ike-cfg: Pass arguments as struct
authorTobias Brunner <tobias@strongswan.org>
Fri, 29 Mar 2019 11:11:10 +0000 (12:11 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 25 Apr 2019 12:31:33 +0000 (14:31 +0200)
18 files changed:
src/charon-cmd/cmd/cmd_connection.c
src/charon-nm/nm/nm_service.c
src/conftest/config.c
src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
src/frontends/osx/charon-xpc/xpc_dispatch.c
src/libcharon/config/ike_cfg.c
src/libcharon/config/ike_cfg.h
src/libcharon/plugins/ha/ha_tunnel.c
src/libcharon/plugins/load_tester/load_tester_config.c
src/libcharon/plugins/medcli/medcli_config.c
src/libcharon/plugins/medsrv/medsrv_config.c
src/libcharon/plugins/sql/sql_config.c
src/libcharon/plugins/stroke/stroke_config.c
src/libcharon/plugins/uci/uci_config.c
src/libcharon/plugins/vici/vici_config.c
src/libcharon/tests/suites/test_ike_cfg.c
src/libcharon/tests/suites/test_peer_cfg.c
src/libcharon/tests/utils/exchange_test_helper.c

index 1cf431f..b91c898 100644 (file)
@@ -142,9 +142,13 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
 {
        ike_cfg_t *ike_cfg;
        peer_cfg_t *peer_cfg;
-       uint16_t local_port, remote_port = IKEV2_UDP_PORT;
-       ike_version_t version = IKE_ANY;
        proposal_t *proposal;
+       ike_cfg_create_t ike = {
+               .local = "0.0.0.0",
+               .remote = this->host,
+               .remote_port = IKEV2_UDP_PORT,
+               .fragmentation = FRAGMENTATION_YES,
+       };
        peer_cfg_create_t peer = {
                .cert_policy = CERT_SEND_IF_ASKED,
                .unique = UNIQUE_REPLACE,
@@ -161,7 +165,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
                case PROF_V2_PUB:
                case PROF_V2_EAP:
                case PROF_V2_PUB_EAP:
-                       version = IKEV2;
+                       ike.version = IKEV2;
                        break;
                case PROF_V1_PUB_AM:
                case PROF_V1_XAUTH_AM:
@@ -173,17 +177,16 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
                case PROF_V1_XAUTH:
                case PROF_V1_XAUTH_PSK:
                case PROF_V1_HYBRID:
-                       version = IKEV1;
+                       ike.version = IKEV1;
                        break;
        }
 
