- patch for 2.7.0
[strongswan.git] / Source / patches / strongswan-2.7.0.patch
1 diff -Naur strongswan-2.7.0/Makefile.inc strongswan-2.7.0-charon/Makefile.inc
2 --- strongswan-2.7.0/Makefile.inc       2006-01-25 18:23:15.000000000 +0100
3 +++ strongswan-2.7.0-charon/Makefile.inc        2006-04-27 09:25:22.000000000 +0200
4 @@ -84,6 +84,8 @@
5  FINALLIBDIR=$(INC_USRLOCAL)/lib/ipsec
6  LIBDIR=$(DESTDIR)$(FINALLIBDIR)
7  
8 +# sharedlibdir is where shared libraries go
9 +SHAREDLIBDIR=$(DESTDIR)$(INC_USRLOCAL)/lib
10  
11  # where the appropriate manpage tree is located
12  # location within INC_USRLOCAL
13 @@ -284,6 +286,9 @@
14  # include PKCS11-based smartcard support
15  USE_SMARTCARD?=false
16  
17 +# support IKEv2 via charon
18 +USE_IKEV2?=true
19 +
20  # Default PKCS11 library
21  # Uncomment this line if using OpenSC <= 0.9.6
22  PKCS11_DEFAULT_LIB=\"/usr/lib/pkcs11/opensc-pkcs11.so\"
23 diff -Naur strongswan-2.7.0/programs/Makefile strongswan-2.7.0-charon/programs/Makefile
24 --- strongswan-2.7.0/programs/Makefile  2006-04-17 13:04:45.000000000 +0200
25 +++ strongswan-2.7.0-charon/programs/Makefile   2006-04-27 09:25:22.000000000 +0200
26 @@ -32,6 +32,10 @@
27  SUBDIRS+=showpolicy
28  endif
29  
30 +ifeq ($(USE_IKEV2),true)
31 +SUBDIRS+=charon
32 +endif
33 +
34  def:
35         @echo "Please read doc/intro.html or INSTALL before running make"
36         @false
37 diff -Naur strongswan-2.7.0/programs/ipsec/ipsec.in strongswan-2.7.0-charon/programs/ipsec/ipsec.in
38 --- strongswan-2.7.0/programs/ipsec/ipsec.in    2006-03-09 21:09:33.000000000 +0100
39 +++ strongswan-2.7.0-charon/programs/ipsec/ipsec.in     2006-04-27 09:27:27.000000000 +0200
40 @@ -26,6 +26,7 @@
41  export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
42  
43  IPSEC_STARTER_PID="/var/run/starter.pid"
44 +IPSEC_CHARON_PID="/var/run/charon.pid"
45  
46  # standardize PATH, and export it for everything else's benefit
47  PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
48 @@ -123,6 +124,10 @@
49  down)
50         shift
51         $IPSEC_EXECDIR/whack --name "$1" --terminate
52 +       if test -e $IPSEC_CHARON_PID
53 +       then
54 +           $IPSEC_EXECDIR/stroke down "$1"
55 +       fi
56         exit 0
57         ;;
58  listalgs|listpubkeys|listcerts|listcacerts|\
59 @@ -134,6 +139,10 @@
60         op="$1"
61         shift
62          $IPSEC_EXECDIR/whack "$@" "--$op"
63 +       if test -e $IPSEC_EXECDIR/stroke
64 +       then
65 +            $IPSEC_EXECDIR/stroke "$op"
66 +        fi
67         exit 0
68         ;;
69  ready)
70 @@ -180,8 +189,16 @@
71         if test $# -eq 0
72         then
73             $IPSEC_EXECDIR/whack "--$op"
74 +           if test -e $IPSEC_EXECDIR/stroke
75 +           then
76 +               $IPSEC_EXECDIR/stroke status
77 +           fi
78         else
79             $IPSEC_EXECDIR/whack --name "$1" "--$op"
80 +           if test -e $IPSEC_CHARON_PID
81 +           then
82 +               $IPSEC_EXECDIR/stroke status
83 +           fi
84         fi
85         exit 0
86         ;;
87 @@ -198,6 +215,10 @@
88  up)
89         shift
90         $IPSEC_EXECDIR/whack --name "$1" --initiate
91 +       if test -e $IPSEC_CHARON_PID
92 +       then
93 +           $IPSEC_EXECDIR/stroke up "$1"
94 +       fi
95         exit 0
96         ;;
97  update)
98 diff -Naur strongswan-2.7.0/programs/pluto/Makefile strongswan-2.7.0-charon/programs/pluto/Makefile
99 --- strongswan-2.7.0/programs/pluto/Makefile    2006-01-25 18:22:19.000000000 +0100
