_SENTELIC is not set +# CONFIG_MOUSE_PS2_TOUCHKIT is not set +CONFIG_MOUSE_PS2_FOCALTECH=y +# CONFIG_MOUSE_SERIAL is not set +# CONFIG_MOUSE_APPLETOUCH is not set +# CONFIG_MOUSE_BCM5974 is not set +# CONFIG_MOUSE_VSXXXAA is not set +# CONFIG_MOUSE_SYNAPTICS_USB is not set +# CONFIG_INPUT_JOYSTICK is not set +# CONFIG_INPUT_TABLET is not set +# CONFIG_INPUT_TOUCHSCREEN is not set +# CONFIG_INPUT_MISC is not set + +# +# Hardware I/O ports +# +CONFIG_SERIO=y +CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y +CONFIG_SERIO_I8042=y +CONFIG_SERIO_SERPORT=y +# CONFIG_SERIO_CT82C710 is not set +# CONFIG_SERIO_PCIPS2 is not set +CONFIG_SERIO_LIBPS2=y +# CONFIG_SERIO_RAW is not set +# CONFIG_SERIO_ALTERA_PS2 is not set +# CONFIG_SERIO_PS2MULT is not set +# CONFIG_SERIO_ARC_PS2 is not set +# CONFIG_USERIO is not set +# CONFIG_GAMEPORT is not set + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_VT_CONSOLE_SLEEP=y +CONFIG_HW_CONSOLE=y +# CONFIG_VT_HW_CONSOLE_BINDING is not set +CONFIG_UNIX98_PTYS=y +# CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set +CONFIG_LEGACY_PTYS=y +CONFIG_LEGACY_PTY_COUNT=256 +# CONFIG_SERIAL_NONSTANDARD is not set +# CONFIG_NOZOMI is not set +# CONFIG_N_GSM is not set +# CONFIG_TRACE_SINK is not set +CONFIG_DEVMEM=y +CONFIG_DEVKMEM=y + +# +# Serial drivers +# +# CONFIG_SERIAL_8250 is not set + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_UARTLITE is not set +# CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_ARC is not set +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +CONFIG_HVC_DRIVER=y +CONFIG_VIRTIO_CONSOLE=y +# CONFIG_IPMI_HANDLER is not set +# CONFIG_HW_RANDOM is not set +# CONFIG_NVRAM is not set +# CONFIG_R3964 is not set +# CONFIG_APPLICOM is not set +# CONFIG_MWAVE is not set +# CONFIG_RAW_DRIVER is not set +# CONFIG_HPET is not set +# CONFIG_HANGCHECK_TIMER is not set +# CONFIG_TCG_TPM is not set +# CONFIG_TELCLOCK is not set +CONFIG_DEVPORT=y +# CONFIG_XILLYBUS is not set + +# +# I2C support +# +# CONFIG_I2C is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set + +# +# PPS support +# +# CONFIG_PPS is not set + +# +# PPS generators support +# + +# +# PTP clock support +# +# CONFIG_PTP_1588_CLOCK is not set + +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y +# CONFIG_GPIOLIB is not set +# CONFIG_W1 is not set +CONFIG_POWER_SUPPLY=y +# CONFIG_POWER_SUPPLY_DEBUG is not set +# CONFIG_PDA_POWER is not set +# CONFIG_TEST_POWER is not set +# CONFIG_BATTERY_DS2780 is not set +# CONFIG_BATTERY_DS2781 is not set +# CONFIG_BATTERY_BQ27XXX is not set +# CONFIG_CHARGER_MAX8903 is not set +# CONFIG_POWER_RESET is not set +# CONFIG_POWER_AVS is not set +CONFIG_HWMON=y +# CONFIG_HWMON_VID is not set +# CONFIG_HWMON_DEBUG_CHIP is not set + +# +# Native drivers +# +# CONFIG_SENSORS_ABITUGURU is not set +# CONFIG_SENSORS_ABITUGURU3 is not set +# CONFIG_SENSORS_K8TEMP is not set +# CONFIG_SENSORS_K10TEMP is not set +# CONFIG_SENSORS_FAM15H_POWER is not set +# CONFIG_SENSORS_APPLESMC is not set +# CONFIG_SENSORS_DELL_SMM is not set +# CONFIG_SENSORS_I5K_AMB is not set +# CONFIG_SENSORS_F71805F is not set +# CONFIG_SENSORS_F71882FG is not set +# CONFIG_SENSORS_I5500 is not set +# CONFIG_SENSORS_CORETEMP is not set +# CONFIG_SENSORS_IT87 is not set +# CONFIG_SENSORS_MAX197 is not set +# CONFIG_SENSORS_PC87360 is not set +# CONFIG_SENSORS_PC87427 is not set +# CONFIG_SENSORS_NTC_THERMISTOR is not set +# CONFIG_SENSORS_NCT6683 is not set +# CONFIG_SENSORS_NCT6775 is not set +# CONFIG_SENSORS_SIS5595 is not set +# CONFIG_SENSORS_SMSC47M1 is not set +# CONFIG_SENSORS_SMSC47B397 is not set +# CONFIG_SENSORS_SCH56XX_COMMON is not set +# CONFIG_SENSORS_VIA_CPUTEMP is not set +# CONFIG_SENSORS_VIA686A is not set +# CONFIG_SENSORS_VT1211 is not set +# CONFIG_SENSORS_VT8231 is not set +# CONFIG_SENSORS_W83627HF is not set +# CONFIG_SENSORS_W83627EHF is not set + +# +# ACPI drivers +# +# CONFIG_SENSORS_ACPI_POWER is not set +# CONFIG_SENSORS_ATK0110 is not set +CONFIG_THERMAL=y +CONFIG_THERMAL_HWMON=y +# CONFIG_THERMAL_WRITABLE_TRIPS is not set +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_THERMAL_DEFAULT_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_GOV_FAIR_SHARE is not set +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +# CONFIG_THERMAL_GOV_USER_SPACE is not set +# CONFIG_THERMAL_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_EMULATION is not set +# CONFIG_INTEL_POWERCLAMP is not set +# CONFIG_INTEL_SOC_DTS_THERMAL is not set +# CONFIG_INT340X_THERMAL is not set +# CONFIG_INTEL_PCH_THERMAL is not set +# CONFIG_WATCHDOG is not set +CONFIG_SSB_POSSIBLE=y + +# +# Sonics Silicon Backplane +# +# CONFIG_SSB is not set +CONFIG_BCMA_POSSIBLE=y + +# +# Broadcom specific AMBA +# +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +# CONFIG_MFD_CORE is not set +# CONFIG_MFD_CROS_EC is not set +# CONFIG_HTC_PASIC3 is not set +# CONFIG_LPC_ICH is not set +# CONFIG_LPC_SCH is not set +# CONFIG_MFD_INTEL_LPSS_ACPI is not set +# CONFIG_MFD_INTEL_LPSS_PCI is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_RTSX_PCI is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_ABX500_CORE is not set +# CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_TI_AM335X_TSCADC is not set +# CONFIG_MFD_TMIO is not set +# CONFIG_MFD_VX855 is not set +# CONFIG_REGULATOR is not set +# CONFIG_MEDIA_SUPPORT is not set + +# +# Graphics support +# +# CONFIG_AGP is not set +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +# CONFIG_VGA_SWITCHEROO is not set +# CONFIG_DRM is not set + +# +# Frame buffer Devices +# +# CONFIG_FB is not set +# CONFIG_BACKLIGHT_LCD_SUPPORT is not set +# CONFIG_VGASTATE is not set + +# +# Console display driver support +# +CONFIG_VGA_CONSOLE=y +# CONFIG_VGACON_SOFT_SCROLLBACK is not set +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +CONFIG_SOUND=y +# CONFIG_SOUND_OSS_CORE is not set +# CONFIG_SND is not set +# CONFIG_SOUND_PRIME is not set + +# +# HID support +# +CONFIG_HID=y +# CONFIG_HID_BATTERY_STRENGTH is not set +# CONFIG_HIDRAW is not set +# CONFIG_UHID is not set +CONFIG_HID_GENERIC=y + +# +# Special HID drivers +# +CONFIG_HID_A4TECH=y +# CONFIG_HID_ACRUX is not set +CONFIG_HID_APPLE=y +# CONFIG_HID_AUREAL is not set +CONFIG_HID_BELKIN=y +CONFIG_HID_CHERRY=y +CONFIG_HID_CHICONY=y +CONFIG_HID_CYPRESS=y +# CONFIG_HID_DRAGONRISE is not set +# CONFIG_HID_EMS_FF is not set +# CONFIG_HID_ELECOM is not set +CONFIG_HID_EZKEY=y +# CONFIG_HID_GEMBIRD is not set +# CONFIG_HID_GFRM is not set +# CONFIG_HID_KEYTOUCH is not set +# CONFIG_HID_KYE is not set +# CONFIG_HID_WALTOP is not set +# CONFIG_HID_GYRATION is not set +# CONFIG_HID_ICADE is not set +# CONFIG_HID_TWINHAN is not set +CONFIG_HID_KENSINGTON=y +# CONFIG_HID_LCPOWER is not set +# CONFIG_HID_LENOVO is not set +CONFIG_HID_LOGITECH=y +# CONFIG_HID_LOGITECH_HIDPP is not set +# CONFIG_LOGITECH_FF is not set +# CONFIG_LOGIRUMBLEPAD2_FF is not set +# CONFIG_LOGIG940_FF is not set +# CONFIG_LOGIWHEELS_FF is not set +# CONFIG_HID_MAGICMOUSE is not set +CONFIG_HID_MICROSOFT=y +CONFIG_HID_MONTEREY=y +# CONFIG_HID_MULTITOUCH is not set +# CONFIG_HID_ORTEK is not set +# CONFIG_HID_PANTHERLORD is not set +# CONFIG_HID_PETALYNX is not set +# CONFIG_HID_PICOLCD is not set +CONFIG_HID_PLANTRONICS=y +# CONFIG_HID_PRIMAX is not set +# CONFIG_HID_SAITEK is not set +# CONFIG_HID_SAMSUNG is not set +# CONFIG_HID_SPEEDLINK is not set +# CONFIG_HID_STEELSERIES is not set +# CONFIG_HID_SUNPLUS is not set +# CONFIG_HID_RMI is not set +# CONFIG_HID_GREENASIA is not set +# CONFIG_HID_SMARTJOYPLUS is not set +# CONFIG_HID_TIVO is not set +# CONFIG_HID_TOPSEED is not set +# CONFIG_HID_THRUSTMASTER is not set +# CONFIG_HID_WACOM is not set +# CONFIG_HID_XINMO is not set +# CONFIG_HID_ZEROPLUS is not set +# CONFIG_HID_ZYDACRON is not set +# CONFIG_HID_SENSOR_HUB is not set +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +CONFIG_USB_SUPPORT=y +CONFIG_USB_ARCH_HAS_HCD=y +# CONFIG_USB is not set + +# +# USB port drivers +# + +# +# USB Physical Layer drivers +# +# CONFIG_USB_PHY is not set +# CONFIG_NOP_USB_XCEIV is not set +# CONFIG_USB_GADGET is not set +# CONFIG_UWB is not set +# CONFIG_MMC is not set +# CONFIG_MEMSTICK is not set +# CONFIG_NEW_LEDS is not set +# CONFIG_ACCESSIBILITY is not set +# CONFIG_INFINIBAND is not set +CONFIG_EDAC_ATOMIC_SCRUB=y +CONFIG_EDAC_SUPPORT=y +# CONFIG_EDAC is not set +CONFIG_RTC_LIB=y +# CONFIG_RTC_CLASS is not set +# CONFIG_DMADEVICES is not set +# CONFIG_AUXDISPLAY is not set +# CONFIG_UIO is not set +# CONFIG_VIRT_DRIVERS is not set +CONFIG_VIRTIO=y + +# +# Virtio drivers +# +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_BALLOON=y +# CONFIG_VIRTIO_INPUT is not set +CONFIG_VIRTIO_MMIO=y +# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set + +# +# Microsoft Hyper-V guest support +# +# CONFIG_STAGING is not set +CONFIG_X86_PLATFORM_DEVICES=y +# CONFIG_ACERHDF is not set +# CONFIG_DELL_SMO8800 is not set +# CONFIG_FUJITSU_TABLET is not set +# CONFIG_HP_ACCEL is not set +# CONFIG_HP_WIRELESS is not set +# CONFIG_SENSORS_HDAPS is not set +# CONFIG_INTEL_MENLOW is not set +# CONFIG_ASUS_WIRELESS is not set +# CONFIG_ACPI_WMI is not set +# CONFIG_TOPSTAR_LAPTOP is not set +# CONFIG_TOSHIBA_BT_RFKILL is not set +# CONFIG_TOSHIBA_HAPS is not set +# CONFIG_ACPI_CMPC is not set +# CONFIG_INTEL_HID_EVENT is not set +# CONFIG_INTEL_IPS is not set +# CONFIG_IBM_RTL is not set +# CONFIG_SAMSUNG_Q10 is not set +# CONFIG_INTEL_RST is not set +# CONFIG_INTEL_SMARTCONNECT is not set +# CONFIG_PVPANIC is not set +# CONFIG_INTEL_PMC_IPC is not set +# CONFIG_SURFACE_PRO3_BUTTON is not set +# CONFIG_INTEL_PUNIT_IPC is not set +# CONFIG_CHROME_PLATFORMS is not set + +# +# Hardware Spinlock drivers +# + +# +# Clock Source drivers +# +CONFIG_CLKEVT_I8253=y +CONFIG_I8253_LOCK=y +CONFIG_CLKBLD_I8253=y +# CONFIG_ATMEL_PIT is not set +# CONFIG_SH_TIMER_CMT is not set +# CONFIG_SH_TIMER_MTU2 is not set +# CONFIG_SH_TIMER_TMU is not set +# CONFIG_EM_TIMER_STI is not set +# CONFIG_MAILBOX is not set +CONFIG_IOMMU_SUPPORT=y + +# +# Generic IOMMU Pagetable Support +# +# CONFIG_AMD_IOMMU is not set +# CONFIG_INTEL_IOMMU is not set +# CONFIG_IRQ_REMAP is not set + +# +# Remoteproc drivers +# +# CONFIG_STE_MODEM_RPROC is not set + +# +# Rpmsg drivers +# + +# +# SOC (System On Chip) specific Drivers +# +# CONFIG_SUNXI_SRAM is not set +# CONFIG_SOC_TI is not set +# CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +# CONFIG_IIO is not set +# CONFIG_NTB is not set +# CONFIG_VME_BUS is not set +# CONFIG_PWM is not set +CONFIG_ARM_GIC_MAX_NR=1 +# CONFIG_TS4800_IRQ is not set +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set +# CONFIG_FMC is not set + +# +# PHY Subsystem +# +# CONFIG_GENERIC_PHY is not set +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# CONFIG_BCM_KONA_USB2_PHY is not set +# CONFIG_POWERCAP is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# CONFIG_RAS is not set +# CONFIG_THUNDERBOLT is not set + +# +# Android +# +# CONFIG_ANDROID is not set +# CONFIG_LIBNVDIMM is not set +# CONFIG_NVMEM is not set +# CONFIG_STM is not set +# CONFIG_STM_DUMMY is not set +# CONFIG_STM_SOURCE_CONSOLE is not set +# CONFIG_INTEL_TH is not set + +# +# FPGA Configuration Support +# +# CONFIG_FPGA is not set + +# +# Firmware Drivers +# +# CONFIG_EDD is not set +CONFIG_FIRMWARE_MEMMAP=y +# CONFIG_DELL_RBU is not set +# CONFIG_DCDBAS is not set +CONFIG_DMIID=y +# CONFIG_DMI_SYSFS is not set +CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y +# CONFIG_ISCSI_IBFT_FIND is not set +# CONFIG_GOOGLE_FIRMWARE is not set + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +CONFIG_EXT2_FS=y +# CONFIG_EXT2_FS_XATTR is not set +CONFIG_EXT3_FS=y +# CONFIG_EXT3_FS_POSIX_ACL is not set +# CONFIG_EXT3_FS_SECURITY is not set +CONFIG_EXT4_FS=y +# CONFIG_EXT4_FS_POSIX_ACL is not set +# CONFIG_EXT4_FS_SECURITY is not set +# CONFIG_EXT4_ENCRYPTION is not set +# CONFIG_EXT4_DEBUG is not set +CONFIG_JBD2=y +# CONFIG_JBD2_DEBUG is not set +CONFIG_FS_MBCACHE=y +CONFIG_REISERFS_FS=y +# CONFIG_REISERFS_CHECK is not set +# CONFIG_REISERFS_PROC_INFO is not set +# CONFIG_REISERFS_FS_XATTR is not set +# CONFIG_JFS_FS is not set +# CONFIG_XFS_FS is not set +# CONFIG_GFS2_FS is not set +# CONFIG_BTRFS_FS is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +# CONFIG_FS_DAX is not set +CONFIG_FS_POSIX_ACL=y +CONFIG_FILE_LOCKING=y +CONFIG_MANDATORY_FILE_LOCKING=y +CONFIG_FSNOTIFY=y +CONFIG_DNOTIFY=y +CONFIG_INOTIFY_USER=y +# CONFIG_FANOTIFY is not set +CONFIG_QUOTA=y +# CONFIG_QUOTA_NETLINK_INTERFACE is not set +CONFIG_PRINT_QUOTA_WARNING=y +# CONFIG_QUOTA_DEBUG is not set +# CONFIG_QFMT_V1 is not set +# CONFIG_QFMT_V2 is not set +CONFIG_QUOTACTL=y +CONFIG_AUTOFS4_FS=y +# CONFIG_FUSE_FS is not set +# CONFIG_OVERLAY_FS is not set + +# +# Caches +# +# CONFIG_FSCACHE is not set + +# +# CD-ROM/DVD Filesystems +# +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +# CONFIG_ZISOFS is not set +# CONFIG_UDF_FS is not set + +# +# DOS/FAT/NT Filesystems +# +# CONFIG_MSDOS_FS is not set +# CONFIG_VFAT_FS is not set +# CONFIG_NTFS_FS is not set + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +CONFIG_PROC_KCORE=y +CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y +# CONFIG_PROC_CHILDREN is not set +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +# CONFIG_TMPFS_POSIX_ACL is not set +# CONFIG_TMPFS_XATTR is not set +# CONFIG_HUGETLBFS is not set +# CONFIG_HUGETLB_PAGE is not set +# CONFIG_CONFIGFS_FS is not set +CONFIG_MISC_FILESYSTEMS=y +# CONFIG_ADFS_FS is not set +# CONFIG_AFFS_FS is not set +# CONFIG_HFS_FS is not set +# CONFIG_HFSPLUS_FS is not set +# CONFIG_BEFS_FS is not set +# CONFIG_BFS_FS is not set +# CONFIG_EFS_FS is not set +# CONFIG_LOGFS is not set +# CONFIG_CRAMFS is not set +# CONFIG_SQUASHFS is not set +# CONFIG_VXFS_FS is not set +# CONFIG_MINIX_FS is not set +# CONFIG_OMFS_FS is not set +# CONFIG_HPFS_FS is not set +# CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set +# CONFIG_ROMFS_FS is not set +# CONFIG_PSTORE is not set +# CONFIG_SYSV_FS is not set +# CONFIG_UFS_FS is not set +CONFIG_NETWORK_FILESYSTEMS=y +# CONFIG_NFS_FS is not set +# CONFIG_NFSD is not set +# CONFIG_CEPH_FS is not set +# CONFIG_CIFS is not set +# CONFIG_NCP_FS is not set +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_9P_FS=y +CONFIG_9P_FS_POSIX_ACL=y +# CONFIG_9P_FS_SECURITY is not set +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="iso8859-1" +# CONFIG_NLS_CODEPAGE_437 is not set +# CONFIG_NLS_CODEPAGE_737 is not set +# CONFIG_NLS_CODEPAGE_775 is not set +# CONFIG_NLS_CODEPAGE_850 is not set +# CONFIG_NLS_CODEPAGE_852 is not set +# CONFIG_NLS_CODEPAGE_855 is not set +# CONFIG_NLS_CODEPAGE_857 is not set +# CONFIG_NLS_CODEPAGE_860 is not set +# CONFIG_NLS_CODEPAGE_861 is not set +# CONFIG_NLS_CODEPAGE_862 is not set +# CONFIG_NLS_CODEPAGE_863 is not set +# CONFIG_NLS_CODEPAGE_864 is not set +# CONFIG_NLS_CODEPAGE_865 is not set +# CONFIG_NLS_CODEPAGE_866 is not set +# CONFIG_NLS_CODEPAGE_869 is not set +# CONFIG_NLS_CODEPAGE_936 is not set +# CONFIG_NLS_CODEPAGE_950 is not set +# CONFIG_NLS_CODEPAGE_932 is not set +# CONFIG_NLS_CODEPAGE_949 is not set +# CONFIG_NLS_CODEPAGE_874 is not set +# CONFIG_NLS_ISO8859_8 is not set +# CONFIG_NLS_CODEPAGE_1250 is not set +# CONFIG_NLS_CODEPAGE_1251 is not set +# CONFIG_NLS_ASCII is not set +# CONFIG_NLS_ISO8859_1 is not set +# CONFIG_NLS_ISO8859_2 is not set +# CONFIG_NLS_ISO8859_3 is not set +# CONFIG_NLS_ISO8859_4 is not set +# CONFIG_NLS_ISO8859_5 is not set +# CONFIG_NLS_ISO8859_6 is not set +# CONFIG_NLS_ISO8859_7 is not set +# CONFIG_NLS_ISO8859_9 is not set +# CONFIG_NLS_ISO8859_13 is not set +# CONFIG_NLS_ISO8859_14 is not set +# CONFIG_NLS_ISO8859_15 is not set +# CONFIG_NLS_KOI8_R is not set +# CONFIG_NLS_KOI8_U is not set +# CONFIG_NLS_MAC_ROMAN is not set +# CONFIG_NLS_MAC_CELTIC is not set +# CONFIG_NLS_MAC_CENTEURO is not set +# CONFIG_NLS_MAC_CROATIAN is not set +# CONFIG_NLS_MAC_CYRILLIC is not set +# CONFIG_NLS_MAC_GAELIC is not set +# CONFIG_NLS_MAC_GREEK is not set +# CONFIG_NLS_MAC_ICELAND is not set +# CONFIG_NLS_MAC_INUIT is not set +# CONFIG_NLS_MAC_ROMANIAN is not set +# CONFIG_NLS_MAC_TURKISH is not set +# CONFIG_NLS_UTF8 is not set + +# +# Kernel hacking +# +CONFIG_TRACE_IRQFLAGS_SUPPORT=y + +# +# printk and dmesg options +# +# CONFIG_PRINTK_TIME is not set +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_BOOT_PRINTK_DELAY is not set + +# +# Compile-time checks and compiler options +# +CONFIG_DEBUG_INFO=y +# CONFIG_DEBUG_INFO_REDUCED is not set +# CONFIG_DEBUG_INFO_SPLIT is not set +# CONFIG_DEBUG_INFO_DWARF4 is not set +# CONFIG_GDB_SCRIPTS is not set +CONFIG_ENABLE_WARN_DEPRECATED=y +CONFIG_ENABLE_MUST_CHECK=y +CONFIG_FRAME_WARN=1024 +# CONFIG_STRIP_ASM_SYMS is not set +# CONFIG_READABLE_ASM is not set +# CONFIG_UNUSED_SYMBOLS is not set +# CONFIG_PAGE_OWNER is not set +# CONFIG_DEBUG_FS is not set +# CONFIG_HEADERS_CHECK is not set +# CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +CONFIG_ARCH_WANT_FRAME_POINTERS=y +CONFIG_FRAME_POINTER=y +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +# CONFIG_MAGIC_SYSRQ is not set +CONFIG_DEBUG_KERNEL=y + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +# CONFIG_DEBUG_OBJECTS is not set +# CONFIG_DEBUG_SLAB is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_DEBUG_STACK_USAGE is not set +# CONFIG_DEBUG_VM is not set +# CONFIG_DEBUG_VIRTUAL is not set +CONFIG_DEBUG_MEMORY_INIT=y +CONFIG_HAVE_DEBUG_STACKOVERFLOW=y +# CONFIG_DEBUG_STACKOVERFLOW is not set +CONFIG_HAVE_ARCH_KMEMCHECK=y +CONFIG_HAVE_ARCH_KASAN=y +# CONFIG_DEBUG_SHIRQ is not set + +# +# Debug Lockups and Hangs +# +# CONFIG_LOCKUP_DETECTOR is not set +CONFIG_DETECT_HUNG_TASK=y +CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 +# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set +CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0 +# CONFIG_WQ_WATCHDOG is not set +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 +CONFIG_PANIC_TIMEOUT=0 +# CONFIG_SCHED_DEBUG is not set +# CONFIG_SCHED_INFO is not set +# CONFIG_SCHEDSTATS is not set +# CONFIG_SCHED_STACK_END_CHECK is not set +# CONFIG_DEBUG_TIMEKEEPING is not set +# CONFIG_TIMER_STATS is not set + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set +# CONFIG_STACKTRACE is not set +# CONFIG_DEBUG_KOBJECT is not set +CONFIG_DEBUG_BUGVERBOSE=y +# CONFIG_DEBUG_LIST is not set +# CONFIG_DEBUG_PI_LIST is not set +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_NOTIFIERS is not set +# CONFIG_DEBUG_CREDENTIALS is not set + +# +# RCU Debugging +# +# CONFIG_PROVE_RCU is not set +# CONFIG_SPARSE_RCU_POINTER is not set +# CONFIG_TORTURE_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +# CONFIG_RCU_TRACE is not set +# CONFIG_RCU_EQS_DEBUG is not set +# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set +# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set +# CONFIG_LATENCYTOP is not set +CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y +# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set +CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_TRACING_SUPPORT=y +CONFIG_FTRACE=y +# CONFIG_FUNCTION_TRACER is not set +# CONFIG_IRQSOFF_TRACER is not set +# CONFIG_SCHED_TRACER is not set +# CONFIG_ENABLE_DEFAULT_TRACERS is not set +# CONFIG_FTRACE_SYSCALLS is not set +# CONFIG_TRACER_SNAPSHOT is not set +CONFIG_BRANCH_PROFILE_NONE=y +# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set +# CONFIG_PROFILE_ALL_BRANCHES is not set +# CONFIG_STACK_TRACER is not set +# CONFIG_BLK_DEV_IO_TRACE is not set +# CONFIG_UPROBE_EVENT is not set +# CONFIG_PROBE_EVENTS is not set +# CONFIG_MMIOTRACE is not set +# CONFIG_TRACEPOINT_BENCHMARK is not set + +# +# Runtime Testing +# +# CONFIG_TEST_LIST_SORT is not set +# CONFIG_BACKTRACE_SELF_TEST is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_ATOMIC64_SELFTEST is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_TEST_STRING_HELPERS is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_PRINTF is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set +# CONFIG_DMA_API_DEBUG is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_MEMTEST is not set +# CONFIG_SAMPLES is not set +CONFIG_HAVE_ARCH_KGDB=y +# CONFIG_KGDB is not set +CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y +# CONFIG_UBSAN is not set +CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y +# CONFIG_STRICT_DEVMEM is not set +CONFIG_X86_VERBOSE_BOOTUP=y +CONFIG_EARLY_PRINTK=y +# CONFIG_EARLY_PRINTK_DBGP is not set +# CONFIG_X86_PTDUMP_CORE is not set +# CONFIG_X86_PTDUMP is not set +CONFIG_DEBUG_RODATA=y +CONFIG_DEBUG_RODATA_TEST=y +# CONFIG_DEBUG_WX is not set +CONFIG_DOUBLEFAULT=y +# CONFIG_DEBUG_TLBFLUSH is not set +# CONFIG_IOMMU_DEBUG is not set +# CONFIG_IOMMU_STRESS is not set +CONFIG_HAVE_MMIOTRACE_SUPPORT=y +CONFIG_IO_DELAY_TYPE_0X80=0 +CONFIG_IO_DELAY_TYPE_0XED=1 +CONFIG_IO_DELAY_TYPE_UDELAY=2 +CONFIG_IO_DELAY_TYPE_NONE=3 +CONFIG_IO_DELAY_0X80=y +# CONFIG_IO_DELAY_0XED is not set +# CONFIG_IO_DELAY_UDELAY is not set +# CONFIG_IO_DELAY_NONE is not set +CONFIG_DEFAULT_IO_DELAY_TYPE=0 +# CONFIG_CPA_DEBUG is not set +# CONFIG_OPTIMIZE_INLINING is not set +# CONFIG_DEBUG_ENTRY is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set +# CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set +CONFIG_X86_DEBUG_FPU=y +# CONFIG_PUNIT_ATOM_DEBUG is not set + +# +# Security options +# +# CONFIG_KEYS is not set +# CONFIG_SECURITY_DMESG_RESTRICT is not set +# CONFIG_SECURITY is not set +# CONFIG_SECURITYFS is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_DEFAULT_SECURITY="" +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_BLKCIPHER=y +CONFIG_CRYPTO_BLKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_RNG_DEFAULT=y +CONFIG_CRYPTO_PCOMP=y +CONFIG_CRYPTO_PCOMP2=y +CONFIG_CRYPTO_AKCIPHER2=y +# CONFIG_CRYPTO_RSA is not set +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +CONFIG_CRYPTO_USER=y +CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y +CONFIG_CRYPTO_GF128MUL=y +CONFIG_CRYPTO_NULL=y +CONFIG_CRYPTO_NULL2=y +CONFIG_CRYPTO_WORKQUEUE=y +CONFIG_CRYPTO_CRYPTD=y +# CONFIG_CRYPTO_MCRYPTD is not set +CONFIG_CRYPTO_AUTHENC=y +CONFIG_CRYPTO_ABLK_HELPER=y +CONFIG_CRYPTO_GLUE_HELPER_X86=y + +# +# Authenticated Encryption with Associated Data +# +CONFIG_CRYPTO_CCM=y +CONFIG_CRYPTO_GCM=y +CONFIG_CRYPTO_CHACHA20POLY1305=y +CONFIG_CRYPTO_SEQIV=y +CONFIG_CRYPTO_ECHAINIV=y + +# +# Block modes +# +CONFIG_CRYPTO_CBC=y +CONFIG_CRYPTO_CTR=y +# CONFIG_CRYPTO_CTS is not set +CONFIG_CRYPTO_ECB=y +CONFIG_CRYPTO_LRW=y +CONFIG_CRYPTO_PCBC=y +CONFIG_CRYPTO_XTS=y +# CONFIG_CRYPTO_KEYWRAP is not set + +# +# Hash modes +# +CONFIG_CRYPTO_CMAC=y +CONFIG_CRYPTO_HMAC=y +CONFIG_CRYPTO_XCBC=y +# CONFIG_CRYPTO_VMAC is not set + +# +# Digest +# +CONFIG_CRYPTO_CRC32C=y +# CONFIG_CRYPTO_CRC32C_INTEL is not set +# CONFIG_CRYPTO_CRC32 is not set +# CONFIG_CRYPTO_CRC32_PCLMUL is not set +# CONFIG_CRYPTO_CRCT10DIF is not set +CONFIG_CRYPTO_GHASH=y +CONFIG_CRYPTO_POLY1305=y +CONFIG_CRYPTO_POLY1305_X86_64=y +CONFIG_CRYPTO_MD4=y +CONFIG_CRYPTO_MD5=y +CONFIG_CRYPTO_MICHAEL_MIC=y +CONFIG_CRYPTO_RMD128=y +CONFIG_CRYPTO_RMD160=y +CONFIG_CRYPTO_RMD256=y +CONFIG_CRYPTO_RMD320=y +CONFIG_CRYPTO_SHA1=y +# CONFIG_CRYPTO_SHA1_SSSE3 is not set +CONFIG_CRYPTO_SHA256_SSSE3=y +CONFIG_CRYPTO_SHA512_SSSE3=y +# CONFIG_CRYPTO_SHA1_MB is not set +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA512=y +CONFIG_CRYPTO_TGR192=y +CONFIG_CRYPTO_WP512=y +# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set + +# +# Ciphers +# +CONFIG_CRYPTO_AES=y +CONFIG_CRYPTO_AES_X86_64=y +CONFIG_CRYPTO_AES_NI_INTEL=y +CONFIG_CRYPTO_ANUBIS=y +CONFIG_CRYPTO_ARC4=y +CONFIG_CRYPTO_BLOWFISH=y +CONFIG_CRYPTO_BLOWFISH_COMMON=y +CONFIG_CRYPTO_BLOWFISH_X86_64=y +CONFIG_CRYPTO_CAMELLIA=y +CONFIG_CRYPTO_CAMELLIA_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y +CONFIG_CRYPTO_CAST_COMMON=y +CONFIG_CRYPTO_CAST5=y +CONFIG_CRYPTO_CAST5_AVX_X86_64=y +CONFIG_CRYPTO_CAST6=y +CONFIG_CRYPTO_CAST6_AVX_X86_64=y +CONFIG_CRYPTO_DES=y +# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set +CONFIG_CRYPTO_FCRYPT=y +CONFIG_CRYPTO_KHAZAD=y +CONFIG_CRYPTO_SALSA20=y +CONFIG_CRYPTO_SALSA20_X86_64=y +CONFIG_CRYPTO_CHACHA20=y +CONFIG_CRYPTO_CHACHA20_X86_64=y +CONFIG_CRYPTO_SEED=y +CONFIG_CRYPTO_SERPENT=y +CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX2_X86_64=y +CONFIG_CRYPTO_TEA=y +CONFIG_CRYPTO_TWOFISH=y +CONFIG_CRYPTO_TWOFISH_COMMON=y +CONFIG_CRYPTO_TWOFISH_X86_64=y +CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y +CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y + +# +# Compression +# +CONFIG_CRYPTO_DEFLATE=y +CONFIG_CRYPTO_ZLIB=y +CONFIG_CRYPTO_LZO=y +CONFIG_CRYPTO_842=y +CONFIG_CRYPTO_LZ4=y +CONFIG_CRYPTO_LZ4HC=y + +# +# Random Number Generation +# +# CONFIG_CRYPTO_ANSI_CPRNG is not set +CONFIG_CRYPTO_DRBG_MENU=y +CONFIG_CRYPTO_DRBG_HMAC=y +CONFIG_CRYPTO_DRBG_HASH=y +CONFIG_CRYPTO_DRBG_CTR=y +CONFIG_CRYPTO_DRBG=y +CONFIG_CRYPTO_JITTERENTROPY=y +CONFIG_CRYPTO_USER_API=y +CONFIG_CRYPTO_USER_API_HASH=y +CONFIG_CRYPTO_USER_API_SKCIPHER=y +# CONFIG_CRYPTO_USER_API_RNG is not set +CONFIG_CRYPTO_USER_API_AEAD=y +# CONFIG_CRYPTO_HW is not set + +# +# Certificates for signature checking +# +CONFIG_HAVE_KVM=y +CONFIG_VIRTUALIZATION=y +# CONFIG_KVM is not set +# CONFIG_BINARY_PRINTF is not set + +# +# Library routines +# +CONFIG_BITREVERSE=y +# CONFIG_HAVE_ARCH_BITREVERSE is not set +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +CONFIG_GENERIC_FIND_FIRST_BIT=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y +CONFIG_GENERIC_IO=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_CRC_CCITT=y +CONFIG_CRC16=y +# CONFIG_CRC_T10DIF is not set +CONFIG_CRC_ITU_T=y +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +CONFIG_CRC7=y +CONFIG_LIBCRC32C=y +# CONFIG_CRC8 is not set +# CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set +# CONFIG_RANDOM32_SELFTEST is not set +CONFIG_842_COMPRESS=y +CONFIG_842_DECOMPRESS=y +CONFIG_ZLIB_INFLATE=y +CONFIG_ZLIB_DEFLATE=y +CONFIG_LZO_COMPRESS=y +CONFIG_LZO_DECOMPRESS=y +CONFIG_LZ4_COMPRESS=y +CONFIG_LZ4HC_COMPRESS=y +CONFIG_LZ4_DECOMPRESS=y +# CONFIG_XZ_DEC is not set +# CONFIG_XZ_DEC_BCJ is not set +CONFIG_TEXTSEARCH=y +CONFIG_TEXTSEARCH_KMP=y +CONFIG_TEXTSEARCH_BM=y +CONFIG_TEXTSEARCH_FSM=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +CONFIG_DQL=y +CONFIG_NLATTR=y +CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y +# CONFIG_CORDIC is not set +# CONFIG_DDR is not set +# CONFIG_IRQ_POLL is not set +# CONFIG_SG_SPLIT is not set +CONFIG_ARCH_HAS_SG_CHAIN=y +CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_ARCH_HAS_MMIO_FLUSH=y diff --git a/testing/config/kernel/config-4.6 b/testing/config/kernel/config-4.6 new file mode 100644 index 000000000..c6b6e914f --- /dev/null +++ b/testing/config/kernel/config-4.6 @@ -0,0 +1,2432 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86 4.6.3 Kernel Configuration +# +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_INSTRUCTION_DECODER=y +CONFIG_PERF_EVENTS_INTEL_UNCORE=y +CONFIG_OUTPUT_FORMAT="elf64-x86-64" +CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig" +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_MMU=y +CONFIG_ARCH_MMAP_RND_BITS_MIN=28 +CONFIG_ARCH_MMAP_RND_BITS_MAX=32 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_GENERIC_ISA_DMA=y +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_GENERIC_HWEIGHT=y +CONFIG_ARCH_MAY_HAVE_PC_FDC=y +CONFIG_RWSEM_XCHGADD_ALGORITHM=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_HAS_CPU_RELAX=y +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_SUSPEND_POSSIBLE=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_ZONE_DMA32=y +CONFIG_AUDIT_ARCH=y +CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11" +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_DEBUG_RODATA=y +CONFIG_PGTABLE_LEVELS=4 +CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_EXTABLE_SORT=y + +# +# General setup +# +CONFIG_BROKEN_ON_SMP=y +CONFIG_INIT_ENV_ARG_LIMIT=32 +CONFIG_CROSS_COMPILE="" +# CONFIG_COMPILE_TEST is not set +CONFIG_LOCALVERSION="" +CONFIG_LOCALVERSION_AUTO=y +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_BZIP2=y +CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_HAVE_KERNEL_LZ4=y +CONFIG_KERNEL_GZIP=y +# CONFIG_KERNEL_BZIP2 is not set +# CONFIG_KERNEL_LZMA is not set +# CONFIG_KERNEL_XZ is not set +# CONFIG_KERNEL_LZO is not set +# CONFIG_KERNEL_LZ4 is not set +CONFIG_DEFAULT_HOSTNAME="(none)" +CONFIG_SWAP=y +CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y +CONFIG_POSIX_MQUEUE=y +CONFIG_POSIX_MQUEUE_SYSCTL=y +CONFIG_CROSS_MEMORY_ATTACH=y +CONFIG_FHANDLE=y +CONFIG_USELIB=y +# CONFIG_AUDIT is not set +CONFIG_HAVE_ARCH_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_MSI_IRQ=y +CONFIG_GENERIC_MSI_IRQ_DOMAIN=y +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_ARCH_CLOCKSOURCE_DATA=y +CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +CONFIG_NO_HZ_IDLE=y +CONFIG_NO_HZ=y +CONFIG_HIGH_RES_TIMERS=y + +# +# CPU/Task time and stats accounting +# +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set +# CONFIG_IRQ_TIME_ACCOUNTING is not set +CONFIG_BSD_PROCESS_ACCT=y +# CONFIG_BSD_PROCESS_ACCT_V3 is not set +# CONFIG_TASKSTATS is not set + +# +# RCU Subsystem +# +CONFIG_TINY_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_SRCU=y +# CONFIG_TASKS_RCU is not set +# CONFIG_RCU_STALL_COMMON is not set +# CONFIG_TREE_RCU_TRACE is not set +# CONFIG_RCU_EXPEDITE_BOOT is not set +CONFIG_BUILD_BIN2C=y +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +CONFIG_LOG_BUF_SHIFT=14 +CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_SUPPORTS_INT128=y +CONFIG_CGROUPS=y +CONFIG_PAGE_COUNTER=y +CONFIG_MEMCG=y +CONFIG_MEMCG_SWAP=y +CONFIG_MEMCG_SWAP_ENABLED=y +CONFIG_BLK_CGROUP=y +# CONFIG_DEBUG_BLK_CGROUP is not set +CONFIG_CGROUP_WRITEBACK=y +CONFIG_CGROUP_SCHED=y +CONFIG_FAIR_GROUP_SCHED=y +CONFIG_CFS_BANDWIDTH=y +# CONFIG_RT_GROUP_SCHED is not set +CONFIG_CGROUP_PIDS=y +CONFIG_CGROUP_FREEZER=y +CONFIG_CPUSETS=y +CONFIG_PROC_PID_CPUSET=y +CONFIG_CGROUP_DEVICE=y +CONFIG_CGROUP_CPUACCT=y +CONFIG_CGROUP_PERF=y +# CONFIG_CGROUP_DEBUG is not set +# CONFIG_CHECKPOINT_RESTORE is not set +CONFIG_NAMESPACES=y +# CONFIG_UTS_NS is not set +# CONFIG_IPC_NS is not set +# CONFIG_USER_NS is not set +# CONFIG_PID_NS is not set +# CONFIG_NET_NS is not set +# CONFIG_SCHED_AUTOGROUP is not set +# CONFIG_SYSFS_DEPRECATED is not set +# CONFIG_RELAY is not set +# CONFIG_BLK_DEV_INITRD is not set +CONFIG_CC_OPTIMIZE_FOR_SIZE=y +CONFIG_SYSCTL=y +CONFIG_ANON_INODES=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_HAVE_PCSPKR_PLATFORM=y +CONFIG_BPF=y +# CONFIG_EXPERT is not set +CONFIG_MULTIUSER=y +CONFIG_SGETMASK_SYSCALL=y +CONFIG_SYSFS_SYSCALL=y +# CONFIG_SYSCTL_SYSCALL is not set +CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_ALL is not set +# CONFIG_KALLSYMS_ABSOLUTE_PERCPU is not set +CONFIG_KALLSYMS_BASE_RELATIVE=y +CONFIG_PRINTK=y +CONFIG_BUG=y +CONFIG_ELF_CORE=y +CONFIG_PCSPKR_PLATFORM=y +CONFIG_BASE_FULL=y +CONFIG_FUTEX=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +# CONFIG_BPF_SYSCALL is not set +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_ADVISE_SYSCALLS=y +# CONFIG_USERFAULTFD is not set +CONFIG_PCI_QUIRKS=y +CONFIG_MEMBARRIER=y +# CONFIG_EMBEDDED is not set +CONFIG_HAVE_PERF_EVENTS=y + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +CONFIG_VM_EVENT_COUNTERS=y +CONFIG_COMPAT_BRK=y +CONFIG_SLAB=y +# CONFIG_SLUB is not set +# CONFIG_SYSTEM_DATA_VERIFICATION is not set +# CONFIG_PROFILING is not set +CONFIG_HAVE_OPROFILE=y +CONFIG_OPROFILE_NMI_TIMER=y +# CONFIG_JUMP_LABEL is not set +# CONFIG_UPROBES is not set +# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_ARCH_USE_BUILTIN_BSWAP=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KPROBES=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_OPTPROBES=y +CONFIG_HAVE_KPROBES_ON_FTRACE=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_DMA_API_DEBUG=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y +CONFIG_HAVE_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP_FILTER=y +CONFIG_HAVE_CC_STACKPROTECTOR=y +CONFIG_CC_STACKPROTECTOR=y +# CONFIG_CC_STACKPROTECTOR_NONE is not set +CONFIG_CC_STACKPROTECTOR_REGULAR=y +# CONFIG_CC_STACKPROTECTOR_STRONG is not set +CONFIG_HAVE_CONTEXT_TRACKING=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_HAVE_ARCH_SOFT_DIRTY=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_ARCH_MMAP_RND_BITS=y +CONFIG_ARCH_MMAP_RND_BITS=28 +CONFIG_HAVE_COPY_THREAD_TLS=y +CONFIG_HAVE_STACK_VALIDATION=y + +# +# GCOV-based kernel profiling +# +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set +CONFIG_SLABINFO=y +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=0 +# CONFIG_MODULES is not set +CONFIG_MODULES_TREE_LOOKUP=y +CONFIG_BLOCK=y +# CONFIG_BLK_DEV_BSG is not set +# CONFIG_BLK_DEV_BSGLIB is not set +# CONFIG_BLK_DEV_INTEGRITY is not set +# CONFIG_BLK_DEV_THROTTLING is not set +# CONFIG_BLK_CMDLINE_PARSER is not set + +# +# Partition Types +# +# CONFIG_PARTITION_ADVANCED is not set +CONFIG_MSDOS_PARTITION=y +CONFIG_EFI_PARTITION=y + +# +# IO Schedulers +# +CONFIG_IOSCHED_NOOP=y +CONFIG_IOSCHED_DEADLINE=y +CONFIG_IOSCHED_CFQ=y +# CONFIG_CFQ_GROUP_IOSCHED is not set +# CONFIG_DEFAULT_DEADLINE is not set +CONFIG_DEFAULT_CFQ=y +# CONFIG_DEFAULT_NOOP is not set +CONFIG_DEFAULT_IOSCHED="cfq" +CONFIG_INLINE_SPIN_UNLOCK_IRQ=y +CONFIG_INLINE_READ_UNLOCK=y +CONFIG_INLINE_READ_UNLOCK_IRQ=y +CONFIG_INLINE_WRITE_UNLOCK=y +CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_FREEZER=y + +# +# Processor type and features +# +CONFIG_ZONE_DMA=y +# CONFIG_SMP is not set +CONFIG_X86_FEATURE_NAMES=y +CONFIG_X86_FAST_FEATURE_TESTS=y +CONFIG_X86_MPPARSE=y +# CONFIG_GOLDFISH is not set +CONFIG_X86_EXTENDED_PLATFORM=y +# CONFIG_X86_GOLDFISH is not set +# CONFIG_X86_INTEL_MID is not set +# CONFIG_X86_INTEL_LPSS is not set +# CONFIG_X86_AMD_PLATFORM_DEVICE is not set +CONFIG_IOSF_MBI=y +CONFIG_SCHED_OMIT_FRAME_POINTER=y +# CONFIG_HYPERVISOR_GUEST is not set +CONFIG_NO_BOOTMEM=y +# CONFIG_MK8 is not set +# CONFIG_MPSC is not set +CONFIG_MCORE2=y +# CONFIG_MATOM is not set +# CONFIG_GENERIC_CPU is not set +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 +CONFIG_X86_L1_CACHE_SHIFT=6 +CONFIG_X86_INTEL_USERCOPY=y +CONFIG_X86_USE_PPRO_CHECKSUM=y +CONFIG_X86_P6_NOP=y +CONFIG_X86_TSC=y +CONFIG_X86_CMPXCHG64=y +CONFIG_X86_CMOV=y +CONFIG_X86_MINIMUM_CPU_FAMILY=64 +CONFIG_X86_DEBUGCTLMSR=y +CONFIG_CPU_SUP_INTEL=y +CONFIG_CPU_SUP_AMD=y +CONFIG_CPU_SUP_CENTAUR=y +CONFIG_HPET_TIMER=y +CONFIG_DMI=y +CONFIG_GART_IOMMU=y +# CONFIG_CALGARY_IOMMU is not set +CONFIG_SWIOTLB=y +CONFIG_IOMMU_HELPER=y +CONFIG_NR_CPUS=1 +CONFIG_PREEMPT_NONE=y +# CONFIG_PREEMPT_VOLUNTARY is not set +# CONFIG_PREEMPT is not set +CONFIG_UP_LATE_INIT=y +CONFIG_X86_LOCAL_APIC=y +CONFIG_X86_IO_APIC=y +# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set +# CONFIG_X86_MCE is not set +# CONFIG_VM86 is not set +CONFIG_X86_16BIT=y +CONFIG_X86_ESPFIX64=y +CONFIG_X86_VSYSCALL_EMULATION=y +# CONFIG_I8K is not set +CONFIG_MICROCODE=y +CONFIG_MICROCODE_INTEL=y +# CONFIG_MICROCODE_AMD is not set +CONFIG_MICROCODE_OLD_INTERFACE=y +# CONFIG_PERF_EVENTS_AMD_POWER is not set +# CONFIG_X86_MSR is not set +# CONFIG_X86_CPUID is not set +CONFIG_ARCH_PHYS_ADDR_T_64BIT=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_X86_DIRECT_GBPAGES=y +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_DEFAULT=y +CONFIG_ARCH_SELECT_MEMORY_MODEL=y +CONFIG_ARCH_MEMORY_PROBE=y +CONFIG_ARCH_PROC_KCORE_TEXT=y +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +CONFIG_SELECT_MEMORY_MODEL=y +CONFIG_SPARSEMEM_MANUAL=y +CONFIG_SPARSEMEM=y +CONFIG_HAVE_MEMORY_PRESENT=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_HAVE_MEMBLOCK=y +CONFIG_HAVE_MEMBLOCK_NODE_MAP=y +CONFIG_ARCH_DISCARD_MEMBLOCK=y +CONFIG_MEMORY_ISOLATION=y +CONFIG_HAVE_BOOTMEM_INFO_NODE=y +CONFIG_MEMORY_HOTPLUG=y +CONFIG_MEMORY_HOTPLUG_SPARSE=y +CONFIG_MEMORY_HOTREMOVE=y +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +CONFIG_MEMORY_BALLOON=y +# CONFIG_COMPACTION is not set +CONFIG_MIGRATION=y +CONFIG_PHYS_ADDR_T_64BIT=y +CONFIG_ZONE_DMA_FLAG=1 +CONFIG_BOUNCE=y +CONFIG_VIRT_TO_BUS=y +# CONFIG_KSM is not set +CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +# CONFIG_TRANSPARENT_HUGEPAGE is not set +CONFIG_NEED_PER_CPU_KM=y +# CONFIG_CLEANCACHE is not set +# CONFIG_FRONTSWAP is not set +# CONFIG_CMA is not set +# CONFIG_ZPOOL is not set +# CONFIG_ZBUD is not set +# CONFIG_ZSMALLOC is not set +CONFIG_GENERIC_EARLY_IOREMAP=y +CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y +# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set +# CONFIG_IDLE_PAGE_TRACKING is not set +CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y +CONFIG_ARCH_HAS_PKEYS=y +# CONFIG_X86_PMEM_LEGACY is not set +# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set +CONFIG_X86_RESERVE_LOW=64 +CONFIG_MTRR=y +CONFIG_MTRR_SANITIZER=y +CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0 +CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 +CONFIG_X86_PAT=y +CONFIG_ARCH_USES_PG_UNCACHED=y +CONFIG_ARCH_RANDOM=y +CONFIG_X86_SMAP=y +# CONFIG_X86_INTEL_MPX is not set +CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y +# CONFIG_EFI is not set +CONFIG_SECCOMP=y +# CONFIG_HZ_100 is not set +CONFIG_HZ_250=y +# CONFIG_HZ_300 is not set +# CONFIG_HZ_1000 is not set +CONFIG_HZ=250 +CONFIG_SCHED_HRTICK=y +# CONFIG_KEXEC is not set +# CONFIG_KEXEC_FILE is not set +# CONFIG_CRASH_DUMP is not set +CONFIG_PHYSICAL_START=0x1000000 +CONFIG_RELOCATABLE=y +# CONFIG_RANDOMIZE_BASE is not set +CONFIG_PHYSICAL_ALIGN=0x1000000 +# CONFIG_LEGACY_VSYSCALL_NATIVE is not set +CONFIG_LEGACY_VSYSCALL_EMULATE=y +# CONFIG_LEGACY_VSYSCALL_NONE is not set +# CONFIG_CMDLINE_BOOL is not set +CONFIG_MODIFY_LDT_SYSCALL=y +CONFIG_HAVE_LIVEPATCH=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y + +# +# Power management and ACPI options +# +CONFIG_SUSPEND=y +CONFIG_SUSPEND_FREEZER=y +# CONFIG_HIBERNATION is not set +CONFIG_PM_SLEEP=y +# CONFIG_PM_AUTOSLEEP is not set +# CONFIG_PM_WAKELOCKS is not set +CONFIG_PM=y +# CONFIG_PM_DEBUG is not set +# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +# CONFIG_ACPI_DEBUGGER is not set +CONFIG_ACPI_SLEEP=y +# CONFIG_ACPI_PROCFS_POWER is not set +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +# CONFIG_ACPI_EC_DEBUGFS is not set +CONFIG_ACPI_AC=y +CONFIG_ACPI_BATTERY=y +CONFIG_ACPI_BUTTON=y +CONFIG_ACPI_FAN=y +# CONFIG_ACPI_DOCK is not set +CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_PROCESSOR=y +# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set +CONFIG_ACPI_THERMAL=y +# CONFIG_ACPI_CUSTOM_DSDT is not set +# CONFIG_ACPI_DEBUG is not set +# CONFIG_ACPI_PCI_SLOT is not set +CONFIG_X86_PM_TIMER=y +# CONFIG_ACPI_CONTAINER is not set +# CONFIG_ACPI_HOTPLUG_MEMORY is not set +CONFIG_ACPI_HOTPLUG_IOAPIC=y +# CONFIG_ACPI_SBS is not set +# CONFIG_ACPI_HED is not set +# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set +# CONFIG_ACPI_NFIT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +# CONFIG_ACPI_APEI is not set +# CONFIG_PMIC_OPREGION is not set +# CONFIG_SFI is not set + +# +# CPU Frequency scaling +# +# CONFIG_CPU_FREQ is not set + +# +# CPU Idle +# +CONFIG_CPU_IDLE=y +CONFIG_CPU_IDLE_GOV_LADDER=y +CONFIG_CPU_IDLE_GOV_MENU=y +# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set +# CONFIG_INTEL_IDLE is not set + +# +# Memory power savings +# +# CONFIG_I7300_IDLE is not set + +# +# Bus options (PCI etc.) +# +CONFIG_PCI=y +CONFIG_PCI_DIRECT=y +# CONFIG_PCI_MMCONFIG is not set +CONFIG_PCI_DOMAINS=y +# CONFIG_PCIEPORTBUS is not set +CONFIG_PCI_BUS_ADDR_T_64BIT=y +CONFIG_PCI_MSI=y +CONFIG_PCI_MSI_IRQ_DOMAIN=y +# CONFIG_PCI_DEBUG is not set +# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set +# CONFIG_PCI_STUB is not set +CONFIG_HT_IRQ=y +# CONFIG_PCI_IOV is not set +# CONFIG_PCI_PRI is not set +# CONFIG_PCI_PASID is not set +CONFIG_PCI_LABEL=y +# CONFIG_HOTPLUG_PCI is not set + +# +# PCI host controller drivers +# +# CONFIG_PCIE_DW_PLAT is not set +CONFIG_ISA_DMA_API=y +CONFIG_AMD_NB=y +# CONFIG_PCCARD is not set +# CONFIG_RAPIDIO is not set +# CONFIG_X86_SYSFB is not set + +# +# Executable file formats / Emulations +# +CONFIG_BINFMT_ELF=y +# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set +CONFIG_BINFMT_SCRIPT=y +# CONFIG_HAVE_AOUT is not set +# CONFIG_BINFMT_MISC is not set +CONFIG_COREDUMP=y +# CONFIG_IA32_EMULATION is not set +# CONFIG_X86_X32 is not set +CONFIG_X86_DEV_DMA_OPS=y +CONFIG_PMC_ATOM=y +# CONFIG_VMD is not set +CONFIG_NET=y +CONFIG_NET_INGRESS=y + +# +# Networking options +# +CONFIG_PACKET=y +# CONFIG_PACKET_DIAG is not set +CONFIG_UNIX=y +# CONFIG_UNIX_DIAG is not set +CONFIG_XFRM=y +CONFIG_XFRM_ALGO=y +CONFIG_XFRM_USER=y +CONFIG_XFRM_SUB_POLICY=y +CONFIG_XFRM_MIGRATE=y +CONFIG_XFRM_STATISTICS=y +CONFIG_XFRM_IPCOMP=y +CONFIG_NET_KEY=y +CONFIG_NET_KEY_MIGRATE=y +CONFIG_INET=y +# CONFIG_IP_MULTICAST is not set +CONFIG_IP_ADVANCED_ROUTER=y +# CONFIG_IP_FIB_TRIE_STATS is not set +CONFIG_IP_MULTIPLE_TABLES=y +# CONFIG_IP_ROUTE_MULTIPATH is not set +# CONFIG_IP_ROUTE_VERBOSE is not set +CONFIG_IP_ROUTE_CLASSID=y +# CONFIG_IP_PNP is not set +# CONFIG_NET_IPIP is not set +# CONFIG_NET_IPGRE_DEMUX is not set +CONFIG_NET_IP_TUNNEL=y +# CONFIG_SYN_COOKIES is not set +# CONFIG_NET_IPVTI is not set +CONFIG_NET_UDP_TUNNEL=y +# CONFIG_NET_FOU is not set +CONFIG_INET_AH=y +CONFIG_INET_ESP=y +CONFIG_INET_IPCOMP=y +CONFIG_INET_XFRM_TUNNEL=y +CONFIG_INET_TUNNEL=y +CONFIG_INET_XFRM_MODE_TRANSPORT=y +CONFIG_INET_XFRM_MODE_TUNNEL=y +CONFIG_INET_XFRM_MODE_BEET=y +CONFIG_INET_DIAG=y +CONFIG_INET_TCP_DIAG=y +# CONFIG_INET_UDP_DIAG is not set +# CONFIG_INET_DIAG_DESTROY is not set +# CONFIG_TCP_CONG_ADVANCED is not set +CONFIG_TCP_CONG_CUBIC=y +CONFIG_DEFAULT_TCP_CONG="cubic" +# CONFIG_TCP_MD5SIG is not set +CONFIG_IPV6=y +# CONFIG_IPV6_ROUTER_PREF is not set +CONFIG_IPV6_OPTIMISTIC_DAD=y +CONFIG_INET6_AH=y +CONFIG_INET6_ESP=y +CONFIG_INET6_IPCOMP=y +CONFIG_IPV6_MIP6=y +# CONFIG_IPV6_ILA is not set +CONFIG_INET6_XFRM_TUNNEL=y +CONFIG_INET6_TUNNEL=y +CONFIG_INET6_XFRM_MODE_TRANSPORT=y +CONFIG_INET6_XFRM_MODE_TUNNEL=y +CONFIG_INET6_XFRM_MODE_BEET=y +# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set +# CONFIG_IPV6_VTI is not set +# CONFIG_IPV6_SIT is not set +CONFIG_IPV6_TUNNEL=y +CONFIG_IPV6_GRE=y +CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_IPV6_SUBTREES=y +# CONFIG_IPV6_MROUTE is not set +# CONFIG_NETWORK_SECMARK is not set +# CONFIG_NET_PTP_CLASSIFY is not set +# CONFIG_NETWORK_PHY_TIMESTAMPING is not set +CONFIG_NETFILTER=y +# CONFIG_NETFILTER_DEBUG is not set +CONFIG_NETFILTER_ADVANCED=y + +# +# Core Netfilter Configuration +# +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_NETLINK=y +# CONFIG_NETFILTER_NETLINK_ACCT is not set +CONFIG_NETFILTER_NETLINK_QUEUE=y +CONFIG_NETFILTER_NETLINK_LOG=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_LOG_COMMON=y +CONFIG_NF_CONNTRACK_MARK=y +# CONFIG_NF_CONNTRACK_ZONES is not set +CONFIG_NF_CONNTRACK_PROCFS=y +CONFIG_NF_CONNTRACK_EVENTS=y +# CONFIG_NF_CONNTRACK_TIMEOUT is not set +# CONFIG_NF_CONNTRACK_TIMESTAMP is not set +# CONFIG_NF_CT_PROTO_DCCP is not set +# CONFIG_NF_CT_PROTO_SCTP is not set +CONFIG_NF_CT_PROTO_UDPLITE=y +# CONFIG_NF_CONNTRACK_AMANDA is not set +# CONFIG_NF_CONNTRACK_FTP is not set +# CONFIG_NF_CONNTRACK_H323 is not set +# CONFIG_NF_CONNTRACK_IRC is not set +# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set +# CONFIG_NF_CONNTRACK_SNMP is not set +# CONFIG_NF_CONNTRACK_PPTP is not set +CONFIG_NF_CONNTRACK_SANE=y +# CONFIG_NF_CONNTRACK_SIP is not set +# CONFIG_NF_CONNTRACK_TFTP is not set +CONFIG_NF_CT_NETLINK=y +# CONFIG_NF_CT_NETLINK_TIMEOUT is not set +# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set +CONFIG_NF_NAT=y +CONFIG_NF_NAT_NEEDED=y +CONFIG_NF_NAT_PROTO_UDPLITE=y +# CONFIG_NF_NAT_AMANDA is not set +# CONFIG_NF_NAT_FTP is not set +# CONFIG_NF_NAT_IRC is not set +# CONFIG_NF_NAT_SIP is not set +# CONFIG_NF_NAT_TFTP is not set +CONFIG_NF_NAT_REDIRECT=y +# CONFIG_NF_TABLES is not set +CONFIG_NETFILTER_XTABLES=y + +# +# Xtables combined modules +# +CONFIG_NETFILTER_XT_MARK=y +CONFIG_NETFILTER_XT_CONNMARK=y +CONFIG_NETFILTER_XT_SET=y + +# +# Xtables targets +# +# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y +CONFIG_NETFILTER_XT_TARGET_CONNMARK=y +CONFIG_NETFILTER_XT_TARGET_CT=y +CONFIG_NETFILTER_XT_TARGET_DSCP=y +CONFIG_NETFILTER_XT_TARGET_HL=y +# CONFIG_NETFILTER_XT_TARGET_HMARK is not set +# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set +CONFIG_NETFILTER_XT_TARGET_LOG=y +CONFIG_NETFILTER_XT_TARGET_MARK=y +CONFIG_NETFILTER_XT_NAT=y +CONFIG_NETFILTER_XT_TARGET_NETMAP=y +CONFIG_NETFILTER_XT_TARGET_NFLOG=y +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y +CONFIG_NETFILTER_XT_TARGET_NOTRACK=y +# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set +CONFIG_NETFILTER_XT_TARGET_REDIRECT=y +# CONFIG_NETFILTER_XT_TARGET_TEE is not set +# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set +CONFIG_NETFILTER_XT_TARGET_TRACE=y +CONFIG_NETFILTER_XT_TARGET_TCPMSS=y +# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set + +# +# Xtables matches +# +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y +# CONFIG_NETFILTER_XT_MATCH_BPF is not set +# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set +CONFIG_NETFILTER_XT_MATCH_CLUSTER=y +CONFIG_NETFILTER_XT_MATCH_COMMENT=y +CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y +# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y +CONFIG_NETFILTER_XT_MATCH_CONNMARK=y +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y +# CONFIG_NETFILTER_XT_MATCH_CPU is not set +CONFIG_NETFILTER_XT_MATCH_DCCP=y +CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y +CONFIG_NETFILTER_XT_MATCH_DSCP=y +CONFIG_NETFILTER_XT_MATCH_ECN=y +CONFIG_NETFILTER_XT_MATCH_ESP=y +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y +CONFIG_NETFILTER_XT_MATCH_HELPER=y +CONFIG_NETFILTER_XT_MATCH_HL=y +# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set +# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set +CONFIG_NETFILTER_XT_MATCH_L2TP=y +CONFIG_NETFILTER_XT_MATCH_LENGTH=y +CONFIG_NETFILTER_XT_MATCH_LIMIT=y +CONFIG_NETFILTER_XT_MATCH_MAC=y +CONFIG_NETFILTER_XT_MATCH_MARK=y +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y +# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set +# CONFIG_NETFILTER_XT_MATCH_OSF is not set +# CONFIG_NETFILTER_XT_MATCH_OWNER is not set +CONFIG_NETFILTER_XT_MATCH_POLICY=y +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y +CONFIG_NETFILTER_XT_MATCH_QUOTA=y +# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set +CONFIG_NETFILTER_XT_MATCH_REALM=y +# CONFIG_NETFILTER_XT_MATCH_RECENT is not set +CONFIG_NETFILTER_XT_MATCH_SCTP=y +# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set +CONFIG_NETFILTER_XT_MATCH_STATE=y +CONFIG_NETFILTER_XT_MATCH_STATISTIC=y +CONFIG_NETFILTER_XT_MATCH_STRING=y +CONFIG_NETFILTER_XT_MATCH_TCPMSS=y +# CONFIG_NETFILTER_XT_MATCH_TIME is not set +CONFIG_NETFILTER_XT_MATCH_U32=y +CONFIG_IP_SET=y +CONFIG_IP_SET_MAX=256 +CONFIG_IP_SET_BITMAP_IP=y +CONFIG_IP_SET_BITMAP_IPMAC=y +CONFIG_IP_SET_BITMAP_PORT=y +CONFIG_IP_SET_HASH_IP=y +# CONFIG_IP_SET_HASH_IPMARK is not set +CONFIG_IP_SET_HASH_IPPORT=y +CONFIG_IP_SET_HASH_IPPORTIP=y +CONFIG_IP_SET_HASH_IPPORTNET=y +# CONFIG_IP_SET_HASH_MAC is not set +# CONFIG_IP_SET_HASH_NETPORTNET is not set +CONFIG_IP_SET_HASH_NET=y +# CONFIG_IP_SET_HASH_NETNET is not set +CONFIG_IP_SET_HASH_NETPORT=y +# CONFIG_IP_SET_HASH_NETIFACE is not set +CONFIG_IP_SET_LIST_SET=y +# CONFIG_IP_VS is not set + +# +# IP: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV4=y +CONFIG_NF_CONNTRACK_IPV4=y +CONFIG_NF_CONNTRACK_PROC_COMPAT=y +# CONFIG_NF_DUP_IPV4 is not set +# CONFIG_NF_LOG_ARP is not set +CONFIG_NF_LOG_IPV4=y +CONFIG_NF_REJECT_IPV4=y +CONFIG_NF_NAT_IPV4=y +CONFIG_NF_NAT_MASQUERADE_IPV4=y +# CONFIG_NF_NAT_PPTP is not set +# CONFIG_NF_NAT_H323 is not set +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MATCH_AH=y +CONFIG_IP_NF_MATCH_ECN=y +# CONFIG_IP_NF_MATCH_RPFILTER is not set +CONFIG_IP_NF_MATCH_TTL=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_TARGET_REJECT=y +# CONFIG_IP_NF_TARGET_SYNPROXY is not set +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_TARGET_NETMAP=y +CONFIG_IP_NF_TARGET_REDIRECT=y +CONFIG_IP_NF_MANGLE=y +CONFIG_IP_NF_TARGET_CLUSTERIP=y +CONFIG_IP_NF_TARGET_ECN=y +CONFIG_IP_NF_TARGET_TTL=y +CONFIG_IP_NF_RAW=y +CONFIG_IP_NF_ARPTABLES=y +CONFIG_IP_NF_ARPFILTER=y +CONFIG_IP_NF_ARP_MANGLE=y + +# +# IPv6: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV6=y +CONFIG_NF_CONNTRACK_IPV6=y +# CONFIG_NF_DUP_IPV6 is not set +CONFIG_NF_REJECT_IPV6=y +CONFIG_NF_LOG_IPV6=y +CONFIG_NF_NAT_IPV6=y +CONFIG_NF_NAT_MASQUERADE_IPV6=y +CONFIG_IP6_NF_IPTABLES=y +CONFIG_IP6_NF_MATCH_AH=y +CONFIG_IP6_NF_MATCH_EUI64=y +CONFIG_IP6_NF_MATCH_FRAG=y +CONFIG_IP6_NF_MATCH_OPTS=y +CONFIG_IP6_NF_MATCH_HL=y +CONFIG_IP6_NF_MATCH_IPV6HEADER=y +CONFIG_IP6_NF_MATCH_MH=y +# CONFIG_IP6_NF_MATCH_RPFILTER is not set +CONFIG_IP6_NF_MATCH_RT=y +CONFIG_IP6_NF_TARGET_HL=y +CONFIG_IP6_NF_FILTER=y +CONFIG_IP6_NF_TARGET_REJECT=y +# CONFIG_IP6_NF_TARGET_SYNPROXY is not set +CONFIG_IP6_NF_MANGLE=y +CONFIG_IP6_NF_RAW=y +# CONFIG_IP6_NF_NAT is not set +# CONFIG_IP_DCCP is not set +# CONFIG_IP_SCTP is not set +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +CONFIG_L2TP=y +# CONFIG_L2TP_V3 is not set +# CONFIG_BRIDGE is not set +CONFIG_HAVE_NET_DSA=y +# CONFIG_VLAN_8021Q is not set +# CONFIG_DECNET is not set +# CONFIG_LLC2 is not set +# CONFIG_IPX is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_6LOWPAN is not set +# CONFIG_IEEE802154 is not set +# CONFIG_NET_SCHED is not set +# CONFIG_DCB is not set +# CONFIG_BATMAN_ADV is not set +# CONFIG_OPENVSWITCH is not set +# CONFIG_VSOCKETS is not set +# CONFIG_NETLINK_DIAG is not set +# CONFIG_MPLS is not set +# CONFIG_HSR is not set +# CONFIG_NET_SWITCHDEV is not set +# CONFIG_NET_L3_MASTER_DEV is not set +CONFIG_SOCK_CGROUP_DATA=y +CONFIG_CGROUP_NET_PRIO=y +CONFIG_CGROUP_NET_CLASSID=y +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +# CONFIG_HAMRADIO is not set +# CONFIG_CAN is not set +# CONFIG_IRDA is not set +# CONFIG_BT is not set +# CONFIG_AF_RXRPC is not set +# CONFIG_AF_KCM is not set +CONFIG_FIB_RULES=y +CONFIG_WIRELESS=y +# CONFIG_CFG80211 is not set +# CONFIG_LIB80211 is not set + +# +# CFG80211 needs to be enabled for MAC80211 +# +CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 +# CONFIG_WIMAX is not set +# CONFIG_RFKILL is not set +CONFIG_NET_9P=y +CONFIG_NET_9P_VIRTIO=y +# CONFIG_NET_9P_DEBUG is not set +# CONFIG_CAIF is not set +# CONFIG_CEPH_LIB is not set +# CONFIG_NFC is not set +# CONFIG_LWTUNNEL is not set +CONFIG_DST_CACHE=y +# CONFIG_NET_DEVLINK is not set +CONFIG_MAY_USE_DEVLINK=y +CONFIG_HAVE_BPF_JIT=y + +# +# Device Drivers +# + +# +# Generic Driver Options +# +CONFIG_UEVENT_HELPER=y +CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +CONFIG_STANDALONE=y +CONFIG_PREVENT_FIRMWARE_BUILD=y +CONFIG_FW_LOADER=y +CONFIG_FIRMWARE_IN_KERNEL=y +CONFIG_EXTRA_FIRMWARE="" +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set +CONFIG_ALLOW_DEV_COREDUMP=y +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_SYS_HYPERVISOR is not set +# CONFIG_GENERIC_CPU_DEVICES is not set +CONFIG_GENERIC_CPU_AUTOPROBE=y +# CONFIG_DMA_SHARED_BUFFER is not set + +# +# Bus devices +# +# CONFIG_CONNECTOR is not set +# CONFIG_MTD is not set +# CONFIG_OF is not set +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +CONFIG_PNP_DEBUG_MESSAGES=y + +# +# Protocols +# +CONFIG_PNPACPI=y +CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set +# CONFIG_BLK_DEV_FD is not set +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +# CONFIG_BLK_CPQ_CISS_DA is not set +# CONFIG_BLK_DEV_DAC960 is not set +# CONFIG_BLK_DEV_UMEM is not set +# CONFIG_BLK_DEV_COW_COMMON is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +# CONFIG_BLK_DEV_CRYPTOLOOP is not set +# CONFIG_BLK_DEV_DRBD is not set +CONFIG_BLK_DEV_NBD=y +# CONFIG_BLK_DEV_SKD is not set +# CONFIG_BLK_DEV_SX8 is not set +# CONFIG_BLK_DEV_RAM is not set +# CONFIG_CDROM_PKTCDVD is not set +# CONFIG_ATA_OVER_ETH is not set +CONFIG_VIRTIO_BLK=y +# CONFIG_BLK_DEV_HD is not set +# CONFIG_BLK_DEV_RBD is not set +# CONFIG_BLK_DEV_RSXX is not set +# CONFIG_BLK_DEV_NVME is not set + +# +# Misc devices +# +# CONFIG_SENSORS_LIS3LV02D is not set +# CONFIG_DUMMY_IRQ is not set +# CONFIG_IBM_ASM is not set +# CONFIG_PHANTOM is not set +# CONFIG_SGI_IOC4 is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_SRAM is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_93CX6 is not set +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# + +# +# Altera FPGA firmware download module +# +# CONFIG_INTEL_MEI is not set +# CONFIG_INTEL_MEI_ME is not set +# CONFIG_INTEL_MEI_TXE is not set +# CONFIG_VMWARE_VMCI is not set + +# +# Intel MIC Bus Driver +# +# CONFIG_INTEL_MIC_BUS