(no commit message)
authorMartin Willi <martin@strongswan.org>
Wed, 10 May 2006 08:02:49 +0000 (08:02 -0000)
committerMartin Willi <martin@strongswan.org>
Wed, 10 May 2006 08:02:49 +0000 (08:02 -0000)
295 files changed:
src/charon/Architecture.txt [new file with mode: 0644]
src/charon/Known-bugs.txt [new file with mode: 0644]
src/charon/Makefile.charon [new file with mode: 0644]
src/charon/Todo-list.txt [new file with mode: 0644]
src/charon/charon.kdevelop [deleted file]
src/charon/charon/Architecture.txt [deleted file]
src/charon/charon/Known-bugs.txt [deleted file]
src/charon/charon/Makefile.charon [deleted file]
src/charon/charon/Todo-list.txt [deleted file]
src/charon/charon/config/Makefile.config [deleted file]
src/charon/charon/config/configuration.c [deleted file]
src/charon/charon/config/configuration.h [deleted file]
src/charon/charon/config/connections/Makefile.connections [deleted file]
src/charon/charon/config/connections/connection.c [deleted file]
src/charon/charon/config/connections/connection.h [deleted file]
src/charon/charon/config/connections/connection_store.h [deleted file]
src/charon/charon/config/connections/local_connection_store.c [deleted file]
src/charon/charon/config/connections/local_connection_store.h [deleted file]
src/charon/charon/config/credentials/Makefile.credentials [deleted file]
src/charon/charon/config/credentials/credential_store.h [deleted file]
src/charon/charon/config/credentials/local_credential_store.c [deleted file]
src/charon/charon/config/credentials/local_credential_store.h [deleted file]
src/charon/charon/config/policies/Makefile.policies [deleted file]
src/charon/charon/config/policies/local_policy_store.c [deleted file]
src/charon/charon/config/policies/local_policy_store.h [deleted file]
src/charon/charon/config/policies/policy.c [deleted file]
src/charon/charon/config/policies/policy.h [deleted file]
src/charon/charon/config/policies/policy_store.h [deleted file]
src/charon/charon/config/proposal.c [deleted file]
src/charon/charon/config/proposal.h [deleted file]
src/charon/charon/config/traffic_selector.c [deleted file]
src/charon/charon/config/traffic_selector.h [deleted file]
src/charon/charon/daemon.c [deleted file]
src/charon/charon/daemon.h [deleted file]
src/charon/charon/encoding/Makefile.encoding [deleted file]
src/charon/charon/encoding/generator.c [deleted file]
src/charon/charon/encoding/generator.h [deleted file]
src/charon/charon/encoding/message.c [deleted file]
src/charon/charon/encoding/message.h [deleted file]
src/charon/charon/encoding/parser.c [deleted file]
src/charon/charon/encoding/parser.h [deleted file]
src/charon/charon/encoding/payloads/Makefile.payloads [deleted file]
src/charon/charon/encoding/payloads/auth_payload.c [deleted file]
src/charon/charon/encoding/payloads/auth_payload.h [deleted file]
src/charon/charon/encoding/payloads/cert_payload.c [deleted file]
src/charon/charon/encoding/payloads/cert_payload.h [deleted file]
src/charon/charon/encoding/payloads/certreq_payload.c [deleted file]
src/charon/charon/encoding/payloads/certreq_payload.h [deleted file]
src/charon/charon/encoding/payloads/configuration_attribute.c [deleted file]
src/charon/charon/encoding/payloads/configuration_attribute.h [deleted file]
src/charon/charon/encoding/payloads/cp_payload.c [deleted file]
src/charon/charon/encoding/payloads/cp_payload.h [deleted file]
src/charon/charon/encoding/payloads/delete_payload.c [deleted file]
src/charon/charon/encoding/payloads/delete_payload.h [deleted file]
src/charon/charon/encoding/payloads/eap_payload.c [deleted file]
src/charon/charon/encoding/payloads/eap_payload.h [deleted file]
src/charon/charon/encoding/payloads/encodings.c [deleted file]
src/charon/charon/encoding/payloads/encodings.h [deleted file]
src/charon/charon/encoding/payloads/encryption_payload.c [deleted file]
src/charon/charon/encoding/payloads/encryption_payload.h [deleted file]
src/charon/charon/encoding/payloads/id_payload.c [deleted file]
src/charon/charon/encoding/payloads/id_payload.h [deleted file]
src/charon/charon/encoding/payloads/ike_header.c [deleted file]
src/charon/charon/encoding/payloads/ike_header.h [deleted file]
src/charon/charon/encoding/payloads/ke_payload.c [deleted file]
src/charon/charon/encoding/payloads/ke_payload.h [deleted file]
src/charon/charon/encoding/payloads/nonce_payload.c [deleted file]
src/charon/charon/encoding/payloads/nonce_payload.h [deleted file]
src/charon/charon/encoding/payloads/notify_payload.c [deleted file]
src/charon/charon/encoding/payloads/notify_payload.h [deleted file]
src/charon/charon/encoding/payloads/payload.c [deleted file]
src/charon/charon/encoding/payloads/payload.h [deleted file]
src/charon/charon/encoding/payloads/proposal_substructure.c [deleted file]
src/charon/charon/encoding/payloads/proposal_substructure.h [deleted file]
src/charon/charon/encoding/payloads/sa_payload.c [deleted file]
src/charon/charon/encoding/payloads/sa_payload.h [deleted file]
src/charon/charon/encoding/payloads/traffic_selector_substructure.c [deleted file]
src/charon/charon/encoding/payloads/traffic_selector_substructure.h [deleted file]
src/charon/charon/encoding/payloads/transform_attribute.c [deleted file]
src/charon/charon/encoding/payloads/transform_attribute.h [deleted file]
src/charon/charon/encoding/payloads/transform_substructure.c [deleted file]
src/charon/charon/encoding/payloads/transform_substructure.h [deleted file]
src/charon/charon/encoding/payloads/ts_payload.c [deleted file]
src/charon/charon/encoding/payloads/ts_payload.h [deleted file]
src/charon/charon/encoding/payloads/unknown_payload.c [deleted file]
src/charon/charon/encoding/payloads/unknown_payload.h [deleted file]
src/charon/charon/encoding/payloads/vendor_id_payload.c [deleted file]
src/charon/charon/encoding/payloads/vendor_id_payload.h [deleted file]
src/charon/charon/network/Makefile.network [deleted file]
src/charon/charon/network/packet.c [deleted file]
src/charon/charon/network/packet.h [deleted file]
src/charon/charon/network/socket.c [deleted file]
src/charon/charon/network/socket.h [deleted file]
src/charon/charon/queues/Makefile.queues [deleted file]
src/charon/charon/queues/event_queue.c [deleted file]
src/charon/charon/queues/event_queue.h [deleted file]
src/charon/charon/queues/job_queue.c [deleted file]
src/charon/charon/queues/job_queue.h [deleted file]
src/charon/charon/queues/jobs/Makefile.jobs [deleted file]
src/charon/charon/queues/jobs/delete_established_ike_sa_job.c [deleted file]
src/charon/charon/queues/jobs/delete_established_ike_sa_job.h [deleted file]
src/charon/charon/queues/jobs/delete_half_open_ike_sa_job.c [deleted file]
src/charon/charon/queues/jobs/delete_half_open_ike_sa_job.h [deleted file]
src/charon/charon/queues/jobs/incoming_packet_job.c [deleted file]
src/charon/charon/queues/jobs/incoming_packet_job.h [deleted file]
src/charon/charon/queues/jobs/initiate_ike_sa_job.c [deleted file]
src/charon/charon/queues/jobs/initiate_ike_sa_job.h [deleted file]
src/charon/charon/queues/jobs/job.c [deleted file]
src/charon/charon/queues/jobs/job.h [deleted file]
src/charon/charon/queues/jobs/retransmit_request_job.c [deleted file]
src/charon/charon/queues/jobs/retransmit_request_job.h [deleted file]
src/charon/charon/queues/send_queue.c [deleted file]
src/charon/charon/queues/send_queue.h [deleted file]
src/charon/charon/sa/Makefile.sa [deleted file]
src/charon/charon/sa/authenticator.c [deleted file]
src/charon/charon/sa/authenticator.h [deleted file]
src/charon/charon/sa/child_sa.c [deleted file]
src/charon/charon/sa/child_sa.h [deleted file]
src/charon/charon/sa/ike_sa.c [deleted file]
src/charon/charon/sa/ike_sa.h [deleted file]
src/charon/charon/sa/ike_sa_id.c [deleted file]
src/charon/charon/sa/ike_sa_id.h [deleted file]
src/charon/charon/sa/ike_sa_manager.c [deleted file]
src/charon/charon/sa/ike_sa_manager.h [deleted file]
src/charon/charon/sa/states/Makefile.states [deleted file]
src/charon/charon/sa/states/ike_auth_requested.c [deleted file]
src/charon/charon/sa/states/ike_auth_requested.h [deleted file]
src/charon/charon/sa/states/ike_sa_established.c [deleted file]
src/charon/charon/sa/states/ike_sa_established.h [deleted file]
src/charon/charon/sa/states/ike_sa_init_requested.c [deleted file]
