Store custom IKE src/dst ports on ike_cfg
authorMartin Willi <martin@revosec.ch>
Mon, 22 Feb 2010 17:11:42 +0000 (18:11 +0100)
committerMartin Willi <martin@revosec.ch>
Fri, 26 Feb 2010 10:44:33 +0000 (11:44 +0100)
src/charon/config/ike_cfg.c
src/charon/config/ike_cfg.h
src/charon/plugins/load_tester/load_tester_config.c
src/charon/plugins/medcli/medcli_config.c
src/charon/plugins/medsrv/medsrv_config.c
src/charon/plugins/nm/nm_service.c
src/charon/plugins/sql/sql_config.c
src/charon/plugins/stroke/stroke_config.c
src/charon/plugins/uci/uci_config.c

index bb0fd87..b486d57 100644 (file)
@@ -49,6 +49,16 @@ struct private_ike_cfg_t {
        char *other;
 
        /**
+        * our source port
+        */
+       u_int16_t my_port;
+
+       /**
+        * destination port
+        */
+       u_int16_t other_port;
+
+       /**
         * should we send a certificate request?
         */
        bool certreq;
@@ -88,6 +98,18 @@ METHOD(ike_cfg_t, get_other_addr, char*,
        return this->other;
 }
 
+METHOD(ike_cfg_t, get_my_port, u_int16_t,
+       private_ike_cfg_t *this)
+{
+       return this->my_port;
+}
+
+METHOD(ike_cfg_t, get_other_port, u_int16_t,
+       private_ike_cfg_t *this)
+{
+       return this->other_port;
+}
+
 METHOD(ike_cfg_t, add_proposal, void,
        private_ike_cfg_t *this, proposal_t *proposal)
 {
@@ -236,7 +258,7 @@ METHOD(ike_cfg_t, destroy, void,
  * Described in header.
  */
 ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
-                                                 char *me, char *other)
+                               char *me, u_int16_t my_port, char *other, u_int16_t other_port)
 {
        private_ike_cfg_t *this;
 
@@ -246,6 +268,8 @@ ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
                        .force_encap = _force_encap_,
                        .get_my_addr = _get_my_addr,
                        .get_other_addr = _get_other_addr,
+                       .get_my_port = _get_my_port,
+                       .get_other_port = _get_other_port,
                        .add_proposal = _add_proposal,
                        .get_proposals = _get_proposals,
                        .select_proposal = _select_proposal,
@@ -259,6 +283,8 @@ ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
                .force_encap = force_encap,
                .me = strdup(me),
                .other = strdup(other),
+               .my_port = my_port,
+               .other_port = other_port,
                .proposals = linked_list_create(),
        );
 
index eaac321..f1edde2 100644 (file)
@@ -53,6 +53,20 @@ struct ike_cfg_t {
        char* (*get_other_addr) (ike_cfg_t *this);
 
        /**
+        * Get the port to use as our source port.
+        *
+        * @return              source address port, host order
+        */
+       u_int16_t (*get_my_port)(ike_cfg_t *this);
+
+       /**
+        * Get the port to use as destination port.
+        *
+        * @return              destination address, host order
+        */
+       u_int16_t (*get_other_port)(ike_cfg_t *this);
+
+       /**
         * Adds a proposal to the list.
         *
         * The first added proposal has the highest priority, the last
@@ -136,10 +150,12 @@ struct ike_cfg_t {
  * @param certreq              TRUE to send a certificate request
  * @param force_encap  enforce UDP encapsulation by faking NATD notify
  * @param me                   address/DNS name of local peer
+ * @param my_port              IKE port to use as source, 500 uses IKEv2 port floating
  * @param other                        address/DNS name of remote peer
+ * @param other_port   IKE port to use as dest, 500 uses IKEv2 port floating
  * @return                             ike_cfg_t object.
  */
 ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
-                                                 char *me, char *other);
+                               char *me, u_int16_t my_port, char *other, u_int16_t other_port);
 
 #endif /** IKE_CFG_H_ @}*/
index 82f408d..bb9eabf 100644 (file)
@@ -189,7 +189,8 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
                }
        };
 
-       ike_cfg = ike_cfg_create(FALSE, FALSE, "0.0.0.0", this->remote);
+       ike_cfg = ike_cfg_create(FALSE, FALSE,
+                                       "0.0.0.0", IKEV2_UDP_PORT, this->remote, IKEV2_UDP_PORT);
        ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal));
        peer_cfg = peer_cfg_create("load-test", 2, ike_cfg,
                                                           CERT_SEND_IF_ASKED, UNIQUE_NO, 1, /* keytries */
index 2e49ebb..e355d55 100644 (file)
@@ -120,7 +120,8 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
                DESTROY_IF(e);
                return NULL;
        }
-       ike_cfg = ike_cfg_create(FALSE, FALSE, "0.0.0.0", address);
+       ike_cfg = ike_cfg_create(FALSE, FALSE,
+                                               "0.0.0.0", IKEV2_UDP_PORT, address, IKEV2_UDP_PORT);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        med_cfg = peer_cfg_create(
                "mediation", 2, ike_cfg,
@@ -395,7 +396,8 @@ medcli_config_t *medcli_config_create(database_t *db)
        this->db = db;
        this->rekey = lib->settings->get_time(lib->settings, "medcli.rekey", 1200);
        this->dpd = lib->settings->get_time(lib->settings, "medcli.dpd", 300);
-       this->ike = ike_cfg_create(FALSE, FALSE, "0.0.0.0", "0.0.0.0");
+       this->ike = ike_cfg_create(FALSE, FALSE,
+                                               "0.0.0.0", IKEV2_UDP_PORT, "0.0.0.0", IKEV2_UDP_PORT);
        this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
 