is not set + +# +# SCIF Bus Driver +# +# CONFIG_SCIF_BUS is not set + +# +# VOP Bus Driver +# +# CONFIG_VOP_BUS is not set + +# +# Intel MIC Host Driver +# + +# +# Intel MIC Card Driver +# + +# +# SCIF Driver +# + +# +# Intel MIC Coprocessor State Management (COSM) Drivers +# + +# +# VOP Driver +# +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_CXL_BASE is not set +# CONFIG_CXL_KERNEL_API is not set +# CONFIG_CXL_EEH is not set +CONFIG_HAVE_IDE=y +# CONFIG_IDE is not set + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +# CONFIG_RAID_ATTRS is not set +# CONFIG_SCSI is not set +# CONFIG_SCSI_DMA is not set +# CONFIG_SCSI_NETLINK is not set +# CONFIG_ATA is not set +# CONFIG_MD is not set +# CONFIG_FUSION is not set + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# CONFIG_MACINTOSH_DRIVERS is not set +CONFIG_NETDEVICES=y +CONFIG_NET_CORE=y +# CONFIG_BONDING is not set +CONFIG_DUMMY=y +# CONFIG_EQUALIZER is not set +# CONFIG_NET_TEAM is not set +# CONFIG_MACVLAN is not set +# CONFIG_IPVLAN is not set +# CONFIG_VXLAN is not set +# CONFIG_GENEVE is not set +# CONFIG_MACSEC is not set +# CONFIG_NETCONSOLE is not set +# CONFIG_NETPOLL is not set +# CONFIG_NET_POLL_CONTROLLER is not set +CONFIG_TUN=y +# CONFIG_TUN_VNET_CROSS_LE is not set +# CONFIG_VETH is not set +CONFIG_VIRTIO_NET=y +# CONFIG_NLMON is not set +# CONFIG_ARCNET is not set + +# +# CAIF transport drivers +# +# CONFIG_VHOST_NET is not set +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set + +# +# Distributed Switch Architecture drivers +# +# CONFIG_NET_DSA_MV88E6XXX is not set +# CONFIG_NET_DSA_MV88E6XXX_NEED_PPU is not set +CONFIG_ETHERNET=y +CONFIG_NET_VENDOR_3COM=y +# CONFIG_VORTEX is not set +# CONFIG_TYPHOON is not set +CONFIG_NET_VENDOR_ADAPTEC=y +# CONFIG_ADAPTEC_STARFIRE is not set +CONFIG_NET_VENDOR_AGERE=y +# CONFIG_ET131X is not set +CONFIG_NET_VENDOR_ALTEON=y +# CONFIG_ACENIC is not set +# CONFIG_ALTERA_TSE is not set +CONFIG_NET_VENDOR_AMD=y +# CONFIG_AMD8111_ETH is not set +# CONFIG_PCNET32 is not set +# CONFIG_NET_VENDOR_ARC is not set +CONFIG_NET_VENDOR_ATHEROS=y +# CONFIG_ATL2 is not set +# CONFIG_ATL1 is not set +# CONFIG_ATL1E is not set +# CONFIG_ATL1C is not set +# CONFIG_ALX is not set +# CONFIG_NET_VENDOR_AURORA is not set +CONFIG_NET_CADENCE=y +# CONFIG_MACB is not set +CONFIG_NET_VENDOR_BROADCOM=y +# CONFIG_B44 is not set +# CONFIG_BCMGENET is not set +# CONFIG_BNX2 is not set +# CONFIG_CNIC is not set +# CONFIG_TIGON3 is not set +# CONFIG_BNX2X is not set +# CONFIG_BNXT is not set +CONFIG_NET_VENDOR_BROCADE=y +# CONFIG_BNA is not set +CONFIG_NET_VENDOR_CAVIUM=y +# CONFIG_THUNDER_NIC_PF is not set +# CONFIG_THUNDER_NIC_VF is not set +# CONFIG_THUNDER_NIC_BGX is not set +# CONFIG_LIQUIDIO is not set +CONFIG_NET_VENDOR_CHELSIO=y +# CONFIG_CHELSIO_T1 is not set +# CONFIG_CHELSIO_T3 is not set +# CONFIG_CHELSIO_T4 is not set +# CONFIG_CHELSIO_T4VF is not set +CONFIG_NET_VENDOR_CISCO=y +# CONFIG_ENIC is not set +# CONFIG_CX_ECAT is not set +# CONFIG_DNET is not set +CONFIG_NET_VENDOR_DEC=y +# CONFIG_NET_TULIP is not set +CONFIG_NET_VENDOR_DLINK=y +# CONFIG_DL2K is not set +# CONFIG_SUNDANCE is not set +CONFIG_NET_VENDOR_EMULEX=y +# CONFIG_BE2NET is not set +CONFIG_NET_VENDOR_EZCHIP=y +CONFIG_NET_VENDOR_EXAR=y +# CONFIG_S2IO is not set +# CONFIG_VXGE is not set +CONFIG_NET_VENDOR_HP=y +# CONFIG_HP100 is not set +CONFIG_NET_VENDOR_INTEL=y +# CONFIG_E100 is not set +# CONFIG_E1000 is not set +# CONFIG_E1000E is not set +# CONFIG_IGB is not set +# CONFIG_IGBVF is not set +# CONFIG_IXGB is not set +# CONFIG_IXGBE is not set +# CONFIG_IXGBEVF is not set +# CONFIG_I40E is not set +# CONFIG_I40EVF is not set +# CONFIG_FM10K is not set +CONFIG_NET_VENDOR_I825XX=y +# CONFIG_JME is not set +CONFIG_NET_VENDOR_MARVELL=y +# CONFIG_MVMDIO is not set +# CONFIG_MVNETA_BM is not set +# CONFIG_SKGE is not set +# CONFIG_SKY2 is not set +CONFIG_NET_VENDOR_MELLANOX=y +# CONFIG_MLX4_EN is not set +# CONFIG_MLX4_CORE is not set +# CONFIG_MLX5_CORE is not set +# CONFIG_MLXSW_CORE is not set +CONFIG_NET_VENDOR_MICREL=y +# CONFIG_KS8851_MLL is not set +# CONFIG_KSZ884X_PCI is not set +CONFIG_NET_VENDOR_MYRI=y +# CONFIG_MYRI10GE is not set +# CONFIG_FEALNX is not set +CONFIG_NET_VENDOR_NATSEMI=y +# CONFIG_NATSEMI is not set +# CONFIG_NS83820 is not set +CONFIG_NET_VENDOR_NETRONOME=y +# CONFIG_NFP_NETVF is not set +CONFIG_NET_VENDOR_8390=y +# CONFIG_NE2K_PCI is not set +CONFIG_NET_VENDOR_NVIDIA=y +# CONFIG_FORCEDETH is not set +CONFIG_NET_VENDOR_OKI=y +# CONFIG_ETHOC is not set +CONFIG_NET_PACKET_ENGINE=y +# CONFIG_HAMACHI is not set +# CONFIG_YELLOWFIN is not set +CONFIG_NET_VENDOR_QLOGIC=y +# CONFIG_QLA3XXX is not set +# CONFIG_QLCNIC is not set +# CONFIG_QLGE is not set +# CONFIG_NETXEN_NIC is not set +# CONFIG_QED is not set +CONFIG_NET_VENDOR_QUALCOMM=y +CONFIG_NET_VENDOR_REALTEK=y +# CONFIG_8139CP is not set +# CONFIG_8139TOO is not set +# CONFIG_R8169 is not set +CONFIG_NET_VENDOR_RENESAS=y +CONFIG_NET_VENDOR_RDC=y +# CONFIG_R6040 is not set +CONFIG_NET_VENDOR_ROCKER=y +CONFIG_NET_VENDOR_SAMSUNG=y +# CONFIG_SXGBE_ETH is not set +CONFIG_NET_VENDOR_SEEQ=y +CONFIG_NET_VENDOR_SILAN=y +# CONFIG_SC92031 is not set +CONFIG_NET_VENDOR_SIS=y +# CONFIG_SIS900 is not set +# CONFIG_SIS190 is not set +# CONFIG_SFC is not set +CONFIG_NET_VENDOR_SMSC=y +# CONFIG_EPIC100 is not set +# CONFIG_SMSC911X is not set +# CONFIG_SMSC9420 is not set +CONFIG_NET_VENDOR_STMICRO=y +# CONFIG_STMMAC_ETH is not set +CONFIG_NET_VENDOR_SUN=y +# CONFIG_HAPPYMEAL is not set +# CONFIG_SUNGEM is not set +# CONFIG_CASSINI is not set +# CONFIG_NIU is not set +CONFIG_NET_VENDOR_SYNOPSYS=y +CONFIG_NET_VENDOR_TEHUTI=y +# CONFIG_TEHUTI is not set +CONFIG_NET_VENDOR_TI=y +# CONFIG_TI_CPSW_ALE is not set +# CONFIG_TLAN is not set +CONFIG_NET_VENDOR_VIA=y +# CONFIG_VIA_RHINE is not set +# CONFIG_VIA_VELOCITY is not set +CONFIG_NET_VENDOR_WIZNET=y +# CONFIG_WIZNET_W5100 is not set +# CONFIG_WIZNET_W5300 is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +# CONFIG_NET_SB1000 is not set +# CONFIG_PHYLIB is not set +# CONFIG_PPP is not set +# CONFIG_SLIP is not set + +# +# Host-side USB support is needed for USB Network Adapter support +# +CONFIG_WLAN=y +CONFIG_WLAN_VENDOR_ADMTEK=y +CONFIG_WLAN_VENDOR_ATH=y +# CONFIG_ATH_DEBUG is not set +# CONFIG_ATH5K_PCI is not set +CONFIG_WLAN_VENDOR_ATMEL=y +CONFIG_WLAN_VENDOR_BROADCOM=y +CONFIG_WLAN_VENDOR_CISCO=y +CONFIG_WLAN_VENDOR_INTEL=y +CONFIG_WLAN_VENDOR_INTERSIL=y +# CONFIG_HOSTAP is not set +# CONFIG_PRISM54 is not set +CONFIG_WLAN_VENDOR_MARVELL=y +CONFIG_WLAN_VENDOR_MEDIATEK=y +CONFIG_WLAN_VENDOR_RALINK=y +CONFIG_WLAN_VENDOR_REALTEK=y +CONFIG_WLAN_VENDOR_RSI=y +CONFIG_WLAN_VENDOR_ST=y +CONFIG_WLAN_VENDOR_TI=y +CONFIG_WLAN_VENDOR_ZYDAS=y + +# +# Enable WiMAX (Networking options) to see the WiMAX drivers +# +# CONFIG_WAN is not set +# CONFIG_VMXNET3 is not set +# CONFIG_FUJITSU_ES is not set +# CONFIG_ISDN is not set +# CONFIG_NVM is not set + +# +# Input device support +# +CONFIG_INPUT=y +# CONFIG_INPUT_FF_MEMLESS is not set +# CONFIG_INPUT_POLLDEV is not set +# CONFIG_INPUT_SPARSEKMAP is not set +# CONFIG_INPUT_MATRIXKMAP is not set + +# +# Userland interfaces +# +CONFIG_INPUT_MOUSEDEV=y +CONFIG_INPUT_MOUSEDEV_PSAUX=y +CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 +CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 +# CONFIG_INPUT_JOYDEV is not set +CONFIG_INPUT_EVDEV=y +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +CONFIG_INPUT_KEYBOARD=y +CONFIG_KEYBOARD_ATKBD=y +# CONFIG_KEYBOARD_LKKBD is not set +# CONFIG_KEYBOARD_NEWTON is not set +# CONFIG_KEYBOARD_OPENCORES is not set +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_XTKBD is not set +CONFIG_INPUT_MOUSE=y +CONFIG_MOUSE_PS2=y +CONFIG_MOUSE_PS2_ALPS=y +CONFIG_MOUSE_PS2_BYD=y +CONFIG_MOUSE_PS2_LOGIPS2PP=y +CONFIG_MOUSE_PS2_SYNAPTICS=y +CONFIG_MOUSE_PS2_CYPRESS=y +CONFIG_MOUSE_PS2_LIFEBOOK=y +CONFIG_MOUSE_PS2_TRACKPOINT=y +# CONFIG_MOUSE_PS2_ELANTECH is not set +# CONFIG_MOUSE_PS2_SENTELIC is not set +# CONFIG_MOUSE_PS2_TOUCHKIT is not set +CONFIG_MOUSE_PS2_FOCALTECH=y +# CONFIG_MOUSE_SERIAL is not set +# CONFIG_MOUSE_APPLETOUCH is not set +# CONFIG_MOUSE_BCM5974 is not set +# CONFIG_MOUSE_VSXXXAA is not set +# CONFIG_MOUSE_SYNAPTICS_USB is not set +# CONFIG_INPUT_JOYSTICK is not set +# CONFIG_INPUT_TABLET is not set +# CONFIG_INPUT_TOUCHSCREEN is not set +# CONFIG_INPUT_MISC is not set +# CONFIG_RMI4_CORE is not set + +# +# Hardware I/O ports +# +CONFIG_SERIO=y +CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y +CONFIG_SERIO_I8042=y +CONFIG_SERIO_SERPORT=y +# CONFIG_SERIO_CT82C710 is not set +# CONFIG_SERIO_PCIPS2 is not set +CONFIG_SERIO_LIBPS2=y +# CONFIG_SERIO_RAW is not set +# CONFIG_SERIO_ALTERA_PS2 is not set +# CONFIG_SERIO_PS2MULT is not set +# CONFIG_SERIO_ARC_PS2 is not set +# CONFIG_USERIO is not set +# CONFIG_GAMEPORT is not set + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_VT_CONSOLE_SLEEP=y +CONFIG_HW_CONSOLE=y +# CONFIG_VT_HW_CONSOLE_BINDING is not set +CONFIG_UNIX98_PTYS=y +# CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set +CONFIG_LEGACY_PTYS=y +CONFIG_LEGACY_PTY_COUNT=256 +# CONFIG_SERIAL_NONSTANDARD is not set +# CONFIG_NOZOMI is not set +# CONFIG_N_GSM is not set +# CONFIG_TRACE_SINK is not set +CONFIG_DEVMEM=y +CONFIG_DEVKMEM=y + +# +# Serial drivers +# +# CONFIG_SERIAL_8250 is not set + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_UARTLITE is not set +# CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_ARC is not set +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +# CONFIG_SERIAL_MVEBU_UART is not set +CONFIG_HVC_DRIVER=y +CONFIG_VIRTIO_CONSOLE=y +# CONFIG_IPMI_HANDLER is not set +# CONFIG_HW_RANDOM is not set +# CONFIG_NVRAM is not set +# CONFIG_R3964 is not set +# CONFIG_APPLICOM is not set +# CONFIG_MWAVE is not set +# CONFIG_RAW_DRIVER is not set +# CONFIG_HPET is not set +# CONFIG_HANGCHECK_TIMER is not set +# CONFIG_TCG_TPM is not set +# CONFIG_TELCLOCK is not set +CONFIG_DEVPORT=y +# CONFIG_XILLYBUS is not set + +# +# I2C support +# +# CONFIG_I2C is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set + +# +# PPS support +# +# CONFIG_PPS is not set + +# +# PPS generators support +# + +# +# PTP clock support +# +# CONFIG_PTP_1588_CLOCK is not set + +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y +# CONFIG_GPIOLIB is not set +# CONFIG_W1 is not set +CONFIG_POWER_SUPPLY=y +# CONFIG_POWER_SUPPLY_DEBUG is not set +# CONFIG_PDA_POWER is not set +# CONFIG_TEST_POWER is not set +# CONFIG_BATTERY_DS2780 is not set +# CONFIG_BATTERY_DS2781 is not set +# CONFIG_BATTERY_BQ27XXX is not set +# CONFIG_CHARGER_MAX8903 is not set +# CONFIG_POWER_RESET is not set +# CONFIG_POWER_AVS is not set +CONFIG_HWMON=y +# CONFIG_HWMON_VID is not set +# CONFIG_HWMON_DEBUG_CHIP is not set + +# +# Native drivers +# +# CONFIG_SENSORS_ABITUGURU is not set +# CONFIG_SENSORS_ABITUGURU3 is not set +# CONFIG_SENSORS_K8TEMP is not set +# CONFIG_SENSORS_K10TEMP is not set +# CONFIG_SENSORS_FAM15H_POWER is not set +# CONFIG_SENSORS_APPLESMC is not set +# CONFIG_SENSORS_DELL_SMM is not set +# CONFIG_SENSORS_I5K_AMB is not set +# CONFIG_SENSORS_F71805F is not set +# CONFIG_SENSORS_F71882FG is not set +# CONFIG_SENSORS_I5500 is not set +# CONFIG_SENSORS_CORETEMP is not set +# CONFIG_SENSORS_IT87 is not set +# CONFIG_SENSORS_MAX197 is not set +# CONFIG_SENSORS_PC87360 is not set +# CONFIG_SENSORS_PC87427 is not set +# CONFIG_SENSORS_NTC_THERMISTOR is not set +# CONFIG_SENSORS_NCT6683 is not set +# CONFIG_SENSORS_NCT6775 is not set +# CONFIG_SENSORS_SIS5595 is not set +# CONFIG_SENSORS_SMSC47M1 is not set +# CONFIG_SENSORS_SMSC47B397 is not set +# CONFIG_SENSORS_SCH56XX_COMMON is not set +# CONFIG_SENSORS_VIA_CPUTEMP is not set +# CONFIG_SENSORS_VIA686A is not set +# CONFIG_SENSORS_VT1211 is not set +# CONFIG_SENSORS_VT8231 is not set +# CONFIG_SENSORS_W83627HF is not set +# CONFIG_SENSORS_W83627EHF is not set + +# +# ACPI drivers +# +# CONFIG_SENSORS_ACPI_POWER is not set +# CONFIG_SENSORS_ATK0110 is not set +CONFIG_THERMAL=y +CONFIG_THERMAL_HWMON=y +# CONFIG_THERMAL_WRITABLE_TRIPS is not set +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_THERMAL_DEFAULT_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_GOV_FAIR_SHARE is not set +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +# CONFIG_THERMAL_GOV_USER_SPACE is not set +# CONFIG_THERMAL_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_EMULATION is not set +# CONFIG_INTEL_POWERCLAMP is not set +# CONFIG_INTEL_SOC_DTS_THERMAL is not set +# CONFIG_INT340X_THERMAL is not set +# CONFIG_INTEL_PCH_THERMAL is not set +# CONFIG_WATCHDOG is not set +CONFIG_SSB_POSSIBLE=y + +# +# Sonics Silicon Backplane +# +# CONFIG_SSB is not set +CONFIG_BCMA_POSSIBLE=y + +# +# Broadcom specific AMBA +# +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +# CONFIG_MFD_CORE is not set +# CONFIG_MFD_CROS_EC is not set +# CONFIG_HTC_PASIC3 is not set +# CONFIG_LPC_ICH is not set +# CONFIG_LPC_SCH is not set +# CONFIG_MFD_INTEL_LPSS_ACPI is not set +# CONFIG_MFD_INTEL_LPSS_PCI is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_RTSX_PCI is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_ABX500_CORE is not set +# CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_TI_AM335X_TSCADC is not set +# CONFIG_MFD_TMIO is not set +# CONFIG_MFD_VX855 is not set +# CONFIG_REGULATOR is not set +# CONFIG_MEDIA_SUPPORT is not set + +# +# Graphics support +# +# CONFIG_AGP is not set +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +# CONFIG_VGA_SWITCHEROO is not set +# CONFIG_DRM is not set + +# +# ACP (Audio CoProcessor) Configuration +# +# CONFIG_DRM_AMD_ACP is not set + +# +# Frame buffer Devices +# +# CONFIG_FB is not set +# CONFIG_BACKLIGHT_LCD_SUPPORT is not set +# CONFIG_VGASTATE is not set + +# +# Console display driver support +# +CONFIG_VGA_CONSOLE=y +# CONFIG_VGACON_SOFT_SCROLLBACK is not set +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +CONFIG_SOUND=y +# CONFIG_SOUND_OSS_CORE is not set +# CONFIG_SND is not set +# CONFIG_SOUND_PRIME is not set + +# +# HID support +# +CONFIG_HID=y +# CONFIG_HID_BATTERY_STRENGTH is not set +# CONFIG_HIDRAW is not set +# CONFIG_UHID is not set +CONFIG_HID_GENERIC=y + +# +# Special HID drivers +# +CONFIG_HID_A4TECH=y +# CONFIG_HID_ACRUX is not set +CONFIG_HID_APPLE=y +# CONFIG_HID_AUREAL is not set +CONFIG_HID_BELKIN=y +CONFIG_HID_CHERRY=y +CONFIG_HID_CHICONY=y +# CONFIG_HID_CMEDIA is not set +CONFIG_HID_CYPRESS=y +# CONFIG_HID_DRAGONRISE is not set +# CONFIG_HID_EMS_FF is not set +# CONFIG_HID_ELECOM is not set +CONFIG_HID_EZKEY=y +# CONFIG_HID_GEMBIRD is not set +# CONFIG_HID_GFRM is not set +# CONFIG_HID_KEYTOUCH is not set +# CONFIG_HID_KYE is not set +# CONFIG_HID_WALTOP is not set +# CONFIG_HID_GYRATION is not set +# CONFIG_HID_ICADE is not set +# CONFIG_HID_TWINHAN is not set +CONFIG_HID_KENSINGTON=y +# CONFIG_HID_LCPOWER is not set +# CONFIG_HID_LENOVO is not set +CONFIG_HID_LOGITECH=y +# CONFIG_HID_LOGITECH_HIDPP is not set +# CONFIG_LOGITECH_FF is not set +# CONFIG_LOGIRUMBLEPAD2_FF is not set +# CONFIG_LOGIG940_FF is not set +# CONFIG_LOGIWHEELS_FF is not set +# CONFIG_HID_MAGICMOUSE is not set +CONFIG_HID_MICROSOFT=y +CONFIG_HID_MONTEREY=y +# CONFIG_HID_MULTITOUCH is not set +# CONFIG_HID_ORTEK is not set +# CONFIG_HID_PANTHERLORD is not set +# CONFIG_HID_PETALYNX is not set +# CONFIG_HID_PICOLCD is not set +CONFIG_HID_PLANTRONICS=y +# CONFIG_HID_PRIMAX is not set +# CONFIG_HID_SAITEK is not set +# CONFIG_HID_SAMSUNG is not set +# CONFIG_HID_SPEEDLINK is not set +# CONFIG_HID_STEELSERIES is not set +# CONFIG_HID_SUNPLUS is not set +# CONFIG_HID_RMI is not set +# CONFIG_HID_GREENASIA is not set +# CONFIG_HID_SMARTJOYPLUS is not set +# CONFIG_HID_TIVO is not set +# CONFIG_HID_TOPSEED is not set +# CONFIG_HID_THRUSTMASTER is not set +# CONFIG_HID_WACOM is not set +# CONFIG_HID_XINMO is not set +# CONFIG_HID_ZEROPLUS is not set +# CONFIG_HID_ZYDACRON is not set +# CONFIG_HID_SENSOR_HUB is not set +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +CONFIG_USB_SUPPORT=y +CONFIG_USB_ARCH_HAS_HCD=y +# CONFIG_USB is not set + +# +# USB port drivers +# + +# +# USB Physical Layer drivers +# +# CONFIG_USB_PHY is not set +# CONFIG_NOP_USB_XCEIV is not set +# CONFIG_USB_GADGET is not set +# CONFIG_UWB is not set +# CONFIG_MMC is not set +# CONFIG_MEMSTICK is not set +# CONFIG_NEW_LEDS is not set +# CONFIG_ACCESSIBILITY is not set +# CONFIG_INFINIBAND is not set +CONFIG_EDAC_ATOMIC_SCRUB=y +CONFIG_EDAC_SUPPORT=y +# CONFIG_EDAC is not set +CONFIG_RTC_LIB=y +# CONFIG_RTC_CLASS is not set +# CONFIG_DMADEVICES is not set +# CONFIG_AUXDISPLAY is not set +# CONFIG_UIO is not set +# CONFIG_VIRT_DRIVERS is not set +CONFIG_VIRTIO=y + +# +# Virtio drivers +# +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_BALLOON=y +# CONFIG_VIRTIO_INPUT is not set +CONFIG_VIRTIO_MMIO=y +# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set + +# +# Microsoft Hyper-V guest support +# +# CONFIG_STAGING is not set +CONFIG_X86_PLATFORM_DEVICES=y +# CONFIG_ACERHDF is not set +# CONFIG_DELL_SMO8800 is not set +# CONFIG_FUJITSU_TABLET is not set +# CONFIG_HP_ACCEL is not set +# CONFIG_HP_WIRELESS is not set +# CONFIG_SENSORS_HDAPS is not set +# CONFIG_INTEL_MENLOW is not set +# CONFIG_ASUS_WIRELESS is not set +# CONFIG_ACPI_WMI is not set +# CONFIG_TOPSTAR_LAPTOP is not set +# CONFIG_TOSHIBA_BT_RFKILL is not set +# CONFIG_TOSHIBA_HAPS is not set +# CONFIG_ACPI_CMPC is not set +# CONFIG_INTEL_HID_EVENT is not set +# CONFIG_INTEL_IPS is not set +# CONFIG_IBM_RTL is not set +# CONFIG_SAMSUNG_Q10 is not set +# CONFIG_INTEL_RST is not set +# CONFIG_INTEL_SMARTCONNECT is not set +# CONFIG_PVPANIC is not set +# CONFIG_INTEL_PMC_IPC is not set +# CONFIG_SURFACE_PRO3_BUTTON is not set +# CONFIG_INTEL_PUNIT_IPC is not set +# CONFIG_CHROME_PLATFORMS is not set + +# +# Hardware Spinlock drivers +# + +# +# Clock Source drivers +# +CONFIG_CLKEVT_I8253=y +CONFIG_I8253_LOCK=y +CONFIG_CLKBLD_I8253=y +# CONFIG_ATMEL_PIT is not set +# CONFIG_SH_TIMER_CMT is not set +# CONFIG_SH_TIMER_MTU2 is not set +# CONFIG_SH_TIMER_TMU is not set +# CONFIG_EM_TIMER_STI is not set +# CONFIG_MAILBOX is not set +CONFIG_IOMMU_SUPPORT=y + +# +# Generic IOMMU Pagetable Support +# +# CONFIG_AMD_IOMMU is not set +# CONFIG_INTEL_IOMMU is not set +# CONFIG_IRQ_REMAP is not set + +# +# Remoteproc drivers +# +# CONFIG_STE_MODEM_RPROC is not set + +# +# Rpmsg drivers +# + +# +# SOC (System On Chip) specific Drivers +# +# CONFIG_SUNXI_SRAM is not set +# CONFIG_SOC_TI is not set +# CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +# CONFIG_IIO is not set +# CONFIG_NTB is not set +# CONFIG_VME_BUS is not set +# CONFIG_PWM is not set +CONFIG_ARM_GIC_MAX_NR=1 +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set +# CONFIG_FMC is not set + +# +# PHY Subsystem +# +# CONFIG_GENERIC_PHY is not set +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# CONFIG_BCM_KONA_USB2_PHY is not set +# CONFIG_POWERCAP is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# CONFIG_RAS is not set +# CONFIG_THUNDERBOLT is not set + +# +# Android +# +# CONFIG_ANDROID is not set +# CONFIG_LIBNVDIMM is not set +# CONFIG_NVMEM is not set +# CONFIG_STM is not set +# CONFIG_INTEL_TH is not set + +# +# FPGA Configuration Support +# +# CONFIG_FPGA is not set + +# +# Firmware Drivers +# +# CONFIG_EDD is not set +CONFIG_FIRMWARE_MEMMAP=y +# CONFIG_DELL_RBU is not set +# CONFIG_DCDBAS is not set +CONFIG_DMIID=y +# CONFIG_DMI_SYSFS is not set +CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y +# CONFIG_ISCSI_IBFT_FIND is not set +# CONFIG_FW_CFG_SYSFS is not set +# CONFIG_GOOGLE_FIRMWARE is not set + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +CONFIG_EXT2_FS=y +# CONFIG_EXT2_FS_XATTR is not set +CONFIG_EXT3_FS=y +# CONFIG_EXT3_FS_POSIX_ACL is not set +# CONFIG_EXT3_FS_SECURITY is not set +CONFIG_EXT4_FS=y +# CONFIG_EXT4_FS_POSIX_ACL is not set +# CONFIG_EXT4_FS_SECURITY is not set +# CONFIG_EXT4_ENCRYPTION is not set +# CONFIG_EXT4_DEBUG is not set +CONFIG_JBD2=y +# CONFIG_JBD2_DEBUG is not set +CONFIG_FS_MBCACHE=y +CONFIG_REISERFS_FS=y +# CONFIG_REISERFS_CHECK is not set +# CONFIG_REISERFS_PROC_INFO is not set +# CONFIG_REISERFS_FS_XATTR is not set +# CONFIG_JFS_FS is not set +# CONFIG_XFS_FS is not set +# CONFIG_GFS2_FS is not set +# CONFIG_BTRFS_FS is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +# CONFIG_FS_DAX is not set +CONFIG_FS_POSIX_ACL=y +CONFIG_EXPORTFS=y +CONFIG_FILE_LOCKING=y +CONFIG_MANDATORY_FILE_LOCKING=y +# CONFIG_FS_ENCRYPTION is not set +CONFIG_FSNOTIFY=y +CONFIG_DNOTIFY=y +CONFIG_INOTIFY_USER=y +# CONFIG_FANOTIFY is not set +CONFIG_QUOTA=y +# CONFIG_QUOTA_NETLINK_INTERFACE is not set +CONFIG_PRINT_QUOTA_WARNING=y +# CONFIG_QUOTA_DEBUG is not set +# CONFIG_QFMT_V1 is not set +# CONFIG_QFMT_V2 is not set +CONFIG_QUOTACTL=y +CONFIG_AUTOFS4_FS=y +# CONFIG_FUSE_FS is not set +# CONFIG_OVERLAY_FS is not set + +# +# Caches +# +# CONFIG_FSCACHE is not set + +# +# CD-ROM/DVD Filesystems +# +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +# CONFIG_ZISOFS is not set +# CONFIG_UDF_FS is not set + +# +# DOS/FAT/NT Filesystems +# +# CONFIG_MSDOS_FS is not set +# CONFIG_VFAT_FS is not set +# CONFIG_NTFS_FS is not set + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +CONFIG_PROC_KCORE=y +CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y +# CONFIG_PROC_CHILDREN is not set +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +# CONFIG_TMPFS_POSIX_ACL is not set +# CONFIG_TMPFS_XATTR is not set +# CONFIG_HUGETLBFS is not set +# CONFIG_HUGETLB_PAGE is not set +# CONFIG_CONFIGFS_FS is not set +CONFIG_MISC_FILESYSTEMS=y +# CONFIG_ORANGEFS_FS is not set +# CONFIG_ADFS_FS is not set +# CONFIG_AFFS_FS is not set +# CONFIG_HFS_FS is not set +# CONFIG_HFSPLUS_FS is not set +# CONFIG_BEFS_FS is not set +# CONFIG_BFS_FS is not set +# CONFIG_EFS_FS is not set +# CONFIG_LOGFS is not set +# CONFIG_CRAMFS is not set +# CONFIG_SQUASHFS is not set +# CONFIG_VXFS_FS is not set +# CONFIG_MINIX_FS is not set +# CONFIG_OMFS_FS is not set +# CONFIG_HPFS_FS is not set +# CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set +# CONFIG_ROMFS_FS is not set +# CONFIG_PSTORE is not set +# CONFIG_SYSV_FS is not set +# CONFIG_UFS_FS is not set +CONFIG_NETWORK_FILESYSTEMS=y +# CONFIG_NFS_FS is not set +# CONFIG_NFSD is not set +# CONFIG_CEPH_FS is not set +# CONFIG_CIFS is not set +# CONFIG_NCP_FS is not set +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_9P_FS=y +CONFIG_9P_FS_POSIX_ACL=y +# CONFIG_9P_FS_SECURITY is not set +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="iso8859-1" +# CONFIG_NLS_CODEPAGE_437 is not set +# CONFIG_NLS_CODEPAGE_737 is not set +# CONFIG_NLS_CODEPAGE_775 is not set +# CONFIG_NLS_CODEPAGE_850 is not set +# CONFIG_NLS_CODEPAGE_852 is not set +# CONFIG_NLS_CODEPAGE_855 is not set +# CONFIG_NLS_CODEPAGE_857 is not set +# CONFIG_NLS_CODEPAGE_860 is not set +# CONFIG_NLS_CODEPAGE_861 is not set +# CONFIG_NLS_CODEPAGE_862 is not set +# CONFIG_NLS_CODEPAGE_863 is not set +# CONFIG_NLS_CODEPAGE_864 is not set +# CONFIG_NLS_CODEPAGE_865 is not set +# CONFIG_NLS_CODEPAGE_866 is not set +# CONFIG_NLS_CODEPAGE_869 is not set +# CONFIG_NLS_CODEPAGE_936 is not set +# CONFIG_NLS_CODEPAGE_950 is not set +# CONFIG_NLS_CODEPAGE_932 is not set +# CONFIG_NLS_CODEPAGE_949 is not set +# CONFIG_NLS_CODEPAGE_874 is not set +# CONFIG_NLS_ISO8859_8 is not set +# CONFIG_NLS_CODEPAGE_1250 is not set +# CONFIG_NLS_CODEPAGE_1251 is not set +# CONFIG_NLS_ASCII is not set +# CONFIG_NLS_ISO8859_1 is not set +# CONFIG_NLS_ISO8859_2 is not set +# CONFIG_NLS_ISO8859_3 is not set +# CONFIG_NLS_ISO8859_4 is not set +# CONFIG_NLS_ISO8859_5 is not set +# CONFIG_NLS_ISO8859_6 is not set +# CONFIG_NLS_ISO8859_7 is not set +# CONFIG_NLS_ISO8859_9 is not set +# CONFIG_NLS_ISO8859_13 is not set +# CONFIG_NLS_ISO8859_14 is not set +# CONFIG_NLS_ISO8859_15 is not set +# CONFIG_NLS_KOI8_R is not set +# CONFIG_NLS_KOI8_U is not set +# CONFIG_NLS_MAC_ROMAN is not set +# CONFIG_NLS_MAC_CELTIC is not set +# CONFIG_NLS_MAC_CENTEURO is not set +# CONFIG_NLS_MAC_CROATIAN is not set +# CONFIG_NLS_MAC_CYRILLIC is not set +# CONFIG_NLS_MAC_GAELIC is not set +# CONFIG_NLS_MAC_GREEK is not set +# CONFIG_NLS_MAC_ICELAND is not set +# CONFIG_NLS_MAC_INUIT is not set +# CONFIG_NLS_MAC_ROMANIAN is not set +# CONFIG_NLS_MAC_TURKISH is not set +# CONFIG_NLS_UTF8 is not set + +# +# Kernel hacking +# +CONFIG_TRACE_IRQFLAGS_SUPPORT=y + +# +# printk and dmesg options +# +# CONFIG_PRINTK_TIME is not set +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_BOOT_PRINTK_DELAY is not set + +# +# Compile-time checks and compiler options +# +CONFIG_DEBUG_INFO=y +# CONFIG_DEBUG_INFO_REDUCED is not set +# CONFIG_DEBUG_INFO_SPLIT is not set +# CONFIG_DEBUG_INFO_DWARF4 is not set +# CONFIG_GDB_SCRIPTS is not set +CONFIG_ENABLE_WARN_DEPRECATED=y +CONFIG_ENABLE_MUST_CHECK=y +CONFIG_FRAME_WARN=1024 +# CONFIG_STRIP_ASM_SYMS is not set +# CONFIG_READABLE_ASM is not set +# CONFIG_UNUSED_SYMBOLS is not set +# CONFIG_PAGE_OWNER is not set +# CONFIG_DEBUG_FS is not set +# CONFIG_HEADERS_CHECK is not set +# CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +CONFIG_ARCH_WANT_FRAME_POINTERS=y +CONFIG_FRAME_POINTER=y +# CONFIG_STACK_VALIDATION is not set +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +# CONFIG_MAGIC_SYSRQ is not set +CONFIG_DEBUG_KERNEL=y + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +# CONFIG_PAGE_POISONING is not set +# CONFIG_DEBUG_OBJECTS is not set +# CONFIG_DEBUG_SLAB is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_DEBUG_STACK_USAGE is not set +# CONFIG_DEBUG_VM is not set +# CONFIG_DEBUG_VIRTUAL is not set +CONFIG_DEBUG_MEMORY_INIT=y +CONFIG_HAVE_DEBUG_STACKOVERFLOW=y +# CONFIG_DEBUG_STACKOVERFLOW is not set +CONFIG_HAVE_ARCH_KMEMCHECK=y +CONFIG_HAVE_ARCH_KASAN=y +# CONFIG_KASAN is not set +CONFIG_ARCH_HAS_KCOV=y +# CONFIG_KCOV is not set +# CONFIG_DEBUG_SHIRQ is not set + +# +# Debug Lockups and Hangs +# +# CONFIG_LOCKUP_DETECTOR is not set +CONFIG_DETECT_HUNG_TASK=y +CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 +# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set +CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0 +# CONFIG_WQ_WATCHDOG is not set +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 +CONFIG_PANIC_TIMEOUT=0 +# CONFIG_SCHED_DEBUG is not set +# CONFIG_SCHED_INFO is not set +# CONFIG_SCHEDSTATS is not set +# CONFIG_SCHED_STACK_END_CHECK is not set +# CONFIG_DEBUG_TIMEKEEPING is not set +# CONFIG_TIMER_STATS is not set + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set +# CONFIG_STACKTRACE is not set +# CONFIG_DEBUG_KOBJECT is not set +CONFIG_DEBUG_BUGVERBOSE=y +# CONFIG_DEBUG_LIST is not set +# CONFIG_DEBUG_PI_LIST is not set +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_NOTIFIERS is not set +# CONFIG_DEBUG_CREDENTIALS is not set + +# +# RCU Debugging +# +# CONFIG_PROVE_RCU is not set +# CONFIG_SPARSE_RCU_POINTER is not set +# CONFIG_TORTURE_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +# CONFIG_RCU_TRACE is not set +# CONFIG_RCU_EQS_DEBUG is not set +# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set +# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set +# CONFIG_LATENCYTOP is not set +CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y +# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set +CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_TRACING_SUPPORT=y +CONFIG_FTRACE=y +# CONFIG_FUNCTION_TRACER is not set +# CONFIG_IRQSOFF_TRACER is not set +# CONFIG_SCHED_TRACER is not set +# CONFIG_ENABLE_DEFAULT_TRACERS is not set +# CONFIG_FTRACE_SYSCALLS is not set +# CONFIG_TRACER_SNAPSHOT is not set +CONFIG_BRANCH_PROFILE_NONE=y +# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set +# CONFIG_PROFILE_ALL_BRANCHES is not set +# CONFIG_STACK_TRACER is not set +# CONFIG_BLK_DEV_IO_TRACE is not set +# CONFIG_UPROBE_EVENT is not set +# CONFIG_PROBE_EVENTS is not set +# CONFIG_MMIOTRACE is not set +# CONFIG_TRACEPOINT_BENCHMARK is not set + +# +# Runtime Testing +# +# CONFIG_TEST_LIST_SORT is not set +# CONFIG_BACKTRACE_SELF_TEST is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_ATOMIC64_SELFTEST is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_TEST_STRING_HELPERS is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_PRINTF is not set +# CONFIG_TEST_BITMAP is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set +# CONFIG_DMA_API_DEBUG is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_MEMTEST is not set +# CONFIG_SAMPLES is not set +CONFIG_HAVE_ARCH_KGDB=y +# CONFIG_KGDB is not set +CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y +# CONFIG_UBSAN is not set +CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y +# CONFIG_STRICT_DEVMEM is not set +CONFIG_X86_VERBOSE_BOOTUP=y +CONFIG_EARLY_PRINTK=y +# CONFIG_EARLY_PRINTK_DBGP is not set +# CONFIG_X86_PTDUMP_CORE is not set +# CONFIG_X86_PTDUMP is not set +CONFIG_DEBUG_RODATA_TEST=y +# CONFIG_DEBUG_WX is not set +CONFIG_DOUBLEFAULT=y +# CONFIG_DEBUG_TLBFLUSH is not set +# CONFIG_IOMMU_DEBUG is not set +# CONFIG_IOMMU_STRESS is not set +CONFIG_HAVE_MMIOTRACE_SUPPORT=y +CONFIG_IO_DELAY_TYPE_0X80=0 +CONFIG_IO_DELAY_TYPE_0XED=1 +CONFIG_IO_DELAY_TYPE_UDELAY=2 +CONFIG_IO_DELAY_TYPE_NONE=3 +CONFIG_IO_DELAY_0X80=y +# CONFIG_IO_DELAY_0XED is not set +# CONFIG_IO_DELAY_UDELAY is not set +# CONFIG_IO_DELAY_NONE is not set +CONFIG_DEFAULT_IO_DELAY_TYPE=0 +# CONFIG_CPA_DEBUG is not set +# CONFIG_OPTIMIZE_INLINING is not set +# CONFIG_DEBUG_ENTRY is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set +CONFIG_X86_DEBUG_FPU=y +# CONFIG_PUNIT_ATOM_DEBUG is not set + +# +# Security options +# +# CONFIG_KEYS is not set +# CONFIG_SECURITY_DMESG_RESTRICT is not set +# CONFIG_SECURITY is not set +# CONFIG_SECURITYFS is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_DEFAULT_SECURITY="" +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_BLKCIPHER=y +CONFIG_CRYPTO_BLKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_RNG_DEFAULT=y +CONFIG_CRYPTO_AKCIPHER2=y +# CONFIG_CRYPTO_RSA is not set +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +CONFIG_CRYPTO_USER=y +CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y +CONFIG_CRYPTO_GF128MUL=y +CONFIG_CRYPTO_NULL=y +CONFIG_CRYPTO_NULL2=y +CONFIG_CRYPTO_WORKQUEUE=y +CONFIG_CRYPTO_CRYPTD=y +# CONFIG_CRYPTO_MCRYPTD is not set +CONFIG_CRYPTO_AUTHENC=y +CONFIG_CRYPTO_ABLK_HELPER=y +CONFIG_CRYPTO_GLUE_HELPER_X86=y + +# +# Authenticated Encryption with Associated Data +# +CONFIG_CRYPTO_CCM=y +CONFIG_CRYPTO_GCM=y +CONFIG_CRYPTO_CHACHA20POLY1305=y +CONFIG_CRYPTO_SEQIV=y +CONFIG_CRYPTO_ECHAINIV=y + +# +# Block modes +# +CONFIG_CRYPTO_CBC=y +CONFIG_CRYPTO_CTR=y +# CONFIG_CRYPTO_CTS is not set +CONFIG_CRYPTO_ECB=y +CONFIG_CRYPTO_LRW=y +CONFIG_CRYPTO_PCBC=y +CONFIG_CRYPTO_XTS=y +# CONFIG_CRYPTO_KEYWRAP is not set + +# +# Hash modes +# +CONFIG_CRYPTO_CMAC=y +CONFIG_CRYPTO_HMAC=y +CONFIG_CRYPTO_XCBC=y +# CONFIG_CRYPTO_VMAC is not set + +# +# Digest +# +CONFIG_CRYPTO_CRC32C=y +# CONFIG_CRYPTO_CRC32C_INTEL is not set +# CONFIG_CRYPTO_CRC32 is not set +# CONFIG_CRYPTO_CRC32_PCLMUL is not set +# CONFIG_CRYPTO_CRCT10DIF is not set +CONFIG_CRYPTO_GHASH=y +CONFIG_CRYPTO_POLY1305=y +CONFIG_CRYPTO_POLY1305_X86_64=y +CONFIG_CRYPTO_MD4=y +CONFIG_CRYPTO_MD5=y +CONFIG_CRYPTO_MICHAEL_MIC=y +CONFIG_CRYPTO_RMD128=y +CONFIG_CRYPTO_RMD160=y +CONFIG_CRYPTO_RMD256=y +CONFIG_CRYPTO_RMD320=y +CONFIG_CRYPTO_SHA1=y +# CONFIG_CRYPTO_SHA1_SSSE3 is not set +CONFIG_CRYPTO_SHA256_SSSE3=y +CONFIG_CRYPTO_SHA512_SSSE3=y +# CONFIG_CRYPTO_SHA1_MB is not set +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA512=y +CONFIG_CRYPTO_TGR192=y +CONFIG_CRYPTO_WP512=y +# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set + +# +# Ciphers +# +CONFIG_CRYPTO_AES=y +CONFIG_CRYPTO_AES_X86_64=y +CONFIG_CRYPTO_AES_NI_INTEL=y +CONFIG_CRYPTO_ANUBIS=y +CONFIG_CRYPTO_ARC4=y +CONFIG_CRYPTO_BLOWFISH=y +CONFIG_CRYPTO_BLOWFISH_COMMON=y +CONFIG_CRYPTO_BLOWFISH_X86_64=y +CONFIG_CRYPTO_CAMELLIA=y +CONFIG_CRYPTO_CAMELLIA_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y +CONFIG_CRYPTO_CAST_COMMON=y +CONFIG_CRYPTO_CAST5=y +CONFIG_CRYPTO_CAST5_AVX_X86_64=y +CONFIG_CRYPTO_CAST6=y +CONFIG_CRYPTO_CAST6_AVX_X86_64=y +CONFIG_CRYPTO_DES=y +# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set +CONFIG_CRYPTO_FCRYPT=y +CONFIG_CRYPTO_KHAZAD=y +CONFIG_CRYPTO_SALSA20=y +CONFIG_CRYPTO_SALSA20_X86_64=y +CONFIG_CRYPTO_CHACHA20=y +CONFIG_CRYPTO_CHACHA20_X86_64=y +CONFIG_CRYPTO_SEED=y +CONFIG_CRYPTO_SERPENT=y +CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX2_X86_64=y +CONFIG_CRYPTO_TEA=y +CONFIG_CRYPTO_TWOFISH=y +CONFIG_CRYPTO_TWOFISH_COMMON=y +CONFIG_CRYPTO_TWOFISH_X86_64=y +CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y +CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y + +# +# Compression +# +CONFIG_CRYPTO_DEFLATE=y +CONFIG_CRYPTO_LZO=y +CONFIG_CRYPTO_842=y +CONFIG_CRYPTO_LZ4=y +CONFIG_CRYPTO_LZ4HC=y + +# +# Random Number Generation +# +# CONFIG_CRYPTO_ANSI_CPRNG is not set +CONFIG_CRYPTO_DRBG_MENU=y +CONFIG_CRYPTO_DRBG_HMAC=y +CONFIG_CRYPTO_DRBG_HASH=y +CONFIG_CRYPTO_DRBG_CTR=y +CONFIG_CRYPTO_DRBG=y +CONFIG_CRYPTO_JITTERENTROPY=y +CONFIG_CRYPTO_USER_API=y +CONFIG_CRYPTO_USER_API_HASH=y +CONFIG_CRYPTO_USER_API_SKCIPHER=y +# CONFIG_CRYPTO_USER_API_RNG is not set +CONFIG_CRYPTO_USER_API_AEAD=y +# CONFIG_CRYPTO_HW is not set + +# +# Certificates for signature checking +# +CONFIG_HAVE_KVM=y +CONFIG_VIRTUALIZATION=y +# CONFIG_KVM is not set +# CONFIG_BINARY_PRINTF is not set + +# +# Library routines +# +CONFIG_BITREVERSE=y +# CONFIG_HAVE_ARCH_BITREVERSE is not set +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +CONFIG_GENERIC_FIND_FIRST_BIT=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y +CONFIG_GENERIC_IO=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_CRC_CCITT=y +CONFIG_CRC16=y +# CONFIG_CRC_T10DIF is not set +CONFIG_CRC_ITU_T=y +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +CONFIG_CRC7=y +CONFIG_LIBCRC32C=y +# CONFIG_CRC8 is not set +# CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set +# CONFIG_RANDOM32_SELFTEST is not set +CONFIG_842_COMPRESS=y +CONFIG_842_DECOMPRESS=y +CONFIG_ZLIB_INFLATE=y +CONFIG_ZLIB_DEFLATE=y +CONFIG_LZO_COMPRESS=y +CONFIG_LZO_DECOMPRESS=y +CONFIG_LZ4_COMPRESS=y +CONFIG_LZ4HC_COMPRESS=y +CONFIG_LZ4_DECOMPRESS=y +# CONFIG_XZ_DEC is not set +# CONFIG_XZ_DEC_BCJ is not set +CONFIG_TEXTSEARCH=y +CONFIG_TEXTSEARCH_KMP=y +CONFIG_TEXTSEARCH_BM=y +CONFIG_TEXTSEARCH_FSM=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +CONFIG_DQL=y +CONFIG_NLATTR=y +CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y +# CONFIG_CORDIC is not set +# CONFIG_DDR is not set +# CONFIG_IRQ_POLL is not set +# CONFIG_SG_SPLIT is not set +CONFIG_ARCH_HAS_SG_CHAIN=y +CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_ARCH_HAS_MMIO_FLUSH=y diff --git a/testing/do-tests b/testing/do-tests index 2a424e523..d0d1ead88 100755 --- a/testing/do-tests +++ b/testing/do-tests @@ -111,6 +111,13 @@ done [ -f $SHAREDDIR/.strongswan-version ] && SWANVERSION=`cat $SHAREDDIR/.strongswan-version` KERNELVERSION=`ssh $SSHCONF root@\$ipv4_winnetou uname -r 2>/dev/null` +# check if tcpdump supports --immediate-mode +ssh $SSHCONF root@$ipv4_winnetou tcpdump --immediate-mode -c 1 >/dev/null 2>&1 +if [ $? -eq 0 ] +then + TCPDUMP_IM=--immediate-mode +fi + ############################################################################## # create header for the results html file # @@ -359,7 +366,7 @@ do do host=`echo $host_iface | awk -F ":" '{print $1}'` iface=`echo $host_iface | awk -F ":" '{if ($2 != "") { print $2 } else { printf("eth0") }}'` - tcpdump_cmd="tcpdump -i $iface not port ssh and not port domain > /tmp/tcpdump.log 2>&1 &" + tcpdump_cmd="tcpdump -l $TCPDUMP_IM -i $iface not port ssh and not port domain >/tmp/tcpdump.log 2>/tmp/tcpdump.err.log &" echo "${host}# $tcpdump_cmd" >> $CONSOLE_LOG ssh $SSHCONF root@`eval echo \\\$ipv4_$host '$tcpdump_cmd'` eval TDUP_${host}="true" @@ -417,10 +424,12 @@ do # function stop_tcpdump { + # wait for packets to get processed, but don't wait longer than 1s + eval ssh $SSHCONF root@\$ipv4_${1} "\"i=100; while [ \\\$i -gt 0 ]; do pkill -USR1 tcpdump; tail -1 /tmp/tcpdump.err.log | perl -n -e '/(\\d+).*?(\\d+)/; exit (\\\$1 == \\\$2)' || break; sleep 0.01; i=\\\$((\\\$i-1)); done;\"" echo "${1}# killall tcpdump" >> $CONSOLE_LOG - eval ssh $SSHCONF root@\$ipv4_${1} killall tcpdump + eval ssh $SSHCONF root@\$ipv4_${1} "\"killall tcpdump; while true; do killall -q -0 tcpdump || break; sleep 0.01; done;\"" eval TDUP_${1}="false" - echo "" + echo "" >> $CONSOLE_LOG } @@ -712,15 +721,9 @@ do for host in $TCPDUMPHOSTS do - eval HOSTLOGIN=root@\$ipv4_${host} - - scp $SSHCONF $HOSTLOGIN:/tmp/tcpdump.log \ - $TESTRESULTDIR/${host}.tcpdump.log > /dev/null 2>&1 - cat >> $TESTRESULTDIR/index.html <<@EOF
  • $host tcpdump.log
    • @EOF - done cat >> $TESTRESULTDIR/index.html <<@EOF @@ -802,10 +805,11 @@ do do if [ "`eval echo \\\$TDUP_${host}`" = "true" ] then - echo "${host}# killall tcpdump" >> $CONSOLE_LOG - eval ssh $SSHCONF root@\$ipv4_$host killall tcpdump - eval TDUP_${host}="false" + stop_tcpdump $host fi + eval HOSTLOGIN=root@\$ipv4_${host} + scp $SSHCONF $HOSTLOGIN:/tmp/tcpdump.log \ + $TESTRESULTDIR/${host}.tcpdump.log > /dev/null 2>&1 done ########################################################################## diff --git a/testing/hosts/default/etc/fstab b/testing/hosts/default/etc/fstab index 12747232e..9b0f70203 100644 --- a/testing/hosts/default/etc/fstab +++ b/testing/hosts/default/etc/fstab @@ -1 +1,2 @@ +/dev/vda1 / ext3 defaults,relatime,barrier=1 0 1 /hostshare /root/shared 9p trans=virtio,version=9p2000.L 0 0 diff --git a/testing/hosts/default/etc/ssh/sshd_config b/testing/hosts/default/etc/ssh/sshd_config index 07b7e78e5..ae2e4cc84 100644 --- a/testing/hosts/default/etc/ssh/sshd_config +++ b/testing/hosts/default/etc/ssh/sshd_config @@ -1,5 +1,6 @@ Port 22 Protocol 2 +Ciphers arcfour HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key diff --git a/testing/hosts/default/usr/local/bin/expect-connection b/testing/hosts/default/usr/local/bin/expect-connection index 17e2b7fbe..ded9f791c 100755 --- a/testing/hosts/default/usr/local/bin/expect-connection +++ b/testing/hosts/default/usr/local/bin/expect-connection @@ -17,7 +17,7 @@ secs=$2 cmd="swanctl --list-conns" grep 'load.*stroke' /etc/strongswan.conf >/dev/null -if [ $? -eq 0 ]; then +if [ $? -eq 0 -o -n "$DAEMON_NAME" ]; then cmd="ipsec statusall" fi diff --git a/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf b/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf new file mode 100644 index 000000000..6f5f3011c --- /dev/null +++ b/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf @@ -0,0 +1 @@ +AddType text/plain .iptables .log .sql diff --git a/testing/hosts/winnetou/etc/apache2/sites-available/000-default.conf b/testing/hosts/winnetou/etc/apache2/sites-available/000-default.conf new file mode 100644 index 000000000..933589906 --- /dev/null +++ b/testing/hosts/winnetou/etc/apache2/sites-available/000-default.conf @@ -0,0 +1,12 @@ + + ServerAdmin webmaster@localhost + + DocumentRoot /var/www + + Options Indexes FollowSymLinks MultiViews + + + LogLevel warn + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + diff --git a/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost b/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost deleted file mode 100644 index b76080e37..000000000 --- a/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost +++ /dev/null @@ -1,54 +0,0 @@ -# OCSP Server - -Listen 8880 - -AddHandler cgi-script .cgi - - - ServerAdmin root@strongswan.org - DocumentRoot /etc/openssl/ocsp - ServerName ocsp.strongswan.org - ServerAlias 192.168.0.150 - DirectoryIndex ocsp.cgi - - Options +ExecCGI - Order allow,deny - Allow from all - - ErrorLog /var/log/apache2/ocsp/error_log - CustomLog /var/log/apache2/ocsp/access_log combined - - -Listen 8881 - - - ServerAdmin root@research.strongswan.org - DocumentRoot /etc/openssl/research/ocsp - ServerName ocsp.research.strongswan.org - ServerAlias ocsp.strongswan.org 192.168.0.150 - DirectoryIndex ocsp.cgi - - Options +ExecCGI - Order allow,deny - Allow from all - - ErrorLog /var/log/apache2/ocsp/error_log - CustomLog /var/log/apache2/ocsp/access_log combined - - -Listen 8882 - - - ServerAdmin root@sales.strongswan.org - DocumentRoot /etc/openssl/sales/ocsp - ServerName ocsp.sales.strongswan.org - ServerAlias ocsp.strongswan.org 192.168.0.150 - DirectoryIndex ocsp.cgi - - Options +ExecCGI - Order allow,deny - Allow from all - - ErrorLog /var/log/apache2/ocsp/error_log - CustomLog /var/log/apache2/ocsp/access_log combined - diff --git a/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf b/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf new file mode 100644 index 000000000..0772c34ea --- /dev/null +++ b/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf @@ -0,0 +1,69 @@ +# OCSP Server + +Listen 8880 + +AddHandler cgi-script .cgi + + + ServerAdmin root@strongswan.org + DocumentRoot /etc/openssl/ocsp + ServerName ocsp.strongswan.org + ServerAlias 192.168.0.150 + DirectoryIndex ocsp.cgi + + Options +ExecCGI + + Require all granted + + + Order deny,allow + Allow from all + + + ErrorLog /var/log/apache2/ocsp/error_log + CustomLog /var/log/apache2/ocsp/access_log combined + + +Listen 8881 + + + ServerAdmin root@research.strongswan.org + DocumentRoot /etc/openssl/research/ocsp + ServerName ocsp.research.strongswan.org + ServerAlias ocsp.strongswan.org 192.168.0.150 + DirectoryIndex ocsp.cgi + + Options +ExecCGI + + Require all granted + + + Order deny,allow + Allow from all + + + ErrorLog /var/log/apache2/ocsp/error_log + CustomLog /var/log/apache2/ocsp/access_log combined + + +Listen 8882 + + + ServerAdmin root@sales.strongswan.org + DocumentRoot /etc/openssl/sales/ocsp + ServerName ocsp.sales.strongswan.org + ServerAlias ocsp.strongswan.org 192.168.0.150 + DirectoryIndex ocsp.cgi + + Options +ExecCGI + + Require all granted + + + Order deny,allow + Allow from all + + + ErrorLog /var/log/apache2/ocsp/error_log + CustomLog /var/log/apache2/ocsp/access_log combined + diff --git a/testing/hosts/winnetou/etc/openssl/generate-crl b/testing/hosts/winnetou/etc/openssl/generate-crl index de3c13dcf..fd75ed0f3 100755 --- a/testing/hosts/winnetou/etc/openssl/generate-crl +++ b/testing/hosts/winnetou/etc/openssl/generate-crl @@ -14,6 +14,10 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. +# libgnutls, if pulled in by libcurl, does not properly cleanup all memory, +# which causes invalid frees during shutdown when leak detective is used +export LEAK_DETECTIVE_DISABLE=1 + export COMMON_NAME=strongSwan ROOT=/var/www diff --git a/testing/scripts/build-baseimage b/testing/scripts/build-baseimage index d9500cb35..1264bd7ee 100755 --- a/testing/scripts/build-baseimage +++ b/testing/scripts/build-baseimage @@ -12,16 +12,27 @@ running_any $STRONGSWANHOSTS && die "Please stop test environment before running check_commands debootstrap mkfs.ext3 partprobe qemu-img qemu-nbd sfdisk # package includes/excludes -INC=automake,autoconf,libtool,bison,flex,gperf,pkg-config,gettext +INC=automake,autoconf,libtool,bison,flex,gperf,pkg-config,gettext,less INC=$INC,build-essential,libgmp-dev,libldap2-dev,libcurl4-openssl-dev,ethtool INC=$INC,libxml2-dev,libtspi-dev,libsqlite3-dev,openssh-server,tcpdump,psmisc -INC=$INC,openssl,vim,sqlite3,conntrack,gdb,cmake,libxerces-c2-dev,libltdl-dev -INC=$INC,liblog4cxx10-dev,libboost-thread-dev,libboost-system-dev,git-core,iperf -INC=$INC,less,acpid,acpi-support-base,libldns-dev,libunbound-dev,dnsutils,screen -INC=$INC,gnat,gprbuild,libahven3-dev,libxmlada4.1-dev,libgmpada3-dev,htop -INC=$INC,libalog0.4.1-base-dev,hostapd,libsoup2.4-dev,ca-certificates,unzip -INC=$INC,python,python-setuptools,python-dev,python-pip +INC=$INC,openssl,vim,sqlite3,conntrack,gdb,cmake,libltdl-dev,liblog4cxx10-dev +INC=$INC,libboost-thread-dev,libboost-system-dev,git-core,iperf,htop,screen +INC=$INC,gnat,gprbuild,acpid,acpi-support-base,libldns-dev,libunbound-dev +INC=$INC,dnsutils,libsoup2.4-dev,ca-certificates,unzip +INC=$INC,python,python-setuptools,python-dev,python-pip,apt-transport-https INC=$INC,libjson0-dev,libxslt1-dev,libapache2-mod-wsgi,iptables-dev +case "$BASEIMGSUITE" in +wheezy) + INC=$INC,libxerces-c2-dev,libahven3-dev,libxmlada4.1-dev,libgmpada3-dev + INC=$INC,libalog0.4.1-base-dev + ;; +jessie) + INC=$INC,libxerces-c-dev,libahven4-dev,libxmlada5-dev,libgmpada5-dev + INC=$INC,libalog1-dev,libgcrypt20-dev + ;; +*) + echo_warn "Package list for '$BASEIMGSUITE' might has to be updated" +esac SERVICES="apache2 dbus isc-dhcp-server slapd bind9" INC=$INC,${SERVICES// /,} @@ -45,7 +56,7 @@ execute "qemu-nbd -c $NBDEV $BASEIMG" do_on_exit qemu-nbd -d $NBDEV log_action "Partitioning disk" -sfdisk /dev/nbd0 -D -uM >>$LOGFILE 2>&1 << EOF +sfdisk /dev/nbd0 >>$LOGFILE 2>&1 << EOF ; EOF if [ $? != 0 ] @@ -75,12 +86,39 @@ execute "debootstrap --arch=$BASEIMGARCH --include=$INC $BASEIMGSUITE $LOOPDIR $ execute "mount -t proc none $LOOPDIR/proc" 0 do_on_exit graceful_umount $LOOPDIR/proc +log_action "Downloading signing key for custom apt repo" +execute_chroot "wget -q $BASEIMGEXTKEY -O /tmp/key" +log_action "Installing signing key for custom apt repo" +execute_chroot "apt-key add /tmp/key" + +log_action "Enabling custom apt repo" +cat > $LOOPDIR/etc/apt/sources.list.d/strongswan.list << EOF +deb $BASEIMGEXTREPO $BASEIMGSUITE main +EOF +log_status $? + +log_action "Prioritize custom apt repo" +cat > $LOOPDIR/etc/apt/preferences.d/strongswan.pref << EOF +Package: * +Pin: origin "$BASEIMGEXTREPOHOST" +Pin-Priority: 1001 +EOF +log_status $? + +log_action "Update package sources" +execute_chroot "apt-get update" +log_action "Install packages from custom repo" +execute_chroot "apt-get -y upgrade" + for service in $SERVICES do - log_action "Stopping service $service" - execute_chroot "/etc/init.d/$service stop" log_action "Disabling service $service" - execute_chroot "update-rc.d -f $service remove" + if [ "$BASEIMGSUITE" == "wheezy" ] + then + execute_chroot "update-rc.d -f $service remove" + else + execute_chroot "systemctl disable $service" + fi done log_action "Disabling root password" diff --git a/testing/scripts/build-guestimages b/testing/scripts/build-guestimages index 3e107c062..e2ec422b1 100755 --- a/testing/scripts/build-guestimages +++ b/testing/scripts/build-guestimages @@ -60,17 +60,25 @@ do then execute "mkdir $LOOPDIR/var/log/apache2/ocsp" 0 execute "cp -rf $DIR/../images $LOOPDIR/var/www/" 0 + execute_chroot "a2enmod -q cgid" 0 execute_chroot "ln -s /etc/openssl/certs /var/www/certs" 0 execute_chroot "/etc/openssl/generate-crl" 0 - execute_chroot "update-rc.d apache2 defaults" 0 - execute_chroot "update-rc.d slapd defaults" 0 execute_chroot "rm -rf /var/lib/ldap/*" 0 execute_chroot "slapadd -l /etc/ldap/ldif.txt -f /etc/ldap/slapd.conf" 0 execute_chroot "chown -R openldap:openldap /var/lib/ldap" 0 execute_chroot "dnssec-signzone -K /etc/bind -o strongswan.org. /etc/bind/db.strongswan.org" 0 execute_chroot "dnssec-signzone -K /etc/bind -o org. /etc/bind/db.org" 0 execute_chroot "dnssec-signzone -K /etc/bind -o . /etc/bind/db.root" 0 - execute_chroot "update-rc.d bind9 defaults" 0 + + for service in "apache2 slapd bind9" + do + if [ "$BASEIMGSUITE" == "wheezy" ] + then + execute_chroot "update-rc.d $service defaults" 0 + else + execute_chroot "systemctl enable $service" 0 + fi + done fi sync execute "umount -l $LOOPDIR" 0 diff --git a/testing/scripts/chroot b/testing/scripts/chroot new file mode 100755 index 000000000..4f4245515 --- /dev/null +++ b/testing/scripts/chroot @@ -0,0 +1,67 @@ +#!/bin/bash + +DIR=$(dirname `readlink -f $0`) +. $DIR/../testing.conf +. $DIR/function.sh + +[ `id -u` -eq 0 ] || die "You must be root to run $0" +running_any $STRONGSWANHOSTS && die "Please stop test environment before running $0" + +[ -n "$1" ] || die "$0 >" + +check_commands partprobe qemu-nbd + +load_qemu_nbd + +mkdir -p $LOOPDIR +mkdir -p $IMGDIR +mkdir -p $SHAREDDIR + +echo "Mounting image" + +case "$1" in +base) + [ -f "$BASEIMG" ] || die "Base image $BASEIMG not found" + log_action "Connecting base image to NBD device $NBDEV" + execute "qemu-nbd -c $NBDEV $BASEIMG" + affected="root and guest" + ;; +root) + [ -f "$ROOTIMG" ] || die "Root image $ROOTIMG not found" + log_action "Connecting root image to NBD device $NBDEV" + execute "qemu-nbd -c $NBDEV $ROOTIMG" + affected="guest" + ;; +*) + echo $STRONGSWANHOSTS | grep -q "\b$1\b" || die "Guest $1 not found" + GUESTIMG="$IMGDIR/$1.$IMGEXT" + [ -f "$GUESTIMG" ] || die "Guest image $GUESTIMG not found" + log_action "Connecting guest image to NBD device $NBDEV" + execute "qemu-nbd -c $NBDEV $GUESTIMG" + ;; +esac + +do_on_exit qemu-nbd -d $NBDEV +partprobe $NBDEV + +log_action "Mounting $NBDPARTITION to $LOOPDIR" +execute "mount $NBDPARTITION $LOOPDIR" +do_on_exit umount $LOOPDIR + +log_action "Mounting proc filesystem to $LOOPDIR/proc" +execute "mount -t proc none $LOOPDIR/proc" +do_on_exit umount $LOOPDIR/proc + +mkdir -p $LOOPDIR/root/shared +log_action "Mounting $SHAREDDIR as /root/shared" +execute "mount -o bind $SHAREDDIR $LOOPDIR/root/shared" +do_on_exit umount $LOOPDIR/root/shared + +if [ -n "$affected" ]; then +echo +echo "Rebuild the $affected images after making changes to this image!" +echo +fi + +export debian_chroot="$1" +chroot $LOOPDIR /bin/bash -i diff --git a/testing/scripts/function.sh b/testing/scripts/function.sh index bab2f7422..9a32c44ab 100755 --- a/testing/scripts/function.sh +++ b/testing/scripts/function.sh @@ -17,6 +17,7 @@ export TERM=xterm RED=$(tput setaf 1) GREEN=$(tput setaf 2) +YELLOW=$(tput setaf 3) NORMAL=$(tput op) # exit with given error message @@ -66,6 +67,13 @@ echo_failed() echo -e "${RED}$1${NORMAL}" } +# write yellow status message to console +# $1 - msg +echo_warn() +{ + echo -e "${YELLOW}$1${NORMAL}" +} + # log an action # $1 - current action description log_action() diff --git a/testing/scripts/recipes/002_tnc-fhh.mk b/testing/scripts/recipes/002_tnc-fhh.mk index 397cef950..d4ed4f99c 100644 --- a/testing/scripts/recipes/002_tnc-fhh.mk +++ b/testing/scripts/recipes/002_tnc-fhh.mk @@ -9,6 +9,9 @@ CONFIG_OPTS = \ -DCOMPONENT=all \ -DNAL=8021x +PATCHES = \ + tnc-fhh-tncsim + all: install .$(PKG)-cloned: @@ -16,7 +19,11 @@ all: install mkdir $(PKG)/build @touch $@ -.$(PKG)-configured: .$(PKG)-cloned +.$(PKG)-patches-applied: .$(PKG)-cloned + cd $(PKG) && cat $(addprefix ../patches/, $(PATCHES)) | patch -p1 + @touch $@ + +.$(PKG)-configured: .$(PKG)-patches-applied cd $(PKG)/build && cmake $(CONFIG_OPTS) ../ @touch $@ diff --git a/testing/scripts/recipes/003_freeradius.mk b/testing/scripts/recipes/003_freeradius.mk index 05ed8b38c..71cfc238c 100644 --- a/testing/scripts/recipes/003_freeradius.mk +++ b/testing/scripts/recipes/003_freeradius.mk @@ -1,6 +1,6 @@ #!/usr/bin/make -PV = 2.2.1 +PV = 2.2.8 PKG = freeradius-server-$(PV) TAR = $(PKG).tar.bz2 SRC = ftp://ftp.freeradius.org/pub/freeradius/old/$(TAR) diff --git a/testing/scripts/recipes/004_hostapd.mk b/testing/scripts/recipes/004_hostapd.mk new file mode 100644 index 000000000..0acd428c9 --- /dev/null +++ b/testing/scripts/recipes/004_hostapd.mk @@ -0,0 +1,39 @@ +#!/usr/bin/make + +PV = 2.0 +PKG = hostapd-$(PV) +TAR = $(PKG).tar.gz +SRC = http://w1.fi/releases/$(TAR) + +NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN) + +CONFIG_OPTS = + +PATCHES = \ + hostapd-config + +SUBDIR = hostapd + +all: install + +$(TAR): + wget $(SRC) + +.$(PKG)-unpacked: $(TAR) + tar xfz $(TAR) + @touch $@ + +.$(PKG)-patches-applied: .$(PKG)-unpacked + cd $(PKG) && cat $(addprefix ../patches/, $(PATCHES)) | patch -p1 + @touch $@ + +.$(PKG)-configured: .$(PKG)-patches-applied + cp $(PKG)/$(SUBDIR)/defconfig $(PKG)/$(SUBDIR)/.config + @touch $@ + +.$(PKG)-built: .$(PKG)-configured + cd $(PKG)/$(SUBDIR) && make -j $(NUM_CPUS) + @touch $@ + +install: .$(PKG)-built + cd $(PKG)/$(SUBDIR) && make install diff --git a/testing/scripts/recipes/004_wpa_supplicant.mk b/testing/scripts/recipes/004_wpa_supplicant.mk index 14b64ea78..4cc870c12 100644 --- a/testing/scripts/recipes/004_wpa_supplicant.mk +++ b/testing/scripts/recipes/004_wpa_supplicant.mk @@ -3,7 +3,7 @@ PV = 2.0 PKG = wpa_supplicant-$(PV) TAR = $(PKG).tar.gz -SRC = http://hostap.epitest.fi/releases/$(TAR) +SRC = http://w1.fi/releases/$(TAR) NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN) diff --git a/testing/scripts/recipes/011_openssl-fips.mk b/testing/scripts/recipes/011_openssl-fips.mk deleted file mode 100644 index 5d28b181e..000000000 --- a/testing/scripts/recipes/011_openssl-fips.mk +++ /dev/null @@ -1,23 +0,0 @@ -#!