Fixed some typos; whitespace cleanup.
authorTobias Brunner <tobias@strongswan.org>
Wed, 2 Sep 2009 15:26:36 +0000 (17:26 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 2 Sep 2009 15:30:46 +0000 (17:30 +0200)
18 files changed:
src/charon/config/peer_cfg.c
src/charon/config/peer_cfg.h
src/charon/control/controller.c
src/charon/daemon.c
src/charon/daemon.h
src/charon/encoding/message.c
src/charon/encoding/payloads/ike_header.c
src/charon/encoding/payloads/ike_header.h
src/charon/encoding/payloads/payload.h
src/charon/plugins/stroke/stroke_config.c
src/charon/processing/jobs/process_message_job.c
src/charon/sa/ike_sa.c
src/charon/sa/ike_sa.h
src/charon/sa/task_manager.c
src/charon/sa/tasks/ike_init.c
src/charon/sa/tasks/ike_natd.c
src/charon/sa/tasks/ike_reauth.c
src/charon/sa/tasks/task.h

index f096f26..b2d2991 100644 (file)
@@ -144,7 +144,7 @@ struct private_peer_cfg_t {
         */
        linked_list_t *remote_auth;
        
-#ifdef ME      
+#ifdef ME
        /**
         * Is this a mediation connection?
         */
@@ -567,7 +567,7 @@ static bool equals(private_peer_cfg_t *this, private_peer_cfg_t *other)
                (this->virtual_ip == other->virtual_ip ||
                 (this->virtual_ip && other->virtual_ip &&
                  this->virtual_ip->equals(this->virtual_ip, other->virtual_ip))) &&
-               (this->pool == other->pool || 
+               (this->pool == other->pool ||
                 (this->pool && other->pool && streq(this->pool, other->pool))) &&
                auth_cfg_equal(this, other)
 #ifdef ME
@@ -630,8 +630,8 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg,
        private_peer_cfg_t *this = malloc_thing(private_peer_cfg_t);
 
        /* public functions */
-       this->public.get_name = (char* (*) (peer_cfg_t *))get_name;     
-       this->public.get_ike_version = (u_int(*) (peer_cfg_t *))get_ike_version;        
+       this->public.get_name = (char* (*) (peer_cfg_t *))get_name;
+       this->public.get_ike_version = (u_int(*) (peer_cfg_t *))get_ike_version;
        this->public.get_ike_cfg = (ike_cfg_t* (*) (peer_cfg_t *))get_ike_cfg;
        this->public.add_child_cfg = (void (*) (peer_cfg_t *, child_cfg_t*))add_child_cfg;
        this->public.remove_child_cfg = (void(*)(peer_cfg_t*, enumerator_t*))remove_child_cfg;
index 3c095ef..e6f0db4 100644 (file)
@@ -43,7 +43,7 @@ typedef struct peer_cfg_t peer_cfg_t;
  * requests when using this definition for the other peer. If
  * it is CERT_NEVER_SEND, a certreq is omitted, otherwise its
  * included.
- * 
+ *
  * @warning These definitions must be the same as in pluto/starter,
  * as they are sent over the stroke socket.
  */
@@ -108,7 +108,7 @@ extern enum_name_t *unique_policy_names;
  * Each peer_cfg has two lists of authentication config attached. Local
  * authentication configs define how to authenticate ourself against the remote
  * peer. Each config is enforced using the multiple authentication extension
- * (RFC4739). 
+ * (RFC4739).
  * The remote authentication configs are handled as constraints. The peer has
  * to fullfill each of these rules (using multiple authentication, in any order)
  * to gain access to the configuration.
@@ -117,9 +117,9 @@ struct peer_cfg_t {
        
        /**
         * Get the name of the peer_cfg.
-        * 
+        *
         * Returned object is not getting cloned.
-        * 
+        *
         * @return                              peer_cfg's name
         */
        char* (*get_name) (peer_cfg_t *this);
@@ -133,14 +133,14 @@ struct peer_cfg_t {
        
        /**
         * Get the IKE config to use for initiaton.
-        * 
+        *
         * @return                              the IKE config to use
         */
        ike_cfg_t* (*get_ike_cfg) (peer_cfg_t *this);
        
        /**
         * Attach a CHILD config.
-        * 
+        *
         * @param child_cfg             CHILD config to add
         */
        void (*add_child_cfg) (peer_cfg_t *this, child_cfg_t *child_cfg);
@@ -154,14 +154,14 @@ struct peer_cfg_t {
        
        /**
         * Create an enumerator for all attached CHILD configs.
-        * 
+        *
         * @return                              an enumerator over all CHILD configs.
         */
        enumerator_t* (*create_child_cfg_enumerator) (peer_cfg_t *this);
        
        /**
         * Select a CHILD config from traffic selectors.
-        * 
+        *
         * @param my_ts                 TS for local side
         * @param other_ts              TS for remote side
         * @param my_host               host to narrow down dynamic TS for local side
@@ -232,14 +232,14 @@ struct peer_cfg_t {
        
        /**
         * Use MOBIKE (RFC4555) if peer supports it?
-        * 
+        *
         * @return                      TRUE to enable MOBIKE support
         */
        bool (*use_mobike) (peer_cfg_t *this);
        
        /**
         * Get the DPD check interval.
-        * 
+        *
         * @return                      dpd_delay in seconds
         */
        u_int32_t (*get_dpd) (peer_cfg_t *this);
@@ -266,26 +266,26 @@ struct peer_cfg_t {
 #ifdef ME
        /**
         * Is this a mediation connection?
-        * 
+        *
         * @return                              TRUE, if this is a mediation connection
         */
        bool (*is_mediation) (peer_cfg_t *this);
        
        /**
         * Get peer_cfg of the connection this one is mediated through.
-        * 
+        *
         * @return                              the peer_cfg of the mediation connection
         */
        peer_cfg_t* (*get_mediated_by) (peer_cfg_t *this);
        
        /**
         * Get the id of the other peer at the mediation server.
-        * 
+        *
         * This is the leftid of the peer's connection with the mediation server.
-        * 
+        *
         * If it is not configured, it is assumed to be the same as the right id
-        * of this connection. 
-        * 
+        * of this connection.
+        *
         * @return                              the id of the other peer
         */
        identification_t* (*get_peer_id) (peer_cfg_t *this);
@@ -319,14 +319,14 @@ struct peer_cfg_t {
 
 /**
  * Create a configuration object for IKE_AUTH and later.
- * 
+ *
  * name-string gets cloned, ID's not.
  * Virtual IPs are used if they are != NULL. A %any host means the virtual
  * IP should be obtained from the other peer.
  * Lifetimes are in seconds. To prevent to peers to start rekeying at the
  * same time, a jitter may be specified. Rekeying of an SA starts at
- * (rekeylifetime - random(0, jitter)). 
- * 
+ * (rekeylifetime - random(0, jitter)).
+ *
  * @param name                         name of the peer_cfg
  * @param ike_version          which IKE version we sould use for this peer
  * @param ike_cfg                      IKE config to use when acting as initiator
index 021cb4f..97d7e33 100644 (file)
@@ -92,17 +92,17 @@ struct interface_listener_t {
 
 typedef struct interface_job_t interface_job_t;
 
-/** 
+/**
  * job for asynchronous listen operations
  */
 struct interface_job_t {
-       /** 
-        * job interface 
+       /**
+        * job interface
         */
        job_t public;
        
