- import of strongswan-2.7.0

[thirdparty/strongswan.git] / programs / charon / patches / strongswan-2.7.0.patch

diff -Naur strongswan-2.7.0/Makefile.inc strongswan-2.7.0-patched/Makefile.inc
--- strongswan-2.7.0/Makefile.inc	2006-01-25 18:23:15.000000000 +0100
+++ strongswan-2.7.0-patched/Makefile.inc	2006-04-28 08:56:38.000000000 +0200
@@ -84,6 +84,8 @@
 FINALLIBDIR=$(INC_USRLOCAL)/lib/ipsec
 LIBDIR=$(DESTDIR)$(FINALLIBDIR)
 
+# sharedlibdir is where shared libraries go
+SHAREDLIBDIR=$(DESTDIR)$(INC_USRLOCAL)/lib
 
 # where the appropriate manpage tree is located
 # location within INC_USRLOCAL
@@ -284,6 +286,9 @@
 # include PKCS11-based smartcard support
 USE_SMARTCARD?=false
 
+# support IKEv2 via charon
+USE_IKEV2?=true
+
 # Default PKCS11 library
 # Uncomment this line if using OpenSC <= 0.9.6
 PKCS11_DEFAULT_LIB=\"/usr/lib/pkcs11/opensc-pkcs11.so\"
diff -Naur strongswan-2.7.0/programs/Makefile strongswan-2.7.0-patched/programs/Makefile
--- strongswan-2.7.0/programs/Makefile	2006-04-17 13:04:45.000000000 +0200
+++ strongswan-2.7.0-patched/programs/Makefile	2006-04-28 08:56:38.000000000 +0200
@@ -32,6 +32,10 @@
 SUBDIRS+=showpolicy
 endif
 
+ifeq ($(USE_IKEV2),true)
+SUBDIRS+=charon
+endif
+
 def:
 	@echo "Please read doc/intro.html or INSTALL before running make"
 	@false
diff -Naur strongswan-2.7.0/programs/ipsec/ipsec.in strongswan-2.7.0-patched/programs/ipsec/ipsec.in
--- strongswan-2.7.0/programs/ipsec/ipsec.in	2006-03-09 21:09:33.000000000 +0100
+++ strongswan-2.7.0-patched/programs/ipsec/ipsec.in	2006-04-28 08:56:38.000000000 +0200
@@ -26,6 +26,7 @@
 export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
 
 IPSEC_STARTER_PID="/var/run/starter.pid"
+IPSEC_CHARON_PID="/var/run/charon.pid"
 
 # standardize PATH, and export it for everything else's benefit
 PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
@@ -123,6 +124,10 @@
 down)
 	shift
 	$IPSEC_EXECDIR/whack --name "$1" --terminate
+	if test -e $IPSEC_CHARON_PID
+	then
+	    $IPSEC_EXECDIR/stroke down "$1"
+	fi
 	exit 0
 	;;
 listalgs|listpubkeys|listcerts|listcacerts|\
@@ -134,6 +139,10 @@
 	op="$1"
 	shift
         $IPSEC_EXECDIR/whack "$@" "--$op"
+	if test -e $IPSEC_CHARON_PID
+	then
+            $IPSEC_EXECDIR/stroke "$op"
+        fi
 	exit 0
 	;;
 ready)
@@ -180,8 +189,16 @@
 	if test $# -eq 0
 	then
 	    $IPSEC_EXECDIR/whack "--$op"
+	    if test -e $IPSEC_CHARON_PID
+	    then
+	    	$IPSEC_EXECDIR/stroke "$op"
+	    fi
 	else
 	    $IPSEC_EXECDIR/whack --name "$1" "--$op"
+	    if test -e $IPSEC_CHARON_PID
+	    then
+	    	$IPSEC_EXECDIR/stroke "$op" "$1"
+	    fi
 	fi
 	exit 0
 	;;
@@ -198,6 +215,10 @@
 up)
 	shift
 	$IPSEC_EXECDIR/whack --name "$1" --initiate
+	if test -e $IPSEC_CHARON_PID
+	then
+	    $IPSEC_EXECDIR/stroke up "$1"
+	fi
 	exit 0
 	;;
 update)
diff -Naur strongswan-2.7.0/programs/pluto/Makefile strongswan-2.7.0-patched/programs/pluto/Makefile
--- strongswan-2.7.0/programs/pluto/Makefile	2006-01-25 18:22:19.000000000 +0100
+++ strongswan-2.7.0-patched/programs/pluto/Makefile	2006-04-28 08:56:38.000000000 +0200
@@ -170,6 +170,11 @@
   LIBSPLUTO+= -ldl
 endif
 
