CONFIG_DIR= $(MAIN_DIR)config/
-OBJS+= $(BUILD_DIR)configuration_manager.o
-$(BUILD_DIR)configuration_manager.o : $(CONFIG_DIR)configuration_manager.c $(CONFIG_DIR)configuration_manager.h
- $(CC) $(CFLAGS) -c -o $@ $<
OBJS+= $(BUILD_DIR)init_config.o
$(BUILD_DIR)init_config.o : $(CONFIG_DIR)init_config.c $(CONFIG_DIR)init_config.h
OBJS+= $(BUILD_DIR)proposal.o
$(BUILD_DIR)proposal.o : $(CONFIG_DIR)proposal.c $(CONFIG_DIR)proposal.h
$(CC) $(CFLAGS) -c -o $@ $<
+
+OBJS+= $(BUILD_DIR)static_configuration.o
+$(BUILD_DIR)static_configuration.o : $(CONFIG_DIR)static_configuration.c $(CONFIG_DIR)static_configuration.h
+ $(CC) $(CFLAGS) -c -o $@ $<
+
+OBJS+= $(BUILD_DIR)starter_configuration.o
+$(BUILD_DIR)starter_configuration.o : $(CONFIG_DIR)starter_configuration.c $(CONFIG_DIR)starter_configuration.h
+ $(CC) $(CFLAGS) -c -o $@ $<
\ No newline at end of file
/**
- * @file configuration_manager.h
+ * @file configuration.h
*
- * @brief Interface of configuration_manager_t.
+ * @brief Interface configuration_t.
*
*/
* for more details.
*/
-#ifndef CONFIGURATION_MANAGER_H_
-#define CONFIGURATION_MANAGER_H_
+#ifndef CONFIGURATION_H_
+#define CONFIGURATION_H_
#include <types.h>
#include <config/init_config.h>
#include <transforms/rsa/rsa_public_key.h>
-typedef struct configuration_manager_t configuration_manager_t;
+typedef struct configuration_t configuration_t;
/**
- * @brief Manages all configuration aspects of the daemon.
+ * @brief The interface for a configuration backend.
*
- * @b Constructors:
- * - configuration_manager_create()
+ * Multiple backends for the configuration are conceivable:
+ * - ipsec starter from pluto
+ * - own file backend
+ * - multiple database backends
+ * - LDAP backend?
*
- * @todo Build a (file) backend for the configuration manager.
+ * @b Constructors:
+ * - configuration_create()
*
* @ingroup config
*/
-struct configuration_manager_t {
+struct configuration_t {
/**
* @brief Returns the configuration information needed for IKE_SA_INIT exchange
* for a specific configuration name.
*
* The returned init_config_t object MUST NOT be destroyed cause it's managed by
- * this configuration_manager_t object.
+ * this configuration_t object.
*
* @param this calling object
* @param name name of the configuration
* - NOT_FOUND
* - SUCCESS
*/
- status_t (*get_init_config_for_name) (configuration_manager_t *this, char *name, init_config_t **init_config);
+ status_t (*get_init_config_for_name) (configuration_t *this, char *name, init_config_t **init_config);
/**
* @brief Returns the configuration information needed for IKE_SA_INIT exchange
* for specific host informations.
*
* The returned init_config_t object MUST NOT be destroyed cause it's managed by
- * this configuration_manager_t object.
+ * this configuration_t object.
*
* @param this calling object
* @param my_host my host informations
* - NOT_FOUND
* - SUCCESS
*/
- status_t (*get_init_config_for_host) (configuration_manager_t *this, host_t *my_host, host_t *other_host,init_config_t **init_config);
+ status_t (*get_init_config_for_host) (configuration_t *this, host_t *my_host, host_t *other_host,init_config_t **init_config);
/**
* @brief Returns the configuration information needed after IKE_SA_INIT exchange
* for a specific configuration name.
*
* The returned sa_config_t object MUST NOT be destroyed cause it's managed by
- * this configuration_manager_t object.
+ * this configuration_t object.
*
* @param this calling object
* @param name name of the configuration
* - NOT_FOUND
* - SUCCESS
*/
- status_t (*get_sa_config_for_name) (configuration_manager_t *this, char *name, sa_config_t **sa_config);
+ status_t (*get_sa_config_for_name) (configuration_t *this, char *name, sa_config_t **sa_config);
/**
* @brief Returns the configuration information needed after IKE_SA_INIT exchange
* for specific init_config_t and ID data.
*
* The returned sa_config_t object MUST NOT be destroyed cause it's managed by
- * this configuration_manager_t object.
+ * this configuration_t object.
*
* @param this calling object
* @param init_config init_config_t object
* - NOT_FOUND
* - SUCCESS
*/
- status_t (*get_sa_config_for_init_config_and_id) (configuration_manager_t *this, init_config_t *init_config, identification_t *other_id, identification_t *my_id,sa_config_t **sa_config);
+ status_t (*get_sa_config_for_init_config_and_id) (configuration_t *this, init_config_t *init_config, identification_t *other_id, identification_t *my_id,sa_config_t **sa_config);
/**
* @brief Returns the retransmit timeout.
*
- * The timeout values are managed by the configuration manager.
+ * The timeout values are managed by the configuration.
*
* @param this calling object
* @param retransmit_count number of times a message was retransmitted so far
* - FAILED, if the message should not be retransmitted
* - SUCCESS
*/
- status_t (*get_retransmit_timeout) (configuration_manager_t *this, u_int32_t retransmit_count, u_int32_t *timeout);
+ status_t (*get_retransmit_timeout) (configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout);
/**
* @brief Returns the timeout for an half open IKE_SA in ms.
* @param this calling object
* @return timeout in milliseconds (ms)
*/
- u_int32_t (*get_half_open_ike_sa_timeout) (configuration_manager_t *this);
+ u_int32_t (*get_half_open_ike_sa_timeout) (configuration_t *this);
/**
* @brief Returns the preshared secret of a specific ID.
*
* The returned preshared secret MUST NOT be destroyed cause it's managed by
- * this configuration_manager_t object.
+ * this configuration_t object.
*
* @param this calling object
* @param identification identification_t object identifiying the ID.
* - NOT_FOUND if no preshared secrets for specific ID could be found
* - SUCCESS
*/
- status_t (*get_shared_secret) (configuration_manager_t *this, identification_t *identification, chunk_t *preshared_secret);
+ status_t (*get_shared_secret) (configuration_t *this, identification_t *identification, chunk_t *preshared_secret);
/**
* @brief Returns the RSA public key of a specific ID.
*
* The returned rsa_public_key_t object MUST NOT be destroyed cause it's managed by
- * this configuration_manager_t object.
+ * this configuration_t object.
*
* @param this calling object
* @param identification identification_t object identifiying the ID.
* - NOT_FOUND if no key is configured for specific id
* - SUCCESS
*/
- status_t (*get_rsa_public_key) (configuration_manager_t *this, identification_t *identification, rsa_public_key_t **public_key);
+ status_t (*get_rsa_public_key) (configuration_t *this, identification_t *identification, rsa_public_key_t **public_key);
/**
* @brief Returns the RSA private key of a specific ID.
*
* The returned rsa_private_key_t object MUST NOT be destroyed cause it's managed by
- * this configuration_manager_t object.
+ * this configuration_t object.
*
* @param this calling object
* @param identification identification_t object identifiying the ID.
* - NOT_FOUND if no key is configured for specific id
* - SUCCESS
*/
- status_t (*get_rsa_private_key) (configuration_manager_t *this, identification_t *identification, rsa_private_key_t **private_key);
+ status_t (*get_rsa_private_key) (configuration_t *this, identification_t *identification, rsa_private_key_t **private_key);
/**
- * @brief Destroys a configuration_manager_t object.
+ * @brief Destroys a configuration_t object.
*
* @param this calling object
*/
- void (*destroy) (configuration_manager_t *this);
+ void (*destroy) (configuration_t *this);
};
-/**
- * @brief Creates the mighty configuration manager.
- *
- * @param first_retransmit_timeout first retransmit timeout in milliseconds
- * @param max_retransmit_count max number of tries to retransmitted a requests (0 for infinite)
- * @param half_open_ike_sa_timeout timeout after that a half open IKE_SA gets deleted
- * @return configuration_manager_t object
- *
- * @ingroup config
- */
-configuration_manager_t *configuration_manager_create(u_int32_t first_retransmit_timeout,u_int32_t max_retransmit_count, u_int32_t half_open_ike_sa_timeout);
-
-#endif /*CONFIGURATION_MANAGER_H_*/
+#endif /*CONFIGURATION_H_*/
typedef enum transform_type_t transform_type_t;
/**
- * Type of a transform, as in IKEv2 draft 3.3.2.
+ * Type of a transform, as in IKEv2 RFC 3.3.2.
*
* @ingroup payloads
*/
typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
/**
- * Extended sequence numbers, as in IKEv2 draft 3.3.2.
+ * Extended sequence numbers, as in IKEv2 RFC 3.3.2.
*
* @ingroup payloads
*/
*/
linked_list_t *(*get_my_traffic_selectors) (sa_config_t *this);
-
/**
* @brief Get configured traffic selectors for others site.
*
--- /dev/null
+/**
+ * @file starter_configuration.c
+ *
+ * @brief Implementation of starter_configuration_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/fcntl.h>
+#include <unistd.h>
+#include <errno.h>
+#include <pthread.h>
+
+#include "starter_configuration.h"
+
+#include <types.h>
+#include <daemon.h>
+#include <utils/allocator.h>
+
+
+/**
+ * First retransmit timeout in milliseconds.
+ *
+ * Timeout value is increasing in each retransmit round.
+ */
+#define RETRANSMIT_TIMEOUT 3000
+
+/**
+ * Timeout in milliseconds after that a half open IKE_SA gets deleted.
+ */
+#define HALF_OPEN_IKE_SA_TIMEOUT 30000
+
+/**
+ * Max retransmit count.
+ * 0 for infinite. The max time a half open IKE_SA is alive is set by
+ * RETRANSMIT_TIMEOUT.