/usr/bin/make - -PV = 2.0.3 -PKG = openssl-fips-$(PV) -TAR = $(PKG).tar.gz -SRC = http://www.openssl.org/source/$(TAR) - -all: install - -$(TAR): - wget $(SRC) - -$(PKG): $(TAR) - tar xfz $(TAR) - -configure: $(PKG) - cd $(PKG) && ./config - -build: configure - cd $(PKG) && make - -install: build - cd $(PKG) && make install diff --git a/testing/scripts/recipes/012_openssl.mk b/testing/scripts/recipes/012_openssl.mk deleted file mode 100644 index 16aec239d..000000000 --- a/testing/scripts/recipes/012_openssl.mk +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/make - -PV = 1.0.1e -PKG = openssl-$(PV) -SRC = http://download.strongswan.org/testing/openssl-fips/ - -all: install - -$(PKG): - wget -r $(SRC) --no-directories --directory-prefix $(PKG) --accept deb --no-parent - -install: $(PKG) - cd $(PKG) && dpkg -i *.deb diff --git a/testing/scripts/recipes/patches/freeradius-tnc-fhh b/testing/scripts/recipes/patches/freeradius-tnc-fhh index 785538323..26a233d48 100644 --- a/testing/scripts/recipes/patches/freeradius-tnc-fhh +++ b/testing/scripts/recipes/patches/freeradius-tnc-fhh @@ -5463,8 +5463,8 @@ diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc -HEADERS = eap_tnc.h tncs.h tncs_connect.h ../../eap.h ../../rlm_eap.h +SRCS = rlm_eap_tnc.c eap_tnc.c +HEADERS = eap_tnc.h ../../eap.h ../../rlm_eap.h - RLM_CFLAGS = -I../.. -I../../libeap $(OPENSSL_INCLUDE) @eap_tnc_cflags@ - RLM_LIBS = @eap_tnc_ldflags@ ../../libeap/$(LIBPREFIX)freeradius-eap.la $(OPENSSL_LIBS) + RLM_CFLAGS = -I../.. -I../../libeap @eap_tnc_cflags@ + RLM_LIBS = @eap_tnc_ldflags@ ../../libeap/$(LIBPREFIX)freeradius-eap.la RLM_INSTALL = diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c --- freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c 2012-09-10 13:51:34.000000000 +0200 diff --git a/testing/scripts/recipes/patches/hostapd-config b/testing/scripts/recipes/patches/hostapd-config new file mode 100644 index 000000000..b26d2783f --- /dev/null +++ b/testing/scripts/recipes/patches/hostapd-config @@ -0,0 +1,38 @@ +diff -u -ur hostapd-2.0.orig/hostapd/defconfig hostapd-2.0/hostapd/defconfig +--- hostapd-2.0.orig/hostapd/defconfig 2013-01-12 16:42:53.000000000 +0100 ++++ hostapd-2.0/hostapd/defconfig 2016-06-15 17:32:57.000000000 +0200 +@@ -13,14 +13,14 @@ + CONFIG_DRIVER_HOSTAP=y + + # Driver interface for wired authenticator +-#CONFIG_DRIVER_WIRED=y ++CONFIG_DRIVER_WIRED=y + + # Driver interface for madwifi driver + #CONFIG_DRIVER_MADWIFI=y + #CFLAGS += -I../../madwifi # change to the madwifi source directory + + # Driver interface for drivers using the nl80211 kernel interface +-CONFIG_DRIVER_NL80211=y ++#CONFIG_DRIVER_NL80211=y + + # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) + #CONFIG_DRIVER_BSD=y +@@ -30,7 +30,7 @@ + #LIBS_c += -L/usr/local/lib + + # Driver interface for no driver (e.g., RADIUS server only) +-#CONFIG_DRIVER_NONE=y ++CONFIG_DRIVER_NONE=y + + # IEEE 802.11F/IAPP + CONFIG_IAPP=y +@@ -152,7 +152,7 @@ + + # Add support for writing debug log to a file: -f /tmp/hostapd.log + # Disabled by default. +-#CONFIG_DEBUG_FILE=y ++CONFIG_DEBUG_FILE=y + + # Remove support for RADIUS accounting + #CONFIG_NO_ACCOUNTING=y \ No newline at end of file diff --git a/testing/scripts/recipes/patches/tnc-fhh-tncsim b/testing/scripts/recipes/patches/tnc-fhh-tncsim new file mode 100644 index 000000000..42c714480 --- /dev/null +++ b/testing/scripts/recipes/patches/tnc-fhh-tncsim @@ -0,0 +1,12 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index fe65134512ea..3c5255f21ea6 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -101,7 +101,6 @@ IF(${COMPONENT} STREQUAL "ALL") + add_subdirectory(tncxacml) + add_subdirectory(imcv) + add_subdirectory(tncs) +- add_subdirectory(tncsim) + + IF(${NAL} STREQUAL "8021X" OR ${NAL} STREQUAL "ALL") + add_subdirectory(naaeap) diff --git a/testing/testing.conf b/testing/testing.conf index dedc3310f..ee403435a 100644 --- a/testing/testing.conf +++ b/testing/testing.conf @@ -24,19 +24,17 @@ fi : ${TESTDIR=/srv/strongswan-testing} # Kernel configuration -: ${KERNELVERSION=4.2} +: ${KERNELVERSION=4.6.4} : ${KERNEL=linux-$KERNELVERSION} : ${KERNELTARBALL=$KERNEL.tar.xz} -: ${KERNELCONFIG=$DIR/../config/kernel/config-4.2} -: ${KERNELPATCH=ha-4.2-abicompat.patch.bz2} +: ${KERNELCONFIG=$DIR/../config/kernel/config-4.6} +: ${KERNELPATCH=ha-4.4-abicompat.patch.bz2} # strongSwan version used in tests -: ${SWANVERSION=5.3.3} +: ${SWANVERSION=5.5.0} # Build directory where the guest kernel and images will be built : ${BUILDDIR=$TESTDIR/build} -# Directory shared between host and guests -: ${SHAREDDIR=$BUILDDIR/shared} # Logfile : ${LOGFILE=$BUILDDIR/testing.log} @@ -50,11 +48,17 @@ fi # Base image settings # The base image is a pristine OS installation created using debootstrap. -: ${BASEIMGSIZE=1400} -: ${BASEIMGSUITE=wheezy} +: ${BASEIMGSIZE=1600} +: ${BASEIMGSUITE=jessie} : ${BASEIMGARCH=amd64} : ${BASEIMG=$IMGDIR/debian-$BASEIMGSUITE-$BASEIMGARCH.$IMGEXT} : ${BASEIMGMIRROR=http://http.debian.net/debian} +: ${BASEIMGEXTREPOHOST=download.strongswan.org} +: ${BASEIMGEXTKEY=https://$BASEIMGEXTREPOHOST/testing/repos/strongswan-testing.gpg.key} +: ${BASEIMGEXTREPO=https://$BASEIMGEXTREPOHOST/testing/repos/apt/debian} + +# Directory shared between host and guests +: ${SHAREDDIR=$BUILDDIR/shared/$BASEIMGSUITE} # Root image settings # The root image is the origin of all guest images. It is a clone of the base diff --git a/testing/tests/af-alg/alg-camellia/evaltest.dat b/testing/tests/af-alg/alg-camellia/evaltest.dat index d88c52638..8a2e36baa 100644 --- a/testing/tests/af-alg/alg-camellia/evaltest.dat +++ b/testing/tests/af-alg/alg-camellia/evaltest.dat @@ -1,4 +1,4 @@ -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=CAMELLIA_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=CAMELLIA_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES moon:: swanctl --list-sas --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=CAMELLIA_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_3072.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=CAMELLIA_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES moon:: ip xfrm state::enc cbc(camellia)::YES diff --git a/testing/tests/af-alg/rw-cert/evaltest.dat b/testing/tests/af-alg/rw-cert/evaltest.dat index 3cd928be5..eccdcf0c1 100644 --- a/testing/tests/af-alg/rw-cert/evaltest.dat +++ b/testing/tests/af-alg/rw-cert/evaltest.dat @@ -1,5 +1,5 @@ -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_1536.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_1536.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat b/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat index db5a76204..47597752a 100644 --- a/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat +++ b/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat @@ -1,12 +1,6 @@ -carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES -moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES -carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES -carol::ipsec statusall 2> /dev/null::IKE proposal: SERPENT_CBC_256/HMAC_SHA2_512_256::YES -moon:: ipsec statusall 2> /dev/null::IKE proposal: SERPENT_CBC_256/HMAC_SHA2_512_256::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ipsec statusall 2> /dev/null::SERPENT_CBC_256/HMAC_SHA2_512_256,::YES -moon:: ipsec statusall 2> /dev/null::SERPENT_CBC_256/HMAC_SHA2_512_256,::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=SERPENT_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_4096.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=SERPENT_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +moon::swanctl --list-sas --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=SERPENT_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_4096.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=SERPENT_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES carol::ip xfrm state::enc cbc(serpent)::YES moon:: ip xfrm state::enc cbc(serpent)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf deleted file mode 100644 index ce9e54fec..000000000 --- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf +++ /dev/null @@ -1,21 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev1 - ike=serpent256-sha512-modp4096! - esp=serpent256-sha512! - -conn home - left=PH_IP_CAROL - leftcert=carolCert.pem - leftid=carol@strongswan.org - right=PH_IP_MOON - rightsubnet=10.1.0.0/16 - rightid=@moon.strongswan.org - auto=add diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf index 1dcaed4a3..10c0ac6fb 100644 --- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf @@ -1,8 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl pem pkcs1 gcrypt nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown - send_vendor_id = yes + load = nonce pem pkcs1 gcrypt hmac x509 revocation curl vici kernel-netlink socket-default - dh_exponent_ansi_x9_42 = no + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } + send_vendor_id = yes } diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..f26335cd1 --- /dev/null +++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,26 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + esp_proposals = serpent256-sha512 + } + } + version = 1 + proposals = serpent256-sha512-modp4096 + } +} diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf deleted file mode 100644 index 46dc368c4..000000000 --- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf +++ /dev/null @@ -1,21 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev1 - ike=serpent256-sha512-modp4096! - esp=serpent256-sha512! - -conn rw - left=PH_IP_MOON - leftcert=moonCert.pem - leftid=@moon.strongswan.org - leftsubnet=10.1.0.0/16 - right=%any - rightid=carol@strongswan.org - auto=add diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf index 1dcaed4a3..6c49b5e9b 100644 --- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf @@ -1,8 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl pem pkcs1 gcrypt nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown - send_vendor_id = yes + load = nonce pem pkcs1 gcrypt hmac x509 revocation vici kernel-netlink socket-default - dh_exponent_ansi_x9_42 = no + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } + send_vendor_id = yes } diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..92b47869e --- /dev/null +++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,24 @@ +connections { + + rw { + local_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + } + children { + net { + local_ts = 10.1.0.0/16 + + esp_proposals = serpent256-sha512 + } + } + version = 1 + proposals = serpent256-sha512-modp4096 + } +} diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/posttest.dat b/testing/tests/gcrypt-ikev1/alg-serpent/posttest.dat index c6d6235f9..6387dff4f 100644 --- a/testing/tests/gcrypt-ikev1/alg-serpent/posttest.dat +++ b/testing/tests/gcrypt-ikev1/alg-serpent/posttest.dat @@ -1,2 +1,2 @@ -moon::ipsec stop -carol::ipsec stop +moon::service charon stop +carol::service charon stop diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/pretest.dat b/testing/tests/gcrypt-ikev1/alg-serpent/pretest.dat index 8230de058..0f615f4ac 100644 --- a/testing/tests/gcrypt-ikev1/alg-serpent/pretest.dat +++ b/testing/tests/gcrypt-ikev1/alg-serpent/pretest.dat @@ -1,4 +1,5 @@ -carol::ipsec start -moon::ipsec start -carol::expect-connection home -carol::ipsec up home +moon::service charon start 2> /dev/null +carol::service charon start 2> /dev/null +moon::expect-connection rw +carol::expect-connection home +carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/test.conf b/testing/tests/gcrypt-ikev1/alg-serpent/test.conf index d7b71426c..307c7e9cc 100644 --- a/testing/tests/gcrypt-ikev1/alg-serpent/test.conf +++ b/testing/tests/gcrypt-ikev1/alg-serpent/test.conf @@ -20,3 +20,6 @@ TCPDUMPHOSTS="moon" # IPSECHOSTS="moon carol" +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat b/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat index ac3b5e0b0..d6b04f4c4 100644 --- a/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat +++ b/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat @@ -1,12 +1,6 @@ -carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES -moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES -carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES -carol::ipsec statusall 2> /dev/null::IKE proposal: TWOFISH_CBC_256/HMAC_SHA2_512_256::YES -moon:: ipsec statusall 2> /dev/null::IKE proposal: TWOFISH_CBC_256/HMAC_SHA2_512_256::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ipsec statusall 2> /dev/null::TWOFISH_CBC_256/HMAC_SHA2_512_256,::YES -moon:: ipsec statusall 2> /dev/null::TWOFISH_CBC_256/HMAC_SHA2_512_256,::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=TWOFISH_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_4096.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=TWOFISH_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +moon::swanctl --list-sas --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=TWOFISH_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_4096.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=TWOFISH_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES carol::ip xfrm state::enc cbc(twofish)::YES moon:: ip xfrm state::enc cbc(twofish)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf deleted file mode 100644 index fe1a78d62..000000000 --- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf +++ /dev/null @@ -1,21 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev1 - ike=twofish256-sha512-modp4096! - esp=twofish256-sha512! - -conn home - left=PH_IP_CAROL - leftcert=carolCert.pem - leftid=carol@strongswan.org - right=PH_IP_MOON - rightsubnet=10.1.0.0/16 - rightid=@moon.strongswan.org - auto=add diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf index 1dcaed4a3..10c0ac6fb 100644 --- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf @@ -1,8 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl pem pkcs1 gcrypt nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown - send_vendor_id = yes + load = nonce pem pkcs1 gcrypt hmac x509 revocation curl vici kernel-netlink socket-default - dh_exponent_ansi_x9_42 = no + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } + send_vendor_id = yes } diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..b6ca9f18e --- /dev/null +++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,26 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + esp_proposals = twofish256-sha512 + } + } + version = 1 + proposals = twofish256-sha512-modp4096 + } +} diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf deleted file mode 100644 index b4391cd1f..000000000 --- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf +++ /dev/null @@ -1,21 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev1 - ike=twofish256-sha512-modp4096! - esp=twofish256-sha512! - -conn rw - left=PH_IP_MOON - leftcert=moonCert.pem - leftid=@moon.strongswan.org - leftsubnet=10.1.0.0/16 - right=%any - rightid=carol@strongswan.org - auto=add diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf index 1dcaed4a3..6c49b5e9b 100644 --- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf @@ -1,8 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl pem pkcs1 gcrypt nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown - send_vendor_id = yes + load = nonce pem pkcs1 gcrypt hmac x509 revocation vici kernel-netlink socket-default - dh_exponent_ansi_x9_42 = no + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } + send_vendor_id = yes } diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..3339fff7c --- /dev/null +++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,24 @@ +connections { + + rw { + local_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + } + children { + net { + local_ts = 10.1.0.0/16 + + esp_proposals = twofish256-sha512 + } + } + version = 1 + proposals = twofish256-sha512-modp4096 + } +} diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/posttest.dat b/testing/tests/gcrypt-ikev1/alg-twofish/posttest.dat index c6d6235f9..6387dff4f 100644 --- a/testing/tests/gcrypt-ikev1/alg-twofish/posttest.dat +++ b/testing/tests/gcrypt-ikev1/alg-twofish/posttest.dat @@ -1,2 +1,2 @@ -moon::ipsec stop -carol::ipsec stop +moon::service charon stop +carol::service charon stop diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/pretest.dat b/testing/tests/gcrypt-ikev1/alg-twofish/pretest.dat index 8230de058..0f615f4ac 100644 --- a/testing/tests/gcrypt-ikev1/alg-twofish/pretest.dat +++ b/testing/tests/gcrypt-ikev1/alg-twofish/pretest.dat @@ -1,4 +1,5 @@ -carol::ipsec start -moon::ipsec start -carol::expect-connection home -carol::ipsec up home +moon::service charon start 2> /dev/null +carol::service charon start 2> /dev/null +moon::expect-connection rw +carol::expect-connection home +carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/test.conf b/testing/tests/gcrypt-ikev1/alg-twofish/test.conf index d7b71426c..307c7e9cc 100644 --- a/testing/tests/gcrypt-ikev1/alg-twofish/test.conf +++ b/testing/tests/gcrypt-ikev1/alg-twofish/test.conf @@ -20,3 +20,6 @@ TCPDUMPHOSTS="moon" # IPSECHOSTS="moon carol" +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat b/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat index 236647b56..562336fd4 100644 --- a/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat +++ b/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat @@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_3072::YES carol::ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_3072::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES carol::ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES moon:: ip xfrm state::enc cbc(camellia)::YES diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/pretest.dat b/testing/tests/gcrypt-ikev2/alg-camellia/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/gcrypt-ikev2/alg-camellia/pretest.dat +++ b/testing/tests/gcrypt-ikev2/alg-camellia/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat b/testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat index 2342d024b..849d59a4e 100644 --- a/testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat +++ b/testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ha/active-passive/evaltest.dat b/testing/tests/ha/active-passive/evaltest.dat index 9af5c4c02..bc5d64201 100644 --- a/testing/tests/ha/active-passive/evaltest.dat +++ b/testing/tests/ha/active-passive/evaltest.dat @@ -11,8 +11,8 @@ dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*mars.s alice::cat /var/log/daemon.log::HA segment 1 activated::YES alice::cat /var/log/daemon.log::handling HA CHILD_SA::YES moon:: cat /var/log/daemon.log::installed HA CHILD_SA::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES alice::ip xfrm policy flush::no output expected::NO alice::ip xfrm state flush::no output expected::NO alice::killall -9 starter charon::no output expected::NO @@ -20,8 +20,8 @@ carol::sleep 2::no output expected::NO moon:: cat /var/log/daemon.log::no heartbeat received, taking all segments::YES moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*mars.strongswan.org.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*mars.strongswan.org.*dave@strongswan.org::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES carol::tcpdump::IP carol.strongswan.org > mars.strongswan.org: ESP::YES carol::tcpdump::IP mars.strongswan.org > carol.strongswan.org: ESP::YES dave::tcpdump::IP dave.strongswan.org > mars.strongswan.org: ESP::YES diff --git a/testing/tests/ha/both-active/evaltest.dat b/testing/tests/ha/both-active/evaltest.dat index 3865be9f1..a81ba5231 100644 --- a/testing/tests/ha/both-active/evaltest.dat +++ b/testing/tests/ha/both-active/evaltest.dat @@ -8,8 +8,8 @@ alice::cat /var/log/daemon.log::HA segment 1 activated::YES moon:: cat /var/log/daemon.log::HA segment 2 activated::YES alice::cat /var/log/daemon.log::handling HA CHILD_SA::YES moon:: cat /var/log/daemon.log::installed HA CHILD_SA::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES carol::tcpdump::IP carol.strongswan.org > mars.strongswan.org: ESP::YES carol::tcpdump::IP mars.strongswan.org > carol.strongswan.org: ESP::YES dave::tcpdump::IP dave.strongswan.org > mars.strongswan.org: ESP::YES diff --git a/testing/tests/ike/rw-cert/evaltest.dat b/testing/tests/ike/rw-cert/evaltest.dat index e431ce533..ce1f944f2 100644 --- a/testing/tests/ike/rw-cert/evaltest.dat +++ b/testing/tests/ike/rw-cert/evaltest.dat @@ -10,8 +10,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ike/rw-cert/pretest.dat b/testing/tests/ike/rw-cert/pretest.dat index f1af9ede5..9065f8390 100644 --- a/testing/tests/ike/rw-cert/pretest.dat +++ b/testing/tests/ike/rw-cert/pretest.dat @@ -1,7 +1,8 @@ moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home -dave::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ike/rw_v1-net_v2/evaltest.dat b/testing/tests/ike/rw_v1-net_v2/evaltest.dat index 847a2d92d..ede91bde8 100644 --- a/testing/tests/ike/rw_v1-net_v2/evaltest.dat +++ b/testing/tests/ike/rw_v1-net_v2/evaltest.dat @@ -2,13 +2,13 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ike/rw_v1-net_v2/pretest.dat b/testing/tests/ike/rw_v1-net_v2/pretest.dat index 072d9ddeb..e2920893e 100644 --- a/testing/tests/ike/rw_v1-net_v2/pretest.dat +++ b/testing/tests/ike/rw_v1-net_v2/pretest.dat @@ -1,6 +1,7 @@ moon::ipsec start sun::ipsec start carol::ipsec start +sun::expect-connection net-net moon::expect-connection net-net carol::expect-connection home moon::ipsec up net-net diff --git a/testing/tests/ikev1/alg-3des-md5/evaltest.dat b/testing/tests/ikev1/alg-3des-md5/evaltest.dat index ad0ebd48c..b5009aaef 100644 --- a/testing/tests/ikev1/alg-3des-md5/evaltest.dat +++ b/testing/tests/ikev1/alg-3des-md5/evaltest.dat @@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED::YES carol::ipsec status 2> /dev/null::home.*INSTALLED::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw.*3DES_CBC/HMAC_MD5_96/MODP_1024,::YES carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_MD5_96/MODP_1024,::YES moon:: ip xfrm state::enc cbc(des3_ede)::YES diff --git a/testing/tests/ikev1/alg-3des-md5/pretest.dat b/testing/tests/ikev1/alg-3des-md5/pretest.dat index de4acbbf0..6a892fedc 100644 --- a/testing/tests/ikev1/alg-3des-md5/pretest.dat +++ b/testing/tests/ikev1/alg-3des-md5/pretest.dat @@ -1,6 +1,7 @@ +moon::ipsec start moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules -moon::ipsec start +moon::expect-connection rw carol::ipsec start carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev1/alg-blowfish/evaltest.dat b/testing/tests/ikev1/alg-blowfish/evaltest.dat index cd83c56b4..a4f1f2998 100644 --- a/testing/tests/ikev1/alg-blowfish/evaltest.dat +++ b/testing/tests/ikev1/alg-blowfish/evaltest.dat @@ -4,8 +4,8 @@ moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*caro moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_384_192,::YES dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA2_256_128,::YES carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES diff --git a/testing/tests/ikev1/alg-blowfish/pretest.dat b/testing/tests/ikev1/alg-blowfish/pretest.dat index f1a4b964c..e87a8ee47 100644 --- a/testing/tests/ikev1/alg-blowfish/pretest.dat +++ b/testing/tests/ikev1/alg-blowfish/pretest.dat @@ -4,7 +4,8 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home -dave::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat b/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat index 8230ee30c..0543bcccb 100644 --- a/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat +++ b/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat @@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/alg-modp-subgroup/pretest.dat b/testing/tests/ikev1/alg-modp-subgroup/pretest.dat index f1a4b964c..e87a8ee47 100644 --- a/testing/tests/ikev1/alg-modp-subgroup/pretest.dat +++ b/testing/tests/ikev1/alg-modp-subgroup/pretest.dat @@ -4,7 +4,8 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home -dave::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev1/alg-sha256/evaltest.dat b/testing/tests/ikev1/alg-sha256/evaltest.dat index 364d89f59..8cbac4ff3 100644 --- a/testing/tests/ikev1/alg-sha256/evaltest.dat +++ b/testing/tests/ikev1/alg-sha256/evaltest.dat @@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128/MODP_3072,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/MODP_3072,::YES moon:: ip xfrm state::auth-trunc hmac(sha256)::YES diff --git a/testing/tests/ikev1/alg-sha256/pretest.dat b/testing/tests/ikev1/alg-sha256/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev1/alg-sha256/pretest.dat +++ b/testing/tests/ikev1/alg-sha256/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev1/alg-sha384/evaltest.dat b/testing/tests/ikev1/alg-sha384/evaltest.dat index 14f0ba479..166aa8120 100644 --- a/testing/tests/ikev1/alg-sha384/evaltest.dat +++ b/testing/tests/ikev1/alg-sha384/evaltest.dat @@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192/MODP_3072,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192/MODP_3072,::YES moon:: ip xfrm state::auth-trunc hmac(sha384)::YES diff --git a/testing/tests/ikev1/alg-sha384/pretest.dat b/testing/tests/ikev1/alg-sha384/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev1/alg-sha384/pretest.dat +++ b/testing/tests/ikev1/alg-sha384/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev1/alg-sha512/evaltest.dat b/testing/tests/ikev1/alg-sha512/evaltest.dat index 6f8c05d5b..3c39e2cd8 100644 --- a/testing/tests/ikev1/alg-sha512/evaltest.dat +++ b/testing/tests/ikev1/alg-sha512/evaltest.dat @@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_256/HMAC_SHA2_512_256/MODP_4096,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256/MODP_4096,::YES moon:: ip xfrm state::auth-trunc hmac(sha512)::YES diff --git a/testing/tests/ikev1/alg-sha512/pretest.dat b/testing/tests/ikev1/alg-sha512/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev1/alg-sha512/pretest.dat +++ b/testing/tests/ikev1/alg-sha512/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev1/compress/pretest.dat b/testing/tests/ikev1/compress/pretest.dat index 8230de058..d7f7959f1 100644 --- a/testing/tests/ikev1/compress/pretest.dat +++ b/testing/tests/ikev1/compress/pretest.dat @@ -1,4 +1,5 @@ -carol::ipsec start moon::ipsec start +carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev1/config-payload-push/evaltest.dat b/testing/tests/ikev1/config-payload-push/evaltest.dat index b46dfddf6..9471f8846 100644 --- a/testing/tests/ikev1/config-payload-push/evaltest.dat +++ b/testing/tests/ikev1/config-payload-push/evaltest.dat @@ -3,15 +3,15 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES -carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES -carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*by strongSwan::YES +carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*by strongSwan::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev1/config-payload-push/pretest.dat b/testing/tests/ikev1/config-payload-push/pretest.dat index c0ec6a7a4..bdbe341dd 100644 --- a/testing/tests/ikev1/config-payload-push/pretest.dat +++ b/testing/tests/ikev1/config-payload-push/pretest.dat @@ -1,10 +1,11 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection rw-carol carol::expect-connection home -dave::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev1/config-payload/evaltest.dat b/testing/tests/ikev1/config-payload/evaltest.dat index b46dfddf6..9471f8846 100644 --- a/testing/tests/ikev1/config-payload/evaltest.dat +++ b/testing/tests/ikev1/config-payload/evaltest.dat @@ -3,15 +3,15 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES -carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES -carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*by strongSwan::YES +carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*by strongSwan::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev1/config-payload/pretest.dat b/testing/tests/ikev1/config-payload/pretest.dat index c0ec6a7a4..bdbe341dd 100644 --- a/testing/tests/ikev1/config-payload/pretest.dat +++ b/testing/tests/ikev1/config-payload/pretest.dat @@ -1,10 +1,11 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection rw-carol carol::expect-connection home -dave::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev1/double-nat-net/evaltest.dat b/testing/tests/ikev1/double-nat-net/evaltest.dat index 8f5ffdb50..af29ce7b9 100644 --- a/testing/tests/ikev1/double-nat-net/evaltest.dat +++ b/testing/tests/ikev1/double-nat-net/evaltest.dat @@ -2,6 +2,6 @@ alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@ bob:: ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES bob:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES -alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_req=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES -moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES +alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_.eq=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP::YES +moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev1/double-nat-net/pretest.dat b/testing/tests/ikev1/double-nat-net/pretest.dat index d300a276f..4b4c8ceaf 100644 --- a/testing/tests/ikev1/double-nat-net/pretest.dat +++ b/testing/tests/ikev1/double-nat-net/pretest.dat @@ -5,7 +5,8 @@ moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to- sun::iptables -t nat -A POSTROUTING -o eth0 -s 10.2.0.0/16 -p tcp -j SNAT --to-source PH_IP_SUN:2000-2100 sun::iptables -t nat -A PREROUTING -i eth0 -s PH_IP_MOON -p udp -j DNAT --to-destination PH_IP_BOB sun::ip route add 10.1.0.0/16 via PH_IP_BOB -alice::ipsec start bob::ipsec start +alice::ipsec start +bob::expect-connection nat-t alice::expect-connection nat-t alice::ipsec up nat-t diff --git a/testing/tests/ikev1/double-nat/evaltest.dat b/testing/tests/ikev1/double-nat/evaltest.dat index 5f0622690..903226706 100644 --- a/testing/tests/ikev1/double-nat/evaltest.dat +++ b/testing/tests/ikev1/double-nat/evaltest.dat @@ -2,6 +2,6 @@ alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@ bob:: ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES bob:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES -moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP::YES +moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev1/double-nat/pretest.dat b/testing/tests/ikev1/double-nat/pretest.dat index 6a861d29f..5fe5eae49 100644 --- a/testing/tests/ikev1/double-nat/pretest.dat +++ b/testing/tests/ikev1/double-nat/pretest.dat @@ -4,7 +4,8 @@ moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to- moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100 sun::iptables -t nat -A POSTROUTING -o eth0 -s 10.2.0.0/16 -p tcp -j SNAT --to-source PH_IP_SUN:2000-2100 sun::iptables -t nat -A PREROUTING -i eth0 -s PH_IP_MOON -p udp -j DNAT --to-destination PH_IP_BOB -alice::ipsec start bob::ipsec start +alice::ipsec start +bob::expect-connection nat-t alice::expect-connection nat-t alice::ipsec up nat-t diff --git a/testing/tests/ikev1/dpd-clear/pretest.dat b/testing/tests/ikev1/dpd-clear/pretest.dat index 3a1982f8a..d7f7959f1 100644 --- a/testing/tests/ikev1/dpd-clear/pretest.dat +++ b/testing/tests/ikev1/dpd-clear/pretest.dat @@ -1,4 +1,5 @@ moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev1/dpd-restart/pretest.dat b/testing/tests/ikev1/dpd-restart/pretest.dat index 3a1982f8a..d7f7959f1 100644 --- a/testing/tests/ikev1/dpd-restart/pretest.dat +++ b/testing/tests/ikev1/dpd-restart/pretest.dat @@ -1,4 +1,5 @@ moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev1/dynamic-initiator/evaltest.dat b/testing/tests/ikev1/dynamic-initiator/evaltest.dat index 61546f417..e3549f23d 100644 --- a/testing/tests/ikev1/dynamic-initiator/evaltest.dat +++ b/testing/tests/ikev1/dynamic-initiator/evaltest.dat @@ -5,6 +5,6 @@ dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES moon:: cat /var/log/auth.log::IKE_SA carol\[1] established.*PH_IP_CAROL::YES moon:: cat /var/log/daemon.log::deleting duplicate IKE_SA for.*carol@strongswan.org.*due to uniqueness policy::YES moon:: cat /var/log/auth.log::IKE_SA carol\[2] established.*PH_IP_DAVE::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES diff --git a/testing/tests/ikev1/dynamic-initiator/pretest.dat b/testing/tests/ikev1/dynamic-initiator/pretest.dat index 7e6ad46df..a056e1dc9 100644 --- a/testing/tests/ikev1/dynamic-initiator/pretest.dat +++ b/testing/tests/ikev1/dynamic-initiator/pretest.dat @@ -1,7 +1,8 @@ carol::iptables-restore < /etc/iptables.rules +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection carol carol::expect-connection moon carol::ipsec up moon carol::iptables -D INPUT -i eth0 -p udp --dport 500 --sport 500 -j ACCEPT diff --git a/testing/tests/ikev1/dynamic-responder/evaltest.dat b/testing/tests/ikev1/dynamic-responder/evaltest.dat index 61546f417..e3549f23d 100644 --- a/testing/tests/ikev1/dynamic-responder/evaltest.dat +++ b/testing/tests/ikev1/dynamic-responder/evaltest.dat @@ -5,6 +5,6 @@ dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES moon:: cat /var/log/auth.log::IKE_SA carol\[1] established.*PH_IP_CAROL::YES moon:: cat /var/log/daemon.log::deleting duplicate IKE_SA for.*carol@strongswan.org.*due to uniqueness policy::YES moon:: cat /var/log/auth.log::IKE_SA carol\[2] established.*PH_IP_DAVE::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES diff --git a/testing/tests/ikev1/dynamic-responder/pretest.dat b/testing/tests/ikev1/dynamic-responder/pretest.dat index 0c423aeec..f71d69f97 100644 --- a/testing/tests/ikev1/dynamic-responder/pretest.dat +++ b/testing/tests/ikev1/dynamic-responder/pretest.dat @@ -2,6 +2,7 @@ carol::iptables-restore < /etc/iptables.rules carol::ipsec start dave::ipsec start moon::ipsec start +carol::expect-connection moon moon::expect-connection carol moon::ipsec up carol moon::sleep 0.5 diff --git a/testing/tests/ikev1/dynamic-two-peers/evaltest.dat b/testing/tests/ikev1/dynamic-two-peers/evaltest.dat index 82d2e7318..66660545e 100644 --- a/testing/tests/ikev1/dynamic-two-peers/evaltest.dat +++ b/testing/tests/ikev1/dynamic-two-peers/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::carol.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::dave.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES diff --git a/testing/tests/ikev1/dynamic-two-peers/pretest.dat b/testing/tests/ikev1/dynamic-two-peers/pretest.dat index c19b38fcd..e862b151c 100644 --- a/testing/tests/ikev1/dynamic-two-peers/pretest.dat +++ b/testing/tests/ikev1/dynamic-two-peers/pretest.dat @@ -6,7 +6,8 @@ dave::iptables-restore < /etc/iptables.rules carol::ipsec start dave::ipsec start moon::ipsec start +moon::expect-connection carol carol::expect-connection moon -dave::expect-connection moon carol::ipsec up moon +dave::expect-connection moon dave::ipsec up moon diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat index 648920105..4aceaa8fd 100644 --- a/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat @@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon. moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::AES_CCM_12_128::YES carol::ipsec statusall 2> /dev/null::AES_CCM_12_128::YES carol::ip xfrm state::aead rfc4309(ccm(aes))::YES diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/pretest.dat b/testing/tests/ikev1/esp-alg-aes-ccm/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev1/esp-alg-aes-ccm/pretest.dat +++ b/testing/tests/ikev1/esp-alg-aes-ccm/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat index c86f58081..79ab17cf0 100644 --- a/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat @@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon. moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::AES_CTR_256/AES_XCBC_96::YES carol::ipsec statusall 2> /dev/null::AES_CTR_256/AES_XCBC_96::YES moon:: ip xfrm state::rfc3686(ctr(aes))::YES diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/pretest.dat b/testing/tests/ikev1/esp-alg-aes-ctr/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev1/esp-alg-aes-ctr/pretest.dat +++ b/testing/tests/ikev1/esp-alg-aes-ctr/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat index a7f52c72e..25cd45941 100644 --- a/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat @@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon. moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::AES_GCM_16_256::YES carol::ipsec statusall 2> /dev/null::AES_GCM_16_256::YES carol::ip xfrm state::aead rfc4106(gcm(aes))::YES diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/pretest.dat b/testing/tests/ikev1/esp-alg-aes-gcm/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev1/esp-alg-aes-gcm/pretest.dat +++ b/testing/tests/ikev1/esp-alg-aes-gcm/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat index d5d3bc0d3..293b5ab37 100644 --- a/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES carol::ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES carol::ip xfrm state::aead rfc4543(gcm(aes))::YES diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat b/testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat +++ b/testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-xcbc/evaltest.dat index b466813fe..a3f8d80c7 100644 --- a/testing/tests/ikev1/esp-alg-aes-xcbc/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-aes-xcbc/evaltest.dat @@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon. moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::ipsec statusall 2> /dev/null::AES_CBC_256/AES_XCBC_96,::YES moon:: ipsec statusall 2> /dev/null::AES_CBC_256/AES_XCBC_96,::YES carol::ip xfrm state::auth-trunc xcbc(aes)::YES diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/pretest.dat b/testing/tests/ikev1/esp-alg-aes-xcbc/pretest.dat index 8230de058..d7f7959f1 100644 --- a/testing/tests/ikev1/esp-alg-aes-xcbc/pretest.dat +++ b/testing/tests/ikev1/esp-alg-aes-xcbc/pretest.dat @@ -1,4 +1,5 @@ -carol::ipsec start moon::ipsec start +carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev1/esp-alg-null/evaltest.dat b/testing/tests/ikev1/esp-alg-null/evaltest.dat index 1b9c6c27e..d9888a15d 100644 --- a/testing/tests/ikev1/esp-alg-null/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-null/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES moon:: ip xfrm state::enc ecb(cipher_null)::YES diff --git a/testing/tests/ikev1/esp-alg-null/pretest.dat b/testing/tests/ikev1/esp-alg-null/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev1/esp-alg-null/pretest.dat +++ b/testing/tests/ikev1/esp-alg-null/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev1/host2host-ah/evaltest.dat b/testing/tests/ikev1/host2host-ah/evaltest.dat index 92695477a..1e50ef458 100644 --- a/testing/tests/ikev1/host2host-ah/evaltest.dat +++ b/testing/tests/ikev1/host2host-ah/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES -moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: AH::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: AH::YES diff --git a/testing/tests/ikev1/host2host-ah/pretest.dat b/testing/tests/ikev1/host2host-ah/pretest.dat index 997a48167..36a842321 100644 --- a/testing/tests/ikev1/host2host-ah/pretest.dat +++ b/testing/tests/ikev1/host2host-ah/pretest.dat @@ -1,6 +1,7 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection host-host moon::expect-connection host-host moon::ipsec up host-host diff --git a/testing/tests/ikev1/host2host-cert/evaltest.dat b/testing/tests/ikev1/host2host-cert/evaltest.dat index 3305f4558..e0c40ba4d 100644 --- a/testing/tests/ikev1/host2host-cert/evaltest.dat +++ b/testing/tests/ikev1/host2host-cert/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES -moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/host2host-cert/pretest.dat b/testing/tests/ikev1/host2host-cert/pretest.dat index 997a48167..36a842321 100644 --- a/testing/tests/ikev1/host2host-cert/pretest.dat +++ b/testing/tests/ikev1/host2host-cert/pretest.dat @@ -1,6 +1,7 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection host-host moon::expect-connection host-host moon::ipsec up host-host diff --git a/testing/tests/ikev1/host2host-transport/evaltest.dat b/testing/tests/ikev1/host2host-transport/evaltest.dat index fc49e57d8..98251d12a 100644 --- a/testing/tests/ikev1/host2host-transport/evaltest.dat +++ b/testing/tests/ikev1/host2host-transport/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES -moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/host2host-transport/pretest.dat b/testing/tests/ikev1/host2host-transport/pretest.dat index 997a48167..36a842321 100644 --- a/testing/tests/ikev1/host2host-transport/pretest.dat +++ b/testing/tests/ikev1/host2host-transport/pretest.dat @@ -1,6 +1,7 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection host-host moon::expect-connection host-host moon::ipsec up host-host diff --git a/testing/tests/ikev1/ip-pool-db/evaltest.dat b/testing/tests/ikev1/ip-pool-db/evaltest.dat index 42e353084..925e9a12f 100644 --- a/testing/tests/ikev1/ip-pool-db/evaltest.dat +++ b/testing/tests/ikev1/ip-pool-db/evaltest.dat @@ -6,7 +6,7 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES dave:: cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES @@ -15,7 +15,7 @@ dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES moon:: cat /var/log/daemon.log::assigning virtual IP::YES diff --git a/testing/tests/ikev1/ip-pool-db/pretest.dat b/testing/tests/ikev1/ip-pool-db/pretest.dat index 337ccb297..c42204592 100644 --- a/testing/tests/ikev1/ip-pool-db/pretest.dat +++ b/testing/tests/ikev1/ip-pool-db/pretest.dat @@ -10,6 +10,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev1/ip-pool/evaltest.dat b/testing/tests/ikev1/ip-pool/evaltest.dat index 1fdc3f087..c55859291 100644 --- a/testing/tests/ikev1/ip-pool/evaltest.dat +++ b/testing/tests/ikev1/ip-pool/evaltest.dat @@ -3,13 +3,13 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: cat /var/log/daemon.log::adding virtual IP address pool::YES moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES moon:: cat /var/log/daemon.log::assigning virtual IP::YES diff --git a/testing/tests/ikev1/ip-pool/pretest.dat b/testing/tests/ikev1/ip-pool/pretest.dat index 2d09e88ce..e87a8ee47 100644 --- a/testing/tests/ikev1/ip-pool/pretest.dat +++ b/testing/tests/ikev1/ip-pool/pretest.dat @@ -1,9 +1,10 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/pretest.dat b/testing/tests/ikev1/multi-level-ca-cr-init/pretest.dat index bee9bc792..1476785df 100644 --- a/testing/tests/ikev1/multi-level-ca-cr-init/pretest.dat +++ b/testing/tests/ikev1/multi-level-ca-cr-init/pretest.dat @@ -1,7 +1,8 @@ carol::ipsec start dave::ipsec start moon::ipsec start -moon::expect-connection alice +carol::expect-connection alice +dave::expect-connection venus moon::expect-connection venus moon::ipsec up alice moon::ipsec up venus diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/pretest.dat b/testing/tests/ikev1/multi-level-ca-cr-resp/pretest.dat index be0051e0b..4bc6a0e5e 100644 --- a/testing/tests/ikev1/multi-level-ca-cr-resp/pretest.dat +++ b/testing/tests/ikev1/multi-level-ca-cr-resp/pretest.dat @@ -1,6 +1,7 @@ +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection venus carol::expect-connection alice carol::ipsec up alice dave::expect-connection venus diff --git a/testing/tests/ikev1/multi-level-ca/pretest.dat b/testing/tests/ikev1/multi-level-ca/pretest.dat index 2134d6bea..81b30701d 100644 --- a/testing/tests/ikev1/multi-level-ca/pretest.dat +++ b/testing/tests/ikev1/multi-level-ca/pretest.dat @@ -1,11 +1,10 @@ +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start -carol::expect-connection alice +moon::expect-connection venus carol::expect-connection venus carol::ipsec up alice carol::ipsec up venus -dave::expect-connection alice dave::expect-connection venus dave::ipsec up venus dave::ipsec up alice diff --git a/testing/tests/ikev1/nat-rw/evaltest.dat b/testing/tests/ikev1/nat-rw/evaltest.dat index 36d9f8456..2d265b0d1 100644 --- a/testing/tests/ikev1/nat-rw/evaltest.dat +++ b/testing/tests/ikev1/nat-rw/evaltest.dat @@ -6,13 +6,13 @@ alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES sun:: ipsec status 2> /dev/null::nat-t[{]1}.*INSTALLED, TUNNEL.*ESP in UDP::YES sun:: ipsec status 2> /dev/null::nat-t[{]2}.*INSTALLED, TUNNEL.*ESP in UDP::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES moon:: sleep 6::no output expected::NO -bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP-encap: ESP::YES -moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP-encap: ESP::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: isakmp-nat-keep-alive::YES +bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES +moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP-encap: ESP::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): isakmp-nat-keep-alive::YES alice::cat /var/log/daemon.log::sending keep alive::YES venus::cat /var/log/daemon.log::sending keep alive::YES diff --git a/testing/tests/ikev1/nat-rw/pretest.dat b/testing/tests/ikev1/nat-rw/pretest.dat index e3d9fc858..36d23b570 100644 --- a/testing/tests/ikev1/nat-rw/pretest.dat +++ b/testing/tests/ikev1/nat-rw/pretest.dat @@ -3,9 +3,10 @@ venus::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100 moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100 +sun::ipsec start alice::ipsec start venus::ipsec start -sun::ipsec start +sun::expect-connection nat-t alice::expect-connection nat-t alice::ipsec up nat-t venus::expect-connection nat-t diff --git a/testing/tests/ikev1/nat-virtual-ip/evaltest.dat b/testing/tests/ikev1/nat-virtual-ip/evaltest.dat index c60ffc772..d4910ea67 100644 --- a/testing/tests/ikev1/nat-virtual-ip/evaltest.dat +++ b/testing/tests/ikev1/nat-virtual-ip/evaltest.dat @@ -1,7 +1,7 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: cat /var/log/daemon.log::inserted NAT rule mapping PH_IP_ALICE to virtual IP::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES bob::tcpdump::IP alice2.strongswan.org > bob.strongswan.org: ICMP::YES diff --git a/testing/tests/ikev1/nat-virtual-ip/pretest.dat b/testing/tests/ikev1/nat-virtual-ip/pretest.dat index 1732d6efa..bcc2cb04d 100644 --- a/testing/tests/ikev1/nat-virtual-ip/pretest.dat +++ b/testing/tests/ikev1/nat-virtual-ip/pretest.dat @@ -1,6 +1,7 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev1/net2net-ah/evaltest.dat b/testing/tests/ikev1/net2net-ah/evaltest.dat index bf6234b55..d13369f05 100644 --- a/testing/tests/ikev1/net2net-ah/evaltest.dat +++ b/testing/tests/ikev1/net2net-ah/evaltest.dat @@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: AH::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: AH::YES moon::ipsec statusall 2> /dev/null::HMAC_SHA1_96::YES diff --git a/testing/tests/ikev1/net2net-ah/pretest.dat b/testing/tests/ikev1/net2net-ah/pretest.dat index 25e393c8e..bcc2cb04d 100644 --- a/testing/tests/ikev1/net2net-ah/pretest.dat +++ b/testing/tests/ikev1/net2net-ah/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules sun::ipsec start moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev1/net2net-cert/evaltest.dat b/testing/tests/ikev1/net2net-cert/evaltest.dat index 2b37cad99..fe4aa5ab1 100644 --- a/testing/tests/ikev1/net2net-cert/evaltest.dat +++ b/testing/tests/ikev1/net2net-cert/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun. sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/net2net-cert/pretest.dat b/testing/tests/ikev1/net2net-cert/pretest.dat index 25e393c8e..bcc2cb04d 100644 --- a/testing/tests/ikev1/net2net-cert/pretest.dat +++ b/testing/tests/ikev1/net2net-cert/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules sun::ipsec start moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev1/net2net-esn/description.txt b/testing/tests/ikev1/net2net-esn/description.txt new file mode 100644 index 000000000..13bb62b1d --- /dev/null +++ b/testing/tests/ikev1/net2net-esn/description.txt @@ -0,0 +1,7 @@ +A connection between the subnets behind the gateways moon and sun is set up. +With esp=aes128-sha1-esn! gateway moon proposes the use of +Extended Sequence Numbers. Gateway sun defines esp=aes128-sha1-esn-noesn!, +accepting proposals with and without ESN. +

