From 1ac70afcc1f7d6d2738a34308810719b0976d29f Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Tue, 25 May 2010 19:01:36 +0000 Subject: [svn-upgrade] Integrating new upstream version, strongswan (4.4.0) --- src/libcharon/processing/jobs/acquire_job.c | 86 +++++ src/libcharon/processing/jobs/acquire_job.h | 54 ++++ src/libcharon/processing/jobs/callback_job.c | 271 ++++++++++++++++ src/libcharon/processing/jobs/callback_job.h | 118 +++++++ .../processing/jobs/delete_child_sa_job.c | 100 ++++++ .../processing/jobs/delete_child_sa_job.h | 59 ++++ src/libcharon/processing/jobs/delete_ike_sa_job.c | 116 +++++++ src/libcharon/processing/jobs/delete_ike_sa_job.h | 57 ++++ src/libcharon/processing/jobs/inactivity_job.c | 150 +++++++++ src/libcharon/processing/jobs/inactivity_job.h | 53 +++ .../processing/jobs/initiate_mediation_job.c | 271 ++++++++++++++++ .../processing/jobs/initiate_mediation_job.h | 62 ++++ src/libcharon/processing/jobs/job.h | 52 +++ src/libcharon/processing/jobs/mediation_job.c | 195 +++++++++++ src/libcharon/processing/jobs/mediation_job.h | 74 +++++ src/libcharon/processing/jobs/migrate_job.c | 150 +++++++++ src/libcharon/processing/jobs/migrate_job.h | 61 ++++ .../processing/jobs/process_message_job.c | 106 ++++++ .../processing/jobs/process_message_job.h | 49 +++ src/libcharon/processing/jobs/rekey_child_sa_job.c | 97 ++++++ src/libcharon/processing/jobs/rekey_child_sa_job.h | 57 ++++ src/libcharon/processing/jobs/rekey_ike_sa_job.c | 104 ++++++ src/libcharon/processing/jobs/rekey_ike_sa_job.h | 51 +++ src/libcharon/processing/jobs/retransmit_job.c | 93 ++++++ src/libcharon/processing/jobs/retransmit_job.h | 55 ++++ src/libcharon/processing/jobs/roam_job.c | 106 ++++++ src/libcharon/processing/jobs/roam_job.h | 52 +++ src/libcharon/processing/jobs/send_dpd_job.c | 88 +++++ src/libcharon/processing/jobs/send_dpd_job.h | 52 +++ src/libcharon/processing/jobs/send_keepalive_job.c | 82 +++++ src/libcharon/processing/jobs/send_keepalive_job.h | 51 +++ src/libcharon/processing/jobs/update_sa_job.c | 96 ++++++ src/libcharon/processing/jobs/update_sa_job.h | 50 +++ src/libcharon/processing/processor.c | 273 ++++++++++++++++ src/libcharon/processing/processor.h | 94 ++++++ src/libcharon/processing/scheduler.c | 358 +++++++++++++++++++++ src/libcharon/processing/scheduler.h | 130 ++++++++ 37 files changed, 3973 insertions(+) create mode 100644 src/libcharon/processing/jobs/acquire_job.c create mode 100644 src/libcharon/processing/jobs/acquire_job.h create mode 100644 src/libcharon/processing/jobs/callback_job.c create mode 100644 src/libcharon/processing/jobs/callback_job.h create mode 100644 src/libcharon/processing/jobs/delete_child_sa_job.c create mode 100644 src/libcharon/processing/jobs/delete_child_sa_job.h create mode 100644 src/libcharon/processing/jobs/delete_ike_sa_job.c create mode 100644 src/libcharon/processing/jobs/delete_ike_sa_job.h create mode 100644 src/libcharon/processing/jobs/inactivity_job.c create mode 100644 src/libcharon/processing/jobs/inactivity_job.h create mode 100644 src/libcharon/processing/jobs/initiate_mediation_job.c create mode 100644 src/libcharon/processing/jobs/initiate_mediation_job.h create mode 100644 src/libcharon/processing/jobs/job.h create mode 100644 src/libcharon/processing/jobs/mediation_job.c create mode 100644 src/libcharon/processing/jobs/mediation_job.h create mode 100644 src/libcharon/processing/jobs/migrate_job.c create mode 100644 src/libcharon/processing/jobs/migrate_job.h create mode 100644 src/libcharon/processing/jobs/process_message_job.c create mode 100644 src/libcharon/processing/jobs/process_message_job.h create mode 100644 src/libcharon/processing/jobs/rekey_child_sa_job.c create mode 100644 src/libcharon/processing/jobs/rekey_child_sa_job.h create mode 100644 src/libcharon/processing/jobs/rekey_ike_sa_job.c create mode 100644 src/libcharon/processing/jobs/rekey_ike_sa_job.h create mode 100644 src/libcharon/processing/jobs/retransmit_job.c create mode 100644 src/libcharon/processing/jobs/retransmit_job.h create mode 100644 src/libcharon/processing/jobs/roam_job.c create mode 100644 src/libcharon/processing/jobs/roam_job.h create mode 100644 src/libcharon/processing/jobs/send_dpd_job.c create mode 100644 src/libcharon/processing/jobs/send_dpd_job.h create mode 100644 src/libcharon/processing/jobs/send_keepalive_job.c create mode 100644 src/libcharon/processing/jobs/send_keepalive_job.h create mode 100644 src/libcharon/processing/jobs/update_sa_job.c create mode 100644 src/libcharon/processing/jobs/update_sa_job.h create mode 100644 src/libcharon/processing/processor.c create mode 100644 src/libcharon/processing/processor.h create mode 100644 src/libcharon/processing/scheduler.c create mode 100644 src/libcharon/processing/scheduler.h (limited to 'src/libcharon/processing') diff --git a/src/libcharon/processing/jobs/acquire_job.c b/src/libcharon/processing/jobs/acquire_job.c new file mode 100644 index 000000000..45ace9312 --- /dev/null +++ b/src/libcharon/processing/jobs/acquire_job.c @@ -0,0 +1,86 @@ +/* + * Copyright (C) 2006-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "acquire_job.h" + +#include + + +typedef struct private_acquire_job_t private_acquire_job_t; + +/** + * Private data of an acquire_job_t object. + */ +struct private_acquire_job_t { + /** + * Public acquire_job_t interface. + */ + acquire_job_t public; + + /** + * reqid of the child to rekey + */ + u_int32_t reqid; + + /** + * acquired source traffic selector + */ + traffic_selector_t *src_ts; + + /** + * acquired destination traffic selector + */ + traffic_selector_t *dst_ts; +}; + +/** + * Implementation of job_t.destroy. + */ +static void destroy(private_acquire_job_t *this) +{ + DESTROY_IF(this->src_ts); + DESTROY_IF(this->dst_ts); + free(this); +} + +/** + * Implementation of job_t.execute. + */ +static void execute(private_acquire_job_t *this) +{ + charon->traps->acquire(charon->traps, this->reqid, + this->src_ts, this->dst_ts); + destroy(this); +} + +/* + * Described in header + */ +acquire_job_t *acquire_job_create(u_int32_t reqid, + traffic_selector_t *src_ts, + traffic_selector_t *dst_ts) +{ + private_acquire_job_t *this = malloc_thing(private_acquire_job_t); + + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*)(job_t*)) destroy; + + this->reqid = reqid; + this->src_ts = src_ts; + this->dst_ts = dst_ts; + + return &this->public; +} + diff --git a/src/libcharon/processing/jobs/acquire_job.h b/src/libcharon/processing/jobs/acquire_job.h new file mode 100644 index 000000000..eff79a9b0 --- /dev/null +++ b/src/libcharon/processing/jobs/acquire_job.h @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup acquire_job acquire_job + * @{ @ingroup jobs + */ + +#ifndef ACQUIRE_JOB_H_ +#define ACQUIRE_JOB_H_ + +typedef struct acquire_job_t acquire_job_t; + +#include +#include +#include + +/** + * Class representing an ACQUIRE Job. + * + * This job initiates a CHILD SA on kernel request. + */ +struct acquire_job_t { + /** + * The job_t interface. + */ + job_t job_interface; +}; + +/** + * Creates a job of type ACQUIRE. + * + * @param reqid reqid of the trapped CHILD_SA to acquire + * @param src_ts source traffic selector + * @param dst_ts destination traffic selector + * @return acquire_job_t object + */ +acquire_job_t *acquire_job_create(u_int32_t reqid, + traffic_selector_t *src_ts, + traffic_selector_t *dst_ts); + +#endif /** REKEY_CHILD_SA_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/callback_job.c b/src/libcharon/processing/jobs/callback_job.c new file mode 100644 index 000000000..45e49112e --- /dev/null +++ b/src/libcharon/processing/jobs/callback_job.c @@ -0,0 +1,271 @@ +/* + * Copyright (C) 2009 Tobias Brunner + * Copyright (C) 2007 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "callback_job.h" + +#include + +#include +#include +#include +#include + +typedef struct private_callback_job_t private_callback_job_t; + +/** + * Private data of an callback_job_t Object. + */ +struct private_callback_job_t { + /** + * Public callback_job_t interface. + */ + callback_job_t public; + + /** + * Callback to call on execution + */ + callback_job_cb_t callback; + + /** + * parameter to supply to callback + */ + void *data; + + /** + * cleanup function for data + */ + callback_job_cleanup_t cleanup; + + /** + * thread of the job, if running + */ + thread_t *thread; + + /** + * mutex to access jobs interna + */ + mutex_t *mutex; + + /** + * list of asociated child jobs + */ + linked_list_t *children; + + /** + * parent of this job, or NULL + */ + private_callback_job_t *parent; + + /** + * TRUE if the job got cancelled + */ + bool cancelled; + + /** + * condvar to synchronize the cancellation/destruction of the job + */ + condvar_t *destroyable; + + /** + * semaphore to synchronize the termination of the assigned thread. + * + * separately allocated during cancellation, so that we can wait on it + * without risking that it gets freed too early during destruction. + */ + sem_t *terminated; +}; + +/** + * unregister a child from its parent, if any. + * note: this->mutex has to be locked + */ +static void unregister(private_callback_job_t *this) +{ + if (this->parent) + { + this->parent->mutex->lock(this->parent->mutex); + if (this->parent->cancelled && !this->cancelled) + { + /* if the parent has been cancelled but we have not yet, we do not + * unregister until we got cancelled by the parent. */ + this->parent->mutex->unlock(this->parent->mutex); + this->destroyable->wait(this->destroyable, this->mutex); + this->parent->mutex->lock(this->parent->mutex); + } + this->parent->children->remove(this->parent->children, this, NULL); + this->parent->mutex->unlock(this->parent->mutex); + this->parent = NULL; + } +} + +/** + * Implements job_t.destroy. + */ +static void destroy(private_callback_job_t *this) +{ + this->mutex->lock(this->mutex); + unregister(this); + if (this->cleanup) + { + this->cleanup(this->data); + } + if (this->terminated) + { + sem_post(this->terminated); + } + this->children->destroy(this->children); + this->destroyable->destroy(this->destroyable); + this->mutex->unlock(this->mutex); + this->mutex->destroy(this->mutex); + free(this); +} + +/** + * Implementation of callback_job_t.cancel. + */ +static void cancel(private_callback_job_t *this) +{ + callback_job_t *child; + sem_t *terminated = NULL; + + this->mutex->lock(this->mutex); + this->cancelled = TRUE; + /* terminate children */ + while (this->children->get_first(this->children, (void**)&child) == SUCCESS) + { + this->mutex->unlock(this->mutex); + child->cancel(child); + this->mutex->lock(this->mutex); + } + if (this->thread) + { + /* terminate the thread, if there is currently one executing the job. + * we wait for its termination using a semaphore */ + this->thread->cancel(this->thread); + terminated = this->terminated = malloc_thing(sem_t); + sem_init(terminated, 0, 0); + } + else + { + /* if the job is currently queued, it gets terminated later. + * we can't wait, because it might not get executed at all. + * we also unregister the queued job manually from its parent (the + * others get unregistered during destruction) */ + unregister(this); + } + this->destroyable->signal(this->destroyable); + this->mutex->unlock(this->mutex); + + if (terminated) + { + sem_wait(terminated); + sem_destroy(terminated); + free(terminated); + } +} + +/** + * Implementation of job_t.execute. + */ +static void execute(private_callback_job_t *this) +{ + bool cleanup = FALSE, requeue = FALSE; + + thread_cleanup_push((thread_cleanup_t)destroy, this); + + this->mutex->lock(this->mutex); + this->thread = thread_current(); + this->mutex->unlock(this->mutex); + + while (TRUE) + { + this->mutex->lock(this->mutex); + if (this->cancelled) + { + this->mutex->unlock(this->mutex); + cleanup = TRUE; + break; + } + this->mutex->unlock(this->mutex); + switch (this->callback(this->data)) + { + case JOB_REQUEUE_DIRECT: + continue; + case JOB_REQUEUE_FAIR: + { + requeue = TRUE; + break; + } + case JOB_REQUEUE_NONE: + default: + { + cleanup = TRUE; + break; + } + } + break; + } + this->mutex->lock(this->mutex); + this->thread = NULL; + this->mutex->unlock(this->mutex); + /* manually create a cancellation point to avoid that a cancelled thread + * goes back into the thread pool */ + thread_cancellation_point(); + if (requeue) + { + charon->processor->queue_job(charon->processor, + &this->public.job_interface); + } + thread_cleanup_pop(cleanup); +} + +/* + * Described in header. + */ +callback_job_t *callback_job_create(callback_job_cb_t cb, void *data, + callback_job_cleanup_t cleanup, + callback_job_t *parent) +{ + private_callback_job_t *this = malloc_thing(private_callback_job_t); + + /* interface functions */ + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*) (job_t *)) destroy; + this->public.cancel = (void(*)(callback_job_t*))cancel; + + /* private variables */ + this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); + this->callback = cb; + this->data = data; + this->cleanup = cleanup; + this->thread = 0; + this->children = linked_list_create(); + this->parent = (private_callback_job_t*)parent; + this->cancelled = FALSE; + this->destroyable = condvar_create(CONDVAR_TYPE_DEFAULT); + this->terminated = NULL; + + /* register us at parent */ + if (parent) + { + this->parent->mutex->lock(this->parent->mutex); + this->parent->children->insert_last(this->parent->children, this); + this->parent->mutex->unlock(this->parent->mutex); + } + + return &this->public; +} + diff --git a/src/libcharon/processing/jobs/callback_job.h b/src/libcharon/processing/jobs/callback_job.h new file mode 100644 index 000000000..62da1edd1 --- /dev/null +++ b/src/libcharon/processing/jobs/callback_job.h @@ -0,0 +1,118 @@ +/* + * Copyright (C) 2007 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup callback_job callback_job + * @{ @ingroup jobs + */ + +#ifndef CALLBACK_JOB_H_ +#define CALLBACK_JOB_H_ + +typedef struct callback_job_t callback_job_t; + +#include +#include + + +typedef enum job_requeue_t job_requeue_t; + +/** + * Job requeueing policy + * + * The job requeueing policy defines how a job is handled when the callback + * function returns. + */ +enum job_requeue_t { + + /** + * Do not requeue job, destroy it + */ + JOB_REQUEUE_NONE, + + /** + * Reque the job fairly, meaning it has to requeue as any other job + */ + JOB_REQUEUE_FAIR, + + /** + * Reexecute the job directly, without the need of requeueing it + */ + JOB_REQUEUE_DIRECT, +}; + +/** + * The callback function to use for the callback job. + * + * This is the function to use as callback for a callback job. It receives + * a parameter supplied to the callback jobs constructor. + * + * @param data param supplied to job + * @return requeing policy how to requeue the job + */ +typedef job_requeue_t (*callback_job_cb_t)(void *data); + +/** + * Cleanup function to use for data cleanup. + * + * The callback has an optional user argument which receives data. However, + * this data may be cleaned up if it is allocated. This is the function + * to supply to the constructor. + * + * @param data param supplied to job + * @return requeing policy how to requeue the job + */ +typedef void (*callback_job_cleanup_t)(void *data); + +/** + * Class representing an callback Job. + * + * This is a special job which allows a simple callback function to + * be executed by a thread of the thread pool. This allows simple execution + * of asynchronous methods, without to manage threads. + */ +struct callback_job_t { + /** + * The job_t interface. + */ + job_t job_interface; + + /** + * Cancel the job's thread and wait for its termination. This only works + * reliably for jobs that always use JOB_REQUEUE_FAIR or JOB_REQUEUE_DIRECT, + * otherwise the job may already be destroyed when cancel is called. */ + void (*cancel)(callback_job_t *this); +}; + +/** + * Creates a callback job. + * + * The cleanup function is called when the job gets destroyed to destroy + * the associated data. + * If parent is not NULL, the specified job gets an association. Whenever + * the parent gets cancelled (or runs out), all of its children are cancelled, + * too. + * + * @param cb callback to call from the processor + * @param data user data to supply to callback + * @param cleanup destructor for data on destruction, or NULL + * @param parent parent of this job + * @return callback_job_t object + */ +callback_job_t *callback_job_create(callback_job_cb_t cb, void *data, + callback_job_cleanup_t cleanup, + callback_job_t *parent); + +#endif /** CALLBACK_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/delete_child_sa_job.c b/src/libcharon/processing/jobs/delete_child_sa_job.c new file mode 100644 index 000000000..ca55721f2 --- /dev/null +++ b/src/libcharon/processing/jobs/delete_child_sa_job.c @@ -0,0 +1,100 @@ +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "delete_child_sa_job.h" + +#include + + +typedef struct private_delete_child_sa_job_t private_delete_child_sa_job_t; + +/** + * Private data of an delete_child_sa_job_t object. + */ +struct private_delete_child_sa_job_t { + /** + + * Public delete_child_sa_job_t interface. + */ + delete_child_sa_job_t public; + + /** + * reqid of the CHILD_SA + */ + u_int32_t reqid; + + /** + * protocol of the CHILD_SA (ESP/AH) + */ + protocol_id_t protocol; + + /** + * inbound SPI of the CHILD_SA + */ + u_int32_t spi; +}; + +/** + * Implementation of job_t.destroy. + */ +static void destroy(private_delete_child_sa_job_t *this) +{ + free(this); +} + +/** + * Implementation of job_t.execute. + */ +static void execute(private_delete_child_sa_job_t *this) +{ + ike_sa_t *ike_sa; + + ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, + this->reqid, TRUE); + if (ike_sa == NULL) + { + DBG1(DBG_JOB, "CHILD_SA with reqid %d not found for delete", + this->reqid); + } + else + { + ike_sa->delete_child_sa(ike_sa, this->protocol, this->spi); + + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + } + destroy(this); +} + +/* + * Described in header + */ +delete_child_sa_job_t *delete_child_sa_job_create(u_int32_t reqid, + protocol_id_t protocol, + u_int32_t spi) +{ + private_delete_child_sa_job_t *this = malloc_thing(private_delete_child_sa_job_t); + + /* interface functions */ + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*)(job_t*)) destroy; + + /* private variables */ + this->reqid = reqid; + this->protocol = protocol; + this->spi = spi; + + return &this->public; +} + diff --git a/src/libcharon/processing/jobs/delete_child_sa_job.h b/src/libcharon/processing/jobs/delete_child_sa_job.h new file mode 100644 index 000000000..662a7b7c7 --- /dev/null +++ b/src/libcharon/processing/jobs/delete_child_sa_job.h @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup delete_child_sa_job delete_child_sa_job + * @{ @ingroup jobs + */ + +#ifndef DELETE_CHILD_SA_JOB_H_ +#define DELETE_CHILD_SA_JOB_H_ + +typedef struct delete_child_sa_job_t delete_child_sa_job_t; + +#include +#include +#include +#include + + +/** + * Class representing an DELETE_CHILD_SA Job. + * + * This job initiates the delete of a CHILD SA. + */ +struct delete_child_sa_job_t { + /** + * The job_t interface. + */ + job_t job_interface; +}; + +/** + * Creates a job of type DELETE_CHILD_SA. + * + * The CHILD_SA is identified by its reqid, protocol (AH/ESP) and its + * inbound SPI. + * + * @param reqid reqid of the CHILD_SA, as used in kernel + * @param protocol protocol of the CHILD_SA + * @param spi security parameter index of the CHILD_SA + * @return delete_child_sa_job_t object + */ +delete_child_sa_job_t *delete_child_sa_job_create(u_int32_t reqid, + protocol_id_t protocol, + u_int32_t spi); + +#endif /** DELETE_CHILD_SA_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/delete_ike_sa_job.c b/src/libcharon/processing/jobs/delete_ike_sa_job.c new file mode 100644 index 000000000..dffd08ba3 --- /dev/null +++ b/src/libcharon/processing/jobs/delete_ike_sa_job.c @@ -0,0 +1,116 @@ +/* + * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "delete_ike_sa_job.h" + +#include + +typedef struct private_delete_ike_sa_job_t private_delete_ike_sa_job_t; + +/** + * Private data of an delete_ike_sa_job_t Object + */ +struct private_delete_ike_sa_job_t { + /** + * public delete_ike_sa_job_t interface + */ + delete_ike_sa_job_t public; + + /** + * ID of the ike_sa to delete + */ + ike_sa_id_t *ike_sa_id; + + /** + * Should the IKE_SA be deleted if it is in ESTABLISHED state? + */ + bool delete_if_established; +}; + + +/** + * Implements job_t.destroy. + */ +static void destroy(private_delete_ike_sa_job_t *this) +{ + this->ike_sa_id->destroy(this->ike_sa_id); + free(this); +} + +/** + * Implementation of job_t.execute. + */ +static void execute(private_delete_ike_sa_job_t *this) +{ + ike_sa_t *ike_sa; + + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + this->ike_sa_id); + if (ike_sa) + { + if (ike_sa->get_state(ike_sa) == IKE_PASSIVE) + { + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + return destroy(this); + } + if (this->delete_if_established) + { + if (ike_sa->delete(ike_sa) == DESTROY_ME) + { + charon->ike_sa_manager->checkin_and_destroy( + charon->ike_sa_manager, ike_sa); + } + else + { + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + } + } + else + { + /* destroy only if not ESTABLISHED */ + if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED) + { + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + } + else + { + DBG1(DBG_JOB, "deleting half open IKE_SA after timeout"); + charon->ike_sa_manager->checkin_and_destroy( + charon->ike_sa_manager, ike_sa); + } + } + } + destroy(this); +} + +/* + * Described in header + */ +delete_ike_sa_job_t *delete_ike_sa_job_create(ike_sa_id_t *ike_sa_id, + bool delete_if_established) +{ + private_delete_ike_sa_job_t *this = malloc_thing(private_delete_ike_sa_job_t); + + /* interface functions */ + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*)(job_t *)) destroy;; + + /* private variables */ + this->ike_sa_id = ike_sa_id->clone(ike_sa_id); + this->delete_if_established = delete_if_established; + + return &(this->public); +} diff --git a/src/libcharon/processing/jobs/delete_ike_sa_job.h b/src/libcharon/processing/jobs/delete_ike_sa_job.h new file mode 100644 index 000000000..f641deea3 --- /dev/null +++ b/src/libcharon/processing/jobs/delete_ike_sa_job.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup delete_child_sa_job delete_child_sa_job + * @{ @ingroup jobs + */ + +#ifndef DELETE_IKE_SA_JOB_H_ +#define DELETE_IKE_SA_JOB_H_ + +typedef struct delete_ike_sa_job_t delete_ike_sa_job_t; + +#include +#include +#include + + +/** + * Class representing an DELETE_IKE_SA Job. + * + * This job is responsible for deleting established or half open IKE_SAs. + * A half open IKE_SA is every IKE_SA which hasn't reache the SA_ESTABLISHED + * state. + */ +struct delete_ike_sa_job_t { + + /** + * The job_t interface. + */ + job_t job_interface; +}; + +/** + * Creates a job of type DELETE_IKE_SA. + * + * @param ike_sa_id id of the IKE_SA to delete + * @param delete_if_established should the IKE_SA be deleted if it is established? + * @return created delete_ike_sa_job_t object + */ +delete_ike_sa_job_t *delete_ike_sa_job_create(ike_sa_id_t *ike_sa_id, + bool delete_if_established); + +#endif /** DELETE_IKE_SA_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/inactivity_job.c b/src/libcharon/processing/jobs/inactivity_job.c new file mode 100644 index 000000000..13fc5e3d0 --- /dev/null +++ b/src/libcharon/processing/jobs/inactivity_job.c @@ -0,0 +1,150 @@ +/* + * Copyright (C) 2010 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "inactivity_job.h" + +#include + +typedef struct private_inactivity_job_t private_inactivity_job_t; + +/** + * Private data of an inactivity_job_t object. + */ +struct private_inactivity_job_t { + + /** + * Public inactivity_job_t interface. + */ + inactivity_job_t public; + + /** + * Reqid of CHILD_SA to check + */ + u_int32_t reqid; + + /** + * Inactivity timeout + */ + u_int32_t timeout; + + /** + * Close IKE_SA if last remaining CHILD inactive? + */ + bool close_ike; +}; + +METHOD(job_t, destroy, void, + private_inactivity_job_t *this) +{ + free(this); +} + +METHOD(job_t, execute, void, + private_inactivity_job_t *this) +{ + ike_sa_t *ike_sa; + bool rescheduled = FALSE; + + ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, + this->reqid, TRUE); + if (ike_sa) + { + iterator_t *iterator; + child_sa_t *child_sa; + u_int32_t delete = 0; + protocol_id_t proto = 0; + int children = 0; + status_t status = SUCCESS; + + iterator = ike_sa->create_child_sa_iterator(ike_sa); + while (iterator->iterate(iterator, (void**)&child_sa)) + { + if (child_sa->get_reqid(child_sa) == this->reqid) + { + time_t in, out, diff; + + child_sa->get_usestats(child_sa, TRUE, &in, NULL); + child_sa->get_usestats(child_sa, FALSE, &out, NULL); + + diff = time_monotonic(NULL) - max(in, out); + + if (diff >= this->timeout) + { + delete = child_sa->get_spi(child_sa, TRUE); + proto = child_sa->get_protocol(child_sa); + } + else + { + charon->scheduler->schedule_job(charon->scheduler, + &this->public.job_interface, this->timeout - diff); + rescheduled = TRUE; + } + } + children++; + } + iterator->destroy(iterator); + + if (delete) + { + if (children == 1 && this->close_ike) + { + DBG1(DBG_JOB, "deleting IKE_SA after %d seconds " + "of CHILD_SA inactivity", this->timeout); + status = ike_sa->delete(ike_sa); + } + else + { + DBG1(DBG_JOB, "deleting CHILD_SA after %d seconds " + "of inactivity", this->timeout); + status = ike_sa->delete_child_sa(ike_sa, proto, delete); + } + } + if (status == DESTROY_ME) + { + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, + ike_sa); + } + else + { + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + } + } + if (!rescheduled) + { + destroy(this); + } +} + +/** + * See header + */ +inactivity_job_t *inactivity_job_create(u_int32_t reqid, u_int32_t timeout, + bool close_ike) +{ + private_inactivity_job_t *this; + + INIT(this, + .public.job_interface = { + .execute = _execute, + .destroy = _destroy, + }, + .reqid = reqid, + .timeout = timeout, + .close_ike = close_ike, + ); + + return &this->public; +} + diff --git a/src/libcharon/processing/jobs/inactivity_job.h b/src/libcharon/processing/jobs/inactivity_job.h new file mode 100644 index 000000000..9c9daced8 --- /dev/null +++ b/src/libcharon/processing/jobs/inactivity_job.h @@ -0,0 +1,53 @@ +/* + * Copyright (C) 2010 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup inactivity_job inactivity_job + * @{ @ingroup jobs + */ + +#ifndef INACTIVITY_JOB_H_ +#define INACTIVITY_JOB_H_ + +#include +#include + +typedef struct inactivity_job_t inactivity_job_t; + +/** + * Job checking for inactivity of CHILD_SA to close them. + * + * The inactivity job reschedules itself to check CHILD_SAs prediodically. + */ +struct inactivity_job_t { + + /** + * Implements job_t. + */ + job_t job_interface; +}; + +/** + * Create a inactivity_job instance. + * + * @param reqid reqid of CHILD_SA to check for inactivity + * @param timeout inactivity timeout in s + * @param close_ike close IKE_SA if the last remaining CHILD_SA is inactive? + * @return inactivity checking job + */ +inactivity_job_t *inactivity_job_create(u_int32_t reqid, u_int32_t timeout, + bool close_ike); + +#endif /** INACTIVITY_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/initiate_mediation_job.c b/src/libcharon/processing/jobs/initiate_mediation_job.c new file mode 100644 index 000000000..ffe8755e2 --- /dev/null +++ b/src/libcharon/processing/jobs/initiate_mediation_job.c @@ -0,0 +1,271 @@ +/* + * Copyright (C) 2007-2008 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "initiate_mediation_job.h" + +#include +#include + + +typedef struct private_initiate_mediation_job_t private_initiate_mediation_job_t; + +/** + * Private data of an initiate_mediation_job_t Object + */ +struct private_initiate_mediation_job_t { + /** + * public initiate_mediation_job_t interface + */ + initiate_mediation_job_t public; + + /** + * ID of the IKE_SA of the mediated connection. + */ + ike_sa_id_t *mediated_sa_id; + + /** + * ID of the IKE_SA of the mediation connection. + */ + ike_sa_id_t *mediation_sa_id; +}; + +/** + * Implements job_t.destroy. + */ +static void destroy(private_initiate_mediation_job_t *this) +{ + DESTROY_IF(this->mediation_sa_id); + DESTROY_IF(this->mediated_sa_id); + free(this); +} + +/** + * Callback to handle initiation of mediation connection + */ +static bool initiate_callback(private_initiate_mediation_job_t *this, + debug_t group, level_t level, ike_sa_t *ike_sa, + char *format, va_list args) +{ + if (ike_sa && !this->mediation_sa_id) + { + this->mediation_sa_id = ike_sa->get_id(ike_sa); + this->mediation_sa_id = this->mediation_sa_id->clone(this->mediation_sa_id); + } + return TRUE; +} + +/** + * Implementation of job_t.execute. + */ +static void initiate(private_initiate_mediation_job_t *this) +{ + ike_sa_t *mediated_sa, *mediation_sa; + peer_cfg_t *mediated_cfg, *mediation_cfg; + enumerator_t *enumerator; + auth_cfg_t *auth_cfg; + + mediated_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + this->mediated_sa_id); + if (mediated_sa) + { + DBG1(DBG_IKE, "initiating mediation connection"); + mediated_cfg = mediated_sa->get_peer_cfg(mediated_sa); + mediated_cfg->get_ref(mediated_cfg); + + charon->ike_sa_manager->checkin(charon->ike_sa_manager, mediated_sa); + + mediation_cfg = mediated_cfg->get_mediated_by(mediated_cfg); + mediation_cfg->get_ref(mediation_cfg); + + enumerator = mediation_cfg->create_auth_cfg_enumerator(mediation_cfg, + TRUE); + if (!enumerator->enumerate(enumerator, &auth_cfg) || + auth_cfg->get(auth_cfg, AUTH_RULE_IDENTITY) == NULL) + { + mediated_cfg->destroy(mediated_cfg); + mediation_cfg->destroy(mediation_cfg); + enumerator->destroy(enumerator); + destroy(this); + return; + } + enumerator->destroy(enumerator); + + if (charon->connect_manager->check_and_register(charon->connect_manager, + auth_cfg->get(auth_cfg, AUTH_RULE_IDENTITY), + mediated_cfg->get_peer_id(mediated_cfg), + this->mediated_sa_id)) + { + mediated_cfg->destroy(mediated_cfg); + mediation_cfg->destroy(mediation_cfg); + + mediated_sa = charon->ike_sa_manager->checkout( + charon->ike_sa_manager, this->mediated_sa_id); + if (mediated_sa) + { + DBG1(DBG_IKE, "mediation with the same peer is already in " + "progress, queued"); + charon->ike_sa_manager->checkin( + charon->ike_sa_manager, mediated_sa); + } + destroy(this); + return; + } + /* we need an additional reference because initiate consumes one */ + mediation_cfg->get_ref(mediation_cfg); + + if (charon->controller->initiate(charon->controller, mediation_cfg, + NULL, (controller_cb_t)initiate_callback, this) != SUCCESS) + { + mediation_cfg->destroy(mediation_cfg); + mediated_cfg->destroy(mediated_cfg); + mediated_sa = charon->ike_sa_manager->checkout( + charon->ike_sa_manager, this->mediated_sa_id); + if (mediated_sa) + { + DBG1(DBG_IKE, "initiating mediation connection failed"); + charon->ike_sa_manager->checkin_and_destroy( + charon->ike_sa_manager, mediated_sa); + } + destroy(this); + return; + } + mediation_cfg->destroy(mediation_cfg); + + mediation_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + this->mediation_sa_id); + if (mediation_sa) + { + if (mediation_sa->initiate_mediation(mediation_sa, + mediated_cfg) != SUCCESS) + { + mediated_cfg->destroy(mediated_cfg); + charon->ike_sa_manager->checkin_and_destroy( + charon->ike_sa_manager, mediation_sa); + mediated_sa = charon->ike_sa_manager->checkout( + charon->ike_sa_manager, this->mediated_sa_id); + if (mediated_sa) + { + DBG1(DBG_IKE, "establishing mediation connection failed"); + charon->ike_sa_manager->checkin_and_destroy( + charon->ike_sa_manager, mediated_sa); + } + destroy(this); + return; + } + charon->ike_sa_manager->checkin(charon->ike_sa_manager, + mediation_sa); + } + mediated_cfg->destroy(mediated_cfg); + } + destroy(this); +} + +/** + * Implementation of job_t.execute. + */ +static void reinitiate(private_initiate_mediation_job_t *this) +{ + ike_sa_t *mediated_sa, *mediation_sa; + peer_cfg_t *mediated_cfg; + + mediated_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + this->mediated_sa_id); + if (mediated_sa) + { + mediated_cfg = mediated_sa->get_peer_cfg(mediated_sa); + mediated_cfg->get_ref(mediated_cfg); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, mediated_sa); + + mediation_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + this->mediation_sa_id); + if (mediation_sa) + { + if (mediation_sa->initiate_mediation(mediation_sa, + mediated_cfg) != SUCCESS) + { + DBG1(DBG_JOB, "initiating mediated connection '%s' failed", + mediated_cfg->get_name(mediated_cfg)); + mediated_cfg->destroy(mediated_cfg); + charon->ike_sa_manager->checkin_and_destroy( + charon->ike_sa_manager, + mediation_sa); + mediated_sa = charon->ike_sa_manager->checkout( + charon->ike_sa_manager, + this->mediated_sa_id); + if (mediated_sa) + { + DBG1(DBG_IKE, "establishing mediation connection failed"); + charon->ike_sa_manager->checkin_and_destroy( + charon->ike_sa_manager, + mediated_sa); + } + destroy(this); + return; + } + charon->ike_sa_manager->checkin(charon->ike_sa_manager, + mediation_sa); + } + + mediated_cfg->destroy(mediated_cfg); + } + destroy(this); +} + +/** + * Creates an empty job + */ +static private_initiate_mediation_job_t *initiate_mediation_job_create_empty() +{ + private_initiate_mediation_job_t *this = malloc_thing(private_initiate_mediation_job_t); + + /* interface functions */ + this->public.job_interface.destroy = (void (*) (job_t *)) destroy; + + /* private variables */ + this->mediation_sa_id = NULL; + this->mediated_sa_id = NULL; + + return this; +} + +/* + * Described in header + */ +initiate_mediation_job_t *initiate_mediation_job_create(ike_sa_id_t *ike_sa_id) +{ + private_initiate_mediation_job_t *this = initiate_mediation_job_create_empty(); + + this->public.job_interface.execute = (void (*) (job_t *)) initiate; + + this->mediated_sa_id = ike_sa_id->clone(ike_sa_id); + + return &this->public; +} + +/* + * Described in header + */ +initiate_mediation_job_t *reinitiate_mediation_job_create(ike_sa_id_t *mediation_sa_id, + ike_sa_id_t *mediated_sa_id) +{ + private_initiate_mediation_job_t *this = initiate_mediation_job_create_empty(); + + this->public.job_interface.execute = (void (*) (job_t *)) reinitiate; + + this->mediation_sa_id = mediation_sa_id->clone(mediation_sa_id); + this->mediated_sa_id = mediated_sa_id->clone(mediated_sa_id); + + return &this->public; +} diff --git a/src/libcharon/processing/jobs/initiate_mediation_job.h b/src/libcharon/processing/jobs/initiate_mediation_job.h new file mode 100644 index 000000000..fddb1dd7b --- /dev/null +++ b/src/libcharon/processing/jobs/initiate_mediation_job.h @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2007-2008 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup initiate_mediation_job initiate_mediation_job + * @{ @ingroup jobs + */ + +#ifndef INITIATE_MEDIATION_JOB_H_ +#define INITIATE_MEDIATION_JOB_H_ + +typedef struct initiate_mediation_job_t initiate_mediation_job_t; + +#include +#include + +/** + * Class representing a INITIATE_MEDIATION Job. + * + * This job will initiate a mediation on behalf of a mediated connection. + * If required the mediation connection is established. + */ +struct initiate_mediation_job_t { + /** + * implements job_t interface + */ + job_t job_interface; +}; + +/** + * Creates a job of type INITIATE_MEDIATION. + * + * @param ike_sa_id identification of the ike_sa as ike_sa_id_t object (gets cloned) + * @return job object + */ +initiate_mediation_job_t *initiate_mediation_job_create(ike_sa_id_t *ike_sa_id); + +/** + * Creates a special job of type INITIATE_MEDIATION that reinitiates a + * specific connection. + * + * @param mediation_sa_id identification of the mediation sa (gets cloned) + * @param mediated_sa_id identification of the mediated sa (gets cloned) + * @return job object + */ +initiate_mediation_job_t *reinitiate_mediation_job_create( + ike_sa_id_t *mediation_sa_id, + ike_sa_id_t *mediated_sa_id); + +#endif /** INITIATE_MEDIATION_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/job.h b/src/libcharon/processing/jobs/job.h new file mode 100644 index 000000000..0f1c16ebe --- /dev/null +++ b/src/libcharon/processing/jobs/job.h @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup job job + * @{ @ingroup jobs + */ + +#ifndef JOB_H_ +#define JOB_H_ + +typedef struct job_t job_t; + +#include + +/** + * Job-Interface as it is stored in the job queue. + */ +struct job_t { + + /** + * Execute a job. + * + * The processing facility executes a job using this method. Jobs are + * one-shot, they destroy themself after execution, so don't use a job + * once it has been executed. + */ + void (*execute) (job_t *this); + + /** + * Destroy a job. + * + * Is only called whenever a job was not executed (e.g. due daemon shutdown). + * After execution, jobs destroy themself. + */ + void (*destroy) (job_t *job); +}; + +#endif /** JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/mediation_job.c b/src/libcharon/processing/jobs/mediation_job.c new file mode 100644 index 000000000..b5b8af3b3 --- /dev/null +++ b/src/libcharon/processing/jobs/mediation_job.c @@ -0,0 +1,195 @@ +/* + * Copyright (C) 2007 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "mediation_job.h" + +#include +#include + + +typedef struct private_mediation_job_t private_mediation_job_t; + +/** + * Private data of an mediation_job_t Object + */ +struct private_mediation_job_t { + /** + * public mediation_job_t interface + */ + mediation_job_t public; + + /** + * ID of target peer. + */ + identification_t *target; + + /** + * ID of the source peer. + */ + identification_t *source; + + /** + * ME_CONNECTID + */ + chunk_t connect_id; + + /** + * ME_CONNECTKEY + */ + chunk_t connect_key; + + /** + * Submitted endpoints + */ + linked_list_t *endpoints; + + /** + * Is this a callback job? + */ + bool callback; + + /** + * Is this a response? + */ + bool response; +}; + +/** + * Implements job_t.destroy. + */ +static void destroy(private_mediation_job_t *this) +{ + DESTROY_IF(this->target); + DESTROY_IF(this->source); + chunk_free(&this->connect_id); + chunk_free(&this->connect_key); + DESTROY_OFFSET_IF(this->endpoints, offsetof(endpoint_notify_t, destroy)); + free(this); +} + +/** + * Implementation of job_t.execute. + */ +static void execute(private_mediation_job_t *this) +{ + ike_sa_id_t *target_sa_id; + + target_sa_id = charon->mediation_manager->check(charon->mediation_manager, this->target); + + if (target_sa_id) + { + ike_sa_t *target_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + target_sa_id); + if (target_sa) + { + if (this->callback) + { + /* send callback to a peer */ + if (target_sa->callback(target_sa, this->source) != SUCCESS) + { + DBG1(DBG_JOB, "callback for '%Y' to '%Y' failed", + this->source, this->target); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, target_sa); + destroy(this); + return; + } + } + else + { + /* normal mediation between two peers */ + if (target_sa->relay(target_sa, this->source, this->connect_id, + this->connect_key, this->endpoints, this->response) != SUCCESS) + { + DBG1(DBG_JOB, "mediation between '%Y' and '%Y' failed", + this->source, this->target); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, target_sa); + /* FIXME: notify the initiator */ + destroy(this); + return; + } + } + + charon->ike_sa_manager->checkin(charon->ike_sa_manager, target_sa); + } + else + { + DBG1(DBG_JOB, "mediation between '%Y' and '%Y' failed: " + "SA not found", this->source, this->target); + } + } + else + { + DBG1(DBG_JOB, "mediation between '%Y' and '%Y' failed: " + "peer is not online anymore", this->source, this->target); + } + destroy(this); +} + +/** + * Creates an empty mediation job + */ +static private_mediation_job_t *mediation_job_create_empty() +{ + private_mediation_job_t *this = malloc_thing(private_mediation_job_t); + + /* interface functions */ + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*) (job_t *)) destroy; + + /* private variables */ + this->target = NULL; + this->source = NULL; + this->callback = FALSE; + this->connect_id = chunk_empty; + this->connect_key = chunk_empty; + this->endpoints = NULL; + this->response = FALSE; + + return this; +} + +/* + * Described in header + */ +mediation_job_t *mediation_job_create(identification_t *peer_id, + identification_t *requester, chunk_t connect_id, chunk_t connect_key, + linked_list_t *endpoints, bool response) +{ + private_mediation_job_t *this = mediation_job_create_empty(); + + this->target = peer_id->clone(peer_id); + this->source = requester->clone(requester); + this->connect_id = chunk_clone(connect_id); + this->connect_key = chunk_clone(connect_key); + this->endpoints = endpoints->clone_offset(endpoints, offsetof(endpoint_notify_t, clone)); + this->response = response; + + return &this->public; +} + +/* + * Described in header + */ +mediation_job_t *mediation_callback_job_create(identification_t *requester, + identification_t *peer_id) +{ + private_mediation_job_t *this = mediation_job_create_empty(); + + this->target = requester->clone(requester); + this->source = peer_id->clone(peer_id); + this->callback = TRUE; + + return &this->public; +} diff --git a/src/libcharon/processing/jobs/mediation_job.h b/src/libcharon/processing/jobs/mediation_job.h new file mode 100644 index 000000000..0574c65eb --- /dev/null +++ b/src/libcharon/processing/jobs/mediation_job.h @@ -0,0 +1,74 @@ +/* + * Copyright (C) 2007 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup mediation_job mediation_job + * @{ @ingroup jobs + */ + +#ifndef MEDIATION_JOB_H_ +#define MEDIATION_JOB_H_ + +typedef struct mediation_job_t mediation_job_t; + +#include +#include +#include +#include + +/** + * Class representing a MEDIATION Job. + * + * This job handles the mediation on the mediation server. + */ +struct mediation_job_t { + /** + * implements job_t interface + */ + job_t job_interface; +}; + +/** + * Creates a job of type MEDIATION. + * + * Parameters get cloned. + * + * @param peer_id ID of the requested peer + * @param requester ID of the requesting peer + * @param connect_id content of ME_CONNECTID (could be NULL) + * @param connect_key content of ME_CONNECTKEY + * @param endpoints list of submitted endpoints + * @param response TRUE if this is a response + * @return job object + */ +mediation_job_t *mediation_job_create(identification_t *peer_id, + identification_t *requester, chunk_t connect_id, chunk_t connect_key, + linked_list_t *endpoints, bool response); + + +/** + * Creates a special job of type MEDIATION that is used to send a callback + * notification to a peer. + * + * Parameters get cloned. + * + * @param requester ID of the waiting peer + * @param peer_id ID of the requested peer + * @return job object + */ +mediation_job_t *mediation_callback_job_create(identification_t *requester, + identification_t *peer_id); + +#endif /** MEDIATION_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/migrate_job.c b/src/libcharon/processing/jobs/migrate_job.c new file mode 100644 index 000000000..05f47340c --- /dev/null +++ b/src/libcharon/processing/jobs/migrate_job.c @@ -0,0 +1,150 @@ +/* + * Copyright (C) 2008 Andreas Steffen + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "migrate_job.h" + +#include + +#include + + +typedef struct private_migrate_job_t private_migrate_job_t; + +/** + * Private data of a migrate_job_t object. + */ +struct private_migrate_job_t { + /** + * Public migrate_job_t interface. + */ + migrate_job_t public; + + /** + * reqid of the CHILD_SA if it already exists + */ + u_int32_t reqid; + + /** + * source traffic selector + */ + traffic_selector_t *src_ts; + + /** + * destination traffic selector + */ + traffic_selector_t *dst_ts; + + /** + * local host address to be used for IKE + */ + host_t *local; + + /** + * remote host address to be used for IKE + */ + host_t *remote; +}; + +/** + * Implementation of job_t.destroy. + */ +static void destroy(private_migrate_job_t *this) +{ + DESTROY_IF(this->src_ts); + DESTROY_IF(this->dst_ts); + DESTROY_IF(this->local); + DESTROY_IF(this->remote); + free(this); +} + +/** + * Implementation of job_t.execute. + */ +static void execute(private_migrate_job_t *this) +{ + ike_sa_t *ike_sa = NULL; + + if (this->reqid) + { + ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, + this->reqid, TRUE); + } + if (ike_sa) + { + iterator_t *children; + child_sa_t *child_sa; + host_t *host; + + children = ike_sa->create_child_sa_iterator(ike_sa); + while (children->iterate(children, (void**)&child_sa)) + { + if (child_sa->get_reqid(child_sa) == this->reqid) + { + break; + } + } + children->destroy(children); + DBG2(DBG_JOB, "found CHILD_SA with reqid {%d}", this->reqid); + + ike_sa->set_kmaddress(ike_sa, this->local, this->remote); + + host = this->local->clone(this->local); + host->set_port(host, IKEV2_UDP_PORT); + ike_sa->set_my_host(ike_sa, host); + + host = this->remote->clone(this->remote); + host->set_port(host, IKEV2_UDP_PORT); + ike_sa->set_other_host(ike_sa, host); + + if (child_sa->update(child_sa, this->local, this->remote, + ike_sa->get_virtual_ip(ike_sa, TRUE), + ike_sa->has_condition(ike_sa, COND_NAT_ANY)) == NOT_SUPPORTED) + { + ike_sa->rekey_child_sa(ike_sa, child_sa->get_protocol(child_sa), + child_sa->get_spi(child_sa, TRUE)); + } + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + } + else + { + DBG1(DBG_JOB, "no CHILD_SA found with reqid {%d}", this->reqid); + } + destroy(this); +} + +/* + * Described in header + */ +migrate_job_t *migrate_job_create(u_int32_t reqid, + traffic_selector_t *src_ts, + traffic_selector_t *dst_ts, + policy_dir_t dir, + host_t *local, host_t *remote) +{ + private_migrate_job_t *this = malloc_thing(private_migrate_job_t); + + /* interface functions */ + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*)(job_t*)) destroy; + + /* private variables */ + this->reqid = reqid; + this->src_ts = (dir == POLICY_OUT) ? src_ts : dst_ts; + this->dst_ts = (dir == POLICY_OUT) ? dst_ts : src_ts; + this->local = local; + this->remote = remote; + + return &this->public; +} diff --git a/src/libcharon/processing/jobs/migrate_job.h b/src/libcharon/processing/jobs/migrate_job.h new file mode 100644 index 000000000..de313d517 --- /dev/null +++ b/src/libcharon/processing/jobs/migrate_job.h @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2008 Andreas Steffen + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup migrate_job migrate_job + * @{ @ingroup jobs + */ + +#ifndef MIGRATE_JOB_H_ +#define MIGRATE_JOB_H_ + +typedef struct migrate_job_t migrate_job_t; + +#include +#include +#include +#include +#include + +/** + * Class representing a MIGRATE Job. + * + * This job sets a routed CHILD_SA for an existing IPsec policy. + */ +struct migrate_job_t { + /** + * The job_t interface. + */ + job_t job_interface; +}; + +/** + * Creates a job of type MIGRATE. + * + * We use the reqid or the traffic selectors to find a matching CHILD_SA. + * + * @param reqid reqid of the CHILD_SA to acquire + * @param src_ts source traffic selector to be used in the policy + * @param dst_ts destination traffic selector to be used in the policy + * @param dir direction of the policy (in|out) + * @param local local host address to be used in the IKE_SA + * @param remote remote host address to be used in the IKE_SA + * @return migrate_job_t object + */ +migrate_job_t *migrate_job_create(u_int32_t reqid, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, + policy_dir_t dir, host_t *local, host_t *remote); + +#endif /** MIGRATE_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/process_message_job.c b/src/libcharon/processing/jobs/process_message_job.c new file mode 100644 index 000000000..a47d48e38 --- /dev/null +++ b/src/libcharon/processing/jobs/process_message_job.c @@ -0,0 +1,106 @@ +/* + * Copyright (C) 2005-2007 Martin Willi + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "process_message_job.h" + +#include + +typedef struct private_process_message_job_t private_process_message_job_t; + +/** + * Private data of an process_message_job_t Object + */ +struct private_process_message_job_t { + /** + * public process_message_job_t interface + */ + process_message_job_t public; + + /** + * Message associated with this job + */ + message_t *message; +}; + +/** + * Implements job_t.destroy. + */ +static void destroy(private_process_message_job_t *this) +{ + this->message->destroy(this->message); + free(this); +} + +/** + * Implementation of job_t.execute. + */ +static void execute(private_process_message_job_t *this) +{ + ike_sa_t *ike_sa; + +#ifdef ME + /* if this is an unencrypted INFORMATIONAL exchange it is likely a + * connectivity check. */ + if (this->message->get_exchange_type(this->message) == INFORMATIONAL && + this->message->get_first_payload_type(this->message) != ENCRYPTED) + { + /* theoretically this could also be an error message + * see RFC 4306, section 1.5. */ + DBG1(DBG_NET, "received unencrypted informational: from %#H to %#H", + this->message->get_source(this->message), + this->message->get_destination(this->message)); + charon->connect_manager->process_check(charon->connect_manager, this->message); + destroy(this); + return; + } +#endif /* ME */ + + ike_sa = charon->ike_sa_manager->checkout_by_message(charon->ike_sa_manager, + this->message); + if (ike_sa) + { + DBG1(DBG_NET, "received packet: from %#H to %#H", + this->message->get_source(this->message), + this->message->get_destination(this->message)); + if (ike_sa->process_message(ike_sa, this->message) == DESTROY_ME) + { + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, + ike_sa); + } + else + { + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + } + } + destroy(this); +} + +/* + * Described in header + */ +process_message_job_t *process_message_job_create(message_t *message) +{ + private_process_message_job_t *this = malloc_thing(private_process_message_job_t); + + /* interface functions */ + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void(*)(job_t*))destroy; + + /* private variables */ + this->message = message; + + return &(this->public); +} diff --git a/src/libcharon/processing/jobs/process_message_job.h b/src/libcharon/processing/jobs/process_message_job.h new file mode 100644 index 000000000..5e3f44d1f --- /dev/null +++ b/src/libcharon/processing/jobs/process_message_job.