-       local_port = charon->socket->get_port(charon->socket, FALSE);
-       if (local_port != IKEV2_UDP_PORT)
+       ike.local_port = charon->socket->get_port(charon->socket, FALSE);
+       if (ike.local_port != IKEV2_UDP_PORT)
        {
-               remote_port = IKEV2_NATT_PORT;
+               ike.remote_port = IKEV2_NATT_PORT;
        }
-       ike_cfg = ike_cfg_create(version, TRUE, FALSE, "0.0.0.0", local_port,
-                                       this->host, remote_port, FRAGMENTATION_NO, 0);
+       ike_cfg = ike_cfg_create(&ike);
        if (this->ike_proposals->get_count(this->ike_proposals))
        {
                while (this->ike_proposals->remove_first(this->ike_proposals,
index e207ac8..1b07230 100644 (file)
@@ -381,8 +381,8 @@ static gboolean connect_(NMVpnServicePlugin *plugin, NMConnection *connection,
        NMSettingVpn *vpn;
        enumerator_t *enumerator;
        identification_t *user = NULL, *gateway = NULL;
-       const char *address, *str;
-       bool virtual, encap, proposal;
+       const char *str;
+       bool virtual, proposal;
        proposal_t *prop;
        ike_cfg_t *ike_cfg;
        peer_cfg_t *peer_cfg;
@@ -394,6 +394,13 @@ static gboolean connect_(NMVpnServicePlugin *plugin, NMConnection *connection,
        certificate_t *cert = NULL;
        x509_t *x509;
        bool agent = FALSE, smartcard = FALSE, loose_gateway_id = FALSE;
+       ike_cfg_create_t ike = {
+               .version = IKEV2,
+               .local = "%any",
+               .local_port = charon->socket->get_port(charon->socket, FALSE),
+               .remote_port = IKEV2_UDP_PORT,
+               .fragmentation = FRAGMENTATION_YES,
+       };
        peer_cfg_create_t peer = {
                .cert_policy = CERT_SEND_IF_ASKED,
                .unique = UNIQUE_REPLACE,
@@ -430,8 +437,8 @@ static gboolean connect_(NMVpnServicePlugin *plugin, NMConnection *connection,
                 priv->name);
        DBG4(DBG_CFG, "%s",
                 nm_setting_to_string(NM_SETTING(vpn)));
-       address = nm_setting_vpn_get_data_item(vpn, "address");
-       if (!address || !*address)
+       ike.remote = (char*)nm_setting_vpn_get_data_item(vpn, "address");
+       if (!ike.remote || !*ike.remote)
        {
                g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
                                        "Gateway address missing.");
@@ -440,7 +447,7 @@ static gboolean connect_(NMVpnServicePlugin *plugin, NMConnection *connection,
        str = nm_setting_vpn_get_data_item(vpn, "virtual");
        virtual = streq(str, "yes");
        str = nm_setting_vpn_get_data_item(vpn, "encap");
-       encap = streq(str, "yes");
+       ike.force_encap = streq(str, "yes");
        str = nm_setting_vpn_get_data_item(vpn, "ipcomp");
        child.options |= streq(str, "yes") ? OPT_IPCOMP : 0;
        str = nm_setting_vpn_get_data_item(vpn, "method");
@@ -503,7 +510,7 @@ static gboolean connect_(NMVpnServicePlugin *plugin, NMConnection *connection,
                 * of the gateway as its identity. This identity will be used for
                 * certificate lookup and requires the configured IP/DNS to be
                 * included in the gateway certificate. */
-               gateway = identification_create_from_string((char*)address);
+               gateway = identification_create_from_string(ike.remote);
                DBG1(DBG_CFG, "using CA certificate, gateway identity '%Y'", gateway);
                loose_gateway_id = TRUE;
        }
@@ -634,10 +641,7 @@ static gboolean connect_(NMVpnServicePlugin *plugin, NMConnection *connection,
        /**
         * Set up configurations
         */
-       ike_cfg = ike_cfg_create(IKEV2, TRUE, encap, "%any",
-                                                        charon->socket->get_port(charon->socket, FALSE),
-                                                       (char*)address, IKEV2_UDP_PORT,
-                                                        FRAGMENTATION_YES, 0);
+       ike_cfg = ike_cfg_create(&ike);
 
        str = nm_setting_vpn_get_data_item(vpn, "proposal");
        proposal = streq(str, "yes");
index d926dfc..ff47a77 100644 (file)
@@ -107,14 +107,21 @@ static ike_cfg_t *load_ike_config(private_config_t *this,
        ike_cfg_t *ike_cfg;
        proposal_t *proposal;
        char *token;
+       ike_cfg_create_t ike = {
+               .version = IKEV2,
+               .local = settings->get_str(settings, "configs.%s.lhost",
+                                                                  "%any", config),
+               .local_port = settings->get_int(settings, "configs.%s.lport",
+                                                                       500, config),
+               .remote = settings->get_str(settings, "configs.%s.rhost",
+                                                                       "%any", config),
+               .remote_port = settings->get_int(settings, "configs.%s.rport",
+                                                                       500, config),
+               .force_encap = settings->get_bool(settings, "configs.%s.fake_nat",
+                                                                       FALSE, config),
+       };
 
-       ike_cfg = ike_cfg_create(IKEV2, TRUE,
-               settings->get_bool(settings, "configs.%s.fake_nat", FALSE, config),
-               settings->get_str(settings, "configs.%s.lhost", "%any", config),
-               settings->get_int(settings, "configs.%s.lport", 500, config),
-               settings->get_str(settings, "configs.%s.rhost", "%any", config),
-               settings->get_int(settings, "configs.%s.rport", 500, config),
-               FRAGMENTATION_NO, 0);
+       ike_cfg = ike_cfg_create(&ike);
        token = settings->get_str(settings, "configs.%s.proposal", NULL, config);
        if (token)
        {
index a6b4505..de63489 100644 (file)
@@ -742,6 +742,13 @@ static job_requeue_t initiate(private_android_service_t *this)
        proposal_t *proposal;
        ike_sa_t *ike_sa;
        auth_cfg_t *auth;
+       ike_cfg_create_t ike = {
+               .version = IKEV2,
+               .local = "0.0.0.0",
+               .local_port = charon->socket->get_port(charon->socket, FALSE),
+               .foce_encap = TRUE,
+               .fragmentation = FRAGMENTATION_YES,
+       };
        peer_cfg_create_t peer = {
                .cert_policy = CERT_ALWAYS_SEND,
                .unique = UNIQUE_REPLACE,
@@ -761,23 +768,20 @@ static job_requeue_t initiate(private_android_service_t *this)
                .dpd_action = ACTION_RESTART,
                .close_action = ACTION_RESTART,
        };
-       char *type, *server, *remote_id;
-       int port;
-       bool certreq;
+       char *type, *remote_id;
 