src/charon/charon/sa/states/ike_sa_init_requested.h [deleted file]
src/charon/charon/sa/states/ike_sa_init_responded.c [deleted file]
src/charon/charon/sa/states/ike_sa_init_responded.h [deleted file]
src/charon/charon/sa/states/initiator_init.c [deleted file]
src/charon/charon/sa/states/initiator_init.h [deleted file]
src/charon/charon/sa/states/responder_init.c [deleted file]
src/charon/charon/sa/states/responder_init.h [deleted file]
src/charon/charon/sa/states/state.c [deleted file]
src/charon/charon/sa/states/state.h [deleted file]
src/charon/charon/threads/Makefile.threads [deleted file]
src/charon/charon/threads/kernel_interface.c [deleted file]
src/charon/charon/threads/kernel_interface.h [deleted file]
src/charon/charon/threads/receiver.c [deleted file]
src/charon/charon/threads/receiver.h [deleted file]
src/charon/charon/threads/scheduler.c [deleted file]
src/charon/charon/threads/scheduler.h [deleted file]
src/charon/charon/threads/sender.c [deleted file]
src/charon/charon/threads/sender.h [deleted file]
src/charon/charon/threads/stroke_interface.c [deleted file]
src/charon/charon/threads/stroke_interface.h [deleted file]
src/charon/charon/threads/thread_pool.c [deleted file]
src/charon/charon/threads/thread_pool.h [deleted file]
src/charon/config/Makefile.config [new file with mode: 0644]
src/charon/config/configuration.c [new file with mode: 0755]
src/charon/config/configuration.h [new file with mode: 0755]
src/charon/config/connections/Makefile.connections [new file with mode: 0644]
src/charon/config/connections/connection.c [new file with mode: 0644]
src/charon/config/connections/connection.h [new file with mode: 0644]
src/charon/config/connections/connection_store.h [new file with mode: 0755]
src/charon/config/connections/local_connection_store.c [new file with mode: 0644]
src/charon/config/connections/local_connection_store.h [new file with mode: 0644]
src/charon/config/credentials/Makefile.credentials [new file with mode: 0644]
src/charon/config/credentials/credential_store.h [new file with mode: 0755]
src/charon/config/credentials/local_credential_store.c [new file with mode: 0644]
src/charon/config/credentials/local_credential_store.h [new file with mode: 0644]
src/charon/config/policies/Makefile.policies [new file with mode: 0644]
src/charon/config/policies/local_policy_store.c [new file with mode: 0644]
src/charon/config/policies/local_policy_store.h [new file with mode: 0644]
src/charon/config/policies/policy.c [new file with mode: 0644]
src/charon/config/policies/policy.h [new file with mode: 0644]
src/charon/config/policies/policy_store.h [new file with mode: 0755]
src/charon/config/proposal.c [new file with mode: 0644]
src/charon/config/proposal.h [new file with mode: 0644]
src/charon/config/traffic_selector.c [new file with mode: 0644]
src/charon/config/traffic_selector.h [new file with mode: 0644]
src/charon/daemon.c [new file with mode: 0644]
src/charon/daemon.h [new file with mode: 0644]
src/charon/encoding/Makefile.encoding [new file with mode: 0644]
src/charon/encoding/generator.c [new file with mode: 0644]
src/charon/encoding/generator.h [new file with mode: 0644]
src/charon/encoding/message.c [new file with mode: 0644]
src/charon/encoding/message.h [new file with mode: 0644]
src/charon/encoding/parser.c [new file with mode: 0644]
src/charon/encoding/parser.h [new file with mode: 0644]
src/charon/encoding/payloads/Makefile.payloads [new file with mode: 0644]
src/charon/encoding/payloads/auth_payload.c [new file with mode: 0644]
src/charon/encoding/payloads/auth_payload.h [new file with mode: 0644]
src/charon/encoding/payloads/cert_payload.c [new file with mode: 0644]
src/charon/encoding/payloads/cert_payload.h [new file with mode: 0644]
src/charon/encoding/payloads/certreq_payload.c [new file with mode: 0644]
src/charon/encoding/payloads/certreq_payload.h [new file with mode: 0644]
src/charon/encoding/payloads/configuration_attribute.c [new file with mode: 0644]
src/charon/encoding/payloads/configuration_attribute.h [new file with mode: 0644]
src/charon/encoding/payloads/cp_payload.c [new file with mode: 0644]
src/charon/encoding/payloads/cp_payload.h [new file with mode: 0644]
src/charon/encoding/payloads/delete_payload.c [new file with mode: 0644]
src/charon/encoding/payloads/delete_payload.h [new file with mode: 0644]
src/charon/encoding/payloads/eap_payload.c [new file with mode: 0644]
src/charon/encoding/payloads/eap_payload.h [new file with mode: 0644]
src/charon/encoding/payloads/encodings.c [new file with mode: 0644]
src/charon/encoding/payloads/encodings.h [new file with mode: 0644]
src/charon/encoding/payloads/encryption_payload.c [new file with mode: 0644]
src/charon/encoding/payloads/encryption_payload.h [new file with mode: 0644]
src/charon/encoding/payloads/id_payload.c [new file with mode: 0644]
src/charon/encoding/payloads/id_payload.h [new file with mode: 0644]
src/charon/encoding/payloads/ike_header.c [new file with mode: 0644]
src/charon/encoding/payloads/ike_header.h [new file with mode: 0644]
src/charon/encoding/payloads/ke_payload.c [new file with mode: 0644]
src/charon/encoding/payloads/ke_payload.h [new file with mode: 0644]
src/charon/encoding/payloads/nonce_payload.c [new file with mode: 0644]
src/charon/encoding/payloads/nonce_payload.h [new file with mode: 0644]
src/charon/encoding/payloads/notify_payload.c [new file with mode: 0644]
src/charon/encoding/payloads/notify_payload.h [new file with mode: 0644]
src/charon/encoding/payloads/payload.c [new file with mode: 0644]
src/charon/encoding/payloads/payload.h [new file with mode: 0644]
src/charon/encoding/payloads/proposal_substructure.c [new file with mode: 0644]
src/charon/encoding/payloads/proposal_substructure.h [new file with mode: 0644]
src/charon/encoding/payloads/sa_payload.c [new file with mode: 0644]
src/charon/encoding/payloads/sa_payload.h [new file with mode: 0644]
src/charon/encoding/payloads/traffic_selector_substructure.c [new file with mode: 0644]
src/charon/encoding/payloads/traffic_selector_substructure.h [new file with mode: 0644]
src/charon/encoding/payloads/transform_attribute.c [new file with mode: 0644]
src/charon/encoding/payloads/transform_attribute.h [new file with mode: 0644]
src/charon/encoding/payloads/transform_substructure.c [new file with mode: 0644]
src/charon/encoding/payloads/transform_substructure.h [new file with mode: 0644]
src/charon/encoding/payloads/ts_payload.c [new file with mode: 0644]
src/charon/encoding/payloads/ts_payload.h [new file with mode: 0644]
src/charon/encoding/payloads/unknown_payload.c [new file with mode: 0644]
src/charon/encoding/payloads/unknown_payload.h [new file with mode: 0644]
src/charon/encoding/payloads/vendor_id_payload.c [new file with mode: 0644]
src/charon/encoding/payloads/vendor_id_payload.h [new file with mode: 0644]
src/charon/network/Makefile.network [new file with mode: 0644]
src/charon/network/packet.c [new file with mode: 0644]
src/charon/network/packet.h [new file with mode: 0644]
src/charon/network/socket.c [new file with mode: 0644]
src/charon/network/socket.h [new file with mode: 0644]
src/charon/queues/Makefile.queues [new file with mode: 0644]
src/charon/queues/event_queue.c [new file with mode: 0644]
src/charon/queues/event_queue.h [new file with mode: 0644]
src/charon/queues/job_queue.c [new file with mode: 0644]
src/charon/queues/job_queue.h [new file with mode: 0644]
src/charon/queues/jobs/Makefile.jobs [new file with mode: 0644]
src/charon/queues/jobs/delete_established_ike_sa_job.c [new file with mode: 0644]
src/charon/queues/jobs/delete_established_ike_sa_job.h [new file with mode: 0644]
src/charon/queues/jobs/delete_half_open_ike_sa_job.c [new file with mode: 0644]
src/charon/queues/jobs/delete_half_open_ike_sa_job.h [new file with mode: 0644]
src/charon/queues/jobs/incoming_packet_job.c [new file with mode: 0644]
src/charon/queues/jobs/incoming_packet_job.h [new file with mode: 0644]
src/charon/queues/jobs/initiate_ike_sa_job.c [new file with mode: 0644]
src/charon/queues/jobs/initiate_ike_sa_job.h [new file with mode: 0644]
src/charon/queues/jobs/job.c [new file with mode: 0644]
src/charon/queues/jobs/job.h [new file with mode: 0644]
src/charon/queues/jobs/retransmit_request_job.c [new file with mode: 0644]
src/charon/queues/jobs/retransmit_request_job.h [new file with mode: 0644]