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2005-2007 Martin Willi + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup process_message_job process_message_job + * @{ @ingroup jobs + */ + +#ifndef PROCESS_MESSAGE_JOB_H_ +#define PROCESS_MESSAGE_JOB_H_ + +typedef struct process_message_job_t process_message_job_t; + +#include +#include +#include + +/** + * Class representing an PROCESS_MESSAGE job. + */ +struct process_message_job_t { + /** + * implements job_t interface + */ + job_t job_interface; +}; + +/** + * Creates a job of type PROCESS_MESSAGE. + * + * @param message message to process + * @return created process_message_job_t object + */ +process_message_job_t *process_message_job_create(message_t *message); + +#endif /** PROCESS_MESSAGE_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/rekey_child_sa_job.c b/src/libcharon/processing/jobs/rekey_child_sa_job.c new file mode 100644 index 000000000..b797d181e --- /dev/null +++ b/src/libcharon/processing/jobs/rekey_child_sa_job.c @@ -0,0 +1,97 @@ +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "rekey_child_sa_job.h" + +#include + + +typedef struct private_rekey_child_sa_job_t private_rekey_child_sa_job_t; + +/** + * Private data of an rekey_child_sa_job_t object. + */ +struct private_rekey_child_sa_job_t { + /** + * Public rekey_child_sa_job_t interface. + */ + rekey_child_sa_job_t public; + + /** + * reqid of the child to rekey + */ + u_int32_t reqid; + + /** + * protocol of the CHILD_SA (ESP/AH) + */ + protocol_id_t protocol; + + /** + * inbound SPI of the CHILD_SA + */ + u_int32_t spi; +}; + +/** + * Implementation of job_t.destroy. + */ +static void destroy(private_rekey_child_sa_job_t *this) +{ + free(this); +} + +/** + * Implementation of job_t.execute. + */ +static void execute(private_rekey_child_sa_job_t *this) +{ + ike_sa_t *ike_sa; + + ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, + this->reqid, TRUE); + if (ike_sa == NULL) + { + DBG2(DBG_JOB, "CHILD_SA with reqid %d not found for rekeying", + this->reqid); + } + else + { + ike_sa->rekey_child_sa(ike_sa, this->protocol, this->spi); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + } + destroy(this); +} + +/* + * Described in header + */ +rekey_child_sa_job_t *rekey_child_sa_job_create(u_int32_t reqid, + protocol_id_t protocol, + u_int32_t spi) +{ + private_rekey_child_sa_job_t *this = malloc_thing(private_rekey_child_sa_job_t); + + /* interface functions */ + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*)(job_t*)) destroy; + + /* private variables */ + this->reqid = reqid; + this->protocol = protocol; + this->spi = spi; + + return &this->public; +} diff --git a/src/libcharon/processing/jobs/rekey_child_sa_job.h b/src/libcharon/processing/jobs/rekey_child_sa_job.h new file mode 100644 index 000000000..62887d6b9 --- /dev/null +++ b/src/libcharon/processing/jobs/rekey_child_sa_job.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup rekey_child_sa_job rekey_child_sa_job + * @{ @ingroup jobs + */ + +#ifndef REKEY_CHILD_SA_JOB_H_ +#define REKEY_CHILD_SA_JOB_H_ + +typedef struct rekey_child_sa_job_t rekey_child_sa_job_t; + +#include +#include +#include +#include + +/** + * Class representing an REKEY_CHILD_SA Job. + * + * This job initiates the rekeying of a CHILD SA. + */ +struct rekey_child_sa_job_t { + /** + * The job_t interface. + */ + job_t job_interface; +}; + +/** + * Creates a job of type REKEY_CHILD_SA. + * + * The CHILD_SA is identified by its protocol (AH/ESP) and its + * inbound SPI. + * + * @param reqid reqid of the CHILD_SA to rekey + * @param protocol protocol of the CHILD_SA + * @param spi security parameter index of the CHILD_SA + * @return rekey_child_sa_job_t object + */ +rekey_child_sa_job_t *rekey_child_sa_job_create(u_int32_t reqid, + protocol_id_t protocol, + u_int32_t spi); +#endif /** REKEY_CHILD_SA_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/rekey_ike_sa_job.c b/src/libcharon/processing/jobs/rekey_ike_sa_job.c new file mode 100644 index 000000000..5ec0b1b88 --- /dev/null +++ b/src/libcharon/processing/jobs/rekey_ike_sa_job.c @@ -0,0 +1,104 @@ +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "rekey_ike_sa_job.h" + +#include + +typedef struct private_rekey_ike_sa_job_t private_rekey_ike_sa_job_t; + +/** + * Private data of an rekey_ike_sa_job_t object. + */ +struct private_rekey_ike_sa_job_t { + /** + * Public rekey_ike_sa_job_t interface. + */ + rekey_ike_sa_job_t public; + + /** + * ID of the IKE_SA to rekey + */ + ike_sa_id_t *ike_sa_id; + + /** + * force reauthentication of the peer (full IKE_SA setup) + */ + bool reauth; +}; + +/** + * Implementation of job_t.destroy. + */ +static void destroy(private_rekey_ike_sa_job_t *this) +{ + this->ike_sa_id->destroy(this->ike_sa_id); + free(this); +} + +/** + * Implementation of job_t.execute. + */ +static void execute(private_rekey_ike_sa_job_t *this) +{ + ike_sa_t *ike_sa; + status_t status = SUCCESS; + + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + this->ike_sa_id); + if (ike_sa == NULL) + { + DBG2(DBG_JOB, "IKE_SA to rekey not found"); + } + else + { + if (this->reauth) + { + status = ike_sa->reauth(ike_sa); + } + else + { + status = ike_sa->rekey(ike_sa); + } + + if (status == DESTROY_ME) + { + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa); + } + else + { + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + } + } + destroy(this); +} + +/* + * Described in header + */ +rekey_ike_sa_job_t *rekey_ike_sa_job_create(ike_sa_id_t *ike_sa_id, bool reauth) +{ + private_rekey_ike_sa_job_t *this = malloc_thing(private_rekey_ike_sa_job_t); + + /* interface functions */ + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*)(job_t*)) destroy; + + /* private variables */ + this->ike_sa_id = ike_sa_id->clone(ike_sa_id); + this->reauth = reauth; + + return &(this->public); +} diff --git a/src/libcharon/processing/jobs/rekey_ike_sa_job.h b/src/libcharon/processing/jobs/rekey_ike_sa_job.h new file mode 100644 index 000000000..a5c1028aa --- /dev/null +++ b/src/libcharon/processing/jobs/rekey_ike_sa_job.h @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup rekey_ike_sa_job rekey_ike_sa_job + * @{ @ingroup jobs + */ + +#ifndef REKEY_IKE_SA_JOB_H_ +#define REKEY_IKE_SA_JOB_H_ + +typedef struct rekey_ike_sa_job_t rekey_ike_sa_job_t; + +#include +#include +#include + +/** + * Class representing an REKEY_IKE_SA Job. + * + * This job initiates the rekeying of an IKE_SA. + */ +struct rekey_ike_sa_job_t { + /** + * The job_t interface. + */ + job_t job_interface; +}; + +/** + * Creates a job of type REKEY_IKE_SA. + * + * @param ike_sa_id ID of the IKE_SA to rekey + * @param reauth TRUE to reauthenticate peer, FALSE for rekeying only + * @return rekey_ike_sa_job_t object + */ +rekey_ike_sa_job_t *rekey_ike_sa_job_create(ike_sa_id_t *ike_sa_id, bool reauth); + +#endif /** REKEY_IKE_SA_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/retransmit_job.c b/src/libcharon/processing/jobs/retransmit_job.c new file mode 100644 index 000000000..fc787f208 --- /dev/null +++ b/src/libcharon/processing/jobs/retransmit_job.c @@ -0,0 +1,93 @@ +/* + * Copyright (C) 2005-2007 Martin Willi + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "retransmit_job.h" + +#include + +typedef struct private_retransmit_job_t private_retransmit_job_t; + +/** + * Private data of an retransmit_job_t Object. + */ +struct private_retransmit_job_t { + /** + * Public retransmit_job_t interface. + */ + retransmit_job_t public; + + /** + * Message ID of the request to resend. + */ + u_int32_t message_id; + + /** + * ID of the IKE_SA which the message belongs to. + */ + ike_sa_id_t *ike_sa_id; +}; + +/** + * Implements job_t.destroy. + */ +static void destroy(private_retransmit_job_t *this) +{ + this->ike_sa_id->destroy(this->ike_sa_id); + free(this); +} + +/** + * Implementation of job_t.execute. + */ +static void execute(private_retransmit_job_t *this) +{ + ike_sa_t *ike_sa; + + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + this->ike_sa_id); + if (ike_sa) + { + if (ike_sa->retransmit(ike_sa, this->message_id) == DESTROY_ME) + { + /* retransmitted to many times, giving up */ + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, + ike_sa); + } + else + { + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + } + } + destroy(this); +} + +/* + * Described in header. + */ +retransmit_job_t *retransmit_job_create(u_int32_t message_id,ike_sa_id_t *ike_sa_id) +{ + private_retransmit_job_t *this = malloc_thing(private_retransmit_job_t); + + /* interface functions */ + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*) (job_t *)) destroy; + + /* private variables */ + this->message_id = message_id; + this->ike_sa_id = ike_sa_id->clone(ike_sa_id); + + return &this->public; +} diff --git a/src/libcharon/processing/jobs/retransmit_job.h b/src/libcharon/processing/jobs/retransmit_job.h new file mode 100644 index 000000000..c8c13479b --- /dev/null +++ b/src/libcharon/processing/jobs/retransmit_job.h @@ -0,0 +1,55 @@ +/* + * Copyright (C) 2005-2007 Martin Willi + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup retransmit_job retransmit_job + * @{ @ingroup jobs + */ + +#ifndef RETRANSMIT_JOB_H_ +#define RETRANSMIT_JOB_H_ + +typedef struct retransmit_job_t retransmit_job_t; + +#include +#include +#include + +/** + * Class representing an retransmit Job. + * + * This job is scheduled every time a request is sent over the + * wire. If the response to the request is not received at schedule + * time, the retransmission will be initiated. + */ +struct retransmit_job_t { + /** + * The job_t interface. + */ + job_t job_interface; +}; + +/** + * Creates a job of type retransmit. + * + * @param message_id message_id of the request to resend + * @param ike_sa_id identification of the ike_sa as ike_sa_id_t + * @return retransmit_job_t object + */ +retransmit_job_t *retransmit_job_create(u_int32_t message_id, + ike_sa_id_t *ike_sa_id); + +#endif /** RETRANSMIT_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/roam_job.c b/src/libcharon/processing/jobs/roam_job.c new file mode 100644 index 000000000..adc884a8a --- /dev/null +++ b/src/libcharon/processing/jobs/roam_job.c @@ -0,0 +1,106 @@ +/* + * Copyright (C) 2007 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +#include "roam_job.h" + +#include +#include + + +typedef struct private_roam_job_t private_roam_job_t; + +/** + * Private data of an roam_job_t Object + */ +struct private_roam_job_t { + /** + * public roam_job_t interface + */ + roam_job_t public; + + /** + * has the address list changed, or the routing only? + */ + bool address; +}; + +/** + * Implements job_t.destroy. + */ +static void destroy(private_roam_job_t *this) +{ + free(this); +} + +/** + * Implementation of job_t.execute. + */ +static void execute(private_roam_job_t *this) +{ + ike_sa_t *ike_sa; + linked_list_t *list; + ike_sa_id_t *id; + enumerator_t *enumerator; + + /* enumerator over all IKE_SAs gives us no way to checkin_and_destroy + * after a DESTROY_ME, so we check out each available IKE_SA by hand. */ + list = linked_list_create(); + enumerator = charon->ike_sa_manager->create_enumerator(charon->ike_sa_manager); + while (enumerator->enumerate(enumerator, &ike_sa)) + { + id = ike_sa->get_id(ike_sa); + list->insert_last(list, id->clone(id)); + } + enumerator->destroy(enumerator); + + while (list->remove_last(list, (void**)&id) == SUCCESS) + { + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, id); + if (ike_sa) + { + if (ike_sa->roam(ike_sa, this->address) == DESTROY_ME) + { + charon->ike_sa_manager->checkin_and_destroy( + charon->ike_sa_manager, ike_sa); + } + else + { + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + } + } + id->destroy(id); + } + list->destroy(list); + + destroy(this); +} + +/* + * Described in header + */ +roam_job_t *roam_job_create(bool address) +{ + private_roam_job_t *this = malloc_thing(private_roam_job_t); + + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*) (job_t *)) destroy; + + this->address = address; + + return &this->public; +} + diff --git a/src/libcharon/processing/jobs/roam_job.h b/src/libcharon/processing/jobs/roam_job.h new file mode 100644 index 000000000..55bdf2b28 --- /dev/null +++ b/src/libcharon/processing/jobs/roam_job.h @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2007 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup roam_job roam_job + * @{ @ingroup jobs + */ + +#ifndef ROAM_JOB_H_ +#define ROAM_JOB_H_ + +typedef struct roam_job_t roam_job_t; + +#include +#include +#include + +/** + * A job to inform IKE_SAs about changed local address setup. + * + * If a local address appears or disappears, the kernel fires this job to + * update all IKE_SAs. + */ +struct roam_job_t { + + /** + * implements job_t interface + */ + job_t job_interface; +}; + +/** + * Creates a job to inform IKE_SAs about an updated address list. + * + * @param address TRUE if address list changed, FALSE if routing changed + * @return initiate_ike_sa_job_t object + */ +roam_job_t *roam_job_create(bool address); + +#endif /** ROAM_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/send_dpd_job.c b/src/libcharon/processing/jobs/send_dpd_job.c new file mode 100644 index 000000000..1c2da52b8 --- /dev/null +++ b/src/libcharon/processing/jobs/send_dpd_job.c @@ -0,0 +1,88 @@ +/* + * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +#include "send_dpd_job.h" + +#include +#include + + +typedef struct private_send_dpd_job_t private_send_dpd_job_t; + +/** + * Private data of an send_dpd_job_t Object + */ +struct private_send_dpd_job_t { + /** + * public send_dpd_job_t interface + */ + send_dpd_job_t public; + + /** + * ID of the IKE_SA which the message belongs to. + */ + ike_sa_id_t *ike_sa_id; +}; + +/** + * Implements job_t.destroy. + */ +static void destroy(private_send_dpd_job_t *this) +{ + this->ike_sa_id->destroy(this->ike_sa_id); + free(this); +} + +/** + * Implementation of job_t.execute. + */ +static void execute(private_send_dpd_job_t *this) +{ + ike_sa_t *ike_sa; + + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + this->ike_sa_id); + if (ike_sa) + { + if (ike_sa->send_dpd(ike_sa) == DESTROY_ME) + { + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa); + } + else + { + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + } + } + destroy(this); +} + +/* + * Described in header + */ +send_dpd_job_t *send_dpd_job_create(ike_sa_id_t *ike_sa_id) +{ + private_send_dpd_job_t *this = malloc_thing(private_send_dpd_job_t); + + /* interface functions */ + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*) (job_t *)) destroy; + + /* private variables */ + this->ike_sa_id = ike_sa_id->clone(ike_sa_id); + + return &this->public; +} diff --git a/src/libcharon/processing/jobs/send_dpd_job.h b/src/libcharon/processing/jobs/send_dpd_job.h new file mode 100644 index 000000000..8078a38bc --- /dev/null +++ b/src/libcharon/processing/jobs/send_dpd_job.h @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup send_dpd_job send_dpd_job + * @{ @ingroup jobs + */ + +#ifndef SEND_DPD_JOB_H_ +#define SEND_DPD_JOB_H_ + +typedef struct send_dpd_job_t send_dpd_job_t; + +#include +#include +#include + +/** + * Class representing a SEND_DPD Job. + * + * Job to periodically send a Dead Peer Detection (DPD) request, + * ie. an IKE request with no payloads other than the encrypted payload + * required by the syntax. + */ +struct send_dpd_job_t { + /** + * implements job_t interface + */ + job_t job_interface; +}; + +/** + * Creates a job of type SEND_DPD. + * + * @param ike_sa_id identification of the ike_sa as ike_sa_id_t object (gets cloned) + * @return initiate_ike_sa_job_t object + */ +send_dpd_job_t *send_dpd_job_create(ike_sa_id_t *ike_sa_id); + +#endif /** SEND_DPD_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/send_keepalive_job.c b/src/libcharon/processing/jobs/send_keepalive_job.c new file mode 100644 index 000000000..3d02cea2e --- /dev/null +++ b/src/libcharon/processing/jobs/send_keepalive_job.c @@ -0,0 +1,82 @@ +/* + * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +#include "send_keepalive_job.h" + +#include +#include + + +typedef struct private_send_keepalive_job_t private_send_keepalive_job_t; + +/** + * Private data of an send_keepalive_job_t Object + */ +struct private_send_keepalive_job_t { + /** + * public send_keepalive_job_t interface + */ + send_keepalive_job_t public; + + /** + * ID of the IKE_SA which the message belongs to. + */ + ike_sa_id_t *ike_sa_id; +}; + +/** + * Implements job_t.destroy. + */ +static void destroy(private_send_keepalive_job_t *this) +{ + this->ike_sa_id->destroy(this->ike_sa_id); + free(this); +} + +/** + * Implementation of job_t.execute. + */ +static void execute(private_send_keepalive_job_t *this) +{ + ike_sa_t *ike_sa; + + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + this->ike_sa_id); + if (ike_sa) + { + ike_sa->send_keepalive(ike_sa); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + } + destroy(this); +} + +/* + * Described in header + */ +send_keepalive_job_t *send_keepalive_job_create(ike_sa_id_t *ike_sa_id) +{ + private_send_keepalive_job_t *this = malloc_thing(private_send_keepalive_job_t); + + /* interface functions */ + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*) (job_t *)) destroy; + + /* private variables */ + this->ike_sa_id = ike_sa_id->clone(ike_sa_id); + + return &this->public; +} diff --git a/src/libcharon/processing/jobs/send_keepalive_job.h b/src/libcharon/processing/jobs/send_keepalive_job.h new file mode 100644 index 000000000..cda83cd7e --- /dev/null +++ b/src/libcharon/processing/jobs/send_keepalive_job.h @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup send_keepalive_job send_keepalive_job + * @{ @ingroup jobs + */ + +#ifndef SEND_KEEPALIVE_JOB_H_ +#define SEND_KEEPALIVE_JOB_H_ + +typedef struct send_keepalive_job_t send_keepalive_job_t; + +#include +#include +#include + +/** + * Class representing a SEND_KEEPALIVE Job. + * + * This job will send a NAT keepalive packet if the IKE SA is still alive, + * and reinsert itself into the event queue. + */ +struct send_keepalive_job_t { + /** + * implements job_t interface + */ + job_t job_interface; +}; + +/** + * Creates a job of type SEND_KEEPALIVE. + * + * @param ike_sa_id identification of the ike_sa as ike_sa_id_t object (gets cloned) + * @return initiate_ike_sa_job_t object + */ +send_keepalive_job_t *send_keepalive_job_create(ike_sa_id_t *ike_sa_id); + +#endif /** SEND_KEEPALIVE_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/update_sa_job.c b/src/libcharon/processing/jobs/update_sa_job.c new file mode 100644 index 000000000..17dce2548 --- /dev/null +++ b/src/libcharon/processing/jobs/update_sa_job.c @@ -0,0 +1,96 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +#include "update_sa_job.h" + +#include +#include + + +typedef struct private_update_sa_job_t private_update_sa_job_t; + +/** + * Private data of an update_sa_job_t Object + */ +struct private_update_sa_job_t { + /** + * public update_sa_job_t interface + */ + update_sa_job_t public; + + /** + * reqid of the CHILD_SA + */ + u_int32_t reqid; + + /** + * New SA address and port + */ + host_t *new; +}; + +/** + * Implements job_t.destroy. + */ +static void destroy(private_update_sa_job_t *this) +{ + this->new->destroy(this->new); + free(this); +} + +/** + * Implementation of job_t.execute. + */ +static void execute(private_update_sa_job_t *this) +{ + ike_sa_t *ike_sa; + + ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, + this->reqid, TRUE); + if (ike_sa == NULL) + { + DBG1(DBG_JOB, "CHILD_SA with reqid %d not found for update", this->reqid); + } + else + { + /* we update only if other host is NATed, but not our */ + if (ike_sa->has_condition(ike_sa, COND_NAT_THERE) && + !ike_sa->has_condition(ike_sa, COND_NAT_HERE)) + { + ike_sa->update_hosts(ike_sa, NULL, this->new); + } + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + } + destroy(this); +} + +/* + * Described in header + */ +update_sa_job_t *update_sa_job_create(u_int32_t reqid, host_t *new) +{ + private_update_sa_job_t *this = malloc_thing(private_update_sa_job_t); + + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*) (job_t *)) destroy; + + this->reqid = reqid; + this->new = new; + + return &this->public; +} + diff --git a/src/libcharon/processing/jobs/update_sa_job.h b/src/libcharon/processing/jobs/update_sa_job.h new file mode 100644 index 000000000..11d1ac9b6 --- /dev/null +++ b/src/libcharon/processing/jobs/update_sa_job.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup update_sa_job update_sa_job + * @{ @ingroup jobs + */ + +#ifndef UPDATE_SA_JOB_H_ +#define UPDATE_SA_JOB_H_ + +typedef struct update_sa_job_t update_sa_job_t; + +#include +#include +#include + +/** + * Update the addresses of an IKE and its CHILD_SAs. + */ +struct update_sa_job_t { + + /** + * implements job_t interface + */ + job_t job_interface; +}; + +/** + * Creates a job to update IKE and CHILD_SA addresses. + * + * @param reqid reqid of the CHILD_SA + * @param new new address and port + * @return update_sa_job_t object + */ +update_sa_job_t *update_sa_job_create(u_int32_t reqid, host_t *new); + +#endif /** UPDATE_SA_JOB_H_ @}*/ diff --git a/src/libcharon/processing/processor.c b/src/libcharon/processing/processor.c new file mode 100644 index 000000000..d5774af26 --- /dev/null +++ b/src/libcharon/processing/processor.c @@ -0,0 +1,273 @@ +/* + * Copyright (C) 2005-2007 Martin Willi + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include +#include +#include + +#include "processor.h" + +#include +#include +#include +#include +#include + + +typedef struct private_processor_t private_processor_t; + +/** + * Private data of processor_t class. + */ +struct private_processor_t { + /** + * Public processor_t interface. + */ + processor_t public; + + /** + * Number of running threads + */ + u_int total_threads; + + /** + * Desired number of threads + */ + u_int desired_threads; + + /** + * Number of threads waiting for work + */ + u_int idle_threads; + + /** + * All threads managed in the pool (including threads that have been + * cancelled, this allows to join them during destruction) + */ + linked_list_t *threads; + + /** + * The jobs are stored in a linked list + */ + linked_list_t *list; + + /** + * access to linked_list is locked through this mutex + */ + mutex_t *mutex; + + /** + * Condvar to wait for new jobs + */ + condvar_t *job_added; + + /** + * Condvar to wait for terminated threads + */ + condvar_t *thread_terminated; +}; + +static void process_jobs(private_processor_t *this); + +/** + * restart a terminated thread + */ +static void restart(private_processor_t *this) +{ + thread_t *thread; + + DBG2(DBG_JOB, "terminated worker thread, ID: %u", thread_current_id()); + + /* respawn thread if required */ + this->mutex->lock(this->mutex); + if (this->desired_threads < this->total_threads || + (thread = thread_create((thread_main_t)process_jobs, this)) == NULL) + { + this->total_threads--; + this->thread_terminated->signal(this->thread_terminated); + } + else + { + this->threads->insert_last(this->threads, thread); + } + this->mutex->unlock(this->mutex); +} + +/** + * Process queued jobs, called by the worker threads + */ +static void process_jobs(private_processor_t *this) +{ + /* worker threads are not cancellable by default */ + thread_cancelability(FALSE); + + DBG2(DBG_JOB, "started worker thread, ID: %u", thread_current_id()); + + this->mutex->lock(this->mutex); + while (this->desired_threads >= this->total_threads) + { + job_t *job; + + if (this->list->get_count(this->list) == 0) + { + this->idle_threads++; + this->job_added->wait(this->job_added, this->mutex); + this->idle_threads--; + continue; + } + this->list->remove_first(this->list, (void**)&job); + this->mutex->unlock(this->mutex); + /* terminated threads are restarted, so we have a constant pool */ + thread_cleanup_push((thread_cleanup_t)restart, this); + job->execute(job); + thread_cleanup_pop(FALSE); + this->mutex->lock(this->mutex); + } + this->mutex->unlock(this->mutex); + restart(this); +} + +/** + * Implementation of processor_t.get_total_threads. + */ +static u_int get_total_threads(private_processor_t *this) +{ + u_int count; + this->mutex->lock(this->mutex); + count = this->total_threads; + this->mutex->unlock(this->mutex); + return count; +} + +/** + * Implementation of processor_t.get_idle_threads. + */ +static u_int get_idle_threads(private_processor_t *this) +{ + u_int count; + this->mutex->lock(this->mutex); + count = this->idle_threads; + this->mutex->unlock(this->mutex); + return count; +} + +/** + * implements processor_t.get_job_load + */ +static u_int get_job_load(private_processor_t *this) +{ + u_int load; + this->mutex->lock(this->mutex); + load = this->list->get_count(this->list); + this->mutex->unlock(this->mutex); + return load; +} + +/** + * implements function processor_t.queue_job + */ +static void queue_job(private_processor_t *this, job_t *job) +{ + this->mutex->lock(this->mutex); + this->list->insert_last(this->list, job); + this->job_added->signal(this->job_added); + this->mutex->unlock(this->mutex); +} + +/** + * Implementation of processor_t.set_threads. + */ +static void set_threads(private_processor_t *this, u_int count) +{ + this->mutex->lock(this->mutex); + if (count > this->total_threads) + { /* increase thread count */ + int i; + thread_t *current; + + this->desired_threads = count; + DBG1(DBG_JOB, "spawning %d worker threads", count - this->total_threads); + for (i = this->total_threads; i < count; i++) + { + current = thread_create((thread_main_t)process_jobs, this); + if (current) + { + this->threads->insert_last(this->threads, current); + this->total_threads++; + } + } + } + else if (count < this->total_threads) + { /* decrease thread count */ + this->desired_threads = count; + } + this->job_added->broadcast(this->job_added); + this->mutex->unlock(this->mutex); +} + +/** + * Implementation of processor_t.destroy. + */ +static void destroy(private_processor_t *this) +{ + thread_t *current; + set_threads(this, 0); + this->mutex->lock(this->mutex); + while (this->total_threads > 0) + { + this->job_added->broadcast(this->job_added); + this->thread_terminated->wait(this->thread_terminated, this->mutex); + } + while (this->threads->remove_first(this->threads, + (void**)¤t) == SUCCESS) + { + current->join(current); + } + this->mutex->unlock(this->mutex); + this->thread_terminated->destroy(this->thread_terminated); + this->job_added->destroy(this->job_added); + this->mutex->destroy(this->mutex); + this->list->destroy_offset(this->list, offsetof(job_t, destroy)); + this->threads->destroy(this->threads); + free(this); +} + +/* + * Described in header. + */ +processor_t *processor_create(size_t pool_size) +{ + private_processor_t *this = malloc_thing(private_processor_t); + + this->public.get_total_threads = (u_int(*)(processor_t*))get_total_threads; + this->public.get_idle_threads = (u_int(*)(processor_t*))get_idle_threads; + this->public.get_job_load = (u_int(*)(processor_t*))get_job_load; + this->public.queue_job = (void(*)(processor_t*, job_t*))queue_job; + this->public.set_threads = (void(*)(processor_t*, u_int))set_threads; + this->public.destroy = (void(*)(processor_t*))destroy; + + this->list = linked_list_create(); + this->threads = linked_list_create(); + this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); + this->job_added = condvar_create(CONDVAR_TYPE_DEFAULT); + this->thread_terminated = condvar_create(CONDVAR_TYPE_DEFAULT); + this->total_threads = 0; + this->desired_threads = 0; + this->idle_threads = 0; + + return &this->public; +} + diff --git a/src/libcharon/processing/processor.h b/src/libcharon/processing/processor.h new file mode 100644 index 000000000..5bf8cf573 --- /dev/null +++ b/src/libcharon/processing/processor.h @@ -0,0 +1,94 @@ +/* + * Copyright (C) 2005-2007 Martin Willi + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup processor processor + * @{ @ingroup processing + */ + +#ifndef PROCESSOR_H_ +#define PROCESSOR_H_ + +typedef struct processor_t processor_t; + +#include + +#include +#include + +/** + * The processor uses threads to process queued jobs. + */ +struct processor_t { + + /** + * Get the total number of threads used by the processor. + * + * @return size of thread pool + */ + u_int (*get_total_threads) (processor_t *this); + + /** + * Get the number of threads currently waiting. + * + * @return number of idle threads + */ + u_int (*get_idle_threads) (processor_t *this); + + /** + * Get the number of queued jobs. + * + * @returns number of items in queue + */ + u_int (*get_job_load) (processor_t *this); + + /** + * Adds a job to the queue. + * + * This function is non blocking and adds a job_t to the queue. + * + * @param job job to add to the queue + */ + void (*queue_job) (processor_t *this, job_t *job); + + /** + * Set the number of threads to use in the processor. + * + * If the number of threads is smaller than number of currently running + * threads, thread count is decreased. Use 0 to disable the processor. + * This call blocks if it decreases thread count until threads have + * terminated, so make sure there are not too many blocking jobs. + * + * @param count number of threads to allocate + */ + void (*set_threads)(processor_t *this, u_int count); + + /** + * Destroy a processor object. + */ + void (*destroy) (processor_t *processor); +}; + +/** + * Create the thread pool without any threads. + * + * Use the set_threads method to start processing jobs. + * + * @return processor_t object + */ +processor_t *processor_create(); + +#endif /** PROCESSOR_H_ @}*/ diff --git a/src/libcharon/processing/scheduler.c b/src/libcharon/processing/scheduler.c new file mode 100644 index 000000000..345af502a --- /dev/null +++ b/src/libcharon/processing/scheduler.c @@ -0,0 +1,358 @@ +/* + * Copyright (C) 2008 Tobias Brunner + * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +#include "scheduler.h" + +#include +#include +#include +#include +#include +#include + +/* the initial size of the heap */ +#define HEAP_SIZE_DEFAULT 64 + +typedef struct event_t event_t; + +/** + * Event containing a job and a schedule time + */ +struct event_t { + /** + * Time to fire the event. + */ + timeval_t time; + + /** + * Every event has its assigned job. + */ + job_t *job; +}; + +/** + * destroy an event and its job + */ +static void event_destroy(event_t *event) +{ + event->job->destroy(event->job); + free(event); +} + +typedef struct private_scheduler_t private_scheduler_t; + +/** + * Private data of a scheduler_t object. + */ +struct private_scheduler_t { + + /** + * Public part of a scheduler_t object. + */ + scheduler_t public; + + /** + * Job which queues scheduled jobs to the processor. + */ + callback_job_t *job; + + /** + * The heap in which the events are stored. + */ + event_t **heap; + + /** + * The size of the heap. + */ + u_int heap_size; + + /** + * The number of scheduled events. + */ + u_int event_count; + + /** + * Exclusive access to list + */ + mutex_t *mutex; + + /** + * Condvar to wait for next job. + */ + condvar_t *condvar; +}; + +/** + * Comparse two timevals, return >0 if a > b, <0 if a < b and =0 if equal + */ +static int timeval_cmp(timeval_t *a, timeval_t *b) +{ + if (a->tv_sec > b->tv_sec) + { + return 1; + } + if (a->tv_sec < b->tv_sec) + { + return -1; + } + if (a->tv_usec > b->tv_usec) + { + return 1; + } + if (a->tv_usec < b->tv_usec) + { + return -1; + } + return 0; +} + +/** + * Returns the top event without removing it. Returns NULL if the heap is empty. + */ +static event_t *peek_event(private_scheduler_t *this) +{ + return this->event_count > 0 ? this->heap[1] : NULL; +} + +/** + * Removes the top event from the heap and returns it. Returns NULL if the heap + * is empty. + */ +static event_t *remove_event(private_scheduler_t *this) +{ + event_t *event, *top; + if (!this->event_count) + { + return NULL; + } + + /* store the value to return */ + event = this->heap[1]; + /* move the bottom event to the top */ + top = this->heap[1] = this->heap[this->event_count]; + + if (--this->event_count > 1) + { + /* seep down the top event */ + u_int position = 1; + while ((position << 1) <= this->event_count) + { + u_int child = position << 1; + + if ((child + 1) <= this->event_count && + timeval_cmp(&this->heap[child + 1]->time, + &this->heap[child]->time) < 0) + { + /* the "right" child is smaller */ + child++; + } + + if (timeval_cmp(&top->time, &this->heap[child]->time) <= 0) + { + /* the top event fires before the smaller of the two children, + * stop */ + break; + } + + /* swap with the smaller child */ + this->heap[position] = this->heap[child]; + position = child; + } + this->heap[position] = top; + } + return event; +} + +/** + * Get events from the queue and pass it to the processor + */ +static job_requeue_t schedule(private_scheduler_t * this) +{ + timeval_t now; + event_t *event; + bool timed = FALSE, oldstate; + + this->mutex->lock(this->mutex); + + time_monotonic(&now); + + if ((event = peek_event(this)) != NULL) + { + if (timeval_cmp(&now, &event->time) >= 0) + { + remove_event(this); + this->mutex->unlock(this->mutex); + DBG2(DBG_JOB, "got event, queuing job for execution"); + charon->processor->queue_job(charon->processor, event->job); + free(event); + return JOB_REQUEUE_DIRECT; + } + timersub(&event->time, &now, &now); + if (now.tv_sec) + { + DBG2(DBG_JOB, "next event in %ds %dms, waiting", + now.tv_sec, now.tv_usec/1000); + } + else + { + DBG2(DBG_JOB, "next event in %dms, waiting", now.tv_usec/1000); + } + timed = TRUE; + } + thread_cleanup_push((thread_cleanup_t)this->mutex->unlock, this->mutex); + oldstate = thread_cancelability(TRUE); + + if (timed) + { + this->condvar->timed_wait_abs(this->condvar, this->mutex, event->time); + } + else + { + DBG2(DBG_JOB, "no events, waiting"); + this->condvar->wait(this->condvar, this->mutex); + } + thread_cancelability(oldstate); + thread_cleanup_pop(TRUE); + return JOB_REQUEUE_DIRECT; +} + +/** + * Implements scheduler_t.get_job_load + */ +static u_int get_job_load(private_scheduler_t *this) +{ + int count; + this->mutex->lock(this->mutex); + count = this->event_count; + this->mutex->unlock(this->mutex); + return count; +} + +/** + * Implements scheduler_t.schedule_job_tv. + */ +static void schedule_job_tv(private_scheduler_t *this, job_t *job, timeval_t tv) +{ + event_t *event; + u_int position; + + event = malloc_thing(event_t); + event->job = job; + event->time = tv; + + this->mutex->lock(this->mutex); + + this->event_count++; + if (this->event_count > this->heap_size) + { + /* double the size of the heap */ + this->heap_size <<= 1; + this->heap = (event_t**)realloc(this->heap, + (this->heap_size + 1) * sizeof(event_t*)); + } + /* "put" the event to the bottom */ + position = this->event_count; + + /* then bubble it up */ + while (position > 1 && timeval_cmp(&this->heap[position >> 1]->time, + &event->time) > 0) + { + /* parent has to be fired after the new event, move up */ + this->heap[position] = this->heap[position >> 1]; + position >>= 1; + } + this->heap[position] = event; + + this->condvar->signal(this->condvar); + this->mutex->unlock(this->mutex); +} + +/** + * Implements scheduler_t.schedule_job. + */ +static void schedule_job(private_scheduler_t *this, job_t *job, u_int32_t s) +{ + timeval_t tv; + + time_monotonic(&tv); + tv.tv_sec += s; + + schedule_job_tv(this, job, tv); +} + +/** + * Implements scheduler_t.schedule_job_ms. + */ +static void schedule_job_ms(private_scheduler_t *this, job_t *job, u_int32_t ms) +{ + timeval_t tv, add; + + time_monotonic(&tv); + add.tv_sec = ms / 1000; + add.tv_usec = (ms % 1000) * 1000; + + timeradd(&tv, &add, &tv); + + schedule_job_tv(this, job, tv); +} + +/** + * Implementation of scheduler_t.destroy. + */ +static void destroy(private_scheduler_t *this) +{ + event_t *event; + this->job->cancel(this->job); + this->condvar->destroy(this->condvar); + this->mutex->destroy(this->mutex); + while ((event = remove_event(this)) != NULL) + { + event_destroy(event); + } + free(this->heap); + free(this); +} + +/* + * Described in header. + */ +scheduler_t * scheduler_create() +{ + private_scheduler_t *this = malloc_thing(private_scheduler_t); + + this->public.get_job_load = (u_int (*) (scheduler_t *this)) get_job_load; + this->public.schedule_job = (void (*) (scheduler_t *this, job_t *job, u_int32_t s)) schedule_job; + this->public.schedule_job_ms = (void (*) (scheduler_t *this, job_t *job, u_int32_t ms)) schedule_job_ms; + this->public.schedule_job_tv = (void (*) (scheduler_t *this, job_t *job, timeval_t tv)) schedule_job_tv; + this->public.destroy = (void(*)(scheduler_t*)) destroy; + + /* Note: the root of the heap is at index 1 */ + this->event_count = 0; + this->heap_size = HEAP_SIZE_DEFAULT; + this->heap = (event_t**)calloc(this->heap_size + 1, sizeof(event_t*)); + + this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); + this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT); + + this->job = callback_job_create((callback_job_cb_t)schedule, this, NULL, NULL); + charon->processor->queue_job(charon->processor, (job_t*)this->job); + + return &this->public; +} + diff --git a/src/libcharon/processing/scheduler.h b/src/libcharon/processing/scheduler.h new file mode 100644 index 000000000..5f5d2a563 --- /dev/null +++ b/src/libcharon/processing/scheduler.h @@ -0,0 +1,130 @@ +/* + * Copyright (C) 2009 Tobias Brunner + * Copyright (C) 2005-2007 Martin Willi + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup scheduler scheduler + * @{ @ingroup processing + */ + +#ifndef SCHEDULER_H_ +#define SCHEDULER_H_ + +typedef struct scheduler_t scheduler_t; + +#include +#include + +/** + * The scheduler queues timed events which are then passed to the processor. + * + * The scheduler is implemented as a heap. A heap is a special kind of tree- + * based data structure that satisfies the following property: if B is a child + * node of A, then key(A) >= (or <=) key(B). So either the element with the + * greatest (max-heap) or the smallest (min-heap) key is the root of the heap. + * We use a min-heap whith the key being the absolute unix time at which an + * event is scheduled. So the root is always the event that will fire next. + * + * An earlier implementation of the scheduler used a sorted linked list to store + * the events. That had the advantage that removing the next event was extremely + * fast, also, adding an event scheduled before or after all other events was + * equally fast (all in O(1)). The problem was, though, that adding an event + * in-between got slower, as the number of events grew larger (O(n)). + * For each connection there could be several events: IKE-rekey, NAT-keepalive, + * retransmissions, expire (half-open), and others. So a gateway that probably + * has to handle thousands of concurrent connnections has to be able to queue a + * large number of events as fast as possible. Locking makes this even worse, to + * provide thread-safety, no events can be processed, while an event is queued, + * so making the insertion fast is even more important. + * + * That's the advantage of the heap. Adding an element to the heap can be + * achieved in O(log n) - on the other hand, removing the root node also + * requires O(log n) operations. Consider 10000 queued events. Inserting a new + * event in the list implementation required up to 10000 comparisons. In the + * heap implementation, the worst case is about 13.3 comparisons. That's a + * drastic improvement. + * + * The implementation itself uses a binary tree mapped to a one-based array to + * store the elements. This reduces storage overhead and simplifies navigation: + * the children of the node at position n are at position 2n and 2n+1 (likewise + * the parent node of the node at position n is at position [n/2]). Thus, + * navigating up and down the tree is reduced to simple index computations. + * + * Adding an element to the heap works as follows: The heap is always filled + * from left to right, until a row is full, then the next row is filled. Mapped + * to an array this gets as simple as putting the new element to the first free + * position. In a one-based array that position equals the number of elements + * currently stored in the heap. Then the heap property has to be restored, i.e. + * the new element has to be "bubbled up" the tree until the parent node's key + * is smaller or the element got the new root of the tree. + * + * Removing the next event from the heap works similarly. The event itself is + * the root node and stored at position 1 of the array. After removing it, the + * root has to be replaced and the heap property has to be restored. This is + * done by moving the bottom element (last row, rightmost element) to the root + * and then "seep it down" by swapping it with child nodes until none of the + * children has a smaller key or it is again a leaf node. + */ +struct scheduler_t { + + /** + * Adds a event to the queue, using a relative time offset in s. + * + * @param job job to schedule + * @param time relative time to schedule job, in s + */ + void (*schedule_job) (scheduler_t *this, job_t *job, u_int32_t s); + + /** + * Adds a event to the queue, using a relative time offset in ms. + * + * @param job job to schedule + * @param time relative time to schedule job, in ms + */ + void (*schedule_job_ms) (scheduler_t *this, job_t *job, u_int32_t ms); + + /** + * Adds a event to the queue, using an absolut time. + * + * The passed timeval should be calculated based on the time_monotonic() + * function. + * + * @param job job to schedule + * @param time absolut time to schedule job + */ + void (*schedule_job_tv) (scheduler_t *this, job_t *job, timeval_t tv); + + /** + * Returns number of jobs scheduled. + * + * @return number of scheduled jobs + */ + u_int (*get_job_load) (scheduler_t *this); + + /** + * Destroys a scheduler object. + */ + void (*destroy) (scheduler_t *this); +}; + +/** + * Create a scheduler. + * + * @return scheduler_t object + */ +scheduler_t *scheduler_create(void); + +#endif /** SCHEDULER_H_ @}*/ -- cgit v1.2.3 From f73fba54dc8b30c6482e1e8abf15bbf455592fcd Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Sun, 28 Nov 2010 11:42:20 +0000 Subject: [svn-upgrade] new version strongswan (4.5.0) --- Android.mk | 2 +- ChangeLog | 2 +- Doxyfile.in | 7 +- Makefile.am | 2 +- Makefile.in | 24 +- NEWS | 73 +- README | 5 +- TODO | 2 +- aclocal.m4 | 153 +- config.guess | 149 +- config.sub | 47 +- configure | 2988 ++++++++++++++------ configure.in | 328 ++- m4/macros/add-plugin.m4 | 10 + man/Makefile.am | 11 + man/Makefile.in | 507 ++++ man/ipsec.conf.5 | 1358 +++++++++ man/ipsec.conf.5.in | 1358 +++++++++ man/ipsec.secrets.5 | 176 ++ man/ipsec.secrets.5.in | 176 ++ man/strongswan.conf.5 | 910 ++++++ man/strongswan.conf.5.in | 910 ++++++ scripts/Makefile.am | 16 +- scripts/Makefile.in | 52 +- scripts/crypt_burn.c | 102 + scripts/key2keyid.c | 4 +- scripts/pubkey_speed.c | 10 +- src/Makefile.am | 4 + src/Makefile.in | 53 +- src/_copyright/Makefile.in | 20 +- src/_copyright/_copyright.c | 5 + src/_updown/Makefile.in | 20 +- src/_updown/_updown.in | 2 +- src/_updown_espmark/Makefile.in | 20 +- src/_updown_espmark/_updown_espmark | 2 +- src/charon/Makefile.in | 20 +- src/charon/charon.c | 4 +- src/checksum/Makefile.am | 12 +- src/checksum/Makefile.in | 31 +- src/checksum/checksum_builder.c | 205 +- src/dumm/Makefile.in | 20 +- src/dumm/cowfs.c | 256 +- src/dumm/cowfs.h | 24 +- src/dumm/dumm.c | 157 +- src/dumm/dumm.h | 41 +- src/dumm/ext/dumm.c | 152 +- src/dumm/ext/lib/dumm.rb | 6 +- src/dumm/ext/lib/dumm/guest.rb | 21 +- src/dumm/guest.c | 47 +- src/dumm/guest.h | 25 +- src/include/Makefile.in | 20 +- src/ipsec/Makefile.in | 20 +- src/ipsec/ipsec.8 | 2 +- src/libcharon/Android.mk | 16 +- src/libcharon/Makefile.am | 151 +- src/libcharon/Makefile.in | 484 ++-- src/libcharon/bus/bus.c | 3 +- src/libcharon/bus/listeners/file_logger.c | 35 +- src/libcharon/bus/listeners/file_logger.h | 3 +- src/libcharon/bus/listeners/sys_logger.c | 28 +- src/libcharon/bus/listeners/sys_logger.h | 3 +- src/libcharon/config/child_cfg.c | 9 - src/libcharon/config/child_cfg.h | 53 +- src/libcharon/config/proposal.c | 205 +- src/libcharon/config/proposal.h | 10 +- src/libcharon/daemon.c | 44 +- src/libcharon/daemon.h | 32 +- src/libcharon/encoding/generator.c | 80 +- src/libcharon/encoding/generator.h | 26 +- src/libcharon/encoding/message.c | 973 +++---- src/libcharon/encoding/message.h | 48 +- src/libcharon/encoding/payloads/delete_payload.c | 213 +- src/libcharon/encoding/payloads/delete_payload.h | 9 +- .../encoding/payloads/encryption_payload.c | 610 ++-- .../encoding/payloads/encryption_payload.h | 118 +- src/libcharon/encoding/payloads/notify_payload.c | 56 +- src/libcharon/encoding/payloads/notify_payload.h | 24 +- .../encoding/payloads/proposal_substructure.c | 321 +-- .../encoding/payloads/proposal_substructure.h | 33 +- src/libcharon/encoding/payloads/sa_payload.c | 277 +- src/libcharon/encoding/payloads/sa_payload.h | 22 +- src/libcharon/kernel/kernel_handler.c | 163 ++ src/libcharon/kernel/kernel_handler.h | 50 + src/libcharon/kernel/kernel_interface.c | 388 --- src/libcharon/kernel/kernel_interface.h | 408 --- src/libcharon/kernel/kernel_ipsec.c | 29 - src/libcharon/kernel/kernel_ipsec.h | 292 -- src/libcharon/kernel/kernel_net.h | 143 - src/libcharon/network/receiver.c | 29 +- src/libcharon/network/sender.c | 2 +- src/libcharon/network/socket.h | 21 +- src/libcharon/network/socket_manager.c | 63 +- src/libcharon/network/socket_manager.h | 14 +- src/libcharon/plugins/addrblock/Makefile.in | 20 +- src/libcharon/plugins/addrblock/addrblock_plugin.c | 6 +- src/libcharon/plugins/android/Makefile.in | 20 +- src/libcharon/plugins/android/android_plugin.c | 6 +- src/libcharon/plugins/android/android_service.c | 4 +- src/libcharon/plugins/dhcp/Makefile.in | 20 +- src/libcharon/plugins/dhcp/dhcp_plugin.c | 6 +- src/libcharon/plugins/dhcp/dhcp_socket.c | 25 +- src/libcharon/plugins/eap_aka/Makefile.in | 20 +- src/libcharon/plugins/eap_aka_3gpp2/Makefile.in | 20 +- src/libcharon/plugins/eap_gtc/Makefile.in | 20 +- src/libcharon/plugins/eap_identity/Makefile.in | 20 +- src/libcharon/plugins/eap_identity/eap_identity.c | 115 +- src/libcharon/plugins/eap_identity/eap_identity.h | 2 +- .../plugins/eap_identity/eap_identity_plugin.c | 15 +- src/libcharon/plugins/eap_md5/Makefile.in | 20 +- src/libcharon/plugins/eap_md5/eap_md5.c | 120 +- src/libcharon/plugins/eap_md5/eap_md5.h | 2 +- src/libcharon/plugins/eap_md5/eap_md5_plugin.c | 15 +- src/libcharon/plugins/eap_mschapv2/Makefile.in | 20 +- src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c | 10 +- src/libcharon/plugins/eap_radius/Makefile.in | 20 +- src/libcharon/plugins/eap_radius/eap_radius.c | 91 +- src/libcharon/plugins/eap_radius/eap_radius.h | 2 +- .../plugins/eap_radius/eap_radius_plugin.c | 6 +- src/libcharon/plugins/eap_radius/radius_server.h | 1 + src/libcharon/plugins/eap_sim/Makefile.in | 20 +- src/libcharon/plugins/eap_sim_file/Makefile.in | 20 +- .../plugins/eap_simaka_pseudonym/Makefile.in | 20 +- .../plugins/eap_simaka_reauth/Makefile.in | 20 +- src/libcharon/plugins/eap_simaka_sql/Makefile.in | 20 +- .../plugins/eap_simaka_sql/eap_simaka_sql_plugin.c | 6 +- src/libcharon/plugins/eap_tls/Makefile.am | 17 + src/libcharon/plugins/eap_tls/Makefile.in | 605 ++++ src/libcharon/plugins/eap_tls/eap_tls.c | 155 + src/libcharon/plugins/eap_tls/eap_tls.h | 59 + src/libcharon/plugins/eap_tls/eap_tls_plugin.c | 52 + src/libcharon/plugins/eap_tls/eap_tls_plugin.h | 47 + src/libcharon/plugins/eap_tnc/Makefile.am | 17 + src/libcharon/plugins/eap_tnc/Makefile.in | 605 ++++ src/libcharon/plugins/eap_tnc/eap_tnc.c | 156 + src/libcharon/plugins/eap_tnc/eap_tnc.h | 57 + src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c | 51 + src/libcharon/plugins/eap_tnc/eap_tnc_plugin.h | 42 + src/libcharon/plugins/eap_ttls/Makefile.am | 21 + src/libcharon/plugins/eap_ttls/Makefile.in | 615 ++++ src/libcharon/plugins/eap_ttls/eap_ttls.c | 165 ++ src/libcharon/plugins/eap_ttls/eap_ttls.h | 59 + src/libcharon/plugins/eap_ttls/eap_ttls_avp.c | 187 ++ src/libcharon/plugins/eap_ttls/eap_ttls_avp.h | 68 + src/libcharon/plugins/eap_ttls/eap_ttls_peer.c | 316 +++ src/libcharon/plugins/eap_ttls/eap_ttls_peer.h | 47 + src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c | 52 + src/libcharon/plugins/eap_ttls/eap_ttls_plugin.h | 47 + src/libcharon/plugins/eap_ttls/eap_ttls_server.c | 365 +++ src/libcharon/plugins/eap_ttls/eap_ttls_server.h | 47 + src/libcharon/plugins/farp/Makefile.in | 20 +- src/libcharon/plugins/farp/farp_plugin.c | 6 +- src/libcharon/plugins/farp/farp_spoofer.c | 2 +- src/libcharon/plugins/ha/Makefile.in | 20 +- src/libcharon/plugins/ha/ha_cache.c | 2 +- src/libcharon/plugins/ha/ha_ctl.c | 12 +- src/libcharon/plugins/ha/ha_dispatcher.c | 6 +- src/libcharon/plugins/ha/ha_kernel.c | 5 + src/libcharon/plugins/ha/ha_plugin.c | 6 +- src/libcharon/plugins/ha/ha_segments.c | 8 +- src/libcharon/plugins/ha/ha_socket.c | 2 +- src/libcharon/plugins/kernel_klips/Makefile.am | 17 - src/libcharon/plugins/kernel_klips/Makefile.in | 590 ---- .../plugins/kernel_klips/kernel_klips_ipsec.c | 2660 ----------------- .../plugins/kernel_klips/kernel_klips_ipsec.h | 46 - .../plugins/kernel_klips/kernel_klips_plugin.c | 56 - .../plugins/kernel_klips/kernel_klips_plugin.h | 42 - src/libcharon/plugins/kernel_klips/pfkeyv2.h | 322 --- src/libcharon/plugins/kernel_netlink/Makefile.am | 20 - src/libcharon/plugins/kernel_netlink/Makefile.in | 597 ---- .../plugins/kernel_netlink/kernel_netlink_ipsec.c | 2265 --------------- .../plugins/kernel_netlink/kernel_netlink_ipsec.h | 46 - .../plugins/kernel_netlink/kernel_netlink_net.c | 1506 ---------- .../plugins/kernel_netlink/kernel_netlink_net.h | 46 - .../plugins/kernel_netlink/kernel_netlink_plugin.c | 59 - .../plugins/kernel_netlink/kernel_netlink_plugin.h | 42 - .../plugins/kernel_netlink/kernel_netlink_shared.c | 306 -- .../plugins/kernel_netlink/kernel_netlink_shared.h | 77 - src/libcharon/plugins/kernel_pfkey/Makefile.am | 17 - src/libcharon/plugins/kernel_pfkey/Makefile.in | 590 ---- .../plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 2210 --------------- .../plugins/kernel_pfkey/kernel_pfkey_ipsec.h | 46 - .../plugins/kernel_pfkey/kernel_pfkey_plugin.c | 56 - .../plugins/kernel_pfkey/kernel_pfkey_plugin.h | 42 - src/libcharon/plugins/kernel_pfroute/Makefile.am | 17 - src/libcharon/plugins/kernel_pfroute/Makefile.in | 590 ---- .../plugins/kernel_pfroute/kernel_pfroute_net.c | 729 ----- .../plugins/kernel_pfroute/kernel_pfroute_net.h | 46 - .../plugins/kernel_pfroute/kernel_pfroute_plugin.c | 58 - .../plugins/kernel_pfroute/kernel_pfroute_plugin.h | 42 - src/libcharon/plugins/led/Makefile.am | 16 + src/libcharon/plugins/led/Makefile.in | 601 ++++ src/libcharon/plugins/led/led_listener.c | 241 ++ src/libcharon/plugins/led/led_listener.h | 49 + src/libcharon/plugins/led/led_plugin.c | 67 + src/libcharon/plugins/led/led_plugin.h | 42 + src/libcharon/plugins/load_tester/Makefile.in | 20 +- .../plugins/load_tester/load_tester_ipsec.c | 15 +- .../plugins/load_tester/load_tester_listener.c | 2 +- .../plugins/load_tester/load_tester_plugin.c | 7 +- src/libcharon/plugins/maemo/Makefile.am | 23 + src/libcharon/plugins/maemo/Makefile.in | 631 +++++ src/libcharon/plugins/maemo/maemo_plugin.c | 70 + src/libcharon/plugins/maemo/maemo_plugin.h | 42 + src/libcharon/plugins/maemo/maemo_service.c | 510 ++++ src/libcharon/plugins/maemo/maemo_service.h | 49 + .../plugins/maemo/org.strongswan.charon.service | 4 + src/libcharon/plugins/medcli/Makefile.in | 20 +- src/libcharon/plugins/medcli/medcli_config.c | 30 +- src/libcharon/plugins/medsrv/Makefile.in | 20 +- src/libcharon/plugins/nm/Makefile.in | 20 +- src/libcharon/plugins/nm/nm_creds.c | 97 +- src/libcharon/plugins/nm/nm_creds.h | 17 + src/libcharon/plugins/nm/nm_plugin.c | 2 +- src/libcharon/plugins/nm/nm_service.c | 108 +- src/libcharon/plugins/smp/Makefile.in | 20 +- src/libcharon/plugins/smp/smp.c | 4 +- src/libcharon/plugins/socket_default/Makefile.in | 20 +- .../plugins/socket_default/socket_default_plugin.c | 25 +- .../plugins/socket_default/socket_default_socket.c | 35 +- .../plugins/socket_default/socket_default_socket.h | 4 - src/libcharon/plugins/socket_dynamic/Makefile.in | 20 +- .../plugins/socket_dynamic/socket_dynamic_plugin.c | 25 +- .../plugins/socket_dynamic/socket_dynamic_socket.c | 35 +- .../plugins/socket_dynamic/socket_dynamic_socket.h | 4 - src/libcharon/plugins/socket_raw/Makefile.in | 20 +- .../plugins/socket_raw/socket_raw_plugin.c | 25 +- .../plugins/socket_raw/socket_raw_socket.c | 42 +- .../plugins/socket_raw/socket_raw_socket.h | 4 - src/libcharon/plugins/sql/Makefile.am | 3 - src/libcharon/plugins/sql/Makefile.in | 23 +- src/libcharon/plugins/stroke/Makefile.in | 20 +- src/libcharon/plugins/stroke/stroke_config.c | 25 +- src/libcharon/plugins/stroke/stroke_control.c | 2 +- src/libcharon/plugins/stroke/stroke_cred.c | 715 +++-- src/libcharon/plugins/stroke/stroke_list.c | 41 +- src/libcharon/plugins/stroke/stroke_socket.c | 59 +- src/libcharon/plugins/tnc_imc/Makefile.am | 19 + src/libcharon/plugins/tnc_imc/Makefile.in | 603 ++++ src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c | 57 + src/libcharon/plugins/tnc_imc/tnc_imc_plugin.h | 42 + src/libcharon/plugins/tnc_imv/Makefile.am | 19 + src/libcharon/plugins/tnc_imv/Makefile.in | 603 ++++ src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c | 54 + src/libcharon/plugins/tnc_imv/tnc_imv_plugin.h | 42 + src/libcharon/plugins/tnccs_11/Makefile.am | 21 + src/libcharon/plugins/tnccs_11/Makefile.in | 607 ++++ src/libcharon/plugins/tnccs_11/tnccs_11.c | 328 +++ src/libcharon/plugins/tnccs_11/tnccs_11.h | 36 + src/libcharon/plugins/tnccs_11/tnccs_11_plugin.c | 47 + src/libcharon/plugins/tnccs_11/tnccs_11_plugin.h | 42 + src/libcharon/plugins/tnccs_20/Makefile.am | 21 + src/libcharon/plugins/tnccs_20/Makefile.in | 607 ++++ src/libcharon/plugins/tnccs_20/tnccs_20.c | 103 + src/libcharon/plugins/tnccs_20/tnccs_20.h | 36 + src/libcharon/plugins/tnccs_20/tnccs_20_plugin.c | 47 + src/libcharon/plugins/tnccs_20/tnccs_20_plugin.h | 42 + src/libcharon/plugins/uci/Makefile.in | 20 +- src/libcharon/plugins/uci/uci_control.c | 2 +- src/libcharon/plugins/unit_tester/Makefile.in | 20 +- .../plugins/unit_tester/tests/test_cert.c | 4 +- .../plugins/unit_tester/tests/test_rsa_gen.c | 6 +- src/libcharon/plugins/updown/Makefile.in | 20 +- src/libcharon/plugins/updown/updown_listener.c | 5 +- src/libcharon/processing/jobs/acquire_job.h | 2 +- src/libcharon/processing/jobs/callback_job.c | 271 -- src/libcharon/processing/jobs/callback_job.h | 118 - .../processing/jobs/delete_child_sa_job.h | 2 +- src/libcharon/processing/jobs/delete_ike_sa_job.h | 2 +- src/libcharon/processing/jobs/inactivity_job.c | 10 +- src/libcharon/processing/jobs/inactivity_job.h | 2 +- .../processing/jobs/initiate_mediation_job.h | 2 +- src/libcharon/processing/jobs/job.h | 52 - src/libcharon/processing/jobs/mediation_job.h | 2 +- src/libcharon/processing/jobs/migrate_job.h | 2 +- .../processing/jobs/process_message_job.h | 2 +- src/libcharon/processing/jobs/rekey_child_sa_job.h | 2 +- src/libcharon/processing/jobs/rekey_ike_sa_job.h | 2 +- src/libcharon/processing/jobs/retransmit_job.h | 2 +- src/libcharon/processing/jobs/roam_job.h | 2 +- src/libcharon/processing/jobs/send_dpd_job.h | 2 +- src/libcharon/processing/jobs/send_keepalive_job.h | 2 +- src/libcharon/processing/jobs/update_sa_job.h | 2 +- src/libcharon/processing/processor.c | 273 -- src/libcharon/processing/processor.h | 94 - src/libcharon/processing/scheduler.c | 358 --- src/libcharon/processing/scheduler.h | 130 - src/libcharon/sa/authenticators/eap/eap_manager.c | 54 +- src/libcharon/sa/authenticators/eap/eap_method.c | 47 - src/libcharon/sa/authenticators/eap/eap_method.h | 30 +- .../sa/authenticators/eap_authenticator.c | 122 +- .../sa/authenticators/pubkey_authenticator.c | 6 +- src/libcharon/sa/child_sa.c | 532 ++-- src/libcharon/sa/connect_manager.c | 14 +- src/libcharon/sa/ike_sa.c | 237 +- src/libcharon/sa/ike_sa.h | 8 + src/libcharon/sa/ike_sa_manager.c | 5 +- src/libcharon/sa/ike_sa_manager.h | 2 + src/libcharon/sa/keymat.c | 348 +-- src/libcharon/sa/keymat.h | 15 +- src/libcharon/sa/mediation_manager.c | 2 +- src/libcharon/sa/task_manager.c | 21 +- src/libcharon/sa/tasks/child_create.c | 4 +- src/libcharon/sa/tasks/child_delete.c | 17 +- src/libcharon/sa/tasks/child_rekey.c | 31 +- src/libcharon/sa/tasks/ike_auth.c | 12 +- src/libcharon/sa/tasks/ike_init.c | 2 +- src/libcharon/sa/tasks/ike_me.c | 10 +- src/libcharon/sa/tasks/ike_mobike.c | 215 +- src/libcharon/sa/tasks/ike_mobike.h | 5 + src/libcharon/sa/tasks/ike_natd.c | 41 +- src/libcharon/sa/tasks/ike_rekey.c | 83 +- src/libcharon/sa/tasks/ike_vendor.c | 14 +- src/libcharon/sa/trap_manager.c | 5 +- src/libcharon/tnccs/tnccs.c | 22 + src/libcharon/tnccs/tnccs.h | 52 + src/libcharon/tnccs/tnccs_manager.c | 148 + src/libcharon/tnccs/tnccs_manager.h | 74 + src/libfast/Makefile.in | 20 +- src/libfreeswan/Makefile.am | 1 + src/libfreeswan/Makefile.in | 21 +- src/libhydra/Android.mk | 12 +- src/libhydra/Makefile.am | 34 +- src/libhydra/Makefile.in | 77 +- src/libhydra/attributes/mem_pool.c | 301 +- src/libhydra/hydra.c | 2 + src/libhydra/hydra.h | 9 + src/libhydra/kernel/kernel_interface.c | 522 ++++ src/libhydra/kernel/kernel_interface.h | 476 ++++ src/libhydra/kernel/kernel_ipsec.c | 37 + src/libhydra/kernel/kernel_ipsec.h | 368 +++ src/libhydra/kernel/kernel_listener.h | 96 + src/libhydra/kernel/kernel_net.h | 145 + src/libhydra/plugins/attr/Makefile.am | 3 +- src/libhydra/plugins/attr/Makefile.in | 24 +- src/libhydra/plugins/attr_sql/Makefile.am | 2 +- src/libhydra/plugins/attr_sql/Makefile.in | 22 +- src/libhydra/plugins/kernel_klips/Makefile.am | 16 + src/libhydra/plugins/kernel_klips/Makefile.in | 604 ++++ .../plugins/kernel_klips/kernel_klips_ipsec.c | 2643 +++++++++++++++++ .../plugins/kernel_klips/kernel_klips_ipsec.h | 46 + .../plugins/kernel_klips/kernel_klips_plugin.c | 58 + .../plugins/kernel_klips/kernel_klips_plugin.h | 42 + src/libhydra/plugins/kernel_klips/pfkeyv2.h | 322 +++ src/libhydra/plugins/kernel_netlink/Makefile.am | 21 + src/libhydra/plugins/kernel_netlink/Makefile.in | 614 ++++ .../plugins/kernel_netlink/kernel_netlink_ipsec.c | 2221 +++++++++++++++ .../plugins/kernel_netlink/kernel_netlink_ipsec.h | 46 + .../plugins/kernel_netlink/kernel_netlink_net.c | 1578 +++++++++++ .../plugins/kernel_netlink/kernel_netlink_net.h | 46 + .../plugins/kernel_netlink/kernel_netlink_plugin.c | 63 + .../plugins/kernel_netlink/kernel_netlink_plugin.h | 42 + .../plugins/kernel_netlink/kernel_netlink_shared.c | 306 ++ .../plugins/kernel_netlink/kernel_netlink_shared.h | 77 + src/libhydra/plugins/kernel_pfkey/Makefile.am | 17 + src/libhydra/plugins/kernel_pfkey/Makefile.in | 606 ++++ .../plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 2178 ++++++++++++++ .../plugins/kernel_pfkey/kernel_pfkey_ipsec.h | 46 + .../plugins/kernel_pfkey/kernel_pfkey_plugin.c | 58 + .../plugins/kernel_pfkey/kernel_pfkey_plugin.h | 42 + src/libhydra/plugins/kernel_pfroute/Makefile.am | 17 + src/libhydra/plugins/kernel_pfroute/Makefile.in | 606 ++++ .../plugins/kernel_pfroute/kernel_pfroute_net.c | 742 +++++ .../plugins/kernel_pfroute/kernel_pfroute_net.h | 46 + .../plugins/kernel_pfroute/kernel_pfroute_plugin.c | 58 + .../plugins/kernel_pfroute/kernel_pfroute_plugin.h | 42 + src/libhydra/plugins/resolve/Makefile.am | 3 +- src/libhydra/plugins/resolve/Makefile.in | 24 +- src/libsimaka/Makefile.in | 20 +- src/libsimaka/simaka_message.c | 9 +- src/libstrongswan/Android.mk | 12 +- src/libstrongswan/Makefile.am | 43 +- src/libstrongswan/Makefile.in | 188 +- src/libstrongswan/asn1/oid.c | 370 +-- src/libstrongswan/asn1/oid.h | 173 +- src/libstrongswan/asn1/oid.txt | 2 + src/libstrongswan/chunk.c | 28 +- src/libstrongswan/chunk.h | 6 +- src/libstrongswan/credentials/auth_cfg.c | 65 +- src/libstrongswan/credentials/auth_cfg.h | 32 +- src/libstrongswan/credentials/builder.c | 6 +- src/libstrongswan/credentials/builder.h | 18 +- src/libstrongswan/credentials/credential_factory.c | 76 +- src/libstrongswan/credentials/credential_factory.h | 18 +- src/libstrongswan/credentials/credential_manager.c | 43 +- src/libstrongswan/credentials/keys/private_key.h | 10 +- src/libstrongswan/credentials/keys/public_key.c | 10 + src/libstrongswan/credentials/keys/public_key.h | 36 +- src/libstrongswan/credentials/sets/callback_cred.c | 144 + src/libstrongswan/credentials/sets/callback_cred.h | 67 + src/libstrongswan/credentials/sets/mem_cred.c | 433 +++ src/libstrongswan/credentials/sets/mem_cred.h | 77 + src/libstrongswan/crypto/aead.c | 162 ++ src/libstrongswan/crypto/aead.h | 119 + src/libstrongswan/crypto/crypters/crypter.c | 23 +- src/libstrongswan/crypto/crypters/crypter.h | 39 +- src/libstrongswan/crypto/crypto_factory.c | 507 ++-- src/libstrongswan/crypto/crypto_factory.h | 54 +- src/libstrongswan/crypto/crypto_tester.c | 614 +++- src/libstrongswan/crypto/crypto_tester.h | 60 +- src/libstrongswan/crypto/diffie_hellman.c | 24 +- src/libstrongswan/crypto/diffie_hellman.h | 10 + src/libstrongswan/crypto/prfs/prf.c | 7 +- src/libstrongswan/crypto/prfs/prf.h | 8 +- .../crypto/proposal/proposal_keywords.c | 254 +- .../crypto/proposal/proposal_keywords.txt | 22 + src/libstrongswan/crypto/signers/signer.c | 9 +- src/libstrongswan/crypto/signers/signer.h | 10 + src/libstrongswan/crypto/transform.c | 7 +- src/libstrongswan/crypto/transform.h | 1 + src/libstrongswan/debug.c | 4 + src/libstrongswan/debug.h | 4 + src/libstrongswan/eap/eap.c | 131 + src/libstrongswan/eap/eap.h | 89 + src/libstrongswan/enum.c | 29 +- src/libstrongswan/enum.h | 18 + src/libstrongswan/library.c | 4 + src/libstrongswan/library.h | 18 + src/libstrongswan/plugins/aes/Makefile.in | 20 +- src/libstrongswan/plugins/aes/aes_crypter.c | 109 +- src/libstrongswan/plugins/aes/aes_crypter.h | 4 +- src/libstrongswan/plugins/aes/aes_plugin.c | 18 +- src/libstrongswan/plugins/agent/Makefile.in | 20 +- src/libstrongswan/plugins/agent/agent_plugin.c | 18 +- .../plugins/agent/agent_private_key.c | 103 +- .../plugins/agent/agent_private_key.h | 2 +- src/libstrongswan/plugins/blowfish/Makefile.in | 20 +- .../plugins/blowfish/blowfish_crypter.c | 78 +- .../plugins/blowfish/blowfish_crypter.h | 4 +- .../plugins/blowfish/blowfish_plugin.c | 18 +- src/libstrongswan/plugins/ccm/Makefile.am | 16 + src/libstrongswan/plugins/ccm/Makefile.in | 600 ++++ src/libstrongswan/plugins/ccm/ccm_aead.c | 397 +++ src/libstrongswan/plugins/ccm/ccm_aead.h | 51 + src/libstrongswan/plugins/ccm/ccm_plugin.c | 69 + src/libstrongswan/plugins/ccm/ccm_plugin.h | 42 + src/libstrongswan/plugins/ctr/Makefile.am | 16 + src/libstrongswan/plugins/ctr/Makefile.in | 600 ++++ src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c | 173 ++ src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.h | 54 + src/libstrongswan/plugins/ctr/ctr_plugin.c | 65 + src/libstrongswan/plugins/ctr/ctr_plugin.h | 42 + src/libstrongswan/plugins/curl/Makefile.in | 20 +- src/libstrongswan/plugins/curl/curl_fetcher.c | 10 +- src/libstrongswan/plugins/des/Makefile.in | 20 +- src/libstrongswan/plugins/des/des_crypter.c | 114 +- src/libstrongswan/plugins/des/des_crypter.h | 4 +- src/libstrongswan/plugins/des/des_plugin.c | 16 +- src/libstrongswan/plugins/dnskey/Makefile.in | 20 +- src/libstrongswan/plugins/dnskey/dnskey_plugin.c | 4 +- src/libstrongswan/plugins/fips_prf/Makefile.in | 20 +- src/libstrongswan/plugins/gcm/Makefile.am | 16 + src/libstrongswan/plugins/gcm/Makefile.in | 600 ++++ src/libstrongswan/plugins/gcm/gcm_aead.c | 425 +++ src/libstrongswan/plugins/gcm/gcm_aead.h | 51 + src/libstrongswan/plugins/gcm/gcm_plugin.c | 63 + src/libstrongswan/plugins/gcm/gcm_plugin.h | 42 + src/libstrongswan/plugins/gcrypt/Makefile.in | 20 +- src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c | 136 +- src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h | 2 +- src/libstrongswan/plugins/gcrypt/gcrypt_dh.c | 113 +- src/libstrongswan/plugins/gcrypt/gcrypt_dh.h | 11 + src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c | 50 +- src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h | 2 +- src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c | 32 +- src/libstrongswan/plugins/gcrypt/gcrypt_rng.c | 37 +- .../plugins/gcrypt/gcrypt_rsa_private_key.c | 116 +- .../plugins/gcrypt/gcrypt_rsa_private_key.h | 2 +- .../plugins/gcrypt/gcrypt_rsa_public_key.c | 98 +- .../plugins/gcrypt/gcrypt_rsa_public_key.h | 2 +- src/libstrongswan/plugins/gmp/Makefile.in | 20 +- src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c | 106 +- src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h | 11 + src/libstrongswan/plugins/gmp/gmp_plugin.c | 27 +- .../plugins/gmp/gmp_rsa_private_key.c | 127 +- .../plugins/gmp/gmp_rsa_private_key.h | 2 +- src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 111 +- src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h | 2 +- src/libstrongswan/plugins/hmac/Makefile.in | 20 +- src/libstrongswan/plugins/hmac/hmac.c | 58 +- src/libstrongswan/plugins/hmac/hmac_plugin.c | 20 +- src/libstrongswan/plugins/hmac/hmac_prf.c | 77 +- src/libstrongswan/plugins/hmac/hmac_prf.h | 4 +- src/libstrongswan/plugins/hmac/hmac_signer.c | 108 +- src/libstrongswan/plugins/hmac/hmac_signer.h | 7 +- src/libstrongswan/plugins/ldap/Makefile.in | 20 +- src/libstrongswan/plugins/md4/Makefile.in | 20 +- src/libstrongswan/plugins/md5/Makefile.in | 20 +- src/libstrongswan/plugins/mysql/Makefile.in | 20 +- src/libstrongswan/plugins/openssl/Makefile.in | 20 +- src/libstrongswan/plugins/openssl/openssl_crl.c | 17 +- .../plugins/openssl/openssl_crypter.c | 174 +- .../plugins/openssl/openssl_crypter.h | 4 +- .../plugins/openssl/openssl_diffie_hellman.c | 72 +- .../plugins/openssl/openssl_diffie_hellman.h | 5 +- .../plugins/openssl/openssl_ec_diffie_hellman.c | 59 +- .../plugins/openssl/openssl_ec_private_key.c | 114 +- .../plugins/openssl/openssl_ec_private_key.h | 2 +- .../plugins/openssl/openssl_ec_public_key.c | 104 +- .../plugins/openssl/openssl_ec_public_key.h | 2 +- src/libstrongswan/plugins/openssl/openssl_hasher.c | 50 +- src/libstrongswan/plugins/openssl/openssl_hasher.h | 4 +- src/libstrongswan/plugins/openssl/openssl_plugin.c | 72 +- .../plugins/openssl/openssl_rsa_private_key.c | 229 +- .../plugins/openssl/openssl_rsa_private_key.h | 2 +- .../plugins/openssl/openssl_rsa_public_key.c | 123 +- .../plugins/openssl/openssl_rsa_public_key.h | 2 +- .../plugins/openssl/openssl_sha1_prf.c | 16 +- src/libstrongswan/plugins/openssl/openssl_x509.c | 57 +- src/libstrongswan/plugins/padlock/Makefile.in | 20 +- .../plugins/padlock/padlock_aes_crypter.c | 79 +- .../plugins/padlock/padlock_aes_crypter.h | 4 +- src/libstrongswan/plugins/padlock/padlock_plugin.c | 18 +- src/libstrongswan/plugins/padlock/padlock_rng.c | 46 +- .../plugins/padlock/padlock_sha1_hasher.c | 55 +- .../plugins/padlock/padlock_sha1_hasher.h | 2 +- src/libstrongswan/plugins/pem/Makefile.in | 20 +- src/libstrongswan/plugins/pem/pem_builder.c | 93 +- src/libstrongswan/plugins/pem/pem_plugin.c | 38 +- src/libstrongswan/plugins/pgp/Makefile.in | 20 +- src/libstrongswan/plugins/pgp/pgp_builder.c | 2 +- src/libstrongswan/plugins/pgp/pgp_plugin.c | 10 +- src/libstrongswan/plugins/pkcs1/Makefile.in | 20 +- src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c | 6 +- src/libstrongswan/plugins/pkcs11/Makefile.am | 21 + src/libstrongswan/plugins/pkcs11/Makefile.in | 614 ++++ src/libstrongswan/plugins/pkcs11/pkcs11.h | 1357 +++++++++ src/libstrongswan/plugins/pkcs11/pkcs11_creds.c | 249 ++ src/libstrongswan/plugins/pkcs11/pkcs11_creds.h | 68 + src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c | 323 +++ src/libstrongswan/plugins/pkcs11/pkcs11_hasher.h | 47 + src/libstrongswan/plugins/pkcs11/pkcs11_library.c | 869 ++++++ src/libstrongswan/plugins/pkcs11/pkcs11_library.h | 110 + src/libstrongswan/plugins/pkcs11/pkcs11_manager.c | 407 +++ src/libstrongswan/plugins/pkcs11/pkcs11_manager.h | 78 + src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c | 176 ++ src/libstrongswan/plugins/pkcs11/pkcs11_plugin.h | 42 + .../plugins/pkcs11/pkcs11_private_key.c | 600 ++++ .../plugins/pkcs11/pkcs11_private_key.h | 63 + .../plugins/pkcs11/pkcs11_public_key.c | 473 ++++ .../plugins/pkcs11/pkcs11_public_key.h | 49 + src/libstrongswan/plugins/plugin_loader.c | 6 +- src/libstrongswan/plugins/pubkey/Makefile.in | 20 +- src/libstrongswan/plugins/pubkey/pubkey_plugin.c | 2 +- src/libstrongswan/plugins/random/Makefile.in | 20 +- src/libstrongswan/plugins/revocation/Makefile.in | 20 +- .../plugins/revocation/revocation_plugin.c | 6 +- src/libstrongswan/plugins/sha1/Makefile.in | 20 +- src/libstrongswan/plugins/sha2/Makefile.in | 20 +- src/libstrongswan/plugins/sqlite/Makefile.in | 20 +- src/libstrongswan/plugins/test_vectors/Makefile.am | 5 + src/libstrongswan/plugins/test_vectors/Makefile.in | 74 +- .../plugins/test_vectors/test_vectors.h | 41 + .../plugins/test_vectors/test_vectors/aes_ccm.c | 157 + .../plugins/test_vectors/test_vectors/aes_ctr.c | 148 + .../plugins/test_vectors/test_vectors/aes_gcm.c | 139 + .../test_vectors/test_vectors/camellia_ctr.c | 148 + .../test_vectors/test_vectors/camellia_xcbc.c | 58 + .../plugins/test_vectors/test_vectors_plugin.c | 16 + src/libstrongswan/plugins/x509/Makefile.in | 20 +- src/libstrongswan/plugins/x509/x509_cert.c | 52 +- src/libstrongswan/plugins/x509/x509_pkcs10.c | 2 +- src/libstrongswan/plugins/x509/x509_plugin.c | 20 +- src/libstrongswan/plugins/xcbc/Makefile.in | 20 +- src/libstrongswan/plugins/xcbc/xcbc.c | 110 +- src/libstrongswan/plugins/xcbc/xcbc_plugin.c | 28 +- src/libstrongswan/plugins/xcbc/xcbc_prf.c | 61 +- src/libstrongswan/plugins/xcbc/xcbc_prf.h | 4 +- src/libstrongswan/plugins/xcbc/xcbc_signer.c | 77 +- src/libstrongswan/plugins/xcbc/xcbc_signer.h | 4 +- src/libstrongswan/printf_hook.c | 100 +- src/libstrongswan/printf_hook.h | 6 +- src/libstrongswan/processing/jobs/callback_job.c | 271 ++ src/libstrongswan/processing/jobs/callback_job.h | 118 + src/libstrongswan/processing/jobs/job.h | 52 + src/libstrongswan/processing/processor.c | 273 ++ src/libstrongswan/processing/processor.h | 94 + src/libstrongswan/processing/scheduler.c | 358 +++ src/libstrongswan/processing/scheduler.h | 130 + src/libstrongswan/settings.c | 128 +- src/libstrongswan/settings.h | 5 +- src/libstrongswan/utils.c | 2 +- src/libstrongswan/utils.h | 22 + src/libstrongswan/utils/identification.c | 24 +- src/libstrongswan/utils/leak_detective.c | 5 + src/libstrongswan/utils/linked_list.h | 34 +- src/libtls/Makefile.am | 18 + src/libtls/Makefile.in | 559 ++++ src/libtls/tls.c | 481 ++++ src/libtls/tls.h | 236 ++ src/libtls/tls_alert.c | 228 ++ src/libtls/tls_alert.h | 126 + src/libtls/tls_application.h | 63 + src/libtls/tls_compression.c | 72 + src/libtls/tls_compression.h | 80 + src/libtls/tls_crypto.c | 1674 +++++++++++ src/libtls/tls_crypto.h | 554 ++++ src/libtls/tls_eap.c | 379 +++ src/libtls/tls_eap.h | 81 + src/libtls/tls_fragmentation.c | 471 +++ src/libtls/tls_fragmentation.h | 88 + src/libtls/tls_handshake.h | 90 + src/libtls/tls_peer.c | 1099 +++++++ src/libtls/tls_peer.h | 54 + src/libtls/tls_prf.c | 190 ++ src/libtls/tls_prf.h | 72 + src/libtls/tls_protection.c | 333 +++ src/libtls/tls_protection.h | 98 + src/libtls/tls_reader.c | 200 ++ src/libtls/tls_reader.h | 131 + src/libtls/tls_server.c | 1032 +++++++ src/libtls/tls_server.h | 55 + src/libtls/tls_socket.c | 219 ++ src/libtls/tls_socket.h | 75 + src/libtls/tls_writer.c | 237 ++ src/libtls/tls_writer.h | 136 + src/manager/Makefile.am | 2 +- src/manager/Makefile.in | 22 +- src/medsrv/Makefile.am | 2 +- src/medsrv/Makefile.in | 22 +- src/openac/Makefile.am | 2 +- src/openac/Makefile.in | 22 +- src/openac/openac.c | 12 +- src/pki/Makefile.am | 2 +- src/pki/Makefile.in | 22 +- src/pki/commands/issue.c | 34 +- src/pki/commands/print.c | 61 +- src/pki/commands/pub.c | 18 +- src/pki/commands/req.c | 2 +- src/pki/commands/self.c | 19 +- src/pki/commands/signcrl.c | 32 +- src/pki/pki.c | 67 + src/pluto/Makefile.am | 16 +- src/pluto/Makefile.in | 129 +- src/pluto/alg_info.c | 2 +- src/pluto/builder.c | 4 +- src/pluto/certs.c | 99 +- src/pluto/certs.h | 2 - src/pluto/connections.c | 85 +- src/pluto/connections.h | 4 +- src/pluto/constants.c | 10 +- src/pluto/constants.h | 21 +- src/pluto/crypto.c | 347 +-- src/pluto/crypto.h | 7 + src/pluto/defs.h | 15 - src/pluto/demux.c | 15 +- src/pluto/event_queue.c | 195 ++ src/pluto/event_queue.h | 69 + src/pluto/ike_alg.c | 12 +- src/pluto/ipsec.secrets.5 | 175 -- src/pluto/ipsec.secrets.5.in | 175 -- src/pluto/ipsec_doi.c | 9 +- src/pluto/kernel.c | 2236 +++++---------- src/pluto/kernel.h | 80 +- src/pluto/kernel_alg.c | 78 +- src/pluto/kernel_alg.h | 1 - src/pluto/kernel_netlink.c | 1319 --------- src/pluto/kernel_netlink.h | 18 - src/pluto/kernel_noklips.c | 124 - src/pluto/kernel_noklips.h | 17 - src/pluto/kernel_pfkey.c | 862 ++---- src/pluto/kernel_pfkey.h | 17 +- src/pluto/keys.c | 127 +- src/pluto/log.c | 3 - src/pluto/modecfg.c | 2 +- src/pluto/nat_traversal.c | 108 +- src/pluto/nat_traversal.h | 14 +- src/pluto/pkcs7.c | 8 +- src/pluto/plugins/xauth/Makefile.in | 20 +- src/pluto/pluto.8 | 95 +- src/pluto/pluto.c | 2 + src/pluto/pluto.h | 7 + src/pluto/plutomain.c | 46 +- src/pluto/server.c | 54 +- src/pluto/smartcard.c | 26 +- src/pluto/spdb.c | 6 +- src/pluto/state.c | 56 +- src/pluto/state.h | 3 - src/pluto/timer.c | 7 - src/pluto/x509.c | 2 +- src/scepclient/Makefile.am | 2 +- src/scepclient/Makefile.in | 22 +- src/scepclient/scepclient.c | 4 +- src/starter/Makefile.am | 11 +- src/starter/Makefile.in | 97 +- src/starter/README | 5 +- src/starter/args.c | 1 + src/starter/confread.c | 37 +- src/starter/confread.h | 12 +- src/starter/interfaces.c | 4 +- src/starter/ipsec.conf.5 | 1330 --------- src/starter/ipsec.conf.5.in | 1330 --------- src/starter/keywords.c | 321 +-- src/starter/keywords.h | 3 +- src/starter/keywords.txt | 1 + src/starter/starterstroke.c | 12 +- src/starter/starterwhack.c | 2 +- src/stroke/Makefile.in | 20 +- src/stroke/stroke.c | 55 +- src/stroke/stroke_keywords.c | 19 +- src/stroke/stroke_keywords.h | 4 +- src/stroke/stroke_keywords.txt | 1 + src/stroke/stroke_msg.h | 19 + src/whack/Makefile.am | 1 + src/whack/Makefile.in | 21 +- src/whack/whack.c | 7 +- testing/INSTALL | 14 +- testing/Makefile.am | 2 +- testing/Makefile.in | 22 +- testing/do-tests.in | 106 +- testing/hosts/alice/etc/init.d/radiusd | 64 + testing/hosts/alice/etc/ipsec.conf | 1 + testing/hosts/alice/etc/raddb/certs/aaaCert.pem | 25 + testing/hosts/alice/etc/raddb/certs/aaaKey.pem | 27 + testing/hosts/alice/etc/raddb/certs/dh | 5 + testing/hosts/alice/etc/raddb/certs/random | Bin 0 -> 1024 bytes .../hosts/alice/etc/raddb/certs/strongswanCert.pem | 22 + testing/hosts/alice/etc/strongswan.conf | 2 +- testing/hosts/bob/etc/ipsec.conf | 1 + testing/hosts/bob/etc/strongswan.conf | 2 +- testing/hosts/carol/etc/ipsec.conf | 1 + testing/hosts/carol/etc/strongswan.conf | 2 +- testing/hosts/dave/etc/ipsec.conf | 1 + testing/hosts/dave/etc/strongswan.conf | 2 +- testing/hosts/moon/etc/ipsec.conf | 1 + testing/hosts/moon/etc/strongswan.conf | 2 +- testing/hosts/sun/etc/ipsec.conf | 1 + testing/hosts/sun/etc/strongswan.conf | 2 +- testing/hosts/venus/etc/ipsec.conf | 1 + testing/hosts/venus/etc/strongswan.conf | 2 +- testing/hosts/winnetou/etc/openssl/index.txt | 1 + testing/hosts/winnetou/etc/openssl/index.txt.old | 1 + testing/hosts/winnetou/etc/openssl/newcerts/22.pem | 25 + testing/hosts/winnetou/etc/openssl/serial | 2 +- testing/hosts/winnetou/etc/openssl/serial.old | 2 +- testing/scripts/build-umlkernel | 4 +- testing/scripts/build-umlrootfs | 48 +- testing/scripts/gstart-umls | 2 +- testing/scripts/load-testconfig | 16 +- testing/scripts/restore-defaults | 2 +- testing/ssh_config | 10 + testing/testing.conf | 22 +- .../alg-camellia/hosts/carol/etc/ipsec.conf | 1 + .../alg-camellia/hosts/carol/etc/strongswan.conf | 2 +- .../alg-camellia/hosts/moon/etc/ipsec.conf | 1 + .../alg-camellia/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/gcrypt-ikev1/alg-camellia/test.conf | 4 +- .../alg-serpent/hosts/carol/etc/ipsec.conf | 1 + .../alg-serpent/hosts/carol/etc/strongswan.conf | 2 +- .../alg-serpent/hosts/moon/etc/ipsec.conf | 1 + .../alg-serpent/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/gcrypt-ikev1/alg-serpent/test.conf | 4 +- .../alg-twofish/hosts/carol/etc/ipsec.conf | 1 + .../alg-twofish/hosts/carol/etc/strongswan.conf | 2 +- .../alg-twofish/hosts/moon/etc/ipsec.conf | 1 + .../alg-twofish/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/gcrypt-ikev1/alg-twofish/test.conf | 4 +- .../rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../rw-cert/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/gcrypt-ikev2/alg-camellia/test.conf | 4 +- .../rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../rw-cert/hosts/moon/etc/strongswan.conf | 2 +- .../ike/rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../tests/ike/rw-cert/hosts/dave/etc/ipsec.conf | 2 +- .../tests/ike/rw-cert/hosts/moon/etc/ipsec.conf | 1 + .../ike/rw-cert/hosts/moon/etc/strongswan.conf | 2 +- .../rw_v1-net_v2/hosts/moon/etc/strongswan.conf | 2 +- .../after-2038-certs/hosts/carol/etc/ipsec.conf | 1 + .../after-2038-certs/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf | 1 + .../alg-blowfish/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf | 1 + .../alg-blowfish/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev1/alg-blowfish/test.conf | 4 +- .../ikev1/alg-sha256-96/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/alg-sha256-96/hosts/moon/etc/ipsec.conf | 1 + testing/tests/ikev1/alg-sha256-96/test.conf | 4 +- .../ikev1/alg-sha256/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/alg-sha256/hosts/moon/etc/ipsec.conf | 1 + testing/tests/ikev1/alg-sha256/test.conf | 4 +- .../ikev1/alg-sha384/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/alg-sha384/hosts/moon/etc/ipsec.conf | 1 + testing/tests/ikev1/alg-sha384/test.conf | 4 +- .../ikev1/alg-sha512/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/alg-sha512/hosts/moon/etc/ipsec.conf | 1 + testing/tests/ikev1/alg-sha512/test.conf | 4 +- .../ikev1/attr-cert/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/attr-cert/hosts/dave/etc/ipsec.conf | 1 + .../ikev1/attr-cert/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/attr-cert/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/compress/hosts/carol/etc/ipsec.conf | 1 + .../tests/ikev1/compress/hosts/moon/etc/ipsec.conf | 1 + testing/tests/ikev1/compress/test.conf | 4 +- .../crl-from-cache/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/crl-from-cache/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/crl-ldap/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/crl-ldap/hosts/carol/etc/strongswan.conf | 2 +- .../tests/ikev1/crl-ldap/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/crl-ldap/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/crl-revoked/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/crl-revoked/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/crl-strict/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/crl-strict/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/crl-to-cache/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/crl-to-cache/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/default-keys/hosts/carol/etc/ipsec.conf | 1 + .../default-keys/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/default-keys/hosts/moon/etc/ipsec.conf | 1 + .../default-keys/hosts/moon/etc/strongswan.conf | 2 +- .../double-nat-net/hosts/alice/etc/ipsec.conf | 1 + .../ikev1/double-nat-net/hosts/bob/etc/ipsec.conf | 1 + .../ikev1/double-nat/hosts/alice/etc/ipsec.conf | 1 + .../ikev1/dpd-clear/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/dpd-restart/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/dpd-restart/hosts/moon/etc/ipsec.conf | 1 + .../dynamic-initiator/hosts/carol/etc/ipsec.conf | 1 + .../dynamic-initiator/hosts/dave/etc/ipsec.conf | 1 + .../dynamic-initiator/hosts/moon/etc/ipsec.conf | 1 + .../dynamic-responder/hosts/carol/etc/ipsec.conf | 1 + .../dynamic-responder/hosts/dave/etc/ipsec.conf | 1 + .../dynamic-responder/hosts/moon/etc/ipsec.conf | 1 + .../dynamic-two-peers/hosts/carol/etc/ipsec.conf | 1 + .../dynamic-two-peers/hosts/dave/etc/ipsec.conf | 1 + .../dynamic-two-peers/hosts/moon/etc/ipsec.conf | 1 + .../esp-ah-transport/hosts/carol/etc/ipsec.conf | 1 + .../esp-ah-transport/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/esp-ah-tunnel/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/esp-ah-tunnel/hosts/moon/etc/ipsec.conf | 1 + testing/tests/ikev1/esp-ah-tunnel/test.conf | 4 +- testing/tests/ikev1/esp-alg-aes-ccm/test.conf | 4 +- testing/tests/ikev1/esp-alg-aes-ctr/test.conf | 4 +- testing/tests/ikev1/esp-alg-aes-gcm/test.conf | 4 +- testing/tests/ikev1/esp-alg-aes-gmac/test.conf | 4 +- .../esp-alg-aesxcbc/hosts/carol/etc/ipsec.conf | 1 + .../esp-alg-aesxcbc/hosts/moon/etc/ipsec.conf | 1 + testing/tests/ikev1/esp-alg-aesxcbc/test.conf | 4 +- .../ikev1/esp-alg-des/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/esp-alg-des/hosts/moon/etc/ipsec.conf | 1 + testing/tests/ikev1/esp-alg-des/test.conf | 4 +- .../ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf | 1 + testing/tests/ikev1/esp-alg-null/test.conf | 4 +- .../esp-alg-strict-fail/hosts/carol/etc/ipsec.conf | 1 + .../esp-alg-strict-fail/hosts/moon/etc/ipsec.conf | 1 + .../esp-alg-strict/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/esp-alg-weak/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/esp-alg-weak/hosts/moon/etc/ipsec.conf | 1 + .../host2host-swapped/hosts/moon/etc/ipsec.conf | 1 + .../host2host-swapped/hosts/sun/etc/ipsec.conf | 1 + .../host2host-transport/hosts/moon/etc/ipsec.conf | 1 + .../host2host-transport/hosts/sun/etc/ipsec.conf | 1 + .../ike-alg-strict-fail/hosts/carol/etc/ipsec.conf | 1 + .../ike-alg-strict-fail/hosts/moon/etc/ipsec.conf | 1 + .../ike-alg-strict/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf | 1 + .../hosts/carol/etc/strongswan.conf | 2 +- .../ip-pool-db-push/hosts/dave/etc/strongswan.conf | 2 +- .../ip-pool-db-push/hosts/moon/etc/strongswan.conf | 2 +- .../ip-pool-db/hosts/carol/etc/strongswan.conf | 2 +- .../ip-pool-db/hosts/dave/etc/strongswan.conf | 2 +- .../ip-pool-db/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/ip-pool/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/ip-pool/hosts/dave/etc/strongswan.conf | 2 +- .../ikev1/ip-pool/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/alice/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../ip-two-pools/hosts/alice/etc/strongswan.conf | 2 +- .../ip-two-pools/hosts/carol/etc/strongswan.conf | 2 +- .../ip-two-pools/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/ipsec.conf | 1 + .../mode-config-multiple/hosts/dave/etc/ipsec.conf | 1 + .../mode-config-multiple/hosts/moon/etc/ipsec.conf | 1 + .../hosts/moon/etc/strongswan.conf | 2 +- .../mode-config-push/hosts/carol/etc/ipsec.conf | 1 + .../hosts/carol/etc/strongswan.conf | 2 +- .../mode-config-push/hosts/dave/etc/ipsec.conf | 1 + .../hosts/dave/etc/strongswan.conf | 2 +- .../mode-config-push/hosts/moon/etc/ipsec.conf | 1 + .../hosts/moon/etc/strongswan.conf | 2 +- .../mode-config-swapped/hosts/carol/etc/ipsec.conf | 1 + .../mode-config-swapped/hosts/dave/etc/ipsec.conf | 1 + .../mode-config-swapped/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/mode-config/hosts/carol/etc/ipsec.conf | 1 + .../mode-config/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/mode-config/hosts/dave/etc/ipsec.conf | 1 + .../mode-config/hosts/dave/etc/strongswan.conf | 2 +- .../ikev1/mode-config/hosts/moon/etc/ipsec.conf | 1 + .../mode-config/hosts/moon/etc/strongswan.conf | 2 +- .../multi-level-ca-ldap/hosts/carol/etc/ipsec.conf | 1 + .../hosts/carol/etc/strongswan.conf | 2 +- .../multi-level-ca-ldap/hosts/dave/etc/ipsec.conf | 1 + .../hosts/dave/etc/strongswan.conf | 2 +- .../multi-level-ca-ldap/hosts/moon/etc/ipsec.conf | 1 + .../hosts/moon/etc/strongswan.conf | 2 +- .../multi-level-ca-loop/hosts/carol/etc/ipsec.conf | 1 + .../multi-level-ca-loop/hosts/moon/etc/ipsec.conf | 1 + .../hosts/carol/etc/ipsec.conf | 1 + .../hosts/moon/etc/ipsec.conf | 1 + .../hosts/carol/etc/ipsec.conf | 1 + .../hosts/moon/etc/ipsec.conf | 1 + .../hosts/carol/etc/ipsec.conf | 1 + .../hosts/dave/etc/ipsec.conf | 1 + .../hosts/moon/etc/ipsec.conf | 1 + .../multi-level-ca/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf | 1 + .../ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/nat-before-esp/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/nat-before-esp/hosts/sun/etc/ipsec.conf | 1 + .../tests/ikev1/nat-two-rw-mark/description.txt | 16 + testing/tests/ikev1/nat-two-rw-mark/evaltest.dat | 18 + .../nat-two-rw-mark/hosts/alice/etc/ipsec.conf | 27 + .../ikev1/nat-two-rw-mark/hosts/sun/etc/ipsec.conf | 36 + .../nat-two-rw-mark/hosts/sun/etc/mark_updown | 527 ++++ .../nat-two-rw-mark/hosts/venus/etc/ipsec.conf | 27 + testing/tests/ikev1/nat-two-rw-mark/posttest.dat | 11 + testing/tests/ikev1/nat-two-rw-mark/pretest.dat | 21 + testing/tests/ikev1/nat-two-rw-mark/test.conf | 21 + .../nat-two-rw-psk/hosts/alice/etc/ipsec.conf | 1 + .../nat-two-rw-psk/hosts/alice/etc/strongswan.conf | 2 +- .../ikev1/nat-two-rw-psk/hosts/sun/etc/ipsec.conf | 1 + .../nat-two-rw-psk/hosts/sun/etc/strongswan.conf | 2 +- .../nat-two-rw-psk/hosts/venus/etc/ipsec.conf | 1 + .../nat-two-rw-psk/hosts/venus/etc/strongswan.conf | 2 +- .../ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.conf | 1 + .../net2net-pgp-v3/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.conf | 1 + .../net2net-pgp-v3/hosts/sun/etc/strongswan.conf | 2 +- .../ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.conf | 1 + .../net2net-pgp-v4/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.conf | 1 + .../net2net-pgp-v4/hosts/sun/etc/strongswan.conf | 2 +- .../net2net-psk-fail/hosts/moon/etc/ipsec.conf | 1 + .../hosts/moon/etc/strongswan.conf | 2 +- .../net2net-psk-fail/hosts/sun/etc/ipsec.conf | 1 + .../net2net-psk-fail/hosts/sun/etc/strongswan.conf | 2 +- .../ikev1/net2net-psk/hosts/moon/etc/ipsec.conf | 1 + .../net2net-psk/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/net2net-psk/hosts/sun/etc/ipsec.conf | 1 + .../net2net-psk/hosts/sun/etc/strongswan.conf | 2 +- .../ikev1/net2net-route/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/net2net-rsa/hosts/moon/etc/ipsec.conf | 1 + .../net2net-rsa/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/net2net-rsa/hosts/sun/etc/ipsec.conf | 1 + .../net2net-rsa/hosts/sun/etc/strongswan.conf | 2 +- .../tests/ikev1/net2net-same-nets/description.txt | 15 + testing/tests/ikev1/net2net-same-nets/evaltest.dat | 10 + .../net2net-same-nets/hosts/moon/etc/ipsec.conf | 25 + .../net2net-same-nets/hosts/sun/etc/ipsec.conf | 27 + .../net2net-same-nets/hosts/sun/etc/mark_updown | 376 +++ testing/tests/ikev1/net2net-same-nets/posttest.dat | 7 + testing/tests/ikev1/net2net-same-nets/pretest.dat | 6 + testing/tests/ikev1/net2net-same-nets/test.conf | 21 + .../ikev1/net2net-start/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/ocsp-revoked/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/ocsp-revoked/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/ocsp-strict/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/ocsp-strict/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/passthrough/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/passthrough/hosts/sun/etc/ipsec.conf | 1 + .../protoport-dual/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/protoport-dual/hosts/moon/etc/ipsec.conf | 1 + .../protoport-pass/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/protoport-pass/hosts/moon/etc/ipsec.conf | 1 + .../protoport-route/hosts/carol/etc/ipsec.conf | 1 + .../protoport-route/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/req-pkcs10/hosts/carol/etc/ipsec.conf | 1 + .../req-pkcs10/hosts/carol/etc/strongswan.conf | 2 +- .../req-pkcs10/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/rw-cert/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev1/rw-mark-in-out/description.txt | 16 + testing/tests/ikev1/rw-mark-in-out/evaltest.dat | 18 + .../rw-mark-in-out/hosts/alice/etc/init.d/iptables | 77 + .../rw-mark-in-out/hosts/alice/etc/ipsec.conf | 26 + .../ikev1/rw-mark-in-out/hosts/sun/etc/ipsec.conf | 37 + .../ikev1/rw-mark-in-out/hosts/sun/etc/mark_updown | 527 ++++ .../rw-mark-in-out/hosts/venus/etc/init.d/iptables | 77 + .../rw-mark-in-out/hosts/venus/etc/ipsec.conf | 26 + testing/tests/ikev1/rw-mark-in-out/posttest.dat | 12 + testing/tests/ikev1/rw-mark-in-out/pretest.dat | 18 + testing/tests/ikev1/rw-mark-in-out/test.conf | 21 + .../rw-psk-fqdn-named/hosts/carol/etc/ipsec.conf | 1 + .../hosts/carol/etc/strongswan.conf | 2 +- .../rw-psk-fqdn-named/hosts/moon/etc/ipsec.conf | 1 + .../hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/rw-psk-fqdn/hosts/carol/etc/ipsec.conf | 1 + .../rw-psk-fqdn/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/rw-psk-fqdn/hosts/moon/etc/ipsec.conf | 1 + .../rw-psk-fqdn/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/rw-psk-ipv4/hosts/carol/etc/ipsec.conf | 1 + .../rw-psk-ipv4/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/rw-psk-ipv4/hosts/moon/etc/ipsec.conf | 1 + .../rw-psk-ipv4/hosts/moon/etc/strongswan.conf | 2 +- .../rw-psk-no-policy/hosts/carol/etc/ipsec.conf | 1 + .../hosts/carol/etc/strongswan.conf | 2 +- .../rw-psk-no-policy/hosts/moon/etc/ipsec.conf | 1 + .../hosts/moon/etc/strongswan.conf | 2 +- .../rw-psk-rsa-mixed/hosts/carol/etc/ipsec.conf | 1 + .../rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf | 1 + .../rw-rsa-no-policy/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/self-signed/hosts/carol/etc/ipsec.conf | 1 + .../self-signed/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/self-signed/hosts/moon/etc/ipsec.conf | 1 + .../self-signed/hosts/moon/etc/strongswan.conf | 2 +- .../starter-also-loop/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/starter-also/hosts/moon/etc/ipsec.conf | 1 + .../starter-includes/hosts/carol/etc/ipsec.conf | 1 + .../starter-includes/hosts/dave/etc/ipsec.conf | 1 + .../hosts/moon/etc/ipsec.connections | 1 + .../ikev1/strong-certs/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/strong-certs/hosts/dave/etc/ipsec.conf | 1 + .../ikev1/strong-certs/hosts/moon/etc/ipsec.conf | 1 + .../virtual-ip-swapped/hosts/carol/etc/ipsec.conf | 1 + .../virtual-ip-swapped/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/virtual-ip/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/virtual-ip/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/wildcards/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/wildcards/hosts/dave/etc/ipsec.conf | 1 + .../ikev1/wildcards/hosts/moon/etc/ipsec.conf | 1 + .../tests/ikev1/wlan/hosts/alice/etc/ipsec.conf | 1 + testing/tests/ikev1/wlan/hosts/moon/etc/ipsec.conf | 1 + .../tests/ikev1/wlan/hosts/venus/etc/ipsec.conf | 1 + .../hosts/carol/etc/ipsec.conf | 1 + .