full support of ikev1 and ikev2 connection flags
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 30 May 2006 11:10:42 +0000 (11:10 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 30 May 2006 11:10:42 +0000 (11:10 -0000)
src/charon/config/connections/local_connection_store.c
src/pluto/connections.c
src/pluto/connections.h
src/pluto/rcv_whack.c
src/starter/starter.c
src/starter/starterwhack.c
src/whack/whack.c
src/whack/whack.h

index 88a83aa..fa3bd55 100644 (file)
@@ -225,21 +225,22 @@ void log_connections(private_local_connection_store_t *this, logger_t *logger, c
                logger = this->logger;
        }
        
-       logger->log(logger, CONTROL, "templates:");
+       logger->log(logger, CONTROL, "Templates:");
        
        pthread_mutex_lock(&(this->mutex));
        iterator = this->connections->create_iterator(this->connections, TRUE);
        while (iterator->has_next(iterator))
        {
                iterator->current(iterator, (void**)&current);
-               if (!name || strcmp(name, current->get_name(current)) == 0)
+               if (current->is_ikev2(current) && ( name == NULL || streq(name, current->get_name(current))))
                {
-                       host_t *my_host, *other_host;
-                       my_host = current->get_my_host(current);
-                       other_host = current->get_other_host(current);
+                       host_t *my_host = current->get_my_host(current);
+                       host_t *other_host = current->get_other_host(current);
+
                        logger->log(logger, CONTROL, "  \"%s\": %s...%s",
                                                current->get_name(current),
-                                               my_host->get_address(my_host), other_host->get_address(other_host));
+                                               my_host->get_address(my_host),
+                                               other_host->get_address(other_host));
                }
        }
        iterator->destroy(iterator);
index f672e92..e05a1d0 100644 (file)
@@ -350,7 +350,7 @@ delete_connection(struct connection *c, bool relations)
     free_ietfAttrList(c->spd.that.groups);
     free_generalNames(c->requested_ca, TRUE);
     gw_delref(&c->gw_info);
-    
+
     lock_certs_and_keys("delete_connection");
     release_cert(c->spd.this.cert);
     scx_release(c->spd.this.sc);
@@ -360,7 +360,7 @@ delete_connection(struct connection *c, bool relations)
 
     alg_info_delref((struct alg_info **)&c->alg_info_esp);
     alg_info_delref((struct alg_info **)&c->alg_info_ike);
-    
+
     pfree(c);
 }
 
@@ -978,8 +978,8 @@ add_connection(const whack_message_t *wm)
        bool same_rightca, same_leftca;
        struct connection *c = alloc_thing(struct connection, "struct connection");
 
-       c->name = wm->name;
-
+       c->name   = wm->name;
+       c->ikev1  = wm->ikev1;
        c->policy = wm->policy;
 
        if ((c->policy & POLICY_COMPRESS) && !can_do_IPcomp)
@@ -1138,7 +1138,9 @@ add_connection(const whack_message_t *wm)
 
        unshare_connection_strings(c);
        (void)orient(c);
-       connect_to_host_pair(c);
+
+       if (c->ikev1)
+           connect_to_host_pair(c);
 
        /* log all about this connection */
        plog("added connection description \"%s\"", c->name);
@@ -1824,7 +1826,7 @@ initiate_connection(const char *name, int whackfd)
 {
     struct connection *c = con_by_name(name, TRUE);
 
-    if (c != NULL)
+    if (c != NULL && c->ikev1)
     {
        set_cur_connection(c);
        if (!oriented(*c))
@@ -2983,11 +2985,15 @@ terminate_connection(const char *nm)
     /* Loop because more than one may match (master and instances)
      * But at least one is required (enforced by con_by_name).
      */
-    struct connection *c, *n;
+    struct connection *c = con_by_name(nm, TRUE);
 
-    for (c = con_by_name(nm, TRUE); c != NULL; c = n)
+    if (c == NULL || !c->ikev1)
+       return;
+
+    do
     {
-       n = c->ac_next; /* grab this before c might disappear */
+       struct connection *n = c->ac_next;  /* grab this before c might disappear */
+
        if (streq(c->name, nm)
        && c->kind >= CK_PERMANENT
        && !NEVER_NEGOTIATE(c->policy))
@@ -2999,7 +3005,8 @@ terminate_connection(const char *nm)
            delete_states_by_connection(c, FALSE);
            reset_cur_connection();
        }
-    }
+       c = n;
+    } while (c != NULL);
 }
 