-       /** 
-        * associated listener 
+       /**
+        * associated listener
         */
        interface_listener_t listener;
 };
@@ -295,7 +295,7 @@ static status_t terminate_ike_execute(interface_job_t *job)
 /**
  * Implementation of controller_t.terminate_ike.
  */
-static status_t terminate_ike(controller_t *this, u_int32_t unique_id, 
+static status_t terminate_ike(controller_t *this, u_int32_t unique_id,
                                                          controller_cb_t callback, void *param)
 {
        ike_sa_t *ike_sa;
@@ -357,7 +357,7 @@ static status_t terminate_child_execute(interface_job_t *job)
 /**
  * Implementation of controller_t.terminate_child.
  */
-static status_t terminate_child(controller_t *this, u_int32_t reqid, 
+static status_t terminate_child(controller_t *this, u_int32_t reqid,
                                                                controller_cb_t callback, void *param)
 {
        ike_sa_t *ike_sa;
@@ -382,7 +382,7 @@ static status_t terminate_child(controller_t *this, u_int32_t reqid,
        };
        
        ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
-                                                                                                       reqid, TRUE);                                                   
+                                                                                                       reqid, TRUE);
        if (ike_sa == NULL)
        {
                DBG1(DBG_IKE, "unable to terminate, CHILD_SA with ID %d not found",
index cf2b1c7..26858af 100644 (file)
@@ -1,4 +1,4 @@
-/* 
+/*
  * Copyright (C) 2006-2009 Tobias Brunner
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2006 Daniel Roethlisberger
@@ -120,8 +120,8 @@ static void run(private_daemon_t *this)
        
        /* handle SIGINT, SIGHUP ans SIGTERM in this handler */
        sigemptyset(&set);
-       sigaddset(&set, SIGINT); 
-       sigaddset(&set, SIGHUP); 
+       sigaddset(&set, SIGINT);
+       sigaddset(&set, SIGHUP);
        sigaddset(&set, SIGTERM);
        
        while (TRUE)
@@ -251,11 +251,11 @@ static void drop_capabilities(private_daemon_t *this)
 
        if (setgid(charon->gid) != 0)
        {
-               kill_daemon(this, "change to unprivileged group failed");       
+               kill_daemon(this, "change to unprivileged group failed");
        }
        if (setuid(charon->uid) != 0)
        {
-               kill_daemon(this, "change to unprivileged user failed");        
+               kill_daemon(this, "change to unprivileged user failed");
        }
        
 #ifdef CAPABILITIES
@@ -279,7 +279,7 @@ static void keep_cap(private_daemon_t *this, u_int cap)
 }
 
 /**
- * lookup UID and GID 
+ * lookup UID and GID
  */
 static void lookup_uid_gid(private_daemon_t *this)
 {
@@ -491,7 +491,7 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
        this->public.traps = trap_manager_create();
        
        /* load plugins, further infrastructure may need it */
-       if (!lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, 
+       if (!lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR,
                        lib->settings->get_str(lib->settings, "charon.load", PLUGINS)))
        {
                return FALSE;
@@ -543,7 +543,7 @@ static void segv_handler(int signal)
  * Create the daemon.
  */
 private_daemon_t *daemon_create(void)
-{      
+{
        struct sigaction action;
        private_daemon_t *this = malloc_thing(private_daemon_t);
                
@@ -607,7 +607,7 @@ private_daemon_t *daemon_create(void)
 }
 
 /**
- * Check/create PID file, return TRUE if already running 
+ * Check/create PID file, return TRUE if already running
  */
 static bool check_pidfile()
 {
index 023bae4..430654c 100644 (file)
@@ -21,7 +21,7 @@
  *
  * @defgroup bus bus
  * @ingroup charon
- * 
+ *
  * @defgroup listeners listeners
  * @ingroup bus
  *
  * from the processor. Work is delegated to the processor by queueing jobs
  * to it.
    @verbatim
-   
+
       +---------------------------------+       +----------------------------+
       |           controller            |       |          config            |
-      +---------------------------------+       +----------------------------+  
-               |      |      |                           ^     ^    ^           
-               V      V      V                           |     |    |           
-                                                                                
+      +---------------------------------+       +----------------------------+
+               |      |      |                           ^     ^    ^
+               V      V      V                           |     |    |
+
        +----------+  +-----------+   +------+            +----------+    +----+
        | receiver |  |           |   |      |  +------+  | CHILD_SA |    | K  |
        +---+------+  | Scheduler |   | IKE- |  | IKE- |--+----------+    | e  |
     +------+---+     +-----------+   | ager |  +------+  +----------+    | l  |
            |         |           |   |      |  | IKE- |--| CHILD_SA |    | -  |
        +---+------+  | Processor |---|      |--| SA   |  +----------+    | I  |
-       |  sender  |  |           |   |      |  +------+                  | f  |    
+       |  sender  |  |           |   |      |  +------+                  | f  |
        +----------+  +-----------+   +------+                            +----+
-                                                                                
-               |      |      |                        |      |      |           
-               V      V      V                        V      V      V           
-      +---------------------------------+       +----------------------------+  
-      |               Bus               |       |         credentials        |  
-      +---------------------------------+       +----------------------------+                                                              
+
+               |      |      |                        |      |      |
+               V      V      V                        V      V      V
+      +---------------------------------+       +----------------------------+
+      |               Bus               |       |         credentials        |
+      +---------------------------------+       +----------------------------+
 
    @endverbatim
- * The scheduler is responsible to execute timed events. Jobs may be queued to 
- * the scheduler to get executed at a defined time (e.g. rekeying). The 
+ * The scheduler is responsible to execute timed events. Jobs may be queued to
+ * the scheduler to get executed at a defined time (e.g. rekeying). The
  * scheduler does not execute the jobs itself, it queues them to the processor.
- * 
- * The IKE_SA manager managers all IKE_SA. It further handles the 
+ *
+ * The IKE_SA manager managers all IKE_SA. It further handles the
  * synchronization:
- * Each IKE_SA must be checked out strictly and checked in again after use. The 
- * manager guarantees that only one thread may check out a single IKE_SA. This 
+ * Each IKE_SA must be checked out strictly and checked in again after use. The
+ * manager guarantees that only one thread may check out a single IKE_SA. This
  * allows us to write the (complex) IKE_SAs routines non-threadsave.
- * The IKE_SA contain the state and the logic of each IKE_SA and handle the 
+ * The IKE_SA contain the state and the logic of each IKE_SA and handle the
  * messages.
- * 
+ *
  * The CHILD_SA contains state about a IPsec security association and manages
- * them. An IKE_SA may have multiple CHILD_SAs. Communication to the kernel 
+ * them. An IKE_SA may have multiple CHILD_SAs. Communication to the kernel
  * takes place here through the kernel interface.
- * 
+ *
  * The kernel interface installs IPsec security associations, policies, routes
- * and virtual addresses. It further provides methods to enumerate interfaces 
+ * and virtual addresses. It further provides methods to enumerate interfaces
  * and may notify the daemon about state changes at lower layers.
- * 
- * The bus receives signals from the different threads and relais them to interested 
- * listeners. Debugging signals, but also important state changes or error 
- * messages are sent over the bus. 
- * It's listeners are not only for logging, but also to track the state of an
+ *
+ * The bus receives signals from the different threads and relays them to
+ * interested listeners. Debugging signals, but also important state changes or
+ * error messages are sent over the bus.
+ * Its listeners are not only for logging, but also to track the state of an
  * IKE_SA.
  *
- * The controller, credential_manager, bus and backend_manager (config) are 
+ * The controller, credential_manager, bus and backend_manager (config) are
  * places where a plugin ca register itself to privide information or observe
  * and control the daemon.
  */
@@ -307,7 +307,7 @@ struct daemon_t {
         */
        gid_t gid;
        
-       /** 
+       /**
         * The thread_id of main-thread.
         */
        pthread_t main_thread_id;
@@ -323,7 +323,7 @@ struct daemon_t {
        
        /**
         * Shut down the daemon.
-        * 
+        *
         * @param reason                describtion why it will be killed
         */
        void (*kill) (daemon_t *this, char *reason);
index 7c6fdb4..ff82a57 100644 (file)
@@ -47,7 +47,7 @@ typedef struct payload_rule_t payload_rule_t;
 