src/charon/queues/send_queue.c [new file with mode: 0644]
src/charon/queues/send_queue.h [new file with mode: 0644]
src/charon/sa/Makefile.sa [new file with mode: 0644]
src/charon/sa/authenticator.c [new file with mode: 0644]
src/charon/sa/authenticator.h [new file with mode: 0644]
src/charon/sa/child_sa.c [new file with mode: 0644]
src/charon/sa/child_sa.h [new file with mode: 0644]
src/charon/sa/ike_sa.c [new file with mode: 0644]
src/charon/sa/ike_sa.h [new file with mode: 0644]
src/charon/sa/ike_sa_id.c [new file with mode: 0644]
src/charon/sa/ike_sa_id.h [new file with mode: 0644]
src/charon/sa/ike_sa_manager.c [new file with mode: 0644]
src/charon/sa/ike_sa_manager.h [new file with mode: 0644]
src/charon/sa/states/Makefile.states [new file with mode: 0644]
src/charon/sa/states/ike_auth_requested.c [new file with mode: 0644]
src/charon/sa/states/ike_auth_requested.h [new file with mode: 0644]
src/charon/sa/states/ike_sa_established.c [new file with mode: 0644]
src/charon/sa/states/ike_sa_established.h [new file with mode: 0644]
src/charon/sa/states/ike_sa_init_requested.c [new file with mode: 0644]
src/charon/sa/states/ike_sa_init_requested.h [new file with mode: 0644]
src/charon/sa/states/ike_sa_init_responded.c [new file with mode: 0644]
src/charon/sa/states/ike_sa_init_responded.h [new file with mode: 0644]
src/charon/sa/states/initiator_init.c [new file with mode: 0644]
src/charon/sa/states/initiator_init.h [new file with mode: 0644]
src/charon/sa/states/responder_init.c [new file with mode: 0644]
src/charon/sa/states/responder_init.h [new file with mode: 0644]
src/charon/sa/states/state.c [new file with mode: 0644]
src/charon/sa/states/state.h [new file with mode: 0644]
src/charon/threads/Makefile.threads [new file with mode: 0644]
src/charon/threads/kernel_interface.c [new file with mode: 0644]
src/charon/threads/kernel_interface.h [new file with mode: 0644]
src/charon/threads/receiver.c [new file with mode: 0644]
src/charon/threads/receiver.h [new file with mode: 0644]
src/charon/threads/scheduler.c [new file with mode: 0644]
src/charon/threads/scheduler.h [new file with mode: 0644]
src/charon/threads/sender.c [new file with mode: 0644]
src/charon/threads/sender.h [new file with mode: 0644]
src/charon/threads/stroke_interface.c [new file with mode: 0755]
src/charon/threads/stroke_interface.h [new file with mode: 0644]
src/charon/threads/thread_pool.c [new file with mode: 0644]
src/charon/threads/thread_pool.h [new file with mode: 0644]

diff --git a/src/charon/Architecture.txt b/src/charon/Architecture.txt
new file mode 100644 (file)
index 0000000..14b9927
--- /dev/null
@@ -0,0 +1,56 @@
+/** @mainpage
+
+@section design strongSwans overall design
+
+IKEv1 and IKEv2 is handled in different keying daemons. The ole IKEv1 stuff is
+completely handled in pluto, as it was all the times. IKEv2 is handled in the
+new keying daemon, which is called #charon. 
+Daemon control is done over unix sockets. Pluto uses whack, as it did for years.
+Charon uses another socket interface, called stroke. Stroke uses another
+format as whack and therefore is not compatible to whack. The starter utility,
+wich does fast configuration parsing, speaks both the protocols, whack and
+stroke. It also handles daemon startup and termination. 
+Pluto uses starter for some commands, for other it uses the whack utility. To be
+as close to pluto as possible, charon has the same split up of commands to
+starter and stroke. All commands are wrapped together in the ipsec script, which
+allows transparent control of both daemons.
+@verbatim
+
+         +-----------------------------------------+
+         |                  ipsec                  |
+         +-----+--------------+---------------+----+
+               |              |               |
+               |              |               |
+               |        +-----+-----+         |
+         +-----+----+   |           |   +-----+----+
+         |          |   |  starter  |   |          |
+         |  stroke  |   |           |   |   whack  |
+         |          |   +---+--+----+   |          |
+         +------+---+       |  |        +--+-------+
+                |           |  |           |
+            +---+------+    |  |    +------+--+
+            |          |    |  |    |         |
+            |  charon  +----+  +----+  pluto  |
+            |          |            |         |
+            +-----+----+            +----+----+
+                  |                      |
+            +-----+----+                 |
+            |    LSF   |                 |
+            +-----+----+                 |
+                  |                      |
+            +-----+----+            +----+----+
+            | RAW Sock |            | UDP/500 |
+            +----------+            +---------+
+
+@endverbatim
+Since IKEv2 uses the same port as IKEv1, both daemons must listen to UDP port
+500. Under Linux, there is no clean way to set up two sockets at the same port.
+To reslove this problem, charon uses a RAW socket, as they are used in network
+sniffers. An installed Linux Socket Filter (LSF) filters out all none-IKEv2
+traffic. Pluto receives any IKE message, independant of charons behavior.
+Therefore plutos behavior is changed to discard any IKEv2 traffic silently.
+
+To gain some reusability of the code, generic crypto and utility functions are 
+separeted in a shared library, libstrongswan.
+
+*/
\ No newline at end of file
diff --git a/src/charon/Known-bugs.txt b/src/charon/Known-bugs.txt
new file mode 100644 (file)
index 0000000..7fdf258
--- /dev/null
@@ -0,0 +1,7 @@
+ Known bugs in charon
+======================
+
+- intiating the same connection twice makes trouble
+- leak_detective gets confused from libpthread (invalid frees)
+- installing to many SAs in the kernel at the same time causes troubles. Threading issue?
+
diff --git a/src/charon/Makefile.charon b/src/charon/Makefile.charon
new file mode 100644 (file)
index 0000000..336495d
--- /dev/null
@@ -0,0 +1,25 @@
+# Copyright (C) 2006 Martin Willi
+# Hochschule fuer Technik Rapperswil
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# for more details.
+#
+CHARON_DIR= $(MAIN_DIR)charon/
+
+$(BUILD_DIR)daemon.o :                 $(CHARON_DIR)daemon.c $(CHARON_DIR)daemon.h
+                                                               $(CC) $(CFLAGS) -c -o $@ $<
+
+
+include $(CHARON_DIR)network/Makefile.network
+include $(CHARON_DIR)config/Makefile.config
+include $(CHARON_DIR)encoding/Makefile.encoding
+include $(CHARON_DIR)queues/Makefile.queues
+include $(CHARON_DIR)sa/Makefile.sa
+include $(CHARON_DIR)threads/Makefile.threads
\ No newline at end of file
diff --git a/src/charon/Todo-list.txt b/src/charon/Todo-list.txt
new file mode 100644 (file)
index 0000000..7bff26d
--- /dev/null
@@ -0,0 +1,57 @@
+ Todo-List for charon
+======================
+
++ = done, / = partial, - = todo, ordered by priority
+
+
++ private key loading: der, without passphrase
++ load all private keys from ipsec.d/private/ in stroke.c
++ handle leftcert and rightcert in starterstroke.c/stroke.c
++ load specified certs in stroke.c
++ extract public keys from certs
++ public key authentication
++ release for Andreas
+
++ stroke loglevels
++ stroke up
++ ike_sa_manager checkout_by_hosts
++ stroke down
++ stroke output redirection
++ stroke status
+
++ libx509
+  + new charon build - libstrong?
+    + transforms
+    + utils (plus host)
+    + logger_manager instance in lib
+    + leak detective usable for charon and pluto and anything else
+  + integrate asn1 parser/oid (asn1/oid)
+  + integrate basic PEM loading
+  + port x509 stuff
+
++ doxygen cleanup (charon/lib)
+
+/ useable certificate support
+  + more id types (use atodn from pluto)
+  + rewrite certificate storage the clean way
+  - further subjectAltName support
+  - certificate validation/chaining
+  - certificate exchange
+
++ Apply -W's from Makefile.program to charon
+- do ipsec status via starter
+- add more output to to up/down, somehow...
+
+- stroke status should show configured connections
+- stroke loglevel update
+- stroke argument parsing via getopts/gperf?
+
+- implement 3DES to load encrypted pem files
+- ipsec.secrets parsing
+
+- trapping
+- delete notify, when to send?
