ike: Add an additional but separate AEAD proposal to IKE config, if supported
[strongswan.git] / src / libcharon / plugins / medcli / medcli_config.c
index e574910..c0b39e4 100644 (file)
@@ -61,37 +61,19 @@ static traffic_selector_t *ts_from_string(char *str)
 {
        if (str)
        {
-               int netbits = 32;
-               host_t *net;
-               char *pos;
+               traffic_selector_t *ts;
 
-               str = strdupa(str);
-               pos = strchr(str, '/');
-               if (pos)
+               ts = traffic_selector_create_from_cidr(str, 0, 0, 65535);
+               if (ts)
                {
-                       *pos++ = '\0';
-                       netbits = atoi(pos);
-               }
-               else
-               {
-                       if (strchr(str, ':'))
-                       {
-                               netbits = 128;
-                       }
-               }
-               net = host_create_from_string(str, 0);
-               if (net)
-               {
-                       return traffic_selector_create_from_subnet(net, netbits, 0, 0);
+                       return ts;
                }
        }
        return traffic_selector_create_dynamic(0, 0, 65535);
 }
 
-/**
- * implements backend_t.get_peer_cfg_by_name.
- */
-static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *name)
+METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
+       private_medcli_config_t *this, char *name)
 {
        enumerator_t *e;
        peer_cfg_t *peer_cfg, *med_cfg;
@@ -120,17 +102,19 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
                DESTROY_IF(e);
                return NULL;
        }
-       ike_cfg = ike_cfg_create(FALSE, FALSE,
-                                               "0.0.0.0", IKEV2_UDP_PORT, address, IKEV2_UDP_PORT);
+       ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE, "0.0.0.0",
+                                                        charon->socket->get_port(charon->socket, FALSE),
+                                                        address, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+       ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
        med_cfg = peer_cfg_create(
-               "mediation", 2, ike_cfg,
+               "mediation", ike_cfg,
                CERT_NEVER_SEND, UNIQUE_REPLACE,
-               1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
-               this->rekey*5, this->rekey*3,   /* jitter, overtime */
-               TRUE, this->dpd,                                /* mobike, dpddelay */
-               NULL, NULL,                                     /* vip, pool */
-               TRUE, NULL, NULL);                              /* mediation, med by, peer id */
+               1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
+               this->rekey*5, this->rekey*3,   /* jitter, overtime */
+               TRUE, FALSE, TRUE,                              /* mobike, aggressive, pull */
+               this->dpd, 0,                                   /* DPD delay, timeout */
+               TRUE, NULL, NULL);                              /* mediation, med by, peer id */
        e->destroy(e);
 
        auth = auth_cfg_create();
@@ -161,12 +145,12 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
                return NULL;
        }
        peer_cfg = peer_cfg_create(
-               name, 2, this->ike->get_ref(this->ike),
+               name, this->ike->get_ref(this->ike),
                CERT_NEVER_SEND, UNIQUE_REPLACE,
-               1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
-               this->rekey*5, this->rekey*3,   /* jitter, overtime */
-               TRUE, this->dpd,                                /* mobike, dpddelay */
-               NULL, NULL,                                     /* vip, pool */
+               1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
+               this->rekey*5, this->rekey*3,   /* jitter, overtime */
+               TRUE, FALSE, TRUE,                              /* mobike, aggressive, pull */
+               this->dpd, 0,                                   /* DPD delay, timeout */
                FALSE, med_cfg,                                 /* mediation, med by */
                identification_create_from_encoding(ID_KEY_ID, other));
 
@@ -182,7 +166,8 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
        peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
 
        child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
-                                                                ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL);
+                                                                ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
+                                                                0, 0, NULL, NULL, 0);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
        child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
@@ -191,11 +176,8 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
        return peer_cfg;
 }
 
-/**
- * Implementation of backend_t.create_ike_cfg_enumerator.
- */
-static enumerator_t* create_ike_cfg_enumerator(private_medcli_config_t *this,
-                                                                                          host_t *me, host_t *other)
+METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
+       private_medcli_config_t *this, host_t *me, host_t *other)
 {
        return enumerator_create_single(this->ike, NULL);
 }
@@ -215,10 +197,8 @@ typedef struct {
        int dpd;
 } peer_enumerator_t;
 
-/**
- * Implementation of peer_enumerator_t.public.enumerate
- */
-static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
+METHOD(enumerator_t, peer_enumerator_enumerate, bool,
+       peer_enumerator_t *this, peer_cfg_t **cfg)
 {
        char *name, *local_net, *remote_net;
        chunk_t me, other;
@@ -240,13 +220,13 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
                return FALSE;
        }
        this->current = peer_cfg_create(
-                               name, 2, this->ike->get_ref(this->ike),
+                               name, this->ike->get_ref(this->ike),
                                CERT_NEVER_SEND, UNIQUE_REPLACE,
-                               1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
-                               this->rekey*5, this->rekey*3,   /* jitter, overtime */
-                               TRUE, this->dpd,                                /* mobike, dpddelay */
-                               NULL, NULL,                                     /* vip, pool */
-                               FALSE, NULL, NULL);                     /* mediation, med by, peer id */
+                               1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
+                               this->rekey*5, this->rekey*3,   /* jitter, overtime */
+                               TRUE, FALSE, TRUE,                              /* mobike, aggressive, pull */
+                               this->dpd, 0,                                   /* DPD delay, timeout */
+                               FALSE, NULL, NULL);                             /* mediation, med by, peer id */
 
        auth = auth_cfg_create();
        auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
@@ -260,7 +240,8 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
        this->current->add_auth_cfg(this->current, auth, FALSE);
 
        child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
-                                                                ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL);
+                                                                ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
+                                                                0, 0, NULL, NULL, 0);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
        child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
@@ -269,31 +250,29 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
        return TRUE;
 }
 
