]> git.ipfire.org Git - thirdparty/strongswan.git/blob - programs/charon/patches/strongswan-2.7.0.patch
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
- import of strongswan-2.7.0
[thirdparty/strongswan.git] / programs / charon / patches / strongswan-2.7.0.patch
1 diff -Naur strongswan-2.7.0/Makefile.inc strongswan-2.7.0-patched/Makefile.inc
2 --- strongswan-2.7.0/Makefile.inc 2006-01-25 18:23:15.000000000 +0100
3 +++ strongswan-2.7.0-patched/Makefile.inc 2006-04-28 08:56:38.000000000 +0200
4 @@ -84,6 +84,8 @@
5 FINALLIBDIR=$(INC_USRLOCAL)/lib/ipsec
6 LIBDIR=$(DESTDIR)$(FINALLIBDIR)
7
8 +# sharedlibdir is where shared libraries go
9 +SHAREDLIBDIR=$(DESTDIR)$(INC_USRLOCAL)/lib
10
11 # where the appropriate manpage tree is located
12 # location within INC_USRLOCAL
13 @@ -284,6 +286,9 @@
14 # include PKCS11-based smartcard support
15 USE_SMARTCARD?=false
16
17 +# support IKEv2 via charon
18 +USE_IKEV2?=true
19 +
20 # Default PKCS11 library
21 # Uncomment this line if using OpenSC <= 0.9.6
22 PKCS11_DEFAULT_LIB=\"/usr/lib/pkcs11/opensc-pkcs11.so\"
23 diff -Naur strongswan-2.7.0/programs/Makefile strongswan-2.7.0-patched/programs/Makefile
24 --- strongswan-2.7.0/programs/Makefile 2006-04-17 13:04:45.000000000 +0200
25 +++ strongswan-2.7.0-patched/programs/Makefile 2006-04-28 08:56:38.000000000 +0200
26 @@ -32,6 +32,10 @@
27 SUBDIRS+=showpolicy
28 endif
29
30 +ifeq ($(USE_IKEV2),true)
31 +SUBDIRS+=charon
32 +endif
33 +
34 def:
35 @echo "Please read doc/intro.html or INSTALL before running make"
36 @false
37 diff -Naur strongswan-2.7.0/programs/ipsec/ipsec.in strongswan-2.7.0-patched/programs/ipsec/ipsec.in
38 --- strongswan-2.7.0/programs/ipsec/ipsec.in 2006-03-09 21:09:33.000000000 +0100
39 +++ strongswan-2.7.0-patched/programs/ipsec/ipsec.in 2006-04-28 08:56:38.000000000 +0200
40 @@ -26,6 +26,7 @@
41 export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
42
43 IPSEC_STARTER_PID="/var/run/starter.pid"
44 +IPSEC_CHARON_PID="/var/run/charon.pid"
45
46 # standardize PATH, and export it for everything else's benefit
47 PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
48 @@ -123,6 +124,10 @@
49 down)
50 shift
51 $IPSEC_EXECDIR/whack --name "$1" --terminate
52 + if test -e $IPSEC_CHARON_PID
53 + then
54 + $IPSEC_EXECDIR/stroke down "$1"
55 + fi
56 exit 0
57 ;;
58 listalgs|listpubkeys|listcerts|listcacerts|\
59 @@ -134,6 +139,10 @@
60 op="$1"
61 shift
62 $IPSEC_EXECDIR/whack "$@" "--$op"
63 + if test -e $IPSEC_CHARON_PID
64 + then
65 + $IPSEC_EXECDIR/stroke "$op"
66 + fi
67 exit 0
68 ;;
69 ready)
70 @@ -180,8 +189,16 @@
71 if test $# -eq 0
72 then
73 $IPSEC_EXECDIR/whack "--$op"
74 + if test -e $IPSEC_CHARON_PID
75 + then
76 + $IPSEC_EXECDIR/stroke "$op"
77 + fi
78 else
79 $IPSEC_EXECDIR/whack --name "$1" "--$op"