+ */
+#define MAX_RETRANSMIT_COUNT 0
+
+
+struct sockaddr_un socket_addr = { AF_UNIX, "/var/run/pluto.ctl"};
+
+
+typedef struct preshared_secret_entry_t preshared_secret_entry_t;
+
+/**
+ * A preshared secret entry combines an identifier and a
+ * preshared secret.
+ */
+struct preshared_secret_entry_t {
+
+ /**
+ * Identification.
+ */
+ identification_t *identification;
+
+ /**
+ * Preshared secret as chunk_t. The NULL termination is not included.
+ */
+ chunk_t preshared_secret;
+};
+
+
+typedef struct rsa_private_key_entry_t rsa_private_key_entry_t;
+
+/**
+ * Entry for a rsa private key.
+ */
+struct rsa_private_key_entry_t {
+
+ /**
+ * Identification.
+ */
+ identification_t *identification;
+
+ /**
+ * Private key.
+ */
+ rsa_private_key_t* private_key;
+};
+
+typedef struct rsa_public_key_entry_t rsa_public_key_entry_t;
+
+/**
+ * Entry for a rsa private key.
+ */
+struct rsa_public_key_entry_t {
+
+ /**
+ * Identification.
+ */
+ identification_t *identification;
+
+ /**
+ * Private key.
+ */
+ rsa_public_key_t* public_key;
+};
+
+typedef struct configuration_entry_t configuration_entry_t;
+
+/**
+ * A configuration entry combines a configuration name with a init and sa
+ * configuration represented as init_config_t and sa_config_t objects.
+ *
+ * @b Constructors:
+ * - configuration_entry_create()
+ */
+struct configuration_entry_t {
+
+ /**
+ * Configuration name.
+ *
+ */
+ char *name;
+
+ /**
+ * Configuration for IKE_SA_INIT exchange.
+ */
+ init_config_t *init_config;
+
+ /**
+ * Configuration for all phases after IKE_SA_INIT exchange.
+ */
+ sa_config_t *sa_config;
+
+ /**
+ * Destroys a configuration_entry_t
+ *
+ * @param this calling object
+ */
+ void (*destroy) (configuration_entry_t *this);
+};
+
+/**
+ * Implementation of configuration_entry_t.destroy.
+ */
+static void configuration_entry_destroy (configuration_entry_t *this)
+{
+ allocator_free(this->name);
+ allocator_free(this);
+}
+
+/**
+ * @brief Creates a configuration_entry_t object.
+ *
+ * @param name name of the configuration entry (gets copied)
+ * @param init_config object of type init_config_t
+ * @param sa_config object of type sa_config_t
+ */
+static configuration_entry_t * configuration_entry_create(char * name, init_config_t * init_config, sa_config_t * sa_config)
+{
+ configuration_entry_t *entry = allocator_alloc_thing(configuration_entry_t);
+
+ /* functions */
+ entry->destroy = configuration_entry_destroy;
+
+ /* private data */
+ entry->init_config = init_config;
+ entry->sa_config = sa_config;
+ entry->name = allocator_alloc(strlen(name) + 1);
+ strcpy(entry->name,name);
+ return entry;
+}
+
+typedef struct private_starter_configuration_t private_starter_configuration_t;
+
+/**
+ * Private data of an starter_configuration_t object.
+ */
+struct private_starter_configuration_t {
+
+ /**
+ * Public part of starter_configuration_t object.
+ */
+ starter_configuration_t public;
+
+ /**
+ * Holding all configurations.
+ */
+ linked_list_t *configurations;
+
+ /**
+ * Holding all managed init_configs.
+ */
+ linked_list_t *init_configs;
+
+ /**
+ * Holding all managed init_configs.
+ */
+ linked_list_t *sa_configs;
+
+ /**
+ * Holding all managed preshared secrets.
+ */
+ linked_list_t *preshared_secrets;
+
+ /**
+ * Holding all managed private secrets.
+ */
+ linked_list_t *rsa_private_keys;
+
+ /**
+ * Holding all managed public secrets.
+ */
+ linked_list_t *rsa_public_keys;
+
+ /**
+ * Assigned logger_t object.
+ */
+ logger_t *logger;
+
+ /**
+ * Max number of requests to be retransmitted.
+ * 0 for infinite.
+ */
+ u_int32_t max_retransmit_count;
+
+ /**
+ * First retransmit timeout in ms.
+ */
+ u_int32_t first_retransmit_timeout;
+
+ /**
+ * Timeout in ms after that time a IKE_SA gets deleted.
+ */
+ u_int32_t half_open_ike_sa_timeout;
+
+ int socket;
+
+ pthread_t assigned_thread;
+
+ /**
+ * Adds a new IKE_SA configuration.
+ *
+ * @param this calling object
+ * @param name name for the configuration
+ * @param init_config init_config_t object
+ * @param sa_config sa_config_t object
+ */
+ void (*add_new_configuration) (private_starter_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config);
+
+ /**
+ * Adds a new preshared secret.
+ *
+ * @param this calling object
+ * @param type type of identification
+ * @param id_string identification as string
+ * @param preshared_secret preshared secret as string
+ */
+ void (*add_new_preshared_secret) (private_starter_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret);
+
+ /**
+ * Adds a new rsa private key.
+ *
+ * @param this calling object
+ * @param type type of identification
+ * @param id_string identification as string
+ * @param key_pos location of key
+ * @param key_len length of key
+ */
+ void (*add_new_rsa_private_key) (private_starter_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len);
+
+ /**
+ * Adds a new rsa public key.
+ *
+ * @param this calling object
+ * @param type type of identification
+ * @param id_string identification as string
+ * @param key_pos location of key
+ * @param key_len length of key
+ */
+ void (*add_new_rsa_public_key) (private_starter_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len);
+
+ void (*whack_receive) (private_starter_configuration_t *this);
+};
+
+/**
+ * Implementation of private_starter_configuration_t.listen.
+ */
+static void whack_receive(private_starter_configuration_t *this)
+{
+ u_int8_t buffer[5000];
+ struct sockaddr_un whackaddr;
+ int whackaddrlen = sizeof(whackaddr);
+ ssize_t n;
+ int whackfd;
+
+ while (1)
+ {
+ whackfd = accept(this->socket, (struct sockaddr *)&whackaddr, &whackaddrlen);
+
+ if (whackfd < 0)
+ {
+ this->logger->log(this->logger, ERROR, "accept() failed in whack_handle()");
+ continue;
+ }
+ if (fcntl(whackfd, F_SETFD, FD_CLOEXEC) < 0)
+ {
+ this->logger->log(this->logger, ERROR, "failed to set CLOEXEC in whack_handle()");
+ close(whackfd);
+ continue;
+ }
+
+ n = read(whackfd, &buffer, sizeof(buffer));
+
+ if (n == -1)
+ {
+ this->logger->log(this->logger, ERROR, "read() failed in whack_handle()");
+ close(whackfd);
+ continue;
+ }
+ this->logger->log_bytes(this->logger, CONTROL, "Whackinput", buffer, n);
+ }
+}
+
+
+/**
+ * Implementation of starter_configuration_t.get_init_config_for_host.
+ */
+static status_t get_init_config_for_host (private_starter_configuration_t *this, host_t *my_host, host_t *other_host,init_config_t **init_config)
+{
+ iterator_t *iterator;
+ status_t status = NOT_FOUND;
+
+ iterator = this->configurations->create_iterator(this->configurations,TRUE);
+
+ this->logger->log(this->logger, CONTROL|LEVEL1, "getting config for hosts %s - %s",
+ my_host->get_address(my_host), other_host->get_address(other_host));
+
+ while (iterator->has_next(iterator))
+ {
+ configuration_entry_t *entry;
+ host_t *config_my_host;
+ host_t *config_other_host;
+
+ iterator->current(iterator,(void **) &entry);
+
+ config_my_host = entry->init_config->get_my_host(entry->init_config);
+ config_other_host = entry->init_config->get_other_host(entry->init_config);
+
+ /* first check if ip is equal */
+ if(config_other_host->ip_is_equal(config_other_host,other_host))
+ {
+ this->logger->log(this->logger, CONTROL|LEVEL2, "config entry with remote host %s",
+ config_other_host->get_address(config_other_host));
+ /* could be right one, check my_host for default route*/
+ if (config_my_host->is_default_route(config_my_host))
+ {
+ *init_config = entry->init_config;
+ status = SUCCESS;
+ break;
+ }
+ /* check now if host informations are the same */
+ else if (config_my_host->ip_is_equal(config_my_host,my_host))
+ {
+ *init_config = entry->init_config;
+ status = SUCCESS;
+ break;
+ }
+
+ }
+ /* Then check for wildcard hosts!
+ * TODO
+ * actually its only checked if other host with default route can be found! */
+ else if (config_other_host->is_default_route(config_other_host))
+ {
+ /* could be right one, check my_host for default route*/
+ if (config_my_host->is_default_route(config_my_host))
+ {
+ *init_config = entry->init_config;
+ status = SUCCESS;
+ break;
+ }
+ /* check now if host informations are the same */
+ else if (config_my_host->ip_is_equal(config_my_host,my_host))
+ {
+ *init_config = entry->init_config;
+ status = SUCCESS;
+ break;
+ }
+ }
+ }
+
+ iterator->destroy(iterator);
+
+ return status;
+}
+
+/**
+ * Implementation of starter_configuration_t.get_init_config_for_name.
+ */
+static status_t get_init_config_for_name (private_starter_configuration_t *this, char *name, init_config_t **init_config)
+{
+ iterator_t *iterator;
+ status_t status = NOT_FOUND;
+
+ iterator = this->configurations->create_iterator(this->configurations,TRUE);
+
+ while (iterator->has_next(iterator))
+ {
+ configuration_entry_t *entry;
+ iterator->current(iterator,(void **) &entry);
+
+ if (strcmp(entry->name,name) == 0)
+ {
+
+ /* found configuration */
+ *init_config = entry->init_config;
+ status = SUCCESS;
+ break;
+ }
+ }
+
+ iterator->destroy(iterator);
+
+ return status;
+}
+
+/**
+ * Implementation of starter_configuration_t.get_sa_config_for_name.