+# enable IKEv2 support
+ifeq ($(USE_IKEV2),true)
+  DEFINES+= -DIKEV2
+endif
+
 # This compile option activates the leak detective
 ifeq ($(USE_LEAK_DETECTIVE),true)
   DEFINES+= -DLEAK_DETECTIVE
diff -Naur strongswan-2.7.0/programs/pluto/demux.c strongswan-2.7.0-patched/programs/pluto/demux.c
--- strongswan-2.7.0/programs/pluto/demux.c	2005-02-18 22:08:59.000000000 +0100
+++ strongswan-2.7.0-patched/programs/pluto/demux.c	2006-04-28 08:56:13.000000000 +0200
@@ -1196,6 +1196,21 @@
 	}
 #endif
 
+#ifdef IKEV2
+#define IKEV2_VERSION_OFFSET	17
+#define IKEV2_VERSION		0x20
+
+    /* ignore IKEv2 packets - they will be handled by charon */
+    if (pbs_room(&md->packet_pbs) > IKEV2_VERSION_OFFSET
+    &&  md->packet_pbs.start[IKEV2_VERSION_OFFSET] == IKEV2_VERSION)
+    {
+	DBG(DBG_CONTROLMORE,
+	    DBG_log("  ignoring IKEv2 packet")
+	)
+	return FALSE;
+    }
+#endif /* IKEV2 */
+
     return TRUE;
 }
 
@@ -1229,6 +1244,7 @@
 	if (md->packet_pbs.roof - md->packet_pbs.cur >= (ptrdiff_t)isakmp_hdr_desc.size)
 	{
 	    struct isakmp_hdr *hdr = (struct isakmp_hdr *)md->packet_pbs.cur;
+
 	    if ((hdr->isa_version >> ISA_MAJ_SHIFT) != ISAKMP_MAJOR_VERSION)
 	    {
 		SEND_NOTIFICATION(INVALID_MAJOR_VERSION);
diff -Naur strongswan-2.7.0/programs/starter/Makefile strongswan-2.7.0-patched/programs/starter/Makefile
--- strongswan-2.7.0/programs/starter/Makefile	2006-02-17 20:34:02.000000000 +0100
+++ strongswan-2.7.0-patched/programs/starter/Makefile	2006-04-28 08:56:38.000000000 +0200
@@ -34,6 +34,11 @@
   DEFINES+= -DLEAK_DETECTIVE
 endif
 
+# Enable charon support
+ifeq ($(USE_IKEV2),true)
+  DEFINES+= -DIKEV2
+endif
+
 INCLUDES=-I${FREESWANDIR}/linux/include
 CFLAGS=$(DEFINES) $(INCLUDES) -Wall
 CFLAGS+=-DIPSEC_EXECDIR=\"${FINALLIBEXECDIR}\" -DIPSEC_CONFDDIR=\"${FINALCONFDDIR}\"
@@ -46,6 +51,11 @@
      starterwhack.o klips.o netkey.o interfaces.o exec.o cmp.o confread.o \
      loglite.o ${PLUTO_OBJS}
 
+# Build charon-only objs
+ifeq ($(USE_IKEV2),true)
+  OBJS+= invokecharon.o starterstroke.o
+endif
+
 DISTSRC=$(OBJS:.o=.c)
 DISTSRC+=cmp.h confread.h confwrite.h exec.h files.h interfaces.h klips.h netkey.h
 DISTSRC+=parser.h args.h invokepluto.h starterwhack.h keywords.h keywords.txt
diff -Naur strongswan-2.7.0/programs/starter/args.c strongswan-2.7.0-patched/programs/starter/args.c
--- strongswan-2.7.0/programs/starter/args.c	2006-04-17 12:32:36.000000000 +0200
+++ strongswan-2.7.0-patched/programs/starter/args.c	2006-04-28 08:56:38.000000000 +0200
@@ -86,6 +86,10 @@
 
 static const char *LST_keyexchange[] = {
     "ike",
+#ifdef IKEV2
+    "ikev1",
+    "ikev2",
+#endif /* IKEV2 */
      NULL
 };
 
diff -Naur strongswan-2.7.0/programs/starter/files.h strongswan-2.7.0-patched/programs/starter/files.h
--- strongswan-2.7.0/programs/starter/files.h	2006-02-04 19:52:58.000000000 +0100
+++ strongswan-2.7.0-patched/programs/starter/files.h	2006-04-28 08:56:38.000000000 +0200
@@ -37,8 +37,15 @@
 #define SECRETS_FILE	IPSEC_CONFDIR"/ipsec.secrets"
 