100 +++ strongswan-2.7.0-charon/programs/pluto/Makefile     2006-04-27 09:25:22.000000000 +0200
101 @@ -170,6 +170,11 @@
102    LIBSPLUTO+= -ldl
103  endif
104  
105 +# enable IKEv2 support
106 +ifeq ($(USE_IKEV2),true)
107 +  DEFINES+= -DIKEV2
108 +endif
109 +
110  # This compile option activates the leak detective
111  ifeq ($(USE_LEAK_DETECTIVE),true)
112    DEFINES+= -DLEAK_DETECTIVE
113 diff -Naur strongswan-2.7.0/programs/pluto/demux.c strongswan-2.7.0-charon/programs/pluto/demux.c
114 --- strongswan-2.7.0/programs/pluto/demux.c     2005-02-18 22:08:59.000000000 +0100
115 +++ strongswan-2.7.0-charon/programs/pluto/demux.c      2006-04-27 09:25:22.000000000 +0200
116 @@ -1229,6 +1229,15 @@
117         if (md->packet_pbs.roof - md->packet_pbs.cur >= (ptrdiff_t)isakmp_hdr_desc.size)
118         {
119             struct isakmp_hdr *hdr = (struct isakmp_hdr *)md->packet_pbs.cur;
120 +#ifdef IKEV2
121 +           if ((hdr->isa_version >> ISA_MAJ_SHIFT) == 0x2 &&
122 +                       (hdr->isa_version & ISA_MIN_MASK) == 0x0)
123 +           {
124 +               /* IKEv2 is handled from charon, ignore */
125 +               return;
126 +           }
127 +           else 
128 +#endif /* IKEV2 */
129             if ((hdr->isa_version >> ISA_MAJ_SHIFT) != ISAKMP_MAJOR_VERSION)
130             {
131                 SEND_NOTIFICATION(INVALID_MAJOR_VERSION);
132 diff -Naur strongswan-2.7.0/programs/starter/Makefile strongswan-2.7.0-charon/programs/starter/Makefile
133 --- strongswan-2.7.0/programs/starter/Makefile  2006-02-17 20:34:02.000000000 +0100
134 +++ strongswan-2.7.0-charon/programs/starter/Makefile   2006-04-27 09:25:22.000000000 +0200
135 @@ -34,6 +34,11 @@
136    DEFINES+= -DLEAK_DETECTIVE
137  endif
138  
139 +# Enable charon support
140 +ifeq ($(USE_IKEV2),true)
141 +  DEFINES+= -DIKEV2
142 +endif
143 +
144  INCLUDES=-I${FREESWANDIR}/linux/include
145  CFLAGS=$(DEFINES) $(INCLUDES) -Wall
146  CFLAGS+=-DIPSEC_EXECDIR=\"${FINALLIBEXECDIR}\" -DIPSEC_CONFDDIR=\"${FINALCONFDDIR}\"
147 @@ -46,6 +51,11 @@
148       starterwhack.o klips.o netkey.o interfaces.o exec.o cmp.o confread.o \
149       loglite.o ${PLUTO_OBJS}
150  
151 +# Build charon-only objs
152 +ifeq ($(USE_IKEV2),true)
153 +  OBJS+= invokecharon.o starterstroke.o
154 +endif
155 +
156  DISTSRC=$(OBJS:.o=.c)
157  DISTSRC+=cmp.h confread.h confwrite.h exec.h files.h interfaces.h klips.h netkey.h
158  DISTSRC+=parser.h args.h invokepluto.h starterwhack.h keywords.h keywords.txt
159 diff -Naur strongswan-2.7.0/programs/starter/args.c strongswan-2.7.0-charon/programs/starter/args.c
160 --- strongswan-2.7.0/programs/starter/args.c    2006-04-17 12:32:36.000000000 +0200
161 +++ strongswan-2.7.0-charon/programs/starter/args.c     2006-04-27 09:25:22.000000000 +0200
162 @@ -86,6 +86,10 @@
163  
164  static const char *LST_keyexchange[] = {
165      "ike",
166 +#ifdef IKEV2
167 +    "ikev1",
168 +    "ikev2",
169 +#endif /* IKEV2 */
170       NULL
171  };
172  
173 diff -Naur strongswan-2.7.0/programs/starter/files.h strongswan-2.7.0-charon/programs/starter/files.h
174 --- strongswan-2.7.0/programs/starter/files.h   2006-02-04 19:52:58.000000000 +0100
175 +++ strongswan-2.7.0-charon/programs/starter/files.h    2006-04-27 09:25:22.000000000 +0200
176 @@ -37,8 +37,15 @@
177  #define SECRETS_FILE   IPSEC_CONFDIR"/ipsec.secrets"
178  
179  #define PLUTO_CMD       IPSEC_EXECDIR"/pluto"
180 -#define CTL_FILE        DEFAULT_CTLBASE CTL_SUFFIX
181 -#define PID_FILE        DEFAULT_CTLBASE PID_SUFFIX
