- changed config load strategy:
authorMartin Willi <martin@strongswan.org>
Tue, 23 May 2006 10:07:02 +0000 (10:07 -0000)
committerMartin Willi <martin@strongswan.org>
Tue, 23 May 2006 10:07:02 +0000 (10:07 -0000)
  starter loads both connections in charon & pluto,
  charon ignores anything with keyexchange!=ikev2.
  pluto needs the same behavior.

src/charon/config/connections/connection.c
src/charon/config/connections/connection.h
src/charon/threads/stroke_interface.c
src/starter/starter.c
src/starter/starterstroke.c
src/stroke/stroke.c
src/stroke/stroke.h

index 74e6762..a33026a 100644 (file)
@@ -55,6 +55,11 @@ struct private_connection_t {
         */
        char *name;
        
+       /** 
+        * Does charon handle this connection? Or can he ignore it?
+        */
+       bool ikev2;
+       
        /**
         * ID of us
         */
@@ -95,6 +100,14 @@ static char *get_name (private_connection_t *this)
 }
 
 /**
+ * Implementation of connection_t.is_ikev2.
+ */
+static bool is_ikev2 (private_connection_t *this)
+{
+       return this->ikev2;
+}
+
+/**
  * Implementation of connection_t.get_my_id.
  */
 static identification_t *get_my_id (private_connection_t *this)
@@ -287,6 +300,7 @@ static connection_t *clone(private_connection_t *this)
        proposal_t *proposal;
        private_connection_t *clone = (private_connection_t*)connection_create(
                        this->name,
+                       this->ikev2,
                        this->my_host->clone(this->my_host),
                        this->other_host->clone(this->other_host),
                        this->my_id->clone(this->my_id),
@@ -309,7 +323,7 @@ static connection_t *clone(private_connection_t *this)
 /**
  * Implementation of connection_t.destroy.
  */
-static void destroy (private_connection_t *this)
+static void destroy(private_connection_t *this)
 {
        proposal_t *proposal;
        
@@ -330,12 +344,13 @@ static void destroy (private_connection_t *this)
 /**
  * Described in header.
  */
-connection_t * connection_create(char *name, host_t *my_host, host_t *other_host, identification_t *my_id, identification_t *other_id, auth_method_t auth_method)
+connection_t * connection_create(char *name, bool ikev2, host_t *my_host, host_t *other_host, identification_t *my_id, identification_t *other_id, auth_method_t auth_method)
 {
        private_connection_t *this = malloc_thing(private_connection_t);
 
        /* public functions */
        this->public.get_name = (char*(*)(connection_t*))get_name;
+       this->public.is_ikev2 = (bool(*)(connection_t*))is_ikev2;
        this->public.get_my_id = (identification_t*(*)(connection_t*))get_my_id;
        this->public.get_other_id = (identification_t*(*)(connection_t*))get_other_id;
        this->public.get_my_host = (host_t*(*)(connection_t*))get_my_host;
@@ -355,6 +370,7 @@ connection_t * connection_create(char *name, host_t *my_host, host_t *other_host
        
        /* private variables */
        this->name = strdup(name);
+       this->ikev2 = ikev2;
        this->my_host = my_host;
        this->other_host = other_host;
        this->my_id = my_id;
index 2cb3c20..2b21227 100644 (file)
@@ -223,6 +223,18 @@ struct connection_t {
        char* (*get_name) (connection_t *this);
        