 #define PLUTO_CMD       IPSEC_EXECDIR"/pluto"
-#define CTL_FILE        DEFAULT_CTLBASE CTL_SUFFIX
-#define PID_FILE        DEFAULT_CTLBASE PID_SUFFIX
+#define PLUTO_CTL_FILE  DEFAULT_CTLBASE CTL_SUFFIX
+#define PLUTO_PID_FILE  DEFAULT_CTLBASE PID_SUFFIX
+
+#ifdef IKEV2
+#define CHARON_CMD		IPSEC_EXECDIR"/charon"
+#define CHARON_BASE		"/var/run/charon"
+#define CHARON_CTL_FILE CHARON_BASE CTL_SUFFIX
+#define CHARON_PID_FILE CHARON_BASE PID_SUFFIX
+#endif /* IKEV2 */
 
 #define DYNIP_DIR       "/var/run/dynip"
 #define INFO_FILE       "/var/run/ipsec.info"
diff -Naur strongswan-2.7.0/programs/starter/invokecharon.c strongswan-2.7.0-patched/programs/starter/invokecharon.c
--- strongswan-2.7.0/programs/starter/invokecharon.c	1970-01-01 01:00:00.000000000 +0100
+++ strongswan-2.7.0-patched/programs/starter/invokecharon.c	2006-04-28 08:56:38.000000000 +0200
@@ -0,0 +1,174 @@
+/* strongSwan charon launcher
+ * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
+ * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
+ *
+ * Ported from invokepluto.c to fit charons needs.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * RCSID $Id: invokecharon.c $
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <signal.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include <freeswan.h>
+
+#include "../pluto/constants.h"
+#include "../pluto/defs.h"
+#include "../pluto/log.h"
+
+#include "confread.h"
+#include "invokecharon.h"
+#include "files.h"
+
+static int _charon_pid = 0;
+static int _stop_requested;
+
+pid_t
+starter_charon_pid(void)
+{
+    return _charon_pid;
+}
+
+void
+starter_charon_sigchild(pid_t pid)
+{
+	if (pid == _charon_pid)
+    {
+		_charon_pid = 0;
+	if (!_stop_requested)
+	{
+	    plog("charon has died -- restart scheduled (%dsec)"
+		, CHARON_RESTART_DELAY);
+	    alarm(CHARON_RESTART_DELAY);   // restart in 5 sec
+	}
+	unlink(CHARON_PID_FILE);
+    }
+}
+
+int
+starter_stop_charon (void)
+{
+    pid_t pid;
+    int i;
+
+    pid = _charon_pid;
+    if (pid)
+    {
+	_stop_requested = 1;
+
+	/* be more and more aggressive */
+	for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++)
+	{
+		if (i == 0)
+			kill(pid, SIGINT);
+	    else if (i < 10)
+			kill(pid, SIGTERM);
+	    else
+			kill(pid, SIGKILL);
+	    usleep(20000);
+	}
+	if (_charon_pid == 0)
+	    return 0;
+	plog("starter_stop_charon(): can't stop charon !!!");
+	return -1;
+    }
+    else
+    {
+	plog("stater_stop_charon(): charon is not started...");
+    }
+    return -1;
+}
+
+
+int
+starter_start_charon (starter_config_t *cfg, bool debug)
+{
+    int pid, i;
+    struct stat stb;
+    int argc = 1;
+    char *arg[] = {
+	CHARON_CMD, NULL, NULL,
+    };
+
+    if (!debug)
+    {
+	arg[argc++] = "--use-syslog";
+    }
+	
+    if (_charon_pid)
+    {
+	plog("starter_start_charon(): charon already started...");
+	return -1;
+    }
+    else
+    {
+	unlink(CHARON_CTL_FILE);
+	_stop_requested = 0;
+
+	pid = fork();
+	switch (pid)
+	{
+	case -1:
+	    plog("can't fork(): %s", strerror(errno));
+	    return -1;
+	case 0:
+	    /* child */
+	    setsid();
+	    sigprocmask(SIG_SETMASK, 0, NULL);
+	    execv(arg[0], arg);
+	    plog("can't execv(%s,...): %s", arg[0], strerror(errno));
+	    exit(1);
+	default:
+	    /* father */
+		_charon_pid = pid;
+		for (i = 0; i < 50 && _charon_pid; i++)
+	    {
+		/* wait for charon */
+		usleep(20000);
+		if (stat(CHARON_PID_FILE, &stb) == 0)
+		{
+		    DBG(DBG_CONTROL,
+			DBG_log("charon (%d) started", _charon_pid)
+		    )
+		    return 0;
+		}
+	    }
+	    if (_charon_pid)
+	    {
+		/* If charon is started but with no ctl file, stop it */
+		plog("charon too long to start... - kill kill");
+		for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++)
+		{
+			if (i == 0)
+			kill(pid, SIGINT);
+		    else if (i < 10)
+			kill(pid, SIGTERM);
+		    else
+			kill(pid, SIGKILL);
+		    usleep(20000);
+		}
+	    }
+	    else
+	    {
+		plog("charon refused to be started");
+	    }
+	    return -1;
+	}
+    }
+    return -1;
+}
diff -Naur strongswan-2.7.0/programs/starter/invokecharon.h strongswan-2.7.0-patched/programs/starter/invokecharon.h
--- strongswan-2.7.0/programs/starter/invokecharon.h	1970-01-01 01:00:00.000000000 +0100
+++ strongswan-2.7.0-patched/programs/starter/invokecharon.h	2006-04-28 08:56:38.000000000 +0200
@@ -0,0 +1,31 @@
+/* strongSwan charon launcher
+ * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
+ * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
+ *
+ * Ported from invokepluto.h to fit charons needs.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * RCSID $Id: invokecharon.h $
+ */
+
+#ifndef _STARTER_CHARON_H_
+#define _STARTER_CHARON_H_
+
+#define CHARON_RESTART_DELAY    5
+
+extern void starter_charon_sigchild (pid_t pid);
+extern pid_t starter_charon_pid (void);
+extern int starter_stop_charon (void);
+extern int starter_start_charon(struct starter_config *cfg, bool debug);
+
+#endif /* _STARTER_CHARON_H_ */
+
diff -Naur strongswan-2.7.0/programs/starter/invokepluto.c strongswan-2.7.0-patched/programs/starter/invokepluto.c
--- strongswan-2.7.0/programs/starter/invokepluto.c	2006-02-17 22:41:50.000000000 +0100
+++ strongswan-2.7.0-patched/programs/starter/invokepluto.c	2006-04-28 08:56:38.000000000 +0200
@@ -54,7 +54,7 @@
 		, PLUTO_RESTART_DELAY);
 	    alarm(PLUTO_RESTART_DELAY);   // restart in 5 sec
 	}
-	unlink(PID_FILE);
+	unlink(PLUTO_PID_FILE);
     }
 }
 