182 +#define PLUTO_CTL_FILE  DEFAULT_CTLBASE CTL_SUFFIX
183 +#define PLUTO_PID_FILE  DEFAULT_CTLBASE PID_SUFFIX
184 +
185 +#ifdef IKEV2
186 +#define CHARON_CMD             IPSEC_EXECDIR"/charon"
187 +#define CHARON_BASE            "/var/run/charon"
188 +#define CHARON_CTL_FILE CHARON_BASE CTL_SUFFIX
189 +#define CHARON_PID_FILE CHARON_BASE PID_SUFFIX
190 +#endif /* IKEV2 */
191  
192  #define DYNIP_DIR       "/var/run/dynip"
193  #define INFO_FILE       "/var/run/ipsec.info"
194 diff -Naur strongswan-2.7.0/programs/starter/invokecharon.c strongswan-2.7.0-charon/programs/starter/invokecharon.c
195 --- strongswan-2.7.0/programs/starter/invokecharon.c    1970-01-01 01:00:00.000000000 +0100
196 +++ strongswan-2.7.0-charon/programs/starter/invokecharon.c     2006-04-27 09:25:22.000000000 +0200
197 @@ -0,0 +1,174 @@
198 +/* strongSwan charon launcher
199 + * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
200 + * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
201 + *
202 + * Ported from invokepluto.c to fit charons needs.
203 + *
204 + * This program is free software; you can redistribute it and/or modify it
205 + * under the terms of the GNU General Public License as published by the
206 + * Free Software Foundation; either version 2 of the License, or (at your
207 + * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
208 + *
209 + * This program is distributed in the hope that it will be useful, but
210 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
211 + * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
212 + * for more details.
213 + *
214 + * RCSID $Id: invokecharon.c $
215 + */
216 +
217 +#include <sys/types.h>
218 +#include <sys/stat.h>
219 +#include <unistd.h>
220 +#include <signal.h>
221 +#include <string.h>
222 +#include <stdlib.h>
223 +#include <errno.h>
224 +
225 +#include <freeswan.h>
226 +
227 +#include "../pluto/constants.h"
228 +#include "../pluto/defs.h"
229 +#include "../pluto/log.h"
230 +
231 +#include "confread.h"
232 +#include "invokecharon.h"
233 +#include "files.h"
234 +
235 +static int _charon_pid = 0;
236 +static int _stop_requested;
237 +
238 +pid_t
239 +starter_charon_pid(void)
240 +{
241 +    return _charon_pid;
242 +}
243 +
244 +void
245 +starter_charon_sigchild(pid_t pid)
246 +{
247 +       if (pid == _charon_pid)
248 +    {
249 +               _charon_pid = 0;
250 +       if (!_stop_requested)
251 +       {
252 +           plog("charon has died -- restart scheduled (%dsec)"
253 +               , CHARON_RESTART_DELAY);
254 +           alarm(CHARON_RESTART_DELAY);   // restart in 5 sec
255 +       }
256 +       unlink(CHARON_PID_FILE);
257 +    }
258 +}
259 +
260 +int
261 +starter_stop_charon (void)
262 +{
263 +    pid_t pid;
264 +    int i;
265 +
266 +    pid = _charon_pid;
267 +    if (pid)
268 +    {
269 +       _stop_requested = 1;
270 +
271 +       /* be more and more aggressive */
272 +       for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++)
273 +       {
274 +               if (i == 0)
275 +                       kill(pid, SIGINT);
276 +           else if (i < 10)
277 +                       kill(pid, SIGTERM);
278 +           else
279 +                       kill(pid, SIGKILL);
280 +           usleep(20000);
281 +       }
282 +       if (_charon_pid == 0)
283 +           return 0;
284 +       plog("starter_stop_charon(): can't stop charon !!!");
285 +       return -1;
286 +    }
287 +    else
288 +    {
289 +       plog("stater_stop_charon(): charon is not started...");