        /**
+        * @brief Check if the connection is marked as an IKEv2 connection.
+        * 
+        * Since all connections (IKEv1+2) are loaded, but charon handles 
+        * only those marked with IKEv2, this flag can tell us if we must
+        * ignore a connection on initiaton. Then pluto will do it for us.
+        * 
+        * @param this                                  calling object
+        * @return                                              - TRUE, if this is an IKEv2 connection
+        */
+       bool (*is_ikev2) (connection_t *this);
+       
+       /**
         * @brief Get the DH group to use for connection initialization.
         * 
         * @param this                                  calling object
@@ -265,6 +277,7 @@ struct connection_t {
  * connection_create(). Name gets cloned internally.
  *
  * @param name                 connection identifier
+ * @param ikev2                        TRUE if this is an IKEv2 connection
  * @param my_host              host_t representing local address
  * @param other_host   host_t representing remote address
  * @param my_id                        identification_t for me
@@ -274,7 +287,8 @@ struct connection_t {
  * 
  * @ingroup config
  */
-connection_t * connection_create(char *name, 
+connection_t * connection_create(char *name,
+                                                                bool ikev2,
                                                                 host_t *my_host, host_t *other_host,
                                                                 identification_t *my_id, 
                                                                 identification_t *other_id,
index e3a0b67..57c5f4d 100755 (executable)
@@ -134,7 +134,7 @@ static void load_end_certificate(const char *filename, identification_t **idp)
        if (cert)
        {
                identification_t *id = *idp;
-               identification_t  *subject = cert->get_subject(cert);
+               identification_t *subject = cert->get_subject(cert);
 
                if (!id->equals(id, subject))
                {
@@ -275,9 +275,9 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg)
                load_end_certificate(msg->add_conn.other.cert, &other_id);
        }
        
-       connection = connection_create(msg->add_conn.name, 
-                                                                  my_host, other_host, 
-                                                                  my_id->clone(my_id), other_id->clone(other_id), 
+       connection = connection_create(msg->add_conn.name, msg->add_conn.ikev2,
+                                                                  my_host, other_host,
+                                                                  my_id->clone(my_id), other_id->clone(other_id),
                                                                   RSA_DIGITAL_SIGNATURE);
        proposal = proposal_create(1);
        proposal->add_algorithm(proposal, PROTO_IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
@@ -312,7 +312,6 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg)
 
        /* add to global policy list */
        charon->policies->add_policy(charon->policies, policy);
-       
 }
 
 /**
@@ -322,7 +321,7 @@ static void stroke_initiate(private_stroke_t *this, stroke_msg_t *msg)
 {
        initiate_ike_sa_job_t *job;
        connection_t *connection;
-                               
+       
        pop_string(msg, &(msg->initiate.name));
        this->logger->log(this->logger, CONTROL, "received stroke: initiate \"%s\"", msg->initiate.name);
        connection = charon->connections->get_connection_by_name(charon->connections, msg->initiate.name);
@@ -330,7 +329,8 @@ static void stroke_initiate(private_stroke_t *this, stroke_msg_t *msg)
        {
                this->stroke_logger->log(this->stroke_logger, ERROR, "no connection named \"%s\"", msg->initiate.name);
        }
-       else
+       /* only initiate if it is an ikev2 connection */
+       else if (connection->is_ikev2(connection))
        {
                job = initiate_ike_sa_job_create(connection);
                charon->job_queue->add(charon->job_queue, (job_t*)job);
@@ -387,6 +387,7 @@ static void stroke_list(private_stroke_t *this, stroke_msg_t *msg, bool utc)
                charon->credentials->log_certificates(charon->credentials, this->stroke_logger, utc);
        }
 }
+
 logger_context_t get_context(char *context)
 {
        if      (strcasecmp(context, "ALL") == 0) return ALL_LOGGERS;
index 88e190e..c70fadc 100644 (file)
@@ -331,20 +331,14 @@ int main (int argc, char **argv)
                {
                    if (conn->state == STATE_ADDED)
                    {
-                       if (conn->keyexchange == KEY_EXCHANGE_IKEV2)
+                       if (starter_charon_pid())
                        {
-                           if (starter_charon_pid())
-                           {
-                               starter_stroke_del_conn(conn);
-                           }
+                           starter_stroke_del_conn(conn);
                        }
-                       else
+                       if (starter_pluto_pid())
                        {
-                           if (starter_pluto_pid())
-                           {
-                               starter_whack_del_conn(conn);
-                               conn->state = STATE_TO_ADD;
-                           }
+                           starter_whack_del_conn(conn);
+                           conn->state = STATE_TO_ADD;
                        }
                    }
                }
@@ -418,19 +412,13 @@ int main (int argc, char **argv)
                    {
                        if (conn->state == STATE_ADDED)
                        {
-                           if (conn->keyexchange == KEY_EXCHANGE_IKEV2)
+                           if (starter_charon_pid())
                            {
-                               if (starter_charon_pid())
-                               {
-                                   starter_stroke_del_conn(conn);
-                               }
+                               starter_stroke_del_conn(conn);
                            }
-                           else
+                           if (starter_pluto_pid())
                            {
-                               if (starter_pluto_pid())
-                               {
-                                   starter_whack_del_conn(conn);
-                               }
+                               starter_whack_del_conn(conn);
                            }
                        }
                    }
@@ -568,33 +556,25 @@ int main (int argc, char **argv)
                        /* affect new unique id */
                        conn->id = id++;
                    }
-                   if (conn->keyexchange == KEY_EXCHANGE_IKEV2)
+                   if (starter_charon_pid())
                    {
-                       if (starter_charon_pid())
-                       {
-                           starter_stroke_add_conn(conn);
-                       }
+                       starter_stroke_add_conn(conn);
                    }
-                   else
+                   if (starter_pluto_pid())
                    {
-                       if (starter_pluto_pid())
-                       {
-                           starter_whack_add_conn(conn);
-                       }
+                       starter_whack_add_conn(conn);
                    }
                    conn->state = STATE_ADDED;
 
