starter: Store mode of the IPsec SA/policy in a separate member.
authorTobias Brunner <tobias@strongswan.org>
Tue, 15 May 2012 11:12:45 +0000 (13:12 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 11 Jun 2012 15:33:30 +0000 (17:33 +0200)
src/starter/confread.c
src/starter/confread.h
src/starter/starterstroke.c
src/starter/starterstroke.h

index 9814482..3779649 100644 (file)
@@ -83,8 +83,8 @@ static void default_values(starter_config_t *cfg)
        cfg->conn_default.seen    = SEEN_NONE;
        cfg->conn_default.startup = STARTUP_NO;
        cfg->conn_default.state   = STATE_IGNORE;
-       cfg->conn_default.policy  = POLICY_ENCRYPT | POLICY_TUNNEL | POLICY_PUBKEY |
-                                                               POLICY_PFS | POLICY_MOBIKE;
+       cfg->conn_default.mode    = MODE_TUNNEL;
+       cfg->conn_default.policy  = POLICY_PFS | POLICY_MOBIKE;
 
        cfg->conn_default.ike                   = strdupnull(ike_defaults);
        cfg->conn_default.esp                   = strdupnull(esp_defaults);
@@ -312,7 +312,8 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
                                                                          32 : 128;
                        }
                }
-               conn->policy |= POLICY_TUNNEL;
+               conn->mode = MODE_TUNNEL;
+               conn->proxy_mode = FALSE;
                break;
        case KW_SENDCERT:
                if (end->sendcert == CERT_YES_SEND)
@@ -372,7 +373,8 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
                }
                end->sourceip = strdupnull(value);
                end->has_natip = TRUE;
-               conn->policy |= POLICY_TUNNEL;
+               conn->mode = MODE_TUNNEL;
+               conn->proxy_mode = FALSE;
                break;
        }
        default:
@@ -529,32 +531,30 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg
                switch (token)
                {
                case KW_TYPE:
-                       conn->policy &= ~(POLICY_TUNNEL | POLICY_SHUNT_MASK);
+                       conn->mode = MODE_TRANSPORT;
+                       conn->proxy_mode = FALSE;
                        if (streq(kw->value, "tunnel"))
                        {
-                               conn->policy |= POLICY_TUNNEL;
+                               conn->mode = MODE_TUNNEL;
                        }
                        else if (streq(kw->value, "beet"))
                        {
-                               conn->policy |= POLICY_BEET;
+                               conn->mode = MODE_BEET;
                        }
                        else if (streq(kw->value, "transport_proxy"))
                        {
-                               conn->policy |= POLICY_PROXY;
+                               conn->mode = MODE_TRANSPORT;
+                               conn->proxy_mode = TRUE;
                        }
                        else if (streq(kw->value, "passthrough") || streq(kw->value, "pass"))
                        {
-                               conn->policy |= POLICY_SHUNT_PASS;
+                               conn->mode = MODE_PASS;
                        }
-                       else if (streq(kw->value, "drop"))
+                       else if (streq(kw->value, "drop") || streq(kw->value, "reject"))
                        {
-                               conn->policy |= POLICY_SHUNT_DROP;
+                               conn->mode = MODE_DROP;
                        }
-                       else if (streq(kw->value, "reject"))
-                       {
-                               conn->policy |= POLICY_SHUNT_REJECT;
-                       }
-                       else if (strcmp(kw->value, "transport") != 0)
+                       else if (!streq(kw->value, "transport"))
                        {
                                DBG1(DBG_APP, "# bad policy value: %s=%s", kw->entry->name,
                                         kw->value);
index fecce3f..e9a77d4 100644 (file)
@@ -18,6 +18,7 @@
 
 #include <freeswan.h>
 #include "../pluto/constants.h"
+#include <kernel/kernel_ipsec.h>
 
 #include "ipsec-parser.h"
 
@@ -116,6 +117,8 @@ struct starter_conn {
                char            *aaa_identity;
                char            *xauth_identity;
                char            *authby;
+               ipsec_mode_t    mode;
+               bool            proxy_mode;
                lset_t          policy;
                time_t          sa_ike_life_seconds;
                time_t          sa_ipsec_life_seconds;
index 6cd9b6c..4161630 100644 (file)
@@ -1,4 +1,4 @@
-/* Stroke for charon is the counterpart to whack from pluto
+/*
  * Copyright (C) 2006 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -204,31 +204,8 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
        msg.add_conn.aaa_identity = push_string(&msg, conn->aaa_identity);
        msg.add_conn.xauth_identity = push_string(&msg, conn->xauth_identity);
 
-       if (conn->policy & POLICY_TUNNEL)
-       {
-               msg.add_conn.mode = MODE_TUNNEL;
-       }
-       else if (conn->policy & POLICY_BEET)
-       {
-               msg.add_conn.mode = MODE_BEET;
-       }
-       else if (conn->policy & POLICY_PROXY)
-       {
-               msg.add_conn.mode = MODE_TRANSPORT;
-               msg.add_conn.proxy_mode = TRUE;
-       }
-       else if (conn->policy & POLICY_SHUNT_PASS)
-       {
-               msg.add_conn.mode = MODE_PASS;
-       }
-       else if (conn->policy & (POLICY_SHUNT_DROP | POLICY_SHUNT_REJECT))
-       {
-               msg.add_conn.mode = MODE_DROP;
-       }
-       else
-       {
-               msg.add_conn.mode = MODE_TRANSPORT;
-       }
+       msg.add_conn.mode = conn->mode;
+       msg.add_conn.proxy_mode = conn->proxy_mode;
 
        if (!(conn->policy & POLICY_DONT_REKEY))
        {
index f9b01c9..fd2a3e3 100644 (file)
@@ -1,5 +1,6 @@
-/* Stroke for charon is the counterpart to whack from pluto
- * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
 
 #include "confread.h"
 
-extern int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn);
-extern int starter_stroke_del_conn(starter_conn_t *conn);
-extern int starter_stroke_route_conn(starter_conn_t *conn);
-extern int starter_stroke_initiate_conn(starter_conn_t *conn);
-extern int starter_stroke_add_ca(starter_ca_t *ca);
-extern int starter_stroke_del_ca(starter_ca_t *ca);
-extern int starter_stroke_configure(starter_config_t *cfg);
+int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn);
+int starter_stroke_del_conn(starter_conn_t *conn);
+int starter_stroke_route_conn(starter_conn_t *conn);
+int starter_stroke_initiate_conn(starter_conn_t *conn);
+int starter_stroke_add_ca(starter_ca_t *ca);
+int starter_stroke_del_ca(starter_ca_t *ca);
+int starter_stroke_configure(starter_config_t *cfg);
 
 #endif /* _STARTER_STROKE_H_ */