 /**
  * A payload rule defines the rules for a payload
- * in a specific message rule. It defines if and how 
+ * in a specific message rule. It defines if and how
  * many times a payload must/can occur in a message
  * and if it must be encrypted.
  */
@@ -74,7 +74,7 @@ struct payload_rule_t {
         
         /**
          * If this payload occurs, the message rule is
-         * fullfilled in any case. This applies e.g. to 
+         * fullfilled in any case. This applies e.g. to
          * notify_payloads.
          */
         bool sufficient;
@@ -88,11 +88,11 @@ typedef struct payload_order_t payload_order_t;
 struct payload_order_t {
 
        /**
-        * payload type 
+        * payload type
         */
        payload_type_t type;
        
-       /** 
+       /**
         * notify type, if payload == NOTIFY
         */
        notify_type_t notify;
@@ -516,7 +516,7 @@ static message_rule_t message_rules[] = {
                (sizeof(me_connect_r_payload_order)/sizeof(payload_order_t)),
                me_connect_r_payload_order,
        },
-#endif /* ME */        
+#endif /* ME */
 };
 
 
@@ -791,7 +791,7 @@ static void add_payload(private_message_t *this, payload_t *payload)
 /**
  * Implementation of message_t.add_notify.
  */
-static void add_notify(private_message_t *this, bool flush, notify_type_t type, 
+static void add_notify(private_message_t *this, bool flush, notify_type_t type,
                                           chunk_t data)
 {
        notify_payload_t *notify;
@@ -799,7 +799,7 @@ static void add_notify(private_message_t *this, bool flush, notify_type_t type,
        
        if (flush)
        {
-               while (this->payloads->remove_last(this->payloads, 
+               while (this->payloads->remove_last(this->payloads,
                                                                                                (void**)&payload) == SUCCESS)
                {
                        payload->destroy(payload);
@@ -912,7 +912,7 @@ static char* get_string(private_message_t *this, char *buf, int len)
        len--;
        
        written = snprintf(pos, len, "%N %s %d [",
-                                          exchange_type_names, this->exchange_type, 
+                                          exchange_type_names, this->exchange_type,
                                           this->is_request ? "request" : "response",
                                           this->message_id);
        if (written >= len || written < 0)
@@ -992,7 +992,7 @@ static void order_payloads(private_message_t *this)
                                        list->remove_at(list, enumerator);
                                        add_payload(this, payload);
                                }
-                       } 
+                       }
                }
                enumerator->destroy(enumerator);
        }
@@ -1056,7 +1056,7 @@ static status_t encrypt_payloads(private_message_t *this,
                
                status = get_payload_rule(this,
                                        current_payload->get_type(current_payload),&payload_rule);
-               /* for payload types which are not found in supported payload list, 
+               /* for payload types which are not found in supported payload list,
                 * it is presumed that they don't have to be encrypted */
                if ((status == SUCCESS) && (payload_rule->encrypted))
                {
@@ -1119,7 +1119,7 @@ static status_t generate(private_message_t *this, crypter_t *crypter,
        }
        
        if (this->packet->get_source(this->packet) == NULL ||
-               this->packet->get_destination(this->packet) == NULL) 
+               this->packet->get_destination(this->packet) == NULL)
        {
                DBG1(DBG_ENC, "%s not defined",
                         !this->packet->get_source(this->packet) ? "source" : "destination");
@@ -1391,7 +1391,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
                        }
                        
                        /* encryption payload is processed, payloads are moved. Destroy it. */
-                       encryption_payload->destroy(encryption_payload);        
+                       encryption_payload->destroy(encryption_payload);
                }
 
                /* we allow unknown payloads of any type and don't bother if it was encrypted. Not our problem. */
@@ -1465,7 +1465,7 @@ static status_t verify(private_message_t *this)
                                        DBG1(DBG_ENC, "%N is not supported, but its critical!",
                                                 payload_type_names, current_payload_type);
                                        enumerator->destroy(enumerator);
-                                       return NOT_SUPPORTED;   
+                                       return NOT_SUPPORTED;
                                }
                        }
                        else if (current_payload_type == rule->payload_type)
@@ -1475,7 +1475,7 @@ static status_t verify(private_message_t *this)
                                DBG2(DBG_ENC, "found payload of type %N", payload_type_names,
                                         rule->payload_type);
                                
-                               /* as soon as ohe payload occures more then specified, 
+                               /* as soon as ohe payload occures more then specified,
                                 * the verification fails */
                                if (found_payloads >
                                        rule->max_occurence)
@@ -1502,7 +1502,7 @@ static status_t verify(private_message_t *this)
                        this->payloads->get_count(this->payloads) == total_found_payloads)
                {
                        enumerator->destroy(enumerator);
-                       return SUCCESS; 
+                       return SUCCESS;
                }
                enumerator->destroy(enumerator);
        }
@@ -1518,7 +1518,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
        payload_type_t current_payload_type;
        char str[256];
                
-       current_payload_type = this->first_payload;     
+       current_payload_type = this->first_payload;
                
        DBG2(DBG_ENC, "parsing body of message, first payload is %N",
                 payload_type_names, current_payload_type);
@@ -1528,7 +1528,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
        {
                payload_t *current_payload;
                
-               DBG2(DBG_ENC, "starting parsing a %N payload", 
+               DBG2(DBG_ENC, "starting parsing a %N payload",
                         payload_type_names, current_payload_type);
                
                /* parse current payload */
@@ -1652,7 +1652,7 @@ message_t *message_create_from_packet(packet_t *packet)
        /* private values */
        if (packet == NULL)
        {
-               packet = packet_create();       
+               packet = packet_create();
        }
        this->message_rule = NULL;
        this->packet = packet;
index d27bfb8..614919f 100644 (file)
@@ -27,7 +27,6 @@ typedef struct private_ike_header_t private_ike_header_t;
 
 /**
  * Private data of an ike_header_t object.
- * 
  */
 struct private_ike_header_t {
        /**
@@ -56,19 +55,18 @@ struct private_ike_header_t {
 
        /**
         * IKE minor version.
-        */     
+        */
        u_int8_t  min_version;
 
        /**
         * Exchange type .
-        */     
+        */
        u_int8_t  exchange_type;
        
        /**
         * Flags of the Message.
-        * 
         */
-       struct { 
+       struct {
                /**
                 * Sender is initiator of the associated IKE_SA_INIT-Exchange.
                 */
@@ -93,7 +91,7 @@ struct private_ike_header_t {
        /**
         * Length of the whole IKEv2-Message (header and all payloads).
         */
-       u_int32_t length;       
+       u_int32_t length;
 };
 
 ENUM_BEGIN(exchange_type_names, EXCHANGE_TYPE_UNDEFINED, EXCHANGE_TYPE_UNDEFINED,
@@ -114,9 +112,8 @@ ENUM_END(exchange_type_names, INFORMATIONAL);
 /**
  * Encoding rules to parse or generate a IKEv2-Header.
  * 
- * The defined offsets are the positions in a object of type 
+ * The defined offsets are the positions in a object of type
  * ike_header_t.
- * 
  */
 encoding_rule_t ike_header_encodings[] = {
        /* 8 Byte SPI, stored in the field initiator_spi */
@@ -132,10 +129,10 @@ encoding_rule_t ike_header_encodings[] = {
        /* 8 Bit for the exchange type */
        { U_INT_8,              offsetof(private_ike_header_t, exchange_type)   },
        /* 2 Bit reserved bits, nowhere stored */
-       { RESERVED_BIT, 0                                                                               }, 
-       { RESERVED_BIT, 0                                                                               }, 
+       { RESERVED_BIT, 0                                                                               },
+       { RESERVED_BIT, 0                                                                               },
        /* 3 Bit flags, stored in the fields response, version and initiator */
-       { FLAG,                 offsetof(private_ike_header_t, flags.response)  },      
+       { FLAG,                 offsetof(private_ike_header_t, flags.response)  },
        { FLAG,                 offsetof(private_ike_header_t, flags.version)   },
        { FLAG,                 offsetof(private_ike_header_t, flags.initiator) },
        /* 3 Bit reserved bits, nowhere stored */
@@ -212,7 +209,7 @@ static void set_next_type(payload_t *this,payload_type_t type)
  */
 static u_int64_t get_initiator_spi(private_ike_header_t *this)
 {
-       return this->initiator_spi;     
+       return this->initiator_spi;
 }
 