    +Upon the successful establishment of the CHILD SA with ESN, client alice behind +gateway moon pings client bob located behind gateway sun 10 times. diff --git a/testing/tests/ikev1/net2net-esn/evaltest.dat b/testing/tests/ikev1/net2net-esn/evaltest.dat new file mode 100644 index 000000000..d8d7cb446 --- /dev/null +++ b/testing/tests/ikev1/net2net-esn/evaltest.dat @@ -0,0 +1,17 @@ +sun:: cat /var/log/daemon.log::received proposals: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ::YES +sun:: cat /var/log/daemon.log::configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ/NO_EXT_SEQ::YES +sun:: cat /var/log/daemon.log::selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ::YES +sun:: cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES +moon:: cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ip -s xfrm state::flag af-unspec.*(0x10100000)::YES +moon:: ip -s xfrm state::flag af-unspec.*(0x10100000)::YES +alice::ping -c 10 -i 0 -f PH_IP_BOB::10 packets transmitted, 10 received, 0% packet loss::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES +moon::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES +sun:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES + diff --git a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf new file mode 100644 index 000000000..892907200 --- /dev/null +++ b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + charondebug="cfg 2, knl 2" + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + ike=aes128-sha1-modp1536! + esp=aes128-sha1-esn! + +conn net-net + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + leftfirewall=yes + right=PH_IP_SUN + rightid=@sun.strongswan.org + rightsubnet=10.2.0.0/16 + auto=add diff --git a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..ddba8b199 --- /dev/null +++ b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + multiple_authentication = no +} diff --git a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf new file mode 100644 index 000000000..666e32def --- /dev/null +++ b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + charondebug="cfg 2, knl 2" + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + ike=aes128-sha1-modp1536! + esp=aes128-sha1-esn-noesn! + +conn net-net + left=PH_IP_SUN + leftcert=sunCert.pem + leftid=@sun.strongswan.org + leftsubnet=10.2.0.0/16 + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..ddba8b199 --- /dev/null +++ b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + multiple_authentication = no +} diff --git a/testing/tests/ikev1/net2net-esn/posttest.dat b/testing/tests/ikev1/net2net-esn/posttest.dat new file mode 100644 index 000000000..837738fc6 --- /dev/null +++ b/testing/tests/ikev1/net2net-esn/posttest.dat @@ -0,0 +1,5 @@ +moon::ipsec stop +sun::ipsec stop +moon::iptables-restore < /etc/iptables.flush +sun::iptables-restore < /etc/iptables.flush + diff --git a/testing/tests/ikev1/net2net-esn/pretest.dat b/testing/tests/ikev1/net2net-esn/pretest.dat new file mode 100644 index 000000000..bcc2cb04d --- /dev/null +++ b/testing/tests/ikev1/net2net-esn/pretest.dat @@ -0,0 +1,7 @@ +moon::iptables-restore < /etc/iptables.rules +sun::iptables-restore < /etc/iptables.rules +sun::ipsec start +moon::ipsec start +sun::expect-connection net-net +moon::expect-connection net-net +moon::ipsec up net-net diff --git a/testing/tests/ikev1/net2net-esn/test.conf b/testing/tests/ikev1/net2net-esn/test.conf new file mode 100644 index 000000000..afa2accbe --- /dev/null +++ b/testing/tests/ikev1/net2net-esn/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" diff --git a/testing/tests/ikev1/net2net-fragmentation/evaltest.dat b/testing/tests/ikev1/net2net-fragmentation/evaltest.dat index 2dd5a40dd..7180fee05 100644 --- a/testing/tests/ikev1/net2net-fragmentation/evaltest.dat +++ b/testing/tests/ikev1/net2net-fragmentation/evaltest.dat @@ -10,6 +10,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun. sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/net2net-fragmentation/pretest.dat b/testing/tests/ikev1/net2net-fragmentation/pretest.dat index 25e393c8e..bcc2cb04d 100644 --- a/testing/tests/ikev1/net2net-fragmentation/pretest.dat +++ b/testing/tests/ikev1/net2net-fragmentation/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules sun::ipsec start moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev1/net2net-ntru-cert/evaltest.dat b/testing/tests/ikev1/net2net-ntru-cert/evaltest.dat index 78d2bff53..1ac624e40 100644 --- a/testing/tests/ikev1/net2net-ntru-cert/evaltest.dat +++ b/testing/tests/ikev1/net2net-ntru-cert/evaltest.dat @@ -4,6 +4,6 @@ moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES moon::ipsec statusall 2> /dev/null::net-net.*IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/NTRU_256::YES sun::ipsec statusall 2> /dev/null::net-net.*IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/NTRU_256::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/net2net-ntru-cert/pretest.dat b/testing/tests/ikev1/net2net-ntru-cert/pretest.dat index 1732d6efa..bcc2cb04d 100644 --- a/testing/tests/ikev1/net2net-ntru-cert/pretest.dat +++ b/testing/tests/ikev1/net2net-ntru-cert/pretest.dat @@ -1,6 +1,7 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev1/net2net-psk-fail/pretest.dat b/testing/tests/ikev1/net2net-psk-fail/pretest.dat index fe4223a44..c7e2c6162 100644 --- a/testing/tests/ikev1/net2net-psk-fail/pretest.dat +++ b/testing/tests/ikev1/net2net-psk-fail/pretest.dat @@ -4,5 +4,6 @@ moon::rm /etc/ipsec.d/cacerts/* sun::rm /etc/ipsec.d/cacerts/* sun::ipsec start moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev1/net2net-psk/evaltest.dat b/testing/tests/ikev1/net2net-psk/evaltest.dat index 2b37cad99..fe4aa5ab1 100644 --- a/testing/tests/ikev1/net2net-psk/evaltest.dat +++ b/testing/tests/ikev1/net2net-psk/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun. sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/net2net-psk/pretest.dat b/testing/tests/ikev1/net2net-psk/pretest.dat index fe4223a44..c7e2c6162 100644 --- a/testing/tests/ikev1/net2net-psk/pretest.dat +++ b/testing/tests/ikev1/net2net-psk/pretest.dat @@ -4,5 +4,6 @@ moon::rm /etc/ipsec.d/cacerts/* sun::rm /etc/ipsec.d/cacerts/* sun::ipsec start moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev1/protoport-dual/evaltest.dat b/testing/tests/ikev1/protoport-dual/evaltest.dat index cf45f3b52..7d367e3c1 100644 --- a/testing/tests/ikev1/protoport-dual/evaltest.dat +++ b/testing/tests/ikev1/protoport-dual/evaltest.dat @@ -2,8 +2,8 @@ carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/protoport-dual/pretest.dat b/testing/tests/ikev1/protoport-dual/pretest.dat index 4759fdb7b..02f4aa82b 100644 --- a/testing/tests/ikev1/protoport-dual/pretest.dat +++ b/testing/tests/ikev1/protoport-dual/pretest.dat @@ -2,6 +2,8 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw-icmp +moon::expect-connection rw-ssh carol::expect-connection home-icmp carol::expect-connection home-ssh carol::ipsec up home-icmp diff --git a/testing/tests/ikev1/rw-cert-aggressive/evaltest.dat b/testing/tests/ikev1/rw-cert-aggressive/evaltest.dat index ba661975b..be78c5125 100644 --- a/testing/tests/ikev1/rw-cert-aggressive/evaltest.dat +++ b/testing/tests/ikev1/rw-cert-aggressive/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/rw-cert-aggressive/pretest.dat b/testing/tests/ikev1/rw-cert-aggressive/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/ikev1/rw-cert-aggressive/pretest.dat +++ b/testing/tests/ikev1/rw-cert-aggressive/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev1/rw-cert-unity/evaltest.dat b/testing/tests/ikev1/rw-cert-unity/evaltest.dat index c183f48e9..ff13f5f0d 100644 --- a/testing/tests/ikev1/rw-cert-unity/evaltest.dat +++ b/testing/tests/ikev1/rw-cert-unity/evaltest.dat @@ -3,6 +3,6 @@ moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*caro carol::ipsec status 2> /dev/null::10.2.1.1/32 === 192.168.0.0/24 PASS::YES carol::ipsec status 2> /dev/null::home.*10.2.1.1/32 === 10.1.0.0/16 10.2.1.0/24::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 10.2.1.0/24 === 10.2.1.1/32::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/rw-cert-unity/pretest.dat b/testing/tests/ikev1/rw-cert-unity/pretest.dat index 3a1982f8a..d7f7959f1 100644 --- a/testing/tests/ikev1/rw-cert-unity/pretest.dat +++ b/testing/tests/ikev1/rw-cert-unity/pretest.dat @@ -1,4 +1,5 @@ moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev1/rw-cert/evaltest.dat b/testing/tests/ikev1/rw-cert/evaltest.dat index ba661975b..be78c5125 100644 --- a/testing/tests/ikev1/rw-cert/evaltest.dat +++ b/testing/tests/ikev1/rw-cert/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/rw-initiator-only/evaltest.dat b/testing/tests/ikev1/rw-initiator-only/evaltest.dat index 80fd7c5be..c5dc4a0a6 100644 --- a/testing/tests/ikev1/rw-initiator-only/evaltest.dat +++ b/testing/tests/ikev1/rw-initiator-only/evaltest.dat @@ -3,6 +3,6 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon. moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/rw-initiator-only/pretest.dat b/testing/tests/ikev1/rw-initiator-only/pretest.dat index 5a972079b..9317b0f70 100644 --- a/testing/tests/ikev1/rw-initiator-only/pretest.dat +++ b/testing/tests/ikev1/rw-initiator-only/pretest.dat @@ -6,5 +6,6 @@ carol::ipsec start dave::ipsec start dave::expect-connection peer dave::ipsec up peer +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev1/rw-ntru-psk/evaltest.dat b/testing/tests/ikev1/rw-ntru-psk/evaltest.dat index 562213572..3a3de31a2 100644 --- a/testing/tests/ikev1/rw-ntru-psk/evaltest.dat +++ b/testing/tests/ikev1/rw-ntru-psk/evaltest.dat @@ -1,11 +1,11 @@ carol::ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/NTRU_192::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw-carol.*IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES moon:: ipsec statusall 2> /dev/null::rw-dave.*IKE proposal: AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/NTRU_192::YES moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES diff --git a/testing/tests/ikev1/rw-ntru-psk/pretest.dat b/testing/tests/ikev1/rw-ntru-psk/pretest.dat index e827687f8..1e38590b6 100644 --- a/testing/tests/ikev1/rw-ntru-psk/pretest.dat +++ b/testing/tests/ikev1/rw-ntru-psk/pretest.dat @@ -7,7 +7,9 @@ dave::rm /etc/ipsec.d/cacerts/* carol::ipsec start dave::ipsec start moon::ipsec start +moon::expect-connection rw-carol carol::expect-connection home carol::ipsec up home +moon::expect-connection rw-dave dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev1/rw-psk-aggressive/evaltest.dat b/testing/tests/ikev1/rw-psk-aggressive/evaltest.dat index 2342d024b..849d59a4e 100644 --- a/testing/tests/ikev1/rw-psk-aggressive/evaltest.dat +++ b/testing/tests/ikev1/rw-psk-aggressive/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/rw-psk-aggressive/pretest.dat b/testing/tests/ikev1/rw-psk-aggressive/pretest.dat index ab5e18da2..ee5bc7c72 100644 --- a/testing/tests/ikev1/rw-psk-aggressive/pretest.dat +++ b/testing/tests/ikev1/rw-psk-aggressive/pretest.dat @@ -7,6 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/* moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev1/rw-psk-fqdn/evaltest.dat b/testing/tests/ikev1/rw-psk-fqdn/evaltest.dat index 77f548848..4dfc92fe8 100644 --- a/testing/tests/ikev1/rw-psk-fqdn/evaltest.dat +++ b/testing/tests/ikev1/rw-psk-fqdn/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/rw-psk-fqdn/pretest.dat b/testing/tests/ikev1/rw-psk-fqdn/pretest.dat index ab5e18da2..0fb389dab 100644 --- a/testing/tests/ikev1/rw-psk-fqdn/pretest.dat +++ b/testing/tests/ikev1/rw-psk-fqdn/pretest.dat @@ -7,7 +7,9 @@ dave::rm /etc/ipsec.d/cacerts/* moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw-carol carol::expect-connection home carol::ipsec up home +moon::expect-connection rw-dave dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev1/rw-psk-ipv4/evaltest.dat b/testing/tests/ikev1/rw-psk-ipv4/evaltest.dat index df37719e9..4e08d5979 100644 --- a/testing/tests/ikev1/rw-psk-ipv4/evaltest.dat +++ b/testing/tests/ikev1/rw-psk-ipv4/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/rw-psk-ipv4/pretest.dat b/testing/tests/ikev1/rw-psk-ipv4/pretest.dat index ab5e18da2..0fb389dab 100644 --- a/testing/tests/ikev1/rw-psk-ipv4/pretest.dat +++ b/testing/tests/ikev1/rw-psk-ipv4/pretest.dat @@ -7,7 +7,9 @@ dave::rm /etc/ipsec.d/cacerts/* moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw-carol carol::expect-connection home carol::ipsec up home +moon::expect-connection rw-dave dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev1/virtual-ip/evaltest.dat b/testing/tests/ikev1/virtual-ip/evaltest.dat index 0f5df71d7..8da2ceb22 100644 --- a/testing/tests/ikev1/virtual-ip/evaltest.dat +++ b/testing/tests/ikev1/virtual-ip/evaltest.dat @@ -14,12 +14,12 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::src PH_IP_CAROL1::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::src PH_IP_DAVE1::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES -moon:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_req=1::YES -moon:: ping -c 1 PH_IP_DAVE1::64 bytes from PH_IP_DAVE1: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES +moon:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_.eq=1::YES +moon:: ping -c 1 PH_IP_DAVE1::64 bytes from PH_IP_DAVE1: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/virtual-ip/pretest.dat b/testing/tests/ikev1/virtual-ip/pretest.dat index 2d09e88ce..e87a8ee47 100644 --- a/testing/tests/ikev1/virtual-ip/pretest.dat +++ b/testing/tests/ikev1/virtual-ip/pretest.dat @@ -1,9 +1,10 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev1/xauth-id-psk-config/evaltest.dat b/testing/tests/ikev1/xauth-id-psk-config/evaltest.dat index cd4ebd8ec..210072e86 100644 --- a/testing/tests/ikev1/xauth-id-psk-config/evaltest.dat +++ b/testing/tests/ikev1/xauth-id-psk-config/evaltest.dat @@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol::YE moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave::YES carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/xauth-id-psk-config/pretest.dat b/testing/tests/ikev1/xauth-id-psk-config/pretest.dat index ab5e18da2..ee5bc7c72 100644 --- a/testing/tests/ikev1/xauth-id-psk-config/pretest.dat +++ b/testing/tests/ikev1/xauth-id-psk-config/pretest.dat @@ -7,6 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/* moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev1/xauth-id-rsa-aggressive/evaltest.dat b/testing/tests/ikev1/xauth-id-rsa-aggressive/evaltest.dat index 34c124c95..b482ddba3 100644 --- a/testing/tests/ikev1/xauth-id-rsa-aggressive/evaltest.dat +++ b/testing/tests/ikev1/xauth-id-rsa-aggressive/evaltest.dat @@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES moon:: cat /var/log/daemon.log::XAuth authentication of.*carol.*successful::YES moon:: cat /var/log/daemon.log::XAuth authentication of.*dave.*successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/xauth-id-rsa-aggressive/pretest.dat b/testing/tests/ikev1/xauth-id-rsa-aggressive/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/ikev1/xauth-id-rsa-aggressive/pretest.dat +++ b/testing/tests/ikev1/xauth-id-rsa-aggressive/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev1/xauth-id-rsa-config/evaltest.dat b/testing/tests/ikev1/xauth-id-rsa-config/evaltest.dat index 7604a1527..13e4b26a9 100644 --- a/testing/tests/ikev1/xauth-id-rsa-config/evaltest.dat +++ b/testing/tests/ikev1/xauth-id-rsa-config/evaltest.dat @@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol::YE moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave::YES carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/xauth-id-rsa-config/pretest.dat b/testing/tests/ikev1/xauth-id-rsa-config/pretest.dat index a55cf37b2..2eddae2d8 100644 --- a/testing/tests/ikev1/xauth-id-rsa-config/pretest.dat +++ b/testing/tests/ikev1/xauth-id-rsa-config/pretest.dat @@ -4,6 +4,8 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw-carol +moon::expect-connection rw-dave carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev1/xauth-id-rsa-hybrid/evaltest.dat b/testing/tests/ikev1/xauth-id-rsa-hybrid/evaltest.dat index 34c124c95..b482ddba3 100644 --- a/testing/tests/ikev1/xauth-id-rsa-hybrid/evaltest.dat +++ b/testing/tests/ikev1/xauth-id-rsa-hybrid/evaltest.dat @@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES moon:: cat /var/log/daemon.log::XAuth authentication of.*carol.*successful::YES moon:: cat /var/log/daemon.log::XAuth authentication of.*dave.*successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/xauth-id-rsa-hybrid/pretest.dat b/testing/tests/ikev1/xauth-id-rsa-hybrid/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/ikev1/xauth-id-rsa-hybrid/pretest.dat +++ b/testing/tests/ikev1/xauth-id-rsa-hybrid/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev1/xauth-psk/evaltest.dat b/testing/tests/ikev1/xauth-psk/evaltest.dat index c6637cbfe..90cf05c31 100644 --- a/testing/tests/ikev1/xauth-psk/evaltest.dat +++ b/testing/tests/ikev1/xauth-psk/evaltest.dat @@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES moon:: cat /var/log/daemon.log::XAuth authentication of.*carol@strongswan.org.*successful::YES moon:: cat /var/log/daemon.log::XAuth authentication of.*dave@strongswan.org.*successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/xauth-psk/pretest.dat b/testing/tests/ikev1/xauth-psk/pretest.dat index ab5e18da2..ee5bc7c72 100644 --- a/testing/tests/ikev1/xauth-psk/pretest.dat +++ b/testing/tests/ikev1/xauth-psk/pretest.dat @@ -7,6 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/* moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/evaltest.dat b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/evaltest.dat index fe148cd10..1d023f310 100644 --- a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/evaltest.dat +++ b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/evaltest.dat @@ -5,6 +5,6 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/pretest.dat b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/pretest.dat index c65fbda83..b4c7637ac 100644 --- a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/pretest.dat +++ b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/pretest.dat @@ -3,5 +3,6 @@ carol::iptables-restore < /etc/iptables.rules alice::radiusd moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev1/xauth-rsa-radius/evaltest.dat b/testing/tests/ikev1/xauth-rsa-radius/evaltest.dat index a88debd3e..7e11d2aa9 100644 --- a/testing/tests/ikev1/xauth-rsa-radius/evaltest.dat +++ b/testing/tests/ikev1/xauth-rsa-radius/evaltest.dat @@ -4,6 +4,6 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/xauth-rsa-radius/pretest.dat b/testing/tests/ikev1/xauth-rsa-radius/pretest.dat index c65fbda83..b4c7637ac 100644 --- a/testing/tests/ikev1/xauth-rsa-radius/pretest.dat +++ b/testing/tests/ikev1/xauth-rsa-radius/pretest.dat @@ -3,5 +3,6 @@ carol::iptables-restore < /etc/iptables.rules alice::radiusd moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev1/xauth-rsa/evaltest.dat b/testing/tests/ikev1/xauth-rsa/evaltest.dat index c6637cbfe..90cf05c31 100644 --- a/testing/tests/ikev1/xauth-rsa/evaltest.dat +++ b/testing/tests/ikev1/xauth-rsa/evaltest.dat @@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES moon:: cat /var/log/daemon.log::XAuth authentication of.*carol@strongswan.org.*successful::YES moon:: cat /var/log/daemon.log::XAuth authentication of.*dave@strongswan.org.*successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/xauth-rsa/pretest.dat b/testing/tests/ikev1/xauth-rsa/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/ikev1/xauth-rsa/pretest.dat +++ b/testing/tests/ikev1/xauth-rsa/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/acert-cached/evaltest.dat b/testing/tests/ikev2/acert-cached/evaltest.dat index c0bb035a1..6d6b1d912 100644 --- a/testing/tests/ikev2/acert-cached/evaltest.dat +++ b/testing/tests/ikev2/acert-cached/evaltest.dat @@ -4,8 +4,8 @@ moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*caro moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO moon::cat /var/log/daemon.log::constraint check failed: group membership to 'sales' required::YES dave::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::NO diff --git a/testing/tests/ikev2/acert-cached/pretest.dat b/testing/tests/ikev2/acert-cached/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/ikev2/acert-cached/pretest.dat +++ b/testing/tests/ikev2/acert-cached/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/acert-fallback/evaltest.dat b/testing/tests/ikev2/acert-fallback/evaltest.dat index 17d83d182..8c4e9e2fc 100644 --- a/testing/tests/ikev2/acert-fallback/evaltest.dat +++ b/testing/tests/ikev2/acert-fallback/evaltest.dat @@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon. moon:: ipsec status 2> /dev/null::finance.*: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO moon:: ipsec status 2> /dev/null::sales.*: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon::cat /var/log/daemon.log::constraint check failed: group membership to 'finance' required::YES -carol::ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +carol::ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/acert-fallback/pretest.dat b/testing/tests/ikev2/acert-fallback/pretest.dat index de4acbbf0..084516aa2 100644 --- a/testing/tests/ikev2/acert-fallback/pretest.dat +++ b/testing/tests/ikev2/acert-fallback/pretest.dat @@ -2,5 +2,7 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection finance +moon::expect-connection sales carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/acert-inline/evaltest.dat b/testing/tests/ikev2/acert-inline/evaltest.dat index 98128e715..136335490 100644 --- a/testing/tests/ikev2/acert-inline/evaltest.dat +++ b/testing/tests/ikev2/acert-inline/evaltest.dat @@ -7,8 +7,8 @@ carol::cat /var/log/daemon.log::sending attribute certificate issued by \"C=CH, dave::cat /var/log/daemon.log::sending attribute certificate issued by \"C=CH, O=Linux strongSwan, CN=strongSwan AA\"::YES dave::cat /var/log/daemon.log::sending attribute certificate issued by \"C=CH, O=Linux strongSwan, CN=expired AA\"::YES dave::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::NO diff --git a/testing/tests/ikev2/acert-inline/pretest.dat b/testing/tests/ikev2/acert-inline/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/ikev2/acert-inline/pretest.dat +++ b/testing/tests/ikev2/acert-inline/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/after-2038-certs/evaltest.dat b/testing/tests/ikev2/after-2038-certs/evaltest.dat index 427aa74da..8c2c078bd 100644 --- a/testing/tests/ikev2/after-2038-certs/evaltest.dat +++ b/testing/tests/ikev2/after-2038-certs/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/after-2038-certs/pretest.dat b/testing/tests/ikev2/after-2038-certs/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev2/after-2038-certs/pretest.dat +++ b/testing/tests/ikev2/after-2038-certs/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/alg-3des-md5/evaltest.dat b/testing/tests/ikev2/alg-3des-md5/evaltest.dat index abd29e97e..00465c27d 100644 --- a/testing/tests/ikev2/alg-3des-md5/evaltest.dat +++ b/testing/tests/ikev2/alg-3des-md5/evaltest.dat @@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED::YES carol::ipsec status 2> /dev/null::home.*INSTALLED::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw.*3DES_CBC/HMAC_MD5_96,::YES carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_MD5_96,::YES moon:: ip xfrm state::enc cbc(des3_ede)::YES diff --git a/testing/tests/ikev2/alg-3des-md5/pretest.dat b/testing/tests/ikev2/alg-3des-md5/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev2/alg-3des-md5/pretest.dat +++ b/testing/tests/ikev2/alg-3des-md5/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/alg-aes-ccm/evaltest.dat b/testing/tests/ikev2/alg-aes-ccm/evaltest.dat index 5a14b98d6..447445bbf 100644 --- a/testing/tests/ikev2/alg-aes-ccm/evaltest.dat +++ b/testing/tests/ikev2/alg-aes-ccm/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_CCM_12_128::YES carol::ipsec statusall 2> /dev/null::IKE proposal: AES_CCM_12_128::YES moon:: ipsec statusall 2> /dev/null::AES_CCM_12_128,::YES diff --git a/testing/tests/ikev2/alg-aes-ccm/pretest.dat b/testing/tests/ikev2/alg-aes-ccm/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev2/alg-aes-ccm/pretest.dat +++ b/testing/tests/ikev2/alg-aes-ccm/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/alg-aes-ctr/evaltest.dat b/testing/tests/ikev2/alg-aes-ctr/evaltest.dat index 6a5203a2d..1bbaacf4f 100644 --- a/testing/tests/ikev2/alg-aes-ctr/evaltest.dat +++ b/testing/tests/ikev2/alg-aes-ctr/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_CTR_128::YES carol::ipsec statusall 2> /dev/null::IKE proposal: AES_CTR_128::YES moon:: ipsec statusall 2> /dev/null::AES_CTR_128/AES_XCBC_96,::YES diff --git a/testing/tests/ikev2/alg-aes-ctr/pretest.dat b/testing/tests/ikev2/alg-aes-ctr/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev2/alg-aes-ctr/pretest.dat +++ b/testing/tests/ikev2/alg-aes-ctr/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/alg-aes-gcm/evaltest.dat b/testing/tests/ikev2/alg-aes-gcm/evaltest.dat index ce27fcc05..487928ca9 100644 --- a/testing/tests/ikev2/alg-aes-gcm/evaltest.dat +++ b/testing/tests/ikev2/alg-aes-gcm/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_GCM_16_256::YES carol::ipsec statusall 2> /dev/null::IKE proposal: AES_GCM_16_256::YES moon:: ipsec statusall 2> /dev/null::AES_GCM_16_256,::YES diff --git a/testing/tests/ikev2/alg-aes-gcm/pretest.dat b/testing/tests/ikev2/alg-aes-gcm/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev2/alg-aes-gcm/pretest.dat +++ b/testing/tests/ikev2/alg-aes-gcm/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat index c896b5f67..4b8548404 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat +++ b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat @@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_3072::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_3072::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/AES_XCBC_96,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/AES_XCBC_96,::YES moon:: ip xfrm state::auth-trunc xcbc(aes)::YES diff --git a/testing/tests/ikev2/alg-aes-xcbc/pretest.dat b/testing/tests/ikev2/alg-aes-xcbc/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/pretest.dat +++ b/testing/tests/ikev2/alg-aes-xcbc/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/alg-blowfish/evaltest.dat b/testing/tests/ikev2/alg-blowfish/evaltest.dat index f76522c5c..106087b12 100644 --- a/testing/tests/ikev2/alg-blowfish/evaltest.dat +++ b/testing/tests/ikev2/alg-blowfish/evaltest.dat @@ -4,8 +4,8 @@ moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*caro moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_256_128,::YES dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA1_96,::YES carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES diff --git a/testing/tests/ikev2/alg-blowfish/pretest.dat b/testing/tests/ikev2/alg-blowfish/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/ikev2/alg-blowfish/pretest.dat +++ b/testing/tests/ikev2/alg-blowfish/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/alg-chacha20poly1305/evaltest.dat b/testing/tests/ikev2/alg-chacha20poly1305/evaltest.dat index 893e94da8..ab54ce153 100644 --- a/testing/tests/ikev2/alg-chacha20poly1305/evaltest.dat +++ b/testing/tests/ikev2/alg-chacha20poly1305/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::IKE proposal: CHACHA20_POLY1305_256::YES carol::ipsec statusall 2> /dev/null::IKE proposal: CHACHA20_POLY1305_256::YES moon:: ipsec statusall 2> /dev/null::CHACHA20_POLY1305_256,::YES diff --git a/testing/tests/ikev2/alg-chacha20poly1305/pretest.dat b/testing/tests/ikev2/alg-chacha20poly1305/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev2/alg-chacha20poly1305/pretest.dat +++ b/testing/tests/ikev2/alg-chacha20poly1305/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat b/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat index 5e4ab98b3..8bcba9a3a 100644 --- a/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat +++ b/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat @@ -10,8 +10,8 @@ carol::cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_1024_160::YES dave:: cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_2048_256::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/alg-modp-subgroup/pretest.dat b/testing/tests/ikev2/alg-modp-subgroup/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/ikev2/alg-modp-subgroup/pretest.dat +++ b/testing/tests/ikev2/alg-modp-subgroup/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/alg-sha256-96/evaltest.dat b/testing/tests/ikev2/alg-sha256-96/evaltest.dat index 8ad0fb2b2..c5ea03f4c 100644 --- a/testing/tests/ikev2/alg-sha256-96/evaltest.dat +++ b/testing/tests/ikev2/alg-sha256-96/evaltest.dat @@ -6,7 +6,7 @@ moon:: cat /var/log/daemon.log::received strongSwan vendor ID::YES carol::cat /var/log/daemon.log::received strongSwan vendor ID::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_96,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_96,::YES moon:: ip xfrm state::auth-trunc hmac(sha256)::YES diff --git a/testing/tests/ikev2/alg-sha256-96/pretest.dat b/testing/tests/ikev2/alg-sha256-96/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev2/alg-sha256-96/pretest.dat +++ b/testing/tests/ikev2/alg-sha256-96/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/alg-sha256/evaltest.dat b/testing/tests/ikev2/alg-sha256/evaltest.dat index c826c3f60..8bfcbc428 100644 --- a/testing/tests/ikev2/alg-sha256/evaltest.dat +++ b/testing/tests/ikev2/alg-sha256/evaltest.dat @@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128,::YES moon:: ip xfrm state::auth-trunc hmac(sha256)::YES diff --git a/testing/tests/ikev2/alg-sha256/pretest.dat b/testing/tests/ikev2/alg-sha256/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev2/alg-sha256/pretest.dat +++ b/testing/tests/ikev2/alg-sha256/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/alg-sha384/evaltest.dat b/testing/tests/ikev2/alg-sha384/evaltest.dat index 3b24217c5..1148a182e 100644 --- a/testing/tests/ikev2/alg-sha384/evaltest.dat +++ b/testing/tests/ikev2/alg-sha384/evaltest.dat @@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES moon:: ip xfrm state::auth-trunc hmac(sha384)::YES diff --git a/testing/tests/ikev2/alg-sha384/pretest.dat b/testing/tests/ikev2/alg-sha384/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev2/alg-sha384/pretest.dat +++ b/testing/tests/ikev2/alg-sha384/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/alg-sha512/evaltest.dat b/testing/tests/ikev2/alg-sha512/evaltest.dat index 6bdceeb44..0b2a71ada 100644 --- a/testing/tests/ikev2/alg-sha512/evaltest.dat +++ b/testing/tests/ikev2/alg-sha512/evaltest.dat @@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES moon:: ip xfrm state::auth-trunc hmac(sha512)::YES diff --git a/testing/tests/ikev2/alg-sha512/pretest.dat b/testing/tests/ikev2/alg-sha512/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev2/alg-sha512/pretest.dat +++ b/testing/tests/ikev2/alg-sha512/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/any-interface/pretest.dat b/testing/tests/ikev2/any-interface/pretest.dat index 2f27224d2..2fb313aba 100644 --- a/testing/tests/ikev2/any-interface/pretest.dat +++ b/testing/tests/ikev2/any-interface/pretest.dat @@ -4,6 +4,8 @@ alice::ipsec start moon::ipsec start sun::ipsec start bob::ipsec start +alice::expect-connection remote +sun::expect-connection remote moon::expect-connection alice moon::ping -n -c 3 -W 1 -i 0.2 -s 8184 -p deadbeef PH_IP_ALICE moon::ping -n -c 3 -W 1 -i 0.2 -s 8184 -p deadbeef PH_IP_SUN diff --git a/testing/tests/ikev2/compress-nat/evaltest.dat b/testing/tests/ikev2/compress-nat/evaltest.dat index 2c5db890a..63bfe19ba 100644 --- a/testing/tests/ikev2/compress-nat/evaltest.dat +++ b/testing/tests/ikev2/compress-nat/evaltest.dat @@ -10,12 +10,12 @@ carol::cat /var/log/daemon.log::IKE_AUTH response.*N(IPCOMP_SUP)::YES alice::ip xfrm state::proto comp spi::YES bob:: ip xfrm state::proto comp spi::YES carol::ip xfrm state::proto comp spi::YES -alice::ping -c 1 -s 8184 -p deadbeef PH_IP_CAROL::8192 bytes from PH_IP_CAROL: icmp_req=1::YES -alice::ping -c 1 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_req=1::YES -alice::ping -c 1 -s 8184 -p deadbeef PH_IP_BOB::8192 bytes from PH_IP_BOB: icmp_req=1::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -bob:: ping -c 1 -s 8184 -p deadbeef PH_IP_ALICE::8192 bytes from PH_IP_ALICE: icmp_req=1::YES -bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +alice::ping -c 1 -s 8184 -p deadbeef PH_IP_CAROL::8192 bytes from PH_IP_CAROL: icmp_.eq=1::YES +alice::ping -c 1 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_.eq=1::YES +alice::ping -c 1 -s 8184 -p deadbeef PH_IP_BOB::8192 bytes from PH_IP_BOB: icmp_.eq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +bob:: ping -c 1 -s 8184 -p deadbeef PH_IP_ALICE::8192 bytes from PH_IP_ALICE: icmp_.eq=1::YES +bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP moon.strongswan.org.* > carol.strongswan.org.*: UDP::YES moon::tcpdump::IP carol.strongswan.org.* > moon.strongswan.org.*: UDP::YES sun::tcpdump::IP sun.strongswan.org.* > carol.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/compress/pretest.dat b/testing/tests/ikev2/compress/pretest.dat index 1fd37b6a8..5536d2803 100644 --- a/testing/tests/ikev2/compress/pretest.dat +++ b/testing/tests/ikev2/compress/pretest.dat @@ -2,5 +2,6 @@ carol::iptables-restore < /etc/iptables.rules moon::iptables-restore < /etc/iptables.rules carol::ipsec start moon::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/config-payload-swapped/evaltest.dat b/testing/tests/ikev2/config-payload-swapped/evaltest.dat index b6a1c96a6..b257017d6 100644 --- a/testing/tests/ikev2/config-payload-swapped/evaltest.dat +++ b/testing/tests/ikev2/config-payload-swapped/evaltest.dat @@ -3,13 +3,13 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev2/config-payload-swapped/pretest.dat b/testing/tests/ikev2/config-payload-swapped/pretest.dat index 2d09e88ce..bdbe341dd 100644 --- a/testing/tests/ikev2/config-payload-swapped/pretest.dat +++ b/testing/tests/ikev2/config-payload-swapped/pretest.dat @@ -1,9 +1,10 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection rw-carol carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/config-payload/evaltest.dat b/testing/tests/ikev2/config-payload/evaltest.dat index b46dfddf6..9471f8846 100644 --- a/testing/tests/ikev2/config-payload/evaltest.dat +++ b/testing/tests/ikev2/config-payload/evaltest.dat @@ -3,15 +3,15 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES -carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES -carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*by strongSwan::YES +carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*by strongSwan::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev2/config-payload/pretest.dat b/testing/tests/ikev2/config-payload/pretest.dat index 2d09e88ce..bdbe341dd 100644 --- a/testing/tests/ikev2/config-payload/pretest.dat +++ b/testing/tests/ikev2/config-payload/pretest.dat @@ -1,9 +1,10 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection rw-carol carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/critical-extension/pretest.dat b/testing/tests/ikev2/critical-extension/pretest.dat index 1732d6efa..08ca6b54c 100644 --- a/testing/tests/ikev2/critical-extension/pretest.dat +++ b/testing/tests/ikev2/critical-extension/pretest.dat @@ -3,4 +3,5 @@ sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start moon::expect-connection net-net +sun::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/crl-from-cache/pretest.dat b/testing/tests/ikev2/crl-from-cache/pretest.dat index d4141a30c..c073160fe 100644 --- a/testing/tests/ikev2/crl-from-cache/pretest.dat +++ b/testing/tests/ikev2/crl-from-cache/pretest.dat @@ -4,5 +4,6 @@ carol::wget -q http://crl.strongswan.org/strongswan.crl carol::mv strongswan.crl /etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/crl-ldap/pretest.dat b/testing/tests/ikev2/crl-ldap/pretest.dat index 4eed5e073..6cb50d7e0 100644 --- a/testing/tests/ikev2/crl-ldap/pretest.dat +++ b/testing/tests/ikev2/crl-ldap/pretest.dat @@ -3,5 +3,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/crl-revoked/pretest.dat b/testing/tests/ikev2/crl-revoked/pretest.dat index 3a1982f8a..d7f7959f1 100644 --- a/testing/tests/ikev2/crl-revoked/pretest.dat +++ b/testing/tests/ikev2/crl-revoked/pretest.dat @@ -1,4 +1,5 @@ moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/crl-to-cache/pretest.dat b/testing/tests/ikev2/crl-to-cache/pretest.dat index 3a1982f8a..d7f7959f1 100644 --- a/testing/tests/ikev2/crl-to-cache/pretest.dat +++ b/testing/tests/ikev2/crl-to-cache/pretest.dat @@ -1,4 +1,5 @@ moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/default-keys/evaltest.dat b/testing/tests/ikev2/default-keys/evaltest.dat index 4df2d1e11..43d85d06f 100644 --- a/testing/tests/ikev2/default-keys/evaltest.dat +++ b/testing/tests/ikev2/default-keys/evaltest.dat @@ -4,6 +4,6 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*CN=carol.*CN=moon::YES moon:: ipsec status 2> /dev/null::carol.*ESTABLISHED.*CN=moon.*CN=carol::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::carol.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/default-keys/pretest.dat b/testing/tests/ikev2/default-keys/pretest.dat index 9e291d291..8ae506253 100644 --- a/testing/tests/ikev2/default-keys/pretest.dat +++ b/testing/tests/ikev2/default-keys/pretest.dat @@ -15,5 +15,6 @@ moon::scp /etc/ipsec.d/certs/selfCert.der carol:/etc/ipsec.d/certs/peerCert.der moon::scp carol:/etc/ipsec.d/certs/selfCert.der /etc/ipsec.d/certs/peerCert.der moon::ipsec reload carol::ipsec reload +moon::expect-connection carol carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/dhcp-dynamic/evaltest.dat b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat index 9e536870e..0c4914f14 100644 --- a/testing/tests/ikev2/dhcp-dynamic/evaltest.dat +++ b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat @@ -1,11 +1,11 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_req=1::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_.eq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.50/32::YES diff --git a/testing/tests/ikev2/dhcp-dynamic/posttest.dat b/testing/tests/ikev2/dhcp-dynamic/posttest.dat index f783127bf..d4a05b28b 100644 --- a/testing/tests/ikev2/dhcp-dynamic/posttest.dat +++ b/testing/tests/ikev2/dhcp-dynamic/posttest.dat @@ -2,7 +2,7 @@ moon::ipsec stop carol::ipsec stop dave::ipsec stop venus::cat /var/state/dhcp/dhcpd.leases -venus::/etc/init.d/isc-dhcp-server stop 2> /dev/null +venus::service isc-dhcp-server stop 2> /dev/null moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/ikev2/dhcp-dynamic/pretest.dat b/testing/tests/ikev2/dhcp-dynamic/pretest.dat index 3b22f29f2..ff3c04b81 100644 --- a/testing/tests/ikev2/dhcp-dynamic/pretest.dat +++ b/testing/tests/ikev2/dhcp-dynamic/pretest.dat @@ -2,10 +2,11 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules venus::cat /etc/dhcp/dhcpd.conf -venus::/etc/init.d/isc-dhcp-server start 2> /dev/null +venus::service isc-dhcp-server start 2> /dev/null +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat index c95b69a11..4492bb29f 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat +++ b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat @@ -1,11 +1,11 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_req=1::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_.eq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.30/32::YES diff --git a/testing/tests/ikev2/dhcp-static-client-id/posttest.dat b/testing/tests/ikev2/dhcp-static-client-id/posttest.dat index 7fff9981b..669f52e73 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/posttest.dat +++ b/testing/tests/ikev2/dhcp-static-client-id/posttest.dat @@ -1,7 +1,7 @@ moon::ipsec stop carol::ipsec stop dave::ipsec stop -venus::/etc/init.d/isc-dhcp-server stop 2> /dev/null +venus::service isc-dhcp-server stop 2> /dev/null moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/ikev2/dhcp-static-client-id/pretest.dat b/testing/tests/ikev2/dhcp-static-client-id/pretest.dat index 8eafe1a9e..ff3c04b81 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/pretest.dat +++ b/testing/tests/ikev2/dhcp-static-client-id/pretest.dat @@ -2,11 +2,12 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules venus::cat /etc/dhcp/dhcpd.conf -venus::/etc/init.d/isc-dhcp-server start 2> /dev/null +venus::service isc-dhcp-server start 2> /dev/null +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home -carol::expect-connection home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev2/dhcp-static-mac/evaltest.dat b/testing/tests/ikev2/dhcp-static-mac/evaltest.dat index c95b69a11..4492bb29f 100644 --- a/testing/tests/ikev2/dhcp-static-mac/evaltest.dat +++ b/testing/tests/ikev2/dhcp-static-mac/evaltest.dat @@ -1,11 +1,11 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_req=1::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_.eq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.30/32::YES diff --git a/testing/tests/ikev2/dhcp-static-mac/posttest.dat b/testing/tests/ikev2/dhcp-static-mac/posttest.dat index 7fff9981b..669f52e73 100644 --- a/testing/tests/ikev2/dhcp-static-mac/posttest.dat +++ b/testing/tests/ikev2/dhcp-static-mac/posttest.dat @@ -1,7 +1,7 @@ moon::ipsec stop carol::ipsec stop dave::ipsec stop -venus::/etc/init.d/isc-dhcp-server stop 2> /dev/null +venus::service isc-dhcp-server stop 2> /dev/null moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/ikev2/dhcp-static-mac/pretest.dat b/testing/tests/ikev2/dhcp-static-mac/pretest.dat index 3b22f29f2..ff3c04b81 100644 --- a/testing/tests/ikev2/dhcp-static-mac/pretest.dat +++ b/testing/tests/ikev2/dhcp-static-mac/pretest.dat @@ -2,10 +2,11 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules venus::cat /etc/dhcp/dhcpd.conf -venus::/etc/init.d/isc-dhcp-server start 2> /dev/null +venus::service isc-dhcp-server start 2> /dev/null +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/double-nat-net/evaltest.dat b/testing/tests/ikev2/double-nat-net/evaltest.dat index 8f5ffdb50..af29ce7b9 100644 --- a/testing/tests/ikev2/double-nat-net/evaltest.dat +++ b/testing/tests/ikev2/double-nat-net/evaltest.dat @@ -2,6 +2,6 @@ alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@ bob:: ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES bob:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES -alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_req=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES -moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES +alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_.eq=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP::YES +moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/double-nat-net/pretest.dat b/testing/tests/ikev2/double-nat-net/pretest.dat index d300a276f..e58c23480 100644 --- a/testing/tests/ikev2/double-nat-net/pretest.dat +++ b/testing/tests/ikev2/double-nat-net/pretest.dat @@ -7,5 +7,6 @@ sun::iptables -t nat -A PREROUTING -i eth0 -s PH_IP_MOON -p udp -j DNAT --to-des sun::ip route add 10.1.0.0/16 via PH_IP_BOB alice::ipsec start bob::ipsec start +bob::expect-connection nat-t alice::expect-connection nat-t alice::ipsec up nat-t diff --git a/testing/tests/ikev2/double-nat/evaltest.dat b/testing/tests/ikev2/double-nat/evaltest.dat index 5f0622690..903226706 100644 --- a/testing/tests/ikev2/double-nat/evaltest.dat +++ b/testing/tests/ikev2/double-nat/evaltest.dat @@ -2,6 +2,6 @@ alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@ bob:: ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES bob:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES -moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP::YES +moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/double-nat/pretest.dat b/testing/tests/ikev2/double-nat/pretest.dat index 6a861d29f..6f74000b5 100644 --- a/testing/tests/ikev2/double-nat/pretest.dat +++ b/testing/tests/ikev2/double-nat/pretest.dat @@ -6,5 +6,6 @@ sun::iptables -t nat -A POSTROUTING -o eth0 -s 10.2.0.0/16 -p tcp -j SNAT --to-s sun::iptables -t nat -A PREROUTING -i eth0 -s PH_IP_MOON -p udp -j DNAT --to-destination PH_IP_BOB alice::ipsec start bob::ipsec start +bob::expect-connection nat-t alice::expect-connection nat-t alice::ipsec up nat-t diff --git a/testing/tests/ikev2/dpd-clear/pretest.dat b/testing/tests/ikev2/dpd-clear/pretest.dat index 3a1982f8a..d7f7959f1 100644 --- a/testing/tests/ikev2/dpd-clear/pretest.dat +++ b/testing/tests/ikev2/dpd-clear/pretest.dat @@ -1,4 +1,5 @@ moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/dpd-hold/pretest.dat b/testing/tests/ikev2/dpd-hold/pretest.dat index 3a1982f8a..d7f7959f1 100644 --- a/testing/tests/ikev2/dpd-hold/pretest.dat +++ b/testing/tests/ikev2/dpd-hold/pretest.dat @@ -1,4 +1,5 @@ moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/dpd-restart/pretest.dat b/testing/tests/ikev2/dpd-restart/pretest.dat index 3a1982f8a..d7f7959f1 100644 --- a/testing/tests/ikev2/dpd-restart/pretest.dat +++ b/testing/tests/ikev2/dpd-restart/pretest.dat @@ -1,4 +1,5 @@ moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/dynamic-initiator/evaltest.dat b/testing/tests/ikev2/dynamic-initiator/evaltest.dat index 3db70be71..43ccdda74 100644 --- a/testing/tests/ikev2/dynamic-initiator/evaltest.dat +++ b/testing/tests/ikev2/dynamic-initiator/evaltest.dat @@ -5,6 +5,6 @@ dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES moon:: cat /var/log/auth.log::IKE_SA carol\[1] established.*PH_IP_CAROL::YES moon:: cat /var/log/daemon.log::destroying duplicate IKE_SA for.*carol@strongswan.org.*received INITIAL_CONTACT::YES moon:: cat /var/log/auth.log::IKE_SA carol\[2] established.*PH_IP_DAVE::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES diff --git a/testing/tests/ikev2/dynamic-initiator/pretest.dat b/testing/tests/ikev2/dynamic-initiator/pretest.dat index f354efe51..18cbc4505 100644 --- a/testing/tests/ikev2/dynamic-initiator/pretest.dat +++ b/testing/tests/ikev2/dynamic-initiator/pretest.dat @@ -1,9 +1,10 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection carol carol::expect-connection moon carol::ipsec up moon carol::iptables -D INPUT -i eth0 -p udp --dport 500 --sport 500 -j ACCEPT diff --git a/testing/tests/ikev2/dynamic-two-peers/evaltest.dat b/testing/tests/ikev2/dynamic-two-peers/evaltest.dat index 82d2e7318..66660545e 100644 --- a/testing/tests/ikev2/dynamic-two-peers/evaltest.dat +++ b/testing/tests/ikev2/dynamic-two-peers/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::carol.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::dave.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES diff --git a/testing/tests/ikev2/dynamic-two-peers/pretest.dat b/testing/tests/ikev2/dynamic-two-peers/pretest.dat index ee0b156dd..843715379 100644 --- a/testing/tests/ikev2/dynamic-two-peers/pretest.dat +++ b/testing/tests/ikev2/dynamic-two-peers/pretest.dat @@ -3,9 +3,10 @@ moon::mv /etc/hosts.stale /etc/hosts moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection carol carol::expect-connection moon carol::ipsec up moon dave::expect-connection moon diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat b/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat index d5d3bc0d3..293b5ab37 100644 --- a/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES carol::ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES carol::ip xfrm state::aead rfc4543(gcm(aes))::YES diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat b/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat +++ b/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat b/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat index 366539936..4e457f138 100644 --- a/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::3DES_CBC/HMAC_MD5_128::YES carol::ipsec statusall 2> /dev/null::3DES_CBC/HMAC_MD5_128::YES moon:: ip xfrm state::auth-trunc hmac(md5)::YES diff --git a/testing/tests/ikev2/esp-alg-md5-128/pretest.dat b/testing/tests/ikev2/esp-alg-md5-128/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev2/esp-alg-md5-128/pretest.dat +++ b/testing/tests/ikev2/esp-alg-md5-128/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/esp-alg-null/evaltest.dat b/testing/tests/ikev2/esp-alg-null/evaltest.dat index 1b9c6c27e..d9888a15d 100644 --- a/testing/tests/ikev2/esp-alg-null/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-null/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES moon:: ip xfrm state::enc ecb(cipher_null)::YES diff --git a/testing/tests/ikev2/esp-alg-null/pretest.dat b/testing/tests/ikev2/esp-alg-null/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev2/esp-alg-null/pretest.dat +++ b/testing/tests/ikev2/esp-alg-null/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat b/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat index 00c353686..20a9cf95f 100644 --- a/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_160::YES carol::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_160::YES moon:: ip xfrm state::auth-trunc hmac(sha1)::YES diff --git a/testing/tests/ikev2/esp-alg-sha1-160/pretest.dat b/testing/tests/ikev2/esp-alg-sha1-160/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev2/esp-alg-sha1-160/pretest.dat +++ b/testing/tests/ikev2/esp-alg-sha1-160/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/farp/evaltest.dat b/testing/tests/ikev2/farp/evaltest.dat index 891ec20d5..bffd142a3 100644 --- a/testing/tests/ikev2/farp/evaltest.dat +++ b/testing/tests/ikev2/farp/evaltest.dat @@ -1,11 +1,11 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_req=1::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_.eq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev2/farp/pretest.dat b/testing/tests/ikev2/farp/pretest.dat index 1a982288d..9a3ab8b72 100644 --- a/testing/tests/ikev2/farp/pretest.dat +++ b/testing/tests/ikev2/farp/pretest.dat @@ -3,9 +3,10 @@ carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules alice::arp -d 10.1.0.30 alice::arp -d 10.1.0.40 +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection rw-carol carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/force-udp-encaps/evaltest.dat b/testing/tests/ikev2/force-udp-encaps/evaltest.dat index 36af646d2..f34225e3a 100644 --- a/testing/tests/ikev2/force-udp-encaps/evaltest.dat +++ b/testing/tests/ikev2/force-udp-encaps/evaltest.dat @@ -3,6 +3,6 @@ sun:: ipsec status 2> /dev/null::nat.t.*ESTABLISHED.*sun.strongswan.org.*alice@ alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES alice::cat /var/log/daemon.log::faking NAT situation to enforce UDP encapsulation::YES -alice:: ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -moon::tcpdump::IP alice.strongswan.org.* > sun.strongswan.org.4500: UDP::YES -moon::tcpdump::IP sun.strongswan.org.4500 > alice.strongswan.org.*: UDP::YES +alice:: ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +moon::tcpdump::IP alice.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP::YES +moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > alice.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/force-udp-encaps/pretest.dat b/testing/tests/ikev2/force-udp-encaps/pretest.dat index 87a7764cf..65b934f24 100644 --- a/testing/tests/ikev2/force-udp-encaps/pretest.dat +++ b/testing/tests/ikev2/force-udp-encaps/pretest.dat @@ -4,5 +4,6 @@ sun::ip route add 10.1.0.0/16 via PH_IP_MOON winnetou::ip route add 10.1.0.0/16 via PH_IP_MOON alice::ipsec start sun::ipsec start +sun::expect-connection nat-t alice::expect-connection nat-t alice::ipsec up nat-t diff --git a/testing/tests/ikev2/forecast/pretest.dat b/testing/tests/ikev2/forecast/pretest.dat index 68a0c2cda..9065f8390 100644 --- a/testing/tests/ikev2/forecast/pretest.dat +++ b/testing/tests/ikev2/forecast/pretest.dat @@ -1,6 +1,7 @@ +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/host2host-ah/evaltest.dat b/testing/tests/ikev2/host2host-ah/evaltest.dat index 92695477a..1e50ef458 100644 --- a/testing/tests/ikev2/host2host-ah/evaltest.dat +++ b/testing/tests/ikev2/host2host-ah/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES -moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: AH::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: AH::YES diff --git a/testing/tests/ikev2/host2host-ah/pretest.dat b/testing/tests/ikev2/host2host-ah/pretest.dat index 997a48167..36a842321 100644 --- a/testing/tests/ikev2/host2host-ah/pretest.dat +++ b/testing/tests/ikev2/host2host-ah/pretest.dat @@ -1,6 +1,7 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection host-host moon::expect-connection host-host moon::ipsec up host-host diff --git a/testing/tests/ikev2/host2host-cert/evaltest.dat b/testing/tests/ikev2/host2host-cert/evaltest.dat index 3305f4558..e0c40ba4d 100644 --- a/testing/tests/ikev2/host2host-cert/evaltest.dat +++ b/testing/tests/ikev2/host2host-cert/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES -moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/host2host-cert/pretest.dat b/testing/tests/ikev2/host2host-cert/pretest.dat index 997a48167..36a842321 100644 --- a/testing/tests/ikev2/host2host-cert/pretest.dat +++ b/testing/tests/ikev2/host2host-cert/pretest.dat @@ -1,6 +1,7 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection host-host moon::expect-connection host-host moon::ipsec up host-host diff --git a/testing/tests/ikev2/host2host-swapped/evaltest.dat b/testing/tests/ikev2/host2host-swapped/evaltest.dat index 3305f4558..e0c40ba4d 100644 --- a/testing/tests/ikev2/host2host-swapped/evaltest.dat +++ b/testing/tests/ikev2/host2host-swapped/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES -moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/host2host-swapped/pretest.dat b/testing/tests/ikev2/host2host-swapped/pretest.dat index 997a48167..36a842321 100644 --- a/testing/tests/ikev2/host2host-swapped/pretest.dat +++ b/testing/tests/ikev2/host2host-swapped/pretest.dat @@ -1,6 +1,7 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection host-host moon::expect-connection host-host moon::ipsec up host-host diff --git a/testing/tests/ikev2/host2host-transport-connmark/evaltest.dat b/testing/tests/ikev2/host2host-transport-connmark/evaltest.dat index 04a35c10c..867ad96d2 100644 --- a/testing/tests/ikev2/host2host-transport-connmark/evaltest.dat +++ b/testing/tests/ikev2/host2host-transport-connmark/evaltest.dat @@ -5,3 +5,4 @@ venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TRANSPORT, reqid 1::YES alice::ssh 192.168.0.2 'echo alice-echo && exit'::alice-echo::YES venus::ssh 192.168.0.2 'echo venus-echo && exit'::venus-echo::YES sun::iptables -t mangle -L -n -v +sun::conntrack -L diff --git a/testing/tests/ikev2/host2host-transport-connmark/pretest.dat b/testing/tests/ikev2/host2host-transport-connmark/pretest.dat index ab6408427..2c40b3801 100644 --- a/testing/tests/ikev2/host2host-transport-connmark/pretest.dat +++ b/testing/tests/ikev2/host2host-transport-connmark/pretest.dat @@ -2,10 +2,11 @@ moon::iptables-restore < /etc/iptables.rules moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -j MASQUERADE moon::iptables -A FORWARD -i eth1 -o eth0 -s 10.1.0.0/16 -j ACCEPT moon::iptables -A FORWARD -i eth0 -o eth1 -d 10.1.0.0/16 -j ACCEPT +sun::ipsec start alice::ipsec start venus::ipsec start -sun::ipsec start +sun::expect-connection nat-t alice::expect-connection nat-t -venus::expect-connection nat-t alice::ipsec up nat-t +venus::expect-connection nat-t venus::ipsec up nat-t diff --git a/testing/tests/ikev2/host2host-transport-nat/evaltest.dat b/testing/tests/ikev2/host2host-transport-nat/evaltest.dat index 0ec50bc92..4d0a63d80 100644 --- a/testing/tests/ikev2/host2host-transport-nat/evaltest.dat +++ b/testing/tests/ikev2/host2host-transport-nat/evaltest.dat @@ -3,7 +3,7 @@ sun:: ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*sun.strongswan.org.*alice@s alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TRANSPORT, reqid 1::YES venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TRANSPORT, reqid 1::YES sun:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TRANSPORT, reqid 1::YES -alice::ping -c 1 -W 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::NO -venus::ping -c 1 -W 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES +alice::ping -c 1 -W 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::NO +venus::ping -c 1 -W 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.*: UDP::YES sun::tcpdump::IP sun.strongswan.org.* > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/host2host-transport-nat/pretest.dat b/testing/tests/ikev2/host2host-transport-nat/pretest.dat index 2d2607078..f7054cda0 100644 --- a/testing/tests/ikev2/host2host-transport-nat/pretest.dat +++ b/testing/tests/ikev2/host2host-transport-nat/pretest.dat @@ -4,10 +4,11 @@ sun::iptables-restore < /etc/iptables.rules moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -j MASQUERADE moon::iptables -A FORWARD -i eth1 -o eth0 -s 10.1.0.0/16 -j ACCEPT moon::iptables -A FORWARD -i eth0 -o eth1 -d 10.1.0.0/16 -j ACCEPT +sun::ipsec start alice::ipsec start venus::ipsec start -sun::ipsec start +sun::expect-connection nat-t alice::expect-connection nat-t -venus::expect-connection nat-t alice::ipsec up nat-t +venus::expect-connection nat-t venus::ipsec up nat-t diff --git a/testing/tests/ikev2/host2host-transport/evaltest.dat b/testing/tests/ikev2/host2host-transport/evaltest.dat index fc49e57d8..98251d12a 100644 --- a/testing/tests/ikev2/host2host-transport/evaltest.dat +++ b/testing/tests/ikev2/host2host-transport/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES -moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/host2host-transport/pretest.dat b/testing/tests/ikev2/host2host-transport/pretest.dat index 997a48167..36a842321 100644 --- a/testing/tests/ikev2/host2host-transport/pretest.dat +++ b/testing/tests/ikev2/host2host-transport/pretest.dat @@ -1,6 +1,7 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection host-host moon::expect-connection host-host moon::ipsec up host-host diff --git a/testing/tests/ikev2/inactivity-timeout/evaltest.dat b/testing/tests/ikev2/inactivity-timeout/evaltest.dat index 76b45c280..102a147b3 100644 --- a/testing/tests/ikev2/inactivity-timeout/evaltest.dat +++ b/testing/tests/ikev2/inactivity-timeout/evaltest.dat @@ -1,8 +1,8 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::sleep 11::NO carol::cat /var/log/daemon.log::deleting CHILD_SA after 10 seconds of inactivity::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED::NO carol::ipsec status 2> /dev/null::home.