Added a TFC padding option to child_cfg
authorMartin Willi <martin@revosec.ch>
Wed, 8 Dec 2010 12:41:04 +0000 (12:41 +0000)
committerMartin Willi <martin@revosec.ch>
Mon, 20 Dec 2010 08:45:39 +0000 (09:45 +0100)
12 files changed:
src/libcharon/config/child_cfg.c
src/libcharon/config/child_cfg.h
src/libcharon/plugins/android/android_service.c
src/libcharon/plugins/ha/ha_tunnel.c
src/libcharon/plugins/load_tester/load_tester_config.c
src/libcharon/plugins/maemo/maemo_service.c
src/libcharon/plugins/medcli/medcli_config.c
src/libcharon/plugins/nm/nm_service.c
src/libcharon/plugins/sql/sql_config.c
src/libcharon/plugins/stroke/stroke_config.c
src/libcharon/plugins/uci/uci_config.c
src/libcharon/sa/child_sa.c

index 070b35a..8ca3224 100644 (file)
@@ -123,6 +123,12 @@ struct private_child_cfg_t {
         * Optional mark to install outbound CHILD_SA with
         */
        mark_t mark_out;
+
+       /**
+        * Traffic Flow Confidentiality padding, if enabled
+        */
+       u_int32_t tfc;
+
        /**
         * set up IPsec transport SA in MIPv6 proxy mode
         */
@@ -441,6 +447,12 @@ METHOD(child_cfg_t, get_mark, mark_t,
        return inbound ? this->mark_in : this->mark_out;
 }
 
+METHOD(child_cfg_t, get_tfc, u_int32_t,
+       private_child_cfg_t *this)
+{
+       return this->tfc;
+}
+
 METHOD(child_cfg_t, set_mipv6_options, void,
        private_child_cfg_t *this, bool proxy_mode, bool install_policy)
 {
@@ -492,7 +504,7 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
                                                          ipsec_mode_t mode, action_t start_action,
                                                          action_t dpd_action, action_t close_action,
                                                          bool ipcomp, u_int32_t inactivity, u_int32_t reqid,
-                                                         mark_t *mark_in, mark_t *mark_out)
+                                                         mark_t *mark_in, mark_t *mark_out, u_int32_t tfc)
 {
        private_child_cfg_t *this;
 
@@ -517,6 +529,7 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
                        .get_inactivity = _get_inactivity,
                        .get_reqid = _get_reqid,
                        .get_mark = _get_mark,
+                       .get_tfc = _get_tfc,
                        .use_proxy_mode = _use_proxy_mode,
                        .install_policy = _install_policy,
                        .get_ref = _get_ref,
@@ -538,6 +551,7 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
                .proposals = linked_list_create(),
                .my_ts = linked_list_create(),
                .other_ts = linked_list_create(),
+               .tfc = tfc,
        );
 
        if (mark_in)
index 1f0c9c8..175ced7 100644 (file)
@@ -228,6 +228,13 @@ struct child_cfg_t {
        mark_t (*get_mark)(child_cfg_t *this, bool inbound);
 
        /**
+        * Get the TFC padding value to use for CHILD_SA.
+        *
+        * @return                              TFC padding, 0 to disable, -1 for MTU
+        */
+       u_int32_t (*get_tfc)(child_cfg_t *this);
+
+       /**
         * Sets two options needed for Mobile IPv6 interoperability
         *
         * @param proxy_mode    use IPsec transport proxy mode (default FALSE)
@@ -292,6 +299,7 @@ struct child_cfg_t {
  * @param reqid                                specific reqid to use for CHILD_SA, 0 for auto assign
  * @param mark_in                      optional inbound mark (can be NULL)
  * @param mark_out                     optional outbound mark (can be NULL)
+ * @param tfc                          TFC padding size, 0 to disable, -1 to pad to PMTU
  * @return                                     child_cfg_t object
  */
 child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
@@ -299,6 +307,6 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
                                                          ipsec_mode_t mode, action_t start_action,
                                                          action_t dpd_action, action_t close_action,
                                                          bool ipcomp, u_int32_t inactivity, u_int32_t reqid,
-                                                         mark_t *mark_in, mark_t *mark_out);
+                                                         mark_t *mark_in, mark_t *mark_out, u_int32_t tfc);
 