80 + if test -e $IPSEC_CHARON_PID
81 + then
82 + $IPSEC_EXECDIR/stroke "$op" "$1"
83 + fi
84 fi
85 exit 0
86 ;;
87 @@ -198,6 +215,10 @@
88 up)
89 shift
90 $IPSEC_EXECDIR/whack --name "$1" --initiate
91 + if test -e $IPSEC_CHARON_PID
92 + then
93 + $IPSEC_EXECDIR/stroke up "$1"
94 + fi
95 exit 0
96 ;;
97 update)
98 diff -Naur strongswan-2.7.0/programs/pluto/Makefile strongswan-2.7.0-patched/programs/pluto/Makefile
99 --- strongswan-2.7.0/programs/pluto/Makefile 2006-01-25 18:22:19.000000000 +0100
100 +++ strongswan-2.7.0-patched/programs/pluto/Makefile 2006-04-28 08:56:38.000000000 +0200
101 @@ -170,6 +170,11 @@
102 LIBSPLUTO+= -ldl
103 endif
104
105 +# enable IKEv2 support
106 +ifeq ($(USE_IKEV2),true)
107 + DEFINES+= -DIKEV2
108 +endif
109 +
110 # This compile option activates the leak detective
111 ifeq ($(USE_LEAK_DETECTIVE),true)
112 DEFINES+= -DLEAK_DETECTIVE
113 diff -Naur strongswan-2.7.0/programs/pluto/demux.c strongswan-2.7.0-patched/programs/pluto/demux.c
114 --- strongswan-2.7.0/programs/pluto/demux.c 2005-02-18 22:08:59.000000000 +0100
115 +++ strongswan-2.7.0-patched/programs/pluto/demux.c 2006-04-28 08:56:13.000000000 +0200
116 @@ -1196,6 +1196,21 @@
117 }
118 #endif
119
120 +#ifdef IKEV2
121 +#define IKEV2_VERSION_OFFSET 17
122 +#define IKEV2_VERSION 0x20
123 +
124 + /* ignore IKEv2 packets - they will be handled by charon */
125 + if (pbs_room(&md->packet_pbs) > IKEV2_VERSION_OFFSET
126 + && md->packet_pbs.start[IKEV2_VERSION_OFFSET] == IKEV2_VERSION)
127 + {
128 + DBG(DBG_CONTROLMORE,
129 + DBG_log(" ignoring IKEv2 packet")
130 + )
131 + return FALSE;
132 + }
133 +#endif /* IKEV2 */
134 +
135 return TRUE;
136 }
137
138 @@ -1229,6 +1244,7 @@
139 if (md->packet_pbs.roof - md->packet_pbs.cur >= (ptrdiff_t)isakmp_hdr_desc.size)
140 {
141 struct isakmp_hdr *hdr = (struct isakmp_hdr *)md->packet_pbs.cur;
142 +
143 if ((hdr->isa_version >> ISA_MAJ_SHIFT) != ISAKMP_MAJOR_VERSION)
144 {
145 SEND_NOTIFICATION(INVALID_MAJOR_VERSION);
146 diff -Naur strongswan-2.7.0/programs/starter/Makefile strongswan-2.7.0-patched/programs/starter/Makefile
147 --- strongswan-2.7.0/programs/starter/Makefile 2006-02-17 20:34:02.000000000 +0100
148 +++ strongswan-2.7.0-patched/programs/starter/Makefile 2006-04-28 08:56:38.000000000 +0200
149 @@ -34,6 +34,11 @@
150 DEFINES+= -DLEAK_DETECTIVE
151 endif
152
153 +# Enable charon support
154 +ifeq ($(USE_IKEV2),true)
155 + DEFINES+= -DIKEV2
156 +endif
157 +
158 INCLUDES=-I${FREESWANDIR}/linux/include
159 CFLAGS=$(DEFINES) $(INCLUDES) -Wall
160 CFLAGS+=-DIPSEC_EXECDIR=\"${FINALLIBEXECDIR}\" -DIPSEC_CONFDDIR=\"${FINALCONFDDIR}\"
161 @@ -46,6 +51,11 @@
162 starterwhack.o klips.o netkey.o interfaces.o exec.o cmp.o confread.o \
163 loglite.o ${PLUTO_OBJS}
164
165 +# Build charon-only objs
