*/
ipsec_mode_t mode;
+ /**
+ * action to take to start CHILD_SA
+ */
+ action_t start_action;
+
/**
* action to take on DPD
*/
return this->mode;
}
+METHOD(child_cfg_t, get_start_action, action_t,
+ private_child_cfg_t *this)
+{
+ return this->start_action;
+}
+
METHOD(child_cfg_t, get_dpd_action, action_t,
private_child_cfg_t *this)
{
*/
child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
char *updown, bool hostaccess,
- ipsec_mode_t mode, action_t dpd_action,
- action_t close_action, bool ipcomp,
- u_int32_t inactivity, u_int32_t reqid,
+ ipsec_mode_t mode, action_t start_action,
+ action_t dpd_action, action_t close_action,
+ bool ipcomp, u_int32_t inactivity, u_int32_t reqid,
mark_t *mark_in, mark_t *mark_out)
{
private_child_cfg_t *this;
.get_updown = _get_updown,
.get_hostaccess = _get_hostaccess,
.get_mode = _get_mode,
+ .get_start_action = _get_start_action,
.get_dpd_action = _get_dpd_action,
.get_close_action = _get_close_action,
.get_lifetime = _get_lifetime,
#include <kernel/kernel_ipsec.h>
/**
- * Action to take when DPD detected/connection gets closed by peer.
+ * Action to take when connection is loaded, DPD is detected or
+ * connection gets closed by peer.
*/
enum action_t {
/** No action */
ACTION_NONE,
- /** Route config to reestablish on demand */
+ /** Route config to establish or reestablish on demand */
ACTION_ROUTE,
- /** Restart config immediately */
+ /** Start or restart config immediately */
ACTION_RESTART,
};
*/
ipsec_mode_t (*get_mode) (child_cfg_t *this);
+ /**
+ * Action to take to start CHILD_SA.
+ *
+ * @return start action
+ */
+ action_t (*get_start_action) (child_cfg_t *this);
+
/**
* Action to take on DPD.
*
* @param updown updown script to execute on up/down event
* @param hostaccess TRUE to allow access to the local host
* @param mode mode to propose for CHILD_SA, transport, tunnel or BEET
+ * @param start_action start action
* @param dpd_action DPD action
* @param close_action close action
* @param ipcomp use IPComp, if peer supports it
*/
child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
char *updown, bool hostaccess,
- ipsec_mode_t mode, action_t dpd_action,
- action_t close_action, bool ipcomp,
- u_int32_t inactivity, u_int32_t reqid,
+ ipsec_mode_t mode, action_t start_action,
+ action_t dpd_action, action_t close_action,
+ bool ipcomp, u_int32_t inactivity, u_int32_t reqid,
mark_t *mark_in, mark_t *mark_out);
#endif /** CHILD_CFG_H_ @}*/
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
child_cfg = child_cfg_create("android", &lifetime, NULL, TRUE, MODE_TUNNEL,
- ACTION_NONE, ACTION_NONE, FALSE, 0, 0,
- NULL, NULL);
+ ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
+ 0, 0, NULL, NULL);
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
ts = traffic_selector_create_dynamic(0, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, FALSE);
child_cfg = child_cfg_create("ha", &lifetime, NULL, TRUE, MODE_TRANSPORT,
- ACTION_NONE, ACTION_NONE, FALSE, 0, 0,
- NULL, NULL);
+ ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
+ 0, 0, NULL, NULL);
ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535);
}
child_cfg = child_cfg_create("load-test", &lifetime, NULL, TRUE, MODE_TUNNEL,
- ACTION_NONE, ACTION_NONE, FALSE, 0, 0,
- NULL, NULL);
+ ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
+ 0, 0, NULL, NULL);
proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1");
child_cfg->add_proposal(child_cfg, proposal);
ts = traffic_selector_create_dynamic(0, 0, 65535);
child_cfg = child_cfg_create(this->current, &lifetime, NULL /* updown */,
TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE,
- FALSE, 0, 0, NULL, NULL);
+ ACTION_NONE, FALSE, 0, 0, NULL, NULL);
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
ts = traffic_selector_create_dynamic(0, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
- ACTION_NONE, ACTION_NONE, FALSE, 0, 0,
- NULL, NULL);
+ ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
+ 0, 0, NULL, NULL);
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
this->current->add_auth_cfg(this->current, auth, FALSE);
child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
- ACTION_NONE, ACTION_NONE, FALSE, 0, 0,
- NULL, NULL);
+ ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
+ 0, 0, NULL, NULL);
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
child_cfg = child_cfg_create(priv->name, &lifetime,
NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */
- ACTION_NONE, ACTION_NONE, ipcomp, 0, 0,
- NULL, NULL);
+ ACTION_NONE, ACTION_NONE, ACTION_NONE, ipcomp,
+ 0, 0, NULL, NULL);
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
ts = traffic_selector_create_dynamic(0, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
