peer-cfg: add a pull/push mode option to use with mode config
authorMartin Willi <martin@revosec.ch>
Fri, 19 Jul 2013 12:24:04 +0000 (14:24 +0200)
committerMartin Willi <martin@revosec.ch>
Wed, 4 Sep 2013 08:33:37 +0000 (10:33 +0200)
15 files changed:
src/charon-cmd/cmd/cmd_connection.c
src/charon-nm/nm/nm_service.c
src/conftest/config.c
src/frontends/android/jni/libandroidbridge/backend/android_service.c
src/frontends/osx/charon-xpc/xpc_dispatch.c
src/libcharon/config/peer_cfg.c
src/libcharon/config/peer_cfg.h
src/libcharon/plugins/ha/ha_tunnel.c
src/libcharon/plugins/load_tester/load_tester_config.c
src/libcharon/plugins/maemo/maemo_service.c
src/libcharon/plugins/medcli/medcli_config.c
src/libcharon/plugins/medsrv/medsrv_config.c
src/libcharon/plugins/sql/sql_config.c
src/libcharon/plugins/stroke/stroke_config.c
src/libcharon/plugins/uci/uci_config.c

index 5c459f9..a697da8 100644 (file)
@@ -170,7 +170,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
                                        CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
                                        36000, 0, /* rekey 10h, reauth none */
                                        600, 600, /* jitter, over 10min */
-                                       TRUE, aggressive, /* mobike, aggressive */
+                                       TRUE, aggressive, TRUE, /* mobike, aggressive, pull */
                                        30, 0, /* DPD delay, timeout */
                                        FALSE, NULL, NULL); /* mediation */
        peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0));
index 901abd3..f97c11c 100644 (file)
@@ -536,7 +536,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
                                        CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
                                        36000, 0, /* rekey 10h, reauth none */
                                        600, 600, /* jitter, over 10min */
-                                       TRUE, FALSE, /* mobike, aggressive */
+                                       TRUE, FALSE, TRUE, /* mobike, aggressive, pull */
                                        0, 0, /* DPD delay, timeout */
                                        FALSE, NULL, NULL); /* mediation */
        if (virtual)
index 7f05e9c..1aa9310 100644 (file)
@@ -249,8 +249,8 @@ static peer_cfg_t *load_peer_config(private_config_t *this,
 
        ike_cfg = load_ike_config(this, settings, config);
        peer_cfg = peer_cfg_create(config, ike_cfg, CERT_ALWAYS_SEND,
-                                                          UNIQUE_NO, 1, 0, 0, 0, 0, FALSE, FALSE, 0, 0,
-                                                          FALSE, NULL, NULL);
+                                                          UNIQUE_NO, 1, 0, 0, 0, 0, FALSE, FALSE, TRUE,
+                                                          0, 0, FALSE, NULL, NULL);
 
        auth = auth_cfg_create();
        auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
index c35d348..59a4e14 100644 (file)
@@ -535,7 +535,7 @@ static job_requeue_t initiate(private_android_service_t *this)
                                                           UNIQUE_REPLACE, 0, /* keyingtries */
                                                           36000, 0, /* rekey 10h, reauth none */
                                                           600, 600, /* jitter, over 10min */
-                                                          TRUE, FALSE, /* mobike, aggressive */
+                                                          TRUE, FALSE, TRUE, /* mobike, aggressive, pull */
                                                           0, 0, /* DPD delay, timeout */
                                                           FALSE, NULL, NULL); /* mediation */
        peer_cfg->add_virtual_ip(peer_cfg, host_create_any(AF_INET));
index 0a5de15..0757e9b 100644 (file)
@@ -91,7 +91,7 @@ static peer_cfg_t* create_peer_cfg(char *name, char *host)
                                                           CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
                                                           36000, 0, /* rekey 10h, reauth none */
                                                           600, 600, /* jitter, over 10min */
-                                                          TRUE, FALSE, /* mobike, aggressive */
+                                                          TRUE, FALSE, TRUE, /* mobike, aggressive, pull */
                                                           30, 0, /* DPD delay, timeout */
                                                           FALSE, NULL, NULL); /* mediation */
        peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0));
index eb98319..d198503 100644 (file)
@@ -100,6 +100,11 @@ struct private_peer_cfg_t {
        bool aggressive;
 
        /**
+        * Use pull or push in mode config?
+        */
+       bool pull_mode;
+
+       /**
         * Time before starting rekeying
         */
        u_int32_t rekey_time;
@@ -390,6 +395,12 @@ METHOD(peer_cfg_t, use_aggressive, bool,
        return this->aggressive;
 }
 