*INSTALLED::NO -carol::ping -c 1 -W 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 -W 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/ikev2/inactivity-timeout/pretest.dat b/testing/tests/ikev2/inactivity-timeout/pretest.dat index ac7b8d978..8e4ceba92 100644 --- a/testing/tests/ikev2/inactivity-timeout/pretest.dat +++ b/testing/tests/ikev2/inactivity-timeout/pretest.dat @@ -1,5 +1,6 @@ carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/ip-pool-db/evaltest.dat b/testing/tests/ikev2/ip-pool-db/evaltest.dat index 42e353084..925e9a12f 100644 --- a/testing/tests/ikev2/ip-pool-db/evaltest.dat +++ b/testing/tests/ikev2/ip-pool-db/evaltest.dat @@ -6,7 +6,7 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES dave:: cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES @@ -15,7 +15,7 @@ dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES moon:: cat /var/log/daemon.log::assigning virtual IP::YES diff --git a/testing/tests/ikev2/ip-pool-db/pretest.dat b/testing/tests/ikev2/ip-pool-db/pretest.dat index 337ccb297..c42204592 100644 --- a/testing/tests/ikev2/ip-pool-db/pretest.dat +++ b/testing/tests/ikev2/ip-pool-db/pretest.dat @@ -10,6 +10,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/ip-pool-wish/evaltest.dat b/testing/tests/ikev2/ip-pool-wish/evaltest.dat index 44310cd16..2e8d1e628 100644 --- a/testing/tests/ikev2/ip-pool-wish/evaltest.dat +++ b/testing/tests/ikev2/ip-pool-wish/evaltest.dat @@ -3,13 +3,13 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org.::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: cat /var/log/daemon.log::adding virtual IP address pool::YES moon:: cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES moon:: cat /var/log/daemon.log::assigning virtual IP::YES diff --git a/testing/tests/ikev2/ip-pool-wish/pretest.dat b/testing/tests/ikev2/ip-pool-wish/pretest.dat index 2d09e88ce..e87a8ee47 100644 --- a/testing/tests/ikev2/ip-pool-wish/pretest.dat +++ b/testing/tests/ikev2/ip-pool-wish/pretest.dat @@ -1,9 +1,10 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/ip-pool/evaltest.dat b/testing/tests/ikev2/ip-pool/evaltest.dat index 8ea7960b5..7de59030c 100644 --- a/testing/tests/ikev2/ip-pool/evaltest.dat +++ b/testing/tests/ikev2/ip-pool/evaltest.dat @@ -3,13 +3,13 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: cat /var/log/daemon.log::adding virtual IP address pool::YES moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES moon:: cat /var/log/daemon.log::assigning virtual IP::YES diff --git a/testing/tests/ikev2/ip-pool/pretest.dat b/testing/tests/ikev2/ip-pool/pretest.dat index 2d09e88ce..e87a8ee47 100644 --- a/testing/tests/ikev2/ip-pool/pretest.dat +++ b/testing/tests/ikev2/ip-pool/pretest.dat @@ -1,9 +1,10 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/ip-split-pools-db/pretest.dat b/testing/tests/ikev2/ip-split-pools-db/pretest.dat index f74576382..5c6143dc7 100644 --- a/testing/tests/ikev2/ip-split-pools-db/pretest.dat +++ b/testing/tests/ikev2/ip-split-pools-db/pretest.dat @@ -3,9 +3,10 @@ moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db moon::ipsec pool --add pool0 --start 10.3.0.1 --end 10.3.0.1 --timeout 48 2> /dev/null moon::ipsec pool --add pool1 --start 10.3.1.1 --end 10.3.1.1 --timeout 48 2> /dev/null moon::ipsec pool --status 2> /dev/null +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/ip-two-pools-db/evaltest.dat b/testing/tests/ikev2/ip-two-pools-db/evaltest.dat index fdc3d4d3f..cf7ce20f9 100644 --- a/testing/tests/ikev2/ip-two-pools-db/evaltest.dat +++ b/testing/tests/ikev2/ip-two-pools-db/evaltest.dat @@ -28,10 +28,10 @@ carol::cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU to /etc/res dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU to /etc/resolv.conf::YES alice::cat /var/log/daemon.log::installing DNS server PH_IP_ALICE to /etc/resolv.conf::YES venus::cat /var/log/daemon.log::installing DNS server PH_IP_VENUS to /etc/resolv.conf::YES -alice::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_req=1::YES -dave:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_req=1::YES -alice::ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_req=1::YES -dave:: ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_req=1::YES +alice::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_.eq=1::YES +alice::ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_.eq=1::YES +dave:: ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_.eq=1::YES alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES dave::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/ip-two-pools-db/pretest.dat b/testing/tests/ikev2/ip-two-pools-db/pretest.dat index 2d8b28cd9..927de7d81 100644 --- a/testing/tests/ikev2/ip-two-pools-db/pretest.dat +++ b/testing/tests/ikev2/ip-two-pools-db/pretest.dat @@ -18,6 +18,8 @@ alice::ipsec start venus::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection int +moon::expect-connection ext carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat b/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat index 0d7a36452..f632207fa 100644 --- a/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat +++ b/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat @@ -13,8 +13,8 @@ moon:: ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.* moon:: ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES alice::cat /var/log/daemon.log::installing new virtual IP 10.4.0.1::YES -carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_req=1::YES -alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES +carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_.eq=1::YES +alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/ip-two-pools-mixed/pretest.dat b/testing/tests/ikev2/ip-two-pools-mixed/pretest.dat index 5b3274131..094dfd8df 100644 --- a/testing/tests/ikev2/ip-two-pools-mixed/pretest.dat +++ b/testing/tests/ikev2/ip-two-pools-mixed/pretest.dat @@ -7,6 +7,8 @@ alice::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start alice::ipsec start +moon::expect-connection int +moon::expect-connection ext carol::expect-connection home carol::ipsec up home alice::expect-connection home diff --git a/testing/tests/ikev2/ip-two-pools-v4v6-db/evaltest.dat b/testing/tests/ikev2/ip-two-pools-v4v6-db/evaltest.dat index 0bf3500b5..7e343efa5 100644 --- a/testing/tests/ikev2/ip-two-pools-v4v6-db/evaltest.dat +++ b/testing/tests/ikev2/ip-two-pools-v4v6-db/evaltest.dat @@ -5,5 +5,5 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES carol::cat /var/log/daemon.log::installing new virtual IP fec3:\:1::YES carol::cat /var/log/daemon.log::TS 10.3.0.1/32 fec3:\:1/128 === 10.1.0.0/16 fec1:\:/16::YES -carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_req=1::YES +carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_.eq=1::YES carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES diff --git a/testing/tests/ikev2/ip-two-pools-v4v6-db/pretest.dat b/testing/tests/ikev2/ip-two-pools-v4v6-db/pretest.dat index 60af3bce9..dcc47f54e 100644 --- a/testing/tests/ikev2/ip-two-pools-v4v6-db/pretest.dat +++ b/testing/tests/ikev2/ip-two-pools-v4v6-db/pretest.dat @@ -5,5 +5,6 @@ moon::ipsec pool --add v6_pool --start fec3:\:1 --end fec3:\:fe --timeout 48 2> alice::ip -6 route add default via fec1:\:1 moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/evaltest.dat b/testing/tests/ikev2/ip-two-pools-v4v6/evaltest.dat index 0bf3500b5..7e343efa5 100644 --- a/testing/tests/ikev2/ip-two-pools-v4v6/evaltest.dat +++ b/testing/tests/ikev2/ip-two-pools-v4v6/evaltest.dat @@ -5,5 +5,5 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES carol::cat /var/log/daemon.log::installing new virtual IP fec3:\:1::YES carol::cat /var/log/daemon.log::TS 10.3.0.1/32 fec3:\:1/128 === 10.1.0.0/16 fec1:\:/16::YES -carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_req=1::YES +carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_.eq=1::YES carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat b/testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat index 7eb81b60c..9ceefe717 100644 --- a/testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat +++ b/testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat @@ -1,5 +1,6 @@ alice::ip -6 route add default via fec1:\:1 moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/ip-two-pools/evaltest.dat b/testing/tests/ikev2/ip-two-pools/evaltest.dat index fad3781d7..b620538d5 100644 --- a/testing/tests/ikev2/ip-two-pools/evaltest.dat +++ b/testing/tests/ikev2/ip-two-pools/evaltest.dat @@ -14,8 +14,8 @@ moon:: ipsec leases 10.3.0.0/28 PH_IP_CAROL1 2> /dev/null::carol@strongswan.org: moon:: ipsec leases 10.4.0.0/28 10.4.0.1 2> /dev/null::alice@strongswan.org::YES carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES alice::cat /var/log/daemon.log::installing new virtual IP 10.4.0.1::YES -carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_req=1::YES -alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES +carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_.eq=1::YES +alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/ip-two-pools/pretest.dat b/testing/tests/ikev2/ip-two-pools/pretest.dat index 3aa610b38..8fb8dfb24 100644 --- a/testing/tests/ikev2/ip-two-pools/pretest.dat +++ b/testing/tests/ikev2/ip-two-pools/pretest.dat @@ -4,6 +4,8 @@ alice::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start alice::ipsec start +moon::expect-connection int +moon::expect-connection ext carol::expect-connection home carol::ipsec up home alice::expect-connection home diff --git a/testing/tests/ikev2/lookip/evaltest.dat b/testing/tests/ikev2/lookip/evaltest.dat index 68466172c..0c4b2c754 100644 --- a/testing/tests/ikev2/lookip/evaltest.dat +++ b/testing/tests/ikev2/lookip/evaltest.dat @@ -1,11 +1,11 @@ carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec lookip --lookup PH_IP_CAROL1 2> /dev/null::192.168.0.100.*rw\[1].*carol@strongswan.org::YES moon:: ipsec lookip --lookup PH_IP_DAVE1 2> /dev/null::192.168.0.200.*rw\[2].*dave@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES diff --git a/testing/tests/ikev2/lookip/pretest.dat b/testing/tests/ikev2/lookip/pretest.dat index 2d09e88ce..618bf368f 100644 --- a/testing/tests/ikev2/lookip/pretest.dat +++ b/testing/tests/ikev2/lookip/pretest.dat @@ -1,9 +1,11 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules +moon::ipsec start carol::ipsec start dave::ipsec start moon::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/mobike-nat/evaltest.dat b/testing/tests/ikev2/mobike-nat/evaltest.dat index c71e3f7c1..2afe13eab 100644 --- a/testing/tests/ikev2/mobike-nat/evaltest.dat +++ b/testing/tests/ikev2/mobike-nat/evaltest.dat @@ -2,14 +2,14 @@ alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN:: sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES alice::ifdown eth1::No output expected::NO alice::sleep 1::No output expected::NO alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_MOON::YES alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES moon::tcpdump::moon.strongswan.org.*sun.strongswan.org.*: UDP-encap: ESP.*seq=0x2::YES diff --git a/testing/tests/ikev2/mobike-nat/pretest.dat b/testing/tests/ikev2/mobike-nat/pretest.dat index 68df1b533..ece8912b9 100644 --- a/testing/tests/ikev2/mobike-nat/pretest.dat +++ b/testing/tests/ikev2/mobike-nat/pretest.dat @@ -6,4 +6,5 @@ moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to- alice::ipsec start sun::ipsec start alice::expect-connection mobike +sun::expect-connection mobike alice::ipsec up mobike diff --git a/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat b/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat index 17593ef82..6bef4a514 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat +++ b/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat @@ -2,14 +2,14 @@ alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*192.168.0.50.*PH_IP_SUN:: sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*192.168.0.50::YES alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES alice::ifdown eth1::No output expected::NO alice::sleep 1::No output expected::NO alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES moon::tcpdump::alice.strongswan.org.*sun.strongswan.org.*: ESP.*seq=0x2::YES diff --git a/testing/tests/ikev2/mobike-virtual-ip/pretest.dat b/testing/tests/ikev2/mobike-virtual-ip/pretest.dat index 8197296ee..3e376d2c5 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/pretest.dat +++ b/testing/tests/ikev2/mobike-virtual-ip/pretest.dat @@ -5,4 +5,5 @@ sun::ip route add 10.1.0.0/16 via PH_IP_MOON alice::ipsec start sun::ipsec start alice::expect-connection mobike +sun::expect-connection mobike alice::ipsec up mobike diff --git a/testing/tests/ikev2/mobike/evaltest.dat b/testing/tests/ikev2/mobike/evaltest.dat index e3464040e..4c0d0dda4 100644 --- a/testing/tests/ikev2/mobike/evaltest.dat +++ b/testing/tests/ikev2/mobike/evaltest.dat @@ -2,14 +2,14 @@ alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*192.168.0.50.*PH_IP_SUN:: sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*192.168.0.50::YES alice::ipsec statusall 2> /dev/null::192.168.0.50/32 === 10.2.0.0/16::YES sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 192.168.0.50/32::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES alice::ifdown eth1::No output expected::NO alice::sleep 1::No output expected::NO alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES alice::ipsec statusall 2> /dev/null::PH_IP_ALICE/32 === 10.2.0.0/16::YES sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === PH_IP_ALICE/32::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES moon::tcpdump::alice.strongswan.org.*sun.strongswan.org: ESP.*seq=0x2::YES diff --git a/testing/tests/ikev2/mobike/pretest.dat b/testing/tests/ikev2/mobike/pretest.dat index 8197296ee..3e376d2c5 100644 --- a/testing/tests/ikev2/mobike/pretest.dat +++ b/testing/tests/ikev2/mobike/pretest.dat @@ -5,4 +5,5 @@ sun::ip route add 10.1.0.0/16 via PH_IP_MOON alice::ipsec start sun::ipsec start alice::expect-connection mobike +sun::expect-connection mobike alice::ipsec up mobike diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat index eb20c7f0b..db17d1e77 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat @@ -6,7 +6,7 @@ moon:: cat /var/log/daemon.log::received EAP identity .*228060123456001::YES moon:: cat /var/log/daemon.log::authentication of .*228060123456001@strongswan.org.* with EAP successful::YES moon:: ipsec status 2> /dev/null::rw-mult.*ESTABLISHED.*228060123456001@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*228060123456001@strongswan.org::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::cat /var/log/daemon.log::authentication of .*dave@strongswan.org.* with RSA.* successful::YES @@ -18,4 +18,4 @@ moon::cat /var/log/daemon.log::EAP method EAP_SIM failed for peer 22806012345600 moon::ipsec status 2> /dev/null::rw-mult.*ESTABLISHED.*228060123456002@strongswan.org::NO dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES dave::ipsec status 2> /dev/null::home.*ESTABLISHED::NO -dave::ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave::ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat index 07ffe10fa..9ffd27f1e 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat @@ -8,6 +8,7 @@ alice::radiusd moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw-mult carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/pretest.dat b/testing/tests/ikev2/multi-level-ca-cr-init/pretest.dat index bee9bc792..dc6991db5 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/pretest.dat +++ b/testing/tests/ikev2/multi-level-ca-cr-init/pretest.dat @@ -1,6 +1,8 @@ carol::ipsec start dave::ipsec start moon::ipsec start +carol::expect-connection alice +dave::expect-connection venus moon::expect-connection alice moon::expect-connection venus moon::ipsec up alice diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/pretest.dat b/testing/tests/ikev2/multi-level-ca-cr-resp/pretest.dat index be0051e0b..95ca1e5a3 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/pretest.dat +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/pretest.dat @@ -1,6 +1,8 @@ +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection alice +moon::expect-connection venus carol::expect-connection alice carol::ipsec up alice dave::expect-connection venus diff --git a/testing/tests/ikev2/multi-level-ca-ldap/pretest.dat b/testing/tests/ikev2/multi-level-ca-ldap/pretest.dat index d9ed52718..815d7be1b 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/pretest.dat +++ b/testing/tests/ikev2/multi-level-ca-ldap/pretest.dat @@ -3,6 +3,8 @@ moon::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection alice +moon::expect-connection venus carol::expect-connection alice carol::expect-connection venus carol::ipsec up alice diff --git a/testing/tests/ikev2/multi-level-ca-loop/pretest.dat b/testing/tests/ikev2/multi-level-ca-loop/pretest.dat index 3407743b3..b71c416fb 100644 --- a/testing/tests/ikev2/multi-level-ca-loop/pretest.dat +++ b/testing/tests/ikev2/multi-level-ca-loop/pretest.dat @@ -1,5 +1,6 @@ moon::rm /etc/ipsec.d/cacerts/strongswanCert.pem carol::ipsec start moon::ipsec start +moon::expect-connection alice carol::expect-connection alice carol::ipsec up alice diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/pretest.dat b/testing/tests/ikev2/multi-level-ca-pathlen/pretest.dat index 8230de058..a063a247a 100644 --- a/testing/tests/ikev2/multi-level-ca-pathlen/pretest.dat +++ b/testing/tests/ikev2/multi-level-ca-pathlen/pretest.dat @@ -1,4 +1,5 @@ carol::ipsec start moon::ipsec start +moon::expect-connection duck carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/multi-level-ca-revoked/pretest.dat b/testing/tests/ikev2/multi-level-ca-revoked/pretest.dat index 3a1982f8a..1d847c013 100644 --- a/testing/tests/ikev2/multi-level-ca-revoked/pretest.dat +++ b/testing/tests/ikev2/multi-level-ca-revoked/pretest.dat @@ -1,4 +1,5 @@ moon::ipsec start carol::ipsec start +moon::expect-connection alice carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/multi-level-ca-strict/pretest.dat b/testing/tests/ikev2/multi-level-ca-strict/pretest.dat index 2134d6bea..91ade7908 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/pretest.dat +++ b/testing/tests/ikev2/multi-level-ca-strict/pretest.dat @@ -1,6 +1,8 @@ +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection alice +moon::expect-connection venus carol::expect-connection alice carol::expect-connection venus carol::ipsec up alice diff --git a/testing/tests/ikev2/multi-level-ca/pretest.dat b/testing/tests/ikev2/multi-level-ca/pretest.dat index 2134d6bea..91ade7908 100644 --- a/testing/tests/ikev2/multi-level-ca/pretest.dat +++ b/testing/tests/ikev2/multi-level-ca/pretest.dat @@ -1,6 +1,8 @@ +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection alice +moon::expect-connection venus carol::expect-connection alice carol::expect-connection venus carol::ipsec up alice diff --git a/testing/tests/ikev2/nat-rw-mark/evaltest.dat b/testing/tests/ikev2/nat-rw-mark/evaltest.dat index c5390fbb6..33a975ae0 100644 --- a/testing/tests/ikev2/nat-rw-mark/evaltest.dat +++ b/testing/tests/ikev2/nat-rw-mark/evaltest.dat @@ -6,12 +6,12 @@ sun:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*sun.strongswan.org.*alice@ sun:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES sun:: ipsec statusall 2> /dev/null::alice.*10.2.0.0/16 === 10.1.0.0/25::YES sun:: ipsec statusall 2> /dev/null::venus.*10.2.0.0/16 === 10.1.0.0/25::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -moon::tcpdump::IP moon.strongswan.org.4510.* > sun.strongswan.org.4500: UDP::YES -moon::tcpdump::IP moon.strongswan.org.4520.* > sun.strongswan.org.4500: UDP::YES -moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.4510.*: UDP::YES -moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.4520.*: UDP::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +moon::tcpdump::IP moon.strongswan.org.4510.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP::YES +moon::tcpdump::IP moon.strongswan.org.4520.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP::YES +moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.4510.*: UDP::YES +moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.4520.*: UDP::YES bob::tcpdump::PH_IP_CAROL10 > bob.strongswan.org: ICMP echo request::YES bob::tcpdump::PH_IP_DAVE10 > bob.strongswan.org: ICMP echo request::YES bob::tcpdump::bob.strongswan.org > PH_IP_CAROL10: ICMP echo reply::YES diff --git a/testing/tests/ikev2/nat-rw-mark/pretest.dat b/testing/tests/ikev2/nat-rw-mark/pretest.dat index 9d68e3c6e..e3dfc65d2 100644 --- a/testing/tests/ikev2/nat-rw-mark/pretest.dat +++ b/testing/tests/ikev2/nat-rw-mark/pretest.dat @@ -13,6 +13,8 @@ sun::iptables -t mangle -A PREROUTING -d PH_IP_DAVE10 -j MARK --set-mark 20 sun::ipsec start alice::ipsec start venus::ipsec start +sun::expect-connection alice +sun::expect-connection venus alice::expect-connection nat-t alice::ipsec up nat-t venus::expect-connection nat-t diff --git a/testing/tests/ikev2/nat-rw-psk/evaltest.dat b/testing/tests/ikev2/nat-rw-psk/evaltest.dat index 86fc1975e..fbcb631ff 100644 --- a/testing/tests/ikev2/nat-rw-psk/evaltest.dat +++ b/testing/tests/ikev2/nat-rw-psk/evaltest.dat @@ -3,7 +3,7 @@ venus::ipsec status 2> /dev/null::nat-t.*INSTALLED. TUNNEL.*ESP in UDP::YES sun:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES sun:: ipsec status 2> /dev/null::nat-t.*\[PH_IP_ALICE\]::YES sun:: ipsec status 2> /dev/null::nat-t.*\[PH_IP_VENUS\]::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES -moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP::YES +moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/nat-rw-psk/pretest.dat b/testing/tests/ikev2/nat-rw-psk/pretest.dat index e52bc9d9c..1798d27b5 100644 --- a/testing/tests/ikev2/nat-rw-psk/pretest.dat +++ b/testing/tests/ikev2/nat-rw-psk/pretest.dat @@ -9,6 +9,7 @@ sun::rm /etc/ipsec.d/cacerts/* sun::ipsec start alice::ipsec start venus::ipsec start +sun::expect-connection nat-t alice::expect-connection nat-t alice::ipsec up nat-t venus::expect-connection nat-t diff --git a/testing/tests/ikev2/nat-rw/evaltest.dat b/testing/tests/ikev2/nat-rw/evaltest.dat index 36d9f8456..2d265b0d1 100644 --- a/testing/tests/ikev2/nat-rw/evaltest.dat +++ b/testing/tests/ikev2/nat-rw/evaltest.dat @@ -6,13 +6,13 @@ alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES sun:: ipsec status 2> /dev/null::nat-t[{]1}.*INSTALLED, TUNNEL.*ESP in UDP::YES sun:: ipsec status 2> /dev/null::nat-t[{]2}.*INSTALLED, TUNNEL.*ESP in UDP::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES moon:: sleep 6::no output expected::NO -bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP-encap: ESP::YES -moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP-encap: ESP::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: isakmp-nat-keep-alive::YES +bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES +moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP-encap: ESP::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): isakmp-nat-keep-alive::YES alice::cat /var/log/daemon.log::sending keep alive::YES venus::cat /var/log/daemon.log::sending keep alive::YES diff --git a/testing/tests/ikev2/nat-rw/pretest.dat b/testing/tests/ikev2/nat-rw/pretest.dat index e3d9fc858..36d23b570 100644 --- a/testing/tests/ikev2/nat-rw/pretest.dat +++ b/testing/tests/ikev2/nat-rw/pretest.dat @@ -3,9 +3,10 @@ venus::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100 moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100 +sun::ipsec start alice::ipsec start venus::ipsec start -sun::ipsec start +sun::expect-connection nat-t alice::expect-connection nat-t alice::ipsec up nat-t venus::expect-connection nat-t diff --git a/testing/tests/ikev2/nat-virtual-ip/evaltest.dat b/testing/tests/ikev2/nat-virtual-ip/evaltest.dat index c60ffc772..d4910ea67 100644 --- a/testing/tests/ikev2/nat-virtual-ip/evaltest.dat +++ b/testing/tests/ikev2/nat-virtual-ip/evaltest.dat @@ -1,7 +1,7 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: cat /var/log/daemon.log::inserted NAT rule mapping PH_IP_ALICE to virtual IP::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES bob::tcpdump::IP alice2.strongswan.org > bob.strongswan.org: ICMP::YES diff --git a/testing/tests/ikev2/nat-virtual-ip/pretest.dat b/testing/tests/ikev2/nat-virtual-ip/pretest.dat index 1732d6efa..08ca6b54c 100644 --- a/testing/tests/ikev2/nat-virtual-ip/pretest.dat +++ b/testing/tests/ikev2/nat-virtual-ip/pretest.dat @@ -3,4 +3,5 @@ sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start moon::expect-connection net-net +sun::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-ah/evaltest.dat b/testing/tests/ikev2/net2net-ah/evaltest.dat index c5f2b1ecb..1cfc450e7 100644 --- a/testing/tests/ikev2/net2net-ah/evaltest.dat +++ b/testing/tests/ikev2/net2net-ah/evaltest.dat @@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: AH::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: AH::YES moon::ipsec statusall 2> /dev/null::HMAC_SHA1_96::YES diff --git a/testing/tests/ikev2/net2net-ah/pretest.dat b/testing/tests/ikev2/net2net-ah/pretest.dat index 1732d6efa..bcc2cb04d 100644 --- a/testing/tests/ikev2/net2net-ah/pretest.dat +++ b/testing/tests/ikev2/net2net-ah/pretest.dat @@ -1,6 +1,7 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-cert-sha2/evaltest.dat b/testing/tests/ikev2/net2net-cert-sha2/evaltest.dat index 65737ba1f..91451e9e6 100644 --- a/testing/tests/ikev2/net2net-cert-sha2/evaltest.dat +++ b/testing/tests/ikev2/net2net-cert-sha2/evaltest.dat @@ -4,6 +4,6 @@ sun:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with RSA_ sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-cert-sha2/pretest.dat b/testing/tests/ikev2/net2net-cert-sha2/pretest.dat index 1732d6efa..bcc2cb04d 100644 --- a/testing/tests/ikev2/net2net-cert-sha2/pretest.dat +++ b/testing/tests/ikev2/net2net-cert-sha2/pretest.dat @@ -1,6 +1,7 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-cert/evaltest.dat b/testing/tests/ikev2/net2net-cert/evaltest.dat index 2b37cad99..fe4aa5ab1 100644 --- a/testing/tests/ikev2/net2net-cert/evaltest.dat +++ b/testing/tests/ikev2/net2net-cert/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun. sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-cert/pretest.dat b/testing/tests/ikev2/net2net-cert/pretest.dat index 1732d6efa..bcc2cb04d 100644 --- a/testing/tests/ikev2/net2net-cert/pretest.dat +++ b/testing/tests/ikev2/net2net-cert/pretest.dat @@ -1,6 +1,7 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-dnscert/evaltest.dat b/testing/tests/ikev2/net2net-dnscert/evaltest.dat index effc9bc1f..7e6b8d151 100644 --- a/testing/tests/ikev2/net2net-dnscert/evaltest.dat +++ b/testing/tests/ikev2/net2net-dnscert/evaltest.dat @@ -4,6 +4,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-dnscert/pretest.dat b/testing/tests/ikev2/net2net-dnscert/pretest.dat index f2cbf6a0c..c7e2c6162 100644 --- a/testing/tests/ikev2/net2net-dnscert/pretest.dat +++ b/testing/tests/ikev2/net2net-dnscert/pretest.dat @@ -2,7 +2,8 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::rm /etc/ipsec.d/cacerts/* sun::rm /etc/ipsec.d/cacerts/* -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-dnssec/evaltest.dat b/testing/tests/ikev2/net2net-dnssec/evaltest.dat index 389cac7f3..f5a1a5d09 100644 --- a/testing/tests/ikev2/net2net-dnssec/evaltest.dat +++ b/testing/tests/ikev2/net2net-dnssec/evaltest.dat @@ -4,6 +4,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-dnssec/pretest.dat b/testing/tests/ikev2/net2net-dnssec/pretest.dat index f2cbf6a0c..c7e2c6162 100644 --- a/testing/tests/ikev2/net2net-dnssec/pretest.dat +++ b/testing/tests/ikev2/net2net-dnssec/pretest.dat @@ -2,7 +2,8 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::rm /etc/ipsec.d/cacerts/* sun::rm /etc/ipsec.d/cacerts/* -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-esn/pretest.dat b/testing/tests/ikev2/net2net-esn/pretest.dat index 1732d6efa..bcc2cb04d 100644 --- a/testing/tests/ikev2/net2net-esn/pretest.dat +++ b/testing/tests/ikev2/net2net-esn/pretest.dat @@ -1,6 +1,7 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-fragmentation/evaltest.dat b/testing/tests/ikev2/net2net-fragmentation/evaltest.dat index c7437c8bb..c6a8ff5d7 100644 --- a/testing/tests/ikev2/net2net-fragmentation/evaltest.dat +++ b/testing/tests/ikev2/net2net-fragmentation/evaltest.dat @@ -10,6 +10,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun. sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-fragmentation/pretest.dat b/testing/tests/ikev2/net2net-fragmentation/pretest.dat index 1732d6efa..bcc2cb04d 100644 --- a/testing/tests/ikev2/net2net-fragmentation/pretest.dat +++ b/testing/tests/ikev2/net2net-fragmentation/pretest.dat @@ -1,6 +1,7 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/evaltest.dat b/testing/tests/ikev2/net2net-ntru-bandwidth/evaltest.dat index 69b5ef754..2fc102f0b 100644 --- a/testing/tests/ikev2/net2net-ntru-bandwidth/evaltest.dat +++ b/testing/tests/ikev2/net2net-ntru-bandwidth/evaltest.dat @@ -4,6 +4,6 @@ moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES moon::ipsec statusall 2> /dev/null::net-net.*IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES sun::ipsec statusall 2> /dev/null::net-net.*IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/pretest.dat b/testing/tests/ikev2/net2net-ntru-bandwidth/pretest.dat index 1732d6efa..bcc2cb04d 100644 --- a/testing/tests/ikev2/net2net-ntru-bandwidth/pretest.dat +++ b/testing/tests/ikev2/net2net-ntru-bandwidth/pretest.dat @@ -1,6 +1,7 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-ntru-cert/evaltest.dat b/testing/tests/ikev2/net2net-ntru-cert/evaltest.dat index 78d2bff53..1ac624e40 100644 --- a/testing/tests/ikev2/net2net-ntru-cert/evaltest.dat +++ b/testing/tests/ikev2/net2net-ntru-cert/evaltest.dat @@ -4,6 +4,6 @@ moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES moon::ipsec statusall 2> /dev/null::net-net.*IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/NTRU_256::YES sun::ipsec statusall 2> /dev/null::net-net.*IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/NTRU_256::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-ntru-cert/pretest.dat b/testing/tests/ikev2/net2net-ntru-cert/pretest.dat index 1732d6efa..bcc2cb04d 100644 --- a/testing/tests/ikev2/net2net-ntru-cert/pretest.dat +++ b/testing/tests/ikev2/net2net-ntru-cert/pretest.dat @@ -1,6 +1,7 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat b/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat index 460c659d9..468c5f7ee 100644 --- a/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat +++ b/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat @@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*71:27:04:32:cd:76:3a:18: sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun .*71:27:04:32:cd:76:3a:18:02:0a:c9:88:c0:e7:5a:ed::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-pgp-v3/pretest.dat b/testing/tests/ikev2/net2net-pgp-v3/pretest.dat index f2cbf6a0c..c7e2c6162 100644 --- a/testing/tests/ikev2/net2net-pgp-v3/pretest.dat +++ b/testing/tests/ikev2/net2net-pgp-v3/pretest.dat @@ -2,7 +2,8 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::rm /etc/ipsec.d/cacerts/* sun::rm /etc/ipsec.d/cacerts/* -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat b/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat index f74eb6a19..99bbcf759 100644 --- a/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat +++ b/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat @@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*b4: sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*b4:2f:31:fe:c8:0a:e3:26:4a:10:1c:85:97:7a:04:ac:8d:16:38:d3.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-pgp-v4/pretest.dat b/testing/tests/ikev2/net2net-pgp-v4/pretest.dat index f2cbf6a0c..c7e2c6162 100644 --- a/testing/tests/ikev2/net2net-pgp-v4/pretest.dat +++ b/testing/tests/ikev2/net2net-pgp-v4/pretest.dat @@ -2,7 +2,8 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::rm /etc/ipsec.d/cacerts/* sun::rm /etc/ipsec.d/cacerts/* -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-pkcs12/evaltest.dat b/testing/tests/ikev2/net2net-pkcs12/evaltest.dat index 2b37cad99..fe4aa5ab1 100644 --- a/testing/tests/ikev2/net2net-pkcs12/evaltest.dat +++ b/testing/tests/ikev2/net2net-pkcs12/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun. sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-pkcs12/pretest.dat b/testing/tests/ikev2/net2net-pkcs12/pretest.dat index fd1ce379f..3f3f7d100 100644 --- a/testing/tests/ikev2/net2net-pkcs12/pretest.dat +++ b/testing/tests/ikev2/net2net-pkcs12/pretest.dat @@ -4,7 +4,8 @@ sun::rm /etc/ipsec.d/private/sunKey.pem sun::rm /etc/ipsec.d/cacerts/strongswanCert.pem moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat b/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat index 113c3d9c0..cc5483e6b 100644 --- a/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat +++ b/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::dscp-be.*ESTABLISHED.*moon-be.*sun-be::YES moon:: ipsec status 2> /dev/null::dscp-ef.*ESTABLISHED.*moon-ef.*sun-ef::YES sun:: ipsec status 2> /dev/null::dscp-be.*ESTABLISHED.*sun-be.*moon-be::YES sun:: ipsec status 2> /dev/null::dscp-ef.*ESTABLISHED.*sun-ef.*moon-ef::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-psk-dscp/pretest.dat b/testing/tests/ikev2/net2net-psk-dscp/pretest.dat index ef3eb9e06..925b773fd 100644 --- a/testing/tests/ikev2/net2net-psk-dscp/pretest.dat +++ b/testing/tests/ikev2/net2net-psk-dscp/pretest.dat @@ -10,9 +10,10 @@ bob::iptables -t mangle -A OUTPUT -d PH_IP_ALICE -p icmp -j DSCP --set-dscp-clas bob::iptables -t mangle -A OUTPUT -d PH_IP_VENUS -p icmp -j DSCP --set-dscp-class EF sun::iptables -t mangle -A PREROUTING -m dscp --dscp-class BE -j MARK --set-mark 10 sun::iptables -t mangle -A PREROUTING -m dscp --dscp-class EF -j MARK --set-mark 20 -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection dscp-ef moon::expect-connection dscp-be -moon::expect-connection dscp-ef moon::ipsec up dscp-be +moon::expect-connection dscp-ef moon::ipsec up dscp-ef diff --git a/testing/tests/ikev2/net2net-psk-fail/pretest.dat b/testing/tests/ikev2/net2net-psk-fail/pretest.dat index f2cbf6a0c..c7e2c6162 100644 --- a/testing/tests/ikev2/net2net-psk-fail/pretest.dat +++ b/testing/tests/ikev2/net2net-psk-fail/pretest.dat @@ -2,7 +2,8 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::rm /etc/ipsec.d/cacerts/* sun::rm /etc/ipsec.d/cacerts/* -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-psk/evaltest.dat b/testing/tests/ikev2/net2net-psk/evaltest.dat index 2b37cad99..fe4aa5ab1 100644 --- a/testing/tests/ikev2/net2net-psk/evaltest.dat +++ b/testing/tests/ikev2/net2net-psk/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun. sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-psk/pretest.dat b/testing/tests/ikev2/net2net-psk/pretest.dat index f2cbf6a0c..c7e2c6162 100644 --- a/testing/tests/ikev2/net2net-psk/pretest.dat +++ b/testing/tests/ikev2/net2net-psk/pretest.dat @@ -2,7 +2,8 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::rm /etc/ipsec.d/cacerts/* sun::rm /etc/ipsec.d/cacerts/* -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-pubkey/evaltest.dat b/testing/tests/ikev2/net2net-pubkey/evaltest.dat index bc03a39fb..d39cb07cc 100644 --- a/testing/tests/ikev2/net2net-pubkey/evaltest.dat +++ b/testing/tests/ikev2/net2net-pubkey/evaltest.dat @@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-pubkey/pretest.dat b/testing/tests/ikev2/net2net-pubkey/pretest.dat index 0f4ae0f4f..969c42337 100644 --- a/testing/tests/ikev2/net2net-pubkey/pretest.dat +++ b/testing/tests/ikev2/net2net-pubkey/pretest.dat @@ -4,5 +4,6 @@ moon::rm /etc/ipsec.d/cacerts/* sun::rm /etc/ipsec.d/cacerts/* moon::ipsec start sun::ipsec start -moon::sleep 2 +moon::expect-connection net-net +sun::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-rfc3779/evaltest.dat b/testing/tests/ikev2/net2net-rfc3779/evaltest.dat index e8e1a46e4..ae970ba61 100644 --- a/testing/tests/ikev2/net2net-rfc3779/evaltest.dat +++ b/testing/tests/ikev2/net2net-rfc3779/evaltest.dat @@ -10,6 +10,6 @@ sun:: cat /var/log/daemon.log::subject address block fec0:\:1/128 is contained sun:: cat /var/log/daemon.log::subject address block fec1:\:/16 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES moon:: cat /var/log/daemon.log::TS 10.2.0.0/16 is contained in address block constraint 10.2.0.0/16::YES sun:: cat /var/log/daemon.log::TS 10.1.0.0/16 is contained in address block constraint 10.1.0.0/16::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-rfc3779/pretest.dat b/testing/tests/ikev2/net2net-rfc3779/pretest.dat index 1732d6efa..16eb9a67a 100644 --- a/testing/tests/ikev2/net2net-rfc3779/pretest.dat +++ b/testing/tests/ikev2/net2net-rfc3779/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-route/evaltest.dat b/testing/tests/ikev2/net2net-route/evaltest.dat index 77ab6e7c6..3b247fd6c 100644 --- a/testing/tests/ikev2/net2net-route/evaltest.dat +++ b/testing/tests/ikev2/net2net-route/evaltest.dat @@ -3,6 +3,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-route/pretest.dat b/testing/tests/ikev2/net2net-route/pretest.dat index a1c567079..57dc45f99 100644 --- a/testing/tests/ikev2/net2net-route/pretest.dat +++ b/testing/tests/ikev2/net2net-route/pretest.dat @@ -3,4 +3,5 @@ sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start moon::expect-connection net-net +sun::expect-connection net-net alice::ping -c 3 -W 1 -i 0.2 PH_IP_BOB diff --git a/testing/tests/ikev2/net2net-rsa/evaltest.dat b/testing/tests/ikev2/net2net-rsa/evaltest.dat index bc03a39fb..d39cb07cc 100644 --- a/testing/tests/ikev2/net2net-rsa/evaltest.dat +++ b/testing/tests/ikev2/net2net-rsa/evaltest.dat @@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-rsa/pretest.dat b/testing/tests/ikev2/net2net-rsa/pretest.dat index f2cbf6a0c..c7e2c6162 100644 --- a/testing/tests/ikev2/net2net-rsa/pretest.dat +++ b/testing/tests/ikev2/net2net-rsa/pretest.dat @@ -2,7 +2,8 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::rm /etc/ipsec.d/cacerts/* sun::rm /etc/ipsec.d/cacerts/* -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-same-nets/evaltest.dat b/testing/tests/ikev2/net2net-same-nets/evaltest.dat index 3b479cefa..f0e3588e4 100644 --- a/testing/tests/ikev2/net2net-same-nets/evaltest.dat +++ b/testing/tests/ikev2/net2net-same-nets/evaltest.dat @@ -2,8 +2,8 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 10.6.0.10::64 bytes from 10.6.0.10: icmp_req=1::YES -bob:: ping -c 1 10.9.0.10::64 bytes from 10.9.0.10: icmp_req=1::YES +alice::ping -c 1 10.6.0.10::64 bytes from 10.6.0.10: icmp_.eq=1::YES +bob:: ping -c 1 10.9.0.10::64 bytes from 10.9.0.10: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES bob::tcpdump::IP 10.9.0.10 > bob.strongswan.org: ICMP echo request::YES diff --git a/testing/tests/ikev2/net2net-same-nets/pretest.dat b/testing/tests/ikev2/net2net-same-nets/pretest.dat index 1732d6efa..08ca6b54c 100644 --- a/testing/tests/ikev2/net2net-same-nets/pretest.dat +++ b/testing/tests/ikev2/net2net-same-nets/pretest.dat @@ -3,4 +3,5 @@ sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start moon::expect-connection net-net +sun::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-start/evaltest.dat b/testing/tests/ikev2/net2net-start/evaltest.dat index f003f822f..5c4aa85f8 100644 --- a/testing/tests/ikev2/net2net-start/evaltest.dat +++ b/testing/tests/ikev2/net2net-start/evaltest.dat @@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/ocsp-local-cert/pretest.dat b/testing/tests/ikev2/ocsp-local-cert/pretest.dat index 3a1982f8a..d7f7959f1 100644 --- a/testing/tests/ikev2/ocsp-local-cert/pretest.dat +++ b/testing/tests/ikev2/ocsp-local-cert/pretest.dat @@ -1,4 +1,5 @@ moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/ocsp-multi-level/pretest.dat b/testing/tests/ikev2/ocsp-multi-level/pretest.dat index be0051e0b..eedd737ac 100644 --- a/testing/tests/ikev2/ocsp-multi-level/pretest.dat +++ b/testing/tests/ikev2/ocsp-multi-level/pretest.dat @@ -1,6 +1,7 @@ +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection alice carol::expect-connection alice carol::ipsec up alice dave::expect-connection venus diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat b/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat index 6296b4e06..903d1e9a8 100644 --- a/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat +++ b/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat @@ -1,5 +1,6 @@ moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j REJECT --reject-with tcp-reset moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/ocsp-revoked/pretest.dat b/testing/tests/ikev2/ocsp-revoked/pretest.dat index 3a1982f8a..d7f7959f1 100644 --- a/testing/tests/ikev2/ocsp-revoked/pretest.dat +++ b/testing/tests/ikev2/ocsp-revoked/pretest.dat @@ -1,4 +1,5 @@ moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/ocsp-root-cert/pretest.dat b/testing/tests/ikev2/ocsp-root-cert/pretest.dat index 3a1982f8a..d7f7959f1 100644 --- a/testing/tests/ikev2/ocsp-root-cert/pretest.dat +++ b/testing/tests/ikev2/ocsp-root-cert/pretest.dat @@ -1,4 +1,5 @@ moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/ocsp-signer-cert/pretest.dat b/testing/tests/ikev2/ocsp-signer-cert/pretest.dat index 3a1982f8a..d7f7959f1 100644 --- a/testing/tests/ikev2/ocsp-signer-cert/pretest.dat +++ b/testing/tests/ikev2/ocsp-signer-cert/pretest.dat @@ -1,4 +1,5 @@ moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/pretest.dat b/testing/tests/ikev2/ocsp-strict-ifuri/pretest.dat index be0051e0b..eedd737ac 100644 --- a/testing/tests/ikev2/ocsp-strict-ifuri/pretest.dat +++ b/testing/tests/ikev2/ocsp-strict-ifuri/pretest.dat @@ -1,6 +1,7 @@ +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection alice carol::expect-connection alice carol::ipsec up alice dave::expect-connection venus diff --git a/testing/tests/ikev2/ocsp-timeouts-good/pretest.dat b/testing/tests/ikev2/ocsp-timeouts-good/pretest.dat index 3a1982f8a..d7f7959f1 100644 --- a/testing/tests/ikev2/ocsp-timeouts-good/pretest.dat +++ b/testing/tests/ikev2/ocsp-timeouts-good/pretest.dat @@ -1,4 +1,5 @@ moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat b/testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat index a43ba3550..0c9d5a9b1 100644 --- a/testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat +++ b/testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat @@ -2,5 +2,6 @@ moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j REJECT --reject- carol::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j REJECT --reject-with tcp-reset moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat b/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat index 6296b4e06..903d1e9a8 100644 --- a/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat +++ b/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat @@ -1,5 +1,6 @@ moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j REJECT --reject-with tcp-reset moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/protoport-dual/evaltest.dat b/testing/tests/ikev2/protoport-dual/evaltest.dat index cf45f3b52..7d367e3c1 100644 --- a/testing/tests/ikev2/protoport-dual/evaltest.dat +++ b/testing/tests/ikev2/protoport-dual/evaltest.dat @@ -2,8 +2,8 @@ carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/protoport-dual/pretest.dat b/testing/tests/ikev2/protoport-dual/pretest.dat index 4759fdb7b..02f4aa82b 100644 --- a/testing/tests/ikev2/protoport-dual/pretest.dat +++ b/testing/tests/ikev2/protoport-dual/pretest.dat @@ -2,6 +2,8 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw-icmp +moon::expect-connection rw-ssh carol::expect-connection home-icmp carol::expect-connection home-ssh carol::ipsec up home-icmp diff --git a/testing/tests/ikev2/protoport-route/evaltest.dat b/testing/tests/ikev2/protoport-route/evaltest.dat index 75c547995..f4b0c7787 100644 --- a/testing/tests/ikev2/protoport-route/evaltest.dat +++ b/testing/tests/ikev2/protoport-route/evaltest.dat @@ -1,5 +1,5 @@ -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req::YES -carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq::YES +carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq::YES carol::ssh PH_IP_ALICE hostname::alice::YES carol::cat /var/log/daemon.log::creating acquire job::YES carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED::YES diff --git a/testing/tests/ikev2/protoport-route/pretest.dat b/testing/tests/ikev2/protoport-route/pretest.dat index 433d0cf98..8e2c73e29 100644 --- a/testing/tests/ikev2/protoport-route/pretest.dat +++ b/testing/tests/ikev2/protoport-route/pretest.dat @@ -2,6 +2,8 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw-icmp +moon::expect-connection rw-ssh carol::expect-connection home-icmp carol::expect-connection home-ssh carol::ssh PH_IP_ALICE hostname diff --git a/testing/tests/ikev2/reauth-early/evaltest.dat b/testing/tests/ikev2/reauth-early/evaltest.dat index dbc6f8d97..dadde1753 100644 --- a/testing/tests/ikev2/reauth-early/evaltest.dat +++ b/testing/tests/ikev2/reauth-early/evaltest.dat @@ -1,6 +1,6 @@ moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::ipsec status 2> /dev/null::home\[2]: ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::cat /var/log/daemon.log::received AUTH_LIFETIME of 30s, scheduling reauthentication in 25s::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/reauth-early/pretest.dat b/testing/tests/ikev2/reauth-early/pretest.dat index d3ce70e80..656de7450 100644 --- a/testing/tests/ikev2/reauth-early/pretest.dat +++ b/testing/tests/ikev2/reauth-early/pretest.dat @@ -2,6 +2,7 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home carol::sleep 30 diff --git a/testing/tests/ikev2/reauth-late/evaltest.dat b/testing/tests/ikev2/reauth-late/evaltest.dat index 205a4d9e7..d6a9809e4 100644 --- a/testing/tests/ikev2/reauth-late/evaltest.dat +++ b/testing/tests/ikev2/reauth-late/evaltest.dat @@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*caro carol::ipsec status 2> /dev/null::home\[2]: ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::cat /var/log/daemon.log::scheduling reauthentication in 2[0-5]s::YES carol::cat /var/log/daemon.log::received AUTH_LIFETIME of 360[01]s, reauthentication already scheduled in 2[0-5]s::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/reauth-late/pretest.dat b/testing/tests/ikev2/reauth-late/pretest.dat index d3ce70e80..656de7450 100644 --- a/testing/tests/ikev2/reauth-late/pretest.dat +++ b/testing/tests/ikev2/reauth-late/pretest.dat @@ -2,6 +2,7 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home carol::sleep 30 diff --git a/testing/tests/ikev2/reauth-mbb-revoked/pretest.dat b/testing/tests/ikev2/reauth-mbb-revoked/pretest.dat index 3a1982f8a..d7f7959f1 100644 --- a/testing/tests/ikev2/reauth-mbb-revoked/pretest.dat +++ b/testing/tests/ikev2/reauth-mbb-revoked/pretest.dat @@ -1,4 +1,5 @@ moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/reauth-mbb-virtual-ip/pretest.dat b/testing/tests/ikev2/reauth-mbb-virtual-ip/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev2/reauth-mbb-virtual-ip/pretest.dat +++ b/testing/tests/ikev2/reauth-mbb-virtual-ip/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/reauth-mbb/pretest.dat b/testing/tests/ikev2/reauth-mbb/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/ikev2/reauth-mbb/pretest.dat +++ b/testing/tests/ikev2/reauth-mbb/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/redirect-active/evaltest.dat b/testing/tests/ikev2/redirect-active/evaltest.dat index 6d84173cd..1c90344e5 100644 --- a/testing/tests/ikev2/redirect-active/evaltest.dat +++ b/testing/tests/ikev2/redirect-active/evaltest.dat @@ -2,8 +2,8 @@ alice::ipsec status 2> /dev/null::rw\[1].*ESTABLISHED.*mars.strongswan.org.*caro alice::ipsec status 2> /dev/null::rw\[2].*ESTABLISHED.*mars.strongswan.org.*dave@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*mars.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*mars.strongswan.org::YES -carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO -dave:: ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO +dave:: ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO alice::swanctl --redirect --peer-ip PH_IP_CAROL --gateway 192.168.0.1::redirect completed successfully::YES alice::swanctl --redirect --peer-id dave@strongswan.org --gateway moon.strongswan.org::redirect completed successfully::YES carol::sleep 1::No output expected::NO @@ -12,8 +12,8 @@ dave::cat /var/log/daemon.log::redirected to moon.strongswan.org::YES moon::cat /var/log/daemon.log::client got redirected from 192.168.0.5::YES moon::ipsec status 2> /dev/null::rw\[1].*ESTABLISHED.*mars.strongswan.org.*carol@strongswan.org::YES moon::ipsec status 2> /dev/null::rw\[2].*ESTABLISHED.*mars.strongswan.org.*dave@strongswan.org::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES carol::tcpdump::IP carol.strongswan.org > mars.strongswan.org: ESP::YES carol::tcpdump::IP mars.strongswan.org > carol.strongswan.org: ESP::NO carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/redirect-active/pretest.dat b/testing/tests/ikev2/redirect-active/pretest.dat index 3f7ac1dcf..5a02bddec 100644 --- a/testing/tests/ikev2/redirect-active/pretest.dat +++ b/testing/tests/ikev2/redirect-active/pretest.dat @@ -8,6 +8,9 @@ moon::ipsec start alice::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +moon::expect-connection rw +alice::expect-connection rw +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev2/rw-cert/evaltest.dat b/testing/tests/ikev2/rw-cert/evaltest.dat index ba661975b..be78c5125 100644 --- a/testing/tests/ikev2/rw-cert/evaltest.dat +++ b/testing/tests/ikev2/rw-cert/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-dnssec/evaltest.dat b/testing/tests/ikev2/rw-dnssec/evaltest.dat index 49183fb42..ea7103a66 100644 --- a/testing/tests/ikev2/rw-dnssec/evaltest.dat +++ b/testing/tests/ikev2/rw-dnssec/evaltest.dat @@ -2,12 +2,12 @@ carol::cat /var/log/daemon.log::performing a DNS query for IPSECKEY RRs of.*moon carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol.strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: cat /var/log/daemon.log::performing a DNS query for IPSECKEY RRs of.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave.strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: cat /var/log/daemon.log::performing a DNS query for IPSECKEY RRs of.*carol.strongswan.org::YES moon:: cat /var/log/daemon.log::performing a DNS query for IPSECKEY RRs of.*dave.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol.strongswan.org::YES diff --git a/testing/tests/ikev2/rw-dnssec/posttest.dat b/testing/tests/ikev2/rw-dnssec/posttest.dat index 3d55e09f9..17572e0bd 100644 --- a/testing/tests/ikev2/rw-dnssec/posttest.dat +++ b/testing/tests/ikev2/rw-dnssec/posttest.dat @@ -4,9 +4,9 @@ dave::ipsec stop moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush -moon:rm /etc/resolv.conf -carol:rm /etc/resolv.conf -dave:rm /etc/resolv.conf -moon:rm /etc/ipsec.d/dnssec.key -carol:rm /etc/ipsec.d/dnssec.key -dave:rm /etc/ipse.cd/dnssec.key +moon::rm /etc/resolv.conf +carol::rm /etc/resolv.conf +dave::rm /etc/resolv.conf +moon::rm /etc/ipsec.d/dnssec.keys +carol::rm /etc/ipsec.d/dnssec.keys +dave::rm /etc/ipsec.d/dnssec.keys diff --git a/testing/tests/ikev2/rw-dnssec/pretest.dat b/testing/tests/ikev2/rw-dnssec/pretest.dat index ab5e18da2..ee5bc7c72 100644 --- a/testing/tests/ikev2/rw-dnssec/pretest.dat +++ b/testing/tests/ikev2/rw-dnssec/pretest.dat @@ -7,6 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/* moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat index 20f1f132c..25871f893 100644 --- a/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat @@ -7,7 +7,7 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/pretest.dat b/testing/tests/ikev2/rw-eap-aka-id-rsa/pretest.dat index de4acbbf0..1578796a1 100644 --- a/testing/tests/ikev2/rw-eap-aka-id-rsa/pretest.dat +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat index 77e306bf9..795164c7f 100644 --- a/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat @@ -6,7 +6,7 @@ moon:: ipsec status 2> /dev/null::rw-eap-aka.*ESTABLISHED.*moon.strongswan.org.* carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap-aka.