-/**
- * Implementation of peer_enumerator_t.public.destroy
- */
-static void peer_enumerator_destroy(peer_enumerator_t *this)
+METHOD(enumerator_t, peer_enumerator_destroy, void,
+       peer_enumerator_t *this)
 {
        DESTROY_IF(this->current);
        this->inner->destroy(this->inner);
        free(this);
 }
 
-/**
- * Implementation of backend_t.create_peer_cfg_enumerator.
- */
-static enumerator_t* create_peer_cfg_enumerator(private_medcli_config_t *this,
-                                                                                               identification_t *me,
-                                                                                               identification_t *other)
+METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
+       private_medcli_config_t *this, identification_t *me,
+       identification_t *other)
 {
-       peer_enumerator_t *e = malloc_thing(peer_enumerator_t);
-
-       e->current = NULL;
-       e->ike = this->ike;
-       e->rekey = this->rekey;
-       e->dpd = this->dpd;
-       e->public.enumerate = (void*)peer_enumerator_enumerate;
-       e->public.destroy = (void*)peer_enumerator_destroy;
+       peer_enumerator_t *e;
+
+       INIT(e,
+               .public = {
+                       .enumerate = (void*)_peer_enumerator_enumerate,
+                       .destroy = _peer_enumerator_destroy,
+               },
+               .ike = this->ike,
+               .rekey = this->rekey,
+               .dpd = this->dpd,
+       );
 
        /* filter on IDs: NULL or ANY or matching KEY_ID */
        e->inner = this->db->query(this->db,
@@ -333,7 +312,7 @@ static job_requeue_t initiate_config(peer_cfg_t *peer_cfg)
                peer_cfg->get_ref(peer_cfg);
                enumerator->destroy(enumerator);
                charon->controller->initiate(charon->controller,
-                                                                        peer_cfg, child_cfg, NULL, NULL);
+                                                                        peer_cfg, child_cfg, NULL, NULL, 0);
        }
        else
        {
@@ -343,7 +322,7 @@ static job_requeue_t initiate_config(peer_cfg_t *peer_cfg)
 }
 
 /**
- * schedule initation of all "active" connections
+ * schedule initiation of all "active" connections
  */
 static void schedule_autoinit(private_medcli_config_t *this)
 {
@@ -362,7 +341,7 @@ static void schedule_autoinit(private_medcli_config_t *this)
                        if (peer_cfg)
                        {
                                /* schedule asynchronous initiation job */
-                               charon->processor->queue_job(charon->processor,
+                               lib->processor->queue_job(lib->processor,
                                                (job_t*)callback_job_create(
                                                                        (callback_job_cb_t)initiate_config,
                                                                        peer_cfg, (void*)peer_cfg->destroy, NULL));
@@ -372,10 +351,8 @@ static void schedule_autoinit(private_medcli_config_t *this)
        }
 }
 
-/**
- * Implementation of medcli_config_t.destroy.
- */
-static void destroy(private_medcli_config_t *this)
+METHOD(medcli_config_t, destroy, void,
+       private_medcli_config_t *this)
 {
        this->ike->destroy(this->ike);
        free(this);
@@ -386,22 +363,29 @@ static void destroy(private_medcli_config_t *this)
  */
 medcli_config_t *medcli_config_create(database_t *db)
 {
-       private_medcli_config_t *this = malloc_thing(private_medcli_config_t);
-
-       this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator;
-       this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator;
-       this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name;
-       this->public.destroy = (void(*)(medcli_config_t*))destroy;
-
-       this->db = db;
-       this->rekey = lib->settings->get_time(lib->settings, "medcli.rekey", 1200);
-       this->dpd = lib->settings->get_time(lib->settings, "medcli.dpd", 300);
-       this->ike = ike_cfg_create(FALSE, FALSE,
-                                               "0.0.0.0", IKEV2_UDP_PORT, "0.0.0.0", IKEV2_UDP_PORT);
+       private_medcli_config_t *this;
+
+       INIT(this,
+               .public = {
+                       .backend = {
+                               .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
+                               .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
+                               .get_peer_cfg_by_name = _get_peer_cfg_by_name,
+                       },
+                       .destroy = _destroy,
+               },
+               .db = db,
+               .rekey = lib->settings->get_time(lib->settings, "medcli.rekey", 1200),
+               .dpd = lib->settings->get_time(lib->settings, "medcli.dpd", 300),
+               .ike = ike_cfg_create(IKEV2, FALSE, FALSE, "0.0.0.0",
+                                                         charon->socket->get_port(charon->socket, FALSE),
+                                                         "0.0.0.0", IKEV2_UDP_PORT,
+                                                         FRAGMENTATION_NO, 0),
+       );
        this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
+       this->ike->add_proposal(this->ike, proposal_create_default_aead(PROTO_IKE));
 
        schedule_autoinit(this);
 
        return &this->public;
 }
-