+- notifys on connection setup failure
+- create child sa message/rekeying
+
+- new build environment (autotools?)
diff --git a/src/charon/charon.kdevelop b/src/charon/charon.kdevelop
deleted file mode 100644 (file)
index 270e815..0000000
+++ /dev/null
@@ -1,105 +0,0 @@
-<?xml version = '1.0'?>
-<kdevelop>
-  <general>
-    <author>Martin Willi</author>
-    <email>martin@strongswan.org</email>
-    <version>$VERSION$</version>
-    <projectmanagement>KDevCustomProject</projectmanagement>
-    <primarylanguage>C</primarylanguage>
-    <ignoreparts/>
-  </general>
-  <kdevcustomproject>
-    <run>
-      <mainprogram>Source</mainprogram>
-      <directoryradio>executable</directoryradio>
-    </run>
-    <general>
-      <activedir/>
-    </general>
-  </kdevcustomproject>
-  <kdevdebugger>
-    <general>
-      <dbgshell/>
-    </general>
-  </kdevdebugger>
-  <kdevdoctreeview>
-    <ignoretocs>
-      <toc>ada</toc>
-      <toc>ada_bugs_gcc</toc>
-      <toc>bash</toc>
-      <toc>bash_bugs</toc>
-      <toc>clanlib</toc>
-      <toc>fortran_bugs_gcc</toc>
-      <toc>gnome1</toc>
-      <toc>gnustep</toc>
-      <toc>gtk</toc>
-      <toc>gtk_bugs</toc>
-      <toc>haskell</toc>
-      <toc>haskell_bugs_ghc</toc>
-      <toc>java_bugs_gcc</toc>
-      <toc>java_bugs_sun</toc>
-      <toc>kde2book</toc>
-      <toc>libstdc++</toc>
-      <toc>opengl</toc>
-      <toc>pascal_bugs_fp</toc>
-      <toc>php</toc>
-      <toc>php_bugs</toc>
-      <toc>perl</toc>
-      <toc>perl_bugs</toc>
-      <toc>python</toc>
-      <toc>python_bugs</toc>
-      <toc>qt-kdev3</toc>
-      <toc>ruby</toc>
-      <toc>ruby_bugs</toc>
-      <toc>sdl</toc>
-      <toc>stl</toc>
-      <toc>sw</toc>
-      <toc>w3c-dom-level2-html</toc>
-      <toc>w3c-svg</toc>
-      <toc>w3c-uaag10</toc>
-      <toc>wxwidgets_bugs</toc>
-    </ignoretocs>
-    <ignoreqt_xml>
-      <toc>Guide to the Qt Translation Tools</toc>
-      <toc>Qt Assistant Manual</toc>
-      <toc>Qt Designer Manual</toc>
-      <toc>Qt Reference Documentation</toc>
-      <toc>qmake User Guide</toc>
-    </ignoreqt_xml>
-    <ignoredoxygen>
-      <toc>KDE Libraries (Doxygen)</toc>
-    </ignoredoxygen>
-  </kdevdoctreeview>
-  <kdevfilecreate>
-    <filetypes/>
-    <useglobaltypes>
-      <type ext="c" />
-      <type ext="h" />
-    </useglobaltypes>
-  </kdevfilecreate>
-  <kdevcppsupport>
-    <references/>
-    <codecompletion>
-      <includeGlobalFunctions>true</includeGlobalFunctions>
-      <includeTypes>true</includeTypes>
-      <includeEnums>true</includeEnums>
-      <includeTypedefs>false</includeTypedefs>
-      <automaticCodeCompletion>true</automaticCodeCompletion>
-      <automaticArgumentsHint>true</automaticArgumentsHint>
-      <automaticHeaderCompletion>true</automaticHeaderCompletion>
-      <codeCompletionDelay>250</codeCompletionDelay>
-      <argumentsHintDelay>400</argumentsHintDelay>
-      <headerCompletionDelay>250</headerCompletionDelay>
-    </codecompletion>
-  </kdevcppsupport>
-  <kdevfileview>
-    <groups>
-      <hidenonprojectfiles>false</hidenonprojectfiles>
-      <hidenonlocation>false</hidenonlocation>
-    </groups>
-    <tree>
-      <hidepatterns>*.o,*.lo,CVS</hidepatterns>
-      <hidenonprojectfiles>false</hidenonprojectfiles>
-    </tree>
-  </kdevfileview>
-</kdevelop>
diff --git a/src/charon/charon/Architecture.txt b/src/charon/charon/Architecture.txt
deleted file mode 100644 (file)
index 14b9927..0000000
+++ /dev/null
@@ -1,56 +0,0 @@
-/** @mainpage
-
-@section design strongSwans overall design
-
-IKEv1 and IKEv2 is handled in different keying daemons. The ole IKEv1 stuff is
-completely handled in pluto, as it was all the times. IKEv2 is handled in the
-new keying daemon, which is called #charon. 
-Daemon control is done over unix sockets. Pluto uses whack, as it did for years.
-Charon uses another socket interface, called stroke. Stroke uses another
-format as whack and therefore is not compatible to whack. The starter utility,
-wich does fast configuration parsing, speaks both the protocols, whack and
-stroke. It also handles daemon startup and termination. 
-Pluto uses starter for some commands, for other it uses the whack utility. To be
-as close to pluto as possible, charon has the same split up of commands to
-starter and stroke. All commands are wrapped together in the ipsec script, which
-allows transparent control of both daemons.
-@verbatim
-
-         +-----------------------------------------+
-         |                  ipsec                  |
-         +-----+--------------+---------------+----+
-               |              |               |
-               |              |               |
-               |        +-----+-----+         |
-         +-----+----+   |           |   +-----+----+
-         |          |   |  starter  |   |          |
-         |  stroke  |   |           |   |   whack  |
-         |          |   +---+--+----+   |          |
-         +------+---+       |  |        +--+-------+
-                |           |  |           |
-            +---+------+    |  |    +------+--+
-            |          |    |  |    |         |
-            |  charon  +----+  +----+  pluto  |
-            |          |            |         |
-            +-----+----+            +----+----+
-                  |                      |
-            +-----+----+                 |
-            |    LSF   |                 |
-            +-----+----+                 |
-                  |                      |
-            +-----+----+            +----+----+
-            | RAW Sock |            | UDP/500 |
-            +----------+            +---------+
-
-@endverbatim
-Since IKEv2 uses the same port as IKEv1, both daemons must listen to UDP port
-500. Under Linux, there is no clean way to set up two sockets at the same port.
-To reslove this problem, charon uses a RAW socket, as they are used in network
-sniffers. An installed Linux Socket Filter (LSF) filters out all none-IKEv2
-traffic. Pluto receives any IKE message, independant of charons behavior.
-Therefore plutos behavior is changed to discard any IKEv2 traffic silently.
-
-To gain some reusability of the code, generic crypto and utility functions are 
-separeted in a shared library, libstrongswan.
-
-*/
\ No newline at end of file
diff --git a/src/charon/charon/Known-bugs.txt b/src/charon/charon/Known-bugs.txt
deleted file mode 100644 (file)
index 7fdf258..0000000
+++ /dev/null
@@ -1,7 +0,0 @@
- Known bugs in charon
-======================
-
-- intiating the same connection twice makes trouble
-- leak_detective gets confused from libpthread (invalid frees)
-- installing to many SAs in the kernel at the same time causes troubles. Threading issue?
-
diff --git a/src/charon/charon/Makefile.charon b/src/charon/charon/Makefile.charon
deleted file mode 100644 (file)
index 336495d..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-# Copyright (C) 2006 Martin Willi
-# Hochschule fuer Technik Rapperswil
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-#
-CHARON_DIR= $(MAIN_DIR)charon/
-
-$(BUILD_DIR)daemon.o :                 $(CHARON_DIR)daemon.c $(CHARON_DIR)daemon.h
-                                                               $(CC) $(CFLAGS) -c -o $@ $<
-
-
-include $(CHARON_DIR)network/Makefile.network
-include $(CHARON_DIR)config/Makefile.config
-include $(CHARON_DIR)encoding/Makefile.encoding
-include $(CHARON_DIR)queues/Makefile.queues
-include $(CHARON_DIR)sa/Makefile.sa
-include $(CHARON_DIR)threads/Makefile.threads
\ No newline at end of file
diff --git a/src/charon/charon/Todo-list.txt b/src/charon/charon/Todo-list.txt
deleted file mode 100644 (file)
index 7bff26d..0000000
+++ /dev/null
@@ -1,57 +0,0 @@
- Todo-List for charon
-======================
-
-+ = done, / = partial, - = todo, ordered by priority
-
-
-+ private key loading: der, without passphrase
-+ load all private keys from ipsec.d/private/ in stroke.c
-+ handle leftcert and rightcert in starterstroke.c/stroke.c
-+ load specified certs in stroke.c
-+ extract public keys from certs
-+ public key authentication
-+ release for Andreas
-
-+ stroke loglevels
-+ stroke up
-+ ike_sa_manager checkout_by_hosts
-+ stroke down
-+ stroke output redirection
-+ stroke status
-
-+ libx509
-  + new charon build - libstrong?