                    if (conn->startup == STARTUP_START)
                    {
-                       if (conn->keyexchange == KEY_EXCHANGE_IKEV2)
+                       if (starter_charon_pid())
                        {
-                           if (starter_charon_pid())
-                           {
-                               starter_stroke_initiate_conn(conn);
-                           }
+                           starter_stroke_initiate_conn(conn);
                        }
-                       else
+                       if (conn->keyexchange != KEY_EXCHANGE_IKEV2)
                        {
+                           /* currently not initiated, until pluto handles the keyexchange flag */
                            if (starter_pluto_pid())
                            {
                                starter_whack_initiate_conn(conn);
@@ -603,18 +583,16 @@ int main (int argc, char **argv)
                    }
                    else if (conn->startup == STARTUP_ROUTE)
                    {
-                       if (conn->keyexchange == KEY_EXCHANGE_IKEV2)
+                       if (starter_charon_pid())
                        {
-                           if (starter_charon_pid())
-                           {
-                               starter_stroke_route_conn(conn);
-                           }
+                           starter_stroke_route_conn(conn);
                        }
-                       else
+                       if (conn->keyexchange != KEY_EXCHANGE_IKEV2)
                        {
+                           /* currently not routed, until pluto handles the keyexchange flag */
                            if (starter_pluto_pid())
                            {
-                                starter_whack_route_conn(conn);
+                               starter_whack_route_conn(conn);
                            }
                        }
                    }
index 6fd8384..e480227 100644 (file)
@@ -125,6 +125,7 @@ starter_stroke_add_conn(starter_conn_t *conn)
     msg->type = STR_ADD_CONN;
 
     msg->add_conn.name = push_string(&msg, connection_name(conn));
+       msg->add_conn.ikev2 = conn->keyexchange == KEY_EXCHANGE_IKEV2 ? 1 : 0;
 
     msg->add_conn.me.id = push_string(&msg, conn->left.id);
     msg->add_conn.me.cert = push_string(&msg, conn->left.cert);
index b65a757..c844c6a 100644 (file)
@@ -104,6 +104,7 @@ static int add_connection(char *name,
        msg->type = STR_ADD_CONN;
        
        msg->add_conn.name = push_string(&msg, name);
+       msg->add_conn.ikev2 = 1;
        
        msg->add_conn.me.id = push_string(&msg, my_id);
        msg->add_conn.me.address = push_string(&msg, my_addr);
index 566d2c1..7e45b3c 100644 (file)
@@ -71,12 +71,14 @@ struct stroke_msg_t {
                /* data for STR_ADD_CONN */
                struct {
                        char *name;
+                       /* is this connection handled by charon? */
+                       int ikev2;
                        struct {
                                char *id;
                                char *cert;
                                char *address;
                                char *subnet;
-                               u_int8_t subnet_mask;
+                               int subnet_mask;
                        } me, other;
                } add_conn;
                struct {
@@ -86,10 +88,9 @@ struct stroke_msg_t {
                } logtype;
                struct {
                        char *context;
-                       u_int level;
+                       int level;
                } loglevel;
        };
-
        u_int8_t buffer[];
 };