+METHOD(peer_cfg_t, use_pull_mode, bool,
+       private_peer_cfg_t *this)
+{
+       return this->pull_mode;
+}
+
 METHOD(peer_cfg_t, get_dpd, u_int32_t,
        private_peer_cfg_t *this)
 {
@@ -588,6 +599,7 @@ METHOD(peer_cfg_t, equals, bool,
                this->over_time == other->over_time &&
                this->dpd == other->dpd &&
                this->aggressive == other->aggressive &&
+               this->pull_mode == other->pull_mode &&
                auth_cfg_equal(this, other)
 #ifdef ME
                && this->mediation == other->mediation &&
@@ -638,8 +650,8 @@ peer_cfg_t *peer_cfg_create(char *name,
                                                        unique_policy_t unique, u_int32_t keyingtries,
                                                        u_int32_t rekey_time, u_int32_t reauth_time,
                                                        u_int32_t jitter_time, u_int32_t over_time,
-                                                       bool mobike, bool aggressive, u_int32_t dpd,
-                                                       u_int32_t dpd_timeout,
+                                                       bool mobike, bool aggressive, bool pull_mode,
+                                                       u_int32_t dpd, u_int32_t dpd_timeout,
                                                        bool mediation, peer_cfg_t *mediated_by,
                                                        identification_t *peer_id)
 {
@@ -671,6 +683,7 @@ peer_cfg_t *peer_cfg_create(char *name,
                        .get_over_time = _get_over_time,
                        .use_mobike = _use_mobike,
                        .use_aggressive = _use_aggressive,
+                       .use_pull_mode = _use_pull_mode,
                        .get_dpd = _get_dpd,
                        .get_dpd_timeout = _get_dpd_timeout,
                        .add_virtual_ip = _add_virtual_ip,
@@ -701,6 +714,7 @@ peer_cfg_t *peer_cfg_create(char *name,
                .over_time = over_time,
                .use_mobike = mobike,
                .aggressive = aggressive,
+               .pull_mode = pull_mode,
                .dpd = dpd,
                .dpd_timeout = dpd_timeout,
                .vips = linked_list_create(),
index e62e03e..7e82b51 100644 (file)
@@ -248,6 +248,13 @@ struct peer_cfg_t {
        bool (*use_aggressive)(peer_cfg_t *this);
 
        /**
+        * Use pull or push mode for mode config?
+        *
+        * @return                      TRUE to use pull, FALSE to use push mode
+        */
+       bool (*use_pull_mode)(peer_cfg_t *this);
+
+       /**
         * Get the DPD check interval.
         *
         * @return                      dpd_delay in seconds
@@ -366,6 +373,7 @@ struct peer_cfg_t {
  * @param over_time                    maximum overtime before closing a rekeying/reauth SA
  * @param mobike                       use MOBIKE (RFC4555) if peer supports it
  * @param aggressive           use/accept aggressive mode with IKEv1
+ * @param pullmode                     TRUE to use modeconfig pull, FALSE for push
  * @param dpd                          DPD check interval, 0 to disable
  * @param dpd_timeout          DPD timeout interval (IKEv1 only), if 0 default applies
  * @param mediation                    TRUE if this is a mediation connection
@@ -378,8 +386,8 @@ peer_cfg_t *peer_cfg_create(char *name,
                                                        unique_policy_t unique, u_int32_t keyingtries,
                                                        u_int32_t rekey_time, u_int32_t reauth_time,
                                                        u_int32_t jitter_time, u_int32_t over_time,
-                                                       bool mobike, bool aggressive, u_int32_t dpd,
-                                                       u_int32_t dpd_timeout,
+                                                       bool mobike, bool aggressive, bool pull_mode,
+                                                       u_int32_t dpd, u_int32_t dpd_timeout,
                                                        bool mediation, peer_cfg_t *mediated_by,
                                                        identification_t *peer_id);
 
index 4e656e7..26d152c 100644 (file)
@@ -208,8 +208,8 @@ static void setup_tunnel(private_ha_tunnel_t *this,
                                                         remote, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        peer_cfg = peer_cfg_create("ha", ike_cfg, CERT_NEVER_SEND,
-                                               UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, FALSE, 30,
-                                               0, FALSE, NULL, NULL);
+                                               UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, FALSE,
+                                               TRUE, 30, 0, FALSE, NULL, NULL);
 