-    + transforms
-    + utils (plus host)
-    + logger_manager instance in lib
-    + leak detective usable for charon and pluto and anything else
-  + integrate asn1 parser/oid (asn1/oid)
-  + integrate basic PEM loading
-  + port x509 stuff
-
-+ doxygen cleanup (charon/lib)
-
-/ useable certificate support
-  + more id types (use atodn from pluto)
-  + rewrite certificate storage the clean way
-  - further subjectAltName support
-  - certificate validation/chaining
-  - certificate exchange
-
-+ Apply -W's from Makefile.program to charon
-- do ipsec status via starter
-- add more output to to up/down, somehow...
-
-- stroke status should show configured connections
-- stroke loglevel update
-- stroke argument parsing via getopts/gperf?
-
-- implement 3DES to load encrypted pem files
-- ipsec.secrets parsing
-
-- trapping
-- delete notify, when to send?
-- notifys on connection setup failure
-- create child sa message/rekeying
-
-- new build environment (autotools?)
diff --git a/src/charon/charon/config/Makefile.config b/src/charon/charon/config/Makefile.config
deleted file mode 100644 (file)
index d4638b3..0000000
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright (C) 2005 Jan Hutter, Martin Willi
-# Hochschule fuer Technik Rapperswil
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-#
-
-CONFIG_DIR= $(CHARON_DIR)config/
-
-
-CHARON_OBJS+= $(BUILD_DIR)traffic_selector.o
-$(BUILD_DIR)traffic_selector.o :                       $(CONFIG_DIR)traffic_selector.c $(CONFIG_DIR)traffic_selector.h
-                                                                                       $(CC) $(CFLAGS) -c -o $@ $<
-
-CHARON_OBJS+= $(BUILD_DIR)proposal.o
-$(BUILD_DIR)proposal.o :                                       $(CONFIG_DIR)proposal.c $(CONFIG_DIR)proposal.h
-                                                                                       $(CC) $(CFLAGS) -c -o $@ $<
-
-CHARON_OBJS+= $(BUILD_DIR)configuration.o
-$(BUILD_DIR)configuration.o :                          $(CONFIG_DIR)configuration.c $(CONFIG_DIR)configuration.h
-                                                                                       $(CC) $(CFLAGS) -c -o $@ $<
-
-include $(CONFIG_DIR)connections/Makefile.connections
-include $(CONFIG_DIR)credentials/Makefile.credentials
-include $(CONFIG_DIR)policies/Makefile.policies
\ No newline at end of file
diff --git a/src/charon/charon/config/configuration.c b/src/charon/charon/config/configuration.c
deleted file mode 100755 (executable)
index eac1bd4..0000000
+++ /dev/null
@@ -1,112 +0,0 @@
-/**
- * @file configuration.c
- * 
- * @brief Implementation of configuration_t.
- * 
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <stdlib.h>
-
-#include "configuration.h"
-
-#include <types.h>
-
-/**
- * First retransmit timeout in milliseconds.
- * Timeout value is increasing in each retransmit round.
- */
-#define RETRANSMIT_TIMEOUT 3000
-
-/**
- * Timeout in milliseconds after that a half open IKE_SA gets deleted.
- */
-#define HALF_OPEN_IKE_SA_TIMEOUT 30000
-
-/**
- * Max retransmit count.
- * 0 for infinite. The max time a half open IKE_SA is alive is set by 
- * RETRANSMIT_TIMEOUT.
- */
-#define MAX_RETRANSMIT_COUNT 0
-
-
-typedef struct private_configuration_t private_configuration_t;
-
-/**
- * Private data of an configuration_t object.
- */
-struct private_configuration_t {
-
-       /**
-        * Public part of configuration_t object.
-        */
-       configuration_t public;
-
-};
-
-/**
- * Implementation of configuration_t.get_retransmit_timeout.
- */
-static status_t get_retransmit_timeout (private_configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout)
-{
-       int new_timeout = RETRANSMIT_TIMEOUT, i;
-       if (retransmit_count > MAX_RETRANSMIT_COUNT && MAX_RETRANSMIT_COUNT != 0)
-       {
-               return FAILED;
-       }
-       
-       for (i = 0; i < retransmit_count; i++)
-       {
-               new_timeout *= 2;
-       }
-       
-       *timeout = new_timeout;
-       
-       return SUCCESS;
-}
-
-/**
- * Implementation of configuration_t.get_half_open_ike_sa_timeout.
- */
-static u_int32_t get_half_open_ike_sa_timeout (private_configuration_t *this)
-{
-       return HALF_OPEN_IKE_SA_TIMEOUT;
-}
-
-/**
- * Implementation of configuration_t.destroy.
- */
-static void destroy(private_configuration_t *this)
-{
-       free(this);
-}
-
-/*
- * Described in header-file
- */
-configuration_t *configuration_create()
-{
-       private_configuration_t *this = malloc_thing(private_configuration_t);
-       
-       /* public functions */
-       this->public.destroy = (void(*)(configuration_t*))destroy;
-       this->public.get_retransmit_timeout = (status_t (*) (configuration_t *, u_int32_t retransmit_count, u_int32_t *timeout))get_retransmit_timeout;
-       this->public.get_half_open_ike_sa_timeout = (u_int32_t (*) (configuration_t *)) get_half_open_ike_sa_timeout;
-       
-       return (&this->public);
-}
diff --git a/src/charon/charon/config/configuration.h b/src/charon/charon/config/configuration.h
deleted file mode 100755 (executable)
index 3696215..0000000
+++ /dev/null
@@ -1,89 +0,0 @@
-/**
- * @file configuration.h
- * 
- * @brief Interface configuration_t.
- *  
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef CONFIGURATION_H_
-#define CONFIGURATION_H_
-
-#include <types.h>
-
-
-typedef struct configuration_t configuration_t;
-
-/**
- * @brief The interface for various daemon related configs.
- * 
- * @b Constructors:
- *     - configuration_create()
- * 
- * @ingroup config
- */
-struct configuration_t { 
-
-       /**
-        * @brief Returns the retransmit timeout.
-        * 
-        * The timeout values are managed by the configuration, so 
-        * another backoff algorithm may be implemented here.
-        * 
-        * @param this                          calling object
-        * @param retransmit_count      number of times a message was retransmitted so far
-        * @param[out] timeout          the new retransmit timeout in milliseconds
-        * 
-        * @return              
-        *                                                      - FAILED, if the message should not be retransmitted
-        *                                                      - SUCCESS
-        */
-       status_t (*get_retransmit_timeout) (configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout);
-       
-       /**
-        * @brief Returns the timeout for an half open IKE_SA in ms.
-        * 
-        * Half open means that the IKE_SA is still in one of the following states:
-        *  - INITIATOR_INIT
-        *  - RESPONDER_INIT
-        *  - IKE_SA_INIT_REQUESTED
-        *  - IKE_SA_INIT_RESPONDED
-        *  - IKE_AUTH_REQUESTED
-        * 
-        * @param this                          calling object
-        * @return                                      timeout in milliseconds (ms)
-        */     
-       u_int32_t (*get_half_open_ike_sa_timeout) (configuration_t *this);
-
-       /**
-        * @brief Destroys a configuration_t object.
-        * 
-        * @param this                                  calling object
-        */
-       void (*destroy) (configuration_t *this);
-};
-
-/**
- * @brief Creates a configuration backend.
- * 
- * @return static_configuration_t object
- * 
- * @ingroup config
- */
-configuration_t *configuration_create(void);
-
-#endif /*CONFIGURATION_H_*/
diff --git a/src/charon/charon/config/connections/Makefile.connections b/src/charon/charon/config/connections/Makefile.connections
deleted file mode 100644 (file)
index 8fbc983..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# Copyright (C) 2006 Martin Willi
-# Hochschule fuer Technik Rapperswil
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-#
-
-CONNECTIONS_DIR= $(CONFIG_DIR)connections/
-
-
-CHARON_OBJS+= $(BUILD_DIR)connection.o
-$(BUILD_DIR)connection.o :                             $(CONNECTIONS_DIR)connection.c $(CONNECTIONS_DIR)connection.h
-                                                                               $(CC) $(CFLAGS) -c -o $@ $<
-
-CHARON_OBJS+= $(BUILD_DIR)local_connection_store.o
-$(BUILD_DIR)local_connection_store.o : $(CONNECTIONS_DIR)local_connection_store.c $(CONNECTIONS_DIR)local_connection_store.h
-                                                                               $(CC) $(CFLAGS) -c -o $@ $<
\ No newline at end of file
diff --git a/src/charon/charon/config/connections/connection.c b/src/charon/charon/config/connections/connection.c
deleted file mode 100644 (file)
index 74e6762..0000000
+++ /dev/null
@@ -1,367 +0,0 @@
-/**
- * @file connection.c
- * 
- * @brief Implementation of connection_t.