+ */
+static status_t get_sa_config_for_name (private_starter_configuration_t *this, char *name, sa_config_t **sa_config)
+{
+ iterator_t *iterator;
+ status_t status = NOT_FOUND;
+
+ iterator = this->configurations->create_iterator(this->configurations,TRUE);
+
+ while (iterator->has_next(iterator))
+ {
+ configuration_entry_t *entry;
+ iterator->current(iterator,(void **) &entry);
+
+ if (strcmp(entry->name,name) == 0)
+ {
+ /* found configuration */
+ *sa_config = entry->sa_config;
+ status = SUCCESS;
+ break;
+ }
+ }
+
+ iterator->destroy(iterator);
+
+ return status;
+}
+
+/**
+ * Implementation of starter_configuration_t.get_sa_config_for_init_config_and_id.
+ */
+static status_t get_sa_config_for_init_config_and_id (private_starter_configuration_t *this, init_config_t *init_config, identification_t *other_id, identification_t *my_id,sa_config_t **sa_config)
+{
+ iterator_t *iterator;
+ status_t status = NOT_FOUND;
+
+ iterator = this->configurations->create_iterator(this->configurations,TRUE);
+
+ while (iterator->has_next(iterator))
+ {
+ configuration_entry_t *entry;
+ iterator->current(iterator,(void **) &entry);
+
+ if (entry->init_config == init_config)
+ {
+ identification_t *config_my_id = entry->sa_config->get_my_id(entry->sa_config);
+ identification_t *config_other_id = entry->sa_config->get_other_id(entry->sa_config);
+
+ /* host informations seem to be the same */
+ if (config_other_id->equals(config_other_id,other_id))
+ {
+ /* other ids seems to match */
+
+ if (my_id == NULL)
+ {
+ /* first matching one is selected */
+
+ /* TODO priorize found entries */
+ *sa_config = entry->sa_config;
+ status = SUCCESS;
+ break;
+ }
+
+ if (config_my_id->equals(config_my_id,my_id))
+ {
+ *sa_config = entry->sa_config;
+ status = SUCCESS;
+ break;
+ }
+
+ }
+ }
+ }
+
+ iterator->destroy(iterator);
+
+ return status;
+}
+
+/**
+ * Implementation of private_starter_configuration_t.add_new_configuration.
+ */
+static void add_new_configuration (private_starter_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config)
+{
+ iterator_t *iterator;
+ bool found;
+
+ iterator = this->init_configs->create_iterator(this->init_configs,TRUE);
+ found = FALSE;
+ while (iterator->has_next(iterator))
+ {
+ init_config_t *found_init_config;
+ iterator->current(iterator,(void **) &found_init_config);
+ if (init_config == found_init_config)
+ {
+ found = TRUE;
+ break;
+ }
+ }
+ iterator->destroy(iterator);
+ if (!found)
+ {
+ this->init_configs->insert_first(this->init_configs,init_config);
+ }
+
+ iterator = this->sa_configs->create_iterator(this->sa_configs,TRUE);
+ found = FALSE;
+ while (iterator->has_next(iterator))
+ {
+ sa_config_t *found_sa_config;
+ iterator->current(iterator,(void **) &found_sa_config);
+ if (sa_config == found_sa_config)
+ {
+ found = TRUE;
+ break;
+ }
+ }
+ iterator->destroy(iterator);
+ if (!found)
+ {
+ this->sa_configs->insert_first(this->sa_configs,sa_config);
+ }
+
+ this->configurations->insert_last(this->configurations,configuration_entry_create(name,init_config,sa_config));
+}
+
+/**
+ * Implementation of private_starter_configuration_t.add_new_preshared_secret.
+ */
+static void add_new_preshared_secret (private_starter_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret)
+{
+ preshared_secret_entry_t *entry = allocator_alloc_thing(preshared_secret_entry_t);
+
+ entry->identification = identification_create_from_string(type,id_string);
+ entry->preshared_secret.len = strlen(preshared_secret) + 1;
+ entry->preshared_secret.ptr = allocator_alloc(entry->preshared_secret.len);
+ memcpy(entry->preshared_secret.ptr,preshared_secret,entry->preshared_secret.len);
+
+ this->preshared_secrets->insert_last(this->preshared_secrets,entry);
+}
+
+/**
+ * Implementation of private_starter_configuration_t.add_new_preshared_secret.
+ */
+static void add_new_rsa_public_key (private_starter_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len)
+{
+ chunk_t key;
+ key.ptr = key_pos;
+ key.len = key_len;
+
+ rsa_public_key_entry_t *entry = allocator_alloc_thing(rsa_public_key_entry_t);
+
+ entry->identification = identification_create_from_string(type,id_string);
+ entry->public_key = rsa_public_key_create();
+ entry->public_key->set_key(entry->public_key, key);
+
+ this->rsa_public_keys->insert_last(this->rsa_public_keys, entry);
+}
+
+/**
+ * Implementation of private_starter_configuration_t.add_new_preshared_secret.
+ */
+static void add_new_rsa_private_key (private_starter_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len)
+{
+ chunk_t key;
+ key.ptr = key_pos;
+ key.len = key_len;
+
+ rsa_private_key_entry_t *entry = allocator_alloc_thing(rsa_private_key_entry_t);
+
+ entry->identification = identification_create_from_string(type,id_string);
+ entry->private_key = rsa_private_key_create();
+ entry->private_key->set_key(entry->private_key, key);
+
+ this->rsa_private_keys->insert_last(this->rsa_private_keys, entry);
+}
+
+/**
+ * Implementation of starter_configuration_t.get_shared_secret.
+ */
+static status_t get_shared_secret(private_starter_configuration_t *this, identification_t *identification, chunk_t *preshared_secret)
+{
+ iterator_t *iterator;
+
+ iterator = this->preshared_secrets->create_iterator(this->preshared_secrets,TRUE);
+ while (iterator->has_next(iterator))
+ {
+ preshared_secret_entry_t *entry;
+ iterator->current(iterator,(void **) &entry);
+ if (entry->identification->equals(entry->identification,identification))
+ {
+ *preshared_secret = entry->preshared_secret;
+ iterator->destroy(iterator);
+ return SUCCESS;
+ }
+ }
+ iterator->destroy(iterator);
+ return NOT_FOUND;
+}
+
+/**
+ * Implementation of starter_configuration_t.get_shared_secret.
+ */
+static status_t get_rsa_public_key(private_starter_configuration_t *this, identification_t *identification, rsa_public_key_t **public_key)
+{
+ iterator_t *iterator;
+
+ iterator = this->rsa_public_keys->create_iterator(this->rsa_public_keys,TRUE);
+ while (iterator->has_next(iterator))
+ {
+ rsa_public_key_entry_t *entry;
+ iterator->current(iterator,(void **) &entry);
+ if (entry->identification->equals(entry->identification,identification))
+ {
+ *public_key = entry->public_key;
+ iterator->destroy(iterator);
+ return SUCCESS;
+ }
+ }
+ iterator->destroy(iterator);
+ return NOT_FOUND;
+}
+
+/**
+ * Implementation of starter_configuration_t.get_shared_secret.
+ */
+static status_t get_rsa_private_key(private_starter_configuration_t *this, identification_t *identification, rsa_private_key_t **private_key)
+{
+ iterator_t *iterator;
+
+ iterator = this->rsa_private_keys->create_iterator(this->rsa_private_keys,TRUE);
+ while (iterator->has_next(iterator))
+ {
+ rsa_private_key_entry_t *entry;
+ iterator->current(iterator,(void **) &entry);
+ if (entry->identification->equals(entry->identification,identification))
+ {
+ *private_key = entry->private_key;
+ iterator->destroy(iterator);
+ return SUCCESS;
+ }
+ }
+ iterator->destroy(iterator);
+ return NOT_FOUND;
+}
+
+/**
+ * Implementation of starter_configuration_t.get_retransmit_timeout.
+ */
+static status_t get_retransmit_timeout (private_starter_configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout)
+{
+ int new_timeout = this->first_retransmit_timeout, i;
+ if ((retransmit_count > this->max_retransmit_count) && (this->max_retransmit_count != 0))
+ {
+ return FAILED;
+ }
+
+
+ for (i = 0; i < retransmit_count; i++)
+ {
+ new_timeout *= 2;
+ }
+
+ *timeout = new_timeout;
+
+ return SUCCESS;
+}
+
+/**
+ * Implementation of starter_configuration_t.get_half_open_ike_sa_timeout.
+ */
+static u_int32_t get_half_open_ike_sa_timeout (private_starter_configuration_t *this)
+{
+ return this->half_open_ike_sa_timeout;
+}
+
+/**
+ * Implementation of starter_configuration_t.destroy.