290 +    }
291 +    return -1;
292 +}
293 +
294 +
295 +int
296 +starter_start_charon (starter_config_t *cfg, bool debug)
297 +{
298 +    int pid, i;
299 +    struct stat stb;
300 +    int argc = 1;
301 +    char *arg[] = {
302 +       CHARON_CMD, NULL, NULL,
303 +    };
304 +
305 +    if (!debug)
306 +    {
307 +       arg[argc++] = "--use-syslog";
308 +    }
309 +       
310 +    if (_charon_pid)
311 +    {
312 +       plog("starter_start_charon(): charon already started...");
313 +       return -1;
314 +    }
315 +    else
316 +    {
317 +       unlink(CHARON_CTL_FILE);
318 +       _stop_requested = 0;
319 +
320 +       pid = fork();
321 +       switch (pid)
322 +       {
323 +       case -1:
324 +           plog("can't fork(): %s", strerror(errno));
325 +           return -1;
326 +       case 0:
327 +           /* child */
328 +           setsid();
329 +           sigprocmask(SIG_SETMASK, 0, NULL);
330 +           execv(arg[0], arg);
331 +           plog("can't execv(%s,...): %s", arg[0], strerror(errno));
332 +           exit(1);
333 +       default:
334 +           /* father */
335 +               _charon_pid = pid;
336 +               for (i = 0; i < 50 && _charon_pid; i++)
337 +           {
338 +               /* wait for charon */
339 +               usleep(20000);
340 +               if (stat(CHARON_PID_FILE, &stb) == 0)
341 +               {
342 +                   DBG(DBG_CONTROL,
343 +                       DBG_log("charon (%d) started", _charon_pid)
344 +                   )
345 +                   return 0;
346 +               }
347 +           }
348 +           if (_charon_pid)
349 +           {
350 +               /* If charon is started but with no ctl file, stop it */
351 +               plog("charon too long to start... - kill kill");
352 +               for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++)
353 +               {
354 +                       if (i == 0)
355 +                       kill(pid, SIGINT);
356 +                   else if (i < 10)
357 +                       kill(pid, SIGTERM);
358 +                   else
359 +                       kill(pid, SIGKILL);
360 +                   usleep(20000);
361 +               }
362 +           }
363 +           else
364 +           {
365 +               plog("charon refused to be started");
366 +           }
367 +           return -1;
368 +       }
369 +    }
370 +    return -1;
371 +}
372 diff -Naur strongswan-2.7.0/programs/starter/invokecharon.h strongswan-2.7.0-charon/programs/starter/invokecharon.h
373 --- strongswan-2.7.0/programs/starter/invokecharon.h    1970-01-01 01:00:00.000000000 +0100
374 +++ strongswan-2.7.0-charon/programs/starter/invokecharon.h     2006-04-27 09:25:22.000000000 +0200
375 @@ -0,0 +1,31 @@
376 +/* strongSwan charon launcher
377 + * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
378 + * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
379 + *
380 + * Ported from invokepluto.h to fit charons needs.
381 + *
382 + * This program is free software; you can redistribute it and/or modify it
383 + * under the terms of the GNU General Public License as published by the
384 + * Free Software Foundation; either version 2 of the License, or (at your
385 + * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
386 + *
387 + * This program is distributed in the hope that it will be useful, but
388 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
389 + * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
390 + * for more details.