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/pretest.dat b/testing/tests/ikev2/rw-eap-aka-rsa/pretest.dat index de4acbbf0..ee4673009 100644 --- a/testing/tests/ikev2/rw-eap-aka-rsa/pretest.dat +++ b/testing/tests/ikev2/rw-eap-aka-rsa/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw-eap-aka carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/rw-eap-dynamic/evaltest.dat b/testing/tests/ikev2/rw-eap-dynamic/evaltest.dat index e09765fb6..ab2068aad 100644 --- a/testing/tests/ikev2/rw-eap-dynamic/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-dynamic/evaltest.dat @@ -15,8 +15,8 @@ moon:: ipsec status 2> /dev/null::rw-eap[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-eap[{]2}.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-dynamic/pretest.dat b/testing/tests/ikev2/rw-eap-dynamic/pretest.dat index a55cf37b2..dccf85419 100644 --- a/testing/tests/ikev2/rw-eap-dynamic/pretest.dat +++ b/testing/tests/ikev2/rw-eap-dynamic/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/rw-eap-framed-ip-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-framed-ip-radius/evaltest.dat index 10ce861b1..7416e55df 100644 --- a/testing/tests/ikev2/rw-eap-framed-ip-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-framed-ip-radius/evaltest.dat @@ -18,8 +18,8 @@ dave ::ipsec status 2> /dev/null::home.*ESTABLISHED.*PH_IP_DAVE.*moon.strongswan moon ::ipsec status 2> /dev/null::rw-eap[{]2}.*INSTALLED, TUNNEL::YES dave ::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave ::cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-framed-ip-radius/pretest.dat b/testing/tests/ikev2/rw-eap-framed-ip-radius/pretest.dat index 98bf0b15a..fa2d7eeb9 100644 --- a/testing/tests/ikev2/rw-eap-framed-ip-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-framed-ip-radius/pretest.dat @@ -5,6 +5,7 @@ alice::radiusd moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-class-radius/evaltest.dat index 47a4977a2..1bf1455fc 100644 --- a/testing/tests/ikev2/rw-eap-md5-class-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-md5-class-radius/evaltest.dat @@ -18,8 +18,8 @@ dave ::ipsec status 2> /dev/null::alice.*ESTABLISHED.*PH_IP_DAVE.*moon.strongswa moon ::ipsec status 2> /dev/null::accounting.*INSTALLED, TUNNEL::YES dave ::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::NO dave ::ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/pretest.dat b/testing/tests/ikev2/rw-eap-md5-class-radius/pretest.dat index 8893e0169..303139615 100644 --- a/testing/tests/ikev2/rw-eap-md5-class-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-md5-class-radius/pretest.dat @@ -5,6 +5,8 @@ alice::radiusd moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection research +moon::expect-connection accounting carol::expect-connection alice carol::expect-connection venus carol::ipsec up alice diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat index 5853deb26..37206c78b 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat @@ -8,7 +8,7 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*\[PH carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[PH_IP_CAROL].*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/pretest.dat b/testing/tests/ikev2/rw-eap-md5-id-prompt/pretest.dat index d44910db8..16f90ecde 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-prompt/pretest.dat +++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/pretest.dat @@ -2,6 +2,7 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec stroke user-creds home carol "Ar3etTnp" carol::ipsec up home diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat index 109407b96..60a5a778d 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat @@ -7,7 +7,7 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat b/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat index c65fbda83..b27673c6d 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat @@ -3,5 +3,6 @@ carol::iptables-restore < /etc/iptables.rules alice::radiusd moon::ipsec start carol::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat index 49045c9ef..f3e5aa0a1 100644 --- a/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat @@ -6,6 +6,6 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat b/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat index c65fbda83..b27673c6d 100644 --- a/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat @@ -3,5 +3,6 @@ carol::iptables-restore < /etc/iptables.rules alice::radiusd moon::ipsec start carol::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat index 88ab87d29..d4617bf42 100644 --- a/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat @@ -5,7 +5,7 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/pretest.dat b/testing/tests/ikev2/rw-eap-md5-rsa/pretest.dat index de4acbbf0..1578796a1 100644 --- a/testing/tests/ikev2/rw-eap-md5-rsa/pretest.dat +++ b/testing/tests/ikev2/rw-eap-md5-rsa/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat index 892fdd6ef..e72426b29 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat @@ -7,7 +7,7 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*\[PH carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[PH_IP_CAROL].*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/pretest.dat b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/pretest.dat index de4acbbf0..1578796a1 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/pretest.dat +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat b/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat index 4ed5257b1..6b609f81d 100644 --- a/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat @@ -18,6 +18,6 @@ moon:: ipsec status 2> /dev/null::rw-eap[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-eap[{]2}.*INSTALLED::NO carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED::NO -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-peap-md5/pretest.dat b/testing/tests/ikev2/rw-eap-peap-md5/pretest.dat index a55cf37b2..dccf85419 100644 --- a/testing/tests/ikev2/rw-eap-peap-md5/pretest.dat +++ b/testing/tests/ikev2/rw-eap-peap-md5/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat b/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat index fc75e1c9a..f77c31c56 100644 --- a/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat @@ -14,6 +14,6 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@stronswan.org::NO carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/pretest.dat b/testing/tests/ikev2/rw-eap-peap-mschapv2/pretest.dat index a55cf37b2..dccf85419 100644 --- a/testing/tests/ikev2/rw-eap-peap-mschapv2/pretest.dat +++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat index d3d97dc38..edfb7cddd 100644 --- a/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat @@ -14,6 +14,6 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-peap-radius/pretest.dat b/testing/tests/ikev2/rw-eap-peap-radius/pretest.dat index 98bf0b15a..fa2d7eeb9 100644 --- a/testing/tests/ikev2/rw-eap-peap-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-peap-radius/pretest.dat @@ -5,6 +5,7 @@ alice::radiusd moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat index 0dfc89e07..e7d978634 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat @@ -7,6 +7,6 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat index fa1164713..122ee2283 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat @@ -5,5 +5,6 @@ carol::cat /etc/ipsec.d/triplets.dat alice::radiusd moon::ipsec start carol::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat index 4f8f7285b..8502d7a72 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat @@ -4,7 +4,7 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES @@ -12,4 +12,4 @@ moon:: cat /var/log/daemon.log::EAP method EAP_SIM failed for peer dave@strongsw moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat index a204f88a1..960352c51 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat @@ -11,6 +11,7 @@ alice::radiusd moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat index 01aed2492..0c9c2b4a7 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat @@ -4,7 +4,7 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES @@ -12,4 +12,4 @@ moon:: cat /var/log/daemon.log::EAP method EAP_SIM failed for peer dave@strongsw moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat index fdb50fcfb..52d5962f4 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat @@ -11,6 +11,7 @@ alice::radiusd moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat index f33e7bc36..17e3157f8 100644 --- a/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat @@ -5,6 +5,6 @@ moon:: ipsec status 2> /dev/null::rw-eap-sim.*ESTABLISHED.*moon.strongswan.org.* carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap-sim.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/pretest.dat b/testing/tests/ikev2/rw-eap-sim-rsa/pretest.dat index 3e05e4ed7..71cab1fbf 100644 --- a/testing/tests/ikev2/rw-eap-sim-rsa/pretest.dat +++ b/testing/tests/ikev2/rw-eap-sim-rsa/pretest.dat @@ -4,5 +4,6 @@ moon::cat /etc/ipsec.d/triplets.dat carol::cat /etc/ipsec.d/triplets.dat moon::ipsec start carol::ipsec start +moon::expect-connection rw-eap-sim carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat b/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat index 314769b3e..df588810a 100644 --- a/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat @@ -4,6 +4,6 @@ carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, C moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=carol@d.strongswan.org' with EAP successful::YES moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/pretest.dat b/testing/tests/ikev2/rw-eap-tls-fragments/pretest.dat index 7ed202116..bbf5c612a 100644 --- a/testing/tests/ikev2/rw-eap-tls-fragments/pretest.dat +++ b/testing/tests/ikev2/rw-eap-tls-fragments/pretest.dat @@ -4,5 +4,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat b/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat index 06d4dd917..b2e3ce620 100644 --- a/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat @@ -5,6 +5,6 @@ carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN= moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-tls-only/pretest.dat b/testing/tests/ikev2/rw-eap-tls-only/pretest.dat index de4acbbf0..1578796a1 100644 --- a/testing/tests/ikev2/rw-eap-tls-only/pretest.dat +++ b/testing/tests/ikev2/rw-eap-tls-only/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat index 75349b031..b53b085f8 100644 --- a/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat @@ -4,6 +4,6 @@ carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN= moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf index 4c778a721..50f0389d3 100644 --- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf @@ -4,3 +4,6 @@ charon { load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown multiple_authentication=no } +libtls { + suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 +} diff --git a/testing/tests/ikev2/rw-eap-tls-radius/pretest.dat b/testing/tests/ikev2/rw-eap-tls-radius/pretest.dat index c65fbda83..b27673c6d 100644 --- a/testing/tests/ikev2/rw-eap-tls-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-tls-radius/pretest.dat @@ -3,5 +3,6 @@ carol::iptables-restore < /etc/iptables.rules alice::radiusd moon::ipsec start carol::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat b/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat index d22dd18db..2285608b8 100644 --- a/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat @@ -14,6 +14,6 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-ttls-only/pretest.dat b/testing/tests/ikev2/rw-eap-ttls-only/pretest.dat index a55cf37b2..dccf85419 100644 --- a/testing/tests/ikev2/rw-eap-ttls-only/pretest.dat +++ b/testing/tests/ikev2/rw-eap-ttls-only/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat index d22dd18db..2285608b8 100644 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat @@ -14,6 +14,6 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/pretest.dat b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/pretest.dat index a55cf37b2..dccf85419 100644 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/pretest.dat +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat index f250c0cb3..4be616469 100644 --- a/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat @@ -14,7 +14,7 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*dave@strongswan.org::NO carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat b/testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat index 98bf0b15a..fa2d7eeb9 100644 --- a/testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat @@ -5,6 +5,7 @@ alice::radiusd moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/rw-hash-and-url/evaltest.dat b/testing/tests/ikev2/rw-hash-and-url/evaltest.dat index 7a9a70939..3c0aaf002 100644 --- a/testing/tests/ikev2/rw-hash-and-url/evaltest.dat +++ b/testing/tests/ikev2/rw-hash-and-url/evaltest.dat @@ -10,8 +10,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-hash-and-url/pretest.dat b/testing/tests/ikev2/rw-hash-and-url/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/ikev2/rw-hash-and-url/pretest.dat +++ b/testing/tests/ikev2/rw-hash-and-url/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/rw-initiator-only/evaltest.dat b/testing/tests/ikev2/rw-initiator-only/evaltest.dat index 80fd7c5be..c5dc4a0a6 100644 --- a/testing/tests/ikev2/rw-initiator-only/evaltest.dat +++ b/testing/tests/ikev2/rw-initiator-only/evaltest.dat @@ -3,6 +3,6 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon. moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-initiator-only/pretest.dat b/testing/tests/ikev2/rw-initiator-only/pretest.dat index 4660c29d6..290f57e69 100644 --- a/testing/tests/ikev2/rw-initiator-only/pretest.dat +++ b/testing/tests/ikev2/rw-initiator-only/pretest.dat @@ -4,7 +4,8 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start -carol::expect-connection peer +moon::expect-connection rw +dave::expect-connection peer dave::ipsec up peer carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/rw-mark-in-out/evaltest.dat b/testing/tests/ikev2/rw-mark-in-out/evaltest.dat index 26b26204c..489c6d2a2 100644 --- a/testing/tests/ikev2/rw-mark-in-out/evaltest.dat +++ b/testing/tests/ikev2/rw-mark-in-out/evaltest.dat @@ -4,8 +4,8 @@ sun:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*sun.strongswan.org.*alice@ sun:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES sun:: ipsec statusall 2> /dev/null::alice.*10.2.0.0/16 === 10.1.0.0/25::YES sun:: ipsec statusall 2> /dev/null::venus.*10.2.0.0/16 === 10.1.0.0/25::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES moon::tcpdump::IP alice.strongswan.org > sun.strongswan.org: ESP::YES moon::tcpdump::IP venus.strongswan.org > sun.strongswan.org: ESP::YES moon::tcpdump::IP sun.strongswan.org > alice.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-mark-in-out/pretest.dat b/testing/tests/ikev2/rw-mark-in-out/pretest.dat index 728831472..241826364 100644 --- a/testing/tests/ikev2/rw-mark-in-out/pretest.dat +++ b/testing/tests/ikev2/rw-mark-in-out/pretest.dat @@ -7,9 +7,10 @@ sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 10 -j SNAT --to PH_IP sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 20 -j SNAT --to PH_IP_DAVE10 sun::iptables -t mangle -A PREROUTING -d PH_IP_CAROL10 -j MARK --set-mark 11 sun::iptables -t mangle -A PREROUTING -d PH_IP_DAVE10 -j MARK --set-mark 21 +sun::ipsec start alice::ipsec start venus::ipsec start -sun::ipsec start +sun::expect-connection alice alice::expect-connection home alice::ipsec up home venus::expect-connection home diff --git a/testing/tests/ikev2/rw-ntru-bliss/evaltest.dat b/testing/tests/ikev2/rw-ntru-bliss/evaltest.dat index 72f3a0e69..ebb738cae 100644 --- a/testing/tests/ikev2/rw-ntru-bliss/evaltest.dat +++ b/testing/tests/ikev2/rw-ntru-bliss/evaltest.dat @@ -2,12 +2,12 @@ carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with BLI carol::ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with BLISS_WITH_SHA2_512 successful::YES dave:: ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/NTRU_192::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with BLISS_WITH_SHA2_256 successful::YES moon:: cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with BLISS_WITH_SHA2_384 successful::YES moon:: ipsec statusall 2> /dev/null::rw\[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES diff --git a/testing/tests/ikev2/rw-ntru-bliss/pretest.dat b/testing/tests/ikev2/rw-ntru-bliss/pretest.dat index c0f963d4c..058b3c33d 100644 --- a/testing/tests/ikev2/rw-ntru-bliss/pretest.dat +++ b/testing/tests/ikev2/rw-ntru-bliss/pretest.dat @@ -4,9 +4,10 @@ dave::iptables-restore < /etc/iptables.rules moon::rm /etc/ipsec.d/cacerts/strongswanCert.pem carol::rm /etc/ipsec.d/cacerts/strongswanCert.pem dave::rm /etc/ipsec.d/cacerts/strongswanCert.pem +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/rw-ntru-psk/evaltest.dat b/testing/tests/ikev2/rw-ntru-psk/evaltest.dat index 938157cc5..6d5d1cdee 100644 --- a/testing/tests/ikev2/rw-ntru-psk/evaltest.dat +++ b/testing/tests/ikev2/rw-ntru-psk/evaltest.dat @@ -1,11 +1,11 @@ carol::ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/NTRU_192::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw\[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES moon:: ipsec statusall 2> /dev/null::rw\[2]: IKE proposal: AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/NTRU_192::YES moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES diff --git a/testing/tests/ikev2/rw-ntru-psk/pretest.dat b/testing/tests/ikev2/rw-ntru-psk/pretest.dat index e827687f8..1b38f32b7 100644 --- a/testing/tests/ikev2/rw-ntru-psk/pretest.dat +++ b/testing/tests/ikev2/rw-ntru-psk/pretest.dat @@ -7,6 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/* carol::ipsec start dave::ipsec start moon::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/rw-pkcs8/evaltest.dat b/testing/tests/ikev2/rw-pkcs8/evaltest.dat index 2342d024b..849d59a4e 100644 --- a/testing/tests/ikev2/rw-pkcs8/evaltest.dat +++ b/testing/tests/ikev2/rw-pkcs8/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-pkcs8/pretest.dat b/testing/tests/ikev2/rw-pkcs8/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/ikev2/rw-pkcs8/pretest.dat +++ b/testing/tests/ikev2/rw-pkcs8/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat b/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat index 2fbcc474f..a5aa06be2 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat @@ -7,8 +7,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-psk-fqdn/pretest.dat b/testing/tests/ikev2/rw-psk-fqdn/pretest.dat index ab5e18da2..ee5bc7c72 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/pretest.dat +++ b/testing/tests/ikev2/rw-psk-fqdn/pretest.dat @@ -7,6 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/* moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat b/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat index 2bd97b76c..0c8c311ae 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-psk-ipv4/pretest.dat b/testing/tests/ikev2/rw-psk-ipv4/pretest.dat index ab5e18da2..ee5bc7c72 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/pretest.dat +++ b/testing/tests/ikev2/rw-psk-ipv4/pretest.dat @@ -7,6 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/* moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat b/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat index 2342d024b..849d59a4e 100644 --- a/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-psk-no-idr/pretest.dat b/testing/tests/ikev2/rw-psk-no-idr/pretest.dat index ab5e18da2..ee5bc7c72 100644 --- a/testing/tests/ikev2/rw-psk-no-idr/pretest.dat +++ b/testing/tests/ikev2/rw-psk-no-idr/pretest.dat @@ -7,6 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/* moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat b/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat index 55b295781..ecd86f89a 100644 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat @@ -6,8 +6,8 @@ moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with RSA moon:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA.* successful::YES moon:: ipsec status 2> /dev/null::rw-rsasig.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/pretest.dat b/testing/tests/ikev2/rw-psk-rsa-mixed/pretest.dat index 08b891aa5..c6d53d0e6 100644 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/pretest.dat +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/pretest.dat @@ -5,6 +5,8 @@ carol::rm /etc/ipsec.d/cacerts/* moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw-rsasig +moon::expect-connection rw-psk carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat b/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat index 1206ea4b7..e3d58e1ed 100644 --- a/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat @@ -9,8 +9,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-psk-rsa-split/pretest.dat b/testing/tests/ikev2/rw-psk-rsa-split/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/ikev2/rw-psk-rsa-split/pretest.dat +++ b/testing/tests/ikev2/rw-psk-rsa-split/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/rw-radius-accounting/pretest.dat b/testing/tests/ikev2/rw-radius-accounting/pretest.dat index d26229602..7ec7c1226 100644 --- a/testing/tests/ikev2/rw-radius-accounting/pretest.dat +++ b/testing/tests/ikev2/rw-radius-accounting/pretest.dat @@ -4,5 +4,6 @@ alice::rm /var/log/freeradius/radacct/PH_IP_MOON1/* alice::radiusd moon::ipsec start carol::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/rw-sig-auth/evaltest.dat b/testing/tests/ikev2/rw-sig-auth/evaltest.dat index 261475f56..5e264c5ab 100644 --- a/testing/tests/ikev2/rw-sig-auth/evaltest.dat +++ b/testing/tests/ikev2/rw-sig-auth/evaltest.dat @@ -12,8 +12,8 @@ dave ::ipsec status 2> /dev/null::alice.*ESTABLISHED.*PH_IP_DAVE.*moon.strongswa moon ::ipsec status 2> /dev/null::accounting.*INSTALLED, TUNNEL::YES dave ::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::NO dave ::ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-sig-auth/pretest.dat b/testing/tests/ikev2/rw-sig-auth/pretest.dat index 9c26ea122..eb31a1f33 100644 --- a/testing/tests/ikev2/rw-sig-auth/pretest.dat +++ b/testing/tests/ikev2/rw-sig-auth/pretest.dat @@ -4,6 +4,8 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection research +moon::expect-connection accounting carol::expect-connection alice carol::expect-connection venus carol::ipsec up alice diff --git a/testing/tests/ikev2/rw-whitelist/evaltest.dat b/testing/tests/ikev2/rw-whitelist/evaltest.dat index a9917bcf1..f27e6a03a 100644 --- a/testing/tests/ikev2/rw-whitelist/evaltest.dat +++ b/testing/tests/ikev2/rw-whitelist/evaltest.dat @@ -3,10 +3,10 @@ moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with RS moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with RSA.* successful::YES moon:: cat /var/log/daemon.log::peer identity 'dave@strongswan.org' not whitelisted::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: cat /var/log/daemon.log:: received AUTHENTICATION_FAILED notify error::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED::NO -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/shunt-policies-nat-rw/evaltest.dat b/testing/tests/ikev2/shunt-policies-nat-rw/evaltest.dat index 4d36673dc..67014c5ee 100644 --- a/testing/tests/ikev2/shunt-policies-nat-rw/evaltest.dat +++ b/testing/tests/ikev2/shunt-policies-nat-rw/evaltest.dat @@ -2,11 +2,11 @@ alice::ipsec status 2> /dev/null::local-net.*PASS::YES venus::ipsec status 2> /dev/null::local-net.*PASS::YES alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*sun.strongswan.org::YES venus::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*venus.strongswan.org.*sun.strongswan.org::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP-encap: ESP::YES -moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP-encap: ESP::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES +moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP-encap: ESP::YES alice::tcpdump::IP alice.strongswan.org > venus.strongswan.org: ICMP::YES alice::tcpdump::IP venus.strongswan.org > alice.strongswan.org: ICMP::YES \ No newline at end of file diff --git a/testing/tests/ikev2/strong-keys-certs/evaltest.dat b/testing/tests/ikev2/strong-keys-certs/evaltest.dat index 2342d024b..849d59a4e 100644 --- a/testing/tests/ikev2/strong-keys-certs/evaltest.dat +++ b/testing/tests/ikev2/strong-keys-certs/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/strong-keys-certs/pretest.dat b/testing/tests/ikev2/strong-keys-certs/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/ikev2/strong-keys-certs/pretest.dat +++ b/testing/tests/ikev2/strong-keys-certs/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/trap-any/evaltest.dat b/testing/tests/ikev2/trap-any/evaltest.dat index 27df31fbe..6484c045a 100644 --- a/testing/tests/ikev2/trap-any/evaltest.dat +++ b/testing/tests/ikev2/trap-any/evaltest.dat @@ -1,9 +1,9 @@ -moon::ping -c 2 -W 1 -i 0.4 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=2::YES -moon::ping -c 2 -W 1 -i 0.4 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_req=2::YES -sun::ping -c 2 -W 1 -i 0.4 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_req=2::YES -dave::ping -c 2 -W 1 -i 0.4 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_req=2::YES -dave::ping -c 2 -W 1 -i 0.4 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=2::YES -dave::ping -c 1 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_req=1::YES +moon::ping -c 2 -W 1 -i 0.4 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=2::YES +moon::ping -c 2 -W 1 -i 0.4 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_.eq=2::YES +sun::ping -c 2 -W 1 -i 0.4 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_.eq=2::YES +dave::ping -c 2 -W 1 -i 0.4 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_.eq=2::YES +dave::ping -c 2 -W 1 -i 0.4 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=2::YES +dave::ping -c 1 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_.eq=1::YES moon::ipsec status 2> /dev/null::trap-any.*ESTABLISHED.*PH_IP_MOON.*PH_IP_SUN::YES moon::ipsec status 2> /dev/null::trap-any.*ESTABLISHED.*PH_IP_MOON.*PH_IP_CAROL::YES moon::ipsec status 2> /dev/null::trap-any.*ESTABLISHED.*PH_IP_MOON.*PH_IP_DAVE::YES diff --git a/testing/tests/ikev2/two-certs/evaltest.dat b/testing/tests/ikev2/two-certs/evaltest.dat index 2b4476afa..422c76e2e 100644 --- a/testing/tests/ikev2/two-certs/evaltest.dat +++ b/testing/tests/ikev2/two-certs/evaltest.dat @@ -1,11 +1,11 @@ moon:: cat /var/log/daemon.log::using certificate.*OU=Research, CN=carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::alice.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: cat /var/log/daemon.log::signature validation failed, looking for another key::YES moon:: cat /var/log/daemon.log::using certificate.*OU=Research, SN=002, CN=carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::venus.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/two-certs/pretest.dat b/testing/tests/ikev2/two-certs/pretest.dat index 5936eda68..ead4b6bb3 100644 --- a/testing/tests/ikev2/two-certs/pretest.dat +++ b/testing/tests/ikev2/two-certs/pretest.dat @@ -2,6 +2,8 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection alice +moon::expect-connection venus carol::expect-connection alice carol::expect-connection venus carol::ipsec up alice diff --git a/testing/tests/ikev2/virtual-ip-override/pretest.dat b/testing/tests/ikev2/virtual-ip-override/pretest.dat index 2d09e88ce..bdbe341dd 100644 --- a/testing/tests/ikev2/virtual-ip-override/pretest.dat +++ b/testing/tests/ikev2/virtual-ip-override/pretest.dat @@ -1,9 +1,10 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection rw-carol carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/virtual-ip/evaltest.dat b/testing/tests/ikev2/virtual-ip/evaltest.dat index 0f5df71d7..8da2ceb22 100644 --- a/testing/tests/ikev2/virtual-ip/evaltest.dat +++ b/testing/tests/ikev2/virtual-ip/evaltest.dat @@ -14,12 +14,12 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::src PH_IP_CAROL1::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::src PH_IP_DAVE1::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES -moon:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_req=1::YES -moon:: ping -c 1 PH_IP_DAVE1::64 bytes from PH_IP_DAVE1: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES +moon:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_.eq=1::YES +moon:: ping -c 1 PH_IP_DAVE1::64 bytes from PH_IP_DAVE1: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/virtual-ip/pretest.dat b/testing/tests/ikev2/virtual-ip/pretest.dat index 2d09e88ce..e87a8ee47 100644 --- a/testing/tests/ikev2/virtual-ip/pretest.dat +++ b/testing/tests/ikev2/virtual-ip/pretest.dat @@ -1,9 +1,10 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/ikev2/wildcards/pretest.dat b/testing/tests/ikev2/wildcards/pretest.dat index 2134d6bea..96acd254b 100644 --- a/testing/tests/ikev2/wildcards/pretest.dat +++ b/testing/tests/ikev2/wildcards/pretest.dat @@ -1,6 +1,8 @@ carol::ipsec start dave::ipsec start moon::ipsec start +moon::expect-connection alice +moon::expect-connection venus carol::expect-connection alice carol::expect-connection venus carol::ipsec up alice diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat index 151b73c27..ee9e22ed7 100644 --- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat @@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat index 151b73c27..ee9e22ed7 100644 --- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat @@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES diff --git a/testing/tests/libipsec/host2host-cert/evaltest.dat b/testing/tests/libipsec/host2host-cert/evaltest.dat index 105c2a4ed..77c2528ea 100644 --- a/testing/tests/libipsec/host2host-cert/evaltest.dat +++ b/testing/tests/libipsec/host2host-cert/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES -moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES -sun::tcpdump::IP moon.strongswan.org.4500 > sun.strongswan.org.4500: UDP-encap: ESP::YES -sun::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.4500: UDP-encap: ESP::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES +sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES +sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES diff --git a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/updown b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/updown index f7ec06498..9ca3bae6e 100755 --- a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/updown +++ b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/updown @@ -441,6 +441,14 @@ up-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed) + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection setup if [ $VPN_LOGGING ] then @@ -465,6 +473,13 @@ down-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection teardown if [ $VPN_LOGGING ] then @@ -504,6 +519,15 @@ up-client-v6:iptables) -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT fi # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed). + # INPUT is correct here even for forwarded traffic. + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection setup if [ $VPN_LOGGING ] then @@ -547,6 +571,13 @@ down-client-v6:iptables) $IPSEC_POLICY_OUT -j ACCEPT fi # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection teardown if [ $VPN_LOGGING ] then diff --git a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/updown b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/updown index f7ec06498..9ca3bae6e 100755 --- a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/updown +++ b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/updown @@ -441,6 +441,14 @@ up-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed) + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection setup if [ $VPN_LOGGING ] then @@ -465,6 +473,13 @@ down-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection teardown if [ $VPN_LOGGING ] then @@ -504,6 +519,15 @@ up-client-v6:iptables) -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT fi # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed). + # INPUT is correct here even for forwarded traffic. + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection setup if [ $VPN_LOGGING ] then @@ -547,6 +571,13 @@ down-client-v6:iptables) $IPSEC_POLICY_OUT -j ACCEPT fi # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection teardown if [ $VPN_LOGGING ] then diff --git a/testing/tests/libipsec/host2host-cert/pretest.dat b/testing/tests/libipsec/host2host-cert/pretest.dat index b095bf5c4..35c0f3e1c 100644 --- a/testing/tests/libipsec/host2host-cert/pretest.dat +++ b/testing/tests/libipsec/host2host-cert/pretest.dat @@ -2,7 +2,8 @@ moon::sysctl -w net.ipv4.conf.all.rp_filter=2 sun::sysctl -w net.ipv4.conf.all.rp_filter=2 moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection host-host moon::expect-connection host-host moon::ipsec up host-host diff --git a/testing/tests/libipsec/net2net-3des/evaltest.dat b/testing/tests/libipsec/net2net-3des/evaltest.dat index f60fea6bf..e71456ef7 100644 --- a/testing/tests/libipsec/net2net-3des/evaltest.dat +++ b/testing/tests/libipsec/net2net-3des/evaltest.dat @@ -4,8 +4,8 @@ moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES moon::ipsec statusall 2> /dev/null::net-net\[1].*3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024::YES sun:: ipsec statusall 2> /dev/null::net-net\[1].*3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES moon::ipsec statusall 2> /dev/null::net-net[{]1}.*3DES_CBC/HMAC_SHA1_96::YES sun:: ipsec statusall 2> /dev/null::net-net[{]1}.*3DES_CBC/HMAC_SHA1_96::YES -sun::tcpdump::IP moon.strongswan.org.4500 > sun.strongswan.org.4500: UDP-encap: ESP::YES -sun::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.4500: UDP-encap: ESP::YES +sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES +sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES diff --git a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/updown b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/updown index 61f65311c..e7c3640d4 100755 --- a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/updown +++ b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/updown @@ -441,6 +441,14 @@ up-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed) + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection setup if [ $VPN_LOGGING ] then @@ -465,6 +473,13 @@ down-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection teardown if [ $VPN_LOGGING ] then @@ -504,6 +519,15 @@ up-client-v6:iptables) -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT fi # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed). + # INPUT is correct here even for forwarded traffic. + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection setup if [ $VPN_LOGGING ] then @@ -547,6 +571,13 @@ down-client-v6:iptables) $IPSEC_POLICY_OUT -j ACCEPT fi # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection teardown if [ $VPN_LOGGING ] then diff --git a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/updown b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/updown index 61f65311c..e7c3640d4 100755 --- a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/updown +++ b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/updown @@ -441,6 +441,14 @@ up-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed) + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection setup if [ $VPN_LOGGING ] then @@ -465,6 +473,13 @@ down-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection teardown if [ $VPN_LOGGING ] then @@ -504,6 +519,15 @@ up-client-v6:iptables) -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT fi # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed). + # INPUT is correct here even for forwarded traffic. + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection setup if [ $VPN_LOGGING ] then @@ -547,6 +571,13 @@ down-client-v6:iptables) $IPSEC_POLICY_OUT -j ACCEPT fi # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection teardown if [ $VPN_LOGGING ] then diff --git a/testing/tests/libipsec/net2net-3des/pretest.dat b/testing/tests/libipsec/net2net-3des/pretest.dat index 1732d6efa..bcc2cb04d 100644 --- a/testing/tests/libipsec/net2net-3des/pretest.dat +++ b/testing/tests/libipsec/net2net-3des/pretest.dat @@ -1,6 +1,7 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/libipsec/net2net-cert/evaltest.dat b/testing/tests/libipsec/net2net-cert/evaltest.dat index f702ceadf..e489fec64 100644 --- a/testing/tests/libipsec/net2net-cert/evaltest.dat +++ b/testing/tests/libipsec/net2net-cert/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun. sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -sun::tcpdump::IP moon.strongswan.org.4500 > sun.strongswan.org.4500: UDP-encap: ESP::YES -sun::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.4500: UDP-encap: ESP::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES +sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES diff --git a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/updown b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/updown index 61f65311c..e7c3640d4 100755 --- a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/updown +++ b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/updown @@ -441,6 +441,14 @@ up-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed) + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection setup if [ $VPN_LOGGING ] then @@ -465,6 +473,13 @@ down-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection teardown if [ $VPN_LOGGING ] then @@ -504,6 +519,15 @@ up-client-v6:iptables) -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT fi # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed). + # INPUT is correct here even for forwarded traffic. + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection setup if [ $VPN_LOGGING ] then @@ -547,6 +571,13 @@ down-client-v6:iptables) $IPSEC_POLICY_OUT -j ACCEPT fi # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection teardown if [ $VPN_LOGGING ] then diff --git a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/updown b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/updown index 61f65311c..e7c3640d4 100755 --- a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/updown +++ b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/updown @@ -441,6 +441,14 @@ up-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed) + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection setup if [ $VPN_LOGGING ] then @@ -465,6 +473,13 @@ down-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection teardown if [ $VPN_LOGGING ] then @@ -504,6 +519,15 @@ up-client-v6:iptables) -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT fi # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed). + # INPUT is correct here even for forwarded traffic. + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection setup if [ $VPN_LOGGING ] then @@ -547,6 +571,13 @@ down-client-v6:iptables) $IPSEC_POLICY_OUT -j ACCEPT fi # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection teardown if [ $VPN_LOGGING ] then diff --git a/testing/tests/libipsec/net2net-cert/pretest.dat b/testing/tests/libipsec/net2net-cert/pretest.dat index 1732d6efa..bcc2cb04d 100644 --- a/testing/tests/libipsec/net2net-cert/pretest.dat +++ b/testing/tests/libipsec/net2net-cert/pretest.dat @@ -1,6 +1,7 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/libipsec/net2net-null/evaltest.dat b/testing/tests/libipsec/net2net-null/evaltest.dat index 0cafb4faf..c1aae4032 100644 --- a/testing/tests/libipsec/net2net-null/evaltest.dat +++ b/testing/tests/libipsec/net2net-null/evaltest.dat @@ -4,8 +4,8 @@ moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES moon::ipsec statusall 2> /dev/null::net-net\[1].*NULL/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES sun:: ipsec statusall 2> /dev/null::net-net\[1].*NULL/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES moon::ipsec statusall 2> /dev/null::net-net[{]1}.*NULL/HMAC_SHA2_256::YES sun:: ipsec statusall 2> /dev/null::net-net[{]1}.*NULL/HMAC_SHA2_256::YES -sun::tcpdump::IP moon.strongswan.org.4500 > sun.strongswan.org.4500: UDP-encap: ESP::YES -sun::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.4500: UDP-encap: ESP::YES +sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES +sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES diff --git a/testing/tests/libipsec/net2net-null/hosts/moon/etc/updown b/testing/tests/libipsec/net2net-null/hosts/moon/etc/updown index 61f65311c..e7c3640d4 100755 --- a/testing/tests/libipsec/net2net-null/hosts/moon/etc/updown +++ b/testing/tests/libipsec/net2net-null/hosts/moon/etc/updown @@ -441,6 +441,14 @@ up-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed) + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection setup if [ $VPN_LOGGING ] then @@ -465,6 +473,13 @@ down-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection teardown if [ $VPN_LOGGING ] then @@ -504,6 +519,15 @@ up-client-v6:iptables) -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT fi # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed). + # INPUT is correct here even for forwarded traffic. + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection setup if [ $VPN_LOGGING ] then @@ -547,6 +571,13 @@ down-client-v6:iptables) $IPSEC_POLICY_OUT -j ACCEPT fi # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection teardown if [ $VPN_LOGGING ] then diff --git a/testing/tests/libipsec/net2net-null/hosts/sun/etc/updown b/testing/tests/libipsec/net2net-null/hosts/sun/etc/updown index 61f65311c..e7c3640d4 100755 --- a/testing/tests/libipsec/net2net-null/hosts/sun/etc/updown +++ b/testing/tests/libipsec/net2net-null/hosts/sun/etc/updown @@ -441,6 +441,14 @@ up-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed) + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection setup if [ $VPN_LOGGING ] then @@ -465,6 +473,13 @@ down-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection teardown if [ $VPN_LOGGING ] then @@ -504,6 +519,15 @@ up-client-v6:iptables) -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT fi # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed). + # INPUT is correct here even for forwarded traffic. + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection setup if [ $VPN_LOGGING ] then @@ -547,6 +571,13 @@ down-client-v6:iptables) $IPSEC_POLICY_OUT -j ACCEPT fi # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection teardown if [ $VPN_LOGGING ] then diff --git a/testing/tests/libipsec/net2net-null/pretest.dat b/testing/tests/libipsec/net2net-null/pretest.dat index 1732d6efa..bcc2cb04d 100644 --- a/testing/tests/libipsec/net2net-null/pretest.dat +++ b/testing/tests/libipsec/net2net-null/pretest.dat @@ -1,6 +1,7 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start sun::ipsec start +moon::ipsec start +sun::expect-connection net-net moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/libipsec/rw-suite-b/evaltest.dat b/testing/tests/libipsec/rw-suite-b/evaltest.dat index 3a9493ba3..487a21c57 100644 --- a/testing/tests/libipsec/rw-suite-b/evaltest.dat +++ b/testing/tests/libipsec/rw-suite-b/evaltest.dat @@ -11,9 +11,9 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -moon::tcpdump::IP carol.strongswan.org.4500 > moon.strongswan.org.4500: UDP-encap: ESP::YES -moon::tcpdump::IP moon.strongswan.org.4500 > carol.strongswan.org.4500: UDP-encap: ESP::YES -moon::tcpdump::IP dave.strongswan.org.4500 > moon.strongswan.org.4500: UDP-encap: ESP::YES -moon::tcpdump::IP moon.strongswan.org.4500 > dave.strongswan.org.4500: UDP-encap: ESP::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +moon::tcpdump::IP carol.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES +moon::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > carol.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES +moon::tcpdump::IP dave.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES +moon::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > dave.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/updown b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/updown index 652d17dab..6a5b18de6 100755 --- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/updown +++ b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/updown @@ -482,6 +482,14 @@ up-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed) + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection setup if [ $VPN_LOGGING ] then @@ -506,6 +514,13 @@ down-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection teardown if [ $VPN_LOGGING ] then @@ -545,6 +560,15 @@ up-client-v6:iptables) -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT fi # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed). + # INPUT is correct here even for forwarded traffic. + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection setup if [ $VPN_LOGGING ] then @@ -588,6 +612,13 @@ down-client-v6:iptables) $IPSEC_POLICY_OUT -j ACCEPT fi # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection teardown if [ $VPN_LOGGING ] then diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/updown b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/updown index 652d17dab..6a5b18de6 100755 --- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/updown +++ b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/updown @@ -482,6 +482,14 @@ up-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed) + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection setup if [ $VPN_LOGGING ] then @@ -506,6 +514,13 @@ down-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection teardown if [ $VPN_LOGGING ] then @@ -545,6 +560,15 @@ up-client-v6:iptables) -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT fi # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed). + # INPUT is correct here even for forwarded traffic. + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection setup if [ $VPN_LOGGING ] then @@ -588,6 +612,13 @@ down-client-v6:iptables) $IPSEC_POLICY_OUT -j ACCEPT fi # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection teardown if [ $VPN_LOGGING ] then diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/updown b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/updown index 652d17dab..6a5b18de6 100755 --- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/updown +++ b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/updown @@ -482,6 +482,14 @@ up-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed) + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection setup if [ $VPN_LOGGING ] then @@ -506,6 +514,13 @@ down-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection teardown if [ $VPN_LOGGING ] then @@ -545,6 +560,15 @@ up-client-v6:iptables) -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT fi # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed). + # INPUT is correct here even for forwarded traffic. + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection setup if [ $VPN_LOGGING ] then @@ -588,6 +612,13 @@ down-client-v6:iptables) $IPSEC_POLICY_OUT -j ACCEPT fi # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection teardown if [ $VPN_LOGGING ] then diff --git a/testing/tests/openssl-ikev1/alg-camellia/evaltest.dat b/testing/tests/openssl-ikev1/alg-camellia/evaltest.dat index 3b6770389..937860593 100644 --- a/testing/tests/openssl-ikev1/alg-camellia/evaltest.dat +++ b/testing/tests/openssl-ikev1/alg-camellia/evaltest.dat @@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_3072::YES carol::ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_3072::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES carol::ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES moon:: ip xfrm state::enc cbc(camellia)::YES diff --git a/testing/tests/openssl-ikev1/alg-camellia/pretest.dat b/testing/tests/openssl-ikev1/alg-camellia/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/openssl-ikev1/alg-camellia/pretest.dat +++ b/testing/tests/openssl-ikev1/alg-camellia/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/evaltest.dat b/testing/tests/openssl-ikev1/alg-ecp-high/evaltest.dat index ac7d8cd98..553c79451 100644 --- a/testing/tests/openssl-ikev1/alg-ecp-high/evaltest.dat +++ b/testing/tests/openssl-ikev1/alg-ecp-high/evaltest.dat @@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_384::YES dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/pretest.dat b/testing/tests/openssl-ikev1/alg-ecp-high/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/openssl-ikev1/alg-ecp-high/pretest.dat +++ b/testing/tests/openssl-ikev1/alg-ecp-high/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/evaltest.dat b/testing/tests/openssl-ikev1/alg-ecp-low/evaltest.dat index 178d541da..327d63bf8 100644 --- a/testing/tests/openssl-ikev1/alg-ecp-low/evaltest.dat +++ b/testing/tests/openssl-ikev1/alg-ecp-low/evaltest.dat @@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_224::YES dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/pretest.dat b/testing/tests/openssl-ikev1/alg-ecp-low/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/openssl-ikev1/alg-ecp-low/pretest.dat +++ b/testing/tests/openssl-ikev1/alg-ecp-low/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/evaltest.dat b/testing/tests/openssl-ikev1/ecdsa-certs/evaltest.dat index 941a2fecf..9a8516dad 100644 --- a/testing/tests/openssl-ikev1/ecdsa-certs/evaltest.dat +++ b/testing/tests/openssl-ikev1/ecdsa-certs/evaltest.dat @@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with EC moon:: cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with ECDSA_WITH_NULL successful::YES carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA_WITH_NULL successful::YES dave:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA_WITH_NULL successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/pretest.dat b/testing/tests/openssl-ikev1/ecdsa-certs/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/openssl-ikev1/ecdsa-certs/pretest.dat +++ b/testing/tests/openssl-ikev1/ecdsa-certs/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/openssl-ikev2/alg-aes-gcm/evaltest.dat b/testing/tests/openssl-ikev2/alg-aes-gcm/evaltest.dat index 4cf89b765..44bd75895 100644 --- a/testing/tests/openssl-ikev2/alg-aes-gcm/evaltest.dat +++ b/testing/tests/openssl-ikev2/alg-aes-gcm/evaltest.dat @@ -6,8 +6,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw\[1].*IKE proposal: AES_GCM_16_256::YES moon:: ipsec statusall 2> /dev/null::rw\[2].*IKE proposal: AES_GCM_16_128::YES carol::ipsec statusall 2> /dev/null::IKE proposal: AES_GCM_16_256::YES diff --git a/testing/tests/openssl-ikev2/alg-aes-gcm/pretest.dat b/testing/tests/openssl-ikev2/alg-aes-gcm/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/openssl-ikev2/alg-aes-gcm/pretest.dat +++ b/testing/tests/openssl-ikev2/alg-aes-gcm/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/openssl-ikev2/alg-blowfish/evaltest.dat b/testing/tests/openssl-ikev2/alg-blowfish/evaltest.dat index cd83c56b4..a4f1f2998 100644 --- a/testing/tests/openssl-ikev2/alg-blowfish/evaltest.dat +++ b/testing/tests/openssl-ikev2/alg-blowfish/evaltest.dat @@ -4,8 +4,8 @@ moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*caro moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_384_192,::YES dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA2_256_128,::YES carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES diff --git a/testing/tests/openssl-ikev2/alg-blowfish/pretest.dat b/testing/tests/openssl-ikev2/alg-blowfish/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/openssl-ikev2/alg-blowfish/pretest.dat +++ b/testing/tests/openssl-ikev2/alg-blowfish/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/openssl-ikev2/alg-camellia/evaltest.dat b/testing/tests/openssl-ikev2/alg-camellia/evaltest.dat index 3b6770389..937860593 100644 --- a/testing/tests/openssl-ikev2/alg-camellia/evaltest.dat +++ b/testing/tests/openssl-ikev2/alg-camellia/evaltest.dat @@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_3072::YES carol::ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_3072::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES carol::ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES moon:: ip xfrm state::enc cbc(camellia)::YES diff --git a/testing/tests/openssl-ikev2/alg-camellia/pretest.dat b/testing/tests/openssl-ikev2/alg-camellia/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/openssl-ikev2/alg-camellia/pretest.dat +++ b/testing/tests/openssl-ikev2/alg-camellia/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/evaltest.dat b/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/evaltest.dat index b7606a48d..ebc7752f2 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/evaltest.dat +++ b/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/evaltest.dat @@ -10,8 +10,8 @@ carol::cat /var/log/daemon.log::ECP_256_BP.*ECP_384_BP::YES dave:: cat /var/log/daemon.log::ECP_256_BP.