        if (android_sdk_version >= ANDROID_LOLLIPOP)
        {   /* only try once and notify the GUI on Android 5+ where we have a blocking TUN device */
                peer.keyingtries = 1;
        }
 
-       server = this->settings->get_str(this->settings, "connection.server", NULL);
-       port = this->settings->get_int(this->settings, "connection.port",
-                                                                  IKEV2_UDP_PORT);
-       certreq = this->settings->get_bool(this->settings, "connection.certreq",
-                                                                          TRUE);
-       ike_cfg = ike_cfg_create(IKEV2, certreq, TRUE, "0.0.0.0",
-                                                        charon->socket->get_port(charon->socket, FALSE),
-                                                        server, port, FRAGMENTATION_YES, 0);
+       ike.remote = this->settings->get_str(this->settings, "connection.server",
+                                                                                NULL);
+       ike.remote_port = this->settings->get_int(this->settings, "connection.port",
+                                                                                         IKEV2_UDP_PORT);
+       ike.no_certreq = !this->settings->get_bool(this->settings,
+                                                                                          "connection.certreq", TRUE);
+       ike_cfg = ike_cfg_create(&ike);
        proposal = parse_proposal(this, PROTO_IKE, "connection.ike_proposal");
        if (proposal)
        {
index 0483199..51b2b50 100644 (file)
@@ -78,6 +78,14 @@ static peer_cfg_t* create_peer_cfg(char *name, char *host)
        ike_cfg_t *ike_cfg;
        peer_cfg_t *peer_cfg;
        uint16_t local_port, remote_port = IKEV2_UDP_PORT;
+       ike_cfg_create_t ike = {
+               .version = IKEV2,
+               .local = "0.0.0.0",
+               .remote = host,
+               .remote_port = IKEV2_UDP_PORT,
+               .no_certreq = TRUE,
+               .fragmentation = FRAGMENTATION_YES,
+       };
        peer_cfg_create_t peer = {
                .cert_policy = CERT_SEND_IF_ASKED,
                .unique = UNIQUE_REPLACE,
@@ -88,13 +96,12 @@ static peer_cfg_t* create_peer_cfg(char *name, char *host)
                .dpd = 30,
        };
 
-       local_port = charon->socket->get_port(charon->socket, FALSE);
-       if (local_port != IKEV2_UDP_PORT)
+       ike.local_port = charon->socket->get_port(charon->socket, FALSE);
+       if (ike.local_port != IKEV2_UDP_PORT)
        {
-               remote_port = IKEV2_NATT_PORT;
+               ike.remote_port = IKEV2_NATT_PORT;
        }
-       ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE, "0.0.0.0", local_port,
-                                                        host, remote_port, FRAGMENTATION_NO, 0);
+       ike_cfg = ike_cfg_create(&ike);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
        peer_cfg = peer_cfg_create(name, ike_cfg, &peer);
index 357c4a7..cb75b70 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2018 Tobias Brunner
+ * Copyright (C) 2012-2019 Tobias Brunner
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * HSR Hochschule fuer Technik Rapperswil
@@ -609,13 +609,10 @@ bool ike_cfg_has_address(ike_cfg_t *cfg, host_t *addr, bool local)
        return found;
 }
 
-/**
- * Described in header.
+/*
+ * Described in header
  */
-ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
-                                                 char *me, uint16_t my_port,
-                                                 char *other, uint16_t other_port,
-                                                 fragmentation_t fragmentation, uint8_t dscp)
+ike_cfg_t *ike_cfg_create(ike_cfg_create_t *data)
 {
        private_ike_cfg_t *this;
 