        auth_cfg = auth_cfg_create();
        auth_cfg->add(auth_cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
index ebadf44..26c9871 100644 (file)
@@ -561,7 +561,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
                                                           CERT_SEND_IF_ASKED, UNIQUE_NO, 1, /* keytries */
                                                           this->ike_rekey, 0, /* rekey, reauth */
                                                           0, this->ike_rekey, /* jitter, overtime */
-                                                          FALSE, FALSE, /* mobike, aggressive mode */
+                                                          FALSE, FALSE, TRUE, /* mobike, aggressive, pull */
                                                           this->dpd_delay,   /* dpd_delay */
                                                           this->dpd_timeout, /* dpd_timeout */
                                                           FALSE, NULL, NULL);
index d7539c2..f04bc5a 100644 (file)
@@ -334,7 +334,7 @@ static gboolean initiate_connection(private_maemo_service_t *this,
                                                           UNIQUE_REPLACE, 1, /* keyingtries */
                                                           36000, 0, /* rekey 10h, reauth none */
                                                           600, 600, /* jitter, over 10min */
-                                                          TRUE, FALSE, /* mobike, aggressive */
+                                                          TRUE, FALSE, TRUE, /* mobike, aggressive, pull */
                                                           0, 0, /* DPD delay, timeout */
                                                           FALSE, NULL, NULL); /* mediation */
        peer_cfg->add_virtual_ip(peer_cfg,  host_create_from_string("0.0.0.0", 0));
index 2bff703..e852e3f 100644 (file)
@@ -112,7 +112,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
                CERT_NEVER_SEND, UNIQUE_REPLACE,
                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                this->rekey*5, this->rekey*3,   /* jitter, overtime */
-               TRUE, FALSE,                                    /* mobike, aggressive */
+               TRUE, FALSE, TRUE,                              /* mobike, aggressive, pull */
                this->dpd, 0,                                   /* DPD delay, timeout */
                TRUE, NULL, NULL);                              /* mediation, med by, peer id */
        e->destroy(e);
@@ -149,7 +149,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
                CERT_NEVER_SEND, UNIQUE_REPLACE,
                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                this->rekey*5, this->rekey*3,   /* jitter, overtime */
-               TRUE, FALSE,                                    /* mobike, aggressive */
+               TRUE, FALSE, TRUE,                              /* mobike, aggressive, pull */
                this->dpd, 0,                                   /* DPD delay, timeout */
                FALSE, med_cfg,                                 /* mediation, med by */
                identification_create_from_encoding(ID_KEY_ID, other));
@@ -224,7 +224,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
                                CERT_NEVER_SEND, UNIQUE_REPLACE,
                                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                                this->rekey*5, this->rekey*3,   /* jitter, overtime */
-                               TRUE, FALSE,                                    /* mobike, aggressive */
+                               TRUE, FALSE, TRUE,                              /* mobike, aggressive, pull */
                                this->dpd, 0,                                   /* DPD delay, timeout */
                                FALSE, NULL, NULL);                             /* mediation, med by, peer id */
 
index 0633922..45487a9 100644 (file)
@@ -92,7 +92,7 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
                                CERT_NEVER_SEND, UNIQUE_REPLACE,
                                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                                this->rekey*5, this->rekey*3,   /* jitter, overtime */
-                               TRUE, FALSE,                                    /* mobike, aggressiv */
+                               TRUE, FALSE, TRUE,                              /* mobike, aggressive, pull */
                                this->dpd, 0,                                   /* DPD delay, timeout */
                                TRUE, NULL, NULL);                              /* mediation, med by, peer id */
                        e->destroy(e);
index c3471a0..e6b69a4 100644 (file)
@@ -374,7 +374,7 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e,
                        peer_cfg = peer_cfg_create(
                                        name, ike, cert_policy, uniqueid,
                                        keyingtries, rekeytime, reauthtime, jitter, overtime,
-                                       mobike, FALSE, dpd_delay, 0,
+                                       mobike, FALSE, TRUE, dpd_delay, 0,
                                        mediation, mediated_cfg, peer_id);
                        if (vip)
                        {
index 079e65f..facea5e 100644 (file)
@@ -731,6 +731,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
                msg->add_conn.me.sendcert, unique,
                msg->add_conn.rekey.tries, rekey, reauth, jitter, over,
                msg->add_conn.mobike, msg->add_conn.aggressive,
+               TRUE,
                msg->add_conn.dpd.delay, msg->add_conn.dpd.timeout,
                msg->add_conn.ikeme.mediation, mediated_by, peer_id);
 
index b58d120..040d8a8 100644 (file)
@@ -162,7 +162,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
                                        name, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO,
                                        1, create_rekey(ike_rekey), 0,  /* keytries, rekey, reauth */
                                        1800, 900,                                              /* jitter, overtime */
-                                       TRUE, FALSE,                            /* mobike, aggressive */
+                                       TRUE, FALSE, TRUE,                      /* mobike, aggressive, pull */
                                        60, 0,                                          /* DPD delay, timeout */
                                        FALSE, NULL, NULL);                     /* mediation, med by, peer id */
                auth = auth_cfg_create();