166 +ifeq ($(USE_IKEV2),true)
167 + OBJS+= invokecharon.o starterstroke.o
168 +endif
169 +
170 DISTSRC=$(OBJS:.o=.c)
171 DISTSRC+=cmp.h confread.h confwrite.h exec.h files.h interfaces.h klips.h netkey.h
172 DISTSRC+=parser.h args.h invokepluto.h starterwhack.h keywords.h keywords.txt
173 diff -Naur strongswan-2.7.0/programs/starter/args.c strongswan-2.7.0-patched/programs/starter/args.c
174 --- strongswan-2.7.0/programs/starter/args.c 2006-04-17 12:32:36.000000000 +0200
175 +++ strongswan-2.7.0-patched/programs/starter/args.c 2006-04-28 08:56:38.000000000 +0200
176 @@ -86,6 +86,10 @@
177
178 static const char *LST_keyexchange[] = {
179 "ike",
180 +#ifdef IKEV2
181 + "ikev1",
182 + "ikev2",
183 +#endif /* IKEV2 */
184 NULL
185 };
186
187 diff -Naur strongswan-2.7.0/programs/starter/files.h strongswan-2.7.0-patched/programs/starter/files.h
188 --- strongswan-2.7.0/programs/starter/files.h 2006-02-04 19:52:58.000000000 +0100
189 +++ strongswan-2.7.0-patched/programs/starter/files.h 2006-04-28 08:56:38.000000000 +0200
190 @@ -37,8 +37,15 @@
191 #define SECRETS_FILE IPSEC_CONFDIR"/ipsec.secrets"
192
193 #define PLUTO_CMD IPSEC_EXECDIR"/pluto"
194 -#define CTL_FILE DEFAULT_CTLBASE CTL_SUFFIX
195 -#define PID_FILE DEFAULT_CTLBASE PID_SUFFIX
196 +#define PLUTO_CTL_FILE DEFAULT_CTLBASE CTL_SUFFIX
197 +#define PLUTO_PID_FILE DEFAULT_CTLBASE PID_SUFFIX
198 +
199 +#ifdef IKEV2
200 +#define CHARON_CMD IPSEC_EXECDIR"/charon"
201 +#define CHARON_BASE "/var/run/charon"
202 +#define CHARON_CTL_FILE CHARON_BASE CTL_SUFFIX
203 +#define CHARON_PID_FILE CHARON_BASE PID_SUFFIX
204 +#endif /* IKEV2 */
205
206 #define DYNIP_DIR "/var/run/dynip"
207 #define INFO_FILE "/var/run/ipsec.info"
208 diff -Naur strongswan-2.7.0/programs/starter/invokecharon.c strongswan-2.7.0-patched/programs/starter/invokecharon.c
209 --- strongswan-2.7.0/programs/starter/invokecharon.c 1970-01-01 01:00:00.000000000 +0100
210 +++ strongswan-2.7.0-patched/programs/starter/invokecharon.c 2006-04-28 08:56:38.000000000 +0200
211 @@ -0,0 +1,174 @@
212 +/* strongSwan charon launcher
213 + * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
214 + * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
215 + *
216 + * Ported from invokepluto.c to fit charons needs.
217 + *
218 + * This program is free software; you can redistribute it and/or modify it
219 + * under the terms of the GNU General Public License as published by the
220 + * Free Software Foundation; either version 2 of the License, or (at your
221 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
222 + *
223 + * This program is distributed in the hope that it will be useful, but
224 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
225 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
226 + * for more details.