 /**
@@ -228,7 +225,7 @@ static void set_initiator_spi(private_ike_header_t *this, u_int64_t initiator_sp
  */
 static u_int64_t get_responder_spi(private_ike_header_t *this)
 {
-       return this->responder_spi;     
+       return this->responder_spi;
 }
 
 /**
@@ -244,7 +241,7 @@ static void set_responder_spi(private_ike_header_t *this, u_int64_t responder_sp
  */
 static u_int8_t get_maj_version(private_ike_header_t *this)
 {
-       return this->maj_version;       
+       return this->maj_version;
 }
 
 /**
@@ -252,7 +249,7 @@ static u_int8_t get_maj_version(private_ike_header_t *this)
  */
 static u_int8_t get_min_version(private_ike_header_t *this)
 {
-       return this->min_version;       
+       return this->min_version;
 }
 
 /**
@@ -260,7 +257,7 @@ static u_int8_t get_min_version(private_ike_header_t *this)
  */
 static bool get_response_flag(private_ike_header_t *this)
 {
-       return this->flags.response;    
+       return this->flags.response;
 }
 
 /**
@@ -268,7 +265,7 @@ static bool get_response_flag(private_ike_header_t *this)
  */
 static void set_response_flag(private_ike_header_t *this, bool response)
 {
-       this->flags.response = response;        
+       this->flags.response = response;
 }
 
 /**
@@ -276,7 +273,7 @@ static void set_response_flag(private_ike_header_t *this, bool response)
  */
 static bool get_version_flag(private_ike_header_t *this)
 {
-       return this->flags.version;     
+       return this->flags.version;
 }
 
 /**
@@ -284,7 +281,7 @@ static bool get_version_flag(private_ike_header_t *this)
  */
 static bool get_initiator_flag(private_ike_header_t *this)
 {
-       return this->flags.initiator;   
+       return this->flags.initiator;
 }
 
 /**
@@ -292,7 +289,7 @@ static bool get_initiator_flag(private_ike_header_t *this)
  */
 static void set_initiator_flag(private_ike_header_t *this, bool initiator)
 {
-       this->flags.initiator = initiator;      
+       this->flags.initiator = initiator;
 }
 
 /**
@@ -300,7 +297,7 @@ static void set_initiator_flag(private_ike_header_t *this, bool initiator)
  */
 static u_int8_t get_exchange_type(private_ike_header_t *this)
 {
-       return this->exchange_type;     
+       return this->exchange_type;
 }
 
 /**
@@ -308,7 +305,7 @@ static u_int8_t get_exchange_type(private_ike_header_t *this)
  */
 static void set_exchange_type(private_ike_header_t *this, u_int8_t exchange_type)
 {
-       this->exchange_type = exchange_type;    
+       this->exchange_type = exchange_type;
 }
 
 /**
@@ -317,7 +314,7 @@ static void set_exchange_type(private_ike_header_t *this, u_int8_t exchange_type
  */
 static u_int32_t get_message_id(private_ike_header_t *this)
 {
-       return this->message_id;        
+       return this->message_id;
 }
 
 /**
index 8de316d..4514c23 100644 (file)
@@ -94,11 +94,11 @@ enum exchange_type_t{
 extern enum_name_t *exchange_type_names;
 
 /**
- * An object of this type represents an IKEv2 header and is used to 
+ * An object of this type represents an IKEv2 header and is used to
  * generate and parse IKEv2 headers.
- * 
- * The header format of an IKEv2-Message is compatible to the 
- * ISAKMP-Header format to allow implementations supporting 
+ *
+ * The header format of an IKEv2-Message is compatible to the
+ * ISAKMP-Header format to allow implementations supporting
  * both versions of the IKE-protocol.
  */
 struct ike_header_t {
@@ -160,7 +160,6 @@ struct ike_header_t {
         * Set the response flag-
         *
         * @param response              response flag
-        * 
         */
        void (*set_response_flag) (ike_header_t *this, bool response);
        /**
@@ -220,7 +219,7 @@ struct ike_header_t {
 
 /**
  * Create an ike_header_t object
- * 
+ *
  * @return ike_header_t object
  */
 ike_header_t *ike_header_create(void);
index 78f5b7b..95e702f 100644 (file)
@@ -33,7 +33,7 @@ typedef struct payload_t payload_t;
 /**
  * Payload-Types of a IKEv2-Message.
  *
- * Header and substructures are also defined as 
+ * Header and substructures are also defined as
  * payload types with values from PRIVATE USE space.
  */
 enum payload_type_t{
@@ -126,63 +126,63 @@ enum payload_type_t{
 #ifdef ME
        /**
         * Identification payload for peers has a value from
-        * the PRIVATE USE space. 
+        * the PRIVATE USE space.
         */
        ID_PEER = 128,
 #endif /* ME */
        
        /**
         * Header has a value of PRIVATE USE space.
-        * 
-        * This payload type is not sent over wire and just 
+        *
+        * This payload type is not sent over wire and just
         * used internally to handle IKEv2-Header like a payload.
         */
        HEADER = 140,
        
        /**
         * PROPOSAL_SUBSTRUCTURE has a value of PRIVATE USE space.
-        * 
-        * This payload type is not sent over wire and just 
+        *
+        * This payload type is not sent over wire and just
         * used internally to handle a proposal substructure like a payload.
         */
        PROPOSAL_SUBSTRUCTURE = 141,
 
        /**
         * TRANSFORM_SUBSTRUCTURE has a value of PRIVATE USE space.
-        * 
-        * This payload type is not sent over wire and just 
+        *
+        * This payload type is not sent over wire and just
         * used internally to handle a transform substructure like a payload.
         */
        TRANSFORM_SUBSTRUCTURE = 142,
        
        /**
         * TRANSFORM_ATTRIBUTE has a value of PRIVATE USE space.
-        * 
-        * This payload type is not sent over wire and just 
+        *
+        * This payload type is not sent over wire and just
         * used internally to handle a transform attribute like a payload.
         */
        TRANSFORM_ATTRIBUTE = 143,
 
        /**
         * TRAFFIC_SELECTOR_SUBSTRUCTURE has a value of PRIVATE USE space.
-        * 
-        * This payload type is not sent over wire and just 
+        *
+        * This payload type is not sent over wire and just
         * used internally to handle a transform selector like a payload.
-        */     
+        */
        TRAFFIC_SELECTOR_SUBSTRUCTURE = 144,
        
        /**
         * CONFIGURATION_ATTRIBUTE has a value of PRIVATE USE space.
-        * 
-        * This payload type is not sent over wire and just 
+        *
+        * This payload type is not sent over wire and just
         * used internally to handle a transform attribute like a payload.
         */
        CONFIGURATION_ATTRIBUTE = 145,
        
        /**
         * A unknown payload has a value of PRIVATE USE space.
-        * 
-        * This payload type is not sent over wire and just 
+        *
+        * This payload type is not sent over wire and just
         * used internally to handle a unknown payload.
         */
        UNKNOWN_PAYLOAD = 146,
@@ -201,7 +201,7 @@ extern enum_name_t *payload_type_short_names;
 
 /**
  * Generic interface for all payload types (incl.header and substructures).
- * 
+ *
  * To handle all kinds of payloads on a generic way, this interface must
  * be implemented by every payload. This allows parser_t/generator_t a simple
  * handling of all payloads.
@@ -259,11 +259,11 @@ struct payload_t {
 
