From: Tobias Brunner Date: Tue, 15 May 2012 11:12:45 +0000 (+0200) Subject: starter: Store mode of the IPsec SA/policy in a separate member. X-Git-Tag: 5.0.0~141 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6d065f14ae04d582a5d3ef425a850fe7a85c9500;p=thirdparty%2Fstrongswan.git starter: Store mode of the IPsec SA/policy in a separate member. --- diff --git a/src/starter/confread.c b/src/starter/confread.c index 9814482da0..3779649514 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -83,8 +83,8 @@ static void default_values(starter_config_t *cfg) cfg->conn_default.seen = SEEN_NONE; cfg->conn_default.startup = STARTUP_NO; cfg->conn_default.state = STATE_IGNORE; - cfg->conn_default.policy = POLICY_ENCRYPT | POLICY_TUNNEL | POLICY_PUBKEY | - POLICY_PFS | POLICY_MOBIKE; + cfg->conn_default.mode = MODE_TUNNEL; + cfg->conn_default.policy = POLICY_PFS | POLICY_MOBIKE; cfg->conn_default.ike = strdupnull(ike_defaults); cfg->conn_default.esp = strdupnull(esp_defaults); @@ -312,7 +312,8 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token, 32 : 128; } } - conn->policy |= POLICY_TUNNEL; + conn->mode = MODE_TUNNEL; + conn->proxy_mode = FALSE; break; case KW_SENDCERT: if (end->sendcert == CERT_YES_SEND) @@ -372,7 +373,8 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token, } end->sourceip = strdupnull(value); end->has_natip = TRUE; - conn->policy |= POLICY_TUNNEL; + conn->mode = MODE_TUNNEL; + conn->proxy_mode = FALSE; break; } default: @@ -529,32 +531,30 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg switch (token) { case KW_TYPE: - conn->policy &= ~(POLICY_TUNNEL | POLICY_SHUNT_MASK); + conn->mode = MODE_TRANSPORT; + conn->proxy_mode = FALSE; if (streq(kw->value, "tunnel")) { - conn->policy |= POLICY_TUNNEL; + conn->mode = MODE_TUNNEL; } else if (streq(kw->value, "beet")) { - conn->policy |= POLICY_BEET; + conn->mode = MODE_BEET; } else if (streq(kw->value, "transport_proxy")) { - conn->policy |= POLICY_PROXY; + conn->mode = MODE_TRANSPORT; + conn->proxy_mode = TRUE; } else if (streq(kw->value, "passthrough") || streq(kw->value, "pass")) { - conn->policy |= POLICY_SHUNT_PASS; + conn->mode = MODE_PASS; } - else if (streq(kw->value, "drop")) + else if (streq(kw->value, "drop") || streq(kw->value, "reject")) { - conn->policy |= POLICY_SHUNT_DROP; + conn->mode = MODE_DROP; } - else if (streq(kw->value, "reject")) - { - conn->policy |= POLICY_SHUNT_REJECT; - } - else if (strcmp(kw->value, "transport") != 0) + else if (!streq(kw->value, "transport")) { DBG1(DBG_APP, "# bad policy value: %s=%s", kw->entry->name, kw->value); diff --git a/src/starter/confread.h b/src/starter/confread.h index fecce3fce6..e9a77d4386 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -18,6 +18,7 @@ #include #include "../pluto/constants.h" +#include #include "ipsec-parser.h" @@ -116,6 +117,8 @@ struct starter_conn { char *aaa_identity; char *xauth_identity; char *authby; + ipsec_mode_t mode; + bool proxy_mode; lset_t policy; time_t sa_ike_life_seconds; time_t sa_ipsec_life_seconds; diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index 6cd9b6c693..4161630849 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -1,4 +1,4 @@ -/* Stroke for charon is the counterpart to whack from pluto +/* * Copyright (C) 2006 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -204,31 +204,8 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) msg.add_conn.aaa_identity = push_string(&msg, conn->aaa_identity); msg.add_conn.xauth_identity = push_string(&msg, conn->xauth_identity); - if (conn->policy & POLICY_TUNNEL) - { - msg.add_conn.mode = MODE_TUNNEL; - } - else if (conn->policy & POLICY_BEET) - { - msg.add_conn.mode = MODE_BEET; - } - else if (conn->policy & POLICY_PROXY) - { - msg.add_conn.mode = MODE_TRANSPORT; - msg.add_conn.proxy_mode = TRUE; - } - else if (conn->policy & POLICY_SHUNT_PASS) - { - msg.add_conn.mode = MODE_PASS; - } - else if (conn->policy & (POLICY_SHUNT_DROP | POLICY_SHUNT_REJECT)) - { - msg.add_conn.mode = MODE_DROP; - } - else - { - msg.add_conn.mode = MODE_TRANSPORT; - } + msg.add_conn.mode = conn->mode; + msg.add_conn.proxy_mode = conn->proxy_mode; if (!(conn->policy & POLICY_DONT_REKEY)) { diff --git a/src/starter/starterstroke.h b/src/starter/starterstroke.h index f9b01c99ad..fd2a3e320e 100644 --- a/src/starter/starterstroke.h +++ b/src/starter/starterstroke.h @@ -1,5 +1,6 @@ -/* Stroke for charon is the counterpart to whack from pluto - * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -17,12 +18,12 @@ #include "confread.h" -extern int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn); -extern int starter_stroke_del_conn(starter_conn_t *conn); -extern int starter_stroke_route_conn(starter_conn_t *conn); -extern int starter_stroke_initiate_conn(starter_conn_t *conn); -extern int starter_stroke_add_ca(starter_ca_t *ca); -extern int starter_stroke_del_ca(starter_ca_t *ca); -extern int starter_stroke_configure(starter_config_t *cfg); +int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn); +int starter_stroke_del_conn(starter_conn_t *conn); +int starter_stroke_route_conn(starter_conn_t *conn); +int starter_stroke_initiate_conn(starter_conn_t *conn); +int starter_stroke_add_ca(starter_ca_t *ca); +int starter_stroke_del_ca(starter_ca_t *ca); +int starter_stroke_configure(starter_config_t *cfg); #endif /* _STARTER_STROKE_H_ */