+ */
+static void destroy(private_starter_configuration_t *this)
+{
+ this->logger->log(this->logger,CONTROL | LEVEL1, "Going to destroy configuration backend ");
+
+ this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy configuration entries");
+ while (this->configurations->get_count(this->configurations) > 0)
+ {
+ configuration_entry_t *entry;
+ this->configurations->remove_first(this->configurations,(void **) &entry);
+ entry->destroy(entry);
+ }
+ this->configurations->destroy(this->configurations);
+
+ this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy sa_config_t objects");
+ while (this->sa_configs->get_count(this->sa_configs) > 0)
+ {
+ sa_config_t *sa_config;
+ this->sa_configs->remove_first(this->sa_configs,(void **) &sa_config);
+ sa_config->destroy(sa_config);
+ }
+
+ this->sa_configs->destroy(this->sa_configs);
+
+ this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy init_config_t objects");
+ while (this->init_configs->get_count(this->init_configs) > 0)
+ {
+ init_config_t *init_config;
+ this->init_configs->remove_first(this->init_configs,(void **) &init_config);
+ init_config->destroy(init_config);
+ }
+ this->init_configs->destroy(this->init_configs);
+
+ while (this->preshared_secrets->get_count(this->preshared_secrets) > 0)
+ {
+ preshared_secret_entry_t *entry;
+ this->preshared_secrets->remove_first(this->preshared_secrets,(void **) &entry);
+ entry->identification->destroy(entry->identification);
+ allocator_free_chunk(&(entry->preshared_secret));
+ allocator_free(entry);
+ }
+ this->preshared_secrets->destroy(this->preshared_secrets);
+
+ this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy rsa private keys");
+ while (this->rsa_private_keys->get_count(this->rsa_private_keys) > 0)
+ {
+ rsa_private_key_entry_t *entry;
+ this->rsa_private_keys->remove_first(this->rsa_private_keys,(void **) &entry);
+ entry->identification->destroy(entry->identification);
+ entry->private_key->destroy(entry->private_key);
+ allocator_free(entry);
+ }
+ this->rsa_private_keys->destroy(this->rsa_private_keys);
+
+ this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy rsa public keys");
+ while (this->rsa_public_keys->get_count(this->rsa_public_keys) > 0)
+ {
+ rsa_public_key_entry_t *entry;
+ this->rsa_public_keys->remove_first(this->rsa_public_keys,(void **) &entry);
+ entry->identification->destroy(entry->identification);
+ entry->public_key->destroy(entry->public_key);
+ allocator_free(entry);
+ }
+ this->rsa_public_keys->destroy(this->rsa_public_keys);
+
+ this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy assigned logger");
+ charon->logger_manager->destroy_logger(charon->logger_manager,this->logger);
+ close(this->socket);
+ unlink(socket_addr.sun_path);
+ allocator_free(this);
+}
+
+/*
+ * Described in header-file
+ */
+starter_configuration_t *starter_configuration_create()
+{
+ private_starter_configuration_t *this = allocator_alloc_thing(private_starter_configuration_t);
+ mode_t old;
+ bool on = TRUE;
+
+ /* public functions */
+ this->public.configuration_interface.destroy = (void(*)(configuration_t*))destroy;
+ this->public.configuration_interface.get_init_config_for_name = (status_t (*) (configuration_t *, char *, init_config_t **)) get_init_config_for_name;
+ this->public.configuration_interface.get_init_config_for_host = (status_t (*) (configuration_t *, host_t *, host_t *,init_config_t **)) get_init_config_for_host;
+ this->public.configuration_interface.get_sa_config_for_name =(status_t (*) (configuration_t *, char *, sa_config_t **)) get_sa_config_for_name;
+ this->public.configuration_interface.get_sa_config_for_init_config_and_id =(status_t (*) (configuration_t *, init_config_t *, identification_t *, identification_t *,sa_config_t **)) get_sa_config_for_init_config_and_id;
+ this->public.configuration_interface.get_retransmit_timeout = (status_t (*) (configuration_t *, u_int32_t retransmit_count, u_int32_t *timeout))get_retransmit_timeout;
+ this->public.configuration_interface.get_half_open_ike_sa_timeout = (u_int32_t (*) (configuration_t *)) get_half_open_ike_sa_timeout;
+ this->public.configuration_interface.get_shared_secret = (status_t (*) (configuration_t *, identification_t *, chunk_t *))get_shared_secret;
+ this->public.configuration_interface.get_rsa_private_key = (status_t (*) (configuration_t *, identification_t *, rsa_private_key_t**))get_rsa_private_key;
+ this->public.configuration_interface.get_rsa_public_key = (status_t (*) (configuration_t *, identification_t *, rsa_public_key_t**))get_rsa_public_key;
+
+ /* private functions */
+ this->add_new_configuration = add_new_configuration;
+ this->add_new_preshared_secret = add_new_preshared_secret;
+ this->add_new_rsa_public_key = add_new_rsa_public_key;
+ this->add_new_rsa_private_key = add_new_rsa_private_key;
+ this->whack_receive = whack_receive;
+
+ this->logger = charon->logger_manager->create_logger(charon->logger_manager,CONFIG,NULL);
+
+ /* set up unix socket */
+ this->socket = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (this->socket == -1)
+ {
+ this->logger->log(this->logger, ERROR, "could not create whack socket");
+ charon->logger_manager->destroy_logger(charon->logger_manager,this->logger);
+ allocator_free(this);
+ return NULL;
+ }
+ if (fcntl(this->socket, F_SETFD, FD_CLOEXEC) < 0)
+ {
+ this->logger->log(this->logger, ERROR, "could not FD_CLOEXEC on whack socket");
+ charon->logger_manager->destroy_logger(charon->logger_manager,this->logger);
+ close(this->socket);
+ allocator_free(this);
+ return NULL;
+ }
+ if (setsockopt(this->socket, SOL_SOCKET, SO_REUSEADDR, (const void *)&on, sizeof(on)) < 0)
+
+ old = umask(~S_IRWXU);
+ if (bind(this->socket, (struct sockaddr *)&socket_addr, sizeof(socket_addr)) < 0)
+ {
+ this->logger->log(this->logger, ERROR, "could not bind whack socket: %s", strerror(errno));
+ charon->logger_manager->destroy_logger(charon->logger_manager,this->logger);
+ close(this->socket);
+ allocator_free(this);
+ return NULL;
+ }
+ umask(old);
+
+ if (listen(this->socket, 0) < 0)
+ {
+ this->logger->log(this->logger, ERROR, "could not listen on whack socket: %s", strerror(errno));
+ charon->logger_manager->destroy_logger(charon->logger_manager,this->logger);
+ close(this->socket);
+ unlink(socket_addr.sun_path);
+ allocator_free(this);
+ return NULL;
+ }
+
+ /* start a thread reading from the socket */
+ if (pthread_create(&(this->assigned_thread), NULL, (void*(*)(void*))this->whack_receive, this) != 0)
+ {
+ this->logger->log(this->logger, ERROR, "Could not spawn whack thread");
+ charon->logger_manager->destroy_logger(charon->logger_manager, this->logger);
+ close(this->socket);
+ unlink(socket_addr.sun_path);
+ allocator_free(this);
+ }
+
+ /* private variables */
+ this->configurations = linked_list_create();
+ this->sa_configs = linked_list_create();
+ this->init_configs = linked_list_create();
+ this->preshared_secrets = linked_list_create();
+ this->rsa_private_keys = linked_list_create();
+ this->rsa_public_keys = linked_list_create();
+ this->max_retransmit_count = MAX_RETRANSMIT_COUNT;
+ this->first_retransmit_timeout = RETRANSMIT_TIMEOUT;
+ this->half_open_ike_sa_timeout = HALF_OPEN_IKE_SA_TIMEOUT;
+
+ return (&this->public);
+}
--- /dev/null
+/**
+ * @file starter_configuration_t.h
+ *
+ * @brief Interface of starter_configuration_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef STARTER_CONFIGURATION_H_
+#define STARTER_CONFIGURATION_H_
+
+#include <config/configuration.h>
+
+
+typedef struct starter_configuration_t starter_configuration_t;
+
+/**
+ * @brief A config backend which uses the ipsec starter
+ * from pluto, wich parses config files.
+ *
+ * This configuration implementation opens a Whack-Socket
+ * and waits for input from ipsec starter.
+ *
+ * @b Constructors:
+ * - starter_configuration_create()
+ *
+ * @ingroup config
+ */
+struct starter_configuration_t {
+
+ /**
+ * Implements configuration_t interface
+ */
+ configuration_t configuration_interface;
+};
+
+/**
+ * @brief Creates an configuration using ipsec starter as input.
+ *
+ * @return starter_configuration_t object
+ *
+ * @ingroup config
+ */
+starter_configuration_t *starter_configuration_create();
+
+#endif /*STARTER_CONFIGURATION_H_*/
/**
- * @file configuration_manager.c
+ * @file static_configuration.c
*
- * @brief Implementation of configuration_manager_t.
+ * @brief Implementation of static_configuration_t.
*
*/
#include <stdlib.h>
-#include "configuration_manager.h"
+#include "static_configuration.h"
#include <types.h>
#include <daemon.h>
#include <utils/allocator.h>
+/**
+ * First retransmit timeout in milliseconds.
+ *
+ * Timeout value is increasing in each retransmit round.
+ */
+#define RETRANSMIT_TIMEOUT 3000
+
+/**
+ * Timeout in milliseconds after that a half open IKE_SA gets deleted.
+ */
+#define HALF_OPEN_IKE_SA_TIMEOUT 30000
+
+/**
+ * Max retransmit count.
+ * 0 for infinite. The max time a half open IKE_SA is alive is set by
+ * RETRANSMIT_TIMEOUT.
+ */
+#define MAX_RETRANSMIT_COUNT 0
+
typedef struct preshared_secret_entry_t preshared_secret_entry_t;
return entry;
}
-typedef struct private_configuration_manager_t private_configuration_manager_t;
+typedef struct private_static_configuration_t private_static_configuration_t;
/**
- * Private data of an configuration_manager_t object.
+ * Private data of an static_configuration_t object.
*/
-struct private_configuration_manager_t {
+struct private_static_configuration_t {
/**
- * Public part of configuration_manager_t object.
+ * Public part of static_configuration_t object.
*/
- configuration_manager_t public;
+ static_configuration_t public;
/**
* Holding all configurations.
* @param init_config init_config_t object
* @param sa_config sa_config_t object
*/
- void (*add_new_configuration) (private_configuration_manager_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config);
+ void (*add_new_configuration) (private_static_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config);
/**
* Adds a new preshared secret.
* @param id_string identification as string
* @param preshared_secret preshared secret as string
*/
- void (*add_new_preshared_secret) (private_configuration_manager_t *this,id_type_t type, char *id_string, char *preshared_secret);
+ void (*add_new_preshared_secret) (private_static_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret);
/**
* Adds a new rsa private key.
* @param key_pos location of key
* @param key_len length of key
*/
- void (*add_new_rsa_private_key) (private_configuration_manager_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len);
+ void (*add_new_rsa_private_key) (private_static_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len);
/**
* Adds a new rsa public key.