 /**
  * Create an empty payload.
- * 
+ *
  * Useful for the parser, who wants a generic constructor for all payloads.
- * It supports all payload_t methods. If a payload type is not known, 
+ * It supports all payload_t methods. If a payload type is not known,
  * an unknwon_paylod is created with the chunk of data in it.
- * 
+ *
  * @param type         type of the payload to create
  * @return                     payload_t object
  */
index e5c1471..4404f70 100644 (file)
@@ -236,7 +236,7 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg
                                                         msg->add_conn.me.address,
                                                         msg->add_conn.other.address);
        add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, NULL);
-       return ike_cfg;                                  
+       return ike_cfg;
 }
 
 /**
@@ -380,7 +380,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
                        {
                                this->ca->check_for_hash_and_url(this->ca, certificate);
                        }
-                       cfg->add(cfg, AUTH_RULE_SUBJECT_CERT, certificate); 
+                       cfg->add(cfg, AUTH_RULE_SUBJECT_CERT, certificate);
                        if (identity->get_type(identity) == ID_ANY ||
                                !certificate->has_subject(certificate, identity))
                        {
@@ -533,8 +533,8 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
 #ifdef ME
        if (msg->add_conn.ikeme.mediation && msg->add_conn.ikeme.mediated_by)
        {
-               DBG1(DBG_CFG, "a mediation connection cannot be a"
-                               " mediated connection at the same time, aborting");
+               DBG1(DBG_CFG, "a mediation connection cannot be a mediated connection "
+                        "at the same time, aborting");
                return NULL;
        }
        
@@ -547,19 +547,18 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
        if (msg->add_conn.ikeme.mediated_by)
        {
                mediated_by = charon->backends->get_peer_cfg_by_name(charon->backends,
-                                                                                               msg->add_conn.ikeme.mediated_by);
+                                                                                       msg->add_conn.ikeme.mediated_by);
                if (!mediated_by)
                {
                        DBG1(DBG_CFG, "mediation connection '%s' not found, aborting",
                                 msg->add_conn.ikeme.mediated_by);
                        return NULL;
                }
-               
                if (!mediated_by->is_mediation(mediated_by))
                {
-                       DBG1(DBG_CFG, "connection '%s' as referred to by '%s' is"
-                                "no mediation connection, aborting", 
-                               msg->add_conn.ikeme.mediated_by, msg->add_conn.name);
+                       DBG1(DBG_CFG, "connection '%s' as referred to by '%s' is "
+                                "no mediation connection, aborting",
+                                msg->add_conn.ikeme.mediated_by, msg->add_conn.name);
                        mediated_by->destroy(mediated_by);
                        return NULL;
                }
@@ -583,7 +582,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
        else
        {
                rekey = msg->add_conn.rekey.ike_lifetime - over;
-       }       
+       }
        if (msg->add_conn.me.sourceip_size)
        {
                if (msg->add_conn.me.sourceip)
@@ -639,7 +638,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
         * uses to serve pool addresses. */
        peer_cfg = peer_cfg_create(msg->add_conn.name,
                msg->add_conn.ikev2 ? 2 : 1, ike_cfg,
-               msg->add_conn.me.sendcert, unique, 
+               msg->add_conn.me.sendcert, unique,
                msg->add_conn.rekey.tries, rekey, reauth, jitter, over,
                msg->add_conn.mobike, msg->add_conn.dpd.delay,
                vip, msg->add_conn.other.sourceip_size ?
index 1f0b3e2..2703e57 100644 (file)
@@ -52,7 +52,7 @@ static void execute(private_process_message_job_t *this)
        ike_sa_t *ike_sa;
        
 #ifdef ME
-       /* if this is an unencrypted INFORMATIONAL exchange it is likely a 
+       /* if this is an unencrypted INFORMATIONAL exchange it is likely a
         * connectivity check. */
        if (this->message->get_exchange_type(this->message) == INFORMATIONAL &&
                this->message->get_first_payload_type(this->message) != ENCRYPTED)
index 712c022..e54a331 100644 (file)
@@ -148,7 +148,7 @@ struct private_ike_sa_t {
         */
        chunk_t connect_id;
 #endif /* ME */
-               
+       
        /**
         * Identification used for us
         */
@@ -637,7 +637,7 @@ static void set_state(private_ike_sa_t *this, ike_sa_state_t state)
                                /* schedule rekeying if we have a time which is smaller than
                                 * an already scheduled rekeying */
                                t = this->peer_cfg->get_rekey_time(this->peer_cfg);
-                               if (t && (this->stats[STAT_REKEY] == 0 || 
+                               if (t && (this->stats[STAT_REKEY] == 0 ||
                                        (this->stats[STAT_REKEY] > t + this->stats[STAT_ESTABLISHED])))
                                {
                                        this->stats[STAT_REKEY] = t + this->stats[STAT_ESTABLISHED];
@@ -646,7 +646,7 @@ static void set_state(private_ike_sa_t *this, ike_sa_state_t state)
                                        DBG1(DBG_IKE, "scheduling rekeying in %ds", t);
                                }
                                t = this->peer_cfg->get_reauth_time(this->peer_cfg);
-                               if (t && (this->stats[STAT_REAUTH] == 0 || 
+                               if (t && (this->stats[STAT_REAUTH] == 0 ||
                                        (this->stats[STAT_REAUTH] > t + this->stats[STAT_ESTABLISHED])))
                                {
                                        this->stats[STAT_REAUTH] = t + this->stats[STAT_ESTABLISHED];
@@ -686,7 +686,7 @@ static void set_state(private_ike_sa_t *this, ike_sa_state_t state)
                {
                        /* delete may fail if a packet gets lost, so set a timeout */
                        job_t *job = (job_t*)delete_ike_sa_job_create(this->ike_sa_id, TRUE);
-                       charon->scheduler->schedule_job(charon->scheduler, job, 
+                       charon->scheduler->schedule_job(charon->scheduler, job,
                                                                                        HALF_OPEN_IKE_SA_TIMEOUT);
                        break;
                }
@@ -988,7 +988,7 @@ static chunk_t get_connect_id(private_ike_sa_t *this)
  * Implementation of ike_sa_t.respond
  */
 static status_t respond(private_ike_sa_t *this, identification_t *peer_id,
-               chunk_t connect_id)
+                                               chunk_t connect_id)
 {
        ike_me_t *task = ike_me_create(&this->public, TRUE);
        task->respond(task, peer_id, connect_id);
@@ -1011,7 +1011,8 @@ static status_t callback(private_ike_sa_t *this, identification_t *peer_id)
  * Implementation of ike_sa_t.relay
  */
 static status_t relay(private_ike_sa_t *this, identification_t *requester,
-                       chunk_t connect_id, chunk_t connect_key, linked_list_t *endpoints, bool response)
+                                         chunk_t connect_id, chunk_t connect_key,
+                                         linked_list_t *endpoints, bool response)
 {
        ike_me_t *task = ike_me_create(&this->public, TRUE);
        task->relay(task, requester, connect_id, connect_key, endpoints, response);
@@ -1022,7 +1023,8 @@ static status_t relay(private_ike_sa_t *this, identification_t *requester,
 /**
  * Implementation of ike_sa_t.initiate_mediation
  */
-static status_t initiate_mediation(private_ike_sa_t *this, peer_cfg_t *mediated_cfg)
+static status_t initiate_mediation(private_ike_sa_t *this,
+                                                                  peer_cfg_t *mediated_cfg)
 {
        ike_me_t *task = ike_me_create(&this->public, TRUE);
        task->connect(task, mediated_cfg->get_peer_id(mediated_cfg));
@@ -1033,14 +1035,13 @@ static status_t initiate_mediation(private_ike_sa_t *this, peer_cfg_t *mediated_
 /**
  * Implementation of ike_sa_t.initiate_mediated
  */
-static status_t initiate_mediated(private_ike_sa_t *this, host_t *me, host_t *other,
-               chunk_t connect_id)
+static status_t initiate_mediated(private_ike_sa_t *this, host_t *me,
+                                                                 host_t *other, chunk_t connect_id)
 {
        set_my_host(this, me->clone(me));
        set_other_host(this, other->clone(other));
        chunk_free(&this->connect_id);
        this->connect_id = chunk_clone(connect_id);
-       
        return this->task_manager->initiate(this->task_manager);
 }
 #endif /* ME */
@@ -1158,8 +1159,8 @@ static status_t initiate(private_ike_sa_t *this,
        {
                if (this->state == IKE_ESTABLISHED)
                {
-                       /* mediation connection is already established, retrigger state change
-                        * to notify bus listeners */
+                       /* mediation connection is already established, retrigger state
+                        * change to notify bus listeners */
                        DBG1(DBG_IKE, "mediation connection is already up");
                        set_state(this, IKE_ESTABLISHED);
                }
@@ -1509,7 +1510,7 @@ static status_t reauth(private_ike_sa_t *this)
                if (this->other_virtual_ip != NULL ||
                        has_condition(this, COND_EAP_AUTHENTICATED)
 #ifdef ME
-                       /* if we are mediation server we too cannot reauth the IKE_SA */
+                       /* as mediation server we too cannot reauth the IKE_SA */
                        || this->is_mediation_server
 #endif /* ME */
                        )
@@ -1545,7 +1546,7 @@ static status_t reestablish(private_ike_sa_t *this)
        bool required = FALSE;
        status_t status = FAILED;
        
