added config option for BEET mode
authorMartin Willi <martin@strongswan.org>
Wed, 3 Jan 2007 13:16:21 +0000 (13:16 -0000)
committerMartin Willi <martin@strongswan.org>
Wed, 3 Jan 2007 13:16:21 +0000 (13:16 -0000)
NEWS
src/pluto/constants.h
src/starter/confread.c
src/starter/starterstroke.c

diff --git a/NEWS b/NEWS
index 72dd428..a3e6b46 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -3,9 +3,11 @@ strongswan-4.0.6
 
 - IKEv2: Support for reauthentication when rekeying
 
+- IKEv2: Support for transport and (experimental!) BEET mode
+
 - fixed most (all?) bugs related to byte order
 
-- a lot of bugfixes
+- a lot of other bugfixes
 
 
 strongswan-4.0.5
index 3459a3b..57e9cf9 100644 (file)
@@ -845,6 +845,7 @@ extern const char *prettypolicy(lset_t policy);
 #define POLICY_XAUTH_RSASIG    LELEM(19)       /* do we support XAUTH????RSA? */
 #define POLICY_XAUTH_SERVER    LELEM(20)       /* are we an XAUTH server? */
 #define POLICY_DONT_REAUTH     LELEM(21)       /* don't reauthenticate on rekeying, IKEv2 only */
+#define POLICY_BEET            LELEM(22)       /* bound end2end tunnel, IKEv2 */
 
 /* Any IPsec policy?  If not, a connection description
  * is only for ISAKMP SA, not IPSEC SA.  (A pun, I admit.)
index cc2c981..03b2238 100644 (file)
@@ -388,6 +388,8 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
                        conn->policy &= ~(POLICY_TUNNEL | POLICY_SHUNT_MASK);
                        if (streq(kw->value, "tunnel"))
                                conn->policy |= POLICY_TUNNEL;
+                       else if (streq(kw->value, "beet"))
+                               conn->policy |= POLICY_BEET;
                        else if (streq(kw->value, "passthrough") || streq(kw->value, "pass"))
                                conn->policy |= POLICY_SHUNT_PASS;
                        else if (streq(kw->value, "drop"))
index dc81acf..9d4e0a1 100644 (file)
@@ -194,7 +194,18 @@ int starter_stroke_add_conn(starter_conn_t *conn)
        msg.add_conn.name = push_string(&msg, connection_name(conn));
        msg.add_conn.auth_method = (conn->policy & POLICY_PSK)?
                SHARED_KEY_MESSAGE_INTEGRITY_CODE : RSA_DIGITAL_SIGNATURE;
-       msg.add_conn.mode = (conn->policy & POLICY_TUNNEL) ? 1 : 0;
+       if (conn->policy & POLICY_TUNNEL)
+       {
+               msg.add_conn.mode = 1; /* XFRM_MODE_TRANSPORT */
+       }
+       else if (conn->policy & POLICY_BEET)
+       {
+               msg.add_conn.mode = 4; /* XFRM_MODE_BEET */
+       }
+       else
+       {
+               msg.add_conn.mode = 0; /* XFRM_MODE_TUNNEL */
+       }
  
        if (conn->policy & POLICY_DONT_REKEY)
        {