227 + *
228 + * RCSID $Id: invokecharon.c $
229 + */
230 +
231 +#include <sys/types.h>
232 +#include <sys/stat.h>
233 +#include <unistd.h>
234 +#include <signal.h>
235 +#include <string.h>
236 +#include <stdlib.h>
237 +#include <errno.h>
238 +
239 +#include <freeswan.h>
240 +
241 +#include "../pluto/constants.h"
242 +#include "../pluto/defs.h"
243 +#include "../pluto/log.h"
244 +
245 +#include "confread.h"
246 +#include "invokecharon.h"
247 +#include "files.h"
248 +
249 +static int _charon_pid = 0;
250 +static int _stop_requested;
251 +
252 +pid_t
253 +starter_charon_pid(void)
254 +{
255 + return _charon_pid;
256 +}
257 +
258 +void
259 +starter_charon_sigchild(pid_t pid)
260 +{
261 + if (pid == _charon_pid)
262 + {
263 + _charon_pid = 0;
264 + if (!_stop_requested)
265 + {
266 + plog("charon has died -- restart scheduled (%dsec)"
267 + , CHARON_RESTART_DELAY);
268 + alarm(CHARON_RESTART_DELAY); // restart in 5 sec
269 + }
270 + unlink(CHARON_PID_FILE);
271 + }
272 +}
273 +
274 +int
275 +starter_stop_charon (void)
276 +{
277 + pid_t pid;
278 + int i;
279 +
280 + pid = _charon_pid;
281 + if (pid)
282 + {
283 + _stop_requested = 1;
284 +
285 + /* be more and more aggressive */
286 + for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++)
287 + {
288 + if (i == 0)
289 + kill(pid, SIGINT);
290 + else if (i < 10)
291 + kill(pid, SIGTERM);
292 + else
293 + kill(pid, SIGKILL);
294 + usleep(20000);
295 + }
296 + if (_charon_pid == 0)
297 + return 0;
298 + plog("starter_stop_charon(): can't stop charon !!!");
299 + return -1;
300 + }
301 + else
302 + {
303 + plog("stater_stop_charon(): charon is not started...");
304 + }
305 + return -1;
306 +}
307 +
308 +
309 +int
310 +starter_start_charon (starter_config_t *cfg, bool debug)
311 +{
312 + int pid, i;
313 + struct stat stb;
314 + int argc = 1;
315 + char *arg[] = {
316 + CHARON_CMD, NULL, NULL,
317 + };
318 +
319 + if (!debug)
320 + {
321 + arg[argc++] = "--use-syslog";
322 + }
323 +
324 + if (_charon_pid)
325 + {
326 + plog("starter_start_charon(): charon already started...");
327 + return -1;
328 + }
329 + else
330 + {
331 + unlink(CHARON_CTL_FILE);
332 + _stop_requested = 0;
333 +
334 + pid = fork();
335 + switch (pid)
336 + {
337 + case -1:
338 + plog("can't fork(): %s", strerror(errno));
339 + return -1;
340 + case 0:
341 + /* child */
342 + setsid();
343 + sigprocmask(SIG_SETMASK, 0, NULL);
344 + execv(arg[0], arg);
345 + plog("can't execv(%s,...): %s", arg[0], strerror(errno));
346 + exit(1);
347 + default:
348 + /* father */
349 + _charon_pid = pid;
350 + for (i = 0; i < 50 && _charon_pid; i++)
351 + {
352 + /* wait for charon */
353 + usleep(20000);
354 + if (stat(CHARON_PID_FILE, &stb) == 0)
355 + {
356 + DBG(DBG_CONTROL,
357 + DBG_log("charon (%d) started", _charon_pid)
358 + )
359 + return 0;
360 + }
361 + }
362 + if (_charon_pid)
363 + {
364 + /* If charon is started but with no ctl file, stop it */
365 + plog("charon too long to start... - kill kill");
366 + for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++)
367 + {
368 + if (i == 0)
369 + kill(pid, SIGINT);
370 + else if (i < 10)
371 + kill(pid, SIGTERM);
372 + else
373 + kill(pid, SIGKILL);
374 + usleep(20000);
375 + }
376 + }
377 + else
378 + {
379 + plog("charon refused to be started");
380 + }
381 + return -1;
382 + }
383 + }
384 + return -1;
385 +}
386 diff -Naur strongswan-2.7.0/programs/starter/invokecharon.h strongswan-2.7.0-patched/programs/starter/invokecharon.h
387 --- strongswan-2.7.0/programs/starter/invokecharon.h 1970-01-01 01:00:00.000000000 +0100
388 +++ strongswan-2.7.0-patched/programs/starter/invokecharon.h 2006-04-28 08:56:38.000000000 +0200
389 @@ -0,0 +1,31 @@
390 +/* strongSwan charon launcher
391 + * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
392 + * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
393 + *
394 + * Ported from invokepluto.h to fit charons needs.
395 + *
396 + * This program is free software; you can redistribute it and/or modify it
397 + * under the terms of the GNU General Public License as published by the
398 + * Free Software Foundation; either version 2 of the License, or (at your
399 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
400 + *
401 + * This program is distributed in the hope that it will be useful, but
402 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
403 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
404 + * for more details.