- *  
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <string.h>
-
-#include "connection.h"
-
-#include <utils/linked_list.h>
-#include <utils/logger.h>
-
-/** 
- * String mappings for auth_method_t.
- */
-mapping_t auth_method_m[] = {
-       {RSA_DIGITAL_SIGNATURE, "RSA"},
-       {SHARED_KEY_MESSAGE_INTEGRITY_CODE, "SHARED_KEY"},
-       {DSS_DIGITAL_SIGNATURE, "DSS"},
-       {MAPPING_END, NULL}
-};
-
-
-typedef struct private_connection_t private_connection_t;
-
-/**
- * Private data of an connection_t object
- */
-struct private_connection_t {
-
-       /**
-        * Public part
-        */
-       connection_t public;
-
-       /**
-        * Name of the connection
-        */
-       char *name;
-       
-       /**
-        * ID of us
-        */
-       identification_t *my_id;
-
-       /**
-        * ID of remote peer
-        */     
-       identification_t *other_id;
-
-       /**
-        * Host information of my host.
-        */
-       host_t *my_host;
-
-       /**
-        * Host information of other host.
-        */     
-       host_t *other_host;
-       
-       /**
-        * Method to use for own authentication data
-        */
-       auth_method_t auth_method;
-       
-       /**
-        * Supported proposals
-        */
-       linked_list_t *proposals;
-};
-
-/**
- * Implementation of connection_t.get_name.
- */
-static char *get_name (private_connection_t *this)
-{
-       return this->name;
-}
-
-/**
- * Implementation of connection_t.get_my_id.
- */
-static identification_t *get_my_id (private_connection_t *this)
-{
-       return this->my_id;
-}
-
-/**
- * Implementation of connection_t.get_other_id.
- */
-static identification_t *get_other_id(private_connection_t *this)
-{
-       return this->other_id;
-}
-
-/**
- * Implementation of connection_t.update_my_id
- */
-static void update_my_id(private_connection_t *this, identification_t *my_id)
-{
-       this->my_id->destroy(this->my_id);
-       this->my_id = my_id;
-}
-
-/**
- * Implementation of connection_t.update_other_id
- */
-static void update_other_id(private_connection_t *this, identification_t *other_id)
-{
-       this->other_id->destroy(this->other_id);
-       this->other_id = other_id;
-}
-
-/**
- * Implementation of connection_t.get_my_host.
- */
-static host_t * get_my_host (private_connection_t *this)
-{
-       return this->my_host;
-}
-
-/**
- * Implementation of connection_t.update_my_host.
- */
-static void update_my_host(private_connection_t *this, host_t *my_host)
-{
-       this->my_host->destroy(this->my_host);
-       this->my_host = my_host;
-}
-
-/**
- * Implementation of connection_t.update_other_host.
- */
-static void update_other_host(private_connection_t *this, host_t *other_host)
-{
-       this->other_host->destroy(this->other_host);
-       this->other_host = other_host;
-}
-
-/**
- * Implementation of connection_t.get_other_host.
- */
-static host_t * get_other_host (private_connection_t *this)
-{
-       return this->other_host;
-}
-
-/**
- * Implementation of connection_t.get_proposals.
- */
-static linked_list_t* get_proposals (private_connection_t *this)
-{
-       return this->proposals;
-}
-       
-/**
- * Implementation of connection_t.select_proposal.
- */
-static proposal_t *select_proposal(private_connection_t *this, linked_list_t *proposals)
-{
-       iterator_t *stored_iter, *supplied_iter;
-       proposal_t *stored, *supplied, *selected;
-       
-       stored_iter = this->proposals->create_iterator(this->proposals, TRUE);
-       supplied_iter = proposals->create_iterator(proposals, TRUE);
-       
-       /* compare all stored proposals with all supplied. Stored ones are preferred. */
-       while (stored_iter->has_next(stored_iter))
-       {
-               supplied_iter->reset(supplied_iter);
-               stored_iter->current(stored_iter, (void**)&stored);
-
-               while (supplied_iter->has_next(supplied_iter))
-               {
-                       supplied_iter->current(supplied_iter, (void**)&supplied);
-                       selected = stored->select(stored, supplied);
-                       if (selected)
-                       {
-                               /* they match, return */
-                               stored_iter->destroy(stored_iter);
-                               supplied_iter->destroy(supplied_iter);
-                               return selected;
-                       }
-               }
-       }
-       
-       /* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */
-       stored_iter->destroy(stored_iter);
-       supplied_iter->destroy(supplied_iter);
-       
-       return NULL;
-}
-
-/**
- * Implementation of connection_t.add_proposal.
- */
-static void add_proposal (private_connection_t *this, proposal_t *proposal)
-{
-       this->proposals->insert_last(this->proposals, proposal);
-}
-
-/**
- * Implementation of connection_t.auth_method_t.
- */
-static auth_method_t get_auth_method(private_connection_t *this)
-{
-       return this->auth_method;
-}
-
-/**
- * Implementation of connection_t.get_dh_group.
- */
-static diffie_hellman_group_t get_dh_group(private_connection_t *this)
-{
-       iterator_t *iterator;
-       proposal_t *proposal;
-       algorithm_t *algo;
-       
-       iterator = this->proposals->create_iterator(this->proposals, TRUE);
-       while (iterator->has_next(iterator))
-       {
-               iterator->current(iterator, (void**)&proposal);
-               proposal->get_algorithm(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, &algo);
-               if (algo)
-               {
-                       iterator->destroy(iterator);
-                       return algo->algorithm;
-               }
-       }
-       iterator->destroy(iterator);
-       return MODP_UNDEFINED;
-}
-
-/**
- * Implementation of connection_t.check_dh_group.
- */
-static bool check_dh_group(private_connection_t *this, diffie_hellman_group_t dh_group)
-{
-       iterator_t *prop_iter, *alg_iter;
-       proposal_t *proposal;
-       algorithm_t *algo;
-       
-       prop_iter = this->proposals->create_iterator(this->proposals, TRUE);
-       while (prop_iter->has_next(prop_iter))
-       {
-               prop_iter->current(prop_iter, (void**)&proposal);
-               alg_iter = proposal->create_algorithm_iterator(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP);
-               while (alg_iter->has_next(alg_iter))
-               {
-                       alg_iter->current(alg_iter, (void**)&algo);
-                       if (algo->algorithm == dh_group)
-                       {
-                               prop_iter->destroy(prop_iter);
-                               alg_iter->destroy(alg_iter);
-                               return TRUE;
-                       }
-               }
-       }
-       prop_iter->destroy(prop_iter);
-       alg_iter->destroy(alg_iter);
-       return FALSE;
-}
-
-/**
- * Implementation of connection_t.clone.
- */
-static connection_t *clone(private_connection_t *this)
-{
-       iterator_t *iterator;
-       proposal_t *proposal;
-       private_connection_t *clone = (private_connection_t*)connection_create(
-                       this->name,
-                       this->my_host->clone(this->my_host),
-                       this->other_host->clone(this->other_host),
-                       this->my_id->clone(this->my_id),
-                       this->other_id->clone(this->other_id),
-                       this->auth_method);
-       
-       /* clone all proposals */
-       iterator = this->proposals->create_iterator(this->proposals, TRUE);
-       while (iterator->has_next(iterator))
-       {
-               iterator->current(iterator, (void**)&proposal);
-               proposal = proposal->clone(proposal);
-               clone->proposals->insert_last(clone->proposals, (void*)proposal);
-       }
-       iterator->destroy(iterator);
-       
-       return &clone->public;
-}
-
-/**
- * Implementation of connection_t.destroy.
- */
-static void destroy (private_connection_t *this)
-{
-       proposal_t *proposal;
-       
-       while (this->proposals->remove_last(this->proposals, (void**)&proposal) == SUCCESS)
-       {
-               proposal->destroy(proposal);
-       }
-       this->proposals->destroy(this->proposals);
-       
-       this->my_host->destroy(this->my_host);
-       this->other_host->destroy(this->other_host);
-       this->my_id->destroy(this->my_id);
-       this->other_id->destroy(this->other_id);
-       free(this->name);
-       free(this);
-}
-
-/**
- * Described in header.