391 + *
392 + * RCSID $Id: invokecharon.h $
393 + */
394 +
395 +#ifndef _STARTER_CHARON_H_
396 +#define _STARTER_CHARON_H_
397 +
398 +#define CHARON_RESTART_DELAY    5
399 +
400 +extern void starter_charon_sigchild (pid_t pid);
401 +extern pid_t starter_charon_pid (void);
402 +extern int starter_stop_charon (void);
403 +extern int starter_start_charon(struct starter_config *cfg, bool debug);
404 +
405 +#endif /* _STARTER_CHARON_H_ */
406 +
407 diff -Naur strongswan-2.7.0/programs/starter/invokepluto.c strongswan-2.7.0-charon/programs/starter/invokepluto.c
408 --- strongswan-2.7.0/programs/starter/invokepluto.c     2006-02-17 22:41:50.000000000 +0100
409 +++ strongswan-2.7.0-charon/programs/starter/invokepluto.c      2006-04-27 09:25:22.000000000 +0200
410 @@ -54,7 +54,7 @@
411                 , PLUTO_RESTART_DELAY);
412             alarm(PLUTO_RESTART_DELAY);   // restart in 5 sec
413         }
414 -       unlink(PID_FILE);
415 +       unlink(PLUTO_PID_FILE);
416      }
417  }
418  
419 @@ -203,7 +203,7 @@
420      }
421      else
422      {
423 -       unlink(CTL_FILE);
424 +       unlink(PLUTO_CTL_FILE);
425         _stop_requested = 0;
426  
427         if (cfg->setup.prepluto)
428 @@ -252,7 +252,7 @@
429             {
430                 /* wait for pluto */
431                 usleep(20000);
432 -               if (stat(CTL_FILE, &stb) == 0)
433 +               if (stat(PLUTO_CTL_FILE, &stb) == 0)
434                 {
435                     DBG(DBG_CONTROL,
436                         DBG_log("pluto (%d) started", _pluto_pid)
437 diff -Naur strongswan-2.7.0/programs/starter/starter.c strongswan-2.7.0-charon/programs/starter/starter.c
438 --- strongswan-2.7.0/programs/starter/starter.c 2006-02-15 19:37:46.000000000 +0100
439 +++ strongswan-2.7.0-charon/programs/starter/starter.c  2006-04-27 09:25:22.000000000 +0200
440 @@ -37,6 +37,7 @@
441  #include "files.h"
442  #include "starterwhack.h"
443  #include "invokepluto.h"
444 +#include "invokecharon.h"
445  #include "klips.h"
446  #include "netkey.h"
447  #include "cmp.h"
448 @@ -47,6 +48,9 @@
449  #define FLAG_ACTION_RELOAD        0x04
450  #define FLAG_ACTION_QUIT          0x08
451  #define FLAG_ACTION_LISTEN        0x10
452 +#ifdef IKEV2
453 +#define FLAG_ACTION_START_CHARON  0x20
454 +#endif /* IKEV2 */
455  
456  static unsigned int _action_ = 0;
457  
458 @@ -65,6 +69,10 @@
459             {
460                 if (pid == starter_pluto_pid())
461                     name = " (Pluto)";
462 +#ifdef IKEV2
463 +               if (pid == starter_charon_pid())
464 +                   name = " (Charon)";
465 +#endif /* IKEV2 */
466                 if (WIFSIGNALED(status))
467                     DBG(DBG_CONTROL,
468                         DBG_log("child %d%s has been killed by sig %d\n",
469 @@ -87,6 +95,10 @@
470  
471                 if (pid == starter_pluto_pid())
472                     starter_pluto_sigchild(pid);
473 +#ifdef IKEV2
474 +               if (pid == starter_charon_pid())
475 +                   starter_charon_sigchild(pid);
476 +#endif /* IKEV2 */
477             }
478         }
479         break;
480 @@ -97,6 +109,9 @@
481  
482      case SIGALRM:
483         _action_ |= FLAG_ACTION_START_PLUTO;
484 +#ifdef IKEV2
485 +       _action_ |= FLAG_ACTION_START_CHARON;
486 +#endif /* IKEV2 */
487         break;
488  
489      case SIGHUP:
490 @@ -193,6 +208,9 @@
491      signal(SIGQUIT, fsig);
492      signal(SIGALRM, fsig);
493      signal(SIGUSR1, fsig);
494 +       
495 +       
496 +       plog("Starting strongSwan IPsec %s [starter]...", ipsec_version_code());
497  
498      /* verify that we can start */
499      if (getuid() != 0)
500 @@ -201,12 +219,24 @@
501         exit(1);
502      }
503  
504 -    if (stat(PID_FILE, &stb) == 0)
505 +    if (stat(PLUTO_PID_FILE, &stb) == 0)
506      {
507 -       plog("pluto is already running (%s exists) -- aborting", PID_FILE);
508 -       exit(1);
509 +       plog("pluto is already running (%s exists) -- skipping pluto start", PLUTO_PID_FILE);
510      }
511 -
512 +    else
513 +    {
514 +       _action_ |= FLAG_ACTION_START_PLUTO;
515 +    }
516 +#ifdef IKEV2
517 +    if (stat(CHARON_PID_FILE, &stb) == 0)
518 +    {
519 +       plog("charon is already running (%s exists) -- skipping charon start", CHARON_PID_FILE);
520 +    }
521 +    else
522 +    {
523 +       _action_ |= FLAG_ACTION_START_CHARON;
524 +    }
525 +#endif /* IKEV2 */
526      if (stat(DEV_RANDOM, &stb) != 0)
527      {
528         plog("unable to start strongSwan IPsec -- no %s!", DEV_RANDOM);
529 @@ -247,7 +277,11 @@
530  
531      last_reload = time(NULL);
532  
533 -    plog("Starting strongSwan IPsec %s [starter]...", ipsec_version_code());
534 +    if (stat(MY_PID_FILE, &stb) == 0)
535 +    {
536 +       plog("starter is already running (%s exists) -- no fork done", MY_PID_FILE);
537 +       exit(0);
538 +    }
539  
540      /* fork if we're not debugging stuff */