@@ -644,24 +641,24 @@ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
                        .destroy = _destroy,
                },
                .refcount = 1,
-               .version = version,
-               .certreq = certreq,
-               .force_encap = force_encap,
-               .fragmentation = fragmentation,
-               .me = strdup(me),
+               .version = data->version,
+               .certreq = !data->no_certreq,
+               .force_encap = data->force_encap,
+               .fragmentation = data->fragmentation,
+               .me = strdup(data->local),
                .my_ranges = linked_list_create(),
                .my_hosts = linked_list_create(),
-               .other = strdup(other),
+               .other = strdup(data->remote),
                .other_ranges = linked_list_create(),
                .other_hosts = linked_list_create(),
-               .my_port = my_port,
-               .other_port = other_port,
-               .dscp = dscp,
+               .my_port = data->local_port,
+               .other_port = data->remote_port,
+               .dscp = data->dscp,
                .proposals = linked_list_create(),
        );
 
-       parse_addresses(me, this->my_hosts, this->my_ranges);
-       parse_addresses(other, this->other_hosts, this->other_ranges);
+       parse_addresses(data->local, this->my_hosts, this->my_ranges);
+       parse_addresses(data->remote, this->other_hosts, this->other_ranges);
 
        return &this->public;
 }
index 49690c8..92a9915 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2018 Tobias Brunner
+ * Copyright (C) 2012-2019 Tobias Brunner
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * HSR Hochschule fuer Technik Rapperswil
@@ -26,6 +26,7 @@
 typedef enum ike_version_t ike_version_t;
 typedef enum fragmentation_t fragmentation_t;
 typedef struct ike_cfg_t ike_cfg_t;
+typedef struct ike_cfg_create_t ike_cfg_create_t;
 
 #include <library.h>
 #include <networking/host.h>
@@ -241,30 +242,41 @@ struct ike_cfg_t {
 };
 
 /**
- * Creates a ike_cfg_t object.
+ * Data passed to the constructor of an ike_cfg_t object.
  *
- * Supplied hosts become owned by ike_cfg, strings get cloned.
- *
- * me and other are comma separated lists of IP addresses, DNS names, IP ranges
- * or subnets. When initiating, the first non-range/subnet address is used
- * as address. When responding, a match is performed against all items in the
- * list.
+ * local and remote are comma separated lists of IP addresses, DNS names,
+ * IP ranges or subnets. When initiating, the first non-range/subnet address is
+ * used as address. When responding, a match is performed against all items in
+ * the list.
+ */
+struct ike_cfg_create_t {
+       /** IKE major version to use for this config */
+       ike_version_t version;
+       /** Address/DNS name of local peer (cloned) */
+       char *local;
+       /** IKE port to use as source, 500 uses IKEv2 port floating */
+       uint16_t local_port;
+       /** Address/DNS name of remote peer (cloned) */
+       char *remote;
+       /** IKE port to use as dest, 500 uses IKEv2 port floating */
+       uint16_t remote_port;
+       /** TRUE to not send any certificate requests */
+       bool no_certreq;
+       /** Enforce UDP encapsulation by faking NATD notify */
+       bool force_encap;
+       /** Use IKE fragmentation */
+       fragmentation_t fragmentation;
+       /** DSCP value to send IKE packets with */
+       uint8_t dscp;
+};
+
+/**
+ * Creates an ike_cfg_t object.
  *
- * @param version                      IKE major version to use for this config
- * @param certreq                      TRUE to send a certificate request
- * @param force_encap          enforce UDP encapsulation by faking NATD notify
- * @param me                           address/DNS name of local peer
- * @param my_port                      IKE port to use as source, 500 uses IKEv2 port floating
- * @param other                                address/DNS name of remote peer
- * @param other_port           IKE port to use as dest, 500 uses IKEv2 port floating
- * @param fragmentation                use IKEv1 fragmentation
- * @param dscp                         DSCP value to send IKE packets with
+ * @param data                         data for this ike_cfg
  * @return                                     ike_cfg_t object.
  */
-ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
-                                                 char *me, uint16_t my_port,
-                                                 char *other, uint16_t other_port,
-                                                 fragmentation_t fragmentation, uint8_t dscp);
+ike_cfg_t *ike_cfg_create(ike_cfg_create_t *data);
 