* @param key_pos location of key
* @param key_len length of key
*/
- void (*add_new_rsa_public_key) (private_configuration_manager_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len);
+ void (*add_new_rsa_public_key) (private_static_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len);
/**
* Load default configuration.
*
* @param this calling object
*/
- void (*load_default_config) (private_configuration_manager_t *this);
+ void (*load_default_config) (private_static_configuration_t *this);
};
u_int8_t private_key_2[];
/**
- * Implementation of private_configuration_manager_t.load_default_config.
+ * Implementation of private_static_configuration_t.load_default_config.
*/
-static void load_default_config (private_configuration_manager_t *this)
+static void load_default_config (private_static_configuration_t *this)
{
init_config_t *init_config_a, *init_config_b;
proposal_t *proposal;
sa_config_t *sa_config_a, *sa_config_b;
traffic_selector_t *ts;
- init_config_a = init_config_create("192.168.0.1","192.168.0.2",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
- init_config_b = init_config_create("192.168.0.2","192.168.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
+ init_config_a = init_config_create("0.0.0.0","192.168.0.2",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
+ init_config_b = init_config_create("0.0.0.0","192.168.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
/* IKE proposals for alice */
proposal = proposal_create(1);
sa_config_b->add_proposal(sa_config_b, proposal);
-
-
-
this->add_new_configuration(this,"sun",init_config_a,sa_config_a);
this->add_new_configuration(this,"moon",init_config_b,sa_config_b);
-
//this->add_new_preshared_secret(this,ID_IPV4_ADDR, "192.168.1.2","verschluesselt");
-
this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "192.168.0.1", public_key_1, 256);
this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "192.168.0.2", public_key_2, 256);
this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "192.168.0.1", private_key_1, 1024);
}
/**
- * Implementation of configuration_manager_t.get_init_config_for_host.
+ * Implementation of static_configuration_t.get_init_config_for_host.
*/
-static status_t get_init_config_for_host (private_configuration_manager_t *this, host_t *my_host, host_t *other_host,init_config_t **init_config)
+static status_t get_init_config_for_host (private_static_configuration_t *this, host_t *my_host, host_t *other_host,init_config_t **init_config)
{
iterator_t *iterator;
status_t status = NOT_FOUND;
}
/**
- * Implementation of configuration_manager_t.get_init_config_for_name.
+ * Implementation of static_configuration_t.get_init_config_for_name.
*/
-static status_t get_init_config_for_name (private_configuration_manager_t *this, char *name, init_config_t **init_config)
+static status_t get_init_config_for_name (private_static_configuration_t *this, char *name, init_config_t **init_config)
{
iterator_t *iterator;
status_t status = NOT_FOUND;
}
/**
- * Implementation of configuration_manager_t.get_sa_config_for_name.
+ * Implementation of static_configuration_t.get_sa_config_for_name.
*/
-static status_t get_sa_config_for_name (private_configuration_manager_t *this, char *name, sa_config_t **sa_config)
+static status_t get_sa_config_for_name (private_static_configuration_t *this, char *name, sa_config_t **sa_config)
{
iterator_t *iterator;
status_t status = NOT_FOUND;
}
/**
- * Implementation of configuration_manager_t.get_sa_config_for_init_config_and_id.
+ * Implementation of static_configuration_t.get_sa_config_for_init_config_and_id.
*/
-static status_t get_sa_config_for_init_config_and_id (private_configuration_manager_t *this, init_config_t *init_config, identification_t *other_id, identification_t *my_id,sa_config_t **sa_config)
+static status_t get_sa_config_for_init_config_and_id (private_static_configuration_t *this, init_config_t *init_config, identification_t *other_id, identification_t *my_id,sa_config_t **sa_config)
{
iterator_t *iterator;
status_t status = NOT_FOUND;
}
/**
- * Implementation of private_configuration_manager_t.add_new_configuration.
+ * Implementation of private_static_configuration_t.add_new_configuration.
*/
-static void add_new_configuration (private_configuration_manager_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config)
+static void add_new_configuration (private_static_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config)
{
iterator_t *iterator;
bool found;
}
/**
- * Implementation of private_configuration_manager_t.add_new_preshared_secret.
+ * Implementation of private_static_configuration_t.add_new_preshared_secret.
*/
-static void add_new_preshared_secret (private_configuration_manager_t *this,id_type_t type, char *id_string, char *preshared_secret)
+static void add_new_preshared_secret (private_static_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret)
{
preshared_secret_entry_t *entry = allocator_alloc_thing(preshared_secret_entry_t);
}
/**
- * Implementation of private_configuration_manager_t.add_new_preshared_secret.
+ * Implementation of private_static_configuration_t.add_new_preshared_secret.
*/
-static void add_new_rsa_public_key (private_configuration_manager_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len)
+static void add_new_rsa_public_key (private_static_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len)
{
chunk_t key;
key.ptr = key_pos;
}
/**
- * Implementation of private_configuration_manager_t.add_new_preshared_secret.
+ * Implementation of private_static_configuration_t.add_new_preshared_secret.
*/
-static void add_new_rsa_private_key (private_configuration_manager_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len)
+static void add_new_rsa_private_key (private_static_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len)
{
chunk_t key;
key.ptr = key_pos;
}
/**
- * Implementation of configuration_manager_t.get_shared_secret.
+ * Implementation of static_configuration_t.get_shared_secret.
*/
-static status_t get_shared_secret(private_configuration_manager_t *this, identification_t *identification, chunk_t *preshared_secret)
+static status_t get_shared_secret(private_static_configuration_t *this, identification_t *identification, chunk_t *preshared_secret)
{
iterator_t *iterator;
}
/**
- * Implementation of configuration_manager_t.get_shared_secret.
+ * Implementation of static_configuration_t.get_shared_secret.
*/
-static status_t get_rsa_public_key(private_configuration_manager_t *this, identification_t *identification, rsa_public_key_t **public_key)
+static status_t get_rsa_public_key(private_static_configuration_t *this, identification_t *identification, rsa_public_key_t **public_key)
{
iterator_t *iterator;
}
/**
- * Implementation of configuration_manager_t.get_shared_secret.
+ * Implementation of static_configuration_t.get_shared_secret.
*/
-static status_t get_rsa_private_key(private_configuration_manager_t *this, identification_t *identification, rsa_private_key_t **private_key)
+static status_t get_rsa_private_key(private_static_configuration_t *this, identification_t *identification, rsa_private_key_t **private_key)
{
iterator_t *iterator;
}
/**
- * Implementation of configuration_manager_t.get_retransmit_timeout.
+ * Implementation of static_configuration_t.get_retransmit_timeout.
*/
-static status_t get_retransmit_timeout (private_configuration_manager_t *this, u_int32_t retransmit_count, u_int32_t *timeout)
+static status_t get_retransmit_timeout (private_static_configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout)
{
int new_timeout = this->first_retransmit_timeout, i;
if ((retransmit_count > this->max_retransmit_count) && (this->max_retransmit_count != 0))
}
/**
- * Implementation of configuration_manager_t.get_half_open_ike_sa_timeout.
+ * Implementation of static_configuration_t.get_half_open_ike_sa_timeout.
*/
-static u_int32_t get_half_open_ike_sa_timeout (private_configuration_manager_t *this)
+static u_int32_t get_half_open_ike_sa_timeout (private_static_configuration_t *this)
{
return this->half_open_ike_sa_timeout;
}
/**
- * Implementation of configuration_manager_t.destroy.
+ * Implementation of static_configuration_t.destroy.