541      if (!no_fork)
542 @@ -296,17 +330,19 @@
543                       , &cfg->defaultroute);
544      }
545  
546 -    _action_ = FLAG_ACTION_START_PLUTO;
547 -
548      for (;;)
549      {
550         /*
551 -        * Stop pluto (if started) and exit
552 -         */
553 +        * Stop pluto/charon (if started) and exit
554 +        */
555         if (_action_ & FLAG_ACTION_QUIT)
556         {
557             if (starter_pluto_pid())
558                 starter_stop_pluto();
559 +#ifdef IKEV2
560 +               if (starter_charon_pid())
561 +               starter_stop_charon();
562 +#endif IKEV2
563             if (has_netkey)
564                 starter_netkey_cleanup();
565             else
566 @@ -337,6 +373,9 @@
567                     if (conn->state == STATE_ADDED)
568                     {
569                         starter_whack_del_conn(conn);
570 +#ifdef IKEV2
571 +                       starter_stroke_del_conn(conn);
572 +#endif /* IKEV2 */
573                         conn->state = STATE_TO_ADD;
574                     }
575                 }
576 @@ -427,6 +466,9 @@
577                     {
578                         if (conn->state == STATE_ADDED)
579                             starter_whack_del_conn(conn);
580 +#ifdef IKEV2
581 +                           starter_stroke_del_conn(conn);
582 +#endif /* IKEV2 */
583                     }
584  
585                     /* Look for new ca sections that are already loaded */
586 @@ -502,6 +544,27 @@
587                     conn->state = STATE_TO_ADD;
588             }
589         }
590 +       
591 +#ifdef IKEV2
592 +       /*
593 +        * Start charon
594 +        */
595 +       if (_action_ & FLAG_ACTION_START_CHARON)
596 +       {
597 +               if (starter_charon_pid() == 0)
598 +               {
599 +                       DBG(DBG_CONTROL,
600 +                               DBG_log("Attempting to start charon...")
601 +                          )
602 +                       if (starter_start_charon(cfg, no_fork) != 0)
603 +                       {
604 +                               /* schedule next try */
605 +                               alarm(PLUTO_RESTART_DELAY);
606 +                       }
607 +               }
608 +               _action_ &= ~FLAG_ACTION_START_CHARON;
609 +       }
610 +#endif /* IKEV2 */
611  
612         /*
613          * Tell pluto to reread its interfaces
614 @@ -536,11 +599,36 @@
615                         conn->id = id++;
616                     }
617                     starter_whack_add_conn(conn);
618 +#ifdef IKEV2
619 +                   starter_stroke_add_conn(conn);
620 +#endif /* IKEV2 */
621                     conn->state = STATE_ADDED;
622                     if (conn->startup == STARTUP_START)
623 -                       starter_whack_initiate_conn(conn);
624 +                   {
625 +#ifdef IKEV2
626 +                       if (conn->keyexchange == 2)
627 +                       {
628 +                           starter_stroke_initiate_conn(conn);
629 +                       }
630 +                       else
631 +#endif /* IKEV2 */
632 +                       {
633 +                           starter_whack_initiate_conn(conn);
634 +                       }
635 +                   }
636                     else if (conn->startup == STARTUP_ROUTE)
637 -                       starter_whack_route_conn(conn);
638 +                   {
639 +#ifdef IKEV2
640 +                       if (conn->keyexchange == 2)
641 +                       {
642 +                               starter_stroke_route_conn(conn);
643 +                       }
644 +                       else
645 +#endif /* IKEV2 */
646 +                       {
647 +                               starter_whack_route_conn(conn); 
648 +                       }
649 +                   }
650                 }
651             }
652         }
653 diff -Naur strongswan-2.7.0/programs/starter/starterstroke.c strongswan-2.7.0-charon/programs/starter/starterstroke.c
654 --- strongswan-2.7.0/programs/starter/starterstroke.c   1970-01-01 01:00:00.000000000 +0100
655 +++ strongswan-2.7.0-charon/programs/starter/starterstroke.c    2006-04-27 09:25:22.000000000 +0200
656 @@ -0,0 +1,161 @@
657 +/* Stroke for charon is the counterpart to whack from pluto
658 + * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
659 + *
660 + * This program is free software; you can redistribute it and/or modify it
661 + * under the terms of the GNU General Public License as published by the
662 + * Free Software Foundation; either version 2 of the License, or (at your
663 + * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
664 + *
665 + * This program is distributed in the hope that it will be useful, but
666 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
667 + * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
668 + * for more details.