 /**
  * Determine the address family of the local or remote address(es).  If multiple
index cfa896e..f942915 100644 (file)
@@ -190,6 +190,14 @@ static void setup_tunnel(private_ha_tunnel_t *this,
        auth_cfg_t *auth_cfg;
        child_cfg_t *child_cfg;
        traffic_selector_t *ts;
+       ike_cfg_create_t ike = {
+               .version = IKEV2,
+               .local = local,
+               .local_port = charon->socket->get_port(charon->socket, FALSE),
+               .remote = remote,
+               .remote_port = IKEV2_UDP_PORT,
+               .no_certreq = TRUE,
+       };
        peer_cfg_create_t peer = {
                .cert_policy = CERT_NEVER_SEND,
                .unique = UNIQUE_KEEP,
@@ -222,9 +230,7 @@ static void setup_tunnel(private_ha_tunnel_t *this,
        lib->credmgr->add_set(lib->credmgr, &this->creds.public);
 
        /* create config and backend */
-       ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE, local,
-                                                        charon->socket->get_port(charon->socket, FALSE),
-                                                        remote, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
+       ike_cfg = ike_cfg_create(&ike);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
        peer_cfg = peer_cfg_create(HA_CFG_NAME, ike_cfg, &peer);
index 78be45f..6fb6673 100644 (file)
@@ -686,8 +686,12 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
        ike_cfg_t *ike_cfg;
        child_cfg_t *child_cfg;
        peer_cfg_t *peer_cfg;
-       char local[32], *remote;
+       char local[32];
        host_t *addr;
+       ike_cfg_create_t ike = {
+               .version = this->version,
+               .remote_port = IKEV2_UDP_PORT,
+       };
        peer_cfg_create_t peer = {
                .cert_policy = CERT_SEND_IF_ASKED,
                .unique = UNIQUE_NO,
@@ -726,28 +730,25 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
                {
                        snprintf(local, sizeof(local), "%s", this->initiator);
                }
-               remote = this->responder;
+               ike.remote = this->responder;
        }
        else
        {
                snprintf(local, sizeof(local), "%s", this->responder);
-               remote = this->initiator;
+               ike.remote = this->initiator;
        }
 
+       ike.local = local;
        if (this->port && num)
        {
-               ike_cfg = ike_cfg_create(this->version, TRUE, FALSE,
-                                                                local, this->port + num - 1,
-                                                                remote, IKEV2_NATT_PORT,
-                                                                FRAGMENTATION_NO, 0);
+               ike.local_port = this->port + num - 1;
+               ike.remote_port = IKEV2_NATT_PORT;
        }
        else
        {
-               ike_cfg = ike_cfg_create(this->version, TRUE, FALSE, local,
-                                                                charon->socket->get_port(charon->socket, FALSE),
-                                                                remote, IKEV2_UDP_PORT,
-                                                                FRAGMENTATION_NO, 0);
+               ike.local_port = charon->socket->get_port(charon->socket, FALSE);
        }
+       ike_cfg = ike_cfg_create(&ike);
        ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal));
        peer_cfg = peer_cfg_create("load-test", ike_cfg, &peer);
 
index 789c01b..be42d7d 100644 (file)
@@ -87,9 +87,15 @@ static peer_cfg_t *build_mediation_config(private_medcli_config_t *this,
        auth_cfg_t *auth;
        ike_cfg_t *ike_cfg;
        peer_cfg_t *med_cfg;
+       ike_cfg_create_t ike = {
+               .version = IKEV2,
+               .local = "0.0.0.0",
+               .local_port = charon->socket->get_port(charon->socket, FALSE),
+               .remote_port = IKEV2_UDP_PORT,
+               .no_certreq = TRUE,
+       };
        peer_cfg_create_t peer = *defaults;
        chunk_t me, other;
-       char *address;
 
        /* query mediation server config:
         * - build ike_cfg/peer_cfg for mediation connection on-the-fly
@@ -98,14 +104,12 @@ static peer_cfg_t *build_mediation_config(private_medcli_config_t *this,
                        "SELECT Address, ClientConfig.KeyId, MediationServerConfig.KeyId "
                        "FROM MediationServerConfig JOIN ClientConfig",
                        DB_TEXT, DB_BLOB, DB_BLOB);
-       if (!e || !e->enumerate(e, &address, &me, &other))
+       if (!e || !e->enumerate(e, &ike.remote, &me, &other))
        {
                DESTROY_IF(e);
                return NULL;
        }
-       ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE, "0.0.0.0",
-                                                        charon->socket->get_port(charon->socket, FALSE),
-                                                        address, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
+       ike_cfg = ike_cfg_create(&ike);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
 