-       /* check if we have children to keep up at all*/
+       /* check if we have children to keep up at all */
        iterator = create_child_sa_iterator(this);
        while (iterator->iterate(iterator, (void**)&child_sa))
        {
@@ -1569,7 +1570,7 @@ static status_t reestablish(private_ike_sa_t *this)
        }
        iterator->destroy(iterator);
 #ifdef ME
-       /* we initiate the new IKE_SA of the mediation connection without CHILD_SA */
+       /* mediation connections have no children, keep them up anyway */
        if (this->peer_cfg->is_mediation(this->peer_cfg))
        {
                required = TRUE;
@@ -1720,7 +1721,7 @@ static void set_auth_lifetime(private_ike_sa_t *this, u_int32_t lifetime)
                                        (job_t*)rekey_ike_sa_job_create(this->ike_sa_id, TRUE));
        }
        else if (this->stats[STAT_REAUTH] == 0 ||
-                        this->stats[STAT_REAUTH] > reauth_time) 
+                        this->stats[STAT_REAUTH] > reauth_time)
        {
                this->stats[STAT_REAUTH] = reauth_time;
                DBG1(DBG_IKE, "received AUTH_LIFETIME of %ds, scheduling reauthentication"
@@ -1886,7 +1887,7 @@ static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other)
        }
        
        /* ... and configuration attributes */
-       while (other->attributes->remove_last(other->attributes, 
+       while (other->attributes->remove_last(other->attributes,
                                                                                  (void**)&entry) == SUCCESS)
        {
                this->attributes->insert_first(this->attributes, entry);
@@ -1932,9 +1933,9 @@ static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other)
                this->stats[STAT_DELETE] = this->stats[STAT_REAUTH] + delete;
                DBG1(DBG_IKE, "rescheduling reauthentication in %ds after rekeying, "
                         "lifetime reduced to %ds", reauth, delete);
-               charon->scheduler->schedule_job(charon->scheduler, 
+               charon->scheduler->schedule_job(charon->scheduler,
                                (job_t*)rekey_ike_sa_job_create(this->ike_sa_id, TRUE), reauth);
-               charon->scheduler->schedule_job(charon->scheduler, 
+               charon->scheduler->schedule_job(charon->scheduler,
                                (job_t*)delete_ike_sa_job_create(this->ike_sa_id, TRUE), delete);
        }
        /* we have to initate here, there may be new tasks to handle */
@@ -1953,7 +1954,7 @@ static void destroy(private_ike_sa_t *this)
        set_state(this, IKE_DESTROYING);
        
        /* remove attributes first, as we pass the IKE_SA to the handler */
-       while (this->attributes->remove_last(this->attributes, 
+       while (this->attributes->remove_last(this->attributes,
                                                                                 (void**)&entry) == SUCCESS)
        {
                charon->attributes->release(charon->attributes, entry->handler,
@@ -1992,7 +1993,8 @@ static void destroy(private_ike_sa_t *this)
 #ifdef ME
        if (this->is_mediation_server)
        {
-               charon->mediation_manager->remove(charon->mediation_manager, this->ike_sa_id);
+               charon->mediation_manager->remove(charon->mediation_manager,
+                                                                                 this->ike_sa_id);
        }
        DESTROY_IF(this->server_reflexive_host);
        chunk_free(&this->connect_id);
index 41d7a79..1f216fd 100644 (file)
@@ -164,7 +164,7 @@ enum statistic_t {
                  ¦   SA_CREATED   ¦
                  +----------------+
                          ¦
-    on initiate()--->    ¦   <----- on IKE_SA_INIT received 
+    on initiate()--->    ¦   <----- on IKE_SA_INIT received
                          V
                  +----------------+
                  ¦ SA_CONNECTING  ¦
@@ -246,7 +246,7 @@ struct ike_sa_t {
 
        /**
         * Get the id of the SA.
-        * 
+        *
         * Returned ike_sa_id_t object is not getting cloned!
         *
         * @return                              ike_sa's ike_sa_id_t
@@ -291,28 +291,28 @@ struct ike_sa_t {
        
        /**
         * Get the own host address.
-        * 
+        *
         * @return                              host address
         */
        host_t* (*get_my_host) (ike_sa_t *this);
        
        /**
         * Set the own host address.
-        * 
+        *
         * @param me                    host address
         */
        void (*set_my_host) (ike_sa_t *this, host_t *me);
        
        /**
         * Get the other peers host address.
-        * 
+        *
         * @return                              host address
         */
        host_t* (*get_other_host) (ike_sa_t *this);
        
        /**
         * Set the others host address.
-        * 
+        *
         * @param other                 host address
         */
        void (*set_other_host) (ike_sa_t *this, host_t *other);
@@ -329,28 +329,28 @@ struct ike_sa_t {
        
        /**
         * Get the own identification.
-        * 
+        *
         * @return                              identification
         */
        identification_t* (*get_my_id) (ike_sa_t *this);
        
        /**
         * Set the own identification.
-        * 
+        *
         * @param me                    identification
         */
        void (*set_my_id) (ike_sa_t *this, identification_t *me);
        
        /**
         * Get the other peer's identification.
-        * 
+        *
         * @return                              identification
         */
        identification_t* (*get_other_id) (ike_sa_t *this);
        
        /**
         * Set the other peer's identification.
-        * 
+        *
         * @param other                 identification
         */
        void (*set_other_id) (ike_sa_t *this, identification_t *other);
@@ -359,42 +359,42 @@ struct ike_sa_t {
         * Get the peers EAP identity.
         *
         * The EAP identity is exchanged in a EAP-Identity exchange.
-        * 
+        *
         * @return                              identification, NULL if none set
         */
        identification_t* (*get_eap_identity) (ike_sa_t *this);
        
        /**
         * Set the peer's EAP identity.
-        * 
+        *
         * @param id                    identification
         */
        void (*set_eap_identity) (ike_sa_t *this, identification_t *id);
        
        /**
         * Get the config used to setup this IKE_SA.
-        * 
+        *
         * @return                              ike_config
         */
        ike_cfg_t* (*get_ike_cfg) (ike_sa_t *this);
        
        /**
         * Set the config to setup this IKE_SA.
-        * 
+        *
         * @param config                ike_config to use
         */
        void (*set_ike_cfg) (ike_sa_t *this, ike_cfg_t* config);
 
        /**
         * Get the peer config used by this IKE_SA.
-        * 
+        *
         * @return                              peer_config
         */
        peer_cfg_t* (*get_peer_cfg) (ike_sa_t *this);
        