@@ -203,7 +203,7 @@
     }
     else
     {
-	unlink(CTL_FILE);
+	unlink(PLUTO_CTL_FILE);
 	_stop_requested = 0;
 
 	if (cfg->setup.prepluto)
@@ -252,7 +252,7 @@
 	    {
 		/* wait for pluto */
 		usleep(20000);
-		if (stat(CTL_FILE, &stb) == 0)
+		if (stat(PLUTO_CTL_FILE, &stb) == 0)
 		{
 		    DBG(DBG_CONTROL,
 			DBG_log("pluto (%d) started", _pluto_pid)
diff -Naur strongswan-2.7.0/programs/starter/starter.c strongswan-2.7.0-patched/programs/starter/starter.c
--- strongswan-2.7.0/programs/starter/starter.c	2006-02-15 19:37:46.000000000 +0100
+++ strongswan-2.7.0-patched/programs/starter/starter.c	2006-04-28 08:56:38.000000000 +0200
@@ -37,6 +37,7 @@
 #include "files.h"
 #include "starterwhack.h"
 #include "invokepluto.h"
+#include "invokecharon.h"
 #include "klips.h"
 #include "netkey.h"
 #include "cmp.h"
@@ -47,6 +48,9 @@
 #define FLAG_ACTION_RELOAD        0x04
 #define FLAG_ACTION_QUIT          0x08
 #define FLAG_ACTION_LISTEN        0x10
+#ifdef IKEV2
+#define FLAG_ACTION_START_CHARON  0x20
+#endif /* IKEV2 */
 
 static unsigned int _action_ = 0;
 