405 + *
406 + * RCSID $Id: invokecharon.h $
407 + */
408 +
409 +#ifndef _STARTER_CHARON_H_
410 +#define _STARTER_CHARON_H_
411 +
412 +#define CHARON_RESTART_DELAY 5
413 +
414 +extern void starter_charon_sigchild (pid_t pid);
415 +extern pid_t starter_charon_pid (void);
416 +extern int starter_stop_charon (void);
417 +extern int starter_start_charon(struct starter_config *cfg, bool debug);
418 +
419 +#endif /* _STARTER_CHARON_H_ */
420 +
421 diff -Naur strongswan-2.7.0/programs/starter/invokepluto.c strongswan-2.7.0-patched/programs/starter/invokepluto.c
422 --- strongswan-2.7.0/programs/starter/invokepluto.c 2006-02-17 22:41:50.000000000 +0100
423 +++ strongswan-2.7.0-patched/programs/starter/invokepluto.c 2006-04-28 08:56:38.000000000 +0200
424 @@ -54,7 +54,7 @@
425 , PLUTO_RESTART_DELAY);
426 alarm(PLUTO_RESTART_DELAY); // restart in 5 sec
427 }
428 - unlink(PID_FILE);
429 + unlink(PLUTO_PID_FILE);
430 }
431 }
432
433 @@ -203,7 +203,7 @@
434 }
435 else
436 {
437 - unlink(CTL_FILE);
438 + unlink(PLUTO_CTL_FILE);
439 _stop_requested = 0;
440
441 if (cfg->setup.prepluto)
442 @@ -252,7 +252,7 @@
443 {
444 /* wait for pluto */
445 usleep(20000);
446 - if (stat(CTL_FILE, &stb) == 0)
447 + if (stat(PLUTO_CTL_FILE, &stb) == 0)
448 {
449 DBG(DBG_CONTROL,
450 DBG_log("pluto (%d) started", _pluto_pid)
451 diff -Naur strongswan-2.7.0/programs/starter/starter.c strongswan-2.7.0-patched/programs/starter/starter.c
452 --- strongswan-2.7.0/programs/starter/starter.c 2006-02-15 19:37:46.000000000 +0100
453 +++ strongswan-2.7.0-patched/programs/starter/starter.c 2006-04-28 08:56:38.000000000 +0200
454 @@ -37,6 +37,7 @@
455 #include "files.h"
456 #include "starterwhack.h"
457 #include "invokepluto.h"
458 +#include "invokecharon.h"
459 #include "klips.h"
460 #include "netkey.h"
461 #include "cmp.h"
462 @@ -47,6 +48,9 @@
463 #define FLAG_ACTION_RELOAD 0x04
464 #define FLAG_ACTION_QUIT 0x08
465 #define FLAG_ACTION_LISTEN 0x10
466 +#ifdef IKEV2
467 +#define FLAG_ACTION_START_CHARON 0x20
468 +#endif /* IKEV2 */
469
470 static unsigned int _action_ = 0;
471
472 @@ -65,6 +69,10 @@
473 {
474 if (pid == starter_pluto_pid())
475 name = " (Pluto)";
476 +#ifdef IKEV2
477 + if (pid == starter_charon_pid())
478 + name = " (Charon)";
479 +#endif /* IKEV2 */
480 if (WIFSIGNALED(status))
481 DBG(DBG_CONTROL,
482 DBG_log("child %d%s has been killed by sig %d\n",
483 @@ -87,6 +95,10 @@
484
485 if (pid == starter_pluto_pid())
486 starter_pluto_sigchild(pid);
487 +#ifdef IKEV2
488 + if (pid == starter_charon_pid())
489 + starter_charon_sigchild(pid);
490 +#endif /* IKEV2 */
491 }
492 }
493 break;
494 @@ -97,6 +109,9 @@
495
496 case SIGALRM:
497 _action_ |= FLAG_ACTION_START_PLUTO;
498 +#ifdef IKEV2
499 + _action_ |= FLAG_ACTION_START_CHARON;
500 +#endif /* IKEV2 */
501 break;
502
503 case SIGHUP:
504 @@ -193,6 +208,9 @@
505 signal(SIGQUIT, fsig);
506 signal(SIGALRM, fsig);
507 signal(SIGUSR1, fsig);
508 +
509 +
510 + plog("Starting strongSwan IPsec %s [starter]...", ipsec_version_code());
511
512 /* verify that we can start */
513 if (getuid() != 0)
514 @@ -201,12 +219,24 @@
515 exit(1);
516 }
517
518 - if (stat(PID_FILE, &stb) == 0)
519 + if (stat(PLUTO_PID_FILE, &stb) == 0)
520 {
521 - plog("pluto is already running (%s exists) -- aborting", PID_FILE);
522 - exit(1);
523 + plog("pluto is already running (%s exists) -- skipping pluto start", PLUTO_PID_FILE);
524 }
525 -
526 + else
527 + {
528 + _action_ |= FLAG_ACTION_START_PLUTO;
529 + }
530 +#ifdef IKEV2
531 + if (stat(CHARON_PID_FILE, &stb) == 0)
532 + {
533 + plog("charon is already running (%s exists) -- skipping charon start", CHARON_PID_FILE);
534 + }
535 + else
536 + {
537 + _action_ |= FLAG_ACTION_START_CHARON;
538 + }
539 +#endif /* IKEV2 */
540 if (stat(DEV_RANDOM, &stb) != 0)
541 {