 /* check nexthop safety
@@ -4006,7 +4013,7 @@ show_connections_status(bool all, const char *name)
     count = 0;
     for (c = connections; c != NULL; c = c->ac_next)
     {
-       if (name == NULL || streq(c->name, name))
+       if (c->ikev1 && (name == NULL || streq(c->name, name)))
            count++;
     }
     array = alloc_bytes(sizeof(struct connection *)*count, "connection array");
@@ -4014,7 +4021,7 @@ show_connections_status(bool all, const char *name)
     count=0;
     for (c = connections; c != NULL; c = c->ac_next)
     {
-       if (name == NULL || streq(c->name, name))
+       if (c->ikev1 && (name == NULL || streq(c->name, name)))
            array[count++]=c;
     }
 
index 6dfddbe..fd7abaa 100644 (file)
@@ -172,6 +172,8 @@ struct spd_route {
 
 struct connection {
     char *name;
+    bool ikev1;
+
     lset_t policy;
     time_t sa_ike_life_seconds;
     time_t sa_ipsec_life_seconds;
index 99c3777..4bc8bca 100644 (file)
@@ -569,7 +569,7 @@ whack_handle(int whackctlfd)
        {
            struct connection *c = con_by_name(msg.name, TRUE);
 
-           if (c != NULL)
+           if (c != NULL && c->ikev1)
            {
                set_cur_connection(c);
                if (!oriented(*c))
@@ -595,7 +595,7 @@ whack_handle(int whackctlfd)
        {
            struct connection *c = con_by_name(msg.name, TRUE);
 
-           if (c != NULL)
+           if (c != NULL && c->ikev1)
            {
                struct spd_route *sr;
                int fail = 0;
index 4b49d15..069b219 100644 (file)
@@ -568,13 +568,15 @@ int main (int argc, char **argv)
 
                    if (conn->startup == STARTUP_START)
                    {
-                       if (starter_charon_pid())
+                       if (conn->keyexchange == KEY_EXCHANGE_IKEV2)
                        {
-                           starter_stroke_initiate_conn(conn);
+                           if (starter_charon_pid())
+                           {
+                               starter_stroke_initiate_conn(conn);
+                           }
                        }
-                       if (conn->keyexchange != KEY_EXCHANGE_IKEV2)
+                       else
                        {
-                           /* currently not initiated, until pluto handles the keyexchange flag */
                            if (starter_pluto_pid())
                            {
                                starter_whack_initiate_conn(conn);
@@ -583,13 +585,15 @@ int main (int argc, char **argv)
                    }
                    else if (conn->startup == STARTUP_ROUTE)
                    {
-                       if (starter_charon_pid())
+                       if (conn->keyexchange == KEY_EXCHANGE_IKEV2)
                        {
-                           starter_stroke_route_conn(conn);
+                           if (starter_charon_pid())
+                           {
+                               starter_stroke_route_conn(conn);
+                           }
                        }
-                       if (conn->keyexchange != KEY_EXCHANGE_IKEV2)
+                       else
                        {
-                           /* currently not routed, until pluto handles the keyexchange flag */
                            if (starter_pluto_pid())
                            {
                                starter_whack_route_conn(conn);
index 38cff4a..862c017 100644 (file)
@@ -234,6 +234,7 @@ starter_whack_add_conn(starter_conn_t *conn)
     msg.whack_connection = TRUE;
     msg.name = connection_name(conn);
 
+    msg.ikev1                 = conn->keyexchange != KEY_EXCHANGE_IKEV2;
     msg.addr_family           = conn->addr_family;
     msg.tunnel_addr_family    = conn->tunnel_addr_family;
     msg.sa_ike_life_seconds   = conn->sa_ike_life_seconds;
index 98867ea..8e053de 100644 (file)
@@ -846,6 +846,9 @@ main(int argc, char **argv)
     msg.ike = NULL;
     msg.pfsgroup = NULL;
 
+   /* if a connection is added via whack then we assume IKEv1 */
+    msg.ikev1 = TRUE;
+
     msg.sa_ike_life_seconds = OAKLEY_ISAKMP_SA_LIFETIME_DEFAULT;
     msg.sa_ipsec_life_seconds = PLUTO_SA_LIFE_DURATION_DEFAULT;
     msg.sa_rekey_margin = SA_REPLACEMENT_MARGIN_DEFAULT;
index 96e4cff..965cdd3 100644 (file)
@@ -103,6 +103,7 @@ struct whack_message {
 
     bool whack_connection;
     bool whack_async;
+    bool ikev1;
 
     lset_t policy;
     time_t sa_ike_life_seconds;