@@ -65,6 +69,10 @@
 	    {
 		if (pid == starter_pluto_pid())
 		    name = " (Pluto)";
+#ifdef IKEV2
+		if (pid == starter_charon_pid())
+		    name = " (Charon)";
+#endif /* IKEV2 */
 		if (WIFSIGNALED(status))
 		    DBG(DBG_CONTROL,
 			DBG_log("child %d%s has been killed by sig %d\n",
@@ -87,6 +95,10 @@
 
 		if (pid == starter_pluto_pid())
 		    starter_pluto_sigchild(pid);
+#ifdef IKEV2
+		if (pid == starter_charon_pid())
+		    starter_charon_sigchild(pid);
+#endif /* IKEV2 */
 	    }
 	}
 	break;
@@ -97,6 +109,9 @@
 
     case SIGALRM:
 	_action_ |= FLAG_ACTION_START_PLUTO;
+#ifdef IKEV2
+	_action_ |= FLAG_ACTION_START_CHARON;
+#endif /* IKEV2 */
 	break;
 
     case SIGHUP:
@@ -193,6 +208,9 @@
     signal(SIGQUIT, fsig);
     signal(SIGALRM, fsig);
     signal(SIGUSR1, fsig);
+	
+	
+	plog("Starting strongSwan IPsec %s [starter]...", ipsec_version_code());
 
     /* verify that we can start */
     if (getuid() != 0)
@@ -201,12 +219,24 @@
 	exit(1);
     }
 
-    if (stat(PID_FILE, &stb) == 0)
+    if (stat(PLUTO_PID_FILE, &stb) == 0)
     {
-	plog("pluto is already running (%s exists) -- aborting", PID_FILE);
-	exit(1);
+	plog("pluto is already running (%s exists) -- skipping pluto start", PLUTO_PID_FILE);
     }
-
+    else
+    {
+	_action_ |= FLAG_ACTION_START_PLUTO;
+    }
+#ifdef IKEV2
+    if (stat(CHARON_PID_FILE, &stb) == 0)
+    {
+	plog("charon is already running (%s exists) -- skipping charon start", CHARON_PID_FILE);
+    }
+    else
+    {
+	_action_ |= FLAG_ACTION_START_CHARON;
+    }
+#endif /* IKEV2 */
     if (stat(DEV_RANDOM, &stb) != 0)
     {
 	plog("unable to start strongSwan IPsec -- no %s!", DEV_RANDOM);
@@ -247,7 +277,11 @@
 
     last_reload = time(NULL);
 
-    plog("Starting strongSwan IPsec %s [starter]...", ipsec_version_code());
+    if (stat(MY_PID_FILE, &stb) == 0)
+    {
+	plog("starter is already running (%s exists) -- no fork done", MY_PID_FILE);
+	exit(0);
+    }
 
     /* fork if we're not debugging stuff */
     if (!no_fork)
@@ -296,17 +330,19 @@
 		      , &cfg->defaultroute);
     }
 
-    _action_ = FLAG_ACTION_START_PLUTO;
-
     for (;;)
     {
 	/*
-	 * Stop pluto (if started) and exit
-         */
+	 * Stop pluto/charon (if started) and exit
+	 */
 	if (_action_ & FLAG_ACTION_QUIT)
 	{
 	    if (starter_pluto_pid())
 		starter_stop_pluto();
+#ifdef IKEV2
+		if (starter_charon_pid())
+		starter_stop_charon();
+#endif IKEV2
 	    if (has_netkey)
 		starter_netkey_cleanup();
 	    else
@@ -337,6 +373,9 @@
 		    if (conn->state == STATE_ADDED)
 		    {
 			starter_whack_del_conn(conn);
+#ifdef IKEV2
+			starter_stroke_del_conn(conn);
+#endif /* IKEV2 */
 			conn->state = STATE_TO_ADD;
 		    }
 		}
@@ -427,6 +466,9 @@
 		    {
 			if (conn->state == STATE_ADDED)
 			    starter_whack_del_conn(conn);
+#ifdef IKEV2
+			    starter_stroke_del_conn(conn);
+#endif /* IKEV2 */
 		    }
 