542 plog("unable to start strongSwan IPsec -- no %s!", DEV_RANDOM);
543 @@ -247,7 +277,11 @@
544
545 last_reload = time(NULL);
546
547 - plog("Starting strongSwan IPsec %s [starter]...", ipsec_version_code());
548 + if (stat(MY_PID_FILE, &stb) == 0)
549 + {
550 + plog("starter is already running (%s exists) -- no fork done", MY_PID_FILE);
551 + exit(0);
552 + }
553
554 /* fork if we're not debugging stuff */
555 if (!no_fork)
556 @@ -296,17 +330,19 @@
557 , &cfg->defaultroute);
558 }
559
560 - _action_ = FLAG_ACTION_START_PLUTO;
561 -
562 for (;;)
563 {
564 /*
565 - * Stop pluto (if started) and exit
566 - */
567 + * Stop pluto/charon (if started) and exit
568 + */
569 if (_action_ & FLAG_ACTION_QUIT)
570 {
571 if (starter_pluto_pid())
572 starter_stop_pluto();
573 +#ifdef IKEV2
574 + if (starter_charon_pid())
575 + starter_stop_charon();
576 +#endif IKEV2
577 if (has_netkey)
578 starter_netkey_cleanup();
579 else
580 @@ -337,6 +373,9 @@
581 if (conn->state == STATE_ADDED)
582 {
583 starter_whack_del_conn(conn);
584 +#ifdef IKEV2
585 + starter_stroke_del_conn(conn);
586 +#endif /* IKEV2 */
587 conn->state = STATE_TO_ADD;
588 }
589 }
590 @@ -427,6 +466,9 @@
591 {
592 if (conn->state == STATE_ADDED)
593 starter_whack_del_conn(conn);
594 +#ifdef IKEV2
595 + starter_stroke_del_conn(conn);
596 +#endif /* IKEV2 */
597 }
598
599 /* Look for new ca sections that are already loaded */
600 @@ -502,6 +544,27 @@
601 conn->state = STATE_TO_ADD;
602 }
603 }
604 +
605 +#ifdef IKEV2
606 + /*
607 + * Start charon
608 + */
609 + if (_action_ & FLAG_ACTION_START_CHARON)
610 + {
611 + if (starter_charon_pid() == 0)
612 + {
613 + DBG(DBG_CONTROL,
614 + DBG_log("Attempting to start charon...")
615 + )
616 + if (starter_start_charon(cfg, no_fork) != 0)
617 + {
618 + /* schedule next try */
619 + alarm(PLUTO_RESTART_DELAY);
620 + }
621 + }
622 + _action_ &= ~FLAG_ACTION_START_CHARON;
623 + }
624 +#endif /* IKEV2 */
625
626 /*
627 * Tell pluto to reread its interfaces
628 @@ -536,11 +599,36 @@
629 conn->id = id++;
630 }
631 starter_whack_add_conn(conn);
632 +#ifdef IKEV2
633 + starter_stroke_add_conn(conn);
634 +#endif /* IKEV2 */
635 conn->state = STATE_ADDED;
636 if (conn->startup == STARTUP_START)
637 - starter_whack_initiate_conn(conn);
638 + {
639 +#ifdef IKEV2
640 + if (conn->keyexchange == 2)
641 + {
642 + starter_stroke_initiate_conn(conn);
643 + }
644 + else
645 +#endif /* IKEV2 */
646 + {
647 + starter_whack_initiate_conn(conn);
648 + }
649 + }
650 else if (conn->startup == STARTUP_ROUTE)
651 - starter_whack_route_conn(conn);
652 + {
653 +#ifdef IKEV2
654 + if (conn->keyexchange == 2)
655 + {
656 + starter_stroke_route_conn(conn);
657 + }
658 + else
659 +#endif /* IKEV2 */
660 + {
661 + starter_whack_route_conn(conn);
662 + }
663 + }
664 }
665 }
666 }
667 diff -Naur strongswan-2.7.0/programs/starter/starterstroke.c strongswan-2.7.0-patched/programs/starter/starterstroke.c
668 --- strongswan-2.7.0/programs/starter/starterstroke.c 1970-01-01 01:00:00.000000000 +0100
669 +++ strongswan-2.7.0-patched/programs/starter/starterstroke.c 2006-04-28 08:56:38.000000000 +0200
670 @@ -0,0 +1,161 @@
671 +/* Stroke for charon is the counterpart to whack from pluto
672 + * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
673 + *
674 + * This program is free software; you can redistribute it and/or modify it
675 + * under the terms of the GNU General Public License as published by the
676 + * Free Software Foundation; either version 2 of the License, or (at your
677 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
678 + *
679 + * This program is distributed in the hope that it will be useful, but
680 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
681 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
682 + * for more details.