 #endif /** CHILD_CFG_H_ @}*/
index 1a68ff9..487567f 100644 (file)
@@ -292,7 +292,7 @@ static job_requeue_t initiate(private_android_service_t *this)
 
        child_cfg = child_cfg_create("android", &lifetime, NULL, TRUE, MODE_TUNNEL,
                                                                 ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
-                                                                0, 0, NULL, NULL);
+                                                                0, 0, NULL, NULL, 0);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
        ts = traffic_selector_create_dynamic(0, 0, 65535);
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
index 4accdfb..299053e 100644 (file)
@@ -224,7 +224,7 @@ static void setup_tunnel(private_ha_tunnel_t *this,
 
        child_cfg = child_cfg_create("ha", &lifetime, NULL, TRUE, MODE_TRANSPORT,
                                                                 ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
-                                                                0, 0, NULL, NULL);
+                                                                0, 0, NULL, NULL, 0);
        ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT);
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
        ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535);
index 4fe5cf5..71391d5 100644 (file)
@@ -225,7 +225,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
 
        child_cfg = child_cfg_create("load-test", &lifetime, NULL, TRUE, MODE_TUNNEL,
                                                                 ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
-                                                                0, 0, NULL, NULL);
+                                                                0, 0, NULL, NULL, 0);
        proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1");
        child_cfg->add_proposal(child_cfg, proposal);
        ts = traffic_selector_create_dynamic(0, 0, 65535);
index 8463f8a..1a1727b 100644 (file)
@@ -347,7 +347,7 @@ static gboolean initiate_connection(private_maemo_service_t *this,
 
        child_cfg = child_cfg_create(this->current, &lifetime, NULL /* updown */,
                                                                 TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE,
-                                                                ACTION_NONE, FALSE, 0, 0, NULL, NULL);
+                                                                ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
        ts = traffic_selector_create_dynamic(0, 0, 65535);
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
index 67f1c71..b5672db 100644 (file)
@@ -183,7 +183,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
 
        child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
                                                                 ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
-                                                                0, 0, NULL, NULL);
+                                                                0, 0, NULL, NULL, 0);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
        child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
@@ -262,7 +262,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
 
        child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
                                                                 ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
-                                                                0, 0, NULL, NULL);
+                                                                0, 0, NULL, NULL, 0);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
        child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
index 44b5f0c..4300b57 100644 (file)
@@ -519,7 +519,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
        child_cfg = child_cfg_create(priv->name, &lifetime,
                                                                 NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */
                                                                 ACTION_NONE, ACTION_NONE, ACTION_NONE, ipcomp,
-                                                                0, 0, NULL, NULL);
+                                                                0, 0, NULL, NULL, 0);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
        ts = traffic_selector_create_dynamic(0, 0, 65535);
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
index 82ff36a..dc01601 100644 (file)
@@ -174,7 +174,7 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e)
                };
                child_cfg = child_cfg_create(name, &lft, updown, hostaccess, mode,
                                                                         start, dpd, close, ipcomp, 0, reqid,
-                                                                        NULL, NULL);
+                                                                        NULL, NULL, 0);
                add_esp_proposals(this, child_cfg, id);
                add_traffic_selectors(this, child_cfg, id);
                return child_cfg;
index 00fbabd..0f55e51 100644 (file)
@@ -801,7 +801,7 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
                                msg->add_conn.me.updown, msg->add_conn.me.hostaccess,
                                msg->add_conn.mode, ACTION_NONE, dpd, dpd, msg->add_conn.ipcomp,
                                msg->add_conn.inactivity, msg->add_conn.reqid,
-                               &mark_in, &mark_out);
+                               &mark_in, &mark_out, 0);
        child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode,
                                                                                        msg->add_conn.install_policy);
        add_ts(this, &msg->add_conn.me, child_cfg, TRUE);
index f16da22..4e43388 100644 (file)
@@ -197,7 +197,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
 
                child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
                                                                         ACTION_NONE, ACTION_NONE, ACTION_NONE,
-                                                                        FALSE, 0, 0, NULL, NULL);
+                                                                        FALSE, 0, 0, NULL, NULL, 0);
                child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP));
                child_cfg->add_traffic_selector(child_cfg, TRUE, create_ts(local_net));
                child_cfg->add_traffic_selector(child_cfg, FALSE, create_ts(remote_net));
index 47518d6..4110815 100644 (file)
@@ -591,6 +591,8 @@ METHOD(child_sa_t, install, status_t,
                dst = this->other_addr;
                this->other_spi = spi;
                this->other_cpi = cpi;
+
+               tfc = this->config->get_tfc(this->config);
        }
 
        DBG2(DBG_CHD, "adding %s %N SA", inbound ? "inbound" : "outbound",