        schedule_autoinit(this);
index 3df7209..c23955a 100644 (file)
@@ -145,7 +145,8 @@ medsrv_config_t *medsrv_config_create(database_t *db)
        this->db = db;
        this->rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200);
        this->dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300);
-       this->ike = ike_cfg_create(FALSE, FALSE, "0.0.0.0", "0.0.0.0");
+       this->ike = ike_cfg_create(FALSE, FALSE,
+                                               "0.0.0.0", IKEV2_UDP_PORT, "0.0.0.0", IKEV2_UDP_PORT);
        this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
 
        return &this->public;
index b05383c..cdf7dc9 100644 (file)
@@ -423,7 +423,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
        /**
         * Set up configurations
         */
-       ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", (char*)address);
+       ike_cfg = ike_cfg_create(TRUE, encap,
+                                       "0.0.0.0", IKEV2_UDP_PORT, (char*)address, IKEV2_UDP_PORT);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        peer_cfg = peer_cfg_create(priv->name, 2, ike_cfg,
                                        CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
index afee089..2336689 100644 (file)
@@ -182,7 +182,8 @@ static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e,
        {
                ike_cfg_t *ike_cfg;
 
-               ike_cfg = ike_cfg_create(certreq, force_encap, local, remote);
+               ike_cfg = ike_cfg_create(certreq, force_encap,
+                                                                local, IKEV2_UDP_PORT, remote, IKEV2_UDP_PORT);
                /* TODO: read proposal from db */
                ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
                return ike_cfg;
index 0752f3c..bfb3900 100644 (file)
@@ -233,8 +233,8 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg
        }
        ike_cfg = ike_cfg_create(msg->add_conn.other.sendcert != CERT_NEVER_SEND,
                                                         msg->add_conn.force_encap,
-                                                        msg->add_conn.me.address,
-                                                        msg->add_conn.other.address);
+                                                        msg->add_conn.me.address, IKEV2_UDP_PORT,
+                                                        msg->add_conn.other.address, IKEV2_UDP_PORT);
        add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, NULL);
        return ike_cfg;
 }
@@ -697,7 +697,7 @@ static void add_ts(private_stroke_config_t *this,
 
                if (!end->subnets)
                {
-                       net = host_create_from_string(end->address, IKEV2_UDP_PORT);
+                       net = host_create_from_string(end->address, 0);
                        if (net)
                        {
                                ts = traffic_selector_create_from_subnet(net, 0, end->protocol,
@@ -726,7 +726,7 @@ static void add_ts(private_stroke_config_t *this,
                                        intbits = atoi(bits + 1);
                                }
 
-                               net = host_create_from_string(start, IKEV2_UDP_PORT);
+                               net = host_create_from_string(start, 0);
                                if (net)
                                {
                                        ts = traffic_selector_create_from_subnet(net, intbits,
index a6ee970..bd58afb 100644 (file)
@@ -170,7 +170,8 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
                        &ike_proposal, &esp_proposal, &ike_rekey, &esp_rekey))
        {
                DESTROY_IF(this->peer_cfg);
-               ike_cfg = ike_cfg_create(FALSE, FALSE, local_addr, remote_addr);
+               ike_cfg = ike_cfg_create(FALSE, FALSE,
+                                       local_addr, IKEV2_UDP_PORT, remote_addr, IKEV2_UDP_PORT);
                ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE));
                this->peer_cfg = peer_cfg_create(
                                        name, 2, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO,
@@ -268,7 +269,8 @@ static bool ike_enumerator_enumerate(ike_enumerator_t *this, ike_cfg_t **cfg)
                                                           &local_addr, &remote_addr, &ike_proposal))
        {
                DESTROY_IF(this->ike_cfg);
-               this->ike_cfg = ike_cfg_create(FALSE, FALSE, local_addr, remote_addr);
+               this->ike_cfg = ike_cfg_create(FALSE, FALSE, local_addr, IKEV2_UDP_PORT,
+                                                                               remote_addr, IKEV2_UDP_PORT);
                this->ike_cfg->add_proposal(this->ike_cfg,
                                                                        create_proposal(ike_proposal, PROTO_IKE));