*/
-static void destroy(private_configuration_manager_t *this)
+static void destroy(private_static_configuration_t *this)
{
- this->logger->log(this->logger,CONTROL | LEVEL1, "Going to destroy configuration manager ");
+ this->logger->log(this->logger,CONTROL | LEVEL1, "Going to destroy configuration backend ");
this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy configuration entries");
while (this->configurations->get_count(this->configurations) > 0)
/*
* Described in header-file
*/
-configuration_manager_t *configuration_manager_create(u_int32_t first_retransmit_timeout,u_int32_t max_retransmit_count, u_int32_t half_open_ike_sa_timeout)
+static_configuration_t *static_configuration_create()
{
- private_configuration_manager_t *this = allocator_alloc_thing(private_configuration_manager_t);
+ private_static_configuration_t *this = allocator_alloc_thing(private_static_configuration_t);
/* public functions */
- this->public.destroy = (void(*)(configuration_manager_t*))destroy;
- this->public.get_init_config_for_name = (status_t (*) (configuration_manager_t *, char *, init_config_t **)) get_init_config_for_name;
- this->public.get_init_config_for_host = (status_t (*) (configuration_manager_t *, host_t *, host_t *,init_config_t **)) get_init_config_for_host;
- this->public.get_sa_config_for_name =(status_t (*) (configuration_manager_t *, char *, sa_config_t **)) get_sa_config_for_name;
- this->public.get_sa_config_for_init_config_and_id =(status_t (*) (configuration_manager_t *, init_config_t *, identification_t *, identification_t *,sa_config_t **)) get_sa_config_for_init_config_and_id;
- this->public.get_retransmit_timeout = (status_t (*) (configuration_manager_t *, u_int32_t retransmit_count, u_int32_t *timeout))get_retransmit_timeout;
- this->public.get_half_open_ike_sa_timeout = (u_int32_t (*) (configuration_manager_t *)) get_half_open_ike_sa_timeout;
- this->public.get_shared_secret = (status_t (*) (configuration_manager_t *, identification_t *, chunk_t *))get_shared_secret;
- this->public.get_rsa_private_key = (status_t (*) (configuration_manager_t *, identification_t *, rsa_private_key_t**))get_rsa_private_key;
- this->public.get_rsa_public_key = (status_t (*) (configuration_manager_t *, identification_t *, rsa_public_key_t**))get_rsa_public_key;
+ this->public.configuration_interface.destroy = (void(*)(configuration_t*))destroy;
+ this->public.configuration_interface.get_init_config_for_name = (status_t (*) (configuration_t *, char *, init_config_t **)) get_init_config_for_name;
+ this->public.configuration_interface.get_init_config_for_host = (status_t (*) (configuration_t *, host_t *, host_t *,init_config_t **)) get_init_config_for_host;
+ this->public.configuration_interface.get_sa_config_for_name =(status_t (*) (configuration_t *, char *, sa_config_t **)) get_sa_config_for_name;
+ this->public.configuration_interface.get_sa_config_for_init_config_and_id =(status_t (*) (configuration_t *, init_config_t *, identification_t *, identification_t *,sa_config_t **)) get_sa_config_for_init_config_and_id;
+ this->public.configuration_interface.get_retransmit_timeout = (status_t (*) (configuration_t *, u_int32_t retransmit_count, u_int32_t *timeout))get_retransmit_timeout;
+ this->public.configuration_interface.get_half_open_ike_sa_timeout = (u_int32_t (*) (configuration_t *)) get_half_open_ike_sa_timeout;
+ this->public.configuration_interface.get_shared_secret = (status_t (*) (configuration_t *, identification_t *, chunk_t *))get_shared_secret;
+ this->public.configuration_interface.get_rsa_private_key = (status_t (*) (configuration_t *, identification_t *, rsa_private_key_t**))get_rsa_private_key;
+ this->public.configuration_interface.get_rsa_public_key = (status_t (*) (configuration_t *, identification_t *, rsa_public_key_t**))get_rsa_public_key;
/* private functions */
this->load_default_config = load_default_config;
this->add_new_rsa_private_key = add_new_rsa_private_key;
/* private variables */
- this->logger = charon->logger_manager->create_logger(charon->logger_manager,CONFIGURATION_MANAGER,NULL);
+ this->logger = charon->logger_manager->create_logger(charon->logger_manager,CONFIG,NULL);
this->configurations = linked_list_create();
this->sa_configs = linked_list_create();
this->init_configs = linked_list_create();
this->preshared_secrets = linked_list_create();
this->rsa_private_keys = linked_list_create();
this->rsa_public_keys = linked_list_create();
- this->max_retransmit_count = max_retransmit_count;
- this->first_retransmit_timeout = first_retransmit_timeout;
- this->half_open_ike_sa_timeout = half_open_ike_sa_timeout;
+ this->max_retransmit_count = MAX_RETRANSMIT_COUNT;
+ this->first_retransmit_timeout = RETRANSMIT_TIMEOUT;
+ this->half_open_ike_sa_timeout = HALF_OPEN_IKE_SA_TIMEOUT;
this->load_default_config(this);
--- /dev/null
+/**
+ * @file static_configuration_t.h
+ *
+ * @brief Interface of static_configuration_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef STATIC_CONFIGURATION_H_
+#define STATIC_CONFIGURATION_H_
+
+#include <config/configuration.h>
+
+
+typedef struct static_configuration_t static_configuration_t;
+
+/**
+ * @brief A static hardcoded config for testing purposes.
+ *
+ * @b Constructors:
+ * - static_configuration_create()
+ *
+ * @ingroup config
+ */
+struct static_configuration_t {
+
+ /**
+ * Implements configuration_t interface
+ */
+ configuration_t configuration_interface;
+};
+
+/**
+ * @brief Creates an static configuration
+ *
+ * @return static_configuration_t object
+ *
+ * @ingroup config
+ */
+static_configuration_t *static_configuration_create();
+
+#endif /*STATIC_CONFIGURATION_H_*/
#include <types.h>
#include <utils/allocator.h>
#include <queues/jobs/initiate_ike_sa_job.h>
+#include <config/static_configuration.h>
+#include <config/starter_configuration.h>
typedef struct private_daemon_t private_daemon_t;
this->public.job_queue = job_queue_create();
this->public.event_queue = event_queue_create();
this->public.send_queue = send_queue_create();
- this->public.configuration_manager = configuration_manager_create(RETRANSMIT_TIMEOUT,MAX_RETRANSMIT_COUNT, HALF_OPEN_IKE_SA_TIMEOUT);
+ this->public.configuration = (configuration_t*)static_configuration_create();
this->public.sender = sender_create();
this->public.receiver = receiver_create();
{
this->public.socket->destroy(this->public.socket);
}
- if (this->public.configuration_manager != NULL)
+ if (this->public.configuration != NULL)
{
- this->public.configuration_manager->destroy(this->public.configuration_manager);
+ this->public.configuration->destroy(this->public.configuration);
}
this->public.logger_manager->destroy(this->public.logger_manager);
this->public.job_queue = NULL;
this->public.event_queue = NULL;
this->public.send_queue = NULL;
- this->public.configuration_manager = NULL;
+ this->public.configuration = NULL;
this->public.sender= NULL;
this->public.receiver = NULL;
this->public.scheduler = NULL;
#include <queues/job_queue.h>
#include <queues/event_queue.h>
#include <utils/logger_manager.h>
-#include <config/configuration_manager.h>
+#include <config/configuration.h>
/**
* Name of the daemon.
*/
#define IKEV2_UDP_PORT 500
-/**
- * @brief First retransmit timeout in milliseconds.
- *
- * Timeout value is increasing in each retransmit round.
- */
-#define RETRANSMIT_TIMEOUT 3000
-
-/**
- * Timeout in milliseconds after that a half open IKE_SA gets deleted.
- */
-#define HALF_OPEN_IKE_SA_TIMEOUT 30000
-
-/**
- * @brief Max retransmit count.
- *
- * 0 for infinite. The max time a half open IKE_SA is alive is set by
- * RETRANSMIT_TIMEOUT.
- */
-#define MAX_RETRANSMIT_COUNT 0
-
/**
* @brief Default loglevel for every logger context.
*
ike_sa_manager_t *ike_sa_manager;
/**
- * A configuration_manager_t instance.
+ * A configuration_t instance.
*/
- configuration_manager_t *configuration_manager;
+ configuration_t *configuration;
/**
* The Sender-Thread.
*/
enum auth_method_t {
/**
- * Computed as specified in section 2.15 of draft using
+ * Computed as specified in section 2.15 of RFC using
* an RSA private key over a PKCS#1 padded hash.
*/
RSA_DIGITAL_SIGNATURE = 1,
/* Computed as specified in
- * section 2.15 of draft using the shared key associated with the identity
+ * section 2.15 of RFC using the shared key associated with the identity
* in the ID payload and the negotiated prf function
*/
SHARED_KEY_MESSAGE_INTEGRITY_CODE = 2,
/* Computed as specified in section
- * 2.15 of draft using a DSS private key over a SHA-1 hash.
+ * 2.15 of RFC using a DSS private key over a SHA-1 hash.
*/
DSS_DIGITAL_SIGNATURE = 3,
};
/**
* @brief Class representing an IKEv2 AUTH payload.
*
- * The AUTH payload format is described in draft section 3.8.
+ * The AUTH payload format is described in RFC section 3.8.
*
* @b Constructors:
* - auth_payload_create()
typedef enum cert_encoding_t cert_encoding_t;
/**
- * @brief Certificate encoding, as described in IKEv2 draft section 3.6
+ * @brief Certificate encoding, as described in IKEv2 RFC section 3.6
*
* @ingroup payloads
*/
/**
* @brief Class representing an IKEv2 CERT payload.
*
- * The CERT payload format is described in draft section 3.6.
+ * The CERT payload format is described in RFC section 3.6.
* This is just a dummy implementation to fullfill the standards
* requirements. A full implementation would offer setters/getters
* for the different encoding types.
/**
* @brief Class representing an IKEv2 CERTREQ payload.
*
- * The CERTREQ payload format is described in draft section 3.7.
+ * The CERTREQ payload format is described in RFC section 3.7.
* This is just a dummy implementation to fullfill the standards
* requirements. A full implementation would offer setters/getters
* for the different encoding types.
typedef enum configuration_attribute_type_t configuration_attribute_type_t;
/**
- * Type of the attribute, as in IKEv2 draft 3.15.1.
+ * Type of the attribute, as in IKEv2 RFC 3.15.1.
*
* @ingroup payloads
*/
/**
* @brief Class representing an IKEv2 DELETE payload.
*
- * The DELETE payload format is described in draft section 3.11.
+ * The DELETE payload format is described in RFC section 3.11.
*
* @b Constructors:
* - delete_payload_create()
/**
* @brief Class representing an IKEv2 EAP payload.
*
- * The EAP payload format is described in draft section 3.16.
+ * The EAP payload format is described in RFC section 3.16.
*
* @b Constructors:
* - eap_payload_create()
/**
* Object representing an IKEv2 ID payload.
*
- * The ID payload format is described in draft section 3.5.
+ * The ID payload format is described in RFC section 3.5.
*
* @b Constructors:
* - id_payload_create_from_identification()
/**
* Object representing an IKEv2 Nonce payload.
*
- * The Nonce payload format is described in draft section 3.3.
+ * The Nonce payload format is described in RFC section 3.3.
*
* @b Constructors:
* - nonce_payload_create()
/**
* @brief Notify message types.
*
- * See IKEv2 draft 3.10.1.
+ * See IKEv2 RFC 3.10.1.
*
* @ingroup payloads
*/
/**
* @brief Class representing an IKEv2 TRAFFIC SELECTOR.
*
- * The TRAFFIC SELECTOR format is described in draft section 3.13.1.
+ * The TRAFFIC SELECTOR format is described in RFC section 3.13.1.
*
* @b Constructors:
* - traffic_selector_substructure_create()
typedef enum transform_attribute_type_t transform_attribute_type_t;
/**
- * Type of the attribute, as in IKEv2 draft 3.3.5.
+ * Type of the attribute, as in IKEv2 RFC 3.3.5.
*
* @ingroup payloads
*/
/**
* @brief Class representing an IKEv2 TS payload.
*
- * The TS payload format is described in draft section 3.13.
+ * The TS payload format is described in RFC section 3.13.
*
* @b Constructors:
* - ts_payload_create()
/**
* @brief Class representing an IKEv2 VENDOR ID payload.
*
- * The VENDOR ID payload format is described in draft section 3.12.
+ * The VENDOR ID payload format is described in RFC section 3.12.