 		    /* Look for new ca sections that are already loaded */
@@ -502,6 +544,27 @@
 		    conn->state = STATE_TO_ADD;
 	    }
 	}
+	
+#ifdef IKEV2
+	/*
+	 * Start charon
+	 */
+	if (_action_ & FLAG_ACTION_START_CHARON)
+	{
+		if (starter_charon_pid() == 0)
+		{
+			DBG(DBG_CONTROL,
+				DBG_log("Attempting to start charon...")
+			   )
+			if (starter_start_charon(cfg, no_fork) != 0)
+			{
+				/* schedule next try */
+				alarm(PLUTO_RESTART_DELAY);
+			}
+		}
+		_action_ &= ~FLAG_ACTION_START_CHARON;
+	}
+#endif /* IKEV2 */
 
 	/*
 	 * Tell pluto to reread its interfaces
@@ -536,11 +599,36 @@
 			conn->id = id++;
 		    }
 		    starter_whack_add_conn(conn);
+#ifdef IKEV2
+		    starter_stroke_add_conn(conn);
+#endif /* IKEV2 */
 		    conn->state = STATE_ADDED;
 		    if (conn->startup == STARTUP_START)
-			starter_whack_initiate_conn(conn);
+		    {
+#ifdef IKEV2
+			if (conn->keyexchange == 2)
+			{
+			    starter_stroke_initiate_conn(conn);
+			}
+			else
+#endif /* IKEV2 */
+			{
+			    starter_whack_initiate_conn(conn);
+			}
+		    }
 		    else if (conn->startup == STARTUP_ROUTE)
-			starter_whack_route_conn(conn);
+		    {
+#ifdef IKEV2
+			if (conn->keyexchange == 2)
+			{
+				starter_stroke_route_conn(conn);
+			}
+			else
+#endif /* IKEV2 */
+			{
+				starter_whack_route_conn(conn);	
+			}
+		    }
 		}
 	    }
 	}
diff -Naur strongswan-2.7.0/programs/starter/starterstroke.c strongswan-2.7.0-patched/programs/starter/starterstroke.c
--- strongswan-2.7.0/programs/starter/starterstroke.c	1970-01-01 01:00:00.000000000 +0100
+++ strongswan-2.7.0-patched/programs/starter/starterstroke.c	2006-04-28 08:56:38.000000000 +0200
@@ -0,0 +1,161 @@
+/* Stroke for charon is the counterpart to whack from pluto
+ * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * RCSID $Id: starterstroke.c $
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <linux/stddef.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <freeswan.h>
+
+#include "../pluto/constants.h"
+#include "../pluto/defs.h"
+#include "../pluto/log.h"
+
+#include "../charon/stroke/stroke.h"
+
+#include "starterstroke.h"
+#include "confread.h"
+#include "files.h"
+
+static char* push_string(stroke_msg_t **strm, char *string)
+{
+	stroke_msg_t *stroke_msg;
+	size_t string_length;
+	
+	if (string == NULL)
+	{
+		return NULL;
+	}
+	stroke_msg = *strm;
+	string_length = strlen(string) + 1;
+	stroke_msg->length += string_length;
+	
+	stroke_msg = realloc(stroke_msg, stroke_msg->length);
+	strcpy((char*)stroke_msg + stroke_msg->length - string_length, string);
+	
+	*strm = stroke_msg;
+	return (char*)(u_int)stroke_msg->length - string_length;
+}
+
+static int
+send_stroke_msg (stroke_msg_t *msg)
+{
+	struct sockaddr_un ctl_addr = { AF_UNIX, CHARON_CTL_FILE };
+	int sock;
+	
+	sock = socket(AF_UNIX, SOCK_STREAM, 0);
+	if (sock < 0)
+	{
+	plog("socket() failed: %s", strerror(errno));
+	return -1;
+	}
+	if (connect(sock, (struct sockaddr *)&ctl_addr,
+	offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0)
+	{
+	plog("connect(charon_ctl) failed: %s", strerror(errno));
+	close(sock);
+	return -1;
+	}
+	
+	/* send message */
+	if (write(sock, msg, msg->length) != msg->length)
+	{
+	plog("write(charon_ctl) failed: %s", strerror(errno));
+	close(sock);
+	return -1;
+	}
+	
+	close(sock);
+	return 0;
+}
+
+static char *
+connection_name(starter_conn_t *conn)
+{