@@ -397,6 +401,14 @@ METHOD(medcli_config_t, destroy, void,
 medcli_config_t *medcli_config_create(database_t *db)
 {
        private_medcli_config_t *this;
+       ike_cfg_create_t ike = {
+               .version = IKEV2,
+               .local = "0.0.0.0",
+               .local_port = charon->socket->get_port(charon->socket, FALSE),
+               .remote = "0.0.0.0",
+               .remote_port = IKEV2_UDP_PORT,
+               .no_certreq = TRUE,
+       };
 
        INIT(this,
                .public = {
@@ -410,10 +422,7 @@ medcli_config_t *medcli_config_create(database_t *db)
                .db = db,
                .rekey = lib->settings->get_time(lib->settings, "medcli.rekey", 1200),
                .dpd = lib->settings->get_time(lib->settings, "medcli.dpd", 300),
-               .ike = ike_cfg_create(IKEV2, FALSE, FALSE, "0.0.0.0",
-                                                         charon->socket->get_port(charon->socket, FALSE),
-                                                         "0.0.0.0", IKEV2_UDP_PORT,
-                                                         FRAGMENTATION_NO, 0),
+               .ike = ike_cfg_create(&ike),
        );
        this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
        this->ike->add_proposal(this->ike, proposal_create_default_aead(PROTO_IKE));
index 6068022..b9dce8c 100644 (file)
@@ -130,6 +130,14 @@ METHOD(medsrv_config_t, destroy, void,
 medsrv_config_t *medsrv_config_create(database_t *db)
 {
        private_medsrv_config_t *this;
+       ike_cfg_create_t ike = {
+               .version = IKEV2,
+               .local = "0.0.0.0",
+               .local_port = charon->socket->get_port(charon->socket, FALSE),
+               .remote = "0.0.0.0",
+               .remote_port = IKEV2_UDP_PORT,
+               .no_certreq = TRUE,
+       };
 
        INIT(this,
                .public = {
@@ -143,10 +151,7 @@ medsrv_config_t *medsrv_config_create(database_t *db)
                .db = db,
                .rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200),
                .dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300),
-               .ike = ike_cfg_create(IKEV2, FALSE, FALSE, "0.0.0.0",
-                                                         charon->socket->get_port(charon->socket, FALSE),
-                                                         "0.0.0.0", IKEV2_UDP_PORT,
-                                                         FRAGMENTATION_NO, 0),
+               .ike = ike_cfg_create(&ike),
        );
        this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
        this->ike->add_proposal(this->ike, proposal_create_default_aead(PROTO_IKE));
index bb1ba71..fb8ea8c 100644 (file)
@@ -272,10 +272,18 @@ static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e,
        while (e->enumerate(e, &id, &certreq, &force_encap, &local, &remote))
        {
                ike_cfg_t *ike_cfg;
+               ike_cfg_create_t ike = {
+                       .version = IKEV2,
+                       .local = local,
+                       .local_port = charon->socket->get_port(charon->socket, FALSE),
+                       .remote = remote,
+                       .remote_port = IKEV2_UDP_PORT,
+                       .no_certreq = !certreq,
+                       .force_encap = force_encap,
+                       .fragmentation = FRAGMENTATION_YES,
+               };
 
-               ike_cfg = ike_cfg_create(IKEV2, certreq, force_encap, local,
-                                                                charon->socket->get_port(charon->socket, FALSE),
-                                                                remote, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
+               ike_cfg = ike_cfg_create(&ike);
                add_ike_proposals(this, ike_cfg, id);
                return ike_cfg;
        }
index 8cdb5ef..1514b74 100644 (file)
@@ -260,36 +260,40 @@ static void swap_ends(stroke_msg_t *msg)
  */
 static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg)
 {
+       ike_cfg_create_t ike;
        ike_cfg_t *ike_cfg;
-       uint16_t ikeport;
        char me[256], other[256];
 
        swap_ends(msg);
 