669 + *
670 + * RCSID $Id: starterstroke.c $
671 + */
672 +
673 +#include <sys/types.h>
674 +#include <sys/socket.h>
675 +#include <sys/un.h>
676 +#include <linux/stddef.h>
677 +#include <unistd.h>
678 +#include <stdlib.h>
679 +#include <errno.h>
680 +#include <netinet/in.h>
681 +#include <arpa/inet.h>
682 +
683 +#include <freeswan.h>
684 +
685 +#include "../pluto/constants.h"
686 +#include "../pluto/defs.h"
687 +#include "../pluto/log.h"
688 +
689 +#include "../charon/stroke/stroke.h"
690 +
691 +#include "starterstroke.h"
692 +#include "confread.h"
693 +#include "files.h"
694 +
695 +static char* push_string(stroke_msg_t **strm, char *string)
696 +{
697 +       stroke_msg_t *stroke_msg;
698 +       size_t string_length;
699 +       
700 +       if (string == NULL)
701 +       {
702 +               return NULL;
703 +       }
704 +       stroke_msg = *strm;
705 +       string_length = strlen(string) + 1;
706 +       stroke_msg->length += string_length;
707 +       
708 +       stroke_msg = realloc(stroke_msg, stroke_msg->length);
709 +       strcpy((char*)stroke_msg + stroke_msg->length - string_length, string);
710 +       
711 +       *strm = stroke_msg;
712 +       return (char*)(u_int)stroke_msg->length - string_length;
713 +}
714 +
715 +static int
716 +send_stroke_msg (stroke_msg_t *msg)
717 +{
718 +       struct sockaddr_un ctl_addr = { AF_UNIX, CHARON_CTL_FILE };
719 +       int sock;
720 +       
721 +       sock = socket(AF_UNIX, SOCK_STREAM, 0);
722 +       if (sock < 0)
723 +       {
724 +       plog("socket() failed: %s", strerror(errno));
725 +       return -1;
726 +       }
727 +       if (connect(sock, (struct sockaddr *)&ctl_addr,
728 +       offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0)
729 +       {
730 +       plog("connect(charon_ctl) failed: %s", strerror(errno));
731 +       close(sock);
732 +       return -1;
733 +       }
734 +       
735 +       /* send message */
736 +       if (write(sock, msg, msg->length) != msg->length)
737 +       {
738 +       plog("write(charon_ctl) failed: %s", strerror(errno));
739 +       close(sock);
740 +       return -1;
741 +       }
742 +       
743 +       close(sock);
744 +       return 0;
745 +}
746 +
747 +static char *
748 +connection_name(starter_conn_t *conn)
749 +{
750 +    /* if connection name is '%auto', create a new name like conn_xxxxx */
751 +    static char buf[32];
752 +
753 +    if (streq(conn->name, "%auto"))
754 +    {
755 +       sprintf(buf, "conn_%ld", conn->id);
756 +       return buf;
757 +    }
758 +    return conn->name;
759 +}
760 +
761 +
762 +int starter_stroke_add_conn(starter_conn_t *conn)
763 +{
764 +       stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
765 +       int res;
766 +       
767 +       msg->length = sizeof(stroke_msg_t);
768 +       msg->type = STR_ADD_CONN;
769 +       
770 +       msg->add_conn.name = push_string(&msg, connection_name(conn));
771 +       
772 +       msg->add_conn.me.id = push_string(&msg, conn->left.id);
773 +       msg->add_conn.me.cert = push_string(&msg, conn->left.cert);
774 +       msg->add_conn.me.address = push_string(&msg, inet_ntoa(conn->left.addr.u.v4.sin_addr));
775 +       msg->add_conn.me.subnet = push_string(&msg, inet_ntoa(conn->left.subnet.addr.u.v4.sin_addr));
776 +       msg->add_conn.me.subnet_mask = conn->left.subnet.maskbits;
777 +       
778 +       msg->add_conn.other.id = push_string(&msg, conn->right.id);