*
* @b Constructors:
* - vendor_id_payload_create()
#include <fcntl.h>
#include <net/if.h>
#include <sys/ioctl.h>
+#include <netinet/in.h>
+#include <linux/filter.h>
#include "socket.h"
#include <utils/logger_manager.h>
+#define IP_HEADER_LENGTH 20
+#define UDP_HEADER_LENGTH 8
+
+
+/**
+ * This filter code filters out all non-IKEv2 traffic on
+ * a SOCK_RAW IP_PROTP_UDP socket. Handling of other
+ * IKE versions is done in pluto.
+ */
+struct sock_filter ikev2_filter_code[] =
+{
+ /* Protocol must be UDP */
+ BPF_STMT(BPF_LD+BPF_B+BPF_ABS, 9),
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, IPPROTO_UDP, 0, 7),
+ /* Destination Port must be 500 */
+ BPF_STMT(BPF_LD+BPF_H+BPF_ABS, 22),
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 500, 0, 5),
+ /* IKE version must be 2.0 */
+ BPF_STMT(BPF_LD+BPF_B+BPF_ABS, 45),
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0x20, 0, 3),
+ /* packet length is length in IKEv2 header + ip header + udp header */
+ BPF_STMT(BPF_LD+BPF_W+BPF_ABS, 52),
+ BPF_STMT(BPF_ALU+BPF_ADD+BPF_K, IP_HEADER_LENGTH + UDP_HEADER_LENGTH),
+ BPF_STMT(BPF_RET+BPF_A, 0),
+ /* packet doesn't match IKEv2, ignore */
+ BPF_STMT(BPF_RET+BPF_K, 0),
+};
+
+/**
+ * Filter struct to use with setsockopt
+ */
+struct sock_fprog ikev2_filter = {
+ sizeof(ikev2_filter_code) / sizeof(struct sock_filter),
+ ikev2_filter_code
+};
+
+
typedef struct interface_t interface_t;
/**
/**
* Name of the interface
*/
- char name[IFNAMSIZ+1];
+ char name[IFNAMSIZ];
/**
* Associated socket
host_t *source, *dest;
int bytes_read = 0;
- source = host_create(AF_INET, "0.0.0.0", 0);
- dest = host_create(AF_INET, "0.0.0.0", 0);
- pkt->set_source(pkt, source);
- pkt->set_destination(pkt, dest);
while (bytes_read >= 0)
{
}
}
iterator->destroy(iterator);
-
+
/* add packet destroy handler for cancellation, enable cancellation */
pthread_cleanup_push((void(*)(void*))pkt->destroy, (void*)pkt);
pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
pthread_setcancelstate(oldstate, NULL);
pthread_cleanup_pop(0);
- if (bytes_read < 0)
- {
- this->logger->log(this->logger, ERROR, "error reading from socket: %s", strerror(errno));
- continue;
- }
-
/* read on the first nonblocking socket */
bytes_read = 0;
iterator = this->interfaces->create_iterator(this->interfaces, TRUE);
if (FD_ISSET(interface->socket_fd, &readfds))
{
/* do the read */
- bytes_read = recvfrom(interface->socket_fd, buffer, MAX_PACKET, 0,
- source->get_sockaddr(source),
- source->get_sockaddr_len(source));
- getsockname(interface->socket_fd, dest->get_sockaddr(dest), dest->get_sockaddr_len(dest));
+ bytes_read = recv(interface->socket_fd, buffer, MAX_PACKET, 0);
break;
}
}
iterator->destroy(iterator);
- if (bytes_read > 0)
+
+ if (bytes_read < 0)
{
+ this->logger->log(this->logger, ERROR, "error reading from socket: %s", strerror(errno));
+ continue;
+ }
+ if (bytes_read > IP_HEADER_LENGTH + UDP_HEADER_LENGTH)
+ {
+ /* read source/dest from raw IP/UDP header */
+ chunk_t source_chunk = {buffer + 12, 4};
+ chunk_t dest_chunk = {buffer + 16, 4};
+ u_int16_t source_port = ntohs(*(u_int16_t*)(buffer + 20));
+ u_int16_t dest_port = ntohs(*(u_int16_t*)(buffer + 22));
+ source = host_create_from_chunk(AF_INET, source_chunk, source_port);
+ dest = host_create_from_chunk(AF_INET, dest_chunk, dest_port);
+ pkt->set_source(pkt, source);
+ pkt->set_destination(pkt, dest);
break;
}
+ this->logger->log(this->logger, ERROR|LEVEL1, "too short packet received");
}
- this->logger->log(this->logger, CONTROL, "received packet from %s:%d",
- source->get_address(source),
- source->get_port(source));
+ this->logger->log(this->logger, CONTROL, "received packet: from %s:%d to %s:%d",
+ source->get_address(source), source->get_port(source),
+ dest->get_address(dest), dest->get_port(dest));
/* fill in packet */
- data.len = bytes_read;
+ data.len = bytes_read - IP_HEADER_LENGTH - UDP_HEADER_LENGTH;
data.ptr = allocator_alloc(data.len);
- memcpy(data.ptr, buffer, data.len);
+ memcpy(data.ptr, buffer + IP_HEADER_LENGTH + UDP_HEADER_LENGTH, data.len);
pkt->set_data(pkt, data);
/* return packet */
}
/* set up interface socket */
- skt = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+ skt = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
if (socket < 0)
{
this->logger->log(this->logger, ERROR, "unable to open interface socket!");
close(skt);
continue;
}
+
+ if (setsockopt(skt, SOL_SOCKET, SO_ATTACH_FILTER, &ikev2_filter, sizeof(ikev2_filter)) < 0)
+ {
+ this->logger->log(this->logger, ERROR, "unable to attack IKEv2 filter to interface socket!");
+ close(skt);
+ continue;
+ }
/* add socket with interface name to list */
interface = allocator_alloc_thing(interface_t);
memcpy(interface->name, buf[i].ifr_name, IFNAMSIZ);
- interface->name[IFNAMSIZ] = '\0';
+ interface->name[IFNAMSIZ-1] = '\0';
interface->socket_fd = skt;
+ this->logger->log(this->logger, CONTROL, "listening on %s (%s)",
+ interface->name, inet_ntoa(current->sin_addr));
this->interfaces->insert_last(this->interfaces, (void*)interface);
}
/**
* @brief Maximum size of a packet.
*
- * 3000 Bytes should be sufficient, see IKEv2 draft.
+ * 3000 Bytes should be sufficient, see IKEv2 RFC.
*
* @ingroup network
*/
typedef struct socket_t socket_t;
/**
- * @brief Abstraction of one (ipv4), or in future, of multiple sockets.
+ * @brief Abstraction all sockets (currently IPv4 only).
*
- * Receiver reads from here, sender writes to here.
+ * All available IPv4 sockets are bound and the receive function
+ * reads from them. To allow binding of other daemons (pluto) to
+ * UDP/500, this implementation uses RAW sockets. An installed
+ * "Linux socket filter" filters out all non-IKEv2 traffic and handles
+ * just IKEv2 messages. An other daemon (pluto) must handle all traffic
+ * seperatly, e.g. ignore IKEv2 traffic, since charon handles that.
*
* @b Constructors:
* - socket_create()
*
* @todo add IPv6 support
*
- * @todo allow listening/sending to multiple sockets, depending on address
+ * @todo We currently use multiple sockets for historic reasons. With the
+ * new RAW socket mechanism, we could use just one socket and filter
+ * addresses in userspace (or via linux socket filter). This would allow
+ * realtime interface/address management in a easy way...
*
* @ingroup network
*/
/**
* @brief Receive a packet.
*
- * reads a packet from one of the sockets.
- * source will be set, dest not implemented
- *
+ * Reads a packet from the socket and sets source/dest
+ * appropriately.
*
* @param sock socket_t object to work on
* @param packet pinter gets address from allocated packet_t
/**
* @brief Send a packet.
*
- * sends a packet via desired socket.
- * uses source and dest in packet.
+ * Sends a packet to the net using destination from the packet.
+ * Packet is sent using default routing mechanisms, thus the
+ * source address in packet is ignored.
*
* @param sock socket_t object to work on
* @param packet[out] packet_t to send
};
/**
- * @brief socket_t constructor.
+ * @brief Create a socket_t, wich binds multiple sockets.
*
* currently creates one socket, listening on all addresses
- * on port.
+ * on "port".
*
* @param port port to bind socket to
* @return socket_t object
/**
* @brief Creates the octets which are signed (RSA) or MACed (shared secret) as described in section
- * 2.15 of draft.
+ * 2.15 of RFC.
*
* @param this calling object
* @param last_message the last message to include in created octets
chunk_t preshared_secret;
status_t status;
- status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,
+ status = charon->configuration->get_shared_secret(charon->configuration,
other_id,
&preshared_secret);
other_id->destroy(other_id);
auth_data = auth_payload->get_data(auth_payload);
- status = charon->configuration_manager->get_rsa_public_key(charon->configuration_manager,
+ status = charon->configuration->get_rsa_public_key(charon->configuration,
other_id,
&public_key);
other_id->destroy(other_id);
chunk_t preshared_secret;
status_t status;
- status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,
+ status = charon->configuration->get_shared_secret(charon->configuration,
my_id,
&preshared_secret);
status_t status;
chunk_t octets, auth_data;
- status = charon->configuration_manager->get_rsa_private_key(charon->configuration_manager,
+ status = charon->configuration->get_rsa_private_key(charon->configuration,
my_id,
&private_key);
my_id->destroy(my_id);
* - RSA_DIGITAL_SIGNATURE
*
* This class retrieves needed data for specific AUTH methods (RSA keys, shared secrets, etc.)
- * over an internal stored protected_ike_sa_t object or directly from the configuration_manager_t over
+ * over an internal stored protected_ike_sa_t object or directly from the configuration_t over
* the daemon_t object "charon".