+       ike = (ike_cfg_create_t){
+               .version = msg->add_conn.version,
+               .local = msg->add_conn.me.address,
+               .local_port = msg->add_conn.me.ikeport,
+               .remote = msg->add_conn.other.address,
+               .remote_port = msg->add_conn.other.ikeport,
+               .no_certreq = msg->add_conn.other.sendcert == CERT_NEVER_SEND,
+               .force_encap = msg->add_conn.force_encap,
+               .fragmentation = msg->add_conn.fragmentation,
+               .dscp = msg->add_conn.ikedscp,
+       };
        if (msg->add_conn.me.allow_any)
        {
                snprintf(me, sizeof(me), "%s,0.0.0.0/0,::/0",
                                 msg->add_conn.me.address);
+               ike.local = me;
        }
        if (msg->add_conn.other.allow_any)
        {
                snprintf(other, sizeof(other), "%s,0.0.0.0/0,::/0",
                                 msg->add_conn.other.address);
+               ike.remote = other;
+       }
+       if (ike.local_port == IKEV2_UDP_PORT)
+       {
+               ike.local_port = charon->socket->get_port(charon->socket, FALSE);
        }
-       ikeport = msg->add_conn.me.ikeport;
-       ikeport = (ikeport == IKEV2_UDP_PORT) ?
-                          charon->socket->get_port(charon->socket, FALSE) : ikeport;
-       ike_cfg = ike_cfg_create(msg->add_conn.version,
-                                                        msg->add_conn.other.sendcert != CERT_NEVER_SEND,
-                                                        msg->add_conn.force_encap,
-                                                        msg->add_conn.me.allow_any ?
-                                                               me : msg->add_conn.me.address,
-                                                        ikeport,
-                                                        msg->add_conn.other.allow_any ?
-                                                               other : msg->add_conn.other.address,
-                                                        msg->add_conn.other.ikeport,
-                                                        msg->add_conn.fragmentation,
-                                                        msg->add_conn.ikedscp);
+       ike_cfg = ike_cfg_create(&ike);
 
        if (!add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg,
                                           NULL, PROTO_IKE))
index 5654fc5..a66bb58 100644 (file)
@@ -121,12 +121,19 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
        peer_enumerator_t *this, va_list args)
 {
        char *name, *ike_proposal, *esp_proposal, *ike_rekey, *esp_rekey;
-       char *local_id, *local_addr, *local_net;
-       char *remote_id, *remote_addr, *remote_net;
+       char *local_id, *local_net, *remote_id, *remote_net;
        peer_cfg_t **cfg;
        child_cfg_t *child_cfg;
        ike_cfg_t *ike_cfg;
        auth_cfg_t *auth;
+       ike_cfg_create_t ike = {
+               .version = IKEV2,
+               .local = "0.0.0.0",
+               .local_port = charon->socket->get_port(charon->socket, FALSE),
+               .remote = "0.0.0.0",
+               .remote_port = IKEV2_UDP_PORT,
+               .no_certreq = TRUE,
+       };
        peer_cfg_create_t peer = {
                .cert_policy = CERT_SEND_IF_ASKED,
                .unique = UNIQUE_NO,
@@ -152,8 +159,6 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
        name = "unnamed";
        local_id = NULL;
        remote_id = NULL;
-       local_addr = "0.0.0.0";
-       remote_addr = "0.0.0.0";
        local_net = NULL;
        remote_net = NULL;
        ike_proposal = NULL;
@@ -162,14 +167,12 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
        esp_rekey = NULL;
 
        if (this->inner->enumerate(this->inner, &name, &local_id, &remote_id,
-                       &local_addr, &remote_addr, &local_net, &remote_net,
+                       &ike.local, &ike.remote, &local_net, &remote_net,
                        &ike_proposal, &esp_proposal, &ike_rekey, &esp_rekey))
        {
+
                DESTROY_IF(this->peer_cfg);
-               ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE, local_addr,
-                                                                charon->socket->get_port(charon->socket, FALSE),
-                                                                remote_addr, IKEV2_UDP_PORT,
-                                                                FRAGMENTATION_NO, 0);
+               ike_cfg = ike_cfg_create(&ike);
                ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE));
                peer.rekey_time = create_rekey(ike_rekey);
                this->peer_cfg = peer_cfg_create(name, ike_cfg, &peer);
@@ -248,23 +251,26 @@ METHOD(enumerator_t, ike_enumerator_enumerate, bool,
        ike_enumerator_t *this, va_list args)
 {
        ike_cfg_t **cfg;
-       char *local_addr, *remote_addr, *ike_proposal;
+       ike_cfg_create_t ike = {
+               .version = IKEV2,
+               .local = "0.0.0.0",
+               .local_port = charon->socket->get_port(charon->socket, FALSE),
+               .remote = "0.0.0.0",
+               .remote_port = IKEV2_UDP_PORT,
+               .no_certreq = TRUE,
+       };
+       char *ike_proposal;
 
        VA_ARGS_VGET(args, cfg);
 