*ECP_512_BP::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_384_BP::YES dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_512_BP::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/pretest.dat b/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/pretest.dat +++ b/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/evaltest.dat b/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/evaltest.dat index 5fb2073dd..ff9fb202c 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/evaltest.dat +++ b/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/evaltest.dat @@ -10,8 +10,8 @@ carol::cat /var/log/daemon.log::ECP_384_BP.*ECP_224_BP::YES dave:: cat /var/log/daemon.log::ECP_384_BP.*ECP_256_BP::YES carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_224_BP::YES dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256_BP::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/pretest.dat b/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/pretest.dat +++ b/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/evaltest.dat b/testing/tests/openssl-ikev2/alg-ecp-high/evaltest.dat index 375ed86a1..4cee48d89 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-high/evaltest.dat +++ b/testing/tests/openssl-ikev2/alg-ecp-high/evaltest.dat @@ -10,8 +10,8 @@ carol::cat /var/log/daemon.log::ECP_256.*ECP_384::YES dave:: cat /var/log/daemon.log::ECP_256.*ECP_521::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_384::YES dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/pretest.dat b/testing/tests/openssl-ikev2/alg-ecp-high/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-high/pretest.dat +++ b/testing/tests/openssl-ikev2/alg-ecp-high/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/evaltest.dat b/testing/tests/openssl-ikev2/alg-ecp-low/evaltest.dat index c46ed1dd2..818082ca8 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-low/evaltest.dat +++ b/testing/tests/openssl-ikev2/alg-ecp-low/evaltest.dat @@ -10,8 +10,8 @@ carol::cat /var/log/daemon.log::ECP_192.*ECP_224::YES dave:: cat /var/log/daemon.log::ECP_192.*ECP_256::YES carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_224::YES dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/pretest.dat b/testing/tests/openssl-ikev2/alg-ecp-low/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-low/pretest.dat +++ b/testing/tests/openssl-ikev2/alg-ecp-low/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/openssl-ikev2/critical-extension/pretest.dat b/testing/tests/openssl-ikev2/critical-extension/pretest.dat index 1732d6efa..08ca6b54c 100644 --- a/testing/tests/openssl-ikev2/critical-extension/pretest.dat +++ b/testing/tests/openssl-ikev2/critical-extension/pretest.dat @@ -3,4 +3,5 @@ sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start moon::expect-connection net-net +sun::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/evaltest.dat b/testing/tests/openssl-ikev2/ecdsa-certs/evaltest.dat index 55ac10935..18fdacfff 100644 --- a/testing/tests/openssl-ikev2/ecdsa-certs/evaltest.dat +++ b/testing/tests/openssl-ikev2/ecdsa-certs/evaltest.dat @@ -10,8 +10,8 @@ moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with EC moon:: cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with ECDSA-384 signature successful::YES carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA_WITH_SHA512_DER successful::YES dave:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA-521 signature successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/pretest.dat b/testing/tests/openssl-ikev2/ecdsa-certs/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/openssl-ikev2/ecdsa-certs/pretest.dat +++ b/testing/tests/openssl-ikev2/ecdsa-certs/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/evaltest.dat b/testing/tests/openssl-ikev2/ecdsa-pkcs8/evaltest.dat index 2d7324a9a..46eaccd7a 100644 --- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/evaltest.dat +++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/evaltest.dat @@ -6,8 +6,8 @@ moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with EC moon:: cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with ECDSA_WITH_SHA384_DER successful::YES carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA_WITH_SHA512_DER successful::YES dave:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA_WITH_SHA512_DER successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/pretest.dat b/testing/tests/openssl-ikev2/ecdsa-pkcs8/pretest.dat index a55cf37b2..e87a8ee47 100644 --- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/pretest.dat +++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home dave::expect-connection home diff --git a/testing/tests/openssl-ikev2/net2net-pgp-v3/evaltest.dat b/testing/tests/openssl-ikev2/net2net-pgp-v3/evaltest.dat index 460c659d9..468c5f7ee 100644 --- a/testing/tests/openssl-ikev2/net2net-pgp-v3/evaltest.dat +++ b/testing/tests/openssl-ikev2/net2net-pgp-v3/evaltest.dat @@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*71:27:04:32:cd:76:3a:18: sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun .*71:27:04:32:cd:76:3a:18:02:0a:c9:88:c0:e7:5a:ed::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev2/net2net-pgp-v3/pretest.dat b/testing/tests/openssl-ikev2/net2net-pgp-v3/pretest.dat index f2cbf6a0c..969c42337 100644 --- a/testing/tests/openssl-ikev2/net2net-pgp-v3/pretest.dat +++ b/testing/tests/openssl-ikev2/net2net-pgp-v3/pretest.dat @@ -5,4 +5,5 @@ sun::rm /etc/ipsec.d/cacerts/* moon::ipsec start sun::ipsec start moon::expect-connection net-net +sun::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/evaltest.dat b/testing/tests/openssl-ikev2/net2net-pkcs12/evaltest.dat index 2b37cad99..fe4aa5ab1 100644 --- a/testing/tests/openssl-ikev2/net2net-pkcs12/evaltest.dat +++ b/testing/tests/openssl-ikev2/net2net-pkcs12/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun. sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/pretest.dat b/testing/tests/openssl-ikev2/net2net-pkcs12/pretest.dat index fd1ce379f..47e6d8604 100644 --- a/testing/tests/openssl-ikev2/net2net-pkcs12/pretest.dat +++ b/testing/tests/openssl-ikev2/net2net-pkcs12/pretest.dat @@ -7,4 +7,5 @@ sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start moon::expect-connection net-net +sun::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/openssl-ikev2/rw-cert/evaltest.dat b/testing/tests/openssl-ikev2/rw-cert/evaltest.dat index ba661975b..be78c5125 100644 --- a/testing/tests/openssl-ikev2/rw-cert/evaltest.dat +++ b/testing/tests/openssl-ikev2/rw-cert/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat b/testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat index 7d32c11c3..a24c7a053 100644 --- a/testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat +++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat @@ -5,6 +5,6 @@ carol::cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_ECDHE_ECDSA_W carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECSA 521 bit, CN=moon.strongswan.org' with EAP successful::YES moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECDSA 256 bit, CN=carol@strongswan.org' with EAP successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/pretest.dat b/testing/tests/openssl-ikev2/rw-eap-tls-only/pretest.dat index de4acbbf0..1578796a1 100644 --- a/testing/tests/openssl-ikev2/rw-eap-tls-only/pretest.dat +++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw-eap carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/evaltest.dat b/testing/tests/openssl-ikev2/rw-suite-b-128/evaltest.dat index a0831f746..b00c4cd40 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-128/evaltest.dat +++ b/testing/tests/openssl-ikev2/rw-suite-b-128/evaltest.dat @@ -6,6 +6,6 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon. moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/evaltest.dat b/testing/tests/openssl-ikev2/rw-suite-b-192/evaltest.dat index 200ec3cfb..3de5c94e0 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-192/evaltest.dat +++ b/testing/tests/openssl-ikev2/rw-suite-b-192/evaltest.dat @@ -6,6 +6,6 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon. moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/p2pnat/behind-same-nat/evaltest.dat b/testing/tests/p2pnat/behind-same-nat/evaltest.dat index 378520596..85a910a20 100644 --- a/testing/tests/p2pnat/behind-same-nat/evaltest.dat +++ b/testing/tests/p2pnat/behind-same-nat/evaltest.dat @@ -7,5 +7,5 @@ alice::ipsec status 2> /dev/null::peer.*ESTABLISHED.*alice@strongswan.org.*venus venus::ipsec status 2> /dev/null::peer.*ESTABLISHED.*venus.strongswan.org.*alice@strongswan.org::YES alice::ipsec status 2> /dev/null::peer.*INSTALLED, TUNNEL::YES venus::ipsec status 2> /dev/null::peer.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES diff --git a/testing/tests/p2pnat/medsrv-psk/evaltest.dat b/testing/tests/p2pnat/medsrv-psk/evaltest.dat index 2c6080775..55ada8cdf 100644 --- a/testing/tests/p2pnat/medsrv-psk/evaltest.dat +++ b/testing/tests/p2pnat/medsrv-psk/evaltest.dat @@ -6,7 +6,7 @@ alice::ipsec status 2> /dev/null::peer.*ESTABLISHED.*alice@strongswan.org.*bob@s bob:: ipsec status 2> /dev/null::peer.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES alice::ipsec status 2> /dev/null::peer.*INSTALLED, TUNNEL::YES bob:: ipsec status 2> /dev/null::peer.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.*: UDP::YES moon::tcpdump::IP sun.strongswan.org.* > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat b/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat index 9c6b73ba0..5380b7e32 100644 --- a/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat +++ b/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat @@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_3072::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_3072::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/AES_XCBC_96,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/AES_XCBC_96,::YES moon:: ip xfrm state::auth-trunc xcbc(aes)::YES diff --git a/testing/tests/pfkey/alg-aes-xcbc/pretest.dat b/testing/tests/pfkey/alg-aes-xcbc/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/pfkey/alg-aes-xcbc/pretest.dat +++ b/testing/tests/pfkey/alg-aes-xcbc/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/pfkey/alg-sha384/evaltest.dat b/testing/tests/pfkey/alg-sha384/evaltest.dat index 3b24217c5..1148a182e 100644 --- a/testing/tests/pfkey/alg-sha384/evaltest.dat +++ b/testing/tests/pfkey/alg-sha384/evaltest.dat @@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES moon:: ip xfrm state::auth-trunc hmac(sha384)::YES diff --git a/testing/tests/pfkey/alg-sha384/pretest.dat b/testing/tests/pfkey/alg-sha384/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/pfkey/alg-sha384/pretest.dat +++ b/testing/tests/pfkey/alg-sha384/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/pfkey/alg-sha512/evaltest.dat b/testing/tests/pfkey/alg-sha512/evaltest.dat index 6bdceeb44..0b2a71ada 100644 --- a/testing/tests/pfkey/alg-sha512/evaltest.dat +++ b/testing/tests/pfkey/alg-sha512/evaltest.dat @@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES moon:: ip xfrm state::auth-trunc hmac(sha512)::YES diff --git a/testing/tests/pfkey/alg-sha512/pretest.dat b/testing/tests/pfkey/alg-sha512/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/pfkey/alg-sha512/pretest.dat +++ b/testing/tests/pfkey/alg-sha512/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/pfkey/compress/pretest.dat b/testing/tests/pfkey/compress/pretest.dat index 1fd37b6a8..5536d2803 100644 --- a/testing/tests/pfkey/compress/pretest.dat +++ b/testing/tests/pfkey/compress/pretest.dat @@ -2,5 +2,6 @@ carol::iptables-restore < /etc/iptables.rules moon::iptables-restore < /etc/iptables.rules carol::ipsec start moon::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/pfkey/esp-alg-null/evaltest.dat b/testing/tests/pfkey/esp-alg-null/evaltest.dat index c50b188bb..5370bdf55 100644 --- a/testing/tests/pfkey/esp-alg-null/evaltest.dat +++ b/testing/tests/pfkey/esp-alg-null/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES moon:: ip xfrm state::enc ecb(cipher_null)::YES diff --git a/testing/tests/pfkey/esp-alg-null/pretest.dat b/testing/tests/pfkey/esp-alg-null/pretest.dat index de4acbbf0..e34f70277 100644 --- a/testing/tests/pfkey/esp-alg-null/pretest.dat +++ b/testing/tests/pfkey/esp-alg-null/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/pfkey/host2host-transport/evaltest.dat b/testing/tests/pfkey/host2host-transport/evaltest.dat index fbd0c1c96..489fc1e7a 100644 --- a/testing/tests/pfkey/host2host-transport/evaltest.dat +++ b/testing/tests/pfkey/host2host-transport/evaltest.dat @@ -5,6 +5,6 @@ sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES moon::cat /var/log/daemon.log::parsed IKE_AUTH response.*N(USE_TRANSP)::YES moon::ip xfrm state::mode transport::YES sun:: ip xfrm state::mode transport::YES -moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/pfkey/host2host-transport/pretest.dat b/testing/tests/pfkey/host2host-transport/pretest.dat index 997a48167..c6849deb6 100644 --- a/testing/tests/pfkey/host2host-transport/pretest.dat +++ b/testing/tests/pfkey/host2host-transport/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start +sun::expect-connection host-host moon::expect-connection host-host moon::ipsec up host-host diff --git a/testing/tests/pfkey/nat-rw/evaltest.dat b/testing/tests/pfkey/nat-rw/evaltest.dat index ac09e2d6b..da257f780 100644 --- a/testing/tests/pfkey/nat-rw/evaltest.dat +++ b/testing/tests/pfkey/nat-rw/evaltest.dat @@ -6,7 +6,7 @@ alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::nat-t[{]1}.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::nat-t[{]2}.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES -moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP::YES +moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/pfkey/nat-rw/pretest.dat b/testing/tests/pfkey/nat-rw/pretest.dat index e3d9fc858..36d23b570 100644 --- a/testing/tests/pfkey/nat-rw/pretest.dat +++ b/testing/tests/pfkey/nat-rw/pretest.dat @@ -3,9 +3,10 @@ venus::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100 moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100 +sun::ipsec start alice::ipsec start venus::ipsec start -sun::ipsec start +sun::expect-connection nat-t alice::expect-connection nat-t alice::ipsec up nat-t venus::expect-connection nat-t diff --git a/testing/tests/pfkey/net2net-route/evaltest.dat b/testing/tests/pfkey/net2net-route/evaltest.dat index 1de6ca8e1..cc9342122 100644 --- a/testing/tests/pfkey/net2net-route/evaltest.dat +++ b/testing/tests/pfkey/net2net-route/evaltest.dat @@ -4,6 +4,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/pfkey/net2net-route/pretest.dat b/testing/tests/pfkey/net2net-route/pretest.dat index a1c567079..1ba8e42e2 100644 --- a/testing/tests/pfkey/net2net-route/pretest.dat +++ b/testing/tests/pfkey/net2net-route/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start +sun::expect-connection net-net moon::expect-connection net-net alice::ping -c 3 -W 1 -i 0.2 PH_IP_BOB diff --git a/testing/tests/pfkey/protoport-dual/evaltest.dat b/testing/tests/pfkey/protoport-dual/evaltest.dat index 50b53cc00..826c09fe4 100644 --- a/testing/tests/pfkey/protoport-dual/evaltest.dat +++ b/testing/tests/pfkey/protoport-dual/evaltest.dat @@ -4,8 +4,8 @@ carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/pfkey/protoport-dual/pretest.dat b/testing/tests/pfkey/protoport-dual/pretest.dat index 12112b194..de347e28f 100644 --- a/testing/tests/pfkey/protoport-dual/pretest.dat +++ b/testing/tests/pfkey/protoport-dual/pretest.dat @@ -2,6 +2,8 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw-icmp +moon::expect-connection rw-ssh carol::expect-connection home-icmp carol::ipsec up home-icmp carol::expect-connection home-ssh diff --git a/testing/tests/pfkey/protoport-route/evaltest.dat b/testing/tests/pfkey/protoport-route/evaltest.dat index 9e970f055..459b45f1b 100644 --- a/testing/tests/pfkey/protoport-route/evaltest.dat +++ b/testing/tests/pfkey/protoport-route/evaltest.dat @@ -1,5 +1,5 @@ -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req::YES -carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq::YES +carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq::YES carol::ssh PH_IP_ALICE hostname::alice::YES carol::cat /var/log/daemon.log::creating acquire job::YES carol::ipsec status 2> /dev/null::home-icmp.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES diff --git a/testing/tests/pfkey/protoport-route/pretest.dat b/testing/tests/pfkey/protoport-route/pretest.dat index b1bf23870..55f1678aa 100644 --- a/testing/tests/pfkey/protoport-route/pretest.dat +++ b/testing/tests/pfkey/protoport-route/pretest.dat @@ -2,6 +2,8 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start +moon::expect-connection rw-icmp +moon::expect-connection rw-ssh carol::expect-connection home-icmp carol::expect-connection home-ssh carol::ssh PH_IP_ALICE hostname diff --git a/testing/tests/pfkey/rw-cert/evaltest.dat b/testing/tests/pfkey/rw-cert/evaltest.dat index 2342d024b..849d59a4e 100644 --- a/testing/tests/pfkey/rw-cert/evaltest.dat +++ b/testing/tests/pfkey/rw-cert/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/pfkey/shunt-policies-nat-rw/evaltest.dat b/testing/tests/pfkey/shunt-policies-nat-rw/evaltest.dat index 4d36673dc..67014c5ee 100644 --- a/testing/tests/pfkey/shunt-policies-nat-rw/evaltest.dat +++ b/testing/tests/pfkey/shunt-policies-nat-rw/evaltest.dat @@ -2,11 +2,11 @@ alice::ipsec status 2> /dev/null::local-net.*PASS::YES venus::ipsec status 2> /dev/null::local-net.*PASS::YES alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*sun.strongswan.org::YES venus::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*venus.strongswan.org.*sun.strongswan.org::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP-encap: ESP::YES -moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP-encap: ESP::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES +moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP-encap: ESP::YES alice::tcpdump::IP alice.strongswan.org > venus.strongswan.org: ICMP::YES alice::tcpdump::IP venus.strongswan.org > alice.strongswan.org: ICMP::YES \ No newline at end of file diff --git a/testing/tests/sql/ip-pool-db-expired/evaltest.dat b/testing/tests/sql/ip-pool-db-expired/evaltest.dat index 9b8456121..a105fc040 100644 --- a/testing/tests/sql/ip-pool-db-expired/evaltest.dat +++ b/testing/tests/sql/ip-pool-db-expired/evaltest.dat @@ -1,12 +1,12 @@ carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.1] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.2] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES diff --git a/testing/tests/sql/ip-pool-db-restart/evaltest.dat b/testing/tests/sql/ip-pool-db-restart/evaltest.dat index ce7a8f5bf..2e3fe8f76 100644 --- a/testing/tests/sql/ip-pool-db-restart/evaltest.dat +++ b/testing/tests/sql/ip-pool-db-restart/evaltest.dat @@ -1,12 +1,12 @@ carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.1] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.2] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES moon:: cat /var/log/daemon.log::acquired existing lease for address.*in pool.*bigpool::YES diff --git a/testing/tests/sql/ip-pool-db/evaltest.dat b/testing/tests/sql/ip-pool-db/evaltest.dat index 799692474..0f55c040f 100644 --- a/testing/tests/sql/ip-pool-db/evaltest.dat +++ b/testing/tests/sql/ip-pool-db/evaltest.dat @@ -5,7 +5,7 @@ carol::cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES carol::cat /var/log/daemon.log::handling APPLICATION_VERSION attribute failed::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.1] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES @@ -15,7 +15,7 @@ dave:: cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES dave:: cat /var/log/daemon.log::handling APPLICATION_VERSION attribute failed::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.2] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES diff --git a/testing/tests/sql/ip-split-pools-db/evaltest.dat b/testing/tests/sql/ip-split-pools-db/evaltest.dat index 16ea2287b..f0e82a2db 100644 --- a/testing/tests/sql/ip-split-pools-db/evaltest.dat +++ b/testing/tests/sql/ip-split-pools-db/evaltest.dat @@ -1,7 +1,7 @@ carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.1] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.1.1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.1.1] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.3.1.1/32] remote-ts=\[10.1.0.0/16]::YES moon:: cat /var/log/daemon.log::acquired new lease for address 10.3.0.1 in pool.*pool0::YES moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer::YES @@ -13,4 +13,4 @@ moon:: ipsec pool --status 2> /dev/null::pool1.*10.3.1.1.*10.3.1.1.*static.*1 .* moon:: ipsec pool --leases --filter pool=pool0,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES moon:: ipsec pool --leases --filter pool=pool1,addr=10.3.1.1,id=dave@strongswan.org 2> /dev/null::online::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.1] child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]::YES -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.1.1] child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.1.1/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.1.1] child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.1.1/32]::YES diff --git a/testing/tests/sql/multi-level-ca/evaltest.dat b/testing/tests/sql/multi-level-ca/evaltest.dat index a0eaae1d5..b003091a5 100644 --- a/testing/tests/sql/multi-level-ca/evaltest.dat +++ b/testing/tests/sql/multi-level-ca/evaltest.dat @@ -1,8 +1,8 @@ carol::cat /var/log/daemon.log::sending issuer cert.*CN=Research CA::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=[192.168.0.100/32 remote-ts=\[10.1.0.0/16]::YES dave:: cat /var/log/daemon.log::sending issuer cert.*CN=Sales CA::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES moon:: cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES diff --git a/testing/tests/sql/net2net-cert/evaltest.dat b/testing/tests/sql/net2net-cert/evaltest.dat index 5180ab31d..42dfb9fd7 100644 --- a/testing/tests/sql/net2net-cert/evaltest.dat +++ b/testing/tests/sql/net2net-cert/evaltest.dat @@ -1,5 +1,5 @@ moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_12.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES sun:: swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_12.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/sql/net2net-psk/evaltest.dat b/testing/tests/sql/net2net-psk/evaltest.dat index 5180ab31d..42dfb9fd7 100644 --- a/testing/tests/sql/net2net-psk/evaltest.dat +++ b/testing/tests/sql/net2net-psk/evaltest.dat @@ -1,5 +1,5 @@ moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_12.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES sun:: swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_12.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/sql/net2net-route-pem/evaltest.dat b/testing/tests/sql/net2net-route-pem/evaltest.dat index 87af401b5..44063cc20 100644 --- a/testing/tests/sql/net2net-route-pem/evaltest.dat +++ b/testing/tests/sql/net2net-route-pem/evaltest.dat @@ -2,7 +2,7 @@ moon:: cat /var/log/daemon.log::creating acquire job for policy 10.1.0.10/32\[ic sun:: cat /var/log/daemon.log::creating acquire job for policy 10.2.0.10/32\[icmp/8\] === 10.1.0.20/32\[icmp/8\] with reqid {2}::YES moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-1.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/28] remote-ts=\[10.2.0.0/23].*net-2.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=MODP_3072.*local-ts=\[10.1.0.16/28] remote-ts=\[10.2.0.0/23]::YES sun:: swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-1.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.2.0.0/23] remote-ts=\[10.1.0.0/28].*net-2.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=MODP_3072.*local-ts=\[10.2.0.0/23] remote-ts=\[10.1.0.16/28]::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/sql/net2net-start-pem/evaltest.dat b/testing/tests/sql/net2net-start-pem/evaltest.dat index 630c17e1a..e7fd283a4 100644 --- a/testing/tests/sql/net2net-start-pem/evaltest.dat +++ b/testing/tests/sql/net2net-start-pem/evaltest.dat @@ -1,6 +1,6 @@ moon:: swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-1.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[10.2.0.0/23].*net-2.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=192 dh-group=MODP_8192.*local-ts=\[10.1.0.16/28] remote-ts=\[10.2.0.0/23].*net-3.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=192 dh-group=MODP_8192.*local-ts=\[10.1.2.0/23] remote-ts=\[10.2.2.0/23]::YES sun:: swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-1.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/23] remote-ts=\[10.1.0.0/28].*net-2.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=192 dh-group=MODP_8192.*local-ts=\[10.2.0.0/23] remote-ts=\[10.1.0.16/28].*net-3.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=192 dh-group=MODP_8192.*local-ts=\[10.2.2.0/23] remote-ts=\[10.1.2.0/23]::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/sql/rw-cert/evaltest.dat b/testing/tests/sql/rw-cert/evaltest.dat index bddf2fe33..10a332b05 100644 --- a/testing/tests/sql/rw-cert/evaltest.dat +++ b/testing/tests/sql/rw-cert/evaltest.dat @@ -1,5 +1,5 @@ -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES diff --git a/testing/tests/sql/rw-eap-aka-rsa/evaltest.dat b/testing/tests/sql/rw-eap-aka-rsa/evaltest.dat index 4f3de0f30..36bdeda49 100644 --- a/testing/tests/sql/rw-eap-aka-rsa/evaltest.dat +++ b/testing/tests/sql/rw-eap-aka-rsa/evaltest.dat @@ -1,7 +1,7 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES moon:: swanctl --list-sas --raw 2> /dev/null::rw-eap-aka.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*rw-eap-aka.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/sql/rw-psk-ipv4/evaltest.dat b/testing/tests/sql/rw-psk-ipv4/evaltest.dat index 80fd718a7..8211acf32 100644 --- a/testing/tests/sql/rw-psk-ipv4/evaltest.dat +++ b/testing/tests/sql/rw-psk-ipv4/evaltest.dat @@ -1,5 +1,5 @@ -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=192.168.0.100 remote-host=192.168.0.1 remote-port=4500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=4500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=192.168.0.1 remote-host=192.168.0.200 remote-port=4500 remote-id=192.168.0.200.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES diff --git a/testing/tests/sql/rw-psk-rsa-split/evaltest.dat b/testing/tests/sql/rw-psk-rsa-split/evaltest.dat index d3ddd8cf6..9bf39d685 100644 --- a/testing/tests/sql/rw-psk-rsa-split/evaltest.dat +++ b/testing/tests/sql/rw-psk-rsa-split/evaltest.dat @@ -1,8 +1,8 @@ moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with pre-shared key successful::YES moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with pre-shared key successful::YES moon:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA.* successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES diff --git a/testing/tests/sql/rw-rsa-keyid/evaltest.dat b/testing/tests/sql/rw-rsa-keyid/evaltest.dat index 8d6c64a94..b03e5c38d 100644 --- a/testing/tests/sql/rw-rsa-keyid/evaltest.dat +++ b/testing/tests/sql/rw-rsa-keyid/evaltest.dat @@ -1,5 +1,5 @@ -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=1f:a1:.*:6e:7c remote-host=192.168.0.1 remote-port=4500 remote-id=6a:9c:.*:29:2e initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=ee:7f:.*:8e:0e remote-host=192.168.0.1 remote-port=4500 remote-id=6a:9c:.*:29:2e initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=6a:9c:.*:29:2e remote-host=192.168.0.200 remote-port=4500 remote-id=ee:7f:.*:8e:0e.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES diff --git a/testing/tests/sql/rw-rsa/evaltest.dat b/testing/tests/sql/rw-rsa/evaltest.dat index b28e4c4a9..de697cc00 100644 --- a/testing/tests/sql/rw-rsa/evaltest.dat +++ b/testing/tests/sql/rw-rsa/evaltest.dat @@ -1,5 +1,5 @@ -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES diff --git a/testing/tests/sql/shunt-policies-nat-rw/evaltest.dat b/testing/tests/sql/shunt-policies-nat-rw/evaltest.dat index 8b1173776..2d8b95659 100644 --- a/testing/tests/sql/shunt-policies-nat-rw/evaltest.dat +++ b/testing/tests/sql/shunt-policies-nat-rw/evaltest.dat @@ -1,7 +1,7 @@ -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES alice::swanctl --list-pols --raw 2> /dev/null::local-net.*mode=PASS local-ts=\[10.1.0.0/16] remote-ts=\[10.1.0.0/16]::YES venus::swanctl --list-pols --raw 2> /dev/null::local-net.*mode=PASS local-ts=\[10.1.0.0/16] remote-ts=\[10.1.0.0/16]::YES alice::swanctl --list-sas --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=10.1.0.10 local-port=4500 local-id=alice@strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-local=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.1] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.3.0.1/32] remote-ts=\[0.0.0.0/0]::YES @@ -9,7 +9,7 @@ venus::swanctl --list-sas --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED sun::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1.*remote-id=alice@strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.1] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[0.0.0.0/0] remote-ts=\[10.3.0.1/32]::YES sun::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1.*remote-id=venus.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.2] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[0.0.0.0/0] remote-ts=\[10.3.0.2/32]::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP-encap: ESP::YES -moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP-encap: ESP::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES +moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP-encap: ESP::YES alice::tcpdump::IP alice.strongswan.org > venus.strongswan.org: ICMP::YES alice::tcpdump::IP venus.strongswan.org > alice.strongswan.org: ICMP::YES diff --git a/testing/tests/swanctl/config-payload/evaltest.dat b/testing/tests/swanctl/config-payload/evaltest.dat index 7d5584482..8115a9e53 100755 --- a/testing/tests/swanctl/config-payload/evaltest.dat +++ b/testing/tests/swanctl/config-payload/evaltest.dat @@ -8,8 +8,8 @@ moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol@str moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave@strongswan.org::YES carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES -alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_req=1::YES -alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_req=1::YES +alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_.eq=1::YES +alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_.eq=1::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/dhcp-dynamic/evaltest.dat b/testing/tests/swanctl/dhcp-dynamic/evaltest.dat index 74d6ca86b..bc8561103 100644 --- a/testing/tests/swanctl/dhcp-dynamic/evaltest.dat +++ b/testing/tests/swanctl/dhcp-dynamic/evaltest.dat @@ -1,7 +1,7 @@ -alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_req=1::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_.eq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.1.0.50] child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.50/32] remote-ts=\[10.1.0.0/16]::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.1.0.51] child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.51/32] remote-ts=\[10.1.0.0/16]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.1.0.50] child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.1.0.50/32] diff --git a/testing/tests/swanctl/dhcp-dynamic/posttest.dat b/testing/tests/swanctl/dhcp-dynamic/posttest.dat index 624a26b4b..87e731511 100644 --- a/testing/tests/swanctl/dhcp-dynamic/posttest.dat +++ b/testing/tests/swanctl/dhcp-dynamic/posttest.dat @@ -4,7 +4,7 @@ carol::service charon stop 2> /dev/null dave::service charon stop 2> /dev/null moon::service charon stop 2> /dev/null venus::cat /var/state/dhcp/dhcpd.leases -venus::/etc/init.d/isc-dhcp-server stop 2> /dev/null +venus::server isc-dhcp-server stop 2> /dev/null moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/dhcp-dynamic/pretest.dat b/testing/tests/swanctl/dhcp-dynamic/pretest.dat index 6d935b63c..fd3d1bf5b 100644 --- a/testing/tests/swanctl/dhcp-dynamic/pretest.dat +++ b/testing/tests/swanctl/dhcp-dynamic/pretest.dat @@ -2,7 +2,7 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules venus::cat /etc/dhcp/dhcpd.conf -venus::/etc/init.d/isc-dhcp-server start 2> /dev/null +venus::service isc-dhcp-server start 2> /dev/null moon::service charon start 2> /dev/null carol::service charon start 2> /dev/null dave::service charon start 2> /dev/null diff --git a/testing/tests/swanctl/frags-ipv4/evaltest.dat b/testing/tests/swanctl/frags-ipv4/evaltest.dat index af4c5a0f5..4b0455667 100755 --- a/testing/tests/swanctl/frags-ipv4/evaltest.dat +++ b/testing/tests/swanctl/frags-ipv4/evaltest.dat @@ -11,8 +11,8 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES -alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::YES -alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::YES +alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES +alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/ip-pool-db/evaltest.dat b/testing/tests/swanctl/ip-pool-db/evaltest.dat index 4af4f3083..5fa9dcac4 100755 --- a/testing/tests/swanctl/ip-pool-db/evaltest.dat +++ b/testing/tests/swanctl/ip-pool-db/evaltest.dat @@ -15,8 +15,8 @@ dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES dave:: cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES dave:: cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES -alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_req=1::YES -alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_req=1::YES +alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_.eq=1::YES +alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_.eq=1::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/ip-pool/evaltest.dat b/testing/tests/swanctl/ip-pool/evaltest.dat index 5ba0002b0..ee0b9805e 100755 --- a/testing/tests/swanctl/ip-pool/evaltest.dat +++ b/testing/tests/swanctl/ip-pool/evaltest.dat @@ -9,8 +9,8 @@ moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol@str moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave@strongswan.org::YES carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES -alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_req=1::YES -alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_req=1::YES +alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_.eq=1::YES +alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_.eq=1::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/manual-prio/description.txt b/testing/tests/swanctl/manual-prio/description.txt new file mode 100755 index 000000000..120fa396e --- /dev/null +++ b/testing/tests/swanctl/manual-prio/description.txt @@ -0,0 +1,4 @@ +The roadwarriors carol and dave set up a connection each +to gateway moon. The authentication is based on X.509 certificates. +High priority passthrough rules cause ssh connections to be exempted from both +ESP encryption and a general drop rule for moon's external eth0 interface. diff --git a/testing/tests/swanctl/manual-prio/evaltest.dat b/testing/tests/swanctl/manual-prio/evaltest.dat new file mode 100755 index 000000000..8a0350563 --- /dev/null +++ b/testing/tests/swanctl/manual-prio/evaltest.dat @@ -0,0 +1,24 @@ +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES +carol::ping -c 1 10.1.0.1::64 bytes from 10.1.0.1: icmp_.eq=1::YES +carol::ping -c 1 10.1.0.10::64 bytes from 10.1.0.10: icmp_.eq=1::YES +dave:: ping -c 1 10.1.0.1::64 bytes from 10.1.0.1: icmp_.eq=1::YES +dave:: ping -c 1 10.1.0.20::64 bytes from 10.1.0.20: icmp_.eq=1::YES +moon:: ping -c 1 10.1.0.10::64 bytes from 10.1.0.10: icmp_.eq=1::YES +moon:: ping -c 1 10.1.0.20::64 bytes from 10.1.0.20: icmp_.eq=1::YES +alice::ping -c 1 -W 1 192.168.0.150::64 bytes from 192.168.0.150: icmp_.eq=1::NO +moon:: ping -c 1 -W 1 192.168.0.150::64 bytes from 192.168.0.150: icmp_.eq=1::NO +winnetou::ping -c 1 -W 1 192.168.0.1::64 bytes from 192.168.0.1: icmp_.eq=1::NO +carol::ssh -o ConnectTimeout=5 192.168.0.1 hostname 2> /dev/null::moon::YES +carol::ssh -o ConnectTimeout=5 10.1.0.1 hostname 2> /dev/null::moon::YES +carol::ssh -o ConnectTimeout=5 10.1.0.10 hostname 2> /dev/null::alice::YES +dave:: ssh -o ConnectTimeout=5 192.168.0.1 hostname 2> /dev/null::moon::YES +dave ::ssh -o ConnectTimeout=5 10.1.0.1 hostname 2> /dev/null::moon::YES +dave ::ssh -o ConnectTimeout=5 10.1.0.20 hostname 2> /dev/null::venus::YES +moon ::ssh -o ConnectTimeout=5 192.168.0.150 hostname 2> /dev/null::winnetou::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf new file mode 100755 index 000000000..7d7e5f9f5 --- /dev/null +++ b/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf @@ -0,0 +1,14 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } +} diff --git a/testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..1821c1ca2 --- /dev/null +++ b/testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,49 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + priority = 2 + + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + proposals = aes128-sha256-modp3072 + } + + shunts { + + children { + pass-ssh-in { + local_ts = 0.0.0.0/0[tcp/ssh] + remote_ts = 0.0.0.0/0[tcp] + priority = 1 + + mode = pass + start_action = trap + } + pass-ssh-out { + local_ts = 0.0.0.0/0[tcp] + remote_ts = 0.0.0.0/0[tcp/ssh] + priority = 1 + + mode = pass + start_action = trap + } + } + } +} diff --git a/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf new file mode 100755 index 000000000..7d7e5f9f5 --- /dev/null +++ b/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf @@ -0,0 +1,14 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } +} diff --git a/testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..ecdd58591 --- /dev/null +++ b/testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1,49 @@ +connections { + + home { + local_addrs = 192.168.0.200 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = daveCert.pem + id = dave@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + proposals = aes128-sha256-modp3072 + } + + shunts { + + children { + pass-ssh-in { + local_ts = 0.0.0.0/0[tcp/ssh] + remote_ts = 0.0.0.0/0[tcp] + priority = 1 + + mode = pass + start_action = trap + } + pass-ssh-out { + local_ts = 0.0.0.0/0[tcp] + remote_ts = 0.0.0.0/0[tcp/ssh] + priority = 1 + + mode = pass + start_action = trap + } + } + } +} diff --git a/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf new file mode 100755 index 000000000..7d7e5f9f5 --- /dev/null +++ b/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf @@ -0,0 +1,14 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } +} diff --git a/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..53883f79d --- /dev/null +++ b/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,66 @@ +connections { + + rw { + local_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + } + children { + net { + local_ts = 10.1.0.0/16 + priority = 2 + interface = eth0 + + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + proposals = aes128-sha256-modp3072 + } + + shunts { + rekey_time = 0 + + children { + drop-eth0-default { + local_ts = 0.0.0.0/0 + remote_ts = 0.0.0.0/0 + interface = eth0 + priority = 4 + + mode = drop + start_action = trap + } + pass-ssh-in { + local_ts = 0.0.0.0/0[tcp/ssh] + remote_ts = 0.0.0.0/0[tcp] + priority = 1 + + mode = pass + start_action = trap + } + pass-ssh-out { + local_ts = 0.0.0.0/0[tcp] + remote_ts = 0.0.0.0/0[tcp/ssh] + priority = 1 + + mode = pass + start_action = trap + } + pass-http-out { + local_ts = 0.0.0.0/0[tcp] + remote_ts = 192.168.0.150[tcp/http] + priority = 1 + + mode = pass + start_action = trap + } + } + } +} diff --git a/testing/tests/swanctl/manual-prio/posttest.dat b/testing/tests/swanctl/manual-prio/posttest.dat new file mode 100755 index 000000000..fd9726374 --- /dev/null +++ b/testing/tests/swanctl/manual-prio/posttest.dat @@ -0,0 +1,8 @@ +carol::swanctl --terminate --ike home +dave::swanctl --terminate --ike home +carol::service charon stop 2> /dev/null +dave::service charon stop 2> /dev/null +moon::service charon stop 2> /dev/null +winnetou::ip route del 10.1.0.0/16 via 192.168.0.1 +carol::ip route del 10.1.0.0/16 via 192.168.0.1 +dave::ip route del 10.1.0.0/16 via 192.168.0.1 diff --git a/testing/tests/swanctl/manual-prio/pretest.dat b/testing/tests/swanctl/manual-prio/pretest.dat new file mode 100755 index 000000000..8613a0189 --- /dev/null +++ b/testing/tests/swanctl/manual-prio/pretest.dat @@ -0,0 +1,11 @@ +winnetou::ip route add 10.1.0.0/16 via 192.168.0.1 +carol::ip route add 10.1.0.0/16 via 192.168.0.1 +dave::ip route add 10.1.0.0/16 via 192.168.0.1 +moon::service charon start 2> /dev/null +carol::service charon start 2> /dev/null +dave::service charon start 2> /dev/null +moon::expect-connection rw +carol::expect-connection home +carol::swanctl --initiate --child home 2> /dev/null +dave::expect-connection home +dave::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/manual-prio/test.conf b/testing/tests/swanctl/manual-prio/test.conf new file mode 100755 index 000000000..b8048b4a0 --- /dev/null +++ b/testing/tests/swanctl/manual-prio/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice venus moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-v-m-c-w-d.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/evaltest.dat b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/evaltest.dat index 50128d519..ebaad54d4 100644 --- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/evaltest.dat +++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/evaltest.dat @@ -4,7 +4,7 @@ carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with R carol::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES moon:: cat /var/log/daemon.log::received EAP identity .*228060123456001::YES moon:: cat /var/log/daemon.log::authentication of .*228060123456001@strongswan.org.* with EAP successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=228060123456001@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES moon::swanctl --list-sas --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=228060123456001@strongswan.org remote-eap-id=228060123456001.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES moon::cat /var/log/daemon.log::authentication of .*dave@strongswan.org.* with RSA.* successful::YES @@ -14,7 +14,7 @@ moon::cat /var/log/daemon.log::received EAP identity .*228060123456002::YES moon::cat /var/log/daemon.log::RADIUS authentication of '228060123456002' failed::YES moon::cat /var/log/daemon.log::EAP method EAP_SIM failed for peer 228060123456002@strongswan.org::YES dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES -dave::ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave::ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/net2net-cert/evaltest.dat b/testing/tests/swanctl/net2net-cert/evaltest.dat index 48a8857f4..1d9bd6434 100755 --- a/testing/tests/swanctl/net2net-cert/evaltest.dat +++ b/testing/tests/swanctl/net2net-cert/evaltest.dat @@ -1,5 +1,5 @@ moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf index b1c005b47..9034651e7 100755 --- a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf @@ -19,11 +19,15 @@ connections { remote_ts = 10.2.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables + rekey_time = 5400 + rekey_bytes = 500000000 + rekey_packets = 1000000 esp_proposals = aes128gcm128-modp3072 } } version = 2 mobike = no + reauth_time = 10800 proposals = aes128-sha256-modp3072 } } diff --git a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf index c3512132f..2b9ddcf72 100755 --- a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf @@ -19,11 +19,15 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables + rekey_time = 5400 + rekey_bytes = 500000000 + rekey_packets = 1000000 esp_proposals = aes128gcm128-modp3072 } } version = 2 mobike = no + reauth_time = 10800 proposals = aes128-sha256-modp3072 } } diff --git a/testing/tests/swanctl/net2net-gw/description.txt b/testing/tests/swanctl/net2net-gw/description.txt new file mode 100755 index 000000000..00c9f1030 --- /dev/null +++ b/testing/tests/swanctl/net2net-gw/description.txt @@ -0,0 +1,7 @@ +A connection between the subnets behind the gateways moon and sun is set up +via the gateway carol. +The authentication is based on X.509 certificates. Upon the successful +establishment of the IPsec tunnels, the updown script automatically +inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test tunnels and firewall, client alice behind gateway moon +pings client bob located behind gateway sun. diff --git a/testing/tests/swanctl/net2net-gw/evaltest.dat b/testing/tests/swanctl/net2net-gw/evaltest.dat new file mode 100755 index 000000000..4908d80be --- /dev/null +++ b/testing/tests/swanctl/net2net-gw/evaltest.dat @@ -0,0 +1,5 @@ +moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES +sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +sun::tcpdump::IP carol.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf new file mode 100755 index 000000000..febe9faba --- /dev/null +++ b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf @@ -0,0 +1,14 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } +} diff --git a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..d450053e5 --- /dev/null +++ b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,49 @@ +connections { + + gw-moon { + local { + auth = pubkey + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + net-moon { + local_ts = 10.2.0.0/16 + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + mobike = no + proposals = aes128-sha256-modp3072 + } + gw-sun { + local { + auth = pubkey + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = pubkey + id = sun.strongswan.org + } + children { + net-sun { + local_ts = 10.1.0.0/16 + remote_ts = 10.2.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + mobike = no + proposals = aes128-sha256-modp3072 + } +} diff --git a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf new file mode 100755 index 000000000..febe9faba --- /dev/null +++ b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf @@ -0,0 +1,14 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } +} diff --git a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..348e5329f --- /dev/null +++ b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,28 @@ +connections { + + gw-gw { + remote_addrs = 192.168.0.100 + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + id = carol@strongswan.org + } + children { + net-net { + local_ts = 10.1.0.0/16 + remote_ts = 10.2.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + mobike = no + proposals = aes128-sha256-modp3072 + } +} diff --git a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf new file mode 100755 index 000000000..febe9faba --- /dev/null +++ b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf @@ -0,0 +1,14 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } +} diff --git a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..68e70be81 --- /dev/null +++ b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf @@ -0,0 +1,28 @@ +connections { + + gw-gw { + remote_addrs = 192.168.0.100 + + local { + auth = pubkey + certs = sunCert.pem + id = sun.strongswan.org + } + remote { + auth = pubkey + id = carol@strongswan.org + } + children { + net-net { + local_ts = 10.2.0.0/16 + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + mobike = no + proposals = aes128-sha256-modp3072 + } +} diff --git a/testing/tests/swanctl/net2net-gw/posttest.dat b/testing/tests/swanctl/net2net-gw/posttest.dat new file mode 100755 index 000000000..94914f832 --- /dev/null +++ b/testing/tests/swanctl/net2net-gw/posttest.dat @@ -0,0 +1,8 @@ +moon::swanctl --terminate --ike gw-gw 2> /dev/null +sun::swanctl --terminate --ike gw-gw 2> /dev/null +moon::service charon stop 2> /dev/null +sun::service charon stop 2> /dev/null +carol::service charon stop 2> /dev/null +moon::iptables-restore < /etc/iptables.flush +sun::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/net2net-gw/pretest.dat b/testing/tests/swanctl/net2net-gw/pretest.dat new file mode 100755 index 000000000..e3136491c --- /dev/null +++ b/testing/tests/swanctl/net2net-gw/pretest.dat @@ -0,0 +1,12 @@ +moon::iptables-restore < /etc/iptables.rules +sun::iptables-restore < /etc/iptables.rules +carol::iptables-restore < /etc/iptables.rules +moon::service charon start 2> /dev/null +sun::service charon start 2> /dev/null +carol::service charon start 2> /dev/null +carol::expect-connection gw-moon +carol::expect-connection gw-sun +moon::expect-connection gw-gw +moon::swanctl --initiate --child net-net 2> /dev/null +sun::expect-connection gw-gw +sun::swanctl --initiate --child net-net 2> /dev/null diff --git a/testing/tests/swanctl/net2net-gw/test.conf b/testing/tests/swanctl/net2net-gw/test.conf new file mode 100755 index 000000000..6eafdf20f --- /dev/null +++ b/testing/tests/swanctl/net2net-gw/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon carol winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-s-b-med.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun carol" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/swanctl/net2net-pubkey/evaltest.dat b/testing/tests/swanctl/net2net-pubkey/evaltest.dat index 849117652..b5398044e 100644 --- a/testing/tests/swanctl/net2net-pubkey/evaltest.dat +++ b/testing/tests/swanctl/net2net-pubkey/evaltest.dat @@ -1,5 +1,5 @@ moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/net2net-pubkey/pretest.dat b/testing/tests/swanctl/net2net-pubkey/pretest.dat index 11e7d5092..b4f48af72 100644 --- a/testing/tests/swanctl/net2net-pubkey/pretest.dat +++ b/testing/tests/swanctl/net2net-pubkey/pretest.dat @@ -4,5 +4,6 @@ sun::cd /etc/swanctl; rm x509/* x509ca/* moon::cd /etc/swanctl; rm x509/* x509ca/* sun::service charon start 2> /dev/null moon::service charon start 2> /dev/null +sun::expect-connection gw-gw moon::expect-connection gw-gw moon::swanctl --initiate --child net-net 2> /dev/null diff --git a/testing/tests/swanctl/net2net-route/evaltest.dat b/testing/tests/swanctl/net2net-route/evaltest.dat index ae292c165..a500b2996 100755 --- a/testing/tests/swanctl/net2net-route/evaltest.dat +++ b/testing/tests/swanctl/net2net-route/evaltest.dat @@ -2,6 +2,6 @@ moon::swanctl --list-pols --raw 2> /dev/null::net-net.*mode=TUNNEL local-ts=\[10 moon::cat /var/log/daemon.log::creating acquire job for policy 10.1.0.10/32\[icmp/8] === 10.2.0.10/32\[icmp/8]::YES moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/net2net-start/evaltest.dat b/testing/tests/swanctl/net2net-start/evaltest.dat index 48a8857f4..1d9bd6434 100755 --- a/testing/tests/swanctl/net2net-start/evaltest.dat +++ b/testing/tests/swanctl/net2net-start/evaltest.dat @@ -1,5 +1,5 @@ moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/protoport-dual/evaltest.dat b/testing/tests/swanctl/protoport-dual/evaltest.dat index a471d1db0..74ba593a3 100644 --- a/testing/tests/swanctl/protoport-dual/evaltest.dat +++ b/testing/tests/swanctl/protoport-dual/evaltest.dat @@ -1,5 +1,5 @@ -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*icmp.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32\[icmp]] remote-ts=\[10.1.0.0/16\[icmp]].*ssh.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=MODP_3072.*local-ts=\[192.168.0.100/32\[tcp]] remote-ts=\[10.1.0.0/16\[tcp/ssh]::YES moon::swanctl --list-sas --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*icmp.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16\[icmp]] remote-ts=\[192.168.0.100/32\[icmp]].*ssh.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=MODP_3072.*local-ts=\[10.1.0.0/16\[tcp/ssh]] remote-ts=\[192.168.0.100/32\[tcp]]::YES diff --git a/testing/tests/swanctl/protoport-dual/pretest.dat b/testing/tests/swanctl/protoport-dual/pretest.dat index 0e8e43390..87ee29bf6 100644 --- a/testing/tests/swanctl/protoport-dual/pretest.dat +++ b/testing/tests/swanctl/protoport-dual/pretest.dat @@ -2,6 +2,8 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::service charon start 2> /dev/null carol::service charon start 2> /dev/null +moon::expect-connection icmp +moon::expect-connection ssh carol::expect-connection icmp carol::expect-connection ssh carol::swanctl --initiate --child icmp 2> /dev/null diff --git a/testing/tests/swanctl/protoport-range/evaltest.dat b/testing/tests/swanctl/protoport-range/evaltest.dat index 89caa9bd1..45bf76fab 100644 --- a/testing/tests/swanctl/protoport-range/evaltest.dat +++ b/testing/tests/swanctl/protoport-range/evaltest.dat @@ -1,5 +1,5 @@ -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*icmp-req.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32\[icmp/8]] remote-ts=\[10.1.0.0/16\[icmp/8]].*icmp-rep.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32\[icmp/0]] remote-ts=\[10.1.0.0/16\[icmp/0]].*ftp-ssh.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=MODP_3072.*local-ts=\[192.168.0.100/32\[tcp/32768-65535]] remote-ts=\[10.1.0.0/16\[tcp/21-22]::YES moon::swanctl --list-sas --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*icmp-req.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16\[icmp/8]] remote-ts=\[192.168.0.100/32\[icmp/8]].*icmp-rep.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16\[icmp/0]] remote-ts=\[192.168.0.100/32\[icmp/0]].*ftp-ssh.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=MODP_3072.*local-ts=\[10.1.0.0/16\[tcp/21-22]] remote-ts=\[192.168.0.100/32\[tcp/32768-65535]]::YES diff --git a/testing/tests/swanctl/protoport-range/pretest.dat b/testing/tests/swanctl/protoport-range/pretest.dat index 7e864f514..b45d4b3c6 100644 --- a/testing/tests/swanctl/protoport-range/pretest.dat +++ b/testing/tests/swanctl/protoport-range/pretest.dat @@ -2,6 +2,9 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::service charon start 2> /dev/null carol::service charon start 2> /dev/null +moon::expect-connection icmp-req +moon::expect-connection icmp-rep +moon::expect-connection ftp-ssh carol::expect-connection icmp-req carol::expect-connection icmp-rep carol::expect-connection ftp-ssh diff --git a/testing/tests/swanctl/rw-cert/evaltest.dat b/testing/tests/swanctl/rw-cert/evaltest.dat index 09bc82bf1..51bf8c1ba 100755 --- a/testing/tests/swanctl/rw-cert/evaltest.dat +++ b/testing/tests/swanctl/rw-cert/evaltest.dat @@ -2,8 +2,8 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES -alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::YES -alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::YES +alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES +alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-dnssec/evaltest.dat b/testing/tests/swanctl/rw-dnssec/evaltest.dat index 679233471..6dafe78b6 100644 --- a/testing/tests/swanctl/rw-dnssec/evaltest.dat +++ b/testing/tests/swanctl/rw-dnssec/evaltest.dat @@ -1,11 +1,11 @@ carol::cat /var/log/daemon.log::performing a DNS query for IPSECKEY RRs of.*moon.strongswan.org::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.1] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: cat /var/log/daemon.log::performing a DNS query for IPSECKEY RRs of.*moon.strongswan.org::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.2] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: cat /var/log/daemon.log::performing a DNS query for IPSECKEY RRs of.*carol.strongswan.org::YES moon:: cat /var/log/daemon.log::performing a DNS query for IPSECKEY RRs of.*dave.strongswan.org::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.1] child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]::YES diff --git a/testing/tests/swanctl/rw-hash-and-url/evaltest.dat b/testing/tests/swanctl/rw-hash-and-url/evaltest.dat index 5286ffeb3..f0a25b166 100755 --- a/testing/tests/swanctl/rw-hash-and-url/evaltest.dat +++ b/testing/tests/swanctl/rw-hash-and-url/evaltest.dat @@ -6,8 +6,8 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES -alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::YES -alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::YES +alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES +alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/description.txt b/testing/tests/swanctl/rw-multi-ciphers-ikev1/description.txt new file mode 100755 index 000000000..a46d5a07d --- /dev/null +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/description.txt @@ -0,0 +1,15 @@ +The roadwarriors carol and dave set up a connection each +to gateway moon. The IKEv1 main mode authentication is based on +X.509 certificates. +On the gateway two connections with differing parameters are defined: +One for carol using the IKE proposal aes128-sha256-modp3072 +allowing to reach host alice and one for dave using +the IKE proposal 3des-sha1-modp2048 allowing to reach host venus. +