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/ipsec.conf | 1 + .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/ipsec.conf | 1 + .../hosts/moon/etc/strongswan.conf | 4 +- .../ikev1/xauth-id-psk-mode-config/posttest.dat | 2 +- .../ikev1/xauth-id-psk/hosts/carol/etc/ipsec.conf | 1 + .../xauth-id-psk/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/xauth-id-psk/hosts/dave/etc/ipsec.conf | 1 + .../xauth-id-psk/hosts/dave/etc/strongswan.conf | 2 +- .../ikev1/xauth-id-psk/hosts/moon/etc/ipsec.conf | 1 + .../xauth-id-psk/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/xauth-id-rsa/hosts/carol/etc/ipsec.conf | 1 + .../xauth-id-rsa/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/xauth-id-rsa/hosts/dave/etc/ipsec.conf | 1 + .../xauth-id-rsa/hosts/dave/etc/strongswan.conf | 2 +- .../ikev1/xauth-id-rsa/hosts/moon/etc/ipsec.conf | 1 + .../xauth-id-rsa/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/xauth-psk/hosts/carol/etc/ipsec.conf | 1 + .../xauth-psk/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/xauth-psk/hosts/dave/etc/ipsec.conf | 1 + .../ikev1/xauth-psk/hosts/dave/etc/strongswan.conf | 2 +- .../ikev1/xauth-psk/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/xauth-psk/hosts/moon/etc/strongswan.conf | 2 +- .../xauth-rsa-fail/hosts/carol/etc/ipsec.conf | 1 + .../xauth-rsa-fail/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/xauth-rsa-fail/hosts/moon/etc/ipsec.conf | 1 + .../xauth-rsa-fail/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/ipsec.conf | 1 + .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/ipsec.conf | 1 + .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/ipsec.conf | 1 + .../hosts/moon/etc/strongswan.conf | 2 +- .../tests/ikev1/xauth-rsa-mode-config/posttest.dat | 2 +- .../xauth-rsa-nosecret/hosts/carol/etc/ipsec.conf | 1 + .../hosts/carol/etc/strongswan.conf | 2 +- .../xauth-rsa-nosecret/hosts/moon/etc/ipsec.conf | 1 + .../hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/xauth-rsa/hosts/carol/etc/ipsec.conf | 1 + .../xauth-rsa/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/xauth-rsa/hosts/dave/etc/ipsec.conf | 1 + .../ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf | 2 +- .../ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/alg-3des-md5/test.conf | 4 +- testing/tests/ikev2/alg-aes-ccm/description.txt | 4 + testing/tests/ikev2/alg-aes-ccm/evaltest.dat | 11 + .../ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf | 25 + .../alg-aes-ccm/hosts/carol/etc/strongswan.conf | 5 + .../ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf | 24 + .../alg-aes-ccm/hosts/moon/etc/strongswan.conf | 5 + testing/tests/ikev2/alg-aes-ccm/posttest.dat | 4 + testing/tests/ikev2/alg-aes-ccm/pretest.dat | 6 + testing/tests/ikev2/alg-aes-ccm/test.conf | 21 + testing/tests/ikev2/alg-aes-ctr/description.txt | 4 + testing/tests/ikev2/alg-aes-ctr/evaltest.dat | 12 + .../ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf | 25 + .../alg-aes-ctr/hosts/carol/etc/strongswan.conf | 5 + .../ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf | 24 + .../alg-aes-ctr/hosts/moon/etc/strongswan.conf | 5 + testing/tests/ikev2/alg-aes-ctr/posttest.dat | 4 + testing/tests/ikev2/alg-aes-ctr/pretest.dat | 6 + testing/tests/ikev2/alg-aes-ctr/test.conf | 21 + testing/tests/ikev2/alg-aes-gcm/description.txt | 5 + testing/tests/ikev2/alg-aes-gcm/evaltest.dat | 11 + .../ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf | 25 + .../alg-aes-gcm/hosts/carol/etc/strongswan.conf | 5 + .../ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf | 24 + .../alg-aes-gcm/hosts/moon/etc/strongswan.conf | 5 + testing/tests/ikev2/alg-aes-gcm/posttest.dat | 4 + testing/tests/ikev2/alg-aes-gcm/pretest.dat | 6 + testing/tests/ikev2/alg-aes-gcm/test.conf | 21 + testing/tests/ikev2/alg-aes-xcbc/test.conf | 4 +- testing/tests/ikev2/alg-sha256-96/test.conf | 4 +- testing/tests/ikev2/alg-sha256/test.conf | 4 +- testing/tests/ikev2/alg-sha384/test.conf | 4 +- testing/tests/ikev2/alg-sha512/test.conf | 4 +- testing/tests/ikev2/compress/test.conf | 4 +- testing/tests/ikev2/dpd-hold/test.conf | 4 +- .../tests/ikev2/esp-alg-aes-ccm/description.txt | 4 - testing/tests/ikev2/esp-alg-aes-ccm/evaltest.dat | 9 - .../esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf | 25 - .../hosts/carol/etc/strongswan.conf | 5 - .../esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf | 24 - .../esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf | 5 - testing/tests/ikev2/esp-alg-aes-ccm/posttest.dat | 4 - testing/tests/ikev2/esp-alg-aes-ccm/pretest.dat | 6 - testing/tests/ikev2/esp-alg-aes-ccm/test.conf | 21 - .../tests/ikev2/esp-alg-aes-ctr/description.txt | 3 - testing/tests/ikev2/esp-alg-aes-ctr/evaltest.dat | 10 - .../esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf | 25 - .../hosts/carol/etc/strongswan.conf | 5 - .../esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf | 24 - .../esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf | 5 - testing/tests/ikev2/esp-alg-aes-ctr/posttest.dat | 4 - testing/tests/ikev2/esp-alg-aes-ctr/pretest.dat | 6 - testing/tests/ikev2/esp-alg-aes-ctr/test.conf | 21 - .../tests/ikev2/esp-alg-aes-gcm/description.txt | 4 - testing/tests/ikev2/esp-alg-aes-gcm/evaltest.dat | 9 - .../esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf | 25 - .../hosts/carol/etc/strongswan.conf | 5 - .../esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf | 24 - .../esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf | 5 - testing/tests/ikev2/esp-alg-aes-gcm/posttest.dat | 4 - testing/tests/ikev2/esp-alg-aes-gcm/pretest.dat | 6 - testing/tests/ikev2/esp-alg-aes-gcm/test.conf | 21 - testing/tests/ikev2/esp-alg-aes-gmac/test.conf | 4 +- testing/tests/ikev2/esp-alg-null/test.conf | 4 +- testing/tests/ikev2/ip-pool-db/posttest.dat | 2 +- testing/tests/ikev2/ip-pool-wish/posttest.dat | 2 +- testing/tests/ikev2/ip-pool/posttest.dat | 2 +- testing/tests/ikev2/ip-split-pools-db/posttest.dat | 2 +- testing/tests/ikev2/ip-two-pools-db/posttest.dat | 2 +- testing/tests/ikev2/ip-two-pools/posttest.dat | 2 +- .../ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat | 2 +- .../nat-two-rw-mark/hosts/sun/etc/mark_updown | 2 +- .../net2net-same-nets/hosts/sun/etc/mark_updown | 2 +- .../tests/ikev2/ocsp-no-signer-cert/evaltest.dat | 2 +- testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat | 2 +- .../tests/ikev2/ocsp-untrusted-cert/evaltest.dat | 2 +- .../ikev2/rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../ikev2/rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../ikev2/rw-cert/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/alice/etc/raddb/sites-available/default | 18 - .../tests/ikev2/rw-eap-md5-id-radius/pretest.dat | 4 - testing/tests/ikev2/rw-eap-md5-id-radius/test.conf | 5 + .../hosts/alice/etc/raddb/sites-available/default | 17 - testing/tests/ikev2/rw-eap-md5-radius/pretest.dat | 4 - testing/tests/ikev2/rw-eap-md5-radius/test.conf | 5 + .../hosts/alice/etc/raddb/sites-available/default | 19 - .../tests/ikev2/rw-eap-sim-id-radius/pretest.dat | 3 - testing/tests/ikev2/rw-eap-sim-id-radius/test.conf | 5 + .../ikev2/rw-eap-sim-only-radius/evaltest.dat | 2 +- .../hosts/alice/etc/raddb/sites-available/default | 18 - .../hosts/carol/etc/strongswan.conf | 1 - .../hosts/dave/etc/strongswan.conf | 1 - .../hosts/moon/etc/strongswan.conf | 1 - .../tests/ikev2/rw-eap-sim-only-radius/pretest.dat | 3 - .../tests/ikev2/rw-eap-sim-only-radius/test.conf | 5 + testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat | 2 +- .../ikev2/rw-eap-tls-fragments/description.txt | 5 + .../tests/ikev2/rw-eap-tls-fragments/evaltest.dat | 9 + .../hosts/carol/etc/ipsec.conf | 23 + .../hosts/carol/etc/ipsec.d/cacerts/ca_A_cert.der | Bin 0 -> 4534 bytes .../hosts/carol/etc/ipsec.d/certs/carol_D_cert.der | Bin 0 -> 3432 bytes .../hosts/carol/etc/ipsec.d/private/carol_key.der | Bin 0 -> 4652 bytes .../hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 12 + .../rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf | 24 + .../hosts/moon/etc/ipsec.d/cacerts/ca_A_cert.der | Bin 0 -> 4534 bytes .../hosts/moon/etc/ipsec.d/cacerts/ca_B_cert.der | Bin 0 -> 4542 bytes .../hosts/moon/etc/ipsec.d/cacerts/ca_C_cert.der | Bin 0 -> 4550 bytes .../hosts/moon/etc/ipsec.d/cacerts/ca_D_cert.der | Bin 0 -> 4550 bytes .../hosts/moon/etc/ipsec.d/certs/moon_D_cert.der | Bin 0 -> 3430 bytes .../hosts/moon/etc/ipsec.d/private/ca_A_key.der | Bin 0 -> 9262 bytes .../hosts/moon/etc/ipsec.d/private/ca_B_key.der | Bin 0 -> 9261 bytes .../hosts/moon/etc/ipsec.d/private/ca_C_key.der | Bin 0 -> 9261 bytes .../hosts/moon/etc/ipsec.d/private/ca_D_key.der | Bin 0 -> 9262 bytes .../hosts/moon/etc/ipsec.d/private/moon_key.der | Bin 0 -> 4651 bytes .../hosts/moon/etc/ipsec.secrets | 3 + .../hosts/moon/etc/strongswan.conf | 12 + .../tests/ikev2/rw-eap-tls-fragments/posttest.dat | 10 + .../tests/ikev2/rw-eap-tls-fragments/pretest.dat | 9 + testing/tests/ikev2/rw-eap-tls-fragments/test.conf | 21 + .../tests/ikev2/rw-eap-tls-only/description.txt | 4 + testing/tests/ikev2/rw-eap-tls-only/evaltest.dat | 9 + .../rw-eap-tls-only/hosts/carol/etc/ipsec.conf | 22 + .../hosts/carol/etc/strongswan.conf | 6 + .../rw-eap-tls-only/hosts/moon/etc/ipsec.conf | 23 + .../rw-eap-tls-only/hosts/moon/etc/strongswan.conf | 6 + testing/tests/ikev2/rw-eap-tls-only/posttest.dat | 4 + testing/tests/ikev2/rw-eap-tls-only/pretest.dat | 7 + testing/tests/ikev2/rw-eap-tls-only/test.conf | 21 + .../tests/ikev2/rw-eap-tls-radius/description.txt | 5 + testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat | 11 + .../hosts/alice/etc/raddb/clients.conf | 4 + .../hosts/alice/etc/raddb/eap.conf | 13 + .../hosts/alice/etc/raddb/proxy.conf | 5 + .../hosts/alice/etc/raddb/radiusd.conf | 120 + .../hosts/alice/etc/raddb/sites-available/default | 42 + .../rw-eap-tls-radius/hosts/alice/etc/raddb/users | 1 + .../rw-eap-tls-radius/hosts/carol/etc/ipsec.conf | 24 + .../hosts/carol/etc/strongswan.conf | 6 + .../hosts/moon/etc/init.d/iptables | 84 + .../rw-eap-tls-radius/hosts/moon/etc/ipsec.conf | 24 + .../rw-eap-tls-radius/hosts/moon/etc/ipsec.secrets | 3 + .../hosts/moon/etc/strongswan.conf | 12 + testing/tests/ikev2/rw-eap-tls-radius/posttest.dat | 5 + testing/tests/ikev2/rw-eap-tls-radius/pretest.dat | 8 + testing/tests/ikev2/rw-eap-tls-radius/test.conf | 26 + .../tests/ikev2/rw-eap-tnc-block/description.txt | 8 + testing/tests/ikev2/rw-eap-tnc-block/evaltest.dat | 12 + .../rw-eap-tnc-block/hosts/carol/etc/ipsec.conf | 23 + .../rw-eap-tnc-block/hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 6 + .../hosts/carol/etc/tnc/dummyimc.file | 1 + .../rw-eap-tnc-block/hosts/carol/etc/tnc_config | 3 + .../rw-eap-tnc-block/hosts/dave/etc/ipsec.conf | 23 + .../rw-eap-tnc-block/hosts/dave/etc/ipsec.secrets | 3 + .../hosts/dave/etc/strongswan.conf | 6 + .../hosts/dave/etc/tnc/dummyimc.file | 1 + .../rw-eap-tnc-block/hosts/dave/etc/tnc_config | 3 + .../rw-eap-tnc-block/hosts/moon/etc/ipsec.conf | 26 + .../rw-eap-tnc-block/hosts/moon/etc/ipsec.secrets | 6 + .../hosts/moon/etc/strongswan.conf | 13 + .../rw-eap-tnc-block/hosts/moon/etc/tnc_config | 3 + testing/tests/ikev2/rw-eap-tnc-block/posttest.dat | 6 + testing/tests/ikev2/rw-eap-tnc-block/pretest.dat | 15 + testing/tests/ikev2/rw-eap-tnc-block/test.conf | 26 + .../ikev2/rw-eap-tnc-radius-block/description.txt | 11 + .../ikev2/rw-eap-tnc-radius-block/evaltest.dat | 14 + .../hosts/alice/etc/raddb/clients.conf | 4 + .../hosts/alice/etc/raddb/dictionary | 2 + .../hosts/alice/etc/raddb/dictionary.tnc | 5 + .../hosts/alice/etc/raddb/eap.conf | 25 + .../hosts/alice/etc/raddb/proxy.conf | 5 + .../hosts/alice/etc/raddb/radiusd.conf | 120 + .../hosts/alice/etc/raddb/sites-available/default | 44 + .../alice/etc/raddb/sites-available/inner-tunnel | 32 + .../etc/raddb/sites-available/inner-tunnel-second | 23 + .../hosts/alice/etc/raddb/users | 2 + .../hosts/alice/etc/tnc_config | 3 + .../hosts/carol/etc/ipsec.conf | 24 + .../hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 6 + .../hosts/carol/etc/tnc/dummyimc.file | 1 + .../hosts/carol/etc/tnc_config | 3 + .../hosts/dave/etc/ipsec.conf | 24 + .../hosts/dave/etc/ipsec.secrets | 3 + .../hosts/dave/etc/strongswan.conf | 6 + .../hosts/dave/etc/tnc/dummyimc.file | 1 + .../hosts/dave/etc/tnc_config | 3 + .../hosts/moon/etc/init.d/iptables | 84 + .../hosts/moon/etc/ipsec.conf | 25 + .../hosts/moon/etc/ipsec.secrets | 3 + .../hosts/moon/etc/strongswan.conf | 12 + .../ikev2/rw-eap-tnc-radius-block/posttest.dat | 8 + .../ikev2/rw-eap-tnc-radius-block/pretest.dat | 15 + .../tests/ikev2/rw-eap-tnc-radius-block/test.conf | 26 + .../tests/ikev2/rw-eap-tnc-radius/description.txt | 10 + testing/tests/ikev2/rw-eap-tnc-radius/evaltest.dat | 19 + .../hosts/alice/etc/raddb/clients.conf | 4 + .../hosts/alice/etc/raddb/dictionary | 2 + .../hosts/alice/etc/raddb/dictionary.tnc | 5 + .../hosts/alice/etc/raddb/eap.conf | 25 + .../hosts/alice/etc/raddb/proxy.conf | 5 + .../hosts/alice/etc/raddb/radiusd.conf | 120 + .../hosts/alice/etc/raddb/sites-available/default | 44 + .../alice/etc/raddb/sites-available/inner-tunnel | 32 + .../etc/raddb/sites-available/inner-tunnel-second | 36 + .../rw-eap-tnc-radius/hosts/alice/etc/raddb/users | 2 + .../rw-eap-tnc-radius/hosts/alice/etc/tnc_config | 3 + .../rw-eap-tnc-radius/hosts/carol/etc/ipsec.conf | 24 + .../hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 6 + .../hosts/carol/etc/tnc/dummyimc.file | 1 + .../rw-eap-tnc-radius/hosts/carol/etc/tnc_config | 3 + .../rw-eap-tnc-radius/hosts/dave/etc/ipsec.conf | 24 + .../rw-eap-tnc-radius/hosts/dave/etc/ipsec.secrets | 3 + .../hosts/dave/etc/strongswan.conf | 6 + .../hosts/dave/etc/tnc/dummyimc.file | 1 + .../rw-eap-tnc-radius/hosts/dave/etc/tnc_config | 3 + .../hosts/moon/etc/init.d/iptables | 84 + .../rw-eap-tnc-radius/hosts/moon/etc/ipsec.conf | 35 + .../rw-eap-tnc-radius/hosts/moon/etc/ipsec.secrets | 3 + .../hosts/moon/etc/strongswan.conf | 13 + testing/tests/ikev2/rw-eap-tnc-radius/posttest.dat | 8 + testing/tests/ikev2/rw-eap-tnc-radius/pretest.dat | 18 + testing/tests/ikev2/rw-eap-tnc-radius/test.conf | 26 + testing/tests/ikev2/rw-eap-tnc-tls/description.txt | 7 + testing/tests/ikev2/rw-eap-tnc-tls/evaltest.dat | 19 + .../rw-eap-tnc-tls/hosts/carol/etc/ipsec.conf | 24 + .../rw-eap-tnc-tls/hosts/carol/etc/strongswan.conf | 6 + .../hosts/carol/etc/tnc/dummyimc.file | 1 + .../rw-eap-tnc-tls/hosts/carol/etc/tnc_config | 3 + .../ikev2/rw-eap-tnc-tls/hosts/dave/etc/ipsec.conf | 24 + .../rw-eap-tnc-tls/hosts/dave/etc/strongswan.conf | 6 + .../hosts/dave/etc/tnc/dummyimc.file | 1 + .../ikev2/rw-eap-tnc-tls/hosts/dave/etc/tnc_config | 3 + .../ikev2/rw-eap-tnc-tls/hosts/moon/etc/ipsec.conf | 36 + .../rw-eap-tnc-tls/hosts/moon/etc/ipsec.secrets | 6 + .../rw-eap-tnc-tls/hosts/moon/etc/strongswan.conf | 13 + .../ikev2/rw-eap-tnc-tls/hosts/moon/etc/tnc_config | 3 + testing/tests/ikev2/rw-eap-tnc-tls/posttest.dat | 6 + testing/tests/ikev2/rw-eap-tnc-tls/pretest.dat | 15 + testing/tests/ikev2/rw-eap-tnc-tls/test.conf | 26 + testing/tests/ikev2/rw-eap-tnc/description.txt | 9 + testing/tests/ikev2/rw-eap-tnc/evaltest.dat | 19 + .../ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.conf | 23 + .../ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.secrets | 3 + .../rw-eap-tnc/hosts/carol/etc/strongswan.conf | 6 + .../rw-eap-tnc/hosts/carol/etc/tnc/dummyimc.file | 1 + .../ikev2/rw-eap-tnc/hosts/carol/etc/tnc_config | 3 + .../ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.conf | 23 + .../ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.secrets | 3 + .../rw-eap-tnc/hosts/dave/etc/strongswan.conf | 6 + .../rw-eap-tnc/hosts/dave/etc/tnc/dummyimc.file | 1 + .../ikev2/rw-eap-tnc/hosts/dave/etc/tnc_config | 3 + .../ikev2/rw-eap-tnc/hosts/moon/etc/ipsec.conf | 36 + .../ikev2/rw-eap-tnc/hosts/moon/etc/ipsec.secrets | 6 + .../rw-eap-tnc/hosts/moon/etc/strongswan.conf | 13 + .../ikev2/rw-eap-tnc/hosts/moon/etc/tnc_config | 3 + testing/tests/ikev2/rw-eap-tnc/posttest.dat | 6 + testing/tests/ikev2/rw-eap-tnc/pretest.dat | 15 + testing/tests/ikev2/rw-eap-tnc/test.conf | 26 + .../tests/ikev2/rw-eap-ttls-only/description.txt | 11 + testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat | 19 + .../rw-eap-ttls-only/hosts/carol/etc/ipsec.conf | 23 + .../rw-eap-ttls-only/hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 6 + .../rw-eap-ttls-only/hosts/dave/etc/ipsec.conf | 23 + .../rw-eap-ttls-only/hosts/dave/etc/ipsec.secrets | 3 + .../hosts/dave/etc/strongswan.conf | 6 + .../rw-eap-ttls-only/hosts/moon/etc/ipsec.conf | 24 + .../rw-eap-ttls-only/hosts/moon/etc/ipsec.secrets | 6 + .../hosts/moon/etc/strongswan.conf | 11 + testing/tests/ikev2/rw-eap-ttls-only/posttest.dat | 6 + testing/tests/ikev2/rw-eap-ttls-only/pretest.dat | 10 + testing/tests/ikev2/rw-eap-ttls-only/test.conf | 21 + .../rw-eap-ttls-phase2-piggyback/description.txt | 10 + .../rw-eap-ttls-phase2-piggyback/evaltest.dat | 19 + .../hosts/carol/etc/ipsec.conf | 23 + .../hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 6 + .../hosts/dave/etc/ipsec.conf | 23 + .../hosts/dave/etc/ipsec.secrets | 3 + .../hosts/dave/etc/strongswan.conf | 6 + .../hosts/moon/etc/ipsec.conf | 24 + .../hosts/moon/etc/ipsec.secrets | 6 + .../hosts/moon/etc/strongswan.conf | 12 + .../rw-eap-ttls-phase2-piggyback/posttest.dat | 6 + .../ikev2/rw-eap-ttls-phase2-piggyback/pretest.dat | 10 + .../ikev2/rw-eap-ttls-phase2-piggyback/test.conf | 21 + .../tests/ikev2/rw-eap-ttls-radius/description.txt | 8 + .../tests/ikev2/rw-eap-ttls-radius/evaltest.dat | 21 + .../hosts/alice/etc/raddb/clients.conf | 4 + .../hosts/alice/etc/raddb/eap.conf | 18 + .../hosts/alice/etc/raddb/proxy.conf | 5 + .../hosts/alice/etc/raddb/radiusd.conf | 120 + .../hosts/alice/etc/raddb/sites-available/default | 44 + .../alice/etc/raddb/sites-available/inner-tunnel | 32 + .../rw-eap-ttls-radius/hosts/alice/etc/raddb/users | 2 + .../rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf | 24 + .../hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 6 + .../rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf | 24 + .../hosts/dave/etc/ipsec.secrets | 3 + .../hosts/dave/etc/strongswan.conf | 6 + .../hosts/moon/etc/init.d/iptables | 84 + .../rw-eap-ttls-radius/hosts/moon/etc/ipsec.conf | 25 + .../hosts/moon/etc/ipsec.secrets | 3 + .../hosts/moon/etc/strongswan.conf | 12 + .../tests/ikev2/rw-eap-ttls-radius/posttest.dat | 7 + testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat | 11 + testing/tests/ikev2/rw-eap-ttls-radius/test.conf | 26 + .../ikev2/rw-mark-in-out/hosts/sun/etc/mark_updown | 2 +- .../ipv6/host2host-ikev1/hosts/moon/etc/ipsec.conf | 1 + .../ipv6/host2host-ikev1/hosts/sun/etc/ipsec.conf | 1 + .../ipv6/net2net-ikev1/hosts/moon/etc/ipsec.conf | 1 + .../ipv6/net2net-ikev1/hosts/sun/etc/ipsec.conf | 1 + .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/sun/etc/strongswan.conf | 2 +- .../tests/ipv6/rw-ikev1/hosts/carol/etc/ipsec.conf | 1 + .../tests/ipv6/rw-ikev1/hosts/moon/etc/ipsec.conf | 1 + .../ipv6/rw-psk-ikev1/hosts/carol/etc/ipsec.conf | 1 + .../ipv6/rw-psk-ikev1/hosts/moon/etc/ipsec.conf | 1 + .../ipv6/transport-ikev1/hosts/moon/etc/ipsec.conf | 1 + .../ipv6/transport-ikev1/hosts/sun/etc/ipsec.conf | 1 + .../alg-camellia/hosts/carol/etc/ipsec.conf | 1 + .../alg-camellia/hosts/carol/etc/strongswan.conf | 2 +- .../alg-camellia/hosts/moon/etc/ipsec.conf | 1 + .../alg-camellia/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/openssl-ikev1/alg-camellia/test.conf | 4 +- .../alg-ecp-high/hosts/carol/etc/strongswan.conf | 2 +- .../alg-ecp-high/hosts/dave/etc/strongswan.conf | 2 +- .../alg-ecp-high/hosts/moon/etc/strongswan.conf | 2 +- .../alg-ecp-low/hosts/carol/etc/strongswan.conf | 2 +- .../alg-ecp-low/hosts/dave/etc/strongswan.conf | 2 +- .../alg-ecp-low/hosts/moon/etc/strongswan.conf | 2 +- .../ecdsa-certs/hosts/carol/etc/strongswan.conf | 2 +- .../ecdsa-certs/hosts/dave/etc/strongswan.conf | 2 +- .../ecdsa-certs/hosts/moon/etc/strongswan.conf | 2 +- .../rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../rw-cert/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/openssl-ikev2/alg-camellia/test.conf | 4 +- .../rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../rw-cert/hosts/moon/etc/strongswan.conf | 2 +- .../openssl-ikev2/rw-eap-tls-only/description.txt | 5 + .../openssl-ikev2/rw-eap-tls-only/evaltest.dat | 10 + .../rw-eap-tls-only/hosts/carol/etc/ipsec.conf | 25 + .../carol/etc/ipsec.d/cacerts/strongswanCert.pem | 17 + .../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 18 + .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 8 + .../rw-eap-tls-only/hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 6 + .../rw-eap-tls-only/hosts/moon/etc/ipsec.conf | 26 + .../moon/etc/ipsec.d/cacerts/strongswanCert.pem | 17 + .../hosts/moon/etc/ipsec.d/certs/moonCert.pem | 20 + .../hosts/moon/etc/ipsec.d/private/moonKey.pem | 7 + .../rw-eap-tls-only/hosts/moon/etc/ipsec.secrets | 3 + .../rw-eap-tls-only/hosts/moon/etc/strongswan.conf | 13 + .../openssl-ikev2/rw-eap-tls-only/posttest.dat | 4 + .../openssl-ikev2/rw-eap-tls-only/pretest.dat | 7 + .../tests/openssl-ikev2/rw-eap-tls-only/test.conf | 21 + testing/tests/pfkey/alg-aes-xcbc/test.conf | 4 +- testing/tests/pfkey/alg-sha384/test.conf | 4 +- testing/tests/pfkey/alg-sha512/test.conf | 4 +- testing/tests/pfkey/esp-alg-null/test.conf | 4 +- testing/tests/sql/ip-pool-db-expired/posttest.dat | 2 +- testing/tests/sql/ip-pool-db-restart/posttest.dat | 2 +- testing/tests/sql/ip-pool-db/posttest.dat | 2 +- .../sql/ip-split-pools-db-restart/posttest.dat | 2 +- testing/tests/sql/ip-split-pools-db/posttest.dat | 2 +- 1442 files changed, 73349 insertions(+), 33038 deletions(-) create mode 100644 m4/macros/add-plugin.m4 create mode 100644 man/Makefile.am create mode 100644 man/Makefile.in create mode 100644 man/ipsec.conf.5 create mode 100644 man/ipsec.conf.5.in create mode 100644 man/ipsec.secrets.5 create mode 100644 man/ipsec.secrets.5.in create mode 100644 man/strongswan.conf.5 create mode 100644 man/strongswan.conf.5.in create mode 100644 scripts/crypt_burn.c create mode 100644 src/libcharon/kernel/kernel_handler.c create mode 100644 src/libcharon/kernel/kernel_handler.h delete mode 100644 src/libcharon/kernel/kernel_interface.c delete mode 100644 src/libcharon/kernel/kernel_interface.h delete mode 100644 src/libcharon/kernel/kernel_ipsec.c delete mode 100644 src/libcharon/kernel/kernel_ipsec.h delete mode 100644 src/libcharon/kernel/kernel_net.h create mode 100644 src/libcharon/plugins/eap_tls/Makefile.am create mode 100644 src/libcharon/plugins/eap_tls/Makefile.in create mode 100644 src/libcharon/plugins/eap_tls/eap_tls.c create mode 100644 src/libcharon/plugins/eap_tls/eap_tls.h create mode 100644 src/libcharon/plugins/eap_tls/eap_tls_plugin.c create mode 100644 src/libcharon/plugins/eap_tls/eap_tls_plugin.h create mode 100644 src/libcharon/plugins/eap_tnc/Makefile.am create mode 100644 src/libcharon/plugins/eap_tnc/Makefile.in create mode 100644 src/libcharon/plugins/eap_tnc/eap_tnc.c create mode 100644 src/libcharon/plugins/eap_tnc/eap_tnc.h create mode 100644 src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c create mode 100644 src/libcharon/plugins/eap_tnc/eap_tnc_plugin.h create mode 100644 src/libcharon/plugins/eap_ttls/Makefile.am create mode 100644 src/libcharon/plugins/eap_ttls/Makefile.in create mode 100644 src/libcharon/plugins/eap_ttls/eap_ttls.c create mode 100644 src/libcharon/plugins/eap_ttls/eap_ttls.h create mode 100644 src/libcharon/plugins/eap_ttls/eap_ttls_avp.c create mode 100644 src/libcharon/plugins/eap_ttls/eap_ttls_avp.h create mode 100644 src/libcharon/plugins/eap_ttls/eap_ttls_peer.c create mode 100644 src/libcharon/plugins/eap_ttls/eap_ttls_peer.h create mode 100644 src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c create mode 100644 src/libcharon/plugins/eap_ttls/eap_ttls_plugin.h create mode 100644 src/libcharon/plugins/eap_ttls/eap_ttls_server.c create mode 100644 src/libcharon/plugins/eap_ttls/eap_ttls_server.h delete mode 100644 src/libcharon/plugins/kernel_klips/Makefile.am delete mode 100644 src/libcharon/plugins/kernel_klips/Makefile.in delete mode 100644 src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c delete mode 100644 src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.h delete mode 100644 src/libcharon/plugins/kernel_klips/kernel_klips_plugin.c delete mode 100644 src/libcharon/plugins/kernel_klips/kernel_klips_plugin.h delete mode 100644 src/libcharon/plugins/kernel_klips/pfkeyv2.h delete mode 100644 src/libcharon/plugins/kernel_netlink/Makefile.am delete mode 100644 src/libcharon/plugins/kernel_netlink/Makefile.in delete mode 100644 src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c delete mode 100644 src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.h delete mode 100644 src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c delete mode 100644 src/libcharon/plugins/kernel_netlink/kernel_netlink_net.h delete mode 100644 src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c delete mode 100644 src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.h delete mode 100644 src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c delete mode 100644 src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h delete mode 100644 src/libcharon/plugins/kernel_pfkey/Makefile.am delete mode 100644 src/libcharon/plugins/kernel_pfkey/Makefile.in delete mode 100644 src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c delete mode 100644 src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h delete mode 100644 src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c delete mode 100644 src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.h delete mode 100644 src/libcharon/plugins/kernel_pfroute/Makefile.am delete mode 100644 src/libcharon/plugins/kernel_pfroute/Makefile.in delete mode 100644 src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c delete mode 100644 src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.h delete mode 100644 src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c delete mode 100644 src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.h create mode 100644 src/libcharon/plugins/led/Makefile.am create mode 100644 src/libcharon/plugins/led/Makefile.in create mode 100644 src/libcharon/plugins/led/led_listener.c create mode 100644 src/libcharon/plugins/led/led_listener.h create mode 100644 src/libcharon/plugins/led/led_plugin.c create mode 100644 src/libcharon/plugins/led/led_plugin.h create mode 100644 src/libcharon/plugins/maemo/Makefile.am create mode 100644 src/libcharon/plugins/maemo/Makefile.in create mode 100644 src/libcharon/plugins/maemo/maemo_plugin.c create mode 100644 src/libcharon/plugins/maemo/maemo_plugin.h create mode 100644 src/libcharon/plugins/maemo/maemo_service.c create mode 100644 src/libcharon/plugins/maemo/maemo_service.h create mode 100644 src/libcharon/plugins/maemo/org.strongswan.charon.service create mode 100644 src/libcharon/plugins/tnc_imc/Makefile.am create mode 100644 src/libcharon/plugins/tnc_imc/Makefile.in create mode 100644 src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c create mode 100644 src/libcharon/plugins/tnc_imc/tnc_imc_plugin.h create mode 100644 src/libcharon/plugins/tnc_imv/Makefile.am create mode 100644 src/libcharon/plugins/tnc_imv/Makefile.in create mode 100644 src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c create mode 100644 src/libcharon/plugins/tnc_imv/tnc_imv_plugin.h create mode 100644 src/libcharon/plugins/tnccs_11/Makefile.am create mode 100644 src/libcharon/plugins/tnccs_11/Makefile.in create mode 100644 src/libcharon/plugins/tnccs_11/tnccs_11.c create mode 100644 src/libcharon/plugins/tnccs_11/tnccs_11.h create mode 100644 src/libcharon/plugins/tnccs_11/tnccs_11_plugin.c create mode 100644 src/libcharon/plugins/tnccs_11/tnccs_11_plugin.h create mode 100644 src/libcharon/plugins/tnccs_20/Makefile.am create mode 100644 src/libcharon/plugins/tnccs_20/Makefile.in create mode 100644 src/libcharon/plugins/tnccs_20/tnccs_20.c create mode 100644 src/libcharon/plugins/tnccs_20/tnccs_20.h create mode 100644 src/libcharon/plugins/tnccs_20/tnccs_20_plugin.c create mode 100644 src/libcharon/plugins/tnccs_20/tnccs_20_plugin.h delete mode 100644 src/libcharon/processing/jobs/callback_job.c delete mode 100644 src/libcharon/processing/jobs/callback_job.h delete mode 100644 src/libcharon/processing/jobs/job.h delete mode 100644 src/libcharon/processing/processor.c delete mode 100644 src/libcharon/processing/processor.h delete mode 100644 src/libcharon/processing/scheduler.c delete mode 100644 src/libcharon/processing/scheduler.h create mode 100644 src/libcharon/tnccs/tnccs.c create mode 100644 src/libcharon/tnccs/tnccs.h create mode 100644 src/libcharon/tnccs/tnccs_manager.c create mode 100644 src/libcharon/tnccs/tnccs_manager.h create mode 100644 src/libhydra/kernel/kernel_interface.c create mode 100644 src/libhydra/kernel/kernel_interface.h create mode 100644 src/libhydra/kernel/kernel_ipsec.c create mode 100644 src/libhydra/kernel/kernel_ipsec.h create mode 100644 src/libhydra/kernel/kernel_listener.h create mode 100644 src/libhydra/kernel/kernel_net.h create mode 100644 src/libhydra/plugins/kernel_klips/Makefile.am create mode 100644 src/libhydra/plugins/kernel_klips/Makefile.in create mode 100644 src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c create mode 100644 src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.h create mode 100644 src/libhydra/plugins/kernel_klips/kernel_klips_plugin.c create mode 100644 src/libhydra/plugins/kernel_klips/kernel_klips_plugin.h create mode 100644 src/libhydra/plugins/kernel_klips/pfkeyv2.h create mode 100644 src/libhydra/plugins/kernel_netlink/Makefile.am create mode 100644 src/libhydra/plugins/kernel_netlink/Makefile.in create mode 100644 src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c create mode 100644 src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.h create mode 100644 src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c create mode 100644 src/libhydra/plugins/kernel_netlink/kernel_netlink_net.h create mode 100644 src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c create mode 100644 src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.h create mode 100644 src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c create mode 100644 src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.h create mode 100644 src/libhydra/plugins/kernel_pfkey/Makefile.am create mode 100644 src/libhydra/plugins/kernel_pfkey/Makefile.in create mode 100644 src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c create mode 100644 src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.h create mode 100644 src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c create mode 100644 src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.h create mode 100644 src/libhydra/plugins/kernel_pfroute/Makefile.am create mode 100644 src/libhydra/plugins/kernel_pfroute/Makefile.in create mode 100644 src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c create mode 100644 src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.h create mode 100644 src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.c create mode 100644 src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.h create mode 100644 src/libstrongswan/credentials/sets/callback_cred.c create mode 100644 src/libstrongswan/credentials/sets/callback_cred.h create mode 100644 src/libstrongswan/credentials/sets/mem_cred.c create mode 100644 src/libstrongswan/credentials/sets/mem_cred.h create mode 100644 src/libstrongswan/crypto/aead.c create mode 100644 src/libstrongswan/crypto/aead.h create mode 100644 src/libstrongswan/eap/eap.c create mode 100644 src/libstrongswan/eap/eap.h create mode 100644 src/libstrongswan/plugins/ccm/Makefile.am create mode 100644 src/libstrongswan/plugins/ccm/Makefile.in create mode 100644 src/libstrongswan/plugins/ccm/ccm_aead.c create mode 100644 src/libstrongswan/plugins/ccm/ccm_aead.h create mode 100644 src/libstrongswan/plugins/ccm/ccm_plugin.c create mode 100644 src/libstrongswan/plugins/ccm/ccm_plugin.h create mode 100644 src/libstrongswan/plugins/ctr/Makefile.am create mode 100644 src/libstrongswan/plugins/ctr/Makefile.in create mode 100644 src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c create mode 100644 src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.h create mode 100644 src/libstrongswan/plugins/ctr/ctr_plugin.c create mode 100644 src/libstrongswan/plugins/ctr/ctr_plugin.h create mode 100644 src/libstrongswan/plugins/gcm/Makefile.am create mode 100644 src/libstrongswan/plugins/gcm/Makefile.in create mode 100644 src/libstrongswan/plugins/gcm/gcm_aead.c create mode 100644 src/libstrongswan/plugins/gcm/gcm_aead.h create mode 100644 src/libstrongswan/plugins/gcm/gcm_plugin.c create mode 100644 src/libstrongswan/plugins/gcm/gcm_plugin.h create mode 100644 src/libstrongswan/plugins/pkcs11/Makefile.am create mode 100644 src/libstrongswan/plugins/pkcs11/Makefile.in create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11.h create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_creds.c create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_creds.h create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_hasher.h create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_library.c create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_library.h create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_manager.c create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_manager.h create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_plugin.h create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h create mode 100644 src/libstrongswan/plugins/test_vectors/test_vectors/aes_ccm.c create mode 100644 src/libstrongswan/plugins/test_vectors/test_vectors/aes_ctr.c create mode 100644 src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c create mode 100644 src/libstrongswan/plugins/test_vectors/test_vectors/camellia_ctr.c create mode 100644 src/libstrongswan/plugins/test_vectors/test_vectors/camellia_xcbc.c create mode 100644 src/libstrongswan/processing/jobs/callback_job.c create mode 100644 src/libstrongswan/processing/jobs/callback_job.h create mode 100644 src/libstrongswan/processing/jobs/job.h create mode 100644 src/libstrongswan/processing/processor.c create mode 100644 src/libstrongswan/processing/processor.h create mode 100644 src/libstrongswan/processing/scheduler.c create mode 100644 src/libstrongswan/processing/scheduler.h create mode 100644 src/libtls/Makefile.am create mode 100644 src/libtls/Makefile.in create mode 100644 src/libtls/tls.c create mode 100644 src/libtls/tls.h create mode 100644 src/libtls/tls_alert.c create mode 100644 src/libtls/tls_alert.h create mode 100644 src/libtls/tls_application.h create mode 100644 src/libtls/tls_compression.c create mode 100644 src/libtls/tls_compression.h create mode 100644 src/libtls/tls_crypto.c create mode 100644 src/libtls/tls_crypto.h create mode 100644 src/libtls/tls_eap.c create mode 100644 src/libtls/tls_eap.h create mode 100644 src/libtls/tls_fragmentation.c create mode 100644 src/libtls/tls_fragmentation.h create mode 100644 src/libtls/tls_handshake.h create mode 100644 src/libtls/tls_peer.c create mode 100644 src/libtls/tls_peer.h create mode 100644 src/libtls/tls_prf.c create mode 100644 src/libtls/tls_prf.h create mode 100644 src/libtls/tls_protection.c create mode 100644 src/libtls/tls_protection.h create mode 100644 src/libtls/tls_reader.c create mode 100644 src/libtls/tls_reader.h create mode 100644 src/libtls/tls_server.c create mode 100644 src/libtls/tls_server.h create mode 100644 src/libtls/tls_socket.c create mode 100644 src/libtls/tls_socket.h create mode 100644 src/libtls/tls_writer.c create mode 100644 src/libtls/tls_writer.h create mode 100644 src/pluto/event_queue.c create mode 100644 src/pluto/event_queue.h delete mode 100644 src/pluto/ipsec.secrets.5 delete mode 100644 src/pluto/ipsec.secrets.5.in delete mode 100644 src/pluto/kernel_netlink.c delete mode 100644 src/pluto/kernel_netlink.h delete mode 100644 src/pluto/kernel_noklips.c delete mode 100644 src/pluto/kernel_noklips.h delete mode 100644 src/starter/ipsec.conf.5 delete mode 100644 src/starter/ipsec.conf.5.in create mode 100755 testing/hosts/alice/etc/init.d/radiusd create mode 100644 testing/hosts/alice/etc/raddb/certs/aaaCert.pem create mode 100644 testing/hosts/alice/etc/raddb/certs/aaaKey.pem create mode 100644 testing/hosts/alice/etc/raddb/certs/dh create mode 100644 testing/hosts/alice/etc/raddb/certs/random create mode 100644 testing/hosts/alice/etc/raddb/certs/strongswanCert.pem create mode 100644 testing/hosts/winnetou/etc/openssl/newcerts/22.pem create mode 100644 testing/ssh_config create mode 100644 testing/tests/ikev1/nat-two-rw-mark/description.txt create mode 100644 testing/tests/ikev1/nat-two-rw-mark/evaltest.dat create mode 100755 testing/tests/ikev1/nat-two-rw-mark/hosts/alice/etc/ipsec.conf create mode 100755 testing/tests/ikev1/nat-two-rw-mark/hosts/sun/etc/ipsec.conf create mode 100755 testing/tests/ikev1/nat-two-rw-mark/hosts/sun/etc/mark_updown create mode 100755 testing/tests/ikev1/nat-two-rw-mark/hosts/venus/etc/ipsec.conf create mode 100644 testing/tests/ikev1/nat-two-rw-mark/posttest.dat create mode 100644 testing/tests/ikev1/nat-two-rw-mark/pretest.dat create mode 100644 testing/tests/ikev1/nat-two-rw-mark/test.conf create mode 100644 testing/tests/ikev1/net2net-same-nets/description.txt create mode 100644 testing/tests/ikev1/net2net-same-nets/evaltest.dat create mode 100755 testing/tests/ikev1/net2net-same-nets/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/ikev1/net2net-same-nets/hosts/sun/etc/ipsec.conf create mode 100755 testing/tests/ikev1/net2net-same-nets/hosts/sun/etc/mark_updown create mode 100644 testing/tests/ikev1/net2net-same-nets/posttest.dat create mode 100644 testing/tests/ikev1/net2net-same-nets/pretest.dat create mode 100644 testing/tests/ikev1/net2net-same-nets/test.conf create mode 100644 testing/tests/ikev1/rw-mark-in-out/description.txt create mode 100644 testing/tests/ikev1/rw-mark-in-out/evaltest.dat create mode 100755 testing/tests/ikev1/rw-mark-in-out/hosts/alice/etc/init.d/iptables create mode 100755 testing/tests/ikev1/rw-mark-in-out/hosts/alice/etc/ipsec.conf create mode 100755 testing/tests/ikev1/rw-mark-in-out/hosts/sun/etc/ipsec.conf create mode 100755 testing/tests/ikev1/rw-mark-in-out/hosts/sun/etc/mark_updown create mode 100755 testing/tests/ikev1/rw-mark-in-out/hosts/venus/etc/init.d/iptables create mode 100755 testing/tests/ikev1/rw-mark-in-out/hosts/venus/etc/ipsec.conf create mode 100644 testing/tests/ikev1/rw-mark-in-out/posttest.dat create mode 100644 testing/tests/ikev1/rw-mark-in-out/pretest.dat create mode 100644 testing/tests/ikev1/rw-mark-in-out/test.conf create mode 100644 testing/tests/ikev2/alg-aes-ccm/description.txt create mode 100644 testing/tests/ikev2/alg-aes-ccm/evaltest.dat create mode 100755 testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/alg-aes-ccm/posttest.dat create mode 100644 testing/tests/ikev2/alg-aes-ccm/pretest.dat create mode 100644 testing/tests/ikev2/alg-aes-ccm/test.conf create mode 100644 testing/tests/ikev2/alg-aes-ctr/description.txt create mode 100644 testing/tests/ikev2/alg-aes-ctr/evaltest.dat create mode 100755 testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/alg-aes-ctr/posttest.dat create mode 100644 testing/tests/ikev2/alg-aes-ctr/pretest.dat create mode 100644 testing/tests/ikev2/alg-aes-ctr/test.conf create mode 100644 testing/tests/ikev2/alg-aes-gcm/description.txt create mode 100644 testing/tests/ikev2/alg-aes-gcm/evaltest.dat create mode 100755 testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/alg-aes-gcm/posttest.dat create mode 100644 testing/tests/ikev2/alg-aes-gcm/pretest.dat create mode 100644 testing/tests/ikev2/alg-aes-gcm/test.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-ccm/description.txt delete mode 100644 testing/tests/ikev2/esp-alg-aes-ccm/evaltest.dat delete mode 100755 testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf delete mode 100755 testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-ccm/posttest.dat delete mode 100644 testing/tests/ikev2/esp-alg-aes-ccm/pretest.dat delete mode 100644 testing/tests/ikev2/esp-alg-aes-ccm/test.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-ctr/description.txt delete mode 100644 testing/tests/ikev2/esp-alg-aes-ctr/evaltest.dat delete mode 100755 testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf delete mode 100755 testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-ctr/posttest.dat delete mode 100644 testing/tests/ikev2/esp-alg-aes-ctr/pretest.dat delete mode 100644 testing/tests/ikev2/esp-alg-aes-ctr/test.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/description.txt delete mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/evaltest.dat delete mode 100755 testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf delete mode 100755 testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/posttest.dat delete mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/pretest.dat delete mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/test.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/description.txt create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat create mode 100755 testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.d/cacerts/ca_A_cert.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.d/certs/carol_D_cert.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.d/private/carol_key.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.d/cacerts/ca_A_cert.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.d/cacerts/ca_B_cert.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.d/cacerts/ca_C_cert.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.d/cacerts/ca_D_cert.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.d/certs/moon_D_cert.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.d/private/ca_A_key.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.d/private/ca_B_key.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.d/private/ca_C_key.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.d/private/ca_D_key.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.d/private/moon_key.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/test.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-only/description.txt create mode 100644 testing/tests/ikev2/rw-eap-tls-only/evaltest.dat create mode 100755 testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-only/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-tls-only/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-tls-only/test.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/description.txt create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/clients.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/eap.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/proxy.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/radiusd.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/sites-available/default create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/users create mode 100755 testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/test.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/description.txt create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/evaltest.dat create mode 100755 testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/tnc/dummyimc.file create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/tnc/dummyimc.file create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc-block/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/moon/etc/tnc_config create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/test.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/description.txt create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/evaltest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/clients.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/dictionary create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/dictionary.tnc create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/eap.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/proxy.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/radiusd.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/sites-available/default create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel-second create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/users create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/tnc/dummyimc.file create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/tnc/dummyimc.file create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/test.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/description.txt create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/evaltest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/clients.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/dictionary create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/dictionary.tnc create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/eap.