683 + *
684 + * RCSID $Id: starterstroke.c $
685 + */
686 +
687 +#include <sys/types.h>
688 +#include <sys/socket.h>
689 +#include <sys/un.h>
690 +#include <linux/stddef.h>
691 +#include <unistd.h>
692 +#include <stdlib.h>
693 +#include <errno.h>
694 +#include <netinet/in.h>
695 +#include <arpa/inet.h>
696 +
697 +#include <freeswan.h>
698 +
699 +#include "../pluto/constants.h"
700 +#include "../pluto/defs.h"
701 +#include "../pluto/log.h"
702 +
703 +#include "../charon/stroke/stroke.h"
704 +
705 +#include "starterstroke.h"
706 +#include "confread.h"
707 +#include "files.h"
708 +
709 +static char* push_string(stroke_msg_t **strm, char *string)
710 +{
711 + stroke_msg_t *stroke_msg;
712 + size_t string_length;
713 +
714 + if (string == NULL)
715 + {
716 + return NULL;
717 + }
718 + stroke_msg = *strm;
719 + string_length = strlen(string) + 1;
720 + stroke_msg->length += string_length;
721 +
722 + stroke_msg = realloc(stroke_msg, stroke_msg->length);
723 + strcpy((char*)stroke_msg + stroke_msg->length - string_length, string);
724 +
725 + *strm = stroke_msg;
726 + return (char*)(u_int)stroke_msg->length - string_length;
727 +}
728 +
729 +static int
730 +send_stroke_msg (stroke_msg_t *msg)
731 +{
732 + struct sockaddr_un ctl_addr = { AF_UNIX, CHARON_CTL_FILE };
733 + int sock;
734 +
735 + sock = socket(AF_UNIX, SOCK_STREAM, 0);
736 + if (sock < 0)
737 + {
738 + plog("socket() failed: %s", strerror(errno));
739 + return -1;
740 + }
741 + if (connect(sock, (struct sockaddr *)&ctl_addr,
742 + offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0)
743 + {
744 + plog("connect(charon_ctl) failed: %s", strerror(errno));
745 + close(sock);
746 + return -1;
747 + }
748 +
749 + /* send message */
750 + if (write(sock, msg, msg->length) != msg->length)
751 + {
752 + plog("write(charon_ctl) failed: %s", strerror(errno));
753 + close(sock);
754 + return -1;
755 + }
756 +
757 + close(sock);
758 + return 0;
759 +}
760 +
761 +static char *
762 +connection_name(starter_conn_t *conn)
763 +{
764 + /* if connection name is '%auto', create a new name like conn_xxxxx */
765 + static char buf[32];
766 +
767 + if (streq(conn->name, "%auto"))
768 + {
769 + sprintf(buf, "conn_%ld", conn->id);
770 + return buf;
771 + }
772 + return conn->name;
773 +}
774 +
775 +
776 +int starter_stroke_add_conn(starter_conn_t *conn)
777 +{
778 + stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
779 + int res;
780 +
781 + msg->length = sizeof(stroke_msg_t);
782 + msg->type = STR_ADD_CONN;
783 +
784 + msg->add_conn.name = push_string(&msg, connection_name(conn));
785 +
786 + msg->add_conn.me.id = push_string(&msg, conn->left.id);
787 + msg->add_conn.me.cert = push_string(&msg, conn->left.cert);
788 + msg->add_conn.me.address = push_string(&msg, inet_ntoa(conn->left.addr.u.v4.sin_addr));
789 + msg->add_conn.me.subnet = push_string(&msg, inet_ntoa(conn->left.subnet.addr.u.v4.sin_addr));
790 + msg->add_conn.me.subnet_mask = conn->left.subnet.maskbits;
791 +
792 + msg->add_conn.other.id = push_string(&msg, conn->right.id);
793 + msg->add_conn.other.cert = push_string(&msg, conn->right.cert);
794 + msg->add_conn.other.address = push_string(&msg, inet_ntoa(conn->right.addr.u.v4.sin_addr));