- */
-connection_t * connection_create(char *name, host_t *my_host, host_t *other_host, identification_t *my_id, identification_t *other_id, auth_method_t auth_method)
-{
-       private_connection_t *this = malloc_thing(private_connection_t);
-
-       /* public functions */
-       this->public.get_name = (char*(*)(connection_t*))get_name;
-       this->public.get_my_id = (identification_t*(*)(connection_t*))get_my_id;
-       this->public.get_other_id = (identification_t*(*)(connection_t*))get_other_id;
-       this->public.get_my_host = (host_t*(*)(connection_t*))get_my_host;
-       this->public.update_my_host = (void(*)(connection_t*,host_t*))update_my_host;
-       this->public.update_other_host = (void(*)(connection_t*,host_t*))update_other_host;
-       this->public.update_my_id = (void(*)(connection_t*,identification_t*))update_my_id;
-       this->public.update_other_id = (void(*)(connection_t*,identification_t*))update_other_id;
-       this->public.get_other_host = (host_t*(*)(connection_t*))get_other_host;
-       this->public.get_proposals = (linked_list_t*(*)(connection_t*))get_proposals;
-       this->public.select_proposal = (proposal_t*(*)(connection_t*,linked_list_t*))select_proposal;
-       this->public.add_proposal = (void(*)(connection_t*, proposal_t*)) add_proposal;
-       this->public.get_auth_method = (auth_method_t(*)(connection_t*)) get_auth_method;
-       this->public.get_dh_group = (diffie_hellman_group_t(*)(connection_t*)) get_dh_group;
-       this->public.check_dh_group = (bool(*)(connection_t*,diffie_hellman_group_t)) check_dh_group;
-       this->public.clone = (connection_t*(*)(connection_t*))clone;
-       this->public.destroy = (void(*)(connection_t*))destroy;
-       
-       /* private variables */
-       this->name = strdup(name);
-       this->my_host = my_host;
-       this->other_host = other_host;
-       this->my_id = my_id;
-       this->other_id = other_id;
-       this->auth_method = auth_method;
-               
-       this->proposals = linked_list_create();
-
-       return (&this->public);
-}
diff --git a/src/charon/charon/config/connections/connection.h b/src/charon/charon/config/connections/connection.h
deleted file mode 100644 (file)
index 2cb3c20..0000000
+++ /dev/null
@@ -1,283 +0,0 @@
-/**
- * @file connection.h
- * 
- * @brief Interface of connection_t.
- *  
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-#ifndef CONNECTION_H_
-#define CONNECTION_H_
-
-#include <types.h>
-#include <utils/host.h>
-#include <utils/linked_list.h>
-#include <utils/identification.h>
-#include <config/proposal.h>
-#include <crypto/diffie_hellman.h>
-
-
-typedef enum auth_method_t auth_method_t;
-
-/**
- * AUTH Method to use.
- * 
- * @ingroup config
- */
-enum auth_method_t {
-       /**
-        * Computed as specified in section 2.15 of RFC using 
-        * an RSA private key over a PKCS#1 padded hash.
-        */
-       RSA_DIGITAL_SIGNATURE = 1,
-       
-       /** 
-        * Computed as specified in section 2.15 of RFC using the 
-        * shared key associated with the identity in the ID payload 
-        * and the negotiated prf function
-        */
-       SHARED_KEY_MESSAGE_INTEGRITY_CODE = 2,
-       
-       /**
-        * Computed as specified in section 2.15 of RFC using a 
-        * DSS private key over a SHA-1 hash.
-        */
-       DSS_DIGITAL_SIGNATURE = 3,
-};
-
-/**
- * string mappings for auth method.
- * 
- * @ingroup config
- */
-extern mapping_t auth_method_m[];
-
-
-typedef struct connection_t connection_t;
-
-/**
- * @brief A connection_t defines the rules to set up an IKE_SA.
- *
- *
- * @b Constructors:
- *  - connection_create()
- * 
- * @ingroup config
- */
-struct connection_t {
-
-       /**
-        * @brief Get my ID for this connection.
-        * 
-        * Object is NOT getting cloned.
-        * 
-        * @param this  calling object
-        * @return              host information as identification_t object
-        */
-       identification_t *(*get_my_id) (connection_t *this);
-
-       /**
-        * @brief Get others ID for this connection.
-        * 
-        * Object is NOT getting cloned.
-        * 
-        * @param this  calling object
-        * @return              host information as identification_t object
-        */
-       identification_t *(*get_other_id) (connection_t *this);
-
-       /**
-        * @brief Get my address as host_t object.
-        * 
-        * Object is NOT getting cloned.
-        * 
-        * @param this  calling object
-        * @return              host information as host_t object
-        */
-       host_t *(*get_my_host) (connection_t *this);
-
-       /**
-        * @brief Get others address as host_t object.
-        * 
-        * Object is NOT getting cloned.
-        * 
-        * @param this  calling object
-        * @return              host information as host_t object
-        */
-       host_t *(*get_other_host) (connection_t *this);
-
-       /**
-        * @brief Update address of my host.
-        * 
-        * It may be necessary to uptdate own address, as it 
-        * is set to the default route (0.0.0.0) in some cases.
-        * Old host is destroyed, new one NOT cloned.
-        * 
-        * @param this          calling object
-        * @param my_host       new host to set as my_host
-        */
-       void (*update_my_host) (connection_t *this, host_t *my_host);
-
-       /**
-        * @brief Update address of remote host.
-        * 
-        * It may be necessary to uptdate remote address, as a
-        * connection may define %any (0.0.0.0) or a subnet.
-        * Old host is destroyed, new one NOT cloned.
-        * 
-        * @param this          calling object
-        * @param my_host       new host to set as other_host
-        */
-       void (*update_other_host) (connection_t *this, host_t *other_host);
-
-       /**
-        * @brief Update own ID.
-        * 
-        * It may be necessary to uptdate own ID, as it 
-        * is set to %any or to e.g. *@strongswan.org in 
-        * some cases.
-        * Old ID is destroyed, new one NOT cloned.
-        * 
-        * @param this          calling object
-        * @param my_id         new ID to set as my_id
-        */
-       void (*update_my_id) (connection_t *this, identification_t *my_id);
-
-       /**
-        * @brief Update others ID.
-        * 
-        * It may be necessary to uptdate others ID, as it 
-        * is set to %any or to e.g. *@strongswan.org in 
-        * some cases.
-        * Old ID is destroyed, new one NOT cloned.
-        * 
-        * @param this          calling object
-        * @param other_id      new ID to set as other_id
-        */
-       void (*update_other_id) (connection_t *this, identification_t *other_id);
-       
-       /**
-        * @brief Returns a list of all supported proposals.
-        * 
-        * Returned list is still owned by connection and MUST NOT
-        * modified or destroyed.
-        * 
-        * @param this                          calling object
-        * @return                                      list containing all the proposals
-        */
-       linked_list_t *(*get_proposals) (connection_t *this);
-       
-       /**
-        * @brief Adds a proposal to the list.
-        * 
-        * The first added proposal has the highest priority, the last
-        * added the lowest.
-        * 
-        * @param this                          calling object
-        * @param proposal                      proposal to add
-        */
-       void (*add_proposal) (connection_t *this, proposal_t *proposal);
-       
-       /**
-        * @brief Select a proposed from suggested proposals.
-        * 
-        * Returned proposal must be destroyed after usage.
-        * 
-        * @param this                                  calling object
-        * @param proposals                             list of proposals to select from
-        * @return                                              selected proposal, or NULL if none matches.
-        */
-       proposal_t *(*select_proposal) (connection_t *this, linked_list_t *proposals);
-       
-       /**
-        * @brief Get the authentication method to use
-        * 
-        * @param this                  calling object
-        * @return                              authentication method
-        */
-       auth_method_t (*get_auth_method) (connection_t *this);
-       
-       /**
-        * @brief Get the connection name.
-        * 
-        * Name must not be freed, since it points to 
-        * internal data.
-        * 
-        * @param this                  calling object
-        * @return                              name of the connection
-        */
-       char* (*get_name) (connection_t *this);
-       
-       /**
-        * @brief Get the DH group to use for connection initialization.
-        * 
-        * @param this                                  calling object
-        * @return                                              dh group to use for initialization
-        */
-       diffie_hellman_group_t (*get_dh_group) (connection_t *this);
-       
-       /**
-        * @brief Check if a suggested dh group is acceptable.
-        * 
-        * If we guess a wrong DH group for IKE_SA_INIT, the other
-        * peer will send us a offer. But is this acceptable for us?
-        * 
-        * @param this                                  calling object
-        * @return                                              TRUE if group acceptable
-        */
-       bool (*check_dh_group) (connection_t *this, diffie_hellman_group_t dh_group);
-       
-       /**
-        * @brief Clone a connection_t object.
-        * 
-        * @param this  connection to clone
-        * @return              clone of it
-        */
-       connection_t *(*clone) (connection_t *this);
-       
-       /**
-        * @brief Destroys a connection_t object.
-        * 
-        * @param this  calling object
-        */
-       void (*destroy) (connection_t *this);
-};
-
-/**
- * @brief Creates a connection_t object.
- * 
- * Supplied hosts/IDs become owned by connection, so 
- * do not modify or destroy them after a call to 
- * connection_create(). Name gets cloned internally.
- *
- * @param name                 connection identifier
- * @param my_host              host_t representing local address
- * @param other_host   host_t representing remote address
- * @param my_id                        identification_t for me
- * @param other_id             identification_t for other
- * @param auth_method  Authentication method to use for our(!) auth data
- * @return                             connection_t object.