779 +       msg->add_conn.other.cert = push_string(&msg, conn->right.cert);
780 +       msg->add_conn.other.address = push_string(&msg, inet_ntoa(conn->right.addr.u.v4.sin_addr));
781 +       msg->add_conn.other.subnet = push_string(&msg, inet_ntoa(conn->right.subnet.addr.u.v4.sin_addr));
782 +       msg->add_conn.other.subnet_mask = conn->right.subnet.maskbits;
783 +       
784 +       res = send_stroke_msg(msg);
785 +       free(msg);
786 +       return res;
787 +}
788 +
789 +int starter_stroke_del_conn(starter_conn_t *conn)
790 +{
791 +       return 0;
792 +}
793 +int starter_stroke_route_conn(starter_conn_t *conn)
794 +{
795 +       stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
796 +       int res;
797 +       
798 +       msg->length = sizeof(stroke_msg_t);
799 +       msg->type = STR_INSTALL;
800 +       msg->install.name = push_string(&msg, connection_name(conn));
801 +       res = send_stroke_msg(msg);
802 +       free(msg);
803 +       return res;
804 +}
805 +
806 +int starter_stroke_initiate_conn(starter_conn_t *conn)
807 +{
808 +       stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
809 +       int res;
810 +       
811 +       msg->length = sizeof(stroke_msg_t);
812 +       msg->type = STR_INITIATE;
813 +       msg->initiate.name = push_string(&msg, connection_name(conn));
814 +       res = send_stroke_msg(msg);
815 +       free(msg);
816 +       return res;
817 +}
818 diff -Naur strongswan-2.7.0/programs/starter/starterstroke.h strongswan-2.7.0-charon/programs/starter/starterstroke.h
819 --- strongswan-2.7.0/programs/starter/starterstroke.h   1970-01-01 01:00:00.000000000 +0100
820 +++ strongswan-2.7.0-charon/programs/starter/starterstroke.h    2006-04-27 09:25:22.000000000 +0200
821 @@ -0,0 +1,27 @@
822 +/* Stroke for charon is the counterpart to whack from pluto
823 + * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
824 + *
825 + * This program is free software; you can redistribute it and/or modify it
826 + * under the terms of the GNU General Public License as published by the
827 + * Free Software Foundation; either version 2 of the License, or (at your
828 + * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
829 + *
830 + * This program is distributed in the hope that it will be useful, but
831 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
832 + * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
833 + * for more details.
834 + *
835 + * RCSID $Id: starterstroke.h $
836 + */
837 +
838 +#ifndef _STARTER_STROKE_H_
839 +#define _STARTER_STROKE_H_
840 +
841 +#include "confread.h"
842 +
843 +extern int starter_stroke_add_conn(starter_conn_t *conn);
844 +extern int starter_stroke_del_conn(starter_conn_t *conn);
845 +extern int starter_stroke_route_conn(starter_conn_t *conn);
846 +extern int starter_stroke_initiate_conn(starter_conn_t *conn);
847 +
848 +#endif /* _STARTER_STROKE_H_ */
849 diff -Naur strongswan-2.7.0/programs/starter/starterwhack.c strongswan-2.7.0-charon/programs/starter/starterwhack.c
850 --- strongswan-2.7.0/programs/starter/starterwhack.c    2006-04-17 12:32:36.000000000 +0200
851 +++ strongswan-2.7.0-charon/programs/starter/starterwhack.c     2006-04-27 09:25:22.000000000 +0200
852 @@ -54,7 +54,7 @@
853  static int
854  send_whack_msg (whack_message_t *msg)
855  {
856 -    struct sockaddr_un ctl_addr = { AF_UNIX, CTL_FILE };
857 +    struct sockaddr_un ctl_addr = { AF_UNIX, PLUTO_CTL_FILE };
858      int sock;
859      ssize_t len;
860      char *str_next, *str_roof;