795 + msg->add_conn.other.subnet = push_string(&msg, inet_ntoa(conn->right.subnet.addr.u.v4.sin_addr));
796 + msg->add_conn.other.subnet_mask = conn->right.subnet.maskbits;
797 +
798 + res = send_stroke_msg(msg);
799 + free(msg);
800 + return res;
801 +}
802 +
803 +int starter_stroke_del_conn(starter_conn_t *conn)
804 +{
805 + return 0;
806 +}
807 +int starter_stroke_route_conn(starter_conn_t *conn)
808 +{
809 + stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
810 + int res;
811 +
812 + msg->length = sizeof(stroke_msg_t);
813 + msg->type = STR_INSTALL;
814 + msg->install.name = push_string(&msg, connection_name(conn));
815 + res = send_stroke_msg(msg);
816 + free(msg);
817 + return res;
818 +}
819 +
820 +int starter_stroke_initiate_conn(starter_conn_t *conn)
821 +{
822 + stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
823 + int res;
824 +
825 + msg->length = sizeof(stroke_msg_t);
826 + msg->type = STR_INITIATE;
827 + msg->initiate.name = push_string(&msg, connection_name(conn));
828 + res = send_stroke_msg(msg);
829 + free(msg);
830 + return res;
831 +}
832 diff -Naur strongswan-2.7.0/programs/starter/starterstroke.h strongswan-2.7.0-patched/programs/starter/starterstroke.h
833 --- strongswan-2.7.0/programs/starter/starterstroke.h 1970-01-01 01:00:00.000000000 +0100
834 +++ strongswan-2.7.0-patched/programs/starter/starterstroke.h 2006-04-28 08:56:38.000000000 +0200
835 @@ -0,0 +1,27 @@
836 +/* Stroke for charon is the counterpart to whack from pluto
837 + * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
838 + *
839 + * This program is free software; you can redistribute it and/or modify it
840 + * under the terms of the GNU General Public License as published by the
841 + * Free Software Foundation; either version 2 of the License, or (at your
842 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
843 + *
844 + * This program is distributed in the hope that it will be useful, but
845 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
846 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
847 + * for more details.
848 + *
849 + * RCSID $Id: starterstroke.h $
850 + */
851 +
852 +#ifndef _STARTER_STROKE_H_
853 +#define _STARTER_STROKE_H_
854 +
855 +#include "confread.h"
856 +
857 +extern int starter_stroke_add_conn(starter_conn_t *conn);
858 +extern int starter_stroke_del_conn(starter_conn_t *conn);
859 +extern int starter_stroke_route_conn(starter_conn_t *conn);
860 +extern int starter_stroke_initiate_conn(starter_conn_t *conn);
861 +
862 +#endif /* _STARTER_STROKE_H_ */
863 diff -Naur strongswan-2.7.0/programs/starter/starterwhack.c strongswan-2.7.0-patched/programs/starter/starterwhack.c
864 --- strongswan-2.7.0/programs/starter/starterwhack.c 2006-04-17 12:32:36.000000000 +0200
865 +++ strongswan-2.7.0-patched/programs/starter/starterwhack.c 2006-04-28 08:56:38.000000000 +0200
866 @@ -54,7 +54,7 @@
867 static int
868 send_whack_msg (whack_message_t *msg)
869 {
870 - struct sockaddr_un ctl_addr = { AF_UNIX, CTL_FILE };
871 + struct sockaddr_un ctl_addr = { AF_UNIX, PLUTO_CTL_FILE };
872 int sock;
873 ssize_t len;
874 char *str_next, *str_roof;
Unnamed repository; edit this file 'description' to name the repository.