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/proxy.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/radiusd.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/sites-available/default create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel-second create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/users create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/tnc/dummyimc.file create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/tnc/dummyimc.file create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc-radius/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ikev2/rw-eap-tnc-radius/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/test.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/description.txt create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/evaltest.dat create mode 100755 testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/tnc/dummyimc.file create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/tnc/dummyimc.file create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/tnc_config create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/test.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc/description.txt create mode 100644 testing/tests/ikev2/rw-eap-tnc/evaltest.dat create mode 100755 testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/tnc/dummyimc.file create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/tnc/dummyimc.file create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/tnc_config create mode 100644 testing/tests/ikev2/rw-eap-tnc/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc/test.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/description.txt create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat create mode 100755 testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/test.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/description.txt create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat create mode 100755 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/test.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/description.txt create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/clients.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/eap.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/proxy.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/radiusd.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/sites-available/default create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/users create mode 100755 testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/test.conf create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/description.txt create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat create mode 100755 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/certs/carolCert.pem create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/private/carolKey.pem create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/certs/moonCert.pem create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/private/moonKey.pem create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/posttest.dat create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/pretest.dat create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/test.conf (limited to 'src/libcharon/processing') diff --git a/Android.mk b/Android.mk index 0a9fc5387..d6c83367f 100644 --- a/Android.mk +++ b/Android.mk @@ -53,7 +53,7 @@ strongswan_CFLAGS := \ -DUSE_VSTR \ -DROUTING_TABLE=0 \ -DROUTING_TABLE_PRIO=220 \ - -DVERSION=\"4.4.1\" \ + -DVERSION=\"4.5.0\" \ -DPLUGINS='"$(strongswan_PLUGINS)"' \ -DIPSEC_DIR=\"/system/bin\" \ -DIPSEC_PIDDIR=\"/data/misc/vpn\" \ diff --git a/ChangeLog b/ChangeLog index 41f530506..5ddeff5f4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,3 @@ A summary of changes is available in the NEWS file. For a more detailed Changelog, use the repository (see HACKING) or the -online interface available at http://trac.strongswan.org. +online interface available at http://git.strongswan.org. diff --git a/Doxyfile.in b/Doxyfile.in index b79c9909d..e7f5b50a4 100644 --- a/Doxyfile.in +++ b/Doxyfile.in @@ -531,6 +531,7 @@ INPUT = @SRC_DIR@/src/libstrongswan \ @SRC_DIR@/src/libhydra \ @SRC_DIR@/src/libcharon \ @SRC_DIR@/src/libsimaka \ + @SRC_DIR@/src/libtls \ @SRC_DIR@/src/libfast \ @SRC_DIR@/src/manager @@ -575,7 +576,7 @@ EXCLUDE_SYMLINKS = NO # against the file with absolute path, so to exclude all test directories # for example use the pattern */test/* -EXCLUDE_PATTERNS = */.svn/* +EXCLUDE_PATTERNS = */.git/* # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names # (namespaces, classes, functions, etc.) that should be excluded from the @@ -699,7 +700,7 @@ VERBATIM_HEADERS = YES # of all compounds will be generated. Enable this if the project # contains a lot of classes, structs, unions or interfaces. -ALPHABETICAL_INDEX = NO +ALPHABETICAL_INDEX = YES # If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then # the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns @@ -843,7 +844,7 @@ TOC_EXPAND = NO # top of each HTML page. The value NO (the default) enables the index and # the value YES disables it. -DISABLE_INDEX = YES +DISABLE_INDEX = NO # This tag can be used to set the number of enum values (range [1..20]) # that doxygen will group on one line in the generated HTML documentation. diff --git a/Makefile.am b/Makefile.am index af0465fee..cba5048b1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,4 +1,4 @@ -SUBDIRS = src testing +SUBDIRS = src man testing if USE_SCRIPTS SUBDIRS += scripts diff --git a/Makefile.in b/Makefile.in index 522683ab1..56c31b104 100644 --- a/Makefile.in +++ b/Makefile.in @@ -48,6 +48,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -72,7 +73,7 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ distdir dist dist-all distcheck ETAGS = etags CTAGS = ctags -DIST_SUBDIRS = src testing scripts +DIST_SUBDIRS = src man testing scripts DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) @@ -174,6 +175,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -205,14 +208,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -227,24 +233,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -252,7 +265,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ @@ -264,7 +280,7 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -SUBDIRS = src testing $(am__append_1) +SUBDIRS = src man testing $(am__append_1) ACLOCAL_AMFLAGS = -I m4/config EXTRA_DIST = Doxyfile.in CREDITS Android.mk.in Android.mk CLEANFILES = Doxyfile diff --git a/NEWS b/NEWS index a5f4a16ff..ed0d18211 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,74 @@ + +strongswan-4.5.0 +---------------- + +- IMPORTANT: the default keyexchange mode 'ike' is changing with release 4.5 + from 'ikev1' to 'ikev2', thus commemorating the five year anniversary of the + IKEv2 RFC 4306 and its mature successor RFC 5996. The time has definitively + come for IKEv1 to go into retirement and to cede its place to the much more + robust, powerful and versatile IKEv2 protocol! + +- Added new ctr, ccm and gcm plugins providing Counter, Counter with CBC-MAC + and Galois/Counter Modes based on existing CBC implementations. These + new plugins bring support for AES and Camellia Counter and CCM algorithms + and the AES GCM algorithms for use in IKEv2. + +- The new pkcs11 plugin brings full Smartcard support to the IKEv2 daemon and + the pki utility using one or more PKCS#11 libraries. It currently supports + RSA private and public key operations and loads X.509 certificates from + tokens. + +- Implemented a general purpose TLS stack based on crypto and credential + primitives of libstrongswan. libtls supports TLS versions 1.0, 1.1 and 1.2, + ECDHE-ECDSA/RSA, DHE-RSA and RSA key exchange algorithms and RSA/ECDSA based + client authentication. + +- Based on libtls, the eap-tls plugin brings certificate based EAP + authentication for client and server. It is compatible to Windows 7 IKEv2 + Smartcard authentication and the OpenSSL based FreeRADIUS EAP-TLS backend. + +- Implemented the TNCCS 1.1 Trusted Network Connect protocol using the + libtnc library on the strongSwan client and server side via the tnccs_11 + plugin and optionally connecting to a TNC@FHH-enhanced FreeRADIUS AAA server. + Depending on the resulting TNC Recommendation, strongSwan clients are granted + access to a network behind a strongSwan gateway (allow), are put into a + remediation zone (isolate) or are blocked (none), respectively. Any number + of Integrity Measurement Collector/Verifier pairs can be attached + via the tnc-imc and tnc-imv charon plugins. + +- The IKEv1 daemon pluto now uses the same kernel interfaces as the IKEv2 + daemon charon. As a result of this, pluto now supports xfrm marks which + were introduced in charon with 4.4.1. + +- Applets for Maemo 5 (Nokia) allow to easily configure and control IKEv2 + based VPN connections with EAP authentication on supported devices. + +- The RADIUS plugin eap-radius now supports multiple RADIUS servers for + redundant setups. Servers are selected by a defined priority, server load and + availability. + +- The simple led plugin controls hardware LEDs through the Linux LED subsystem. + It currently shows activity of the IKE daemon and is a good example how to + implement a simple event listener. + +- Improved MOBIKE behavior in several corner cases, for instance, if the + initial responder moves to a different address. + +- Fixed left-/rightnexthop option, which was broken since 4.4.0. + +- Fixed a bug not releasing a virtual IP address to a pool if the XAUTH + identity was different from the IKE identity. + +- Fixed the alignment of ModeConfig messages on 4-byte boundaries in the + case where the attributes are not a multiple of 4 bytes (e.g. Cisco's + UNITY_BANNER). + +- Fixed the interoperability of the socket_raw and socket_default + charon plugins. + +- Added man page for strongswan.conf + + strongswan-4.4.1 ---------------- @@ -761,7 +832,7 @@ strongswan-4.1.7 - Preview of strongSwan Manager, a web based configuration and monitoring application. It uses a new XML control interface to query the IKEv2 daemon - (see http://trac.strongswan.org/wiki/Manager). + (see http://wiki.strongswan.org/wiki/Manager). - Experimental SQLite configuration backend which will provide the configuration interface for strongSwan Manager in future releases. diff --git a/README b/README index 101e4838c..1d186afd9 100644 --- a/README +++ b/README @@ -81,7 +81,7 @@ Contents strongSwan is an OpenSource IPsec solution for the Linux operating system and currently supports the following features: - * runs both on Linux 2.4 (KLIPS) and Linux 2.6 (native IPsec) kernels. + * runs on Linux 2.6 (native IPsec) kernels. * strong 3DES, AES, Serpent, Twofish, or Blowfish encryption. @@ -2656,9 +2656,6 @@ with the line and can be used when the following prerequisites are fulfilled: - - Linux 2.4.x kernel, KLIPS IPsec stack, and arbitrary iptables version. - Filtering of tunneled traffic is based on ipsecN interfaces. - - Linux 2.6.16 kernel or newer, native NETKEY IPsec stack, and iptables-1.3.5 or newer. Filtering of tunneled traffic is based on IPsec policy matching rules. diff --git a/TODO b/TODO index c398ebab8..6b626e9ff 100644 --- a/TODO +++ b/TODO @@ -5,7 +5,7 @@ This is a TODO list we should keep in mind. A roadmap of the strongSwan project is available online at: - http://trac.strongswan.org/roadmap + http://wiki.strongswan.org/projects/strongswan/roadmap Certificate support ------------------- diff --git a/aclocal.m4 b/aclocal.m4 index 23b7e59ee..9d68d0d80 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -13,14 +13,14 @@ m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl -m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.65],, -[m4_warning([this file was generated for autoconf 2.65. +m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.67],, +[m4_warning([this file was generated for autoconf 2.67. You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically `autoreconf'.])]) -# lib-prefix.m4 serial 5 (gettext-0.15) -dnl Copyright (C) 2001-2005 Free Software Foundation, Inc. +# lib-prefix.m4 serial 7 (gettext-0.18) +dnl Copyright (C) 2001-2005, 2008-2010 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. @@ -174,38 +174,78 @@ AC_DEFUN([AC_LIB_WITH_FINAL_PREFIX], prefix="$acl_save_prefix" ]) -dnl AC_LIB_PREPARE_MULTILIB creates a variable acl_libdirstem, containing -dnl the basename of the libdir, either "lib" or "lib64". +dnl AC_LIB_PREPARE_MULTILIB creates +dnl - a variable acl_libdirstem, containing the basename of the libdir, either +dnl "lib" or "lib64" or "lib/64", +dnl - a variable acl_libdirstem2, as a secondary possible value for +dnl acl_libdirstem, either the same as acl_libdirstem or "lib/sparcv9" or +dnl "lib/amd64". AC_DEFUN([AC_LIB_PREPARE_MULTILIB], [ - dnl There is no formal standard regarding lib and lib64. The current - dnl practice is that on a system supporting 32-bit and 64-bit instruction - dnl sets or ABIs, 64-bit libraries go under $prefix/lib64 and 32-bit - dnl libraries go under $prefix/lib. We determine the compiler's default - dnl mode by looking at the compiler's library search path. If at least - dnl of its elements ends in /lib64 or points to a directory whose absolute - dnl pathname ends in /lib64, we assume a 64-bit ABI. Otherwise we use the - dnl default, namely "lib". + dnl There is no formal standard regarding lib and lib64. + dnl On glibc systems, the current practice is that on a system supporting + dnl 32-bit and 64-bit instruction sets or ABIs, 64-bit libraries go under + dnl $prefix/lib64 and 32-bit libraries go under $prefix/lib. We determine + dnl the compiler's default mode by looking at the compiler's library search + dnl path. If at least one of its elements ends in /lib64 or points to a + dnl directory whose absolute pathname ends in /lib64, we assume a 64-bit ABI. + dnl Otherwise we use the default, namely "lib". + dnl On Solaris systems, the current practice is that on a system supporting + dnl 32-bit and 64-bit instruction sets or ABIs, 64-bit libraries go under + dnl $prefix/lib/64 (which is a symlink to either $prefix/lib/sparcv9 or + dnl $prefix/lib/amd64) and 32-bit libraries go under $prefix/lib. + AC_REQUIRE([AC_CANONICAL_HOST]) acl_libdirstem=lib - searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'` - if test -n "$searchpath"; then - acl_save_IFS="${IFS= }"; IFS=":" - for searchdir in $searchpath; do - if test -d "$searchdir"; then - case "$searchdir" in - */lib64/ | */lib64 ) acl_libdirstem=lib64 ;; - *) searchdir=`cd "$searchdir" && pwd` - case "$searchdir" in - */lib64 ) acl_libdirstem=lib64 ;; - esac ;; + acl_libdirstem2= + case "$host_os" in + solaris*) + dnl See Solaris 10 Software Developer Collection > Solaris 64-bit Developer's Guide > The Development Environment + dnl . + dnl "Portable Makefiles should refer to any library directories using the 64 symbolic link." + dnl But we want to recognize the sparcv9 or amd64 subdirectory also if the + dnl symlink is missing, so we set acl_libdirstem2 too. + AC_CACHE_CHECK([for 64-bit host], [gl_cv_solaris_64bit], + [AC_EGREP_CPP([sixtyfour bits], [ +#ifdef _LP64 +sixtyfour bits +#endif + ], [gl_cv_solaris_64bit=yes], [gl_cv_solaris_64bit=no]) + ]) + if test $gl_cv_solaris_64bit = yes; then + acl_libdirstem=lib/64 + case "$host_cpu" in + sparc*) acl_libdirstem2=lib/sparcv9 ;; + i*86 | x86_64) acl_libdirstem2=lib/amd64 ;; esac fi - done - IFS="$acl_save_IFS" - fi + ;; + *) + searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'` + if test -n "$searchpath"; then + acl_save_IFS="${IFS= }"; IFS=":" + for searchdir in $searchpath; do + if test -d "$searchdir"; then + case "$searchdir" in + */lib64/ | */lib64 ) acl_libdirstem=lib64 ;; + */../ | */.. ) + # Better ignore directories of this form. They are misleading. + ;; + *) searchdir=`cd "$searchdir" && pwd` + case "$searchdir" in + */lib64 ) acl_libdirstem=lib64 ;; + esac ;; + esac + fi + done + IFS="$acl_save_IFS" + fi + ;; + esac + test -n "$acl_libdirstem2" || acl_libdirstem2="$acl_libdirstem" ]) # pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- +# serial 1 (pkg-config-0.24) # # Copyright © 2004 Scott James Remnant . # @@ -233,7 +273,10 @@ AC_DEFUN([AC_LIB_PREPARE_MULTILIB], AC_DEFUN([PKG_PROG_PKG_CONFIG], [m4_pattern_forbid([^_?PKG_[A-Z_]+$]) m4_pattern_allow([^PKG_CONFIG(_PATH)?$]) -AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])dnl +AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility]) +AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path]) +AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path]) + if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) fi @@ -246,7 +289,6 @@ if test -n "$PKG_CONFIG"; then AC_MSG_RESULT([no]) PKG_CONFIG="" fi - fi[]dnl ])# PKG_PROG_PKG_CONFIG @@ -255,34 +297,31 @@ fi[]dnl # Check to see whether a particular set of modules exists. Similar # to PKG_CHECK_MODULES(), but does not set variables or print errors. # -# -# Similar to PKG_CHECK_MODULES, make sure that the first instance of -# this or PKG_CHECK_MODULES is called, or make sure to call -# PKG_CHECK_EXISTS manually +# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) +# only at the first occurence in configure.ac, so if the first place +# it's called might be skipped (such as if it is within an "if", you +# have to call PKG_CHECK_EXISTS manually # -------------------------------------------------------------- AC_DEFUN([PKG_CHECK_EXISTS], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl if test -n "$PKG_CONFIG" && \ AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then - m4_ifval([$2], [$2], [:]) + m4_default([$2], [:]) m4_ifvaln([$3], [else $3])dnl fi]) - # _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) # --------------------------------------------- m4_define([_PKG_CONFIG], -[if test -n "$PKG_CONFIG"; then - if test -n "$$1"; then - pkg_cv_[]$1="$$1" - else - PKG_CHECK_EXISTS([$3], - [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`], - [pkg_failed=yes]) - fi -else - pkg_failed=untried +[if test -n "$$1"; then + pkg_cv_[]$1="$$1" + elif test -n "$PKG_CONFIG"; then + PKG_CHECK_EXISTS([$3], + [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`], + [pkg_failed=yes]) + else + pkg_failed=untried fi[]dnl ])# _PKG_CONFIG @@ -324,16 +363,17 @@ and $1[]_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.]) if test $pkg_failed = yes; then + AC_MSG_RESULT([no]) _PKG_SHORT_ERRORS_SUPPORTED if test $_pkg_short_errors_supported = yes; then - $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "$2"` + $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "$2" 2>&1` else - $1[]_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$2"` + $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors "$2" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD - ifelse([$4], , [AC_MSG_ERROR(dnl + m4_default([$4], [AC_MSG_ERROR( [Package requirements ($2) were not met: $$1_PKG_ERRORS @@ -341,25 +381,24 @@ $$1_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. -_PKG_TEXT -])], - [AC_MSG_RESULT([no]) - $4]) +_PKG_TEXT])dnl + ]) elif test $pkg_failed = untried; then - ifelse([$4], , [AC_MSG_FAILURE(dnl + AC_MSG_RESULT([no]) + m4_default([$4], [AC_MSG_FAILURE( [The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. _PKG_TEXT -To get pkg-config, see .])], - [$4]) +To get pkg-config, see .])dnl + ]) else $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS $1[]_LIBS=$pkg_cv_[]$1[]_LIBS AC_MSG_RESULT([yes]) - ifelse([$3], , :, [$3]) + $3 fi[]dnl ])# PKG_CHECK_MODULES diff --git a/config.guess b/config.guess index e3a2116a7..c2246a4f7 100755 --- a/config.guess +++ b/config.guess @@ -1,10 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 # Free Software Foundation, Inc. -timestamp='2009-06-10' +timestamp='2009-12-30' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -27,16 +27,16 @@ timestamp='2009-06-10' # the same distribution terms that you use for the rest of that program. -# Originally written by Per Bothner . -# Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. +# Originally written by Per Bothner. Please send patches (context +# diff format) to and include a ChangeLog +# entry. # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # -# The plan is that this can be called by configure scripts if you -# don't specify an explicit build system type. +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD me=`echo "$0" | sed -e 's,.*/,,'` @@ -56,8 +56,9 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, -2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free +Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -333,6 +334,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; + i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) + echo i386-pc-auroraux${UNAME_RELEASE} + exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) eval $set_cc_for_build SUN_ARCH="i386" @@ -807,12 +811,12 @@ EOF i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; - *:Interix*:[3456]*) + *:Interix*:*) case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; - EM64T | authenticamd | genuineintel) + authenticamd | genuineintel | EM64T) echo x86_64-unknown-interix${UNAME_RELEASE} exit ;; IA64) @@ -854,6 +858,20 @@ EOF i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep -q ld.so.1 + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ @@ -876,6 +894,17 @@ EOF frv:Linux:*:*) echo frv-unknown-linux-gnu exit ;; + i*86:Linux:*:*) + LIBC=gnu + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #ifdef __dietlibc__ + LIBC=dietlibc + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; @@ -901,39 +930,18 @@ EOF #endif #endif EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^CPU/{ - s: ::g - p - }'`" + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; or32:Linux:*:*) echo or32-unknown-linux-gnu exit ;; - ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu - exit ;; - ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu - exit ;; - alpha:Linux:*:*) - case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in - EV5) UNAME_MACHINE=alphaev5 ;; - EV56) UNAME_MACHINE=alphaev56 ;; - PCA56) UNAME_MACHINE=alphapca56 ;; - PCA57) UNAME_MACHINE=alphapca56 ;; - EV6) UNAME_MACHINE=alphaev6 ;; - EV67) UNAME_MACHINE=alphaev67 ;; - EV68*) UNAME_MACHINE=alphaev68 ;; - esac - objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} - exit ;; padre:Linux:*:*) echo sparc-unknown-linux-gnu exit ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu + exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in @@ -942,8 +950,11 @@ EOF *) echo hppa-unknown-linux-gnu ;; esac exit ;; - parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu + exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux @@ -966,58 +977,6 @@ EOF xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; - i*86:Linux:*:*) - # The BFD linker knows what the default object file format is, so - # first see if it will tell us. cd to the root directory to prevent - # problems with other programs or directories called `ld' in the path. - # Set LC_ALL=C to ensure ld outputs messages in English. - ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ - | sed -ne '/supported targets:/!d - s/[ ][ ]*/ /g - s/.*supported targets: *// - s/ .*// - p'` - case "$ld_supported_targets" in - elf32-i386) - TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" - ;; - esac - # Determine whether the default compiler is a.out or elf - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - #ifdef __ELF__ - # ifdef __GLIBC__ - # if __GLIBC__ >= 2 - LIBC=gnu - # else - LIBC=gnulibc1 - # endif - # else - LIBC=gnulibc1 - # endif - #else - #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) - LIBC=gnu - #else - LIBC=gnuaout - #endif - #endif - #ifdef __dietlibc__ - LIBC=dietlibc - #endif -EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^LIBC/{ - s: ::g - p - }'`" - test x"${LIBC}" != x && { - echo "${UNAME_MACHINE}-pc-linux-${LIBC}" - exit - } - test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } - ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both @@ -1247,6 +1206,16 @@ EOF *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown case $UNAME_PROCESSOR in + i386) + eval $set_cc_for_build + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + UNAME_PROCESSOR="x86_64" + fi + fi ;; unknown) UNAME_PROCESSOR=powerpc ;; esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} diff --git a/config.sub b/config.sub index eb0389a69..c2d125724 100755 --- a/config.sub +++ b/config.sub @@ -1,10 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 # Free Software Foundation, Inc. -timestamp='2009-06-11' +timestamp='2010-01-22' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -32,13 +32,16 @@ timestamp='2009-06-11' # Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. +# diff and a properly formatted GNU ChangeLog entry. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD + # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. @@ -72,8 +75,9 @@ Report bugs and patches to ." version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, -2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free +Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -149,7 +153,7 @@ case $os in -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray) + -apple | -axis | -knuth | -cray | -microblaze) os= basic_machine=$1 ;; @@ -284,6 +288,7 @@ case $basic_machine in | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ + | rx \ | score \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ @@ -291,13 +296,14 @@ case $basic_machine in | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | spu | strongarm \ | tahoe | thumb | tic4x | tic80 | tron \ + | ubicom32 \ | v850 | v850e \ | we32k \ | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ | z8k | z80) basic_machine=$basic_machine-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12) + m6811 | m68hc11 | m6812 | m68hc12 | picochip) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown os=-none @@ -340,7 +346,7 @@ case $basic_machine in | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ @@ -368,15 +374,17 @@ case $basic_machine in | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ - | romp-* | rs6000-* \ + | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tile-* | tilegx-* \ | tron-* \ + | ubicom32-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ @@ -726,6 +734,9 @@ case $basic_machine in basic_machine=ns32k-utek os=-sysv ;; + microblaze) + basic_machine=microblaze-xilinx + ;; mingw32) basic_machine=i386-pc os=-mingw32 @@ -1076,6 +1087,11 @@ case $basic_machine in basic_machine=tic6x-unknown os=-coff ;; + # This must be matched before tile*. + tilegx*) + basic_machine=tilegx-unknown + os=-linux-gnu + ;; tile*) basic_machine=tile-unknown os=-linux-gnu @@ -1247,6 +1263,9 @@ case $os in # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. + -auroraux) + os=-auroraux + ;; -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; @@ -1268,8 +1287,8 @@ case $os in # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ - | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ - | -kopensolaris* \ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ + | -sym* | -kopensolaris* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ @@ -1290,7 +1309,7 @@ case $os in | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1423,6 +1442,8 @@ case $os in -dicos*) os=-dicos ;; + -nacl*) + ;; -none) ;; *) diff --git a/configure b/configure index 64ecd2c57..d823c3045 100755 --- a/configure +++ b/configure @@ -1,11 +1,11 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.65 for strongSwan 4.4.1. +# Generated by GNU Autoconf 2.67 for strongSwan 4.5.0. # # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, -# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. +# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software +# Foundation, Inc. # # # This configure script is free software; the Free Software Foundation @@ -316,7 +316,7 @@ $as_echo X"$as_dir" | test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" - } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p @@ -356,19 +356,19 @@ else fi # as_fn_arith -# as_fn_error ERROR [LINENO LOG_FD] -# --------------------------------- +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the -# script with status $?, using 1 if that was 0. +# script with STATUS, using 1 if that was 0. as_fn_error () { - as_status=$?; test $as_status -eq 0 && as_status=1 - if test "$3"; then - as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3 + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi - $as_echo "$as_me: error: $1" >&2 + $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error @@ -679,7 +679,7 @@ test -n "$DJDIR" || exec 7<&0 &1 # Name of the host. -# hostname on some systems (SVR3.2, Linux) returns a bogus exit status, +# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` @@ -698,8 +698,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='strongSwan' PACKAGE_TARNAME='strongswan' -PACKAGE_VERSION='4.4.1' -PACKAGE_STRING='strongSwan 4.4.1' +PACKAGE_VERSION='4.5.0' +PACKAGE_STRING='strongSwan 4.5.0' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -745,6 +745,8 @@ LTLIBOBJS LIBOBJS MONOLITHIC_FALSE MONOLITHIC_TRUE +USE_TLS_FALSE +USE_TLS_TRUE USE_SIMAKA_FALSE USE_SIMAKA_TRUE USE_VSTR_FALSE @@ -797,6 +799,14 @@ USE_XAUTH_FALSE USE_XAUTH_TRUE USE_RESOLVE_FALSE USE_RESOLVE_TRUE +USE_KERNEL_PFROUTE_FALSE +USE_KERNEL_PFROUTE_TRUE +USE_KERNEL_PFKEY_FALSE +USE_KERNEL_PFKEY_TRUE +USE_KERNEL_NETLINK_FALSE +USE_KERNEL_NETLINK_TRUE +USE_KERNEL_KLIPS_FALSE +USE_KERNEL_KLIPS_TRUE USE_ATTR_SQL_FALSE USE_ATTR_SQL_TRUE USE_ATTR_FALSE @@ -811,16 +821,22 @@ USE_SOCKET_RAW_FALSE USE_SOCKET_RAW_TRUE USE_SOCKET_DEFAULT_FALSE USE_SOCKET_DEFAULT_TRUE -USE_KERNEL_KLIPS_FALSE -USE_KERNEL_KLIPS_TRUE -USE_KERNEL_PFROUTE_FALSE -USE_KERNEL_PFROUTE_TRUE -USE_KERNEL_PFKEY_FALSE -USE_KERNEL_PFKEY_TRUE -USE_KERNEL_NETLINK_FALSE -USE_KERNEL_NETLINK_TRUE +USE_TNCCS_20_FALSE +USE_TNCCS_20_TRUE +USE_TNCCS_11_FALSE +USE_TNCCS_11_TRUE +USE_TNC_IMV_FALSE +USE_TNC_IMV_TRUE +USE_TNC_IMC_FALSE +USE_TNC_IMC_TRUE USE_EAP_RADIUS_FALSE USE_EAP_RADIUS_TRUE +USE_EAP_TNC_FALSE +USE_EAP_TNC_TRUE +USE_EAP_TTLS_FALSE +USE_EAP_TTLS_TRUE +USE_EAP_TLS_FALSE +USE_EAP_TLS_TRUE USE_EAP_MSCHAPV2_FALSE USE_EAP_MSCHAPV2_TRUE USE_EAP_AKA_3GPP2_FALSE @@ -843,6 +859,8 @@ USE_EAP_SIM_FILE_FALSE USE_EAP_SIM_FILE_TRUE USE_EAP_SIM_FALSE USE_EAP_SIM_TRUE +USE_LED_FALSE +USE_LED_TRUE USE_HA_FALSE USE_HA_TRUE USE_LOAD_TESTER_FALSE @@ -857,6 +875,8 @@ USE_SQL_FALSE USE_SQL_TRUE USE_SMP_FALSE USE_SMP_TRUE +USE_MAEMO_FALSE +USE_MAEMO_TRUE USE_ANDROID_FALSE USE_ANDROID_TRUE USE_UCI_FALSE @@ -869,6 +889,14 @@ USE_MEDSRV_FALSE USE_MEDSRV_TRUE USE_STROKE_FALSE USE_STROKE_TRUE +USE_GCM_FALSE +USE_GCM_TRUE +USE_CCM_FALSE +USE_CCM_TRUE +USE_CTR_FALSE +USE_CTR_TRUE +USE_PKCS11_FALSE +USE_PKCS11_TRUE USE_AGENT_FALSE USE_AGENT_TRUE USE_GCRYPT_FALSE @@ -925,11 +953,24 @@ USE_CURL_FALSE USE_CURL_TRUE USE_TEST_VECTORS_FALSE USE_TEST_VECTORS_TRUE +s_plugins +h_plugins +p_plugins +c_plugins +medsrv_plugins +manager_plugins +scripts_plugins +pki_plugins +scepclient_plugins +openac_plugins +pool_plugins pluto_plugins -libhydra_plugins -libstrongswan_plugins +libcharon_plugins nm_LIBS nm_CFLAGS +dbusservicedir +maemo_LIBS +maemo_CFLAGS MYSQLCFLAG MYSQLLIB MYSQLCONFIG @@ -1012,6 +1053,8 @@ strongswan_conf urandom_device random_device default_pkcs11 +PKG_CONFIG_LIBDIR +PKG_CONFIG_PATH PKG_CONFIG am__untar am__tar @@ -1140,7 +1183,14 @@ enable_eap_gtc enable_eap_aka enable_eap_aka_3gpp2 enable_eap_mschapv2 +enable_eap_tls +enable_eap_ttls +enable_eap_tnc enable_eap_radius +enable_tnc_imc +enable_tnc_imv +enable_tnccs_11 +enable_tnccs_20 enable_kernel_netlink enable_kernel_pfkey enable_kernel_pfroute @@ -1173,11 +1223,17 @@ enable_padlock enable_openssl enable_gcrypt enable_agent +enable_pkcs11 +enable_ctr +enable_ccm +enable_gcm enable_addrblock enable_uci enable_android +enable_maemo enable_nm enable_ha +enable_led enable_vstr enable_monolithic enable_dependency_tracking @@ -1193,6 +1249,8 @@ enable_libtool_lock host_alias target_alias PKG_CONFIG +PKG_CONFIG_PATH +PKG_CONFIG_LIBDIR CC CFLAGS LDFLAGS @@ -1205,6 +1263,8 @@ xml_CFLAGS xml_LIBS gtk_CFLAGS gtk_LIBS +maemo_CFLAGS +maemo_LIBS nm_CFLAGS nm_LIBS' @@ -1269,8 +1329,9 @@ do fi case $ac_option in - *=*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; - *) ac_optarg=yes ;; + *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *=) ac_optarg= ;; + *) ac_optarg=yes ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. @@ -1315,7 +1376,7 @@ do ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error "invalid feature name: $ac_useropt" + as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1341,7 +1402,7 @@ do ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error "invalid feature name: $ac_useropt" + as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1545,7 +1606,7 @@ do ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error "invalid package name: $ac_useropt" + as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1561,7 +1622,7 @@ do ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error "invalid package name: $ac_useropt" + as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1591,8 +1652,8 @@ do | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; - -*) as_fn_error "unrecognized option: \`$ac_option' -Try \`$0 --help' for more information." + -*) as_fn_error $? "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information" ;; *=*) @@ -1600,7 +1661,7 @@ Try \`$0 --help' for more information." # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) - as_fn_error "invalid variable name: \`$ac_envvar'" ;; + as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; @@ -1618,13 +1679,13 @@ done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` - as_fn_error "missing argument to $ac_option" + as_fn_error $? "missing argument to $ac_option" fi if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; - fatal) as_fn_error "unrecognized options: $ac_unrecognized_opts" ;; + fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi @@ -1647,7 +1708,7 @@ do [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac - as_fn_error "expected an absolute directory name for --$ac_var: $ac_val" + as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" done # There might be people who depend on the old broken behavior: `$host' @@ -1661,8 +1722,8 @@ target=$target_alias if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe - $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. - If a cross compiler is detected then cross compile mode will be used." >&2 + $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used" >&2 elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi @@ -1677,9 +1738,9 @@ test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || - as_fn_error "working directory cannot be determined" + as_fn_error $? "working directory cannot be determined" test "X$ac_ls_di" = "X$ac_pwd_ls_di" || - as_fn_error "pwd does not report name of working directory" + as_fn_error $? "pwd does not report name of working directory" # Find the source files, if location was not specified. @@ -1718,11 +1779,11 @@ else fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." - as_fn_error "cannot find sources ($ac_unique_file) in $srcdir" + as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( - cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error "$ac_msg" + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then @@ -1748,7 +1809,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures strongSwan 4.4.1 to adapt to many kinds of systems. +\`configure' configures strongSwan 4.5.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1762,7 +1823,7 @@ Configuration: --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit - -q, --quiet, --silent do not print \`checking...' messages + -q, --quiet, --silent do not print \`checking ...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files @@ -1818,7 +1879,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of strongSwan 4.4.1:";; + short | recursive ) echo "Configuration of strongSwan 4.5.0:";; esac cat <<\_ACEOF @@ -1870,7 +1931,7 @@ Optional Features: --enable-lock-profiler enable lock/mutex profiling code. --enable-unit-tests enable unit tests on IKEv2 daemon startup. --enable-load-tester enable load testing plugin for IKEv2 daemon. - --enable-eap-sim enable SIM authenication module for EAP. + --enable-eap-sim enable SIM authentication module for EAP. --enable-eap-sim-file enable EAP-SIM backend based on a triplet file. --enable-eap-simaka-sql enable EAP-SIM/AKA backend based on a triplet/quintuplet SQL database. @@ -1880,13 +1941,20 @@ Optional Features: enable EAP-SIM/AKA reauthentication data storage plugin. --enable-eap-identity enable EAP module providing EAP-Identity helper. - --enable-eap-md5 enable EAP MD5 (CHAP) authenication module. - --enable-eap-gtc enable PAM based EAP GTC authenication module. + --enable-eap-md5 enable EAP MD5 (CHAP) authentication module. + --enable-eap-gtc enable PAM based EAP GTC authentication module. --enable-eap-aka enable EAP AKA authentication module. --enable-eap-aka-3gpp2 enable EAP AKA backend implementing 3GPP2 algorithms in software. Requires libgmp. - --enable-eap-mschapv2 enable EAP MS-CHAPv2 authenication module. - --enable-eap-radius enable RADIUS proxy authenication module. + --enable-eap-mschapv2 enable EAP MS-CHAPv2 authentication module. + --enable-eap-tls enable EAP TLS authentication module. + --enable-eap-ttls enable EAP TTLS authentication module. + --enable-eap-tnc enable EAP TNC trusted network connect module. + --enable-eap-radius enable RADIUS proxy authentication module. + --enable-tnc-imc enable TNC IMC module. + --enable-tnc-imv enable TNC IMV module. + --enable-tnccs-11 enable TNCCS 1.1 protocol module. + --enable-tnccs-20 enable TNCCS 2.0 protocol module. --disable-kernel-netlink disable the netlink kernel interface. --enable-kernel-pfkey enable the PF_KEY kernel interface. @@ -1932,11 +2000,18 @@ Optional Features: --enable-openssl enables the OpenSSL crypto plugin. --enable-gcrypt enables the libgcrypt plugin. --enable-agent enables the ssh-agent signing plugin. + --enable-pkcs11 enables the PKCS11 token support plugin. + --enable-ctr enables the Counter Mode wrapper crypto plugin. + --enable-ccm enables the CCM AEAD wrapper crypto plugin. + --enable-gcm enables the GCM AEAD wrapper crypto plugin. --enable-addrblock enables RFC 3779 address block constraint support. --enable-uci enable OpenWRT UCI configuration plugin. --enable-android enable Android specific plugin. + --enable-maemo enable Maemo specific plugin. --enable-nm enable NetworkManager plugin. --enable-ha enable high availability cluster plugin. + --enable-led enable plugin to control LEDs on IKEv2 activity + using the Linux kernel LED subsystem. --enable-vstr enforce using the Vstr string library to replace glibc-like printf hooks. --enable-monolithic build monolithic version of libstrongswan that @@ -2000,6 +2075,10 @@ Optional Packages: Some influential environment variables: PKG_CONFIG path to pkg-config utility + PKG_CONFIG_PATH + directories to add to pkg-config's search path + PKG_CONFIG_LIBDIR + path overriding pkg-config's built-in search path CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a @@ -2017,6 +2096,9 @@ Some influential environment variables: xml_LIBS linker flags for xml, overriding pkg-config gtk_CFLAGS C compiler flags for gtk, overriding pkg-config gtk_LIBS linker flags for gtk, overriding pkg-config + maemo_CFLAGS + C compiler flags for maemo, overriding pkg-config + maemo_LIBS linker flags for maemo, overriding pkg-config nm_CFLAGS C compiler flags for nm, overriding pkg-config nm_LIBS linker flags for nm, overriding pkg-config @@ -2086,10 +2168,10 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -strongSwan configure 4.4.1 -generated by GNU Autoconf 2.65 +strongSwan configure 4.5.0 +generated by GNU Autoconf 2.67 -Copyright (C) 2009 Free Software Foundation, Inc. +Copyright (C) 2010 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF @@ -2138,6 +2220,43 @@ fi } # ac_fn_c_try_compile +# ac_fn_c_try_cpp LINENO +# ---------------------- +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } > conftest.i && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + as_fn_set_status $ac_retval + +} # ac_fn_c_try_cpp + # ac_fn_c_try_run LINENO # ---------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. Assumes @@ -2180,43 +2299,6 @@ fi } # ac_fn_c_try_run -# ac_fn_c_try_cpp LINENO -# ---------------------- -# Try to preprocess conftest.$ac_ext, and return whether this succeeded. -ac_fn_c_try_cpp () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { { ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - grep -v '^ *+' conftest.err >conftest.er1 - cat conftest.er1 >&5 - mv -f conftest.er1 conftest.err - fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then : - ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=1 -fi - eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} - as_fn_set_status $ac_retval - -} # ac_fn_c_try_cpp - # ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists and can be compiled using the include files in @@ -2226,7 +2308,7 @@ ac_fn_c_check_header_compile () as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } -if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval "test \"\${$3+set}\"" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -2302,7 +2384,7 @@ ac_fn_c_check_func () as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } -if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval "test \"\${$3+set}\"" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -2370,7 +2452,7 @@ ac_fn_c_check_type () as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } -if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval "test \"\${$3+set}\"" = set; then : $as_echo_n "(cached) " >&6 else eval "$3=no" @@ -2423,10 +2505,10 @@ $as_echo "$ac_res" >&6; } ac_fn_c_check_header_mongrel () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : + if eval "test \"\${$3+set}\"" = set; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } -if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval "test \"\${$3+set}\"" = set; then : $as_echo_n "(cached) " >&6 fi eval ac_res=\$$3 @@ -2462,7 +2544,7 @@ if ac_fn_c_try_cpp "$LINENO"; then : else ac_header_preproc=no fi -rm -f conftest.err conftest.$ac_ext +rm -f conftest.err conftest.i conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } @@ -2489,7 +2571,7 @@ $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } -if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval "test \"\${$3+set}\"" = set; then : $as_echo_n "(cached) " >&6 else eval "$3=\$ac_header_compiler" @@ -2511,7 +2593,7 @@ ac_fn_c_check_member () as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 $as_echo_n "checking for $2.$3... " >&6; } -if { as_var=$4; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval "test \"\${$4+set}\"" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -2562,8 +2644,8 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by strongSwan $as_me 4.4.1, which was -generated by GNU Autoconf 2.65. Invocation command line was +It was created by strongSwan $as_me 4.5.0, which was +generated by GNU Autoconf 2.67. Invocation command line was $ $0 $@ @@ -2673,11 +2755,9 @@ trap 'exit_status=$? { echo - cat <<\_ASBOX -## ---------------- ## + $as_echo "## ---------------- ## ## Cache variables. ## -## ---------------- ## -_ASBOX +## ---------------- ##" echo # The following way of writing the cache mishandles newlines in values, ( @@ -2711,11 +2791,9 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; ) echo - cat <<\_ASBOX -## ----------------- ## + $as_echo "## ----------------- ## ## Output variables. ## -## ----------------- ## -_ASBOX +## ----------------- ##" echo for ac_var in $ac_subst_vars do @@ -2728,11 +2806,9 @@ _ASBOX echo if test -n "$ac_subst_files"; then - cat <<\_ASBOX -## ------------------- ## + $as_echo "## ------------------- ## ## File substitutions. ## -## ------------------- ## -_ASBOX +## ------------------- ##" echo for ac_var in $ac_subst_files do @@ -2746,11 +2822,9 @@ _ASBOX fi if test -s confdefs.h; then - cat <<\_ASBOX -## ----------- ## + $as_echo "## ----------- ## ## confdefs.h. ## -## ----------- ## -_ASBOX +## ----------- ##" echo cat confdefs.h echo @@ -2805,7 +2879,12 @@ _ACEOF ac_site_file1=NONE ac_site_file2=NONE if test -n "$CONFIG_SITE"; then - ac_site_file1=$CONFIG_SITE + # We do not want a PATH search for config.site. + case $CONFIG_SITE in #(( + -*) ac_site_file1=./$CONFIG_SITE;; + */*) ac_site_file1=$CONFIG_SITE;; + *) ac_site_file1=./$CONFIG_SITE;; + esac elif test "x$prefix" != xNONE; then ac_site_file1=$prefix/share/config.site ac_site_file2=$prefix/etc/config.site @@ -2820,7 +2899,11 @@ do { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 $as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 - . "$ac_site_file" + . "$ac_site_file" \ + || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "failed to load site script $ac_site_file +See \`config.log' for more details" "$LINENO" 5 ; } fi done @@ -2896,7 +2979,7 @@ if $ac_cache_corrupted; then $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} - as_fn_error "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 + as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## @@ -2913,16 +2996,22 @@ am__api_version='1.11' ac_aux_dir= for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do - for ac_t in install-sh install.sh shtool; do - if test -f "$ac_dir/$ac_t"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/$ac_t -c" - break 2 - fi - done + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f "$ac_dir/install.sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f "$ac_dir/shtool"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi done if test -z "$ac_aux_dir"; then - as_fn_error "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 + as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 fi # These three variables are undocumented and unsupported, @@ -3038,11 +3127,11 @@ am_lf=' ' case `pwd` in *[\\\"\#\$\&\'\`$am_lf]*) - as_fn_error "unsafe absolute working directory name" "$LINENO" 5;; + as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5 ;; esac case $srcdir in *[\\\"\#\$\&\'\`$am_lf\ \ ]*) - as_fn_error "unsafe srcdir value: \`$srcdir'" "$LINENO" 5;; + as_fn_error $? "unsafe srcdir value: \`$srcdir'" "$LINENO" 5 ;; esac # Do `set' in a subshell so we don't clobber the current shell's @@ -3064,7 +3153,7 @@ if ( # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". - as_fn_error "ls -t appears to fail. Make sure there is not a broken + as_fn_error $? "ls -t appears to fail. Make sure there is not a broken alias in your environment" "$LINENO" 5 fi @@ -3074,7 +3163,7 @@ then # Ok. : else - as_fn_error "newly created file is older than distributed files! + as_fn_error $? "newly created file is older than distributed files! Check your system clock" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 @@ -3312,7 +3401,7 @@ done $as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` -if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\"" = set; then : $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF @@ -3320,7 +3409,7 @@ SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF -# GNU make sometimes prints "make[1]: Entering...", which would confuse us. +# GNU make sometimes prints "make[1]: Entering ...