`updown` varchar(128) collate utf8_unicode_ci default NULL,
`hostaccess` tinyint(1) unsigned NOT NULL default '0',
`mode` tinyint(4) unsigned NOT NULL default '2',
+ `start_action` tinyint(4) unsigned NOT NULL default '0'
`dpd_action` tinyint(4) unsigned NOT NULL default '0',
`close_action` tinyint(4) unsigned NOT NULL default '0',
`ipcomp` tinyint(4) unsigned NOT NULL default '0',
*/
static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e)
{
- int id, lifetime, rekeytime, jitter, hostaccess, mode, dpd, close, ipcomp;
+ int id, lifetime, rekeytime, jitter, hostaccess, mode, ipcomp;
+ int start, dpd, close;
char *name, *updown;
child_cfg_t *child_cfg;
- if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter,
- &updown, &hostaccess, &mode, &dpd, &close, &ipcomp))
+ if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter, &updown,
+ &hostaccess, &mode, &start, &dpd, &close, &ipcomp))
{
lifetime_cfg_t lft = {
.time = { .life = lifetime, .rekey = rekeytime, .jitter = jitter }
};
child_cfg = child_cfg_create(name, &lft, updown, hostaccess, mode,
- dpd, close, ipcomp, 0, 0, NULL, NULL);
+ start, dpd, close, ipcomp, 0, 0, NULL, NULL);
/* TODO: read proposal from db */
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
add_traffic_selectors(this, child_cfg, id);
child_cfg_t *child_cfg;
e = this->db->query(this->db,
- "SELECT id, name, lifetime, rekeytime, jitter, "
- "updown, hostaccess, mode, dpd_action, close_action, ipcomp "
+ "SELECT id, name, lifetime, rekeytime, jitter, updown, "
+ "hostaccess, mode, start_action, dpd_action, close_action, ipcomp "
"FROM child_configs JOIN peer_config_child_config ON id = child_cfg "
"WHERE peer_cfg = ?",
DB_INT, id,
- DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT,
- DB_TEXT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT);
+ DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT, DB_TEXT,
+ DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT);
if (e)
{
while ((child_cfg = build_child_cfg(this, e)))
updown TEXT DEFAULT NULL,
hostaccess INTEGER NOT NULL DEFAULT '0',
mode INTEGER NOT NULL DEFAULT '2',
+ start_action INTEGER NOT NULL DEFAULT '0',
dpd_action INTEGER NOT NULL DEFAULT '0',
close_action INTEGER NOT NULL DEFAULT '0',
ipcomp INTEGER NOT NULL DEFAULT '0'
return found;
}
+/**
+ * Handles all connections that must be either started or routed
+ * Currently only for connections stored in an SQL database
+ * Connection defined in ipsec.conf are started via stroke commands
+ */
+static void start_all_connections(void)
+{
+ enumerator_t *enumerator, *children;
+ peer_cfg_t *peer_cfg;
+ child_cfg_t *child_cfg;
+ char *name;
+
+ enumerator = charon->backends->create_peer_cfg_enumerator(charon->backends,
+ NULL, NULL, NULL, NULL);
+ while (enumerator->enumerate(enumerator, &peer_cfg))
+ {
+ if (peer_cfg->get_ike_version(peer_cfg) != 2)
+ {
+ continue;
+ }
+
+ children = peer_cfg->create_child_cfg_enumerator(peer_cfg);
+ while (children->enumerate(children, &child_cfg))
+ {
+ name = child_cfg->get_name(child_cfg);
+
+ switch (child_cfg->get_start_action(child_cfg))
+ {
+ case ACTION_RESTART:
+ charon->controller->initiate(charon->controller,
+ peer_cfg->get_ref(peer_cfg),
+ child_cfg->get_ref(child_cfg),
+ NULL, NULL);
+ break;
+ case ACTION_ROUTE:
+ if (charon->traps->install(charon->traps, peer_cfg, child_cfg))
+ {
+ DBG1(DBG_CFG, "configuration '%s' routed", name);
+ }
+ else
+ {
+ DBG1(DBG_CFG, "routing configuration '%s' failed", name);
+ }
+ break;
+ case ACTION_NONE:
+ break;
+ }
+ }
+ children->destroy(children);
+ }
+ enumerator->destroy(enumerator);
+}
+
/**
* Implementation of stroke_control_t.initiate.
*/
child_cfg_t *child_cfg;
stroke_log_info_t info;
+ if (streq(msg->initiate.name, "%startall"))
+ {
+ start_all_connections();
+ return;
+ }
+
peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends,
msg->initiate.name);
if (peer_cfg == NULL)
this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, FALSE);
child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
- ACTION_NONE, ACTION_NONE, FALSE, 0, 0,
- NULL, NULL);
+ ACTION_NONE, ACTION_NONE, ACTION_NONE,
+ FALSE, 0, 0, NULL, NULL);
child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP));
child_cfg->add_traffic_selector(child_cfg, TRUE, create_ts(local_net));
child_cfg->add_traffic_selector(child_cfg, FALSE, create_ts(remote_net));
updown TEXT DEFAULT NULL,
hostaccess INTEGER NOT NULL DEFAULT '0',
mode INTEGER NOT NULL DEFAULT '2',
+ start_action INTEGER NOT NULL DEFAULT '0',
dpd_action INTEGER NOT NULL DEFAULT '0',
close_action INTEGER NOT NULL DEFAULT '0',
ipcomp INTEGER NOT NULL DEFAULT '0'
projects / thirdparty / strongswan.git / commitdiff