*
* @b Constructors:
*/
static void set_my_host (private_ike_sa_t *this, host_t *my_host)
{
+ if (this->me.host)
+ {
+ this->me.host->destroy(this->me.host);
+ }
this->me.host = my_host;
}
*/
static void set_other_host (private_ike_sa_t *this, host_t *other_host)
{
+ if (this->other.host)
+ {
+ this->other.host->destroy(this->other.host);
+ }
this->other.host = other_host;
}
retransmit_job = retransmit_request_job_create(this->message_id_out,this->ike_sa_id);
- status = charon->configuration_manager->get_retransmit_timeout (charon->configuration_manager,
+ status = charon->configuration->get_retransmit_timeout (charon->configuration,
retransmit_job->get_retransmit_count(retransmit_job),&timeout);
if (status != SUCCESS)
#include <sa/ike_sa_id.h>
#include <sa/child_sa.h>
#include <sa/states/state.h>
-#include <config/configuration_manager.h>
+#include <config/configuration.h>
#include <utils/logger.h>
#include <utils/randomizer.h>
#include <transforms/prfs/prf.h>
u_int64_t responder_spi;
ike_sa_id_t *ike_sa_id;
iterator_t *payloads;
+ host_t *me;
message_t *request;
status_t status;
return DELETE_ME;
}
+ /* apply the address on wich we really received the packet */
+ me = ike_sa_init_reply->get_destination(ike_sa_init_reply);
+ this->ike_sa->set_my_host(this->ike_sa, me->clone(me));
+
/* build empty message */
this->ike_sa->build_message(this->ike_sa, IKE_AUTH, TRUE, &request);
/* build new sa config */
init_config = this->ike_sa->get_init_config(this->ike_sa);
- status = charon->configuration_manager->get_sa_config_for_init_config_and_id(charon->configuration_manager,init_config, other_id,my_id, &(this->sa_config));
+ status = charon->configuration->get_sa_config_for_init_config_and_id(charon->configuration,init_config, other_id,my_id, &(this->sa_config));
if (status != SUCCESS)
{
if (my_id)
this->logger->log(this->logger, CONTROL, "Initializing connection %s",name);
/* get configs */
- status = charon->configuration_manager->get_init_config_for_name(charon->configuration_manager,name,&init_config);
+ status = charon->configuration->get_init_config_for_name(charon->configuration,name,&init_config);
if (status != SUCCESS)
{
this->logger->log(this->logger, ERROR | LEVEL1, "Could not retrieve INIT configuration informations for %s",name);
return DELETE_ME;
}
this->ike_sa->set_init_config(this->ike_sa,init_config);
- status = charon->configuration_manager->get_sa_config_for_name(charon->configuration_manager,name,&sa_config);
+ status = charon->configuration->get_sa_config_for_name(charon->configuration,name,&sa_config);
if (status != SUCCESS)
{
this->logger->log(this->logger, ERROR | LEVEL1, "Could not retrieve SA configuration informations for %s",name);
source = message->get_source(message);
destination = message->get_destination(message);
- status = charon->configuration_manager->get_init_config_for_host(charon->configuration_manager,destination,source,&init_config);
+ status = charon->configuration->get_init_config_for_host(charon->configuration,destination,source,&init_config);
if (status != SUCCESS)
{
/* no configuration matches given host */
#include <queues/job_queue.h>
#include <queues/event_queue.h>
#include <queues/send_queue.h>
-#include <config/configuration_manager.h>
+#include <config/configuration.h>
#include <sa/ike_sa_manager.h>
#include <network/socket.h>
#include <utils/logger_manager.h>
this->event_queue->destroy(this->event_queue);
this->send_queue->destroy(this->send_queue);
this->kernel_interface->destroy(this->kernel_interface);
- //this->configuration_manager->destroy(this->configuration_manager);
+ //this->configuration->destroy(this->configuration);
allocator_free(charon);
}
charon->event_queue = event_queue_create();
charon->send_queue = send_queue_create();
charon->kernel_interface = kernel_interface_create();
- //charon->configuration_manager = configuration_manager_create(RETRANSMIT_TIMEOUT,MAX_RETRANSMIT_COUNT,HALF_OPEN_IKE_SA_TIMEOUT);
+ //charon->configuration = configuration_create(RETRANSMIT_TIMEOUT,MAX_RETRANSMIT_COUNT,HALF_OPEN_IKE_SA_TIMEOUT);
charon->sender = NULL;
charon->receiver = NULL;
charon->scheduler = NULL;
request.sa.id.proto = (protocol == ESP) ? KERNEL_ESP : KERNEL_AH;
request.sa.family = me->get_family(me);
request.sa.mode = TRUE; /* tunnel mode */
- request.sa.replay_window = 0; //sa->replay_window; ???
+ request.sa.replay_window = 32;
request.sa.reqid = reqid;
request.sa.lft.soft_byte_limit = XFRM_INF;
request.sa.lft.soft_packet_limit = XFRM_INF;
if (status == CREATED)
{
this->worker_logger->log(this->worker_logger, CONTROL|LEVEL3, "Create Job to delete half open IKE_SA.");
- this->create_delete_half_open_ike_sa_job(this,ike_sa_id,charon->configuration_manager->get_half_open_ike_sa_timeout(charon->configuration_manager));
+ this->create_delete_half_open_ike_sa_job(this,ike_sa_id,charon->configuration->get_half_open_ike_sa_timeout(charon->configuration));
}
status = ike_sa->process_message(ike_sa, message);
charon->ike_sa_manager->create_and_checkout(charon->ike_sa_manager, &ike_sa);
- this->worker_logger->log(this->worker_logger, CONTROL, "Initializing connection \"%s\"",
+ this->worker_logger->log(this->worker_logger, CONTROL, "Initiating connection \"%s\"",
job->get_configuration_name(job));
status = ike_sa->initialize_connection(ike_sa, job->get_configuration_name(job));
if (status != SUCCESS)
{
- this->worker_logger->log(this->worker_logger, ERROR, "%s: By initialize_conection, going to delete IKE_SA.",
+ this->worker_logger->log(this->worker_logger, ERROR, "Initiation returned %s, going to delete IKE_SA.",
mapping_find(status_m, status));
charon->ike_sa_manager->checkin_and_delete(charon->ike_sa_manager, ike_sa);
return;
}
this->worker_logger->log(this->worker_logger, CONTROL|LEVEL3, "Create Job to delete half open IKE_SA.");
- this->create_delete_half_open_ike_sa_job(this,ike_sa->get_id(ike_sa),charon->configuration_manager->get_half_open_ike_sa_timeout(charon->configuration_manager));
+ this->create_delete_half_open_ike_sa_job(this,ike_sa->get_id(ike_sa),charon->configuration->get_half_open_ike_sa_timeout(charon->configuration));
this->worker_logger->log(this->worker_logger, CONTROL|LEVEL2, "Checking in IKE SA");
status = charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
if (status != SUCCESS)
{
- this->worker_logger->log(this->worker_logger, ERROR, "%s: Could not checkin IKE_SA.",
+ this->worker_logger->log(this->worker_logger, ERROR, "Could not checkin IKE_SA (%s)",
mapping_find(status_m, status));
}
}
}
job->increase_retransmit_count(job);
- status = charon->configuration_manager->get_retransmit_timeout (charon->configuration_manager,job->get_retransmit_count(job),&timeout);
+ status = charon->configuration->get_retransmit_timeout (charon->configuration,job->get_retransmit_count(job),&timeout);
if (status != SUCCESS)
{
this->worker_logger->log(this->worker_logger, CONTROL | LEVEL2, "Message will not be anymore retransmitted");
typedef enum encryption_algorithm_t encryption_algorithm_t;
/**
- * @brief Encryption algorithm, as in IKEv2 draft 3.3.2.
+ * @brief Encryption algorithm, as in IKEv2 RFC 3.3.2.
*
* Currently only the following algorithms are implemented and therefore supported:
* - ENCR_AES_CBC
*
* The modulus (or group) to use for a Diffie-Hellman calculation.
*
- * See IKEv2 draft 3.3.2 and RFC 3526.
+ * See IKEv2 RFC 3.3.2 and RFC 3526.
*
* @warning Use of big modulus sizes can be cpu consuming.
*
typedef struct prf_plus_t prf_plus_t;
/**
- * @brief Implementation of the prf+ function described in IKEv2 draft.
+ * @brief Implementation of the prf+ function described in IKEv2 RFC.
*
* This class implements the prf+ algorithm. Internally it uses a pseudo random
* function, which implements the prf_t interface.
*
- * See IKEv2 draft 2.13.
+ * See IKEv2 RFC 2.13.
*
* @b Constructors:
* - prf_plus_create()
typedef enum pseudo_random_function_t pseudo_random_function_t;
/**
- * @brief Pseudo random function, as in IKEv2 draft 3.3.2.
+ * @brief Pseudo random function, as in IKEv2 RFC 3.3.2.
*
* Currently only the following algorithms are implemented and therefore supported:
* - PRF_HMAC_MD5
typedef enum integrity_algorithm_t integrity_algorithm_t;
/**
- * @brief Integrity algorithm, as in IKEv2 draft 3.3.2.
+ * @brief Integrity algorithm, as in IKEv2 RFC 3.3.2.
*
* Currently only the following algorithms are implemented and therefore supported:
* - AUTH_HMAC_MD5_96
{SOCKET, "SOCKET"},
{TESTER, "TESTER"},
{DAEMON, "DAEMON"},
- {CONFIGURATION_MANAGER, "CONFIG"},
+ {CONFIG, "CONFIG"},
{ENCRYPTION_PAYLOAD, "ENCPLD"},
{MAPPING_END, NULL},
};
log_thread_ids = TRUE;
break;
case IKE_SA:
+ logger_level |= LEVEL1;
log_thread_ids = TRUE;
break;
case CHILD_SA:
logger_level |= LEVEL1;
log_thread_ids = TRUE;
break;
- case CONFIGURATION_MANAGER:
+ case CONFIG:
+ logger_level |= FULL;
log_thread_ids = TRUE;
break;
case MESSAGE:
SOCKET,
TESTER,
DAEMON,
- CONFIGURATION_MANAGER,
+ CONFIG,
ENCRYPTION_PAYLOAD,
};
projects / thirdparty / strongswan.git / commitdiff