+    /* if connection name is '%auto', create a new name like conn_xxxxx */
+    static char buf[32];
+
+    if (streq(conn->name, "%auto"))
+    {
+	sprintf(buf, "conn_%ld", conn->id);
+	return buf;
+    }
+    return conn->name;
+}
+
+
+int starter_stroke_add_conn(starter_conn_t *conn)
+{
+	stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
+	int res;
+	
+	msg->length = sizeof(stroke_msg_t);
+	msg->type = STR_ADD_CONN;
+	
+	msg->add_conn.name = push_string(&msg, connection_name(conn));
+	
+	msg->add_conn.me.id = push_string(&msg, conn->left.id);
+	msg->add_conn.me.cert = push_string(&msg, conn->left.cert);
+	msg->add_conn.me.address = push_string(&msg, inet_ntoa(conn->left.addr.u.v4.sin_addr));
+	msg->add_conn.me.subnet = push_string(&msg, inet_ntoa(conn->left.subnet.addr.u.v4.sin_addr));
+	msg->add_conn.me.subnet_mask = conn->left.subnet.maskbits;
+	
+	msg->add_conn.other.id = push_string(&msg, conn->right.id);
+	msg->add_conn.other.cert = push_string(&msg, conn->right.cert);
+	msg->add_conn.other.address = push_string(&msg, inet_ntoa(conn->right.addr.u.v4.sin_addr));
+	msg->add_conn.other.subnet = push_string(&msg, inet_ntoa(conn->right.subnet.addr.u.v4.sin_addr));
+	msg->add_conn.other.subnet_mask = conn->right.subnet.maskbits;
+	
+	res = send_stroke_msg(msg);
+	free(msg);
+	return res;
+}
+
+int starter_stroke_del_conn(starter_conn_t *conn)
+{
+	return 0;
+}
+int starter_stroke_route_conn(starter_conn_t *conn)
+{
+	stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
+	int res;
+	
+	msg->length = sizeof(stroke_msg_t);
+	msg->type = STR_INSTALL;
+	msg->install.name = push_string(&msg, connection_name(conn));
+	res = send_stroke_msg(msg);
+	free(msg);
+	return res;
+}
+
+int starter_stroke_initiate_conn(starter_conn_t *conn)
+{
+	stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
+	int res;
+	
+	msg->length = sizeof(stroke_msg_t);
+	msg->type = STR_INITIATE;
+	msg->initiate.name = push_string(&msg, connection_name(conn));
+	res = send_stroke_msg(msg);
+	free(msg);
+	return res;
+}
diff -Naur strongswan-2.7.0/programs/starter/starterstroke.h strongswan-2.7.0-patched/programs/starter/starterstroke.h
--- strongswan-2.7.0/programs/starter/starterstroke.h	1970-01-01 01:00:00.000000000 +0100
+++ strongswan-2.7.0-patched/programs/starter/starterstroke.h	2006-04-28 08:56:38.000000000 +0200
@@ -0,0 +1,27 @@
+/* Stroke for charon is the counterpart to whack from pluto
+ * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * RCSID $Id: starterstroke.h $
+ */
+
+#ifndef _STARTER_STROKE_H_
+#define _STARTER_STROKE_H_
+
+#include "confread.h"
+
+extern int starter_stroke_add_conn(starter_conn_t *conn);
+extern int starter_stroke_del_conn(starter_conn_t *conn);
+extern int starter_stroke_route_conn(starter_conn_t *conn);
+extern int starter_stroke_initiate_conn(starter_conn_t *conn);
+
+#endif /* _STARTER_STROKE_H_ */
diff -Naur strongswan-2.7.0/programs/starter/starterwhack.c strongswan-2.7.0-patched/programs/starter/starterwhack.c
--- strongswan-2.7.0/programs/starter/starterwhack.c	2006-04-17 12:32:36.000000000 +0200
+++ strongswan-2.7.0-patched/programs/starter/starterwhack.c	2006-04-28 08:56:38.000000000 +0200
@@ -54,7 +54,7 @@
 static int
 send_whack_msg (whack_message_t *msg)
 {
-    struct sockaddr_un ctl_addr = { AF_UNIX, CTL_FILE };
+    struct sockaddr_un ctl_addr = { AF_UNIX, PLUTO_CTL_FILE };
     int sock;
     ssize_t len;
     char *str_next, *str_roof;