    +Since the IP addresses of carol and dave are not known +to moon the matching connection definition can only be determined +by moon after the peer identities have been received. +

    +Upon the successful establishment of the IPsec tunnels, carol pings the +client alice and dave the client venus lying in two different +subnets behind the gateway moon. diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/evaltest.dat b/testing/tests/swanctl/rw-multi-ciphers-ikev1/evaltest.dat new file mode 100755 index 000000000..e7bff2df1 --- /dev/null +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/evaltest.dat @@ -0,0 +1,12 @@ +alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES +venus::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES +alice::ping -c 1 -W 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::NO +venus::ping -c 1 -W 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::NO +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=MODP_3072.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES +dave::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_2048.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 dh-group=MODP_2048.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES +moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-1.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-1.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=MODP_3072.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES +moon::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-2.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=500 remote-id=dave@strongswan.org.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_2048.*child-sas.*net-2.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 dh-group=MODP_2048.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf new file mode 100755 index 000000000..bbb6f6cc3 --- /dev/null +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf @@ -0,0 +1,23 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = random nonce sha1 sha2 aes des hmac pkcs1 pem pubkey x509 revocation constraints gmp curl kernel-netlink socket-default updown vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } + syslog { + auth { + default = 0 + } + daemon { + cfg = 1 + ike = 1 + } + } +} diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..12f62cf4e --- /dev/null +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,26 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + id = carol@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/28 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128-sha256-modp3072 + } + } + version = 1 + proposals = aes128-sha256-modp3072 + } +} diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf new file mode 100755 index 000000000..c5c1fc3b8 --- /dev/null +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf @@ -0,0 +1,23 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = random nonce sha1 sha2 aes des hmac pkcs1 pem pubkey x509 revocation constraints gmp curl kernel-netlink socket-default updown vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } + syslog { + auth { + default = 0 + } + daemon { + cfg = 1 + ike = 1 + } + } +} diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..a146c1d10 --- /dev/null +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1,26 @@ +connections { + + home { + local_addrs = 192.168.0.200 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + id = dave@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.16/28 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = 3des-sha1-modp2048 + } + } + version = 1 + proposals = 3des-sha1-modp2048 + } +} diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf new file mode 100755 index 000000000..71ae251a6 --- /dev/null +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf @@ -0,0 +1,23 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = random nonce sha1 sha2 aes des hmac pkcs1 pem pubkey x509 revocation constraints gmp curl kernel-netlink socket-default updown vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } + syslog { + auth { + default = 0 + } + daemon { + cfg = 1 + ike = 1 + } + } +} diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..8356c0249 --- /dev/null +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,45 @@ +connections { + + rw-1 { + + local { + auth = pubkey + id = moon.strongswan.org + } + remote { + auth = pubkey + id = carol@strongswan.org + } + children { + net-1 { + local_ts = 10.1.0.0/28 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128-sha256-modp3072 + } + } + version = 1 + proposals = aes128-sha256-modp3072,3des-sha1-modp2048 + } + + rw-2 { + local { + auth = pubkey + id = moon.strongswan.org + } + remote { + auth = pubkey + id = dave@strongswan.org + } + children { + net-2 { + local_ts = 10.1.0.16/28 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = 3des-sha1-modp2048 + } + } + version = 1 + proposals = 3des-sha1-modp2048,aes128-sha256-modp3072 + } +} diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/posttest.dat b/testing/tests/swanctl/rw-multi-ciphers-ikev1/posttest.dat new file mode 100755 index 000000000..d7107ccc6 --- /dev/null +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/posttest.dat @@ -0,0 +1,8 @@ +carol::swanctl --terminate --ike home +dave::swanctl --terminate --ike home +carol::service charon stop 2> /dev/null +dave::service charon stop 2> /dev/null +moon::service charon stop 2> /dev/null +moon::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush +dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/pretest.dat b/testing/tests/swanctl/rw-multi-ciphers-ikev1/pretest.dat new file mode 100755 index 000000000..37029c074 --- /dev/null +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/pretest.dat @@ -0,0 +1,12 @@ +moon::iptables-restore < /etc/iptables.rules +carol::iptables-restore < /etc/iptables.rules +dave::iptables-restore < /etc/iptables.rules +moon::service charon start 2> /dev/null +carol::service charon start 2> /dev/null +dave::service charon start 2> /dev/null +moon::expect-connection net-1 +moon::expect-connection net-2 +carol::expect-connection home +carol::swanctl --initiate --child home 2> /dev/null +dave::expect-connection home +dave::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/test.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/test.conf new file mode 100755 index 000000000..b8048b4a0 --- /dev/null +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice venus moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-v-m-c-w-d.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/swanctl/rw-ntru-bliss/evaltest.dat b/testing/tests/swanctl/rw-ntru-bliss/evaltest.dat index 69149cdb4..937425fab 100644 --- a/testing/tests/swanctl/rw-ntru-bliss/evaltest.dat +++ b/testing/tests/swanctl/rw-ntru-bliss/evaltest.dat @@ -1,7 +1,7 @@ carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with BLISS_WITH_SHA2_512 successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with BLISS_WITH_SHA2_512 successful::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with BLISS_WITH_SHA2_256 successful::YES moon:: cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with BLISS_WITH_SHA2_384 successful::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=NTRU_128.*local-vips=\[10.3.0.1] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES diff --git a/testing/tests/swanctl/rw-psk-fqdn/evaltest.dat b/testing/tests/swanctl/rw-psk-fqdn/evaltest.dat index a184ee997..41595b60c 100755 --- a/testing/tests/swanctl/rw-psk-fqdn/evaltest.dat +++ b/testing/tests/swanctl/rw-psk-fqdn/evaltest.dat @@ -2,8 +2,8 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32] moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32] -alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::YES -alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::YES +alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES +alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat b/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat index 96d74c877..097489da5 100755 --- a/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat +++ b/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat @@ -1,9 +1,9 @@ dave::cat /var/log/daemon.log::updown approximates remote TS 10.1.0.17..10.1.0.20 by next larger subnet::YES moon::cat /var/log/daemon.log::updown approximates local TS 10.1.0.17..10.1.0.20 by next larger subnet::YES -alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::YES -venus::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::YES -alice::ping -c 1 -W 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::NO -venus::ping -c 1 -W 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::NO +alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES +venus::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES +alice::ping -c 1 -W 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::NO +venus::ping -c 1 -W 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::NO carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=192.168.0.100 remote-host=192.168.0.1 remote-port=500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=192.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.17..10.1.0.20]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-1.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=192.168.0.1 remote-host=192.168.0.100 remote-port=500 remote-id=192.168.0.100.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*net-1.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32] diff --git a/testing/tests/swanctl/rw-psk-ipv4/evaltest.dat b/testing/tests/swanctl/rw-psk-ipv4/evaltest.dat index 7acb15a3a..1f9fb0e0f 100755 --- a/testing/tests/swanctl/rw-psk-ipv4/evaltest.dat +++ b/testing/tests/swanctl/rw-psk-ipv4/evaltest.dat @@ -2,8 +2,8 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=4500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=192.168.0.1 remote-host=192.168.0.100 remote-port=4500 remote-id=192.168.0.100.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32] moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=192.168.0.1 remote-host=192.168.0.200 remote-port=4500 remote-id=192.168.0.200.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32] -alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::YES -alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::YES +alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES +alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-pubkey-anon/evaltest.dat b/testing/tests/swanctl/rw-pubkey-anon/evaltest.dat index f0cd34c86..b2958919a 100755 --- a/testing/tests/swanctl/rw-pubkey-anon/evaltest.dat +++ b/testing/tests/swanctl/rw-pubkey-anon/evaltest.dat @@ -1,5 +1,5 @@ -alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::YES -alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::YES +alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES +alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=0d:36:.*:cc:90 remote-host=192.168.0.1 remote-port=4500 remote-id=42:91:.*:f7:60 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=67:f6:.*:40:80 remote-host=192.168.0.1 remote-port=4500 remote-id=42:91:.*:f7:60 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=42:91:.*:f7:60 remote-host=192.168.0.100 remote-port=4500 remote-id=0d:36:.*:cc:90.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES diff --git a/testing/tests/swanctl/rw-pubkey-keyid/evaltest.dat b/testing/tests/swanctl/rw-pubkey-keyid/evaltest.dat index 70905de4d..2dfc3cf41 100755 --- a/testing/tests/swanctl/rw-pubkey-keyid/evaltest.dat +++ b/testing/tests/swanctl/rw-pubkey-keyid/evaltest.dat @@ -1,5 +1,5 @@ -alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::YES -alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::YES +alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES +alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=0d:36:.*:cc:90 remote-host=192.168.0.1 remote-port=4500 remote-id=42:91:.*:f7:60 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=67:f6:.*:40:80 remote-host=192.168.0.1 remote-port=4500 remote-id=42:91:.*:f7:60 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-carol.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=42:91:.*:f7:60 remote-host=192.168.0.100 remote-port=4500 remote-id=0d:36:.*:cc:90.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/evaltest.dat b/testing/tests/swanctl/shunt-policies-nat-rw/evaltest.dat index d89eeb6ee..032cd6871 100644 --- a/testing/tests/swanctl/shunt-policies-nat-rw/evaltest.dat +++ b/testing/tests/swanctl/shunt-policies-nat-rw/evaltest.dat @@ -1,14 +1,14 @@ alice::swanctl --list-pols --raw 2> /dev/null::local-net.*mode=PASS local-ts=\[10.1.0.0/16] remote-ts=\[10.1.0.0/16::YES venus::swanctl --list-pols --raw 2> /dev/null::local-net.*mode=PASS local-ts=\[10.1.0.0/16] remote-ts=\[10.1.0.0/16::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES -venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES alice::swanctl --list-sas --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=10.1.0.10 local-port=4500 local-id=alice@strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-local=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.1] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[0.0.0.0/0]::YES venus::swanctl --list-sas --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=10.1.0.20 local-port=4500 local-id=venus.strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-local=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.2] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remote-ts=\[0.0.0.0/0]::YES sun::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1.*remote-id=alice@strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.1] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[0.0.0.0/0] remote-ts=\[10.3.0.1/32]::YES sun::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1.*remote-id=venus.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.2] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[0.0.0.0/0] remote-ts=\[10.3.0.2/32]::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP-encap: ESP::YES -moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP-encap: ESP::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES +moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP-encap: ESP::YES alice::tcpdump::IP alice.strongswan.org > venus.strongswan.org: ICMP::YES alice::tcpdump::IP venus.strongswan.org > alice.strongswan.org: ICMP::YES diff --git a/testing/tests/swanctl/xauth-rsa/evaltest.dat b/testing/tests/swanctl/xauth-rsa/evaltest.dat index c50c7fb05..46d66a007 100644 --- a/testing/tests/swanctl/xauth-rsa/evaltest.dat +++ b/testing/tests/swanctl/xauth-rsa/evaltest.dat @@ -1,8 +1,8 @@ -moon:: cat /var/log/daemon.log::XAuth authentication of.*carol@strongswan.org.*successful::YES -moon:: cat /var/log/daemon.log::XAuth authentication of.*dave@strongswan.org.*successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072 established=1.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=MODP_3072.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +moon:: cat /var/log/daemon.log::XAuth authentication of.*carol.*successful::YES +moon:: cat /var/log/daemon.log::XAuth authentication of.*dave.*successful::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=MODP_3072.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES dave::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=MODP_3072.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=MODP_3072.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES moon::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=MODP_3072.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES diff --git a/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf index 2d2639ea1..ddfe896fb 100755 --- a/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf @@ -11,6 +11,7 @@ connections { } local-xauth { auth = xauth + xauth_id = carol } remote { auth = pubkey @@ -32,7 +33,7 @@ connections { secrets { xauth-carol { - id = carol@strongswan.org + id = carol secret = "4iChxLT3" } } diff --git a/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/swanctl/swanctl.conf index f3758e387..61ca64db3 100755 --- a/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/swanctl/swanctl.conf @@ -11,6 +11,7 @@ connections { } local-xauth { auth = xauth + xauth_id = dave } remote { auth = pubkey @@ -32,7 +33,7 @@ connections { secrets { xauth-dave { - id = dave@strongswan.org + id = dave secret = "ryftzG4A" } } diff --git a/testing/tests/swanctl/xauth-rsa/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/xauth-rsa/hosts/moon/etc/swanctl/swanctl.conf index 27a880297..f71bea1d1 100755 --- a/testing/tests/swanctl/xauth-rsa/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/xauth-rsa/hosts/moon/etc/swanctl/swanctl.conf @@ -30,11 +30,11 @@ connections { secrets { xauth-carol { - id = carol@strongswan.org + id = carol secret = "4iChxLT3" } xauth-dave { - id = dave@strongswan.org + id = dave secret = "ryftzG4A" } } diff --git a/testing/tests/tkm/host2host-initiator/evaltest.dat b/testing/tests/tkm/host2host-initiator/evaltest.dat index cf34e411c..65b47c3c5 100644 --- a/testing/tests/tkm/host2host-initiator/evaltest.dat +++ b/testing/tests/tkm/host2host-initiator/evaltest.dat @@ -2,7 +2,7 @@ moon::ipsec stroke status 2> /dev/null::conn1.*ESTABLISHED.*moon.strongswan.org. sun::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec stroke status 2> /dev/null::conn1.*INSTALLED, TRANSPORT::YES sun::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES -moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES moon::cat /tmp/tkm.log::RSA private key '/etc/tkm/moonKey.der' loaded::YES diff --git a/testing/tests/tkm/host2host-responder/evaltest.dat b/testing/tests/tkm/host2host-responder/evaltest.dat index bc04360a4..9921960e0 100644 --- a/testing/tests/tkm/host2host-responder/evaltest.dat +++ b/testing/tests/tkm/host2host-responder/evaltest.dat @@ -2,7 +2,7 @@ moon::ipsec stroke status 2> /dev/null::conn1.*ESTABLISHED.*moon.strongswan.org. sun::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec stroke status 2> /dev/null::conn1.*INSTALLED, TRANSPORT::YES sun::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES -moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES moon::cat /tmp/tkm.log::RSA private key '/etc/tkm/moonKey.der' loaded::YES diff --git a/testing/tests/tkm/host2host-xfrmproxy/evaltest.dat b/testing/tests/tkm/host2host-xfrmproxy/evaltest.dat index 6b9050a84..eb954bdf8 100644 --- a/testing/tests/tkm/host2host-xfrmproxy/evaltest.dat +++ b/testing/tests/tkm/host2host-xfrmproxy/evaltest.dat @@ -2,7 +2,7 @@ moon::ipsec stroke status 2> /dev/null::conn1.*ESTABLISHED.*moon.strongswan.org. sun::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec stroke status 2> /dev/null::conn1.*INSTALLED, TRANSPORT::YES sun::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES -moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES moon::cat /var/log/daemon.log::ees: acquire received for reqid 1::YES diff --git a/testing/tests/tkm/multiple-clients/evaltest.dat b/testing/tests/tkm/multiple-clients/evaltest.dat index 89da7646d..045e58352 100644 --- a/testing/tests/tkm/multiple-clients/evaltest.dat +++ b/testing/tests/tkm/multiple-clients/evaltest.dat @@ -6,8 +6,8 @@ sun::ipsec stroke status 2> /dev/null::conn1.*INSTALLED, TRANSPORT::YES sun::ipsec stroke status 2> /dev/null::conn2.*INSTALLED, TRANSPORT::YES carol::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES dave::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES -carol::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES -dave::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES +carol::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES +dave::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES carol::tcpdump::IP carol.strongswan.org > sun.strongswan.org: ESP::YES carol::tcpdump::IP sun.strongswan.org > carol.strongswan.org: ESP::YES dave::tcpdump::IP dave.strongswan.org > sun.strongswan.org: ESP::YES diff --git a/testing/tests/tkm/net2net-initiator/evaltest.dat b/testing/tests/tkm/net2net-initiator/evaltest.dat index 80492a93c..54b7ca4fa 100644 --- a/testing/tests/tkm/net2net-initiator/evaltest.dat +++ b/testing/tests/tkm/net2net-initiator/evaltest.dat @@ -2,7 +2,7 @@ moon::ipsec stroke status 2> /dev/null::conn1.*ESTABLISHED.*moon.strongswan.org. sun::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec stroke status 2> /dev/null::conn1.*INSTALLED, TUNNEL::YES sun::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES moon::cat /tmp/tkm.log::RSA private key '/etc/tkm/moonKey.der' loaded::YES diff --git a/testing/tests/tkm/net2net-xfrmproxy/evaltest.dat b/testing/tests/tkm/net2net-xfrmproxy/evaltest.dat index 6c5d8b3cb..3e61ea614 100644 --- a/testing/tests/tkm/net2net-xfrmproxy/evaltest.dat +++ b/testing/tests/tkm/net2net-xfrmproxy/evaltest.dat @@ -2,7 +2,7 @@ moon::ipsec stroke status 2> /dev/null::conn1.*ESTABLISHED.*moon.strongswan.org. sun::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec stroke status 2> /dev/null::conn1.*INSTALLED, TUNNEL::YES sun::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES moon::cat /var/log/daemon.log::ees: acquire received for reqid 1::YES diff --git a/testing/tests/tkm/xfrmproxy-expire/evaltest.dat b/testing/tests/tkm/xfrmproxy-expire/evaltest.dat index 21d198cd5..05bf42057 100644 --- a/testing/tests/tkm/xfrmproxy-expire/evaltest.dat +++ b/testing/tests/tkm/xfrmproxy-expire/evaltest.dat @@ -2,7 +2,7 @@ moon::ipsec stroke status 2> /dev/null::conn1.*ESTABLISHED.*moon.strongswan.org. sun::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec stroke status 2> /dev/null::conn1.*INSTALLED, TRANSPORT::YES sun::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES -moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES moon::cat /var/log/daemon.log::ees: acquire received for reqid 1::YES diff --git a/testing/tests/tnc/tnccs-11-fhh/evaltest.dat b/testing/tests/tnc/tnccs-11-fhh/evaltest.dat index 800fa3c4f..0b7655bdd 100644 --- a/testing/tests/tnc/tnccs-11-fhh/evaltest.dat +++ b/testing/tests/tnc/tnccs-11-fhh/evaltest.dat @@ -12,7 +12,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-11-radius-block/evaltest.dat b/testing/tests/tnc/tnccs-11-radius-block/evaltest.dat index ef02166f0..b2fc61949 100644 --- a/testing/tests/tnc/tnccs-11-radius-block/evaltest.dat +++ b/testing/tests/tnc/tnccs-11-radius-block/evaltest.dat @@ -11,5 +11,5 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home::NO moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw::NO -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-11-radius-block/pretest.dat b/testing/tests/tnc/tnccs-11-radius-block/pretest.dat index baf8c972f..cc0ce6c31 100644 --- a/testing/tests/tnc/tnccs-11-radius-block/pretest.dat +++ b/testing/tests/tnc/tnccs-11-radius-block/pretest.dat @@ -14,6 +14,7 @@ dave::rm /etc/swanctl/x509/* moon::service charon start carol::service charon start dave::service charon start +moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home dave::expect-connection home diff --git a/testing/tests/tnc/tnccs-11-radius-pts/evaltest.dat b/testing/tests/tnc/tnccs-11-radius-pts/evaltest.dat index d57b5e73f..588ddf469 100644 --- a/testing/tests/tnc/tnccs-11-radius-pts/evaltest.dat +++ b/testing/tests/tnc/tnccs-11-radius-pts/evaltest.dat @@ -12,7 +12,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/strongswan.conf index 45845710b..a3f4ca12c 100644 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/strongswan.conf @@ -4,7 +4,7 @@ libimcv { load = random nonce openssl pubkey sqlite debug_level = 3 database = sqlite:///etc/db.d/config.db - policy_script = ipsec imv_policy_manager + policy_script = /usr/local/libexec/ipsec/imv_policy_manager assessment_result = no } diff --git a/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat b/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat index c96e0631f..5745ffede 100644 --- a/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat +++ b/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat @@ -18,6 +18,8 @@ dave::rm /etc/swanctl/x509/* moon::service charon start carol::service charon start dave::service charon start +moon::expect-connection rw-allow +moon::expect-connection rw-isolate carol::expect-connection home carol::swanctl --initiate --child home dave::expect-connection home diff --git a/testing/tests/tnc/tnccs-11-radius/evaltest.dat b/testing/tests/tnc/tnccs-11-radius/evaltest.dat index 0415c3323..cbafc1303 100644 --- a/testing/tests/tnc/tnccs-11-radius/evaltest.dat +++ b/testing/tests/tnc/tnccs-11-radius/evaltest.dat @@ -12,7 +12,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf index 80c96b677..09ca9d0e4 100644 --- a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf @@ -32,3 +32,6 @@ libimcv { } } } +libtls { + suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 +} diff --git a/testing/tests/tnc/tnccs-11-radius/pretest.dat b/testing/tests/tnc/tnccs-11-radius/pretest.dat index baf8c972f..57e2ee6b4 100644 --- a/testing/tests/tnc/tnccs-11-radius/pretest.dat +++ b/testing/tests/tnc/tnccs-11-radius/pretest.dat @@ -14,6 +14,8 @@ dave::rm /etc/swanctl/x509/* moon::service charon start carol::service charon start dave::service charon start +moon::expect-connection rw-allow +moon::expect-connection rw-isolate carol::expect-connection home carol::swanctl --initiate --child home dave::expect-connection home diff --git a/testing/tests/tnc/tnccs-11/evaltest.dat b/testing/tests/tnc/tnccs-11/evaltest.dat index 800fa3c4f..0b7655bdd 100644 --- a/testing/tests/tnc/tnccs-11/evaltest.dat +++ b/testing/tests/tnc/tnccs-11/evaltest.dat @@ -12,7 +12,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-11/pretest.dat b/testing/tests/tnc/tnccs-11/pretest.dat index c8ab14343..e173ae798 100644 --- a/testing/tests/tnc/tnccs-11/pretest.dat +++ b/testing/tests/tnc/tnccs-11/pretest.dat @@ -11,6 +11,8 @@ dave::rm /etc/swanctl/x509/* moon::service charon start carol::service charon start dave::service charon start +moon::expect-connection rw-allow +moon::expect-connection rw-isolate carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null dave::expect-connection home diff --git a/testing/tests/tnc/tnccs-20-block/evaltest.dat b/testing/tests/tnc/tnccs-20-block/evaltest.dat index b67affbf4..725c3aa3a 100644 --- a/testing/tests/tnc/tnccs-20-block/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-block/evaltest.dat @@ -10,5 +10,5 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home::NO moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw::NO -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-20-block/pretest.dat b/testing/tests/tnc/tnccs-20-block/pretest.dat index c8ab14343..c09abf917 100644 --- a/testing/tests/tnc/tnccs-20-block/pretest.dat +++ b/testing/tests/tnc/tnccs-20-block/pretest.dat @@ -11,6 +11,7 @@ dave::rm /etc/swanctl/x509/* moon::service charon start carol::service charon start dave::service charon start +moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null dave::expect-connection home diff --git a/testing/tests/tnc/tnccs-20-client-retry/evaltest.dat b/testing/tests/tnc/tnccs-20-client-retry/evaltest.dat index 1b70ac8ec..3d9e06491 100644 --- a/testing/tests/tnc/tnccs-20-client-retry/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-client-retry/evaltest.dat @@ -11,7 +11,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-20-client-retry/pretest.dat b/testing/tests/tnc/tnccs-20-client-retry/pretest.dat index c8ab14343..e173ae798 100644 --- a/testing/tests/tnc/tnccs-20-client-retry/pretest.dat +++ b/testing/tests/tnc/tnccs-20-client-retry/pretest.dat @@ -11,6 +11,8 @@ dave::rm /etc/swanctl/x509/* moon::service charon start carol::service charon start dave::service charon start +moon::expect-connection rw-allow +moon::expect-connection rw-isolate carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null dave::expect-connection home diff --git a/testing/tests/tnc/tnccs-20-fail-init/pretest.dat b/testing/tests/tnc/tnccs-20-fail-init/pretest.dat index c8ab14343..e173ae798 100644 --- a/testing/tests/tnc/tnccs-20-fail-init/pretest.dat +++ b/testing/tests/tnc/tnccs-20-fail-init/pretest.dat @@ -11,6 +11,8 @@ dave::rm /etc/swanctl/x509/* moon::service charon start carol::service charon start dave::service charon start +moon::expect-connection rw-allow +moon::expect-connection rw-isolate carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null dave::expect-connection home diff --git a/testing/tests/tnc/tnccs-20-fail-resp/pretest.dat b/testing/tests/tnc/tnccs-20-fail-resp/pretest.dat index 3dba1d75e..5af3b7500 100644 --- a/testing/tests/tnc/tnccs-20-fail-resp/pretest.dat +++ b/testing/tests/tnc/tnccs-20-fail-resp/pretest.dat @@ -6,5 +6,7 @@ carol::rm /etc/swanctl/rsa/* carol::rm /etc/swanctl/x509/* moon::service charon start carol::service charon start +moon::expect-connection rw-allow +moon::expect-connection rw-isolate carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/tnc/tnccs-20-fhh/evaltest.dat b/testing/tests/tnc/tnccs-20-fhh/evaltest.dat index d406b5925..bf0732604 100644 --- a/testing/tests/tnc/tnccs-20-fhh/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-fhh/evaltest.dat @@ -12,7 +12,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf index a0db6ae7b..195534315 100644 --- a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf @@ -36,5 +36,5 @@ charon { libimcv { debug_level = 3 - policy_script = ipsec imv_policy_manager + policy_script = /usr/local/libexec/ipsec/imv_policy_manager } diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat b/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat index db8ce1061..f9b4159d9 100644 --- a/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat +++ b/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat @@ -13,6 +13,8 @@ alice::service charon start moon::service charon start carol::service charon start dave::service charon start +moon::expect-connection rw-allow +moon::expect-connection rw-isolate carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null dave::expect-connection home diff --git a/testing/tests/tnc/tnccs-20-mutual-eap-fail/evaltest.dat b/testing/tests/tnc/tnccs-20-mutual-eap-fail/evaltest.dat index 93303221f..8ffbffc73 100644 --- a/testing/tests/tnc/tnccs-20-mutual-eap-fail/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-mutual-eap-fail/evaltest.dat @@ -4,4 +4,4 @@ moon::cat /var/log/daemon.log::final recommendation is.*no access::YES sun:: cat /var/log/daemon.log::final recommendation is.*allow::YES moon::swanctl --list-sas --raw 2> /dev/null::mutual.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*mutual.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.1/32] remote-ts=\[192.168.0.2/32]::NO sun::swanctl --list-sas --raw 2> /dev/null::mutual.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*mutual.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.2/32] remote-ts=\[192.168.0.1/32]::NO -moon::ping -c 1 -W 1 192.168.0.2::64 bytes from 192.168.0.2: icmp_req=1::NO +moon::ping -c 1 -W 1 192.168.0.2::64 bytes from 192.168.0.2: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-20-mutual-eap-fail/pretest.dat b/testing/tests/tnc/tnccs-20-mutual-eap-fail/pretest.dat index 0a3563986..ac707d436 100644 --- a/testing/tests/tnc/tnccs-20-mutual-eap-fail/pretest.dat +++ b/testing/tests/tnc/tnccs-20-mutual-eap-fail/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::service charon start sun::service charon start -moon::expect-connection mutual -moon::swanctl --initiate --child mutual +sun::expect-connection mutual +moon::expect-connection mutual +moon::swanctl --initiate --child mutual diff --git a/testing/tests/tnc/tnccs-20-mutual-eap/evaltest.dat b/testing/tests/tnc/tnccs-20-mutual-eap/evaltest.dat index 28f101cdc..b9fe2719c 100644 --- a/testing/tests/tnc/tnccs-20-mutual-eap/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-mutual-eap/evaltest.dat @@ -4,6 +4,6 @@ moon::cat /var/log/daemon.log::final recommendation is.*allow::YES sun:: cat /var/log/daemon.log::final recommendation is.*allow::YES moon::swanctl --list-sas --raw 2> /dev/null::mutual.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*mutual.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.1/32] remote-ts=\[192.168.0.2/32]::YES sun::swanctl --list-sas --raw 2> /dev/null::mutual.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*mutual.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.2/32] remote-ts=\[192.168.0.1/32]::YES -moon::ping -c 1 192.168.0.2::64 bytes from 192.168.0.2: icmp_req=1::YES +moon::ping -c 1 192.168.0.2::64 bytes from 192.168.0.2: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat b/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat index 0a3563986..ac707d436 100644 --- a/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat +++ b/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat @@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::service charon start sun::service charon start -moon::expect-connection mutual -moon::swanctl --initiate --child mutual +sun::expect-connection mutual +moon::expect-connection mutual +moon::swanctl --initiate --child mutual diff --git a/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat b/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat index 88b55c9f7..8056a90e9 100644 --- a/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat @@ -14,7 +14,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf index 4b024e9a8..e58bab611 100644 --- a/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf @@ -34,7 +34,7 @@ libtls { libimcv { database = sqlite:///etc/db.d/config.db - policy_script = ipsec imv_policy_manager + policy_script = /usr/local/libexec/ipsec/imv_policy_manager plugins { imv-attestation { hash_algorithm = sha1 diff --git a/testing/tests/tnc/tnccs-20-os-pts/pretest.dat b/testing/tests/tnc/tnccs-20-os-pts/pretest.dat index 81537cc62..03e5f22af 100644 --- a/testing/tests/tnc/tnccs-20-os-pts/pretest.dat +++ b/testing/tests/tnc/tnccs-20-os-pts/pretest.dat @@ -15,6 +15,8 @@ dave::rm /etc/swanctl/x509/* moon::service charon start carol::service charon start dave::service charon start +moon::expect-connection rw-allow +moon::expect-connection rw-isolate carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null dave::expect-connection home diff --git a/testing/tests/tnc/tnccs-20-os/evaltest.dat b/testing/tests/tnc/tnccs-20-os/evaltest.dat index 202b408aa..f2a0bad30 100644 --- a/testing/tests/tnc/tnccs-20-os/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-os/evaltest.dat @@ -14,7 +14,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf index 2fae3ba63..53c515f77 100644 --- a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf @@ -33,7 +33,7 @@ libtls { libimcv { database = sqlite:///etc/db.d/config.db - policy_script = ipsec imv_policy_manager + policy_script = /usr/local/libexec/ipsec/imv_policy_manager } attest { diff --git a/testing/tests/tnc/tnccs-20-os/pretest.dat b/testing/tests/tnc/tnccs-20-os/pretest.dat index fa8d089f2..13ae2b71f 100644 --- a/testing/tests/tnc/tnccs-20-os/pretest.dat +++ b/testing/tests/tnc/tnccs-20-os/pretest.dat @@ -16,6 +16,8 @@ dave::rm /etc/swanctl/x509/* moon::service charon start carol::service charon start dave::service charon start +moon::expect-connection rw-allow +moon::expect-connection rw-isolate carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null dave::expect-connection home diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat index 2d3027c2c..258352834 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat @@ -23,7 +23,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=192.168.0.100 remote-eap-id=carol.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=192.168.0.200 remote-eap-id=dave.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/apache2/sites-available/000-default.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/apache2/sites-available/000-default.conf new file mode 100644 index 000000000..4075f75bd --- /dev/null +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/apache2/sites-available/000-default.conf @@ -0,0 +1,31 @@ +WSGIPythonPath /var/www/tnc + + + ServerName tnc.strongswan.org + ServerAlias tnc + ServerAdmin webmaster@localhost + + DocumentRoot /var/www/tnc + + + + + Require all granted + + + Order deny,allow + Allow from all + + + + + WSGIScriptAlias / /var/www/tnc/config/wsgi.py + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + + Alias /static/ /var/www/tnc/static/ + + ErrorLog ${APACHE_LOG_DIR}/tnc/error.log + LogLevel warn + CustomLog ${APACHE_LOG_DIR}/tnc/access.log combined + diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/apache2/sites-available/default b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/apache2/sites-available/default index 626000612..1dc8b5688 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/apache2/sites-available/default +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/apache2/sites-available/default @@ -1,26 +1 @@ -WSGIPythonPath /var/www/tnc - - - ServerName tnc.strongswan.org - ServerAlias tnc - ServerAdmin webmaster@localhost - - DocumentRoot /var/www/tnc - - - - Order deny,allow - Allow from all - - - - WSGIScriptAlias / /var/www/tnc/config/wsgi.py - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - - Alias /static/ /var/www/tnc/static/ - - ErrorLog ${APACHE_LOG_DIR}/tnc/error.log - LogLevel warn - CustomLog ${APACHE_LOG_DIR}/tnc/access.log combined - +Include sites-available/000-default.conf \ No newline at end of file diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf index 4328b06ea..240ebbafb 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf @@ -37,7 +37,7 @@ charon { libimcv { debug_level = 3 database = sqlite:///etc/db.d/config.db - policy_script = ipsec imv_policy_manager + policy_script = /usr/local/libexec/ipsec/imv_policy_manager plugins { imv-swid { diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat index 6292d6909..36c7cc6a2 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat @@ -22,6 +22,8 @@ alice::service charon start moon::service charon start dave::service charon start carol::service charon start +moon::expect-connection rw-allow +moon::expect-connection rw-isolate dave::expect-connection home dave::swanctl --initiate --child home 2> /dev/null carol::expect-connection home diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf new file mode 100644 index 000000000..4075f75bd --- /dev/null +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf @@ -0,0 +1,31 @@ +WSGIPythonPath /var/www/tnc + + + ServerName tnc.strongswan.org + ServerAlias tnc + ServerAdmin webmaster@localhost + + DocumentRoot /var/www/tnc + + + + + Require all granted + + + Order deny,allow + Allow from all + + + + + WSGIScriptAlias / /var/www/tnc/config/wsgi.py + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + + Alias /static/ /var/www/tnc/static/ + + ErrorLog ${APACHE_LOG_DIR}/tnc/error.log + LogLevel warn + CustomLog ${APACHE_LOG_DIR}/tnc/access.log combined + diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/default b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/default index 626000612..1dc8b5688 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/default +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/default @@ -1,26 +1 @@ -WSGIPythonPath /var/www/tnc - - - ServerName tnc.strongswan.org - ServerAlias tnc - ServerAdmin webmaster@localhost - - DocumentRoot /var/www/tnc - - - - Order deny,allow - Allow from all - - - - WSGIScriptAlias / /var/www/tnc/config/wsgi.py - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - - Alias /static/ /var/www/tnc/static/ - - ErrorLog ${APACHE_LOG_DIR}/tnc/error.log - LogLevel warn - CustomLog ${APACHE_LOG_DIR}/tnc/access.log combined - +Include sites-available/000-default.conf \ No newline at end of file diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/iptables.rules b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/iptables.rules index 48b1cf5a6..c556d9483 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/iptables.rules +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/iptables.rules @@ -9,7 +9,7 @@ -A INPUT -i lo -j ACCEPT -A OUTPUT -o lo -j ACCEPT -# allow PT-TLS +# allow PT-TLS -A INPUT -i eth0 -p tcp --dport 271 -j ACCEPT -A OUTPUT -o eth0 -p tcp --sport 271 -j ACCEPT @@ -18,7 +18,7 @@ -A OUTPUT -p tcp --sport 22 -j ACCEPT # allow outbound ssh --A OUTPU -p tcp --dport 22 -j ACCEPT +-A OUTPUT -p tcp --dport 22 -j ACCEPT -A INPUT -p tcp --sport 22 -j ACCEPT # allow crl fetch from winnetou diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf index d1cb6c9e2..b08a85bb4 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf @@ -3,9 +3,6 @@ charon { load = random nonce pem pkcs1 x509 openssl revocation constraints curl vici socket-default kernel-netlink tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - } syslog { auth { default = 0 @@ -32,7 +29,7 @@ libtls { libimcv { database = sqlite:///etc/db.d/config.db - policy_script = ipsec imv_policy_manager + policy_script = /usr/local/libexec/ipsec/imv_policy_manager plugins { imv-swid { diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat index ea93b2d2b..860a6c342 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat @@ -13,9 +13,9 @@ alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db alice::/var/www/tnc/manage.py setpassword strongSwan strongSwan alice::rm /etc/swanctl/x509/aliceCert.pem alice::rm /etc/swanctl/rsa/aliceKey.pem -alice::service apache2 start alice::service charon start -alice::expect-connection aaa +alice::service apache2 start +alice::swanctl --load-creds winnetou::ip route add 10.1.0.0/16 via 192.168.0.1 dave::ip route add 10.1.0.0/16 via 192.168.0.1 dave::cat /etc/pts/options diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat b/testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat index 88b89c91c..57aa13ad5 100644 --- a/testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat @@ -14,7 +14,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf index 117ca715c..46ed39bb8 100644 --- a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf @@ -34,7 +34,8 @@ libtls { libimcv { database = sqlite:///etc/db.d/config.db - policy_script = ipsec imv_policy_manager + policy_script = /usr/local/libexec/ipsec/imv_policy_manager + plugins { imv-attestation { hash_algorithm = sha1 diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat b/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat index 4b1c45ef9..d89aa2309 100644 --- a/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat +++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat @@ -15,6 +15,8 @@ dave::rm /etc/swanctl/x509/* moon::service charon start dave::service charon start carol::service charon start +moon::expect-connection rw-allow +moon::expect-connection rw-isolate dave::expect-connection home dave::swanctl --initiate --child home 2> /dev/null carol::expect-connection home diff --git a/testing/tests/tnc/tnccs-20-pts/evaltest.dat b/testing/tests/tnc/tnccs-20-pts/evaltest.dat index a531ddf08..6147c8768 100644 --- a/testing/tests/tnc/tnccs-20-pts/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-pts/evaltest.dat @@ -14,7 +14,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/28]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.200/32]::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf index 4b024e9a8..e58bab611 100644 --- a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf @@ -34,7 +34,7 @@ libtls { libimcv { database = sqlite:///etc/db.d/config.db - policy_script = ipsec imv_policy_manager + policy_script = /usr/local/libexec/ipsec/imv_policy_manager plugins { imv-attestation { hash_algorithm = sha1 diff --git a/testing/tests/tnc/tnccs-20-pts/pretest.dat b/testing/tests/tnc/tnccs-20-pts/pretest.dat index 4b1c45ef9..d89aa2309 100644 --- a/testing/tests/tnc/tnccs-20-pts/pretest.dat +++ b/testing/tests/tnc/tnccs-20-pts/pretest.dat @@ -15,6 +15,8 @@ dave::rm /etc/swanctl/x509/* moon::service charon start dave::service charon start carol::service charon start +moon::expect-connection rw-allow +moon::expect-connection rw-isolate dave::expect-connection home dave::swanctl --initiate --child home 2> /dev/null carol::expect-connection home diff --git a/testing/tests/tnc/tnccs-20-server-retry/evaltest.dat b/testing/tests/tnc/tnccs-20-server-retry/evaltest.dat index b94dc5e2c..64d1ec027 100644 --- a/testing/tests/tnc/tnccs-20-server-retry/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-server-retry/evaltest.dat @@ -12,7 +12,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-20-server-retry/pretest.dat b/testing/tests/tnc/tnccs-20-server-retry/pretest.dat index c8ab14343..e173ae798 100644 --- a/testing/tests/tnc/tnccs-20-server-retry/pretest.dat +++ b/testing/tests/tnc/tnccs-20-server-retry/pretest.dat @@ -11,6 +11,8 @@ dave::rm /etc/swanctl/x509/* moon::service charon start carol::service charon start dave::service charon start +moon::expect-connection rw-allow +moon::expect-connection rw-isolate carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null dave::expect-connection home diff --git a/testing/tests/tnc/tnccs-20-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-tls/evaltest.dat index ff9ac28b8..bed92fc38 100644 --- a/testing/tests/tnc/tnccs-20-tls/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-tls/evaltest.dat @@ -12,7 +12,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-20-tls/pretest.dat b/testing/tests/tnc/tnccs-20-tls/pretest.dat index 709a7714b..1d11baa99 100644 --- a/testing/tests/tnc/tnccs-20-tls/pretest.dat +++ b/testing/tests/tnc/tnccs-20-tls/pretest.dat @@ -7,6 +7,8 @@ dave::cat /etc/tnc_config moon::service charon start carol::service charon start dave::service charon start +moon::expect-connection rw-allow +moon::expect-connection rw-isolate carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null dave::expect-connection home diff --git a/testing/tests/tnc/tnccs-20/evaltest.dat b/testing/tests/tnc/tnccs-20/evaltest.dat index b94dc5e2c..64d1ec027 100644 --- a/testing/tests/tnc/tnccs-20/evaltest.dat +++ b/testing/tests/tnc/tnccs-20/evaltest.dat @@ -12,7 +12,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-20/pretest.dat b/testing/tests/tnc/tnccs-20/pretest.dat index c8ab14343..e173ae798 100644 --- a/testing/tests/tnc/tnccs-20/pretest.dat +++ b/testing/tests/tnc/tnccs-20/pretest.dat @@ -11,6 +11,8 @@ dave::rm /etc/swanctl/x509/* moon::service charon start carol::service charon start dave::service charon start +moon::expect-connection rw-allow +moon::expect-connection rw-isolate carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null dave::expect-connection home diff --git a/testing/tests/tnc/tnccs-dynamic/evaltest.dat b/testing/tests/tnc/tnccs-dynamic/evaltest.dat index 2bb125430..7c3cf4fa7 100644 --- a/testing/tests/tnc/tnccs-dynamic/evaltest.dat +++ b/testing/tests/tnc/tnccs-dynamic/evaltest.dat @@ -20,7 +20,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-dynamic/pretest.dat b/testing/tests/tnc/tnccs-dynamic/pretest.dat index c8ab14343..e173ae798 100644 --- a/testing/tests/tnc/tnccs-dynamic/pretest.dat +++ b/testing/tests/tnc/tnccs-dynamic/pretest.dat @@ -11,6 +11,8 @@ dave::rm /etc/swanctl/x509/* moon::service charon start carol::service charon start dave::service charon start +moon::expect-connection rw-allow +moon::expect-connection rw-isolate carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null dave::expect-connection home diff --git a/ylwrap b/ylwrap index 1c4d77612..7c2d927f7 100755 --- a/ylwrap +++ b/ylwrap @@ -1,9 +1,9 @@ #! /bin/sh # ylwrap - wrapper for lex/yacc invocations. -scriptversion=2012-12-21.17; # UTC +scriptversion=2013-01-12.17; # UTC -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # # Written by Tom Tromey . # @@ -40,7 +40,7 @@ get_dirname () # guard FILE # ---------- # The CPP macro used to guard inclusion of FILE. -guard() +guard () { printf '%s\n' "$1" \ | sed \ @@ -96,17 +96,17 @@ esac # The input. -input="$1" +input=$1 shift # We'll later need for a correct munging of "#line" directives. input_sub_rx=`get_dirname "$input" | quote_for_sed` -case "$input" in +case $input in [\\/]* | ?:[\\/]*) # Absolute path; do nothing. ;; *) # Relative path. Make it absolute. - input="`pwd`/$input" + input=`pwd`/$input ;; esac input_rx=`get_dirname "$input" | quote_for_sed` @@ -132,8 +132,8 @@ sed_fix_filenames= # guard in its implementation file. sed_fix_header_guards= -while test "$#" -ne 0; do - if test "$1" = "--"; then +while test $# -ne 0; do + if test x"$1" = x"--"; then shift break fi @@ -153,16 +153,14 @@ while test "$#" -ne 0; do done # The program to run. -prog="$1" +prog=$1 shift # Make any relative path in $prog absolute. -case "$prog" in +case $prog in [\\/]* | ?:[\\/]*) ;; - *[\\/]*) prog="`pwd`/$prog" ;; + *[\\/]*) prog=`pwd`/$prog ;; esac -# FIXME: add hostname here for parallel makes that run commands on -# other machines. But that might take us over the 14-char limit. dirname=ylwrap$$ do_exit="cd '`pwd`' && rm -rf $dirname > /dev/null 2>&1;"' (exit $ret); exit $ret' trap "ret=129; $do_exit" 1 @@ -188,7 +186,7 @@ if test $ret -eq 0; then # otherwise prepend '../'. case $to in [\\/]* | ?:[\\/]*) target=$to;; - *) target="../$to";; + *) target=../$to;; esac # Do not overwrite unchanged header files to avoid useless @@ -197,7 +195,7 @@ if test $ret -eq 0; then # output of all other files to a temporary file so we can # compare them to existing versions. if test $from != $parser; then - realtarget="$target" + realtarget=$target target=tmp-`printf '%s\n' "$target" | sed 's|.*[\\/]||g'` fi -- cgit v1.2.3