        /**
         * Set the peer config to use with this IKE_SA.
-        * 
+        *
         * @param config                peer_config to use
         */
        void (*set_peer_cfg) (ike_sa_t *this, peer_cfg_t *config);
@@ -515,91 +515,93 @@ struct ike_sa_t {
        
        /**
         * Get the server reflexive host.
-        * 
+        *
         * @return                              server reflexive host
         */
        host_t* (*get_server_reflexive_host) (ike_sa_t *this);
        
        /**
         * Set the server reflexive host.
-        * 
+        *
         * @param host                  server reflexive host
         */
        void (*set_server_reflexive_host) (ike_sa_t *this, host_t *host);
        
        /**
         * Get the connect ID.
-        * 
+        *
         * @return                              connect ID
         */
        chunk_t (*get_connect_id) (ike_sa_t *this);
        
        /**
         * Initiate the mediation of a mediated connection (i.e. initiate a
-        * ME_CONNECT exchange).
-        * 
-        * @param mediated_cfg          peer_cfg of the mediated connection
-        * @return                              
-        *                                                      - SUCCESS if initialization started
-        *                                                      - DESTROY_ME if initialization failed
+        * ME_CONNECT exchange to a mediation server).
+        *
+        * @param mediated_cfg  peer_cfg of the mediated connection
+        * @return
+        *                                              - SUCCESS if initialization started
+        *                                              - DESTROY_ME if initialization failed
         */
        status_t (*initiate_mediation) (ike_sa_t *this, peer_cfg_t *mediated_cfg);
        
        /**
         * Initiate the mediated connection
-        * 
-        * @param me                            local endpoint (gets cloned)
-        * @param other                         remote endpoint (gets cloned)
-        * @param connect_id            connect ID (gets cloned)
-        * @return                              
-        *                                                      - SUCCESS if initialization started
-        *                                                      - DESTROY_ME if initialization failed
+        *
+        * @param me                    local endpoint (gets cloned)
+        * @param other                 remote endpoint (gets cloned)
+        * @param connect_id    connect ID (gets cloned)
+        * @return
+        *                                              - SUCCESS if initialization started
+        *                                              - DESTROY_ME if initialization failed
         */
        status_t (*initiate_mediated) (ike_sa_t *this, host_t *me, host_t *other,
-                       chunk_t connect_id);
+                                                                  chunk_t connect_id);
        
        /**
-        * Relay data from one peer to another (i.e. initiate a
-        * ME_CONNECT exchange).
+        * Relay data from one peer to another (i.e. initiate a ME_CONNECT exchange
+        * to a peer).
         *
         * Data is cloned.
-        * 
-        * @param requester                     ID of the requesting peer
-        * @param connect_id            data of the ME_CONNECTID payload
-        * @param connect_key           data of the ME_CONNECTKEY payload
-        * @param endpoints                     endpoints
-        * @param response                      TRUE if this is a response
-        * @return                              
-        *                                                      - SUCCESS if relay started
-        *                                                      - DESTROY_ME if relay failed
+        *
+        * @param requester             ID of the requesting peer
+        * @param connect_id    data of the ME_CONNECTID payload
+        * @param connect_key   data of the ME_CONNECTKEY payload
+        * @param endpoints             endpoints
+        * @param response              TRUE if this is a response
+        * @return
+        *                                              - SUCCESS if relay started
+        *                                              - DESTROY_ME if relay failed
         */
-       status_t (*relay) (ike_sa_t *this, identification_t *requester, chunk_t connect_id,
-                       chunk_t connect_key, linked_list_t *endpoints, bool response);
+       status_t (*relay) (ike_sa_t *this, identification_t *requester,
+                                          chunk_t connect_id, chunk_t connect_key,
+                                          linked_list_t *endpoints, bool response);
        
        /**
         * Send a callback to a peer.
-        * 
+        *
         * Data is cloned.
-        * 
-        * @param peer_id                       ID of the other peer
+        *
+        * @param peer_id               ID of the other peer
         * @return
-        *                                                      - SUCCESS if response started
-        *                                                      - DESTROY_ME if response failed
+        *                                              - SUCCESS if response started
+        *                                              - DESTROY_ME if response failed
         */
        status_t (*callback) (ike_sa_t *this, identification_t *peer_id);
        
        /**
         * Respond to a ME_CONNECT request.
-        * 
+        *
         * Data is cloned.
-        * 
-        * @param peer_id                       ID of the other peer
-        * @param connect_id            the connect ID supplied by the initiator
+        *
+        * @param peer_id               ID of the other peer
+        * @param connect_id    the connect ID supplied by the initiator
         * @return
-        *                                                      - SUCCESS if response started
-        *                                                      - DESTROY_ME if response failed
+        *                                              - SUCCESS if response started
+        *                                              - DESTROY_ME if response failed
         */
-       status_t (*respond) (ike_sa_t *this, identification_t *peer_id, chunk_t connect_id);
+       status_t (*respond) (ike_sa_t *this, identification_t *peer_id,
+                                                chunk_t connect_id);
 #endif /* ME */
        
        /**
@@ -608,12 +610,12 @@ struct ike_sa_t {
         * The configs are owned by the IKE_SA after the call. If the initiate
         * is triggered by a packet, traffic selectors of the packet can be added
         * to the CHILD_SA.
-        * 
+        *
         * @param child_cfg             child config to create CHILD from
         * @param reqid                 reqid to use for CHILD_SA, 0 assigne uniquely
         * @param tsi                   source of triggering packet
         * @param tsr                   destination of triggering packet.
-        * @return                              
+        * @return
         *                                              - SUCCESS if initialization started
         *                                              - DESTROY_ME if initialization failed
         */
@@ -623,14 +625,14 @@ struct ike_sa_t {
        
        /**
         * Initiates the deletion of an IKE_SA.
-        * 
+        *
         * Sends a delete message to the remote peer and waits for
         * its response. If the response comes in, or a timeout occurs,
         * the IKE SA gets deleted.
-        * 
+        *
         * @return
         *                                              - SUCCESS if deletion is initialized
-        *                                              - DESTROY_ME, if the IKE_SA is not in 
+        *                                              - DESTROY_ME, if the IKE_SA is not in
         *                                                an established state and can not be
         *                                                deleted (but destroyed).
         */
@@ -653,12 +655,12 @@ struct ike_sa_t {
        /**
         * Processes a incoming IKEv2-Message.
         *
-        * Message processing may fail. If a critical failure occurs, 
-        * process_message() return DESTROY_ME. Then the caller must 
+        * Message processing may fail. If a critical failure occurs,
+        * process_message() return DESTROY_ME. Then the caller must
         * destroy the IKE_SA immediatly, as it is unusable.
-        * 
+        *
         * @param message               message to process
-        * @return                              
+        * @return
         *                                              - SUCCESS
         *                                              - FAILED
         *                                              - DESTROY_ME if this IKE_SA MUST be deleted
@@ -667,13 +669,13 @@ struct ike_sa_t {
        
        /**
         * Generate a IKE message to send it to the peer.
-        * 
+        *
         * This method generates all payloads in the message and encrypts/signs
         * the packet.
-        * 
+        *
         * @param message               message to generate
         * @param packet                generated output packet
-        * @return                              
+        * @return
         *                                              - SUCCESS
         *                                              - FAILED
         *                                              - DESTROY_ME if this IKE_SA MUST be deleted
@@ -683,7 +685,7 @@ struct ike_sa_t {
        
        /**
         * Retransmits a request.
-        * 
+        *
         * @param message_id    ID of the request to retransmit
         * @return
         *                                              - SUCCESS
@@ -697,7 +699,7 @@ struct ike_sa_t {
         * To check if a peer is still alive, periodic
         * empty INFORMATIONAL messages are sent if no
         * other traffic was received.
-        * 
+        *
         * @return
         *                                              - SUCCESS
         *                                              - DESTROY_ME, if peer did not respond
@@ -723,25 +725,25 @@ struct ike_sa_t {
        