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; @@ -3354,7 +3443,7 @@ if test "`cd $srcdir && pwd`" != "`pwd`"; then am__isrc=' -I$(srcdir)' # test to see if srcdir already configured if test -f $srcdir/config.status; then - as_fn_error "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 + as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 fi fi @@ -3370,7 +3459,7 @@ fi # Define the identity of the package. PACKAGE='strongswan' - VERSION='4.4.1' + VERSION='4.5.0' cat >>confdefs.h <<_ACEOF @@ -3494,6 +3583,10 @@ $as_echo "$am_cv_prog_tar_ustar" >&6; } + + + + if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. @@ -3606,7 +3699,6 @@ $as_echo "yes" >&6; } $as_echo "no" >&6; } PKG_CONFIG="" fi - fi @@ -4530,6 +4622,51 @@ else fi +# Check whether --enable-eap-tls was given. +if test "${enable_eap_tls+set}" = set; then : + enableval=$enable_eap_tls; eap_tls_given=true + if test x$enableval = xyes; then + eap_tls=true + else + eap_tls=false + fi +else + eap_tls=false + eap_tls_given=false + +fi + + +# Check whether --enable-eap-ttls was given. +if test "${enable_eap_ttls+set}" = set; then : + enableval=$enable_eap_ttls; eap_ttls_given=true + if test x$enableval = xyes; then + eap_ttls=true + else + eap_ttls=false + fi +else + eap_ttls=false + eap_ttls_given=false + +fi + + +# Check whether --enable-eap-tnc was given. +if test "${enable_eap_tnc+set}" = set; then : + enableval=$enable_eap_tnc; eap_tnc_given=true + if test x$enableval = xyes; then + eap_tnc=true + else + eap_tnc=false + fi +else + eap_tnc=false + eap_tnc_given=false + +fi + + # Check whether --enable-eap-radius was given. if test "${enable_eap_radius+set}" = set; then : enableval=$enable_eap_radius; eap_radius_given=true @@ -4545,6 +4682,66 @@ else fi +# Check whether --enable-tnc-imc was given. +if test "${enable_tnc_imc+set}" = set; then : + enableval=$enable_tnc_imc; tnc_imc_given=true + if test x$enableval = xyes; then + tnc_imc=true + else + tnc_imc=false + fi +else + tnc_imc=false + tnc_imc_given=false + +fi + + +# Check whether --enable-tnc-imv was given. +if test "${enable_tnc_imv+set}" = set; then : + enableval=$enable_tnc_imv; tnc_imv_given=true + if test x$enableval = xyes; then + tnc_imv=true + else + tnc_imv=false + fi +else + tnc_imv=false + tnc_imv_given=false + +fi + + +# Check whether --enable-tnccs-11 was given. +if test "${enable_tnccs_11+set}" = set; then : + enableval=$enable_tnccs_11; tnccs_11_given=true + if test x$enableval = xyes; then + tnccs_11=true + else + tnccs_11=false + fi +else + tnccs_11=false + tnccs_11_given=false + +fi + + +# Check whether --enable-tnccs-20 was given. +if test "${enable_tnccs_20+set}" = set; then : + enableval=$enable_tnccs_20; tnccs_20_given=true + if test x$enableval = xyes; then + tnccs_20=true + else + tnccs_20=false + fi +else + tnccs_20=false + tnccs_20_given=false + +fi + + # Check whether --enable-kernel-netlink was given. if test "${enable_kernel_netlink+set}" = set; then : enableval=$enable_kernel_netlink; kernel_netlink_given=true @@ -5025,6 +5222,66 @@ else fi +# Check whether --enable-pkcs11 was given. +if test "${enable_pkcs11+set}" = set; then : + enableval=$enable_pkcs11; pkcs11_given=true + if test x$enableval = xyes; then + pkcs11=true + else + pkcs11=false + fi +else + pkcs11=false + pkcs11_given=false + +fi + + +# Check whether --enable-ctr was given. +if test "${enable_ctr+set}" = set; then : + enableval=$enable_ctr; ctr_given=true + if test x$enableval = xyes; then + ctr=true + else + ctr=false + fi +else + ctr=false + ctr_given=false + +fi + + +# Check whether --enable-ccm was given. +if test "${enable_ccm+set}" = set; then : + enableval=$enable_ccm; ccm_given=true + if test x$enableval = xyes; then + ccm=true + else + ccm=false + fi +else + ccm=false + ccm_given=false + +fi + + +# Check whether --enable-gcm was given. +if test "${enable_gcm+set}" = set; then : + enableval=$enable_gcm; gcm_given=true + if test x$enableval = xyes; then + gcm=true + else + gcm=false + fi +else + gcm=false + gcm_given=false + +fi + + # Check whether --enable-addrblock was given. if test "${enable_addrblock+set}" = set; then : enableval=$enable_addrblock; addrblock_given=true @@ -5070,6 +5327,21 @@ else fi +# Check whether --enable-maemo was given. +if test "${enable_maemo+set}" = set; then : + enableval=$enable_maemo; maemo_given=true + if test x$enableval = xyes; then + maemo=true + else + maemo=false + fi +else + maemo=false + maemo_given=false + +fi + + # Check whether --enable-nm was given. if test "${enable_nm+set}" = set; then : enableval=$enable_nm; nm_given=true @@ -5100,6 +5372,21 @@ else fi +# Check whether --enable-led was given. +if test "${enable_led+set}" = set; then : + enableval=$enable_led; led_given=true + if test x$enableval = xyes; then + led=true + else + led=false + fi +else + led=false + led_given=false + +fi + + # Check whether --enable-vstr was given. if test "${enable_vstr+set}" = set; then : enableval=$enable_vstr; vstr_given=true @@ -5435,8 +5722,8 @@ fi test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "no acceptable C compiler found in \$PATH -See \`config.log' for more details." "$LINENO" 5; } +as_fn_error $? "no acceptable C compiler found in \$PATH +See \`config.log' for more details" "$LINENO" 5 ; } # Provide some information about the compiler. $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 @@ -5550,9 +5837,8 @@ sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -{ as_fn_set_status 77 -as_fn_error "C compiler cannot create executables -See \`config.log' for more details." "$LINENO" 5; }; } +as_fn_error 77 "C compiler cannot create executables +See \`config.log' for more details" "$LINENO" 5 ; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } @@ -5594,8 +5880,8 @@ done else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "cannot compute suffix of executables: cannot compile and link -See \`config.log' for more details." "$LINENO" 5; } +as_fn_error $? "cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details" "$LINENO" 5 ; } fi rm -f conftest conftest$ac_cv_exeext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 @@ -5652,9 +5938,9 @@ $as_echo "$ac_try_echo"; } >&5 else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "cannot run C compiled programs. +as_fn_error $? "cannot run C compiled programs. If you meant to cross compile, use \`--host'. -See \`config.log' for more details." "$LINENO" 5; } +See \`config.log' for more details" "$LINENO" 5 ; } fi fi fi @@ -5705,8 +5991,8 @@ sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "cannot compute suffix of object files: cannot compile -See \`config.log' for more details." "$LINENO" 5; } +as_fn_error $? "cannot compute suffix of object files: cannot compile +See \`config.log' for more details" "$LINENO" 5 ; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi @@ -6117,7 +6403,7 @@ fi # Make sure we can run config.sub. $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || - as_fn_error "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 + as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 $as_echo_n "checking build system type... " >&6; } @@ -6128,16 +6414,16 @@ else test "x$ac_build_alias" = x && ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` test "x$ac_build_alias" = x && - as_fn_error "cannot guess build type; you must specify one" "$LINENO" 5 + as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || - as_fn_error "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 $as_echo "$ac_cv_build" >&6; } case $ac_cv_build in *-*-*) ;; -*) as_fn_error "invalid value of canonical build" "$LINENO" 5;; +*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5 ;; esac build=$ac_cv_build ac_save_IFS=$IFS; IFS='-' @@ -6162,7 +6448,7 @@ else ac_cv_host=$ac_cv_build else ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || - as_fn_error "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 fi fi @@ -6170,7 +6456,7 @@ fi $as_echo "$ac_cv_host" >&6; } case $ac_cv_host in *-*-*) ;; -*) as_fn_error "invalid value of canonical host" "$LINENO" 5;; +*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5 ;; esac host=$ac_cv_host ac_save_IFS=$IFS; IFS='-' @@ -6187,198 +6473,49 @@ case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac - acl_libdirstem=lib - searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'` - if test -n "$searchpath"; then - acl_save_IFS="${IFS= }"; IFS=":" - for searchdir in $searchpath; do - if test -d "$searchdir"; then - case "$searchdir" in - */lib64/ | */lib64 ) acl_libdirstem=lib64 ;; - *) searchdir=`cd "$searchdir" && pwd` - case "$searchdir" in - */lib64 ) acl_libdirstem=lib64 ;; - esac ;; - esac - fi - done - IFS="$acl_save_IFS" - fi +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +$as_echo_n "checking how to run the C preprocessor... " >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if test "${ac_cv_prog_CPP+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : - - if test "X$prefix" = "XNONE"; then - acl_final_prefix="$ac_default_prefix" - else - acl_final_prefix="$prefix" - fi - if test "X$exec_prefix" = "XNONE"; then - acl_final_exec_prefix='${prefix}' - else - acl_final_exec_prefix="$exec_prefix" - fi - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - eval acl_final_exec_prefix=\"$acl_final_exec_prefix\" - prefix="$acl_save_prefix" - - - - - - - - use_additional=yes - - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - - eval additional_includedir=\"$includedir\" - eval additional_libdir=\"$libdir\" - - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" - - -# Check whether --with-lib-prefix was given. -if test "${with_lib_prefix+set}" = set; then : - withval=$with_lib_prefix; - if test "X$withval" = "Xno"; then - use_additional=no - else - if test "X$withval" = "X"; then - - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - - eval additional_includedir=\"$includedir\" - eval additional_libdir=\"$libdir\" - - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" - - else - additional_includedir="$withval/include" - additional_libdir="$withval/$acl_libdirstem" - fi - fi - -fi - - if test $use_additional = yes; then - if test "X$additional_includedir" != "X/usr/include"; then - haveit= - for x in $CPPFLAGS; do - - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" - - if test "X$x" = "X-I$additional_includedir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - if test "X$additional_includedir" = "X/usr/local/include"; then - if test -n "$GCC"; then - case $host_os in - linux* | gnu* | k*bsd*-gnu) haveit=yes;; - esac - fi - fi - if test -z "$haveit"; then - if test -d "$additional_includedir"; then - CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }-I$additional_includedir" - fi - fi - fi - fi - if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then - haveit= - for x in $LDFLAGS; do - - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" - - if test "X$x" = "X-L$additional_libdir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then - if test -n "$GCC"; then - case $host_os in - linux*) haveit=yes;; - esac - fi - fi - if test -z "$haveit"; then - if test -d "$additional_libdir"; then - LDFLAGS="${LDFLAGS}${LDFLAGS:+ }-L$additional_libdir" - fi - fi - fi - fi - fi - - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 -$as_echo_n "checking how to run the C preprocessor... " >&6; } -# On Suns, sometimes $CPP names a directory. -if test -n "$CPP" && test -d "$CPP"; then - CPP= -fi -if test -z "$CPP"; then - if test "${ac_cv_prog_CPP+set}" = set; then : - $as_echo_n "(cached) " >&6 -else - # Double quotes because CPP needs to be expanded - for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" - do - ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifdef __STDC__ -# include -#else -# include -#endif - Syntax error -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - -else - # Broken: fails on valid input. -continue -fi -rm -f conftest.err conftest.$ac_ext +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. @@ -6394,11 +6531,11 @@ else ac_preproc_ok=: break fi -rm -f conftest.err conftest.$ac_ext +rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.err conftest.$ac_ext +rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : break fi @@ -6437,7 +6574,7 @@ else # Broken: fails on valid input. continue fi -rm -f conftest.err conftest.$ac_ext +rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. @@ -6453,18 +6590,18 @@ else ac_preproc_ok=: break fi -rm -f conftest.err conftest.$ac_ext +rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.err conftest.$ac_ext +rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details." "$LINENO" 5; } +as_fn_error $? "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5 ; } fi ac_ext=c @@ -6525,7 +6662,7 @@ esac done IFS=$as_save_IFS if test -z "$ac_cv_path_GREP"; then - as_fn_error "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_GREP=$GREP @@ -6591,7 +6728,7 @@ esac done IFS=$as_save_IFS if test -z "$ac_cv_path_EGREP"; then - as_fn_error "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_EGREP=$EGREP @@ -6604,79 +6741,272 @@ $as_echo "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 -$as_echo_n "checking for ANSI C header files... " >&6; } -if test "${ac_cv_header_stdc+set}" = set; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#include -#include -int -main () -{ - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_stdc=yes + acl_libdirstem=lib + acl_libdirstem2= + case "$host_os" in + solaris*) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for 64-bit host" >&5 +$as_echo_n "checking for 64-bit host... " >&6; } +if test "${gl_cv_solaris_64bit+set}" = set; then : + $as_echo_n "(cached) " >&6 else - ac_cv_header_stdc=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + +#ifdef _LP64 +sixtyfour bits +#endif _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "memchr" >/dev/null 2>&1; then : - + $EGREP "sixtyfour bits" >/dev/null 2>&1; then : + gl_cv_solaris_64bit=yes else - ac_cv_header_stdc=no + gl_cv_solaris_64bit=no fi rm -f conftest* + fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_solaris_64bit" >&5 +$as_echo "$gl_cv_solaris_64bit" >&6; } + if test $gl_cv_solaris_64bit = yes; then + acl_libdirstem=lib/64 + case "$host_cpu" in + sparc*) acl_libdirstem2=lib/sparcv9 ;; + i*86 | x86_64) acl_libdirstem2=lib/amd64 ;; + esac + fi + ;; + *) + searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'` + if test -n "$searchpath"; then + acl_save_IFS="${IFS= }"; IFS=":" + for searchdir in $searchpath; do + if test -d "$searchdir"; then + case "$searchdir" in + */lib64/ | */lib64 ) acl_libdirstem=lib64 ;; + */../ | */.. ) + # Better ignore directories of this form. They are misleading. + ;; + *) searchdir=`cd "$searchdir" && pwd` + case "$searchdir" in + */lib64 ) acl_libdirstem=lib64 ;; + esac ;; + esac + fi + done + IFS="$acl_save_IFS" + fi + ;; + esac + test -n "$acl_libdirstem2" || acl_libdirstem2="$acl_libdirstem" -if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "free" >/dev/null 2>&1; then : + if test "X$prefix" = "XNONE"; then + acl_final_prefix="$ac_default_prefix" + else + acl_final_prefix="$prefix" + fi + if test "X$exec_prefix" = "XNONE"; then + acl_final_exec_prefix='${prefix}' + else + acl_final_exec_prefix="$exec_prefix" + fi + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + eval acl_final_exec_prefix=\"$acl_final_exec_prefix\" + prefix="$acl_save_prefix" -else - ac_cv_header_stdc=no -fi -rm -f conftest* -fi -if test $ac_cv_header_stdc = yes; then - # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. - if test "$cross_compiling" = yes; then : - : -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#if ((' ' & 0x0FF) == 0x020) -# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) + + + + + use_additional=yes + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + +# Check whether --with-lib-prefix was given. +if test "${with_lib_prefix+set}" = set; then : + withval=$with_lib_prefix; + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + else + additional_includedir="$withval/include" + additional_libdir="$withval/$acl_libdirstem" + fi + fi + +fi + + if test $use_additional = yes; then + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + for x in $CPPFLAGS; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }-I$additional_includedir" + fi + fi + fi + fi + if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then + haveit= + for x in $LDFLAGS; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then + if test -n "$GCC"; then + case $host_os in + linux*) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LDFLAGS="${LDFLAGS}${LDFLAGS:+ }-L$additional_libdir" + fi + fi + fi + fi + fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if test "${ac_cv_header_stdc+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdc=yes +else + ac_cv_header_stdc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ @@ -6723,8 +7053,7 @@ do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default " -eval as_val=\$$as_ac_Header - if test "x$as_val" = x""yes; then : +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF @@ -6954,8 +7283,8 @@ $as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h ;; #( *) - as_fn_error "unknown endianness - presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; + as_fn_error $? "unknown endianness + presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; esac @@ -7043,7 +7372,7 @@ esac done IFS=$as_save_IFS if test -z "$ac_cv_path_SED"; then - as_fn_error "no acceptable sed could be found in \$PATH" "$LINENO" 5 + as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 fi else ac_cv_path_SED=$SED @@ -7122,7 +7451,7 @@ esac done IFS=$as_save_IFS if test -z "$ac_cv_path_FGREP"; then - as_fn_error "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_FGREP=$FGREP @@ -7238,7 +7567,7 @@ else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi -test -z "$LD" && as_fn_error "no acceptable ld found in \$PATH" "$LINENO" 5 +test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 $as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } if test "${lt_cv_prog_gnu_ld+set}" = set; then : @@ -7440,13 +7769,13 @@ if test "${lt_cv_nm_interface+set}" = set; then : else lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext - (eval echo "\"\$as_me:7443: $ac_compile\"" >&5) + (eval echo "\"\$as_me:7772: $ac_compile\"" >&5) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&5 - (eval echo "\"\$as_me:7446: $NM \\\"conftest.$ac_objext\\\"\"" >&5) + (eval echo "\"\$as_me:7775: $NM \\\"conftest.$ac_objext\\\"\"" >&5) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&5 - (eval echo "\"\$as_me:7449: output\"" >&5) + (eval echo "\"\$as_me:7778: output\"" >&5) cat conftest.out >&5 if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" @@ -8651,7 +8980,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 8654 "configure"' > conftest.$ac_ext + echo '#line 8983 "configure"' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -9913,11 +10242,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9916: $lt_compile\"" >&5) + (eval echo "\"\$as_me:10245: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:9920: \$? = $ac_status" >&5 + echo "$as_me:10249: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -10252,11 +10581,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:10255: $lt_compile\"" >&5) + (eval echo "\"\$as_me:10584: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:10259: \$? = $ac_status" >&5 + echo "$as_me:10588: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -10357,11 +10686,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:10360: $lt_compile\"" >&5) + (eval echo "\"\$as_me:10689: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:10364: \$? = $ac_status" >&5 + echo "$as_me:10693: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -10412,11 +10741,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:10415: $lt_compile\"" >&5) + (eval echo "\"\$as_me:10744: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:10419: \$? = $ac_status" >&5 + echo "$as_me:10748: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -12796,7 +13125,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 12799 "configure" +#line 13128 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -12892,7 +13221,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 12895 "configure" +#line 13224 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -13173,7 +13502,7 @@ esac done IFS=$as_save_IFS if test -z "$ac_cv_path_EGREP"; then - as_fn_error "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_EGREP=$EGREP @@ -13313,7 +13642,7 @@ if test -f lex.yy.c; then elif test -f lexyy.c; then ac_cv_prog_lex_root=lexyy else - as_fn_error "cannot find output from $LEX; giving up" "$LINENO" 5 + as_fn_error $? "cannot find output from $LEX; giving up" "$LINENO" 5 fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_root" >&5 @@ -13534,7 +13863,7 @@ if test -n "$ipsecuid"; then $as_echo "$ipsecuid" >&6; } else - as_fn_error "not found" "$LINENO" 5 + as_fn_error $? "not found" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gid of group \"$ipsecgroup\"" >&5 $as_echo_n "checking for gid of group \"$ipsecgroup\"... " >&6; } @@ -13544,7 +13873,7 @@ if test -n "$ipsecgid"; then $as_echo "$ipsecgid" >&6; } else - as_fn_error "not found" "$LINENO" 5 + as_fn_error $? "not found" "$LINENO" 5 fi @@ -13562,6 +13891,10 @@ if test x$eap_sim = xtrue; then simaka=true; fi +if test x$eap_tls = xtrue -o x$eap_ttls = xtrue; then + tls=true; +fi + if test x$fips_prf = xtrue; then if test x$openssl = xfalse; then sha1=true; @@ -13834,8 +14167,7 @@ if test $ac_cv_os_cray = yes; then for ac_func in _getb67 GETB67 getb67; do as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -eval as_val=\$$as_ac_var - if test "x$as_val" = x""yes; then : +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define CRAY_STACKSEG_END $ac_func @@ -14414,8 +14746,7 @@ for ac_header in net/pfkeyv2.h netipsec/ipsec.h netinet6/ipsec.h linux/udp.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -eval as_val=\$$as_ac_Header - if test "x$as_val" = x""yes; then : +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF @@ -14672,7 +15003,7 @@ $as_echo "$ac_cv_lib_vstr_main" >&6; } if test "x$ac_cv_lib_vstr_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "Vstr string library not found" "$LINENO" 5 + as_fn_error $? "Vstr string library not found" "$LINENO" 5 fi ac_cv_lib_vstr=ac_cv_lib_vstr_main @@ -14720,7 +15051,7 @@ _ACEOF LIBS="-lgmp $LIBS" else - as_fn_error "GNU Multi Precision library gmp not found" "$LINENO" 5 + as_fn_error $? "GNU Multi Precision library gmp not found" "$LINENO" 5 fi ac_cv_lib_gmp=ac_cv_lib_gmp_main @@ -14777,7 +15108,7 @@ if ac_fn_c_try_compile "$LINENO"; then : $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; }; as_fn_error "No usable gmp.h found!" "$LINENO" 5 +$as_echo "no" >&6; }; as_fn_error $? "No usable gmp.h found!" "$LINENO" 5 fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext @@ -14817,7 +15148,7 @@ $as_echo "$ac_cv_lib_ldap_main" >&6; } if test "x$ac_cv_lib_ldap_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "LDAP library ldap not found" "$LINENO" 5 + as_fn_error $? "LDAP library ldap not found" "$LINENO" 5 fi ac_cv_lib_ldap=ac_cv_lib_ldap_main @@ -14854,7 +15185,7 @@ $as_echo "$ac_cv_lib_lber_main" >&6; } if test "x$ac_cv_lib_lber_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "LDAP library lber not found" "$LINENO" 5 + as_fn_error $? "LDAP library lber not found" "$LINENO" 5 fi ac_cv_lib_lber=ac_cv_lib_lber_main @@ -14862,7 +15193,7 @@ ac_cv_lib_lber=ac_cv_lib_lber_main if test "x$ac_cv_header_ldap_h" = x""yes; then : else - as_fn_error "LDAP header ldap.h not found!" "$LINENO" 5 + as_fn_error $? "LDAP header ldap.h not found!" "$LINENO" 5 fi @@ -14902,7 +15233,7 @@ $as_echo "$ac_cv_lib_curl_main" >&6; } if test "x$ac_cv_lib_curl_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "CURL library curl not found" "$LINENO" 5 + as_fn_error $? "CURL library curl not found" "$LINENO" 5 fi ac_cv_lib_curl=ac_cv_lib_curl_main @@ -14910,7 +15241,7 @@ ac_cv_lib_curl=ac_cv_lib_curl_main if test "x$ac_cv_header_curl_curl_h" = x""yes; then : else - as_fn_error "CURL header curl/curl.h not found!" "$LINENO" 5 + as_fn_error $? "CURL header curl/curl.h not found!" "$LINENO" 5 fi @@ -14922,11 +15253,10 @@ pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for xml" >&5 $as_echo_n "checking for xml... " >&6; } -if test -n "$PKG_CONFIG"; then - if test -n "$xml_CFLAGS"; then - pkg_cv_xml_CFLAGS="$xml_CFLAGS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$xml_CFLAGS"; then + pkg_cv_xml_CFLAGS="$xml_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libxml-2.0\""; } >&5 ($PKG_CONFIG --exists --print-errors "libxml-2.0") 2>&5 ac_status=$? @@ -14936,15 +15266,13 @@ if test -n "$PKG_CONFIG"; then else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi -if test -n "$PKG_CONFIG"; then - if test -n "$xml_LIBS"; then - pkg_cv_xml_LIBS="$xml_LIBS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$xml_LIBS"; then + pkg_cv_xml_LIBS="$xml_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libxml-2.0\""; } >&5 ($PKG_CONFIG --exists --print-errors "libxml-2.0") 2>&5 ac_status=$? @@ -14954,14 +15282,15 @@ if test -n "$PKG_CONFIG"; then else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes @@ -14969,14 +15298,14 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - xml_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "libxml-2.0"` + xml_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "libxml-2.0" 2>&1` else - xml_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "libxml-2.0"` + xml_PKG_ERRORS=`$PKG_CONFIG --print-errors "libxml-2.0" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$xml_PKG_ERRORS" >&5 - as_fn_error "Package requirements (libxml-2.0) were not met: + as_fn_error $? "Package requirements (libxml-2.0) were not met: $xml_PKG_ERRORS @@ -14985,12 +15314,13 @@ installed software in a non-standard prefix. Alternatively, you may set the environment variables xml_CFLAGS and xml_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details. -" "$LINENO" 5 +See the pkg-config man page for more details." "$LINENO" 5 elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "The pkg-config script could not be found or is too old. Make sure it +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -14999,13 +15329,13 @@ and xml_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details." "$LINENO" 5; } +See \`config.log' for more details" "$LINENO" 5 ; } else xml_CFLAGS=$pkg_cv_xml_CFLAGS xml_LIBS=$pkg_cv_xml_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - : + fi @@ -15017,11 +15347,10 @@ pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gtk" >&5 $as_echo_n "checking for gtk... " >&6; } -if test -n "$PKG_CONFIG"; then - if test -n "$gtk_CFLAGS"; then - pkg_cv_gtk_CFLAGS="$gtk_CFLAGS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$gtk_CFLAGS"; then + pkg_cv_gtk_CFLAGS="$gtk_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gtk+-2.0 vte\""; } >&5 ($PKG_CONFIG --exists --print-errors "gtk+-2.0 vte") 2>&5 ac_status=$? @@ -15031,15 +15360,13 @@ if test -n "$PKG_CONFIG"; then else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi -if test -n "$PKG_CONFIG"; then - if test -n "$gtk_LIBS"; then - pkg_cv_gtk_LIBS="$gtk_LIBS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$gtk_LIBS"; then + pkg_cv_gtk_LIBS="$gtk_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gtk+-2.0 vte\""; } >&5 ($PKG_CONFIG --exists --print-errors "gtk+-2.0 vte") 2>&5 ac_status=$? @@ -15049,14 +15376,15 @@ if test -n "$PKG_CONFIG"; then else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes @@ -15064,14 +15392,14 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - gtk_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "gtk+-2.0 vte"` + gtk_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "gtk+-2.0 vte" 2>&1` else - gtk_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "gtk+-2.0 vte"` + gtk_PKG_ERRORS=`$PKG_CONFIG --print-errors "gtk+-2.0 vte" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$gtk_PKG_ERRORS" >&5 - as_fn_error "Package requirements (gtk+-2.0 vte) were not met: + as_fn_error $? "Package requirements (gtk+-2.0 vte) were not met: $gtk_PKG_ERRORS @@ -15080,12 +15408,13 @@ installed software in a non-standard prefix. Alternatively, you may set the environment variables gtk_CFLAGS and gtk_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details. -" "$LINENO" 5 +See the pkg-config man page for more details." "$LINENO" 5 elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "The pkg-config script could not be found or is too old. Make sure it +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -15094,13 +15423,13 @@ and gtk_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details." "$LINENO" 5; } +See \`config.log' for more details" "$LINENO" 5 ; } else gtk_CFLAGS=$pkg_cv_gtk_CFLAGS gtk_LIBS=$pkg_cv_gtk_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - : + fi @@ -15162,14 +15491,14 @@ $as_echo "$i" >&6; } fi done if test x"$RUBYINCLUDE" = xnone; then - as_fn_error "ruby.h not found" "$LINENO" 5 + as_fn_error $? "ruby.h not found" "$LINENO" 5 fi else - as_fn_error "unable to determine ruby configuration" "$LINENO" 5 + as_fn_error $? "unable to determine ruby configuration" "$LINENO" 5 fi else - as_fn_error "don't know how to run ruby" "$LINENO" 5 + as_fn_error $? "don't know how to run ruby" "$LINENO" 5 fi fi @@ -15207,7 +15536,7 @@ $as_echo "$ac_cv_lib_neo_cgi_main" >&6; } if test "x$ac_cv_lib_neo_cgi_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "ClearSilver library neo_cgi not found!" "$LINENO" 5 + as_fn_error $? "ClearSilver library neo_cgi not found!" "$LINENO" 5 fi ac_cv_lib_neo_cgi=ac_cv_lib_neo_cgi_main @@ -15244,7 +15573,7 @@ $as_echo "$ac_cv_lib_neo_utl_main" >&6; } if test "x$ac_cv_lib_neo_utl_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "ClearSilver library neo_utl not found!" "$LINENO" 5 + as_fn_error $? "ClearSilver library neo_utl not found!" "$LINENO" 5 fi ac_cv_lib_neo_utl=ac_cv_lib_neo_utl_main @@ -15281,7 +15610,7 @@ $as_echo "$ac_cv_lib_z_main" >&6; } if test "x$ac_cv_lib_z_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "ClearSilver dependency zlib not found!" "$LINENO" 5 + as_fn_error $? "ClearSilver dependency zlib not found!" "$LINENO" 5 fi ac_cv_lib_z=ac_cv_lib_z_main @@ -15319,7 +15648,7 @@ $as_echo "$ac_cv_lib_fcgi_main" >&6; } if test "x$ac_cv_lib_fcgi_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "FastCGI library fcgi not found!" "$LINENO" 5 + as_fn_error $? "FastCGI library fcgi not found!" "$LINENO" 5 fi ac_cv_lib_fcgi=ac_cv_lib_fcgi_main @@ -15327,7 +15656,7 @@ ac_cv_lib_fcgi=ac_cv_lib_fcgi_main if test "x$ac_cv_header_fcgiapp_h" = x""yes; then : else - as_fn_error "FastCGI header file fcgiapp.h not found!" "$LINENO" 5 + as_fn_error $? "FastCGI header file fcgiapp.h not found!" "$LINENO" 5 fi @@ -15376,7 +15705,7 @@ fi if test x$MYSQLCONFIG = x; then - as_fn_error "mysql_config not found!" "$LINENO" 5 + as_fn_error $? "mysql_config not found!" "$LINENO" 5 fi MYSQLLIB=`$MYSQLCONFIG --libs_r` @@ -15418,7 +15747,7 @@ $as_echo "$ac_cv_lib_sqlite3_main" >&6; } if test "x$ac_cv_lib_sqlite3_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "SQLite library sqlite3 not found" "$LINENO" 5 + as_fn_error $? "SQLite library sqlite3 not found" "$LINENO" 5 fi ac_cv_lib_sqlite3=ac_cv_lib_sqlite3_main @@ -15426,7 +15755,7 @@ ac_cv_lib_sqlite3=ac_cv_lib_sqlite3_main if test "x$ac_cv_header_sqlite3_h" = x""yes; then : else - as_fn_error "SQLite header sqlite3.h not found!" "$LINENO" 5 + as_fn_error $? "SQLite header sqlite3.h not found!" "$LINENO" 5 fi @@ -15478,7 +15807,7 @@ if ac_fn_c_try_compile "$LINENO"; then : $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; }; as_fn_error "SQLite version >= 3.3.1 required!" "$LINENO" 5 +$as_echo "no" >&6; }; as_fn_error $? "SQLite version >= 3.3.1 required!" "$LINENO" 5 fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi @@ -15517,7 +15846,7 @@ $as_echo "$ac_cv_lib_crypto_main" >&6; } if test "x$ac_cv_lib_crypto_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "OpenSSL crypto library not found" "$LINENO" 5 + as_fn_error $? "OpenSSL crypto library not found" "$LINENO" 5 fi ac_cv_lib_crypto=ac_cv_lib_crypto_main @@ -15525,7 +15854,7 @@ ac_cv_lib_crypto=ac_cv_lib_crypto_main if test "x$ac_cv_header_openssl_evp_h" = x""yes; then : else - as_fn_error "OpenSSL header openssl/evp.h not found!" "$LINENO" 5 + as_fn_error $? "OpenSSL header openssl/evp.h not found!" "$LINENO" 5 fi @@ -15565,7 +15894,7 @@ $as_echo "$ac_cv_lib_gcrypt_main" >&6; } if test "x$ac_cv_lib_gcrypt_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "gcrypt library not found" "$LINENO" 5 + as_fn_error $? "gcrypt library not found" "$LINENO" 5 fi ac_cv_lib_gcrypt=ac_cv_lib_gcrypt_main @@ -15573,7 +15902,7 @@ ac_cv_lib_gcrypt=ac_cv_lib_gcrypt_main if test "x$ac_cv_header_gcrypt_h" = x""yes; then : else - as_fn_error "gcrypt header gcrypt.h not found!" "$LINENO" 5 + as_fn_error $? "gcrypt header gcrypt.h not found!" "$LINENO" 5 fi @@ -15602,6 +15931,17 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi +if test x$tnccs_11 = xtrue -o x$tnc_imc = xtrue -o x$tnc_imv = xtrue; then + ac_fn_c_check_header_mongrel "$LINENO" "libtnc.h" "ac_cv_header_libtnc_h" "$ac_includes_default" +if test "x$ac_cv_header_libtnc_h" = x""yes; then : + +else + as_fn_error $? "libtnc header libtnc.h not found!" "$LINENO" 5 +fi + + +fi + if test x$uci = xtrue; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -luci" >&5 $as_echo_n "checking for main in -luci... " >&6; } @@ -15636,7 +15976,7 @@ $as_echo "$ac_cv_lib_uci_main" >&6; } if test "x$ac_cv_lib_uci_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "UCI library libuci not found" "$LINENO" 5 + as_fn_error $? "UCI library libuci not found" "$LINENO" 5 fi ac_cv_lib_uci=ac_cv_lib_uci_main @@ -15644,7 +15984,7 @@ ac_cv_lib_uci=ac_cv_lib_uci_main if test "x$ac_cv_header_uci_h" = x""yes; then : else - as_fn_error "UCI header uci.h not found!" "$LINENO" 5 + as_fn_error $? "UCI header uci.h not found!" "$LINENO" 5 fi @@ -15684,7 +16024,7 @@ $as_echo "$ac_cv_lib_cutils_main" >&6; } if test "x$ac_cv_lib_cutils_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "Android library libcutils not found" "$LINENO" 5 + as_fn_error $? "Android library libcutils not found" "$LINENO" 5 fi ac_cv_lib_cutils=ac_cv_lib_cutils_main @@ -15692,7 +16032,7 @@ ac_cv_lib_cutils=ac_cv_lib_cutils_main if test "x$ac_cv_header_cutils_properties_h" = x""yes; then : else - as_fn_error "Android header cutils/properties.h not found!" "$LINENO" 5 + as_fn_error $? "Android header cutils/properties.h not found!" "$LINENO" 5 fi @@ -15700,58 +16040,50 @@ fi fi -if test x$nm = xtrue; then - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnm-glib\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libnm-glib") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then +if test x$maemo = xtrue; then pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for nm" >&5 -$as_echo_n "checking for nm... " >&6; } - -if test -n "$PKG_CONFIG"; then - if test -n "$nm_CFLAGS"; then - pkg_cv_nm_CFLAGS="$nm_CFLAGS" - else - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn\""; } >&5 - ($PKG_CONFIG --exists --print-errors "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn") 2>&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for maemo" >&5 +$as_echo_n "checking for maemo... " >&6; } + +if test -n "$maemo_CFLAGS"; then + pkg_cv_maemo_CFLAGS="$maemo_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"glib-2.0 gthread-2.0 libosso osso-af-settings\""; } >&5 + ($PKG_CONFIG --exists --print-errors "glib-2.0 gthread-2.0 libosso osso-af-settings") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_nm_CFLAGS=`$PKG_CONFIG --cflags "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn" 2>/dev/null` + pkg_cv_maemo_CFLAGS=`$PKG_CONFIG --cflags "glib-2.0 gthread-2.0 libosso osso-af-settings" 2>/dev/null` else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi -if test -n "$PKG_CONFIG"; then - if test -n "$nm_LIBS"; then - pkg_cv_nm_LIBS="$nm_LIBS" - else - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn\""; } >&5 - ($PKG_CONFIG --exists --print-errors "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn") 2>&5 +if test -n "$maemo_LIBS"; then + pkg_cv_maemo_LIBS="$maemo_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"glib-2.0 gthread-2.0 libosso osso-af-settings\""; } >&5 + ($PKG_CONFIG --exists --print-errors "glib-2.0 gthread-2.0 libosso osso-af-settings") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_nm_LIBS=`$PKG_CONFIG --libs "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn" 2>/dev/null` + pkg_cv_maemo_LIBS=`$PKG_CONFIG --libs "glib-2.0 gthread-2.0 libosso osso-af-settings" 2>/dev/null` else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes @@ -15759,43 +16091,146 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - nm_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn"` + maemo_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "glib-2.0 gthread-2.0 libosso osso-af-settings" 2>&1` else - nm_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn"` + maemo_PKG_ERRORS=`$PKG_CONFIG --print-errors "glib-2.0 gthread-2.0 libosso osso-af-settings" 2>&1` fi # Put the nasty error message in config.log where it belongs - echo "$nm_PKG_ERRORS" >&5 + echo "$maemo_PKG_ERRORS" >&5 - as_fn_error "Package requirements (NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn) were not met: + as_fn_error $? "Package requirements (glib-2.0 gthread-2.0 libosso osso-af-settings) were not met: -$nm_PKG_ERRORS +$maemo_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. -Alternatively, you may set the environment variables nm_CFLAGS -and nm_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details. -" "$LINENO" 5 +Alternatively, you may set the environment variables maemo_CFLAGS +and maemo_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "The pkg-config script could not be found or is too old. Make sure it +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. -Alternatively, you may set the environment variables nm_CFLAGS -and nm_LIBS to avoid the need to call pkg-config. +Alternatively, you may set the environment variables maemo_CFLAGS +and maemo_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details." "$LINENO" 5; } +See \`config.log' for more details" "$LINENO" 5 ; } else - nm_CFLAGS=$pkg_cv_nm_CFLAGS - nm_LIBS=$pkg_cv_nm_LIBS + maemo_CFLAGS=$pkg_cv_maemo_CFLAGS + maemo_LIBS=$pkg_cv_maemo_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - : + +fi + + + dbusservicedir="/usr/share/dbus-1/system-services" + +fi + +if test x$nm = xtrue; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnm-glib\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libnm-glib") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for nm" >&5 +$as_echo_n "checking for nm... " >&6; } + +if test -n "$nm_CFLAGS"; then + pkg_cv_nm_CFLAGS="$nm_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn\""; } >&5 + ($PKG_CONFIG --exists --print-errors "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_nm_CFLAGS=`$PKG_CONFIG --cflags "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn" 2>/dev/null` +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$nm_LIBS"; then + pkg_cv_nm_LIBS="$nm_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn\""; } >&5 + ($PKG_CONFIG --exists --print-errors "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_nm_LIBS=`$PKG_CONFIG --libs "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn" 2>/dev/null` +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + nm_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn" 2>&1` + else + nm_PKG_ERRORS=`$PKG_CONFIG --print-errors "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$nm_PKG_ERRORS" >&5 + + as_fn_error $? "Package requirements (NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn) were not met: + +$nm_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables nm_CFLAGS +and nm_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables nm_CFLAGS +and nm_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see . +See \`config.log' for more details" "$LINENO" 5 ; } +else + nm_CFLAGS=$pkg_cv_nm_CFLAGS + nm_LIBS=$pkg_cv_nm_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + fi else @@ -15803,11 +16238,10 @@ pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nm" >&5 $as_echo_n "checking for nm... " >&6; } -if test -n "$PKG_CONFIG"; then - if test -n "$nm_CFLAGS"; then - pkg_cv_nm_CFLAGS="$nm_CFLAGS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$nm_CFLAGS"; then + pkg_cv_nm_CFLAGS="$nm_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn\""; } >&5 ($PKG_CONFIG --exists --print-errors "NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn") 2>&5 ac_status=$? @@ -15817,15 +16251,13 @@ if test -n "$PKG_CONFIG"; then else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi -if test -n "$PKG_CONFIG"; then - if test -n "$nm_LIBS"; then - pkg_cv_nm_LIBS="$nm_LIBS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$nm_LIBS"; then + pkg_cv_nm_LIBS="$nm_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn\""; } >&5 ($PKG_CONFIG --exists --print-errors "NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn") 2>&5 ac_status=$? @@ -15835,14 +16267,15 @@ if test -n "$PKG_CONFIG"; then else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes @@ -15850,14 +16283,14 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - nm_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn"` + nm_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn" 2>&1` else - nm_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn"` + nm_PKG_ERRORS=`$PKG_CONFIG --print-errors "NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$nm_PKG_ERRORS" >&5 - as_fn_error "Package requirements (NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn) were not met: + as_fn_error $? "Package requirements (NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn) were not met: $nm_PKG_ERRORS @@ -15866,12 +16299,13 @@ installed software in a non-standard prefix. Alternatively, you may set the environment variables nm_CFLAGS and nm_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details. -" "$LINENO" 5 +See the pkg-config man page for more details." "$LINENO" 5 elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "The pkg-config script could not be found or is too old. Make sure it +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -15880,13 +16314,13 @@ and nm_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details." "$LINENO" 5; } +See \`config.log' for more details" "$LINENO" 5 ; } else nm_CFLAGS=$pkg_cv_nm_CFLAGS nm_LIBS=$pkg_cv_nm_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - : + fi fi @@ -15928,7 +16362,7 @@ $as_echo "$ac_cv_lib_pam_main" >&6; } if test "x$ac_cv_lib_pam_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "PAM library not found" "$LINENO" 5 + as_fn_error $? "PAM library not found" "$LINENO" 5 fi ac_cv_lib_pam=ac_cv_lib_pam_main @@ -15936,7 +16370,7 @@ ac_cv_lib_pam=ac_cv_lib_pam_main if test "x$ac_cv_header_security_pam_appl_h" = x""yes; then : else - as_fn_error "PAM header security/pam_appl.h not found!" "$LINENO" 5 + as_fn_error $? "PAM header security/pam_appl.h not found!" "$LINENO" 5 fi @@ -15961,7 +16395,7 @@ done if test "x$ac_cv_func_capset" = x""yes; then : else - as_fn_error "capset() not found!" "$LINENO" 5 + as_fn_error $? "capset() not found!" "$LINENO" 5 fi $as_echo "#define CAPABILITIES_NATIVE 1" >>confdefs.h @@ -16002,197 +16436,695 @@ $as_echo "$ac_cv_lib_cap_main" >&6; } if test "x$ac_cv_lib_cap_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "libcap library not found" "$LINENO" 5 + as_fn_error $? "libcap library not found" "$LINENO" 5 fi ac_cv_lib_cap=ac_cv_lib_cap_main - ac_fn_c_check_header_mongrel "$LINENO" "sys/capability.h" "ac_cv_header_sys_capability_h" "$ac_includes_default" -if test "x$ac_cv_header_sys_capability_h" = x""yes; then : - $as_echo "#define HAVE_SYS_CAPABILITY_H 1" >>confdefs.h + ac_fn_c_check_header_mongrel "$LINENO" "sys/capability.h" "ac_cv_header_sys_capability_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_capability_h" = x""yes; then : + $as_echo "#define HAVE_SYS_CAPABILITY_H 1" >>confdefs.h + +else + as_fn_error $? "libcap header sys/capability.h not found!" "$LINENO" 5 +fi + + + $as_echo "#define CAPABILITIES_LIBCAP 1" >>confdefs.h + +fi + +if test x$integrity_test = xtrue; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dladdr()" >&5 +$as_echo_n "checking for dladdr()... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _GNU_SOURCE + #include +int +main () +{ +Dl_info info; dladdr(main, &info); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; }; + as_fn_error $? "dladdr() not supported, required by integrity-test!" "$LINENO" 5 + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dl_iterate_phdr()" >&5 +$as_echo_n "checking for dl_iterate_phdr()... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _GNU_SOURCE + #include +int +main () +{ +dl_iterate_phdr((void*)0, (void*)0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; }; + as_fn_error $? "dl_iterate_phdr() not supported, required by integrity-test!" "$LINENO" 5 + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + + +# ADD_PLUGIN(plugin, category list) +# ----------------------------------- +# Append the plugin name $1 to the category list variable $2_plugin + + + +# plugin lists for all components +libcharon_plugins= +pluto_plugins= +pool_plugins= +openac_plugins= +scepclient_plugins= +pki_plugins= +scripts_plugins= +manager_plugins= +medsrv_plugins= + +# location specific lists for checksumming, +# for src/libcharon, src/pluto, src/libhydra and src/libstrongswan +c_plugins= +p_plugins= +h_plugins= +s_plugins= + +if test x$test_vectors = xtrue; then + s_plugins=${s_plugins}" test-vectors" + libcharon_plugins=${libcharon_plugins}" test-vectors" + pluto_plugins=${pluto_plugins}" test-vectors" + openac_plugins=${openac_plugins}" test-vectors" + scepclient_plugins=${scepclient_plugins}" test-vectors" + pki_plugins=${pki_plugins}" test-vectors" + + fi + +if test x$curl = xtrue; then + s_plugins=${s_plugins}" curl" + libcharon_plugins=${libcharon_plugins}" curl" + pluto_plugins=${pluto_plugins}" curl" + scepclient_plugins=${scepclient_plugins}" curl" + + fi + +if test x$ldap = xtrue; then + s_plugins=${s_plugins}" ldap" + libcharon_plugins=${libcharon_plugins}" ldap" + pluto_plugins=${pluto_plugins}" ldap" + scepclient_plugins=${scepclient_plugins}" ldap" + + fi + +if test x$mysql = xtrue; then + s_plugins=${s_plugins}" mysql" + libcharon_plugins=${libcharon_plugins}" mysql" + pluto_plugins=${pluto_plugins}" mysql" + pool_plugins=${pool_plugins}" mysql" + manager_plugins=${manager_plugins}" mysql" + medsrv_plugins=${medsrv_plugins}" mysql" + + fi + +if test x$sqlite = xtrue; then + s_plugins=${s_plugins}" sqlite" + libcharon_plugins=${libcharon_plugins}" sqlite" + pluto_plugins=${pluto_plugins}" sqlite" + pool_plugins=${pool_plugins}" sqlite" + manager_plugins=${manager_plugins}" sqlite" + medsrv_plugins=${medsrv_plugins}" sqlite" + + fi + +if test x$aes = xtrue; then + s_plugins=${s_plugins}" aes" + libcharon_plugins=${libcharon_plugins}" aes" + pluto_plugins=${pluto_plugins}" aes" + openac_plugins=${openac_plugins}" aes" + scepclient_plugins=${scepclient_plugins}" aes" + pki_plugins=${pki_plugins}" aes" + scripts_plugins=${scripts_plugins}" aes" + + fi + +if test x$des = xtrue; then + s_plugins=${s_plugins}" des" + libcharon_plugins=${libcharon_plugins}" des" + pluto_plugins=${pluto_plugins}" des" + openac_plugins=${openac_plugins}" des" + scepclient_plugins=${scepclient_plugins}" des" + pki_plugins=${pki_plugins}" des" + scripts_plugins=${scripts_plugins}" des" + + fi + +if test x$blowfish = xtrue; then + s_plugins=${s_plugins}" blowfish" + libcharon_plugins=${libcharon_plugins}" blowfish" + pluto_plugins=${pluto_plugins}" blowfish" + openac_plugins=${openac_plugins}" blowfish" + scepclient_plugins=${scepclient_plugins}" blowfish" + pki_plugins=${pki_plugins}" blowfish" + scripts_plugins=${scripts_plugins}" blowfish" + + fi + +if test x$sha1 = xtrue; then + s_plugins=${s_plugins}" sha1" + libcharon_plugins=${libcharon_plugins}" sha1" + pluto_plugins=${pluto_plugins}" sha1" + openac_plugins=${openac_plugins}" sha1" + scepclient_plugins=${scepclient_plugins}" sha1" + pki_plugins=${pki_plugins}" sha1" + scripts_plugins=${scripts_plugins}" sha1" + medsrv_plugins=${medsrv_plugins}" sha1" + + fi + +if test x$sha2 = xtrue; then + s_plugins=${s_plugins}" sha2" + libcharon_plugins=${libcharon_plugins}" sha2" + pluto_plugins=${pluto_plugins}" sha2" + openac_plugins=${openac_plugins}" sha2" + scepclient_plugins=${scepclient_plugins}" sha2" + pki_plugins=${pki_plugins}" sha2" + scripts_plugins=${scripts_plugins}" sha2" + medsrv_plugins=${medsrv_plugins}" sha2" + + fi + +if test x$md4 = xtrue; then + s_plugins=${s_plugins}" md4" + libcharon_plugins=${libcharon_plugins}" md4" + openac_plugins=${openac_plugins}" md4" + manager_plugins=${manager_plugins}" md4" + scepclient_plugins=${scepclient_plugins}" md4" + pki_plugins=${pki_plugins}" md4" + + fi + +if test x$md5 = xtrue; then + s_plugins=${s_plugins}" md5" + libcharon_plugins=${libcharon_plugins}" md5" + pluto_plugins=${pluto_plugins}" md5" + openac_plugins=${openac_plugins}" md5" + scepclient_plugins=${scepclient_plugins}" md5" + pki_plugins=${pki_plugins}" md5" + + fi + +if test x$random = xtrue; then + s_plugins=${s_plugins}" random" + libcharon_plugins=${libcharon_plugins}" random" + pluto_plugins=${pluto_plugins}" random" + openac_plugins=${openac_plugins}" random" + scepclient_plugins=${scepclient_plugins}" random" + pki_plugins=${pki_plugins}" random" + scripts_plugins=${scripts_plugins}" random" + medsrv_plugins=${medsrv_plugins}" random" + + fi + +if test x$x509 = xtrue; then + s_plugins=${s_plugins}" x509" + libcharon_plugins=${libcharon_plugins}" x509" + pluto_plugins=${pluto_plugins}" x509" + openac_plugins=${openac_plugins}" x509" + scepclient_plugins=${scepclient_plugins}" x509" + pki_plugins=${pki_plugins}" x509" + scripts_plugins=${scripts_plugins}" x509" + + fi + +if test x$revocation = xtrue; then + s_plugins=${s_plugins}" revocation" + libcharon_plugins=${libcharon_plugins}" revocation" + + fi + +if test x$pubkey = xtrue; then + s_plugins=${s_plugins}" pubkey" + libcharon_plugins=${libcharon_plugins}" pubkey" + + fi + +if test x$pkcs1 = xtrue; then + s_plugins=${s_plugins}" pkcs1" + libcharon_plugins=${libcharon_plugins}" pkcs1" + pluto_plugins=${pluto_plugins}" pkcs1" + openac_plugins=${openac_plugins}" pkcs1" + scepclient_plugins=${scepclient_plugins}" pkcs1" + pki_plugins=${pki_plugins}" pkcs1" + scripts_plugins=${scripts_plugins}" pkcs1" + manager_plugins=${manager_plugins}" pkcs1" + medsrv_plugins=${medsrv_plugins}" pkcs1" + + fi + +if test x$pgp = xtrue; then + s_plugins=${s_plugins}" pgp" + libcharon_plugins=${libcharon_plugins}" pgp" + pluto_plugins=${pluto_plugins}" pgp" + + fi + +if test x$dnskey = xtrue; then + s_plugins=${s_plugins}" dnskey" + pluto_plugins=${pluto_plugins}" dnskey" + + fi + +if test x$pem = xtrue; then + s_plugins=${s_plugins}" pem" + libcharon_plugins=${libcharon_plugins}" pem" + pluto_plugins=${pluto_plugins}" pem" + openac_plugins=${openac_plugins}" pem" + scepclient_plugins=${scepclient_plugins}" pem" + pki_plugins=${pki_plugins}" pem" + scripts_plugins=${scripts_plugins}" pem" + manager_plugins=${manager_plugins}" pem" + medsrv_plugins=${medsrv_plugins}" pem" + + fi + +if test x$padlock = xtrue; then + s_plugins=${s_plugins}" padlock" + libcharon_plugins=${libcharon_plugins}" padlock" + + fi + +if test x$openssl = xtrue; then + s_plugins=${s_plugins}" openssl" + libcharon_plugins=${libcharon_plugins}" openssl" + pluto_plugins=${pluto_plugins}" openssl" + openac_plugins=${openac_plugins}" openssl" + scepclient_plugins=${scepclient_plugins}" openssl" + pki_plugins=${pki_plugins}" openssl" + scripts_plugins=${scripts_plugins}" openssl" + manager_plugins=${manager_plugins}" openssl" + medsrv_plugins=${medsrv_plugins}" openssl" + + fi + +if test x$gcrypt = xtrue; then + s_plugins=${s_plugins}" gcrypt" + libcharon_plugins=${libcharon_plugins}" gcrypt" + pluto_plugins=${pluto_plugins}" gcrypt" + openac_plugins=${openac_plugins}" gcrypt" + scepclient_plugins=${scepclient_plugins}" gcrypt" + pki_plugins=${pki_plugins}" gcrypt" + scripts_plugins=${scripts_plugins}" gcrypt" + manager_plugins=${manager_plugins}" gcrypt" + medsrv_plugins=${medsrv_plugins}" gcrypt" + + fi + +if test x$fips_prf = xtrue; then + s_plugins=${s_plugins}" fips-prf" + libcharon_plugins=${libcharon_plugins}" fips-prf" + + fi + +if test x$gmp = xtrue; then + s_plugins=${s_plugins}" gmp" + libcharon_plugins=${libcharon_plugins}" gmp" + pluto_plugins=${pluto_plugins}" gmp" + openac_plugins=${openac_plugins}" gmp" + scepclient_plugins=${scepclient_plugins}" gmp" + pki_plugins=${pki_plugins}" gmp" + scripts_plugins=${scripts_plugins}" gmp" + manager_plugins=${manager_plugins}" gmp" + medsrv_plugins=${medsrv_plugins}" gmp" + + fi + +if test x$agent = xtrue; then + s_plugins=${s_plugins}" agent" + libcharon_plugins=${libcharon_plugins}" agent" + + fi + +if test x$pkcs11 = xtrue; then + s_plugins=${s_plugins}" pkcs11" + libcharon_plugins=${libcharon_plugins}" pkcs11" + pki_plugins=${pki_plugins}" pkcs11" + + fi + +if test x$xcbc = xtrue; then + s_plugins=${s_plugins}" xcbc" + libcharon_plugins=${libcharon_plugins}" xcbc" + + fi + +if test x$hmac = xtrue; then + s_plugins=${s_plugins}" hmac" + libcharon_plugins=${libcharon_plugins}" hmac" + pluto_plugins=${pluto_plugins}" hmac" + scripts_plugins=${scripts_plugins}" hmac" + + fi + +if test x$ctr = xtrue; then + s_plugins=${s_plugins}" ctr" + libcharon_plugins=${libcharon_plugins}" ctr" + scripts_plugins=${scripts_plugins}" ctr" + + fi + +if test x$ccm = xtrue; then + s_plugins=${s_plugins}" ccm" + libcharon_plugins=${libcharon_plugins}" ccm" + scripts_plugins=${scripts_plugins}" ccm" + + fi + +if test x$gcm = xtrue; then + s_plugins=${s_plugins}" gcm" + libcharon_plugins=${libcharon_plugins}" gcm" + scripts_plugins=${scripts_plugins}" gcm" + + fi + +if test x$xauth = xtrue; then + p_plugins=${p_plugins}" xauth" + pluto_plugins=${pluto_plugins}" xauth" + + fi + +if test x$attr = xtrue; then + h_plugins=${h_plugins}" attr" + libcharon_plugins=${libcharon_plugins}" attr" + pluto_plugins=${pluto_plugins}" attr" + + fi + +if test x$attr_sql = xtrue; then + h_plugins=${h_plugins}" attr-sql" + libcharon_plugins=${libcharon_plugins}" attr-sql" + pluto_plugins=${pluto_plugins}" attr-sql" + + fi + +if test x$kernel_pfkey = xtrue; then + h_plugins=${h_plugins}" kernel-pfkey" + libcharon_plugins=${libcharon_plugins}" kernel-pfkey" + pluto_plugins=${pluto_plugins}" kernel-pfkey" + + fi + +if test x$kernel_pfroute = xtrue; then + h_plugins=${h_plugins}" kernel-pfroute" + libcharon_plugins=${libcharon_plugins}" kernel-pfroute" + pluto_plugins=${pluto_plugins}" kernel-pfroute" + + fi + +if test x$kernel_klips = xtrue; then + h_plugins=${h_plugins}" kernel-klips" + libcharon_plugins=${libcharon_plugins}" kernel-klips" + pluto_plugins=${pluto_plugins}" kernel-klips" + + fi + +if test x$kernel_netlink = xtrue; then + h_plugins=${h_plugins}" kernel-netlink" + libcharon_plugins=${libcharon_plugins}" kernel-netlink" + pluto_plugins=${pluto_plugins}" kernel-netlink" + + fi + +if test x$resolve = xtrue; then + h_plugins=${h_plugins}" resolve" + libcharon_plugins=${libcharon_plugins}" resolve" + pluto_plugins=${pluto_plugins}" resolve" + + fi + +if test x$load_tester = xtrue; then + c_plugins=${c_plugins}" load-tester" + libcharon_plugins=${libcharon_plugins}" load-tester" + + fi + +if test x$socket_default = xtrue; then + c_plugins=${c_plugins}" socket-default" + libcharon_plugins=${libcharon_plugins}" socket-default" + + fi + +if test x$socket_raw = xtrue; then + c_plugins=${c_plugins}" socket-raw" + libcharon_plugins=${libcharon_plugins}" socket-raw" + + fi + +if test x$socket_dynamic = xtrue; then + c_plugins=${c_plugins}" socket-dynamic" + libcharon_plugins=${libcharon_plugins}" socket-dynamic" + + fi + +if test x$farp = xtrue; then + c_plugins=${c_plugins}" farp" + libcharon_plugins=${libcharon_plugins}" farp" + + fi + +if test x$stroke = xtrue; then + c_plugins=${c_plugins}" stroke" + libcharon_plugins=${libcharon_plugins}" stroke" + + fi + +if test x$smp = xtrue; then + c_plugins=${c_plugins}" smp" + libcharon_plugins=${libcharon_plugins}" smp" + + fi + +if test x$sql = xtrue; then + c_plugins=${c_plugins}" sql" + libcharon_plugins=${libcharon_plugins}" sql" + + fi + +if test x$updown = xtrue; then + c_plugins=${c_plugins}" updown" + libcharon_plugins=${libcharon_plugins}" updown" + + fi + +if test x$eap_identity = xtrue; then + c_plugins=${c_plugins}" eap-identity" + libcharon_plugins=${libcharon_plugins}" eap-identity" + + fi + +if test x$eap_sim = xtrue; then + c_plugins=${c_plugins}" eap-sim" + libcharon_plugins=${libcharon_plugins}" eap-sim" + + fi + +if test x$eap_sim_file = xtrue; then + c_plugins=${c_plugins}" eap-sim-file" + libcharon_plugins=${libcharon_plugins}" eap-sim-file" + + fi + +if test x$eap_simaka_sql = xtrue; then + c_plugins=${c_plugins}" eap-simaka-sql" + libcharon_plugins=${libcharon_plugins}" eap-simaka-sql" + + fi + +if test x$eap_simaka_pseudonym = xtrue; then + c_plugins=${c_plugins}" eap-simaka-pseudonym" + libcharon_plugins=${libcharon_plugins}" eap-simaka-pseudonym" + + fi + +if test x$eap_simaka_reauth = xtrue; then + c_plugins=${c_plugins}" eap-simaka-reauth" + libcharon_plugins=${libcharon_plugins}" eap-simaka-reauth" + + fi + +if test x$eap_aka = xtrue; then + c_plugins=${c_plugins}" eap-aka" + libcharon_plugins=${libcharon_plugins}" eap-aka" + + fi + +if test x$eap_aka_3gpp2 = xtrue; then + c_plugins=${c_plugins}" eap-aka-3gpp2" + libcharon_plugins=${libcharon_plugins}" eap-aka-3gpp2" + + fi + +if test x$eap_md5 = xtrue; then + c_plugins=${c_plugins}" eap-md5" + libcharon_plugins=${libcharon_plugins}" eap-md5" + + fi + +if test x$eap_gtc = xtrue; then + c_plugins=${c_plugins}" eap-gtc" + libcharon_plugins=${libcharon_plugins}" eap-gtc" + + fi + +if test x$eap_mschapv2 = xtrue; then + c_plugins=${c_plugins}" eap-mschapv2" + libcharon_plugins=${libcharon_plugins}" eap-mschapv2" + + fi + +if test x$eap_radius = xtrue; then + c_plugins=${c_plugins}" eap-radius" + libcharon_plugins=${libcharon_plugins}" eap-radius" + + fi + +if test x$eap_tls = xtrue; then + c_plugins=${c_plugins}" eap-tls" + libcharon_plugins=${libcharon_plugins}" eap-tls" + + fi + +if test x$eap_ttls = xtrue; then + c_plugins=${c_plugins}" eap-ttls" + libcharon_plugins=${libcharon_plugins}" eap-ttls" + + fi + +if test x$eap_tnc = xtrue; then + c_plugins=${c_plugins}" eap-tnc" + libcharon_plugins=${libcharon_plugins}" eap-tnc" + + fi + +if test x$tnc_imc = xtrue; then + c_plugins=${c_plugins}" tnc-imc" + libcharon_plugins=${libcharon_plugins}" tnc-imc" + + fi + +if test x$tnc_imv = xtrue; then + c_plugins=${c_plugins}" tnc-imv" + libcharon_plugins=${libcharon_plugins}" tnc-imv" + + fi + +if test x$tnccs_11 = xtrue; then + c_plugins=${c_plugins}" tnccs-11" + libcharon_plugins=${libcharon_plugins}" tnccs-11" + + fi + +if test x$tnccs_20 = xtrue; then + c_plugins=${c_plugins}" tnccs-20" + libcharon_plugins=${libcharon_plugins}" tnccs-20" + + fi + +if test x$medsrv = xtrue; then + c_plugins=${c_plugins}" medsrv" + libcharon_plugins=${libcharon_plugins}" medsrv" + + fi + +if test x$medcli = xtrue; then + c_plugins=${c_plugins}" medcli" + libcharon_plugins=${libcharon_plugins}" medcli" + + fi + +if test x$nm = xtrue; then + c_plugins=${c_plugins}" nm" + libcharon_plugins=${libcharon_plugins}" nm" + + fi + +if test x$dhcp = xtrue; then + c_plugins=${c_plugins}" dhcp" + libcharon_plugins=${libcharon_plugins}" dhcp" + + fi + +if test x$android = xtrue; then + c_plugins=${c_plugins}" android" + libcharon_plugins=${libcharon_plugins}" android" + + fi + +if test x$ha = xtrue; then + c_plugins=${c_plugins}" ha" + libcharon_plugins=${libcharon_plugins}" ha" + + fi + +if test x$led = xtrue; then + c_plugins=${c_plugins}" led" + libcharon_plugins=${libcharon_plugins}" led" + + fi + +if test x$maemo = xtrue; then + c_plugins=${c_plugins}" maemo" + libcharon_plugins=${libcharon_plugins}" maemo" + + fi + +if test x$uci = xtrue; then + c_plugins=${c_plugins}" uci" + libcharon_plugins=${libcharon_plugins}" uci" + + fi + +if test x$addrblock = xtrue; then + c_plugins=${c_plugins}" addrblock" + libcharon_plugins=${libcharon_plugins}" addrblock" + + fi + +if test x$unit_tester = xtrue; then + c_plugins=${c_plugins}" unit-tester" + libcharon_plugins=${libcharon_plugins}" unit-tester" + + fi + + -else - as_fn_error "libcap header sys/capability.h not found!" "$LINENO" 5 -fi - $as_echo "#define CAPABILITIES_LIBCAP 1" >>confdefs.h -fi -if test x$integrity_test = xtrue; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dladdr()" >&5 -$as_echo_n "checking for dladdr()... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#define _GNU_SOURCE - #include -int -main () -{ -Dl_info info; dladdr(main, &info); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; }; - as_fn_error "dladdr() not supported, required by integrity-test!" "$LINENO" 5 -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dl_iterate_phdr()" >&5 -$as_echo_n "checking for dl_iterate_phdr()... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#define _GNU_SOURCE - #include -int -main () -{ -dl_iterate_phdr((void*)0, (void*)0); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; }; - as_fn_error "dl_iterate_phdr() not supported, required by integrity-test!" "$LINENO" 5 -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -libstrongswan_plugins= -libhydra_plugins= -pluto_plugins= -if test x$test_vectors = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" test-vectors" - pluto_plugins=${pluto_plugins}" test-vectors" -fi -if test x$curl = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" curl" - pluto_plugins=${pluto_plugins}" curl" -fi -if test x$ldap = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" ldap" - pluto_plugins=${pluto_plugins}" ldap" -fi -if test x$aes = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" aes" - pluto_plugins=${pluto_plugins}" aes" -fi -if test x$des = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" des" - pluto_plugins=${pluto_plugins}" des" -fi -if test x$blowfish = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" blowfish" - pluto_plugins=${pluto_plugins}" blowfish" -fi -if test x$sha1 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" sha1" - pluto_plugins=${pluto_plugins}" sha1" -fi -if test x$sha2 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" sha2" - pluto_plugins=${pluto_plugins}" sha2" -fi -if test x$md4 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" md4" -fi -if test x$md5 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" md5" - pluto_plugins=${pluto_plugins}" md5" -fi -if test x$random = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" random" - pluto_plugins=${pluto_plugins}" random" -fi -if test x$x509 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" x509" - pluto_plugins=${pluto_plugins}" x509" -fi -if test x$revocation = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" revocation" -fi -if test x$pubkey = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" pubkey" - pluto_plugins=${pluto_plugins}" pubkey" -fi -if test x$pkcs1 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" pkcs1" - pluto_plugins=${pluto_plugins}" pkcs1" -fi -if test x$pgp = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" pgp" - pluto_plugins=${pluto_plugins}" pgp" -fi -if test x$dnskey = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" dnskey" - pluto_plugins=${pluto_plugins}" dnskey" -fi -if test x$pem = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" pem" - pluto_plugins=${pluto_plugins}" pem" -fi -if test x$mysql = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" mysql" - pluto_plugins=${pluto_plugins}" mysql" -fi -if test x$sqlite = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" sqlite" - pluto_plugins=${pluto_plugins}" sqlite" -fi -if test x$padlock = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" padlock" -fi -if test x$openssl = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" openssl" - pluto_plugins=${pluto_plugins}" openssl" -fi -if test x$gcrypt = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" gcrypt" - pluto_plugins=${pluto_plugins}" gcrypt" -fi -if test x$fips_prf = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" fips-prf" -fi -if test x$xcbc = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" xcbc" -fi -if test x$hmac = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" hmac" - pluto_plugins=${pluto_plugins}" hmac" -fi -if test x$agent = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" agent" -fi -if test x$gmp = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" gmp" - pluto_plugins=${pluto_plugins}" gmp" -fi -if test x$xauth = xtrue; then - pluto_plugins=${pluto_plugins}" xauth" -fi -if test x$attr = xtrue; then - libhydra_plugins=${libhydra_plugins}" attr" -fi -if test x$attr_sql = xtrue -o x$sql = xtrue; then - libhydra_plugins=${libhydra_plugins}" attr-sql" -fi -if test x$resolve = xtrue; then - libhydra_plugins=${libhydra_plugins}" resolve" -fi @@ -16423,6 +17355,38 @@ else USE_AGENT_FALSE= fi + if test x$pkcs11 = xtrue; then + USE_PKCS11_TRUE= + USE_PKCS11_FALSE='#' +else + USE_PKCS11_TRUE='#' + USE_PKCS11_FALSE= +fi + + if test x$ctr = xtrue; then + USE_CTR_TRUE= + USE_CTR_FALSE='#' +else + USE_CTR_TRUE='#' + USE_CTR_FALSE= +fi + + if test x$ccm = xtrue; then + USE_CCM_TRUE= + USE_CCM_FALSE='#' +else + USE_CCM_TRUE='#' + USE_CCM_FALSE= +fi + + if test x$gcm = xtrue; then + USE_GCM_TRUE= + USE_GCM_FALSE='#' +else + USE_GCM_TRUE='#' + USE_GCM_FALSE= +fi + if test x$stroke = xtrue; then USE_STROKE_TRUE= @@ -16472,6 +17436,14 @@ else USE_ANDROID_FALSE= fi + if test x$maemo = xtrue; then + USE_MAEMO_TRUE= + USE_MAEMO_FALSE='#' +else + USE_MAEMO_TRUE='#' + USE_MAEMO_FALSE= +fi + if test x$smp = xtrue; then USE_SMP_TRUE= USE_SMP_FALSE='#' @@ -16528,6 +17500,14 @@ else USE_HA_FALSE= fi + if test x$led = xtrue; then + USE_LED_TRUE= + USE_LED_FALSE='#' +else + USE_LED_TRUE='#' + USE_LED_FALSE= +fi + if test x$eap_sim = xtrue; then USE_EAP_SIM_TRUE= USE_EAP_SIM_FALSE='#' @@ -16616,6 +17596,30 @@ else USE_EAP_MSCHAPV2_FALSE= fi + if test x$eap_tls = xtrue; then + USE_EAP_TLS_TRUE= + USE_EAP_TLS_FALSE='#' +else + USE_EAP_TLS_TRUE='#' + USE_EAP_TLS_FALSE= +fi + + if test x$eap_ttls = xtrue; then + USE_EAP_TTLS_TRUE= + USE_EAP_TTLS_FALSE='#' +else + USE_EAP_TTLS_TRUE='#' + USE_EAP_TTLS_FALSE= +fi + + if test x$eap_tnc = xtrue; then + USE_EAP_TNC_TRUE= + USE_EAP_TNC_FALSE='#' +else + USE_EAP_TNC_TRUE='#' + USE_EAP_TNC_FALSE= +fi + if test x$eap_radius = xtrue; then USE_EAP_RADIUS_TRUE= USE_EAP_RADIUS_FALSE='#' @@ -16624,36 +17628,36 @@ else USE_EAP_RADIUS_FALSE= fi - if test x$kernel_netlink = xtrue; then - USE_KERNEL_NETLINK_TRUE= - USE_KERNEL_NETLINK_FALSE='#' + if test x$tnc_imc = xtrue; then + USE_TNC_IMC_TRUE= + USE_TNC_IMC_FALSE='#' else - USE_KERNEL_NETLINK_TRUE='#' - USE_KERNEL_NETLINK_FALSE= + USE_TNC_IMC_TRUE='#' + USE_TNC_IMC_FALSE= fi - if test x$kernel_pfkey = xtrue; then - USE_KERNEL_PFKEY_TRUE= - USE_KERNEL_PFKEY_FALSE='#' + if test x$tnc_imv = xtrue; then + USE_TNC_IMV_TRUE= + USE_TNC_IMV_FALSE='#' else - USE_KERNEL_PFKEY_TRUE='#' - USE_KERNEL_PFKEY_FALSE= + USE_TNC_IMV_TRUE='#' + USE_TNC_IMV_FALSE= fi - if test x$kernel_pfroute = xtrue; then - USE_KERNEL_PFROUTE_TRUE= - USE_KERNEL_PFROUTE_FALSE='#' + if test x$tnccs_11 = xtrue; then + USE_TNCCS_11_TRUE= + USE_TNCCS_11_FALSE='#' else - USE_KERNEL_PFROUTE_TRUE='#' - USE_KERNEL_PFROUTE_FALSE= + USE_TNCCS_11_TRUE='#' + USE_TNCCS_11_FALSE= fi - if test x$kernel_klips = xtrue; then - USE_KERNEL_KLIPS_TRUE= - USE_KERNEL_KLIPS_FALSE='#' + if test x$tnccs_20 = xtrue; then + USE_TNCCS_20_TRUE= + USE_TNCCS_20_FALSE='#' else - USE_KERNEL_KLIPS_TRUE='#' - USE_KERNEL_KLIPS_FALSE= + USE_TNCCS_20_TRUE='#' + USE_TNCCS_20_FALSE= fi if test x$socket_default = xtrue; then @@ -16713,6 +17717,38 @@ else USE_ATTR_SQL_FALSE= fi + if test x$kernel_klips = xtrue; then + USE_KERNEL_KLIPS_TRUE= + USE_KERNEL_KLIPS_FALSE='#' +else + USE_KERNEL_KLIPS_TRUE='#' + USE_KERNEL_KLIPS_FALSE= +fi + + if test x$kernel_netlink = xtrue; then + USE_KERNEL_NETLINK_TRUE= + USE_KERNEL_NETLINK_FALSE='#' +else + USE_KERNEL_NETLINK_TRUE='#' + USE_KERNEL_NETLINK_FALSE= +fi + + if test x$kernel_pfkey = xtrue; then + USE_KERNEL_PFKEY_TRUE= + USE_KERNEL_PFKEY_FALSE='#' +else + USE_KERNEL_PFKEY_TRUE='#' + USE_KERNEL_PFKEY_FALSE= +fi + + if test x$kernel_pfroute = xtrue; then + USE_KERNEL_PFROUTE_TRUE= + USE_KERNEL_PFROUTE_FALSE='#' +else + USE_KERNEL_PFROUTE_TRUE='#' + USE_KERNEL_PFROUTE_FALSE= +fi + if test x$resolve = xtrue; then USE_RESOLVE_TRUE= USE_RESOLVE_FALSE='#' @@ -16923,6 +17959,14 @@ else USE_SIMAKA_FALSE= fi + if test x$tls = xtrue; then + USE_TLS_TRUE= + USE_TLS_FALSE='#' +else + USE_TLS_TRUE='#' + USE_TLS_FALSE= +fi + if test x$monolithic = xtrue; then MONOLITHIC_TRUE= MONOLITHIC_FALSE='#' @@ -16948,7 +17992,7 @@ fi -ac_config_files="$ac_config_files Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libhydra/Makefile src/libhydra/plugins/attr/Makefile src/libhydra/plugins/attr_sql/Makefile src/libhydra/plugins/resolve/Makefile src/libfreeswan/Makefile src/libsimaka/Makefile src/pluto/Makefile src/pluto/plugins/xauth/Makefile src/whack/Makefile src/charon/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_klips/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_raw/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/nm/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/android/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/unit_tester/Makefile src/libcharon/plugins/load_tester/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/_updown/Makefile src/_updown_espmark/Makefile src/_copyright/Makefile src/openac/Makefile src/scepclient/Makefile src/pki/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile scripts/Makefile testing/Makefile" +ac_config_files="$ac_config_files Makefile man/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libhydra/Makefile src/libhydra/plugins/attr/Makefile src/libhydra/plugins/attr_sql/Makefile src/libhydra/plugins/kernel_klips/Makefile src/libhydra/plugins/kernel_netlink/Makefile src/libhydra/plugins/kernel_pfkey/Makefile src/libhydra/plugins/kernel_pfroute/Makefile src/libhydra/plugins/resolve/Makefile src/libfreeswan/Makefile src/libsimaka/Makefile src/libtls/Makefile src/pluto/Makefile src/pluto/plugins/xauth/Makefile src/whack/Makefile src/charon/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/tnc_imc/Makefile src/libcharon/plugins/tnc_imv/Makefile src/libcharon/plugins/tnccs_11/Makefile src/libcharon/plugins/tnccs_20/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_raw/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/nm/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/android/Makefile src/libcharon/plugins/maemo/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/unit_tester/Makefile src/libcharon/plugins/load_tester/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/_updown/Makefile src/_updown_espmark/Makefile src/_copyright/Makefile src/openac/Makefile src/scepclient/Makefile src/pki/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile scripts/Makefile testing/Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -17069,6 +18113,7 @@ DEFS=`sed -n "$ac_script" confdefs.h` ac_libobjs= ac_ltlibobjs= +U= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' @@ -17092,376 +18137,432 @@ else fi if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then - as_fn_error "conditional \"AMDEP\" was never defined. + as_fn_error $? "conditional \"AMDEP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then - as_fn_error "conditional \"am__fastdepCC\" was never defined. + as_fn_error $? "conditional \"am__fastdepCC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_TEST_VECTORS_TRUE}" && test -z "${USE_TEST_VECTORS_FALSE}"; then - as_fn_error "conditional \"USE_TEST_VECTORS\" was never defined. + as_fn_error $? "conditional \"USE_TEST_VECTORS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_CURL_TRUE}" && test -z "${USE_CURL_FALSE}"; then - as_fn_error "conditional \"USE_CURL\" was never defined. + as_fn_error $? "conditional \"USE_CURL\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_LDAP_TRUE}" && test -z "${USE_LDAP_FALSE}"; then - as_fn_error "conditional \"USE_LDAP\" was never defined. + as_fn_error $? "conditional \"USE_LDAP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_AES_TRUE}" && test -z "${USE_AES_FALSE}"; then - as_fn_error "conditional \"USE_AES\" was never defined. + as_fn_error $? "conditional \"USE_AES\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_DES_TRUE}" && test -z "${USE_DES_FALSE}"; then - as_fn_error "conditional \"USE_DES\" was never defined. + as_fn_error $? "conditional \"USE_DES\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_BLOWFISH_TRUE}" && test -z "${USE_BLOWFISH_FALSE}"; then - as_fn_error "conditional \"USE_BLOWFISH\" was never defined. + as_fn_error $? "conditional \"USE_BLOWFISH\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_MD4_TRUE}" && test -z "${USE_MD4_FALSE}"; then - as_fn_error "conditional \"USE_MD4\" was never defined. + as_fn_error $? "conditional \"USE_MD4\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_MD5_TRUE}" && test -z "${USE_MD5_FALSE}"; then - as_fn_error "conditional \"USE_MD5\" was never defined. + as_fn_error $? "conditional \"USE_MD5\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SHA1_TRUE}" && test -z "${USE_SHA1_FALSE}"; then - as_fn_error "conditional \"USE_SHA1\" was never defined. + as_fn_error $? "conditional \"USE_SHA1\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SHA2_TRUE}" && test -z "${USE_SHA2_FALSE}"; then - as_fn_error "conditional \"USE_SHA2\" was never defined. + as_fn_error $? "conditional \"USE_SHA2\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_FIPS_PRF_TRUE}" && test -z "${USE_FIPS_PRF_FALSE}"; then - as_fn_error "conditional \"USE_FIPS_PRF\" was never defined. + as_fn_error $? "conditional \"USE_FIPS_PRF\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_GMP_TRUE}" && test -z "${USE_GMP_FALSE}"; then - as_fn_error "conditional \"USE_GMP\" was never defined. + as_fn_error $? "conditional \"USE_GMP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_RANDOM_TRUE}" && test -z "${USE_RANDOM_FALSE}"; then - as_fn_error "conditional \"USE_RANDOM\" was never defined. + as_fn_error $? "conditional \"USE_RANDOM\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_X509_TRUE}" && test -z "${USE_X509_FALSE}"; then - as_fn_error "conditional \"USE_X509\" was never defined. + as_fn_error $? "conditional \"USE_X509\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_REVOCATION_TRUE}" && test -z "${USE_REVOCATION_FALSE}"; then - as_fn_error "conditional \"USE_REVOCATION\" was never defined. + as_fn_error $? "conditional \"USE_REVOCATION\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_PUBKEY_TRUE}" && test -z "${USE_PUBKEY_FALSE}"; then - as_fn_error "conditional \"USE_PUBKEY\" was never defined. + as_fn_error $? "conditional \"USE_PUBKEY\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_PKCS1_TRUE}" && test -z "${USE_PKCS1_FALSE}"; then - as_fn_error "conditional \"USE_PKCS1\" was never defined. + as_fn_error $? "conditional \"USE_PKCS1\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_PGP_TRUE}" && test -z "${USE_PGP_FALSE}"; then - as_fn_error "conditional \"USE_PGP\" was never defined. + as_fn_error $? "conditional \"USE_PGP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_DNSKEY_TRUE}" && test -z "${USE_DNSKEY_FALSE}"; then - as_fn_error "conditional \"USE_DNSKEY\" was never defined. + as_fn_error $? "conditional \"USE_DNSKEY\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_PEM_TRUE}" && test -z "${USE_PEM_FALSE}"; then - as_fn_error "conditional \"USE_PEM\" was never defined. + as_fn_error $? "conditional \"USE_PEM\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_HMAC_TRUE}" && test -z "${USE_HMAC_FALSE}"; then - as_fn_error "conditional \"USE_HMAC\" was never defined. + as_fn_error $? "conditional \"USE_HMAC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_XCBC_TRUE}" && test -z "${USE_XCBC_FALSE}"; then - as_fn_error "conditional \"USE_XCBC\" was never defined. + as_fn_error $? "conditional \"USE_XCBC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_MYSQL_TRUE}" && test -z "${USE_MYSQL_FALSE}"; then - as_fn_error "conditional \"USE_MYSQL\" was never defined. + as_fn_error $? "conditional \"USE_MYSQL\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SQLITE_TRUE}" && test -z "${USE_SQLITE_FALSE}"; then - as_fn_error "conditional \"USE_SQLITE\" was never defined. + as_fn_error $? "conditional \"USE_SQLITE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_PADLOCK_TRUE}" && test -z "${USE_PADLOCK_FALSE}"; then - as_fn_error "conditional \"USE_PADLOCK\" was never defined. + as_fn_error $? "conditional \"USE_PADLOCK\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_OPENSSL_TRUE}" && test -z "${USE_OPENSSL_FALSE}"; then - as_fn_error "conditional \"USE_OPENSSL\" was never defined. + as_fn_error $? "conditional \"USE_OPENSSL\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_GCRYPT_TRUE}" && test -z "${USE_GCRYPT_FALSE}"; then - as_fn_error "conditional \"USE_GCRYPT\" was never defined. + as_fn_error $? "conditional \"USE_GCRYPT\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_AGENT_TRUE}" && test -z "${USE_AGENT_FALSE}"; then - as_fn_error "conditional \"USE_AGENT\" was never defined. + as_fn_error $? "conditional \"USE_AGENT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_PKCS11_TRUE}" && test -z "${USE_PKCS11_FALSE}"; then + as_fn_error $? "conditional \"USE_PKCS11\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_CTR_TRUE}" && test -z "${USE_CTR_FALSE}"; then + as_fn_error $? "conditional \"USE_CTR\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_CCM_TRUE}" && test -z "${USE_CCM_FALSE}"; then + as_fn_error $? "conditional \"USE_CCM\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_GCM_TRUE}" && test -z "${USE_GCM_FALSE}"; then + as_fn_error $? "conditional \"USE_GCM\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_STROKE_TRUE}" && test -z "${USE_STROKE_FALSE}"; then - as_fn_error "conditional \"USE_STROKE\" was never defined. + as_fn_error $? "conditional \"USE_STROKE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_MEDSRV_TRUE}" && test -z "${USE_MEDSRV_FALSE}"; then - as_fn_error "conditional \"USE_MEDSRV\" was never defined. + as_fn_error $? "conditional \"USE_MEDSRV\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_MEDCLI_TRUE}" && test -z "${USE_MEDCLI_FALSE}"; then - as_fn_error "conditional \"USE_MEDCLI\" was never defined. + as_fn_error $? "conditional \"USE_MEDCLI\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_NM_TRUE}" && test -z "${USE_NM_FALSE}"; then - as_fn_error "conditional \"USE_NM\" was never defined. + as_fn_error $? "conditional \"USE_NM\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_UCI_TRUE}" && test -z "${USE_UCI_FALSE}"; then - as_fn_error "conditional \"USE_UCI\" was never defined. + as_fn_error $? "conditional \"USE_UCI\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_ANDROID_TRUE}" && test -z "${USE_ANDROID_FALSE}"; then - as_fn_error "conditional \"USE_ANDROID\" was never defined. + as_fn_error $? "conditional \"USE_ANDROID\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_MAEMO_TRUE}" && test -z "${USE_MAEMO_FALSE}"; then + as_fn_error $? "conditional \"USE_MAEMO\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SMP_TRUE}" && test -z "${USE_SMP_FALSE}"; then - as_fn_error "conditional \"USE_SMP\" was never defined. + as_fn_error $? "conditional \"USE_SMP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SQL_TRUE}" && test -z "${USE_SQL_FALSE}"; then - as_fn_error "conditional \"USE_SQL\" was never defined. + as_fn_error $? "conditional \"USE_SQL\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_UPDOWN_TRUE}" && test -z "${USE_UPDOWN_FALSE}"; then - as_fn_error "conditional \"USE_UPDOWN\" was never defined. + as_fn_error $? "conditional \"USE_UPDOWN\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_DHCP_TRUE}" && test -z "${USE_DHCP_FALSE}"; then - as_fn_error "conditional \"USE_DHCP\" was never defined. + as_fn_error $? "conditional \"USE_DHCP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_UNIT_TESTS_TRUE}" && test -z "${USE_UNIT_TESTS_FALSE}"; then - as_fn_error "conditional \"USE_UNIT_TESTS\" was never defined. + as_fn_error $? "conditional \"USE_UNIT_TESTS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_LOAD_TESTER_TRUE}" && test -z "${USE_LOAD_TESTER_FALSE}"; then - as_fn_error "conditional \"USE_LOAD_TESTER\" was never defined. + as_fn_error $? "conditional \"USE_LOAD_TESTER\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_HA_TRUE}" && test -z "${USE_HA_FALSE}"; then - as_fn_error "conditional \"USE_HA\" was never defined. + as_fn_error $? "conditional \"USE_HA\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_LED_TRUE}" && test -z "${USE_LED_FALSE}"; then + as_fn_error $? "conditional \"USE_LED\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_SIM_TRUE}" && test -z "${USE_EAP_SIM_FALSE}"; then - as_fn_error "conditional \"USE_EAP_SIM\" was never defined. + as_fn_error $? "conditional \"USE_EAP_SIM\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_SIM_FILE_TRUE}" && test -z "${USE_EAP_SIM_FILE_FALSE}"; then - as_fn_error "conditional \"USE_EAP_SIM_FILE\" was never defined. + as_fn_error $? "conditional \"USE_EAP_SIM_FILE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_SIMAKA_SQL_TRUE}" && test -z "${USE_EAP_SIMAKA_SQL_FALSE}"; then - as_fn_error "conditional \"USE_EAP_SIMAKA_SQL\" was never defined. + as_fn_error $? "conditional \"USE_EAP_SIMAKA_SQL\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_SIMAKA_PSEUDONYM_TRUE}" && test -z "${USE_EAP_SIMAKA_PSEUDONYM_FALSE}"; then - as_fn_error "conditional \"USE_EAP_SIMAKA_PSEUDONYM\" was never defined. + as_fn_error $? "conditional \"USE_EAP_SIMAKA_PSEUDONYM\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_SIMAKA_REAUTH_TRUE}" && test -z "${USE_EAP_SIMAKA_REAUTH_FALSE}"; then - as_fn_error "conditional \"USE_EAP_SIMAKA_REAUTH\" was never defined. + as_fn_error $? "conditional \"USE_EAP_SIMAKA_REAUTH\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_IDENTITY_TRUE}" && test -z "${USE_EAP_IDENTITY_FALSE}"; then - as_fn_error "conditional \"USE_EAP_IDENTITY\" was never defined. + as_fn_error $? "conditional \"USE_EAP_IDENTITY\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_MD5_TRUE}" && test -z "${USE_EAP_MD5_FALSE}"; then - as_fn_error "conditional \"USE_EAP_MD5\" was never defined. + as_fn_error $? "conditional \"USE_EAP_MD5\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_GTC_TRUE}" && test -z "${USE_EAP_GTC_FALSE}"; then - as_fn_error "conditional \"USE_EAP_GTC\" was never defined. + as_fn_error $? "conditional \"USE_EAP_GTC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_AKA_TRUE}" && test -z "${USE_EAP_AKA_FALSE}"; then - as_fn_error "conditional \"USE_EAP_AKA\" was never defined. + as_fn_error $? "conditional \"USE_EAP_AKA\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_AKA_3GPP2_TRUE}" && test -z "${USE_EAP_AKA_3GPP2_FALSE}"; then - as_fn_error "conditional \"USE_EAP_AKA_3GPP2\" was never defined. + as_fn_error $? "conditional \"USE_EAP_AKA_3GPP2\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_MSCHAPV2_TRUE}" && test -z "${USE_EAP_MSCHAPV2_FALSE}"; then - as_fn_error "conditional \"USE_EAP_MSCHAPV2\" was never defined. + as_fn_error $? "conditional \"USE_EAP_MSCHAPV2\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_EAP_TLS_TRUE}" && test -z "${USE_EAP_TLS_FALSE}"; then + as_fn_error $? "conditional \"USE_EAP_TLS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_EAP_TTLS_TRUE}" && test -z "${USE_EAP_TTLS_FALSE}"; then + as_fn_error $? "conditional \"USE_EAP_TTLS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_EAP_TNC_TRUE}" && test -z "${USE_EAP_TNC_FALSE}"; then + as_fn_error $? "conditional \"USE_EAP_TNC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_RADIUS_TRUE}" && test -z "${USE_EAP_RADIUS_FALSE}"; then - as_fn_error "conditional \"USE_EAP_RADIUS\" was never defined. + as_fn_error $? "conditional \"USE_EAP_RADIUS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${USE_KERNEL_NETLINK_TRUE}" && test -z "${USE_KERNEL_NETLINK_FALSE}"; then - as_fn_error "conditional \"USE_KERNEL_NETLINK\" was never defined. +if test -z "${USE_TNC_IMC_TRUE}" && test -z "${USE_TNC_IMC_FALSE}"; then + as_fn_error $? "conditional \"USE_TNC_IMC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${USE_KERNEL_PFKEY_TRUE}" && test -z "${USE_KERNEL_PFKEY_FALSE}"; then - as_fn_error "conditional \"USE_KERNEL_PFKEY\" was never defined. +if test -z "${USE_TNC_IMV_TRUE}" && test -z "${USE_TNC_IMV_FALSE}"; then + as_fn_error $? "conditional \"USE_TNC_IMV\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${USE_KERNEL_PFROUTE_TRUE}" && test -z "${USE_KERNEL_PFROUTE_FALSE}"; then - as_fn_error "conditional \"USE_KERNEL_PFROUTE\" was never defined. +if test -z "${USE_TNCCS_11_TRUE}" && test -z "${USE_TNCCS_11_FALSE}"; then + as_fn_error $? "conditional \"USE_TNCCS_11\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${USE_KERNEL_KLIPS_TRUE}" && test -z "${USE_KERNEL_KLIPS_FALSE}"; then - as_fn_error "conditional \"USE_KERNEL_KLIPS\" was never defined. +if test -z "${USE_TNCCS_20_TRUE}" && test -z "${USE_TNCCS_20_FALSE}"; then + as_fn_error $? "conditional \"USE_TNCCS_20\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SOCKET_DEFAULT_TRUE}" && test -z "${USE_SOCKET_DEFAULT_FALSE}"; then - as_fn_error "conditional \"USE_SOCKET_DEFAULT\" was never defined. + as_fn_error $? "conditional \"USE_SOCKET_DEFAULT\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SOCKET_RAW_TRUE}" && test -z "${USE_SOCKET_RAW_FALSE}"; then - as_fn_error "conditional \"USE_SOCKET_RAW\" was never defined. + as_fn_error $? "conditional \"USE_SOCKET_RAW\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SOCKET_DYNAMIC_TRUE}" && test -z "${USE_SOCKET_DYNAMIC_FALSE}"; then - as_fn_error "conditional \"USE_SOCKET_DYNAMIC\" was never defined. + as_fn_error $? "conditional \"USE_SOCKET_DYNAMIC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_FARP_TRUE}" && test -z "${USE_FARP_FALSE}"; then - as_fn_error "conditional \"USE_FARP\" was never defined. + as_fn_error $? "conditional \"USE_FARP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_ADDRBLOCK_TRUE}" && test -z "${USE_ADDRBLOCK_FALSE}"; then - as_fn_error "conditional \"USE_ADDRBLOCK\" was never defined. + as_fn_error $? "conditional \"USE_ADDRBLOCK\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_ATTR_TRUE}" && test -z "${USE_ATTR_FALSE}"; then - as_fn_error "conditional \"USE_ATTR\" was never defined. + as_fn_error $? "conditional \"USE_ATTR\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_ATTR_SQL_TRUE}" && test -z "${USE_ATTR_SQL_FALSE}"; then - as_fn_error "conditional \"USE_ATTR_SQL\" was never defined. + as_fn_error $? "conditional \"USE_ATTR_SQL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_KERNEL_KLIPS_TRUE}" && test -z "${USE_KERNEL_KLIPS_FALSE}"; then + as_fn_error $? "conditional \"USE_KERNEL_KLIPS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_KERNEL_NETLINK_TRUE}" && test -z "${USE_KERNEL_NETLINK_FALSE}"; then + as_fn_error $? "conditional \"USE_KERNEL_NETLINK\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_KERNEL_PFKEY_TRUE}" && test -z "${USE_KERNEL_PFKEY_FALSE}"; then + as_fn_error $? "conditional \"USE_KERNEL_PFKEY\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_KERNEL_PFROUTE_TRUE}" && test -z "${USE_KERNEL_PFROUTE_FALSE}"; then + as_fn_error $? "conditional \"USE_KERNEL_PFROUTE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_RESOLVE_TRUE}" && test -z "${USE_RESOLVE_FALSE}"; then - as_fn_error "conditional \"USE_RESOLVE\" was never defined. + as_fn_error $? "conditional \"USE_RESOLVE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_XAUTH_TRUE}" && test -z "${USE_XAUTH_FALSE}"; then - as_fn_error "conditional \"USE_XAUTH\" was never defined. + as_fn_error $? "conditional \"USE_XAUTH\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SMARTCARD_TRUE}" && test -z "${USE_SMARTCARD_FALSE}"; then - as_fn_error "conditional \"USE_SMARTCARD\" was never defined. + as_fn_error $? "conditional \"USE_SMARTCARD\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_CISCO_QUIRKS_TRUE}" && test -z "${USE_CISCO_QUIRKS_FALSE}"; then - as_fn_error "conditional \"USE_CISCO_QUIRKS\" was never defined. + as_fn_error $? "conditional \"USE_CISCO_QUIRKS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_LEAK_DETECTIVE_TRUE}" && test -z "${USE_LEAK_DETECTIVE_FALSE}"; then - as_fn_error "conditional \"USE_LEAK_DETECTIVE\" was never defined. + as_fn_error $? "conditional \"USE_LEAK_DETECTIVE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_LOCK_PROFILER_TRUE}" && test -z "${USE_LOCK_PROFILER_FALSE}"; then - as_fn_error "conditional \"USE_LOCK_PROFILER\" was never defined. + as_fn_error $? "conditional \"USE_LOCK_PROFILER\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_NAT_TRANSPORT_TRUE}" && test -z "${USE_NAT_TRANSPORT_FALSE}"; then - as_fn_error "conditional \"USE_NAT_TRANSPORT\" was never defined. + as_fn_error $? "conditional \"USE_NAT_TRANSPORT\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_VENDORID_TRUE}" && test -z "${USE_VENDORID_FALSE}"; then - as_fn_error "conditional \"USE_VENDORID\" was never defined. + as_fn_error $? "conditional \"USE_VENDORID\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_XAUTH_VID_TRUE}" && test -z "${USE_XAUTH_VID_FALSE}"; then - as_fn_error "conditional \"USE_XAUTH_VID\" was never defined. + as_fn_error $? "conditional \"USE_XAUTH_VID\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_DUMM_TRUE}" && test -z "${USE_DUMM_FALSE}"; then - as_fn_error "conditional \"USE_DUMM\" was never defined. + as_fn_error $? "conditional \"USE_DUMM\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_FAST_TRUE}" && test -z "${USE_FAST_FALSE}"; then - as_fn_error "conditional \"USE_FAST\" was never defined. + as_fn_error $? "conditional \"USE_FAST\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_MANAGER_TRUE}" && test -z "${USE_MANAGER_FALSE}"; then - as_fn_error "conditional \"USE_MANAGER\" was never defined. + as_fn_error $? "conditional \"USE_MANAGER\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_ME_TRUE}" && test -z "${USE_ME_FALSE}"; then - as_fn_error "conditional \"USE_ME\" was never defined. + as_fn_error $? "conditional \"USE_ME\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_INTEGRITY_TEST_TRUE}" && test -z "${USE_INTEGRITY_TEST_FALSE}"; then - as_fn_error "conditional \"USE_INTEGRITY_TEST\" was never defined. + as_fn_error $? "conditional \"USE_INTEGRITY_TEST\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_LOAD_WARNING_TRUE}" && test -z "${USE_LOAD_WARNING_FALSE}"; then - as_fn_error "conditional \"USE_LOAD_WARNING\" was never defined. + as_fn_error $? "conditional \"USE_LOAD_WARNING\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_PLUTO_TRUE}" && test -z "${USE_PLUTO_FALSE}"; then - as_fn_error "conditional \"USE_PLUTO\" was never defined. + as_fn_error $? "conditional \"USE_PLUTO\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_THREADS_TRUE}" && test -z "${USE_THREADS_FALSE}"; then - as_fn_error "conditional \"USE_THREADS\" was never defined. + as_fn_error $? "conditional \"USE_THREADS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_CHARON_TRUE}" && test -z "${USE_CHARON_FALSE}"; then - as_fn_error "conditional \"USE_CHARON\" was never defined. + as_fn_error $? "conditional \"USE_CHARON\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_TOOLS_TRUE}" && test -z "${USE_TOOLS_FALSE}"; then - as_fn_error "conditional \"USE_TOOLS\" was never defined. + as_fn_error $? "conditional \"USE_TOOLS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SCRIPTS_TRUE}" && test -z "${USE_SCRIPTS_FALSE}"; then - as_fn_error "conditional \"USE_SCRIPTS\" was never defined. + as_fn_error $? "conditional \"USE_SCRIPTS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_LIBSTRONGSWAN_TRUE}" && test -z "${USE_LIBSTRONGSWAN_FALSE}"; then - as_fn_error "conditional \"USE_LIBSTRONGSWAN\" was never defined. + as_fn_error $? "conditional \"USE_LIBSTRONGSWAN\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_LIBHYDRA_TRUE}" && test -z "${USE_LIBHYDRA_FALSE}"; then - as_fn_error "conditional \"USE_LIBHYDRA\" was never defined. + as_fn_error $? "conditional \"USE_LIBHYDRA\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_FILE_CONFIG_TRUE}" && test -z "${USE_FILE_CONFIG_FALSE}"; then - as_fn_error "conditional \"USE_FILE_CONFIG\" was never defined. + as_fn_error $? "conditional \"USE_FILE_CONFIG\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_LIBCAP_TRUE}" && test -z "${USE_LIBCAP_FALSE}"; then - as_fn_error "conditional \"USE_LIBCAP\" was never defined. + as_fn_error $? "conditional \"USE_LIBCAP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_VSTR_TRUE}" && test -z "${USE_VSTR_FALSE}"; then - as_fn_error "conditional \"USE_VSTR\" was never defined. + as_fn_error $? "conditional \"USE_VSTR\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SIMAKA_TRUE}" && test -z "${USE_SIMAKA_FALSE}"; then - as_fn_error "conditional \"USE_SIMAKA\" was never defined. + as_fn_error $? "conditional \"USE_SIMAKA\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_TLS_TRUE}" && test -z "${USE_TLS_FALSE}"; then + as_fn_error $? "conditional \"USE_TLS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${MONOLITHIC_TRUE}" && test -z "${MONOLITHIC_FALSE}"; then - as_fn_error "conditional \"MONOLITHIC\" was never defined. + as_fn_error $? "conditional \"MONOLITHIC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi @@ -17611,19 +18712,19 @@ export LANGUAGE (unset CDPATH) >/dev/null 2>&1 && unset CDPATH -# as_fn_error ERROR [LINENO LOG_FD] -# --------------------------------- +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the -# script with status $?, using 1 if that was 0. +# script with STATUS, using 1 if that was 0. as_fn_error () { - as_status=$?; test $as_status -eq 0 && as_status=1 - if test "$3"; then - as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3 + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi - $as_echo "$as_me: error: $1" >&2 + $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error @@ -17819,7 +18920,7 @@ $as_echo X"$as_dir" | test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" - } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p @@ -17872,8 +18973,8 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by strongSwan $as_me 4.4.1, which was -generated by GNU Autoconf 2.65. Invocation command line was +This file was extended by strongSwan $as_me 4.5.0, which was +generated by GNU Autoconf 2.67. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS @@ -17929,11 +19030,11 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -strongSwan config.status 4.4.1 -configured by $0, generated by GNU Autoconf 2.65, +strongSwan config.status 4.5.0 +configured by $0, generated by GNU Autoconf 2.67, with options \\"\$ac_cs_config\\" -Copyright (C) 2009 Free Software Foundation, Inc. +Copyright (C) 2010 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." @@ -17951,11 +19052,16 @@ ac_need_defaults=: while test $# != 0 do case $1 in - --*=*) + --*=?*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; + --*=) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg= + ac_shift=: + ;; *) ac_option=$1 ac_optarg=$2 @@ -17977,6 +19083,7 @@ do $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + '') as_fn_error $? "missing file argument" ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; @@ -17987,7 +19094,7 @@ do ac_cs_silent=: ;; # This is an error. - -*) as_fn_error "unrecognized option: \`$1' + -*) as_fn_error $? "unrecognized option: \`$1' Try \`$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" @@ -18299,6 +19406,7 @@ do "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "man/Makefile") CONFIG_FILES="$CONFIG_FILES man/Makefile" ;; "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; "src/include/Makefile") CONFIG_FILES="$CONFIG_FILES src/include/Makefile" ;; "src/libstrongswan/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/Makefile" ;; @@ -18329,13 +19437,22 @@ do "src/libstrongswan/plugins/openssl/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/openssl/Makefile" ;; "src/libstrongswan/plugins/gcrypt/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/gcrypt/Makefile" ;; "src/libstrongswan/plugins/agent/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/agent/Makefile" ;; + "src/libstrongswan/plugins/pkcs11/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/pkcs11/Makefile" ;; + "src/libstrongswan/plugins/ctr/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/ctr/Makefile" ;; + "src/libstrongswan/plugins/ccm/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/ccm/Makefile" ;; + "src/libstrongswan/plugins/gcm/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/gcm/Makefile" ;; "src/libstrongswan/plugins/test_vectors/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/test_vectors/Makefile" ;; "src/libhydra/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/Makefile" ;; "src/libhydra/plugins/attr/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/plugins/attr/Makefile" ;; "src/libhydra/plugins/attr_sql/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/plugins/attr_sql/Makefile" ;; + "src/libhydra/plugins/kernel_klips/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/plugins/kernel_klips/Makefile" ;; + "src/libhydra/plugins/kernel_netlink/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/plugins/kernel_netlink/Makefile" ;; + "src/libhydra/plugins/kernel_pfkey/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/plugins/kernel_pfkey/Makefile" ;; + "src/libhydra/plugins/kernel_pfroute/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/plugins/kernel_pfroute/Makefile" ;; "src/libhydra/plugins/resolve/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/plugins/resolve/Makefile" ;; "src/libfreeswan/Makefile") CONFIG_FILES="$CONFIG_FILES src/libfreeswan/Makefile" ;; "src/libsimaka/Makefile") CONFIG_FILES="$CONFIG_FILES src/libsimaka/Makefile" ;; + "src/libtls/Makefile") CONFIG_FILES="$CONFIG_FILES src/libtls/Makefile" ;; "src/pluto/Makefile") CONFIG_FILES="$CONFIG_FILES src/pluto/Makefile" ;; "src/pluto/plugins/xauth/Makefile") CONFIG_FILES="$CONFIG_FILES src/pluto/plugins/xauth/Makefile" ;; "src/whack/Makefile") CONFIG_FILES="$CONFIG_FILES src/whack/Makefile" ;; @@ -18352,11 +19469,14 @@ do "src/libcharon/plugins/eap_simaka_pseudonym/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_simaka_pseudonym/Makefile" ;; "src/libcharon/plugins/eap_simaka_reauth/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_simaka_reauth/Makefile" ;; "src/libcharon/plugins/eap_mschapv2/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_mschapv2/Makefile" ;; + "src/libcharon/plugins/eap_tls/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_tls/Makefile" ;; + "src/libcharon/plugins/eap_ttls/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_ttls/Makefile" ;; + "src/libcharon/plugins/eap_tnc/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_tnc/Makefile" ;; "src/libcharon/plugins/eap_radius/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_radius/Makefile" ;; - "src/libcharon/plugins/kernel_netlink/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_netlink/Makefile" ;; - "src/libcharon/plugins/kernel_pfkey/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_pfkey/Makefile" ;; - "src/libcharon/plugins/kernel_pfroute/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_pfroute/Makefile" ;; - "src/libcharon/plugins/kernel_klips/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_klips/Makefile" ;; + "src/libcharon/plugins/tnc_imc/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/tnc_imc/Makefile" ;; + "src/libcharon/plugins/tnc_imv/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/tnc_imv/Makefile" ;; + "src/libcharon/plugins/tnccs_11/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/tnccs_11/Makefile" ;; + "src/libcharon/plugins/tnccs_20/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/tnccs_20/Makefile" ;; "src/libcharon/plugins/socket_default/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/socket_default/Makefile" ;; "src/libcharon/plugins/socket_raw/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/socket_raw/Makefile" ;; "src/libcharon/plugins/socket_dynamic/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/socket_dynamic/Makefile" ;; @@ -18369,7 +19489,9 @@ do "src/libcharon/plugins/addrblock/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/addrblock/Makefile" ;; "src/libcharon/plugins/uci/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/uci/Makefile" ;; "src/libcharon/plugins/ha/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/ha/Makefile" ;; + "src/libcharon/plugins/led/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/led/Makefile" ;; "src/libcharon/plugins/android/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/android/Makefile" ;; + "src/libcharon/plugins/maemo/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/maemo/Makefile" ;; "src/libcharon/plugins/stroke/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/stroke/Makefile" ;; "src/libcharon/plugins/updown/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/updown/Makefile" ;; "src/libcharon/plugins/dhcp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/dhcp/Makefile" ;; @@ -18393,7 +19515,7 @@ do "scripts/Makefile") CONFIG_FILES="$CONFIG_FILES scripts/Makefile" ;; "testing/Makefile") CONFIG_FILES="$CONFIG_FILES testing/Makefile" ;; - *) as_fn_error "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5 ;; esac done @@ -18430,7 +19552,7 @@ $debug || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") -} || as_fn_error "cannot create a temporary directory in ." "$LINENO" 5 +} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. @@ -18447,7 +19569,7 @@ if test "x$ac_cr" = x; then fi ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then - ac_cs_awk_cr='\r' + ac_cs_awk_cr='\\r' else ac_cs_awk_cr=$ac_cr fi @@ -18461,18 +19583,18 @@ _ACEOF echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || - as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 -ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'` + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 +ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || - as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then - as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi @@ -18561,20 +19683,28 @@ if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then else cat fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \ - || as_fn_error "could not setup config files machinery" "$LINENO" 5 + || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 _ACEOF -# VPATH may cause trouble with some makes, so we remove $(srcdir), -# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and +# VPATH may cause trouble with some makes, so we remove sole $(srcdir), +# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then - ac_vpsub='/^[ ]*VPATH[ ]*=/{ -s/:*\$(srcdir):*/:/ -s/:*\${srcdir}:*/:/ -s/:*@srcdir@:*/:/ -s/^\([^=]*=[ ]*\):*/\1/ + ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ +h +s/// +s/^/:/ +s/[ ]*$/:/ +s/:\$(srcdir):/:/g +s/:\${srcdir}:/:/g +s/:@srcdir@:/:/g +s/^:*// s/:*$// +x +s/\(=[ ]*\).*/\1/ +G +s/\n// s/^[^=]*=[ ]*$// }' fi @@ -18592,7 +19722,7 @@ do esac case $ac_mode$ac_tag in :[FHL]*:*);; - :L* | :C*:*) as_fn_error "invalid tag \`$ac_tag'" "$LINENO" 5;; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5 ;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac @@ -18620,7 +19750,7 @@ do [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || - as_fn_error "cannot find input file: \`$ac_f'" "$LINENO" 5;; + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5 ;; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" @@ -18647,7 +19777,7 @@ $as_echo "$as_me: creating $ac_file" >&6;} case $ac_tag in *:-:* | *:-) cat >"$tmp/stdin" \ - || as_fn_error "could not create $ac_file" "$LINENO" 5 ;; + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac @@ -18784,22 +19914,22 @@ s&@MKDIR_P@&$ac_MKDIR_P&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \ - || as_fn_error "could not create $ac_file" "$LINENO" 5 + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } && { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' -which seems to be undefined. Please make sure it is defined." >&5 +which seems to be undefined. Please make sure it is defined" >&5 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' -which seems to be undefined. Please make sure it is defined." >&2;} +which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$tmp/stdin" case $ac_file in -) cat "$tmp/out" && rm -f "$tmp/out";; *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";; esac \ - || as_fn_error "could not create $ac_file" "$LINENO" 5 + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; @@ -19550,7 +20680,7 @@ _ACEOF ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || - as_fn_error "write failure creating $CONFIG_STATUS" "$LINENO" 5 + as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 # configure is writing to config.log, and then calls config.status. @@ -19571,7 +20701,7 @@ if test "$no_create" != yes; then exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. - $ac_cs_success || as_fn_exit $? + $ac_cs_success || as_fn_exit 1 fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 diff --git a/configure.in b/configure.in index d829071ea..83c35d614 100644 --- a/configure.in +++ b/configure.in @@ -16,7 +16,7 @@ dnl =========================== dnl initialize & set some vars dnl =========================== -AC_INIT(strongSwan,4.4.1) +AC_INIT(strongSwan,4.5.0) AM_INIT_AUTOMAKE(tar-ustar) AC_CONFIG_MACRO_DIR([m4/config]) PKG_PROG_PKG_CONFIG @@ -100,18 +100,25 @@ ARG_ENABL_SET([leak-detective], [enable malloc hooks to find memory leaks.]) ARG_ENABL_SET([lock-profiler], [enable lock/mutex profiling code.]) ARG_ENABL_SET([unit-tests], [enable unit tests on IKEv2 daemon startup.]) ARG_ENABL_SET([load-tester], [enable load testing plugin for IKEv2 daemon.]) -ARG_ENABL_SET([eap-sim], [enable SIM authenication module for EAP.]) +ARG_ENABL_SET([eap-sim], [enable SIM authentication module for EAP.]) ARG_ENABL_SET([eap-sim-file], [enable EAP-SIM backend based on a triplet file.]) ARG_ENABL_SET([eap-simaka-sql], [enable EAP-SIM/AKA backend based on a triplet/quintuplet SQL database.]) ARG_ENABL_SET([eap-simaka-pseudonym], [enable EAP-SIM/AKA pseudonym storage plugin.]) ARG_ENABL_SET([eap-simaka-reauth], [enable EAP-SIM/AKA reauthentication data storage plugin.]) ARG_ENABL_SET([eap-identity], [enable EAP module providing EAP-Identity helper.]) -ARG_ENABL_SET([eap-md5], [enable EAP MD5 (CHAP) authenication module.]) -ARG_ENABL_SET([eap-gtc], [enable PAM based EAP GTC authenication module.]) +ARG_ENABL_SET([eap-md5], [enable EAP MD5 (CHAP) authentication module.]) +ARG_ENABL_SET([eap-gtc], [enable PAM based EAP GTC authentication module.]) ARG_ENABL_SET([eap-aka], [enable EAP AKA authentication module.]) ARG_ENABL_SET([eap-aka-3gpp2], [enable EAP AKA backend implementing 3GPP2 algorithms in software. Requires libgmp.]) -ARG_ENABL_SET([eap-mschapv2], [enable EAP MS-CHAPv2 authenication module.]) -ARG_ENABL_SET([eap-radius], [enable RADIUS proxy authenication module.]) +ARG_ENABL_SET([eap-mschapv2], [enable EAP MS-CHAPv2 authentication module.]) +ARG_ENABL_SET([eap-tls], [enable EAP TLS authentication module.]) +ARG_ENABL_SET([eap-ttls], [enable EAP TTLS authentication module.]) +ARG_ENABL_SET([eap-tnc], [enable EAP TNC trusted network connect module.]) +ARG_ENABL_SET([eap-radius], [enable RADIUS proxy authentication module.]) +ARG_ENABL_SET([tnc-imc], [enable TNC IMC module.]) +ARG_ENABL_SET([tnc-imv], [enable TNC IMV module.]) +ARG_ENABL_SET([tnccs-11], [enable TNCCS 1.1 protocol module.]) +ARG_ENABL_SET([tnccs-20], [enable TNCCS 2.0 protocol module.]) ARG_DISBL_SET([kernel-netlink], [disable the netlink kernel interface.]) ARG_ENABL_SET([kernel-pfkey], [enable the PF_KEY kernel interface.]) ARG_ENABL_SET([kernel-pfroute], [enable the PF_ROUTE kernel interface.]) @@ -144,11 +151,17 @@ ARG_ENABL_SET([padlock], [enables VIA Padlock crypto plugin.]) ARG_ENABL_SET([openssl], [enables the OpenSSL crypto plugin.]) ARG_ENABL_SET([gcrypt], [enables the libgcrypt plugin.]) ARG_ENABL_SET([agent], [enables the ssh-agent signing plugin.]) +ARG_ENABL_SET([pkcs11], [enables the PKCS11 token support plugin.]) +ARG_ENABL_SET([ctr], [enables the Counter Mode wrapper crypto plugin.]) +ARG_ENABL_SET([ccm], [enables the CCM AEAD wrapper crypto plugin.]) +ARG_ENABL_SET([gcm], [enables the GCM AEAD wrapper crypto plugin.]) ARG_ENABL_SET([addrblock], [enables RFC 3779 address block constraint support.]) ARG_ENABL_SET([uci], [enable OpenWRT UCI configuration plugin.]) ARG_ENABL_SET([android], [enable Android specific plugin.]) +ARG_ENABL_SET([maemo], [enable Maemo specific plugin.]) ARG_ENABL_SET([nm], [enable NetworkManager plugin.]) ARG_ENABL_SET([ha], [enable high availability cluster plugin.]) +ARG_ENABL_SET([led], [enable plugin to control LEDs on IKEv2 activity using the Linux kernel LED subsystem.]) ARG_ENABL_SET([vstr], [enforce using the Vstr string library to replace glibc-like printf hooks.]) ARG_ENABL_SET([monolithic], [build monolithic version of libstrongswan that includes all enabled plugins. Similarly, the plugins of charon are assembled in libcharon.]) @@ -224,6 +237,10 @@ if test x$eap_sim = xtrue; then simaka=true; fi +if test x$eap_tls = xtrue -o x$eap_ttls = xtrue; then + tls=true; +fi + if test x$fips_prf = xtrue; then if test x$openssl = xfalse; then sha1=true; @@ -590,6 +607,10 @@ if test x$gcrypt = xtrue; then ) fi +if test x$tnccs_11 = xtrue -o x$tnc_imc = xtrue -o x$tnc_imv = xtrue; then + AC_CHECK_HEADER([libtnc.h],,[AC_MSG_ERROR([libtnc header libtnc.h not found!])]) +fi + if test x$uci = xtrue; then AC_HAVE_LIBRARY([uci],[LIBS="$LIBS"],[AC_MSG_ERROR([UCI library libuci not found])]) AC_CHECK_HEADER([uci.h],,[AC_MSG_ERROR([UCI header uci.h not found!])]) @@ -604,6 +625,14 @@ if test x$android = xtrue; then AC_SUBST(DLLIB) fi +if test x$maemo = xtrue; then + PKG_CHECK_MODULES(maemo, [glib-2.0 gthread-2.0 libosso osso-af-settings]) + AC_SUBST(maemo_CFLAGS) + AC_SUBST(maemo_LIBS) + dbusservicedir="/usr/share/dbus-1/system-services" + AC_SUBST(dbusservicedir) +fi + if test x$nm = xtrue; then PKG_CHECK_EXISTS([libnm-glib], [PKG_CHECK_MODULES(nm, [NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn])], @@ -654,136 +683,124 @@ if test x$integrity_test = xtrue; then ) fi -dnl ========================================================== -dnl collect all plugins for libstrongswan, libhydra and pluto -dnl ========================================================== +dnl ============================================== +dnl collect plugin list for strongSwan components +dnl ============================================== -libstrongswan_plugins= -libhydra_plugins= -pluto_plugins= +m4_include(m4/macros/add-plugin.m4) -if test x$test_vectors = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" test-vectors" - pluto_plugins=${pluto_plugins}" test-vectors" -fi -if test x$curl = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" curl" - pluto_plugins=${pluto_plugins}" curl" -fi -if test x$ldap = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" ldap" - pluto_plugins=${pluto_plugins}" ldap" -fi -if test x$aes = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" aes" - pluto_plugins=${pluto_plugins}" aes" -fi -if test x$des = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" des" - pluto_plugins=${pluto_plugins}" des" -fi -if test x$blowfish = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" blowfish" - pluto_plugins=${pluto_plugins}" blowfish" -fi -if test x$sha1 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" sha1" - pluto_plugins=${pluto_plugins}" sha1" -fi -if test x$sha2 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" sha2" - pluto_plugins=${pluto_plugins}" sha2" -fi -if test x$md4 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" md4" -fi -if test x$md5 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" md5" - pluto_plugins=${pluto_plugins}" md5" -fi -if test x$random = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" random" - pluto_plugins=${pluto_plugins}" random" -fi -if test x$x509 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" x509" - pluto_plugins=${pluto_plugins}" x509" -fi -if test x$revocation = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" revocation" -fi -if test x$pubkey = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" pubkey" - pluto_plugins=${pluto_plugins}" pubkey" -fi -if test x$pkcs1 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" pkcs1" - pluto_plugins=${pluto_plugins}" pkcs1" -fi -if test x$pgp = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" pgp" - pluto_plugins=${pluto_plugins}" pgp" -fi -if test x$dnskey = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" dnskey" - pluto_plugins=${pluto_plugins}" dnskey" -fi -if test x$pem = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" pem" - pluto_plugins=${pluto_plugins}" pem" -fi -if test x$mysql = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" mysql" - pluto_plugins=${pluto_plugins}" mysql" -fi -if test x$sqlite = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" sqlite" - pluto_plugins=${pluto_plugins}" sqlite" -fi -if test x$padlock = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" padlock" -fi -if test x$openssl = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" openssl" - pluto_plugins=${pluto_plugins}" openssl" -fi -if test x$gcrypt = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" gcrypt" - pluto_plugins=${pluto_plugins}" gcrypt" -fi -if test x$fips_prf = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" fips-prf" -fi -if test x$xcbc = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" xcbc" -fi -if test x$hmac = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" hmac" - pluto_plugins=${pluto_plugins}" hmac" -fi -if test x$agent = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" agent" -fi -if test x$gmp = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" gmp" - pluto_plugins=${pluto_plugins}" gmp" -fi -if test x$xauth = xtrue; then - pluto_plugins=${pluto_plugins}" xauth" -fi -if test x$attr = xtrue; then - libhydra_plugins=${libhydra_plugins}" attr" -fi -if test x$attr_sql = xtrue -o x$sql = xtrue; then - libhydra_plugins=${libhydra_plugins}" attr-sql" -fi -if test x$resolve = xtrue; then - libhydra_plugins=${libhydra_plugins}" resolve" -fi - -AC_SUBST(libstrongswan_plugins) -AC_SUBST(libhydra_plugins) +# plugin lists for all components +libcharon_plugins= +pluto_plugins= +pool_plugins= +openac_plugins= +scepclient_plugins= +pki_plugins= +scripts_plugins= +manager_plugins= +medsrv_plugins= + +# location specific lists for checksumming, +# for src/libcharon, src/pluto, src/libhydra and src/libstrongswan +c_plugins= +p_plugins= +h_plugins= +s_plugins= + +ADD_PLUGIN([test-vectors], [s libcharon pluto openac scepclient pki]) +ADD_PLUGIN([curl], [s libcharon pluto scepclient]) +ADD_PLUGIN([ldap], [s libcharon pluto scepclient]) +ADD_PLUGIN([mysql], [s libcharon pluto pool manager medsrv]) +ADD_PLUGIN([sqlite], [s libcharon pluto pool manager medsrv]) +ADD_PLUGIN([aes], [s libcharon pluto openac scepclient pki scripts]) +ADD_PLUGIN([des], [s libcharon pluto openac scepclient pki scripts]) +ADD_PLUGIN([blowfish], [s libcharon pluto openac scepclient pki scripts]) +ADD_PLUGIN([sha1], [s libcharon pluto openac scepclient pki scripts medsrv]) +ADD_PLUGIN([sha2], [s libcharon pluto openac scepclient pki scripts medsrv]) +ADD_PLUGIN([md4], [s libcharon openac manager scepclient pki]) +ADD_PLUGIN([md5], [s libcharon pluto openac scepclient pki]) +ADD_PLUGIN([random], [s libcharon pluto openac scepclient pki scripts medsrv]) +ADD_PLUGIN([x509], [s libcharon pluto openac scepclient pki scripts]) +ADD_PLUGIN([revocation], [s libcharon]) +ADD_PLUGIN([pubkey], [s libcharon]) +ADD_PLUGIN([pkcs1], [s libcharon pluto openac scepclient pki scripts manager medsrv]) +ADD_PLUGIN([pgp], [s libcharon pluto]) +ADD_PLUGIN([dnskey], [s pluto]) +ADD_PLUGIN([pem], [s libcharon pluto openac scepclient pki scripts manager medsrv]) +ADD_PLUGIN([padlock], [s libcharon]) +ADD_PLUGIN([openssl], [s libcharon pluto openac scepclient pki scripts manager medsrv]) +ADD_PLUGIN([gcrypt], [s libcharon pluto openac scepclient pki scripts manager medsrv]) +ADD_PLUGIN([fips-prf], [s libcharon]) +ADD_PLUGIN([gmp], [s libcharon pluto openac scepclient pki scripts manager medsrv]) +ADD_PLUGIN([agent], [s libcharon]) +ADD_PLUGIN([pkcs11], [s libcharon pki]) +ADD_PLUGIN([xcbc], [s libcharon]) +ADD_PLUGIN([hmac], [s libcharon pluto scripts]) +ADD_PLUGIN([ctr], [s libcharon scripts]) +ADD_PLUGIN([ccm], [s libcharon scripts]) +ADD_PLUGIN([gcm], [s libcharon scripts]) +ADD_PLUGIN([xauth], [p pluto]) +ADD_PLUGIN([attr], [h libcharon pluto]) +ADD_PLUGIN([attr-sql], [h libcharon pluto]) +ADD_PLUGIN([kernel-pfkey], [h libcharon pluto]) +ADD_PLUGIN([kernel-pfroute], [h libcharon pluto]) +ADD_PLUGIN([kernel-klips], [h libcharon pluto]) +ADD_PLUGIN([kernel-netlink], [h libcharon pluto]) +ADD_PLUGIN([resolve], [h libcharon pluto]) +ADD_PLUGIN([load-tester], [c libcharon]) +ADD_PLUGIN([socket-default], [c libcharon]) +ADD_PLUGIN([socket-raw], [c libcharon]) +ADD_PLUGIN([socket-dynamic], [c libcharon]) +ADD_PLUGIN([farp], [c libcharon]) +ADD_PLUGIN([stroke], [c libcharon]) +ADD_PLUGIN([smp], [c libcharon]) +ADD_PLUGIN([sql], [c libcharon]) +ADD_PLUGIN([updown], [c libcharon]) +ADD_PLUGIN([eap-identity], [c libcharon]) +ADD_PLUGIN([eap-sim], [c libcharon]) +ADD_PLUGIN([eap-sim-file], [c libcharon]) +ADD_PLUGIN([eap-simaka-sql], [c libcharon]) +ADD_PLUGIN([eap-simaka-pseudonym], [c libcharon]) +ADD_PLUGIN([eap-simaka-reauth], [c libcharon]) +ADD_PLUGIN([eap-aka], [c libcharon]) +ADD_PLUGIN([eap-aka-3gpp2], [c libcharon]) +ADD_PLUGIN([eap-md5], [c libcharon]) +ADD_PLUGIN([eap-gtc], [c libcharon]) +ADD_PLUGIN([eap-mschapv2], [c libcharon]) +ADD_PLUGIN([eap-radius], [c libcharon]) +ADD_PLUGIN([eap-tls], [c libcharon]) +ADD_PLUGIN([eap-ttls], [c libcharon]) +ADD_PLUGIN([eap-tnc], [c libcharon]) +ADD_PLUGIN([tnc-imc], [c libcharon]) +ADD_PLUGIN([tnc-imv], [c libcharon]) +ADD_PLUGIN([tnccs-11], [c libcharon]) +ADD_PLUGIN([tnccs-20], [c libcharon]) +ADD_PLUGIN([medsrv], [c libcharon]) +ADD_PLUGIN([medcli], [c libcharon]) +ADD_PLUGIN([nm], [c libcharon]) +ADD_PLUGIN([dhcp], [c libcharon]) +ADD_PLUGIN([android], [c libcharon]) +ADD_PLUGIN([ha], [c libcharon]) +ADD_PLUGIN([led], [c libcharon]) +ADD_PLUGIN([maemo], [c libcharon]) +ADD_PLUGIN([uci], [c libcharon]) +ADD_PLUGIN([addrblock], [c libcharon]) +ADD_PLUGIN([unit-tester], [c libcharon]) + +AC_SUBST(libcharon_plugins) AC_SUBST(pluto_plugins) +AC_SUBST(pool_plugins) +AC_SUBST(openac_plugins) +AC_SUBST(scepclient_plugins) +AC_SUBST(pki_plugins) +AC_SUBST(scripts_plugins) +AC_SUBST(manager_plugins) +AC_SUBST(medsrv_plugins) + +AC_SUBST(c_plugins) +AC_SUBST(p_plugins) +AC_SUBST(h_plugins) +AC_SUBST(s_plugins) dnl ========================= dnl set Makefile.am vars @@ -819,6 +836,10 @@ AM_CONDITIONAL(USE_PADLOCK, test x$padlock = xtrue) AM_CONDITIONAL(USE_OPENSSL, test x$openssl = xtrue) AM_CONDITIONAL(USE_GCRYPT, test x$gcrypt = xtrue) AM_CONDITIONAL(USE_AGENT, test x$agent = xtrue) +AM_CONDITIONAL(USE_PKCS11, test x$pkcs11 = xtrue) +AM_CONDITIONAL(USE_CTR, test x$ctr = xtrue) +AM_CONDITIONAL(USE_CCM, test x$ccm = xtrue) +AM_CONDITIONAL(USE_GCM, test x$gcm = xtrue) dnl charon plugins dnl ============== @@ -828,6 +849,7 @@ AM_CONDITIONAL(USE_MEDCLI, test x$medcli = xtrue) AM_CONDITIONAL(USE_NM, test x$nm = xtrue) AM_CONDITIONAL(USE_UCI, test x$uci = xtrue) AM_CONDITIONAL(USE_ANDROID, test x$android = xtrue) +AM_CONDITIONAL(USE_MAEMO, test x$maemo = xtrue) AM_CONDITIONAL(USE_SMP, test x$smp = xtrue) AM_CONDITIONAL(USE_SQL, test x$sql = xtrue) AM_CONDITIONAL(USE_UPDOWN, test x$updown = xtrue) @@ -835,6 +857,7 @@ AM_CONDITIONAL(USE_DHCP, test x$dhcp = xtrue) AM_CONDITIONAL(USE_UNIT_TESTS, test x$unit_tests = xtrue) AM_CONDITIONAL(USE_LOAD_TESTER, test x$load_tester = xtrue) AM_CONDITIONAL(USE_HA, test x$ha = xtrue) +AM_CONDITIONAL(USE_LED, test x$led = xtrue) AM_CONDITIONAL(USE_EAP_SIM, test x$eap_sim = xtrue) AM_CONDITIONAL(USE_EAP_SIM_FILE, test x$eap_sim_file = xtrue) AM_CONDITIONAL(USE_EAP_SIMAKA_SQL, test x$eap_simaka_sql = xtrue) @@ -846,11 +869,14 @@ AM_CONDITIONAL(USE_EAP_GTC, test x$eap_gtc = xtrue) AM_CONDITIONAL(USE_EAP_AKA, test x$eap_aka = xtrue) AM_CONDITIONAL(USE_EAP_AKA_3GPP2, test x$eap_aka_3gpp2 = xtrue) AM_CONDITIONAL(USE_EAP_MSCHAPV2, test x$eap_mschapv2 = xtrue) +AM_CONDITIONAL(USE_EAP_TLS, test x$eap_tls = xtrue) +AM_CONDITIONAL(USE_EAP_TTLS, test x$eap_ttls = xtrue) +AM_CONDITIONAL(USE_EAP_TNC, test x$eap_tnc = xtrue) AM_CONDITIONAL(USE_EAP_RADIUS, test x$eap_radius = xtrue) -AM_CONDITIONAL(USE_KERNEL_NETLINK, test x$kernel_netlink = xtrue) -AM_CONDITIONAL(USE_KERNEL_PFKEY, test x$kernel_pfkey = xtrue) -AM_CONDITIONAL(USE_KERNEL_PFROUTE, test x$kernel_pfroute = xtrue) -AM_CONDITIONAL(USE_KERNEL_KLIPS, test x$kernel_klips = xtrue) +AM_CONDITIONAL(USE_TNC_IMC, test x$tnc_imc = xtrue) +AM_CONDITIONAL(USE_TNC_IMV, test x$tnc_imv = xtrue) +AM_CONDITIONAL(USE_TNCCS_11, test x$tnccs_11 = xtrue) +AM_CONDITIONAL(USE_TNCCS_20, test x$tnccs_20 = xtrue) AM_CONDITIONAL(USE_SOCKET_DEFAULT, test x$socket_default = xtrue) AM_CONDITIONAL(USE_SOCKET_RAW, test x$socket_raw = xtrue) AM_CONDITIONAL(USE_SOCKET_DYNAMIC, test x$socket_dynamic = xtrue) @@ -861,6 +887,10 @@ dnl hydra plugins dnl ============= AM_CONDITIONAL(USE_ATTR, test x$attr = xtrue) AM_CONDITIONAL(USE_ATTR_SQL, test x$attr_sql = xtrue -o x$sql = xtrue) +AM_CONDITIONAL(USE_KERNEL_KLIPS, test x$kernel_klips = xtrue) +AM_CONDITIONAL(USE_KERNEL_NETLINK, test x$kernel_netlink = xtrue) +AM_CONDITIONAL(USE_KERNEL_PFKEY, test x$kernel_pfkey = xtrue) +AM_CONDITIONAL(USE_KERNEL_PFROUTE, test x$kernel_pfroute = xtrue) AM_CONDITIONAL(USE_RESOLVE, test x$resolve = xtrue) dnl pluto plugins @@ -893,6 +923,7 @@ AM_CONDITIONAL(USE_FILE_CONFIG, test x$pluto = xtrue -o x$stroke = xtrue) AM_CONDITIONAL(USE_LIBCAP, test x$capabilities = xlibcap) AM_CONDITIONAL(USE_VSTR, test x$vstr = xtrue) AM_CONDITIONAL(USE_SIMAKA, test x$simaka = xtrue) +AM_CONDITIONAL(USE_TLS, test x$tls = xtrue) AM_CONDITIONAL(MONOLITHIC, test x$monolithic = xtrue) dnl ============================== @@ -916,6 +947,7 @@ dnl ============================== AC_OUTPUT( Makefile + man/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile @@ -946,13 +978,22 @@ AC_OUTPUT( src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile + src/libstrongswan/plugins/pkcs11/Makefile + src/libstrongswan/plugins/ctr/Makefile + src/libstrongswan/plugins/ccm/Makefile + src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libhydra/Makefile src/libhydra/plugins/attr/Makefile src/libhydra/plugins/attr_sql/Makefile + src/libhydra/plugins/kernel_klips/Makefile + src/libhydra/plugins/kernel_netlink/Makefile + src/libhydra/plugins/kernel_pfkey/Makefile + src/libhydra/plugins/kernel_pfroute/Makefile src/libhydra/plugins/resolve/Makefile src/libfreeswan/Makefile src/libsimaka/Makefile + src/libtls/Makefile src/pluto/Makefile src/pluto/plugins/xauth/Makefile src/whack/Makefile @@ -969,11 +1010,14 @@ AC_OUTPUT( src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile + src/libcharon/plugins/eap_tls/Makefile + src/libcharon/plugins/eap_ttls/Makefile + src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile - src/libcharon/plugins/kernel_netlink/Makefile - src/libcharon/plugins/kernel_pfkey/Makefile - src/libcharon/plugins/kernel_pfroute/Makefile - src/libcharon/plugins/kernel_klips/Makefile + src/libcharon/plugins/tnc_imc/Makefile + src/libcharon/plugins/tnc_imv/Makefile + src/libcharon/plugins/tnccs_11/Makefile + src/libcharon/plugins/tnccs_20/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_raw/Makefile src/libcharon/plugins/socket_dynamic/Makefile @@ -986,7 +1030,9 @@ AC_OUTPUT( src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile + src/libcharon/plugins/led/Makefile src/libcharon/plugins/android/Makefile + src/libcharon/plugins/maemo/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile diff --git a/m4/macros/add-plugin.m4 b/m4/macros/add-plugin.m4 new file mode 100644 index 000000000..4986a5449 --- /dev/null +++ b/m4/macros/add-plugin.m4 @@ -0,0 +1,10 @@ +# ADD_PLUGIN(plugin, category list) +# ----------------------------------- +# Append the plugin name $1 to the category list variable $2_plugin +AC_DEFUN([ADD_PLUGIN], + if test [patsubst(x$$1, [-], [_])] = xtrue; then + [m4_foreach_w([category], [$2], + [m4_format([%s_plugins=${%s_plugins}" $1"], category, category)] + )] + fi +) diff --git a/man/Makefile.am b/man/Makefile.am new file mode 100644 index 000000000..a74a901b8 --- /dev/null +++ b/man/Makefile.am @@ -0,0 +1,11 @@ +dist_man_MANS = ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5 +EXTRA_DIST = ipsec.conf.5.in ipsec.secrets.5.in strongswan.conf.5.in +CLEANFILES = ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5 + +SUFFIXES = .in + +.in: + sed \ + -e "s:@IPSEC_VERSION@:$(PACKAGE_VERSION):" \ + $(srcdir)/$@.in > $@ + diff --git a/man/Makefile.in b/man/Makefile.in new file mode 100644 index 000000000..4388e318b --- /dev/null +++ b/man/Makefile.in @@ -0,0 +1,507 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = man +DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +SOURCES = +DIST_SOURCES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +man5dir = $(mandir)/man5 +am__installdirs = "$(DESTDIR)$(man5dir)" +NROFF = nroff +MANS = $(dist_man_MANS) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +dist_man_MANS = ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5 +EXTRA_DIST = ipsec.conf.5.in ipsec.secrets.5.in strongswan.conf.5.in +CLEANFILES = ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5 +SUFFIXES = .in +all: all-am + +.SUFFIXES: +.SUFFIXES: .in +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu man/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu man/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-man5: $(dist_man_MANS) + @$(NORMAL_INSTALL) + test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" + @list=''; test -n "$(man5dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.5[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ + done; } + +uninstall-man5: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man5dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.5[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } +tags: TAGS +TAGS: + +ctags: CTAGS +CTAGS: + + +distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(MANS) +installdirs: + for dir in "$(DESTDIR)$(man5dir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-man + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: install-man5 + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-man + +uninstall-man: uninstall-man5 + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + distclean distclean-generic distclean-libtool distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-man5 \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + uninstall uninstall-am uninstall-man uninstall-man5 + + +.in: + sed \ + -e "s:@IPSEC_VERSION@:$(PACKAGE_VERSION):" \ + $(srcdir)/$@.in > $@ + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/man/ipsec.conf.5 b/man/ipsec.conf.5 new file mode 100644 index 000000000..b1e60b280 --- /dev/null +++ b/man/ipsec.conf.5 @@ -0,0 +1,1358 @@ +.TH IPSEC.CONF 5 "2010-10-19" "4.5.0rc2" "strongSwan" +.SH NAME +ipsec.conf \- IPsec configuration and connections +.SH DESCRIPTION +The optional +.I ipsec.conf +file +specifies most configuration and control information for the +strongSwan IPsec subsystem. +The major exception is secrets for authentication; +see +.IR ipsec.secrets (5). +Its contents are not security-sensitive. +.PP +The file is a text file, consisting of one or more +.IR sections . +White space followed by +.B # +followed by anything to the end of the line +is a comment and is ignored, +as are empty lines which are not within a section. +.PP +A line which contains +.B include +and a file name, separated by white space, +is replaced by the contents of that file, +preceded and followed by empty lines. +If the file name is not a full pathname, +it is considered to be relative to the directory containing the +including file. +Such inclusions can be nested. +Only a single filename may be supplied, and it may not contain white space, +but it may include shell wildcards (see +.IR sh (1)); +for example: +.PP +.B include +.B "ipsec.*.conf" +.PP +The intention of the include facility is mostly to permit keeping +information on connections, or sets of connections, +separate from the main configuration file. +This permits such connection descriptions to be changed, +copied to the other security gateways involved, etc., +without having to constantly extract them from the configuration +file and then insert them back into it. +Note also the +.B also +parameter (described below) which permits splitting a single logical +section (e.g. a connection description) into several actual sections. +.PP +A section +begins with a line of the form: +.PP +.I type +.I name +.PP +where +.I type +indicates what type of section follows, and +.I name +is an arbitrary name which distinguishes the section from others +of the same type. +Names must start with a letter and may contain only +letters, digits, periods, underscores, and hyphens. +All subsequent non-empty lines +which begin with white space are part of the section; +comments within a section must begin with white space too. +There may be only one section of a given type with a given name. +.PP +Lines within the section are generally of the form +.PP +\ \ \ \ \ \fIparameter\fB=\fIvalue\fR +.PP +(note the mandatory preceding white space). +There can be white space on either side of the +.BR = . +Parameter names follow the same syntax as section names, +and are specific to a section type. +Unless otherwise explicitly specified, +no parameter name may appear more than once in a section. +.PP +An empty +.I value +stands for the system default value (if any) of the parameter, +i.e. it is roughly equivalent to omitting the parameter line entirely. +A +.I value +may contain white space only if the entire +.I value +is enclosed in double quotes (\fB"\fR); +a +.I value +cannot itself contain a double quote, +nor may it be continued across more than one line. +.PP +Numeric values are specified to be either an ``integer'' +(a sequence of digits) or a ``decimal number'' +(sequence of digits optionally followed by `.' and another sequence of digits). +.PP +There is currently one parameter which is available in any type of +section: +.TP +.B also +the value is a section name; +the parameters of that section are appended to this section, +as if they had been written as part of it. +The specified section must exist, must follow the current one, +and must have the same section type. +(Nesting is permitted, +and there may be more than one +.B also +in a single section, +although it is forbidden to append the same section more than once.) +.PP +A section with name +.B %default +specifies defaults for sections of the same type. +For each parameter in it, +any section of that type which does not have a parameter of the same name +gets a copy of the one from the +.B %default +section. +There may be multiple +.B %default +sections of a given type, +but only one default may be supplied for any specific parameter name, +and all +.B %default +sections of a given type must precede all non-\c +.B %default +sections of that type. +.B %default +sections may not contain the +.B also +parameter. +.PP +Currently there are three types of sections: +a +.B config +section specifies general configuration information for IPsec, a +.B conn +section specifies an IPsec connection, while a +.B ca +section specifies special properties of a certification authority. +.SH "CONN SECTIONS" +A +.B conn +section contains a +.IR "connection specification" , +defining a network connection to be made using IPsec. +The name given is arbitrary, and is used to identify the connection. +Here's a simple example: +.PP +.ne 10 +.nf +.ft B +.ta 1c +conn snt + left=192.168.0.1 + leftsubnet=10.1.0.0/16 + right=192.168.0.2 + rightsubnet=10.1.0.0/16 + keyingtries=%forever + auto=add +.ft +.fi +.PP +A note on terminology: There are two kinds of communications going on: +transmission of user IP packets, and gateway-to-gateway negotiations for +keying, rekeying, and general control. +The path to control the connection is called 'ISAKMP SA' in IKEv1 +and 'IKE SA' in the IKEv2 protocol. That what is being negotiated, the kernel +level data path, is called 'IPsec SA' or 'Child SA'. +strongSwan currently uses two separate keying daemons. \fIpluto\fP handles +all IKEv1 connections, \fIcharon\fP is the daemon handling the IKEv2 +protocol. +.PP +To avoid trivial editing of the configuration file to suit it to each system +involved in a connection, +connection specifications are written in terms of +.I left +and +.I right +participants, +rather than in terms of local and remote. +Which participant is considered +.I left +or +.I right +is arbitrary; +for every connection description an attempt is made to figure out whether +the local endpoint should act as the +.I left +or +.I right +endpoint. This is done by matching the IP addresses defined for both endpoints +with the IP addresses assigned to local network interfaces. If a match is found +then the role (left or right) that matches is going to be considered local. +If no match is found during startup, +.I left +is considered local. +This permits using identical connection specifications on both ends. +There are cases where there is no symmetry; a good convention is to +use +.I left +for the local side and +.I right +for the remote side (the first letters are a good mnemonic). +.PP +Many of the parameters relate to one participant or the other; +only the ones for +.I left +are listed here, but every parameter whose name begins with +.B left +has a +.B right +counterpart, +whose description is the same but with +.B left +and +.B right +reversed. +.PP +Parameters are optional unless marked '(required)'. +.SS "CONN PARAMETERS" +Unless otherwise noted, for a connection to work, +in general it is necessary for the two ends to agree exactly +on the values of these parameters. +.TP +.BR aaa_identity " = " +defines the identity of the AAA backend used during IKEv2 EAP authentication. +This is required if the EAP client uses a method that verifies the server +identity (such as EAP-TLS), but it does not match the IKEv2 gateway identity. +.TP +.BR also " = " +includes conn section +.BR . +.TP +.BR auth " = " esp " | ah" +whether authentication should be done as part of +ESP encryption, or separately using the AH protocol; +acceptable values are +.B esp +(the default) and +.BR ah . +.br +The IKEv2 daemon currently supports ESP only. +.TP +.BR authby " = " pubkey " | rsasig | ecdsasig | psk | eap | never | xauth..." +how the two security gateways should authenticate each other; +acceptable values are +.B psk +or +.B secret +for pre-shared secrets, +.B pubkey +(the default) for public key signatures as well as the synonyms +.B rsasig +for RSA digital signatures and +.B ecdsasig +for Elliptic Curve DSA signatures. +.B never +can be used if negotiation is never to be attempted or accepted (useful for +shunt-only conns). +Digital signatures are superior in every way to shared secrets. +IKEv1 additionally supports the values +.B xauthpsk +and +.B xauthrsasig +that will enable eXtended AUTHentication (XAUTH) in addition to IKEv1 main mode +based on shared secrets or digital RSA signatures, respectively. +IKEv2 additionally supports the value +.BR eap , +which indicates an initiator to request EAP authentication. The EAP method +to use is selected by the server (see +.BR eap ). +This parameter is deprecated for IKEv2 connections, as two peers do not need +to agree on an authentication method. Use the +.B leftauth +parameter instead to define authentication methods in IKEv2. +.TP +.BR auto " = " ignore " | add | route | start" +what operation, if any, should be done automatically at IPsec startup; +currently-accepted values are +.BR add , +.BR route , +.B start +and +.B ignore +(the default). +.B add +loads a connection without starting it. +.B route +loads a connection and installs kernel traps. If traffic is detected between +.B leftsubnet +and +.B rightsubnet +, a connection is established. +.B start +loads a connection and brings it up immediatly. +.B ignore +ignores the connection. This is equal to delete a connection from the config +file. +Relevant only locally, other end need not agree on it +(but in general, for an intended-to-be-permanent connection, +both ends should use +.B auto=start +to ensure that any reboot causes immediate renegotiation). +.TP +.BR compress " = yes | " no +whether IPComp compression of content is proposed on the connection +(link-level compression does not work on encrypted data, +so to be effective, compression must be done \fIbefore\fR encryption); +acceptable values are +.B yes +and +.B no +(the default). A value of +.B yes +causes IPsec to propose both compressed and uncompressed, +and prefer compressed. +A value of +.B no +prevents IPsec from proposing compression; +a proposal to compress will still be accepted. +.TP +.BR dpdaction " = " none " | clear | hold | restart" +controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where +R_U_THERE notification messages (IKEv1) or empty INFORMATIONAL messages (IKEv2) +are periodically sent in order to check the +liveliness of the IPsec peer. The values +.BR clear , +.BR hold , +and +.B restart +all activate DPD. If no activity is detected, all connections with a dead peer +are stopped and unrouted +.RB ( clear ), +put in the hold state +.RB ( hold ) +or restarted +.RB ( restart ). +For IKEv1, the default is +.B none +which disables the active sending of R_U_THERE notifications. +Nevertheless pluto will always send the DPD Vendor ID during connection set up +in order to signal the readiness to act passively as a responder if the peer +wants to use DPD. For IKEv2, +.B none +does't make sense, since all messages are used to detect dead peers. If specified, +it has the same meaning as the default +.RB ( clear ). +.TP +.BR dpddelay " = " 30s " |