        /* defaults */
-       local_addr = "0.0.0.0";
-       remote_addr = "0.0.0.0";
        ike_proposal = NULL;
 
        if (this->inner->enumerate(this->inner, NULL,
-                                                          &local_addr, &remote_addr, &ike_proposal))
+                                                          &ike.local, &ike.remote, &ike_proposal))
        {
                DESTROY_IF(this->ike_cfg);
-               this->ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE, local_addr,
-                                                               charon->socket->get_port(charon->socket, FALSE),
-                                                               remote_addr, IKEV2_UDP_PORT,
-                                                               FRAGMENTATION_NO, 0);
+               this->ike_cfg = ike_cfg_create(&ike);
                this->ike_cfg->add_proposal(this->ike_cfg,
                                                                        create_proposal(ike_proposal, PROTO_IKE));
 
index f86d5c9..59aadfd 100644 (file)
@@ -2382,6 +2382,7 @@ CALLBACK(config_sn, bool,
        enumerator_t *enumerator;
        peer_cfg_create_t cfg;
        peer_cfg_t *peer_cfg;
+       ike_cfg_create_t ike;
        ike_cfg_t *ike_cfg;
        child_cfg_t *child_cfg;
        auth_data_t *auth;
@@ -2509,10 +2510,18 @@ CALLBACK(config_sn, bool,
 
        log_peer_data(&peer);
 
-       ike_cfg = ike_cfg_create(peer.version, peer.send_certreq, peer.encap,
-                                               peer.local_addrs, peer.local_port,
-                                               peer.remote_addrs, peer.remote_port,
-                                               peer.fragmentation, peer.dscp);
+       ike = (ike_cfg_create_t){
+               .version = peer.version,
+               .local = peer.local_addrs,
+               .local_port = peer.local_port,
+               .remote = peer.remote_addrs,
+               .remote_port = peer.remote_port,
+               .no_certreq = !peer.send_certreq,
+               .force_encap = peer.encap,
+               .fragmentation = peer.fragmentation,
+               .dscp = peer.dscp,
+       };
+       ike_cfg = ike_cfg_create(&ike);
 
        cfg = (peer_cfg_create_t){
                .cert_policy = peer.send_cert,
index 9bbc064..ded0462 100644 (file)
 
 static void assert_family(int expected, char *addr, bool local)
 {
+       ike_cfg_create_t ike = {
+               .version = IKEV2,
+               .local = local ? addr : "%any",
+               .local_port = 500,
+               .remote = local ? "%any" : addr,
+               .remote_port = 500,
+       };
        ike_cfg_t *cfg;
        int family;
 
-       cfg = ike_cfg_create(IKEV2, FALSE, FALSE, local ? addr : "%any", 500,
-                                                local ? "%any" : addr, 500, FRAGMENTATION_NO, 0);
+       cfg = ike_cfg_create(&ike);
        family = ike_cfg_get_family(cfg, local);
        ck_assert_msg(expected == family, "expected family %d != %d (addr: '%s')",
                                  expected, family, addr);
index 02e38a3..94337e2 100644 (file)
  */
 static ike_cfg_t *create_ike_cfg()
 {
-       return ike_cfg_create(IKEV2, TRUE, FALSE, "127.0.0.1", 500,
-                                                 "127.0.0.1", 500, FRAGMENTATION_NO, 0);
+       ike_cfg_create_t ike = {
+               .version = IKEV2,
+               .local = "127.0.0.1",
+               .local_port = 500,
+               .remote = "127.0.0.1",
+               .remote_port = 500,
+       };
+       return ike_cfg_create(&ike);
 }
 
 /**
index bebf334..39f0d16 100644 (file)
@@ -85,11 +85,17 @@ exchange_test_helper_t *exchange_test_helper;
 
 static ike_cfg_t *create_ike_cfg(bool initiator, exchange_test_sa_conf_t *conf)
 {
+       ike_cfg_create_t ike = {
+               .version = IKEV2,
+               .local = "127.0.0.1",
+               .local_port = IKEV2_UDP_PORT,
+               .remote = "127.0.0.1",
+               .remote_port = IKEV2_UDP_PORT,
+       };
        ike_cfg_t *ike_cfg;
        char *proposal = NULL;
 
-       ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "127.0.0.1", IKEV2_UDP_PORT,
-                                                        "127.0.0.1", IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
+       ike_cfg = ike_cfg_create(&ike);
        if (conf)
        {
                proposal = initiator ? conf->initiator.ike : conf->responder.ike;