        /**
         * Associates a child SA to this IKE SA
-        * 
+        *
         * @param child_sa              child_sa to add
         */
        void (*add_child_sa) (ike_sa_t *this, child_sa_t *child_sa);
        
        /**
         * Get a CHILD_SA identified by protocol and SPI.
-        * 
+        *
         * @param protocol              protocol of the SA
         * @param spi                   SPI of the CHILD_SA
         * @param inbound               TRUE if SPI is inbound, FALSE if outbound
         * @return                              child_sa, or NULL if none found
         */
-       child_sa_t* (*get_child_sa) (ike_sa_t *this, protocol_id_t protocol, 
+       child_sa_t* (*get_child_sa) (ike_sa_t *this, protocol_id_t protocol,
                                                                 u_int32_t spi, bool inbound);
        
        /**
         * Create an iterator over all CHILD_SAs.
-        * 
+        *
         * @return                              iterator
         */
        iterator_t* (*create_child_sa_iterator) (ike_sa_t *this);
index f33fcd6..b3d678b 100644 (file)
@@ -133,7 +133,7 @@ struct private_task_manager_t {
        linked_list_t *passive_tasks;
        
        /**
-        * the task manager has been reset 
+        * the task manager has been reset
         */
        bool reset;
 };
@@ -143,7 +143,7 @@ struct private_task_manager_t {
  */
 static void flush(private_task_manager_t *this)
 {
-       this->queued_tasks->destroy_offset(this->queued_tasks, 
+       this->queued_tasks->destroy_offset(this->queued_tasks,
                                                                                offsetof(task_t, destroy));
        this->passive_tasks->destroy_offset(this->passive_tasks,
                                                                                offsetof(task_t, destroy));
@@ -521,7 +521,7 @@ static status_t process_response(private_task_manager_t *this,
                        this->reset = FALSE;
                        iterator->destroy(iterator);
                        return build_request(this);
-               }       
+               }
        }
        iterator->destroy(iterator);
        
@@ -688,7 +688,7 @@ static status_t process_request(private_task_manager_t *this,
                                this->passive_tasks->insert_last(this->passive_tasks, task);
                                task = (task_t*)ike_cert_pre_create(this->ike_sa, FALSE);
                                this->passive_tasks->insert_last(this->passive_tasks, task);
-#ifdef ME                      
+#ifdef ME
                                task = (task_t*)ike_me_create(this->ike_sa, FALSE);
                                this->passive_tasks->insert_last(this->passive_tasks, task);
 #endif /* ME */
index 2705f58..ce94cd1 100644 (file)
@@ -123,7 +123,7 @@ static void build_payloads(private_ike_init_t *this, message_t *message)
        {
                proposal_list = this->config->get_proposals(this->config);
                if (this->old_sa)
-               {       
+               {
                        /* include SPI of new IKE_SA when we are rekeying */
                        iterator = proposal_list->create_iterator(proposal_list, TRUE);
                        while (iterator->iterate(iterator, (void**)&proposal))
@@ -184,7 +184,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
                                proposal_list = sa_payload->get_proposals(sa_payload);
                                this->proposal = this->config->select_proposal(this->config,
                                                                                                                           proposal_list);
-                               proposal_list->destroy_offset(proposal_list, 
+                               proposal_list->destroy_offset(proposal_list,
                                                                                          offsetof(proposal_t, destroy));
                                break;
                        }
@@ -217,7 +217,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
                                vendor_id_payload_t *vendor_id = (vendor_id_payload_t*)payload;
                                chunk_t vid = vendor_id->get_data(vendor_id);
 
-                               DBG1(DBG_ENC, "received vendor id: %#B", &vid);                                 
+                               DBG1(DBG_ENC, "received vendor id: %#B", &vid);
                        }
                        default:
                                break;
@@ -296,7 +296,7 @@ static status_t build_i(private_ike_init_t *this, message_t *message)
  * Implementation of task_t.process for responder
  */
 static status_t process_r(private_ike_init_t *this, message_t *message)
-{      
+{
        rng_t *rng;
        
        this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
@@ -513,7 +513,7 @@ static status_t process_i(private_ike_init_t *this, message_t *message)
                                                DBG1(DBG_IKE, "received %N notify error",
                                                         notify_type_names, type);
                                                enumerator->destroy(enumerator);
-                                               return FAILED;  
+                                               return FAILED;
                                        }
                                        DBG2(DBG_IKE, "received %N notify",
                                                notify_type_names, type);
index bb18e7b..f3a70c7 100644 (file)
@@ -137,7 +137,7 @@ static notify_payload_t *build_natd_payload(private_ike_natd_t *this,
                                                                                        notify_type_t type, host_t *host)
 {
        chunk_t hash;
-       notify_payload_t *notify;       
+       notify_payload_t *notify;
        ike_sa_id_t *ike_sa_id;
        ike_cfg_t *config;
        
@@ -245,12 +245,12 @@ static void process_payloads(private_ike_natd_t *this, message_t *message)
                this->ike_sa->set_condition(this->ike_sa, COND_NAT_HERE,
                                                                        !this->dst_matched);
                this->ike_sa->set_condition(this->ike_sa, COND_NAT_THERE,
-                                                                       !this->src_matched);    
+                                                                       !this->src_matched);
                config = this->ike_sa->get_ike_cfg(this->ike_sa);
                if (this->dst_matched && this->src_matched &&
                        config->force_encap(config))
                {
-                       this->ike_sa->set_condition(this->ike_sa, COND_NAT_FAKE, TRUE); 
+                       this->ike_sa->set_condition(this->ike_sa, COND_NAT_FAKE, TRUE);
                }
        }
 }
@@ -278,7 +278,7 @@ static status_t process_i(private_ike_natd_t *this, message_t *message)
                
                if (this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY) ||
 #ifdef ME
-                       /* if we are on a mediation connection we swith to port 4500 even
+                       /* if we are on a mediation connection we switch to port 4500 even
                         * if no NAT is detected. */
                        peer_cfg->is_mediation(peer_cfg) ||
 #endif /* ME */
@@ -406,7 +406,7 @@ static status_t build_r(private_ike_natd_t *this, message_t *message)
  * Implementation of task_t.process for responder
  */
 static status_t process_r(private_ike_natd_t *this, message_t *message)
-{      
+{
        process_payloads(this, message);
        
        return NEED_MORE;
index 80f1b7b..3d8b7e2 100644 (file)
@@ -70,7 +70,7 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
        iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa);
        if (iterator->get_count(iterator) == 0
 #ifdef ME
-               /* we allow a peer to reauth a mediation connection (without CHILD_SA) */
+               /* we allow peers to reauth mediation connections (without children) */
                && !peer_cfg->is_mediation(peer_cfg)
 #endif /* ME */
                )
index 3d20145..0e0af07 100644 (file)
@@ -79,7 +79,7 @@ extern enum_name_t *task_type_names;
  *
  * A task is an elemantary operation. It may be handled by a single or by
  * multiple exchanges. An exchange may even complete multiple tasks.
- * A task has a build() and an process() operation. The build() operation 
+ * A task has a build() and an process() operation. The build() operation
  * creates payloads and adds it to the message. The process() operation
  * inspects a message and handles its payloads. An initiator of an exchange
  * first calls build() to build the request, and processes the response message
@@ -97,7 +97,7 @@ struct task_t {
 
        /**
         * Build a request or response message for this task.
-        * 
+        *
         * @param message               message to add payloads to
         * @return
         *                                              - FAILED if a critical error occured
@@ -109,7 +109,7 @@ struct task_t {
 
        /**
         * Process a request or response message for this task.
-        * 
+        *
         * @param message               message to read payloads from
         * @return
         *                                              - FAILED if a critical error occured