- * 
- * @ingroup config
- */
-connection_t * connection_create(char *name, 
-                                                                host_t *my_host, host_t *other_host,
-                                                                identification_t *my_id, 
-                                                                identification_t *other_id,
-                                                                auth_method_t auth_method);
-
-#endif /* CONNECTION_H_ */
diff --git a/src/charon/charon/config/connections/connection_store.h b/src/charon/charon/config/connections/connection_store.h
deleted file mode 100755 (executable)
index 41fd58e..0000000
+++ /dev/null
@@ -1,112 +0,0 @@
-/**
- * @file connection_store.h
- *
- * @brief Interface connection_store_t.
- *
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef CONNECTION_STORE_H_
-#define CONNECTION_STORE_H_
-
-#include <types.h>
-#include <config/connections/connection.h>
-
-
-typedef struct connection_store_t connection_store_t;
-
-/**
- * @brief The interface for a store of connection_t's.
- * 
- * @b Constructors:
- *     - stroke_create()
- * 
- * @ingroup config
- */
-struct connection_store_t {
-
-       /**
-        * @brief Returns a connection definition identified by two IDs.
-        * 
-        * This call is useful to get a connection which is identified by IDs
-        * rather than addresses, e.g. for connection setup on user request.
-        * The returned connection gets created/cloned and therefore must
-        * be destroyed after usage.
-        * 
-        * @param this                          calling object
-        * @param my_id                         own ID of connection
-        * @param other_id                      others ID of connection
-        * @return              
-        *                                                      - connection_t, if found
-        *                                                      - NULL otherwise
-        */
-       connection_t *(*get_connection_by_ids) (connection_store_t *this, identification_t *my_id, identification_t *other_id);
-
-       /**
-        * @brief Returns a connection definition identified by two hosts.
-        * 
-        * This call is usefull to get a connection identified by addresses.
-        * It may be used after kernel request for traffic protection.
-        * The returned connection gets created/cloned and therefore must
-        * be destroyed after usage.
-        * 
-        * @param this                          calling object
-        * @param my_id                         own address of connection
-        * @param other_id                      others address of connection
-        * @return              
-        *                                                      - connection_t, if found
-        *                                                      - NULL otherwise
-        */
-       connection_t *(*get_connection_by_hosts) (connection_store_t *this, host_t *my_host, host_t *other_host);
-       
-       /**
-        * @brief Returns a connection identified by its name.
-        * 
-        * This call is usefull to get a connection identified its
-        * name, as on an connection setup.
-        * 
-        * @param this                          calling object
-        * @param name                          name of the connection to get
-        * @return              
-        *                                                      - connection_t, if found
-        *                                                      - NULL otherwise
-        */
-       connection_t *(*get_connection_by_name) (connection_store_t *this, char *name);
-       
-       /**
-        * @brief Add a connection to the store.
-        * 
-        * After a successful call, the connection is owned by the store and may 
-        * not be manipulated nor destroyed.
-        * 
-        * @param this                          calling object
-        * @param connection            connection to add
-        * @return
-        *                                                      - SUCCESS, or
-        *                                                      - FAILED
-        */
-       status_t (*add_connection) (connection_store_t *this, connection_t *connection);
-       
-       /**
-        * @brief Destroys a connection_store_t object.
-        * 
-        * @param this                                  calling object
-        */
-       void (*destroy) (connection_store_t *this);
-};
-
-#endif /* CONNECTION_STORE_H_ */
diff --git a/src/charon/charon/config/connections/local_connection_store.c b/src/charon/charon/config/connections/local_connection_store.c
deleted file mode 100644 (file)
index 0ae18e0..0000000
+++ /dev/null
@@ -1,228 +0,0 @@
-/**
- * @file local_connection_store.c
- * 
- * @brief Implementation of local_connection_store_t.
- *  
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <string.h>
-
-#include "local_connection_store.h"
-
-#include <utils/linked_list.h>
-#include <utils/logger_manager.h>
-
-
-typedef struct private_local_connection_store_t private_local_connection_store_t;
-
-/**
- * Private data of an local_connection_store_t object
- */
-struct private_local_connection_store_t {
-
-       /**
-        * Public part
-        */
-       local_connection_store_t public;
-       
-       /**
-        * stored connection
-        */
-       linked_list_t *connections;
-       
-       /**
-        * Assigned logger
-        */
-       logger_t *logger;
-};
-
-
-/**
- * Implementation of connection_store_t.get_connection_by_hosts.
- */
-static connection_t *get_connection_by_hosts(private_local_connection_store_t *this, host_t *my_host, host_t *other_host)
-{
-       iterator_t *iterator;
-       connection_t *current, *found = NULL;
-       
-       this->logger->log(this->logger, CONTROL|LEVEL1, "getting config for hosts %s - %s", 
-                                         my_host->get_address(my_host), other_host->get_address(other_host));
-       
-       iterator = this->connections->create_iterator(this->connections, TRUE);
-       while (iterator->has_next(iterator))
-       {
-               host_t *config_my_host, *config_other_host;
-               
-               iterator->current(iterator, (void**)&current);
-
-               config_my_host = current->get_my_host(current);
-               config_other_host = current->get_other_host(current);
-
-               /* first check if ip is equal */
-               if(config_other_host->ip_equals(config_other_host, other_host))
-               {
-                       this->logger->log(this->logger, CONTROL|LEVEL2, "config entry with remote host %s", 
-                                                         config_other_host->get_address(config_other_host));
-                       /* could be right one, check my_host for default route*/
-                       if (config_my_host->is_default_route(config_my_host))
-                       {
-                               found = current->clone(current);
-                               break;
-                       }
-                       /* check now if host informations are the same */
-                       else if (config_my_host->ip_equals(config_my_host,my_host))
-                       {
-                               found = current->clone(current);
-                               break;
-                       }
-                       
-               }
-               /* Then check for wildcard hosts!
-               * TODO
-               * actually its only checked if other host with default route can be found! */
-               else if (config_other_host->is_default_route(config_other_host))
-               {
-                       /* could be right one, check my_host for default route*/
-                       if (config_my_host->is_default_route(config_my_host))
-                       {
-                               found = current->clone(current);
-                               break;
-                       }
-                       /* check now if host informations are the same */
-                       else if (config_my_host->ip_equals(config_my_host,my_host))
-                       {
-                               found = current->clone(current);
-                               break;
-                       }
-               }
-       }
-       iterator->destroy(iterator);
-       
-       /* apply hosts as they are supplied since my_host may be %defaultroute, and other_host may be %any. */
-       if (found)
-       {
-               found->update_my_host(found, my_host->clone(my_host));
-               found->update_other_host(found, other_host->clone(other_host));
-       }
-       
-       return found;
-}
-
-/**
- * Implementation of connection_store_t.get_connection_by_ids.
- */
-static connection_t *get_connection_by_ids(private_local_connection_store_t *this, identification_t *my_id, identification_t *other_id)
-{
-       iterator_t *iterator;
-       connection_t *current, *found = NULL;
-       
-       this->logger->log(this->logger, CONTROL|LEVEL1, "getting config for ids %s - %s", 
-                                         my_id->get_string(my_id), other_id->get_string(other_id));
-       
-       iterator = this->connections->create_iterator(this->connections, TRUE);
-       while (iterator->has_next(iterator))
-       {
-               identification_t *config_my_id, *config_other_id;
-               
-               iterator->current(iterator, (void**)&current);
-               
-               config_my_id = current->get_my_id(current);
-               config_other_id = current->get_other_id(current);
-               
-               /* first check if ids are equal 
-               * TODO: Add wildcard checks */
-               if (config_other_id->equals(config_other_id, other_id) &&
-                       config_my_id->equals(config_my_id, my_id))
-               {
-                       this->logger->log(this->logger, CONTROL|LEVEL2, "config entry with remote id %s", 
-                                                         config_other_id->get_string(config_other_id));
-                       found = current->clone(current);
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-       
-       return found;
-}
-
-/**
- * Implementation of connection_store_t.get_connection_by_name.
- */
-static connection_t *get_connection_by_name(private_local_connection_store_t *this, char *name)
-{
-       iterator_t *iterator;
-       connection_t *current, *found = NULL;
-       
-       iterator = this->connections->create_iterator(this->connections, TRUE);
-       while (iterator->has_next(iterator))
-       {
-               iterator->current(iterator, (void**)&current);
-               if (strcmp(name, current->get_name(current)) == 0)
-               {
-                       found = current->clone(current);
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-       
-       return found;
-}
-
-/**
- * Implementation of connection_store_t.add_connection.
- */
-static status_t add_connection(private_local_connection_store_t *this, connection_t *connection)
-{
-       this->connections->insert_last(this->connections, connection);
-       return SUCCESS;
-}
-
-/**
- * Implementation of connection_store_t.destroy.
- */
-static void destroy (private_local_connection_store_t *this)
-{
-       connection_t *connection;
-       
-       while (this->connections->remove_last(this->connections, (void**)&connection) == SUCCESS)
-       {
-               connection->destroy(connection);
-       }
-       this->connections->destroy(this->connections);
-       free(this);
-}
-
-/**
- * Described in header.
- */
-local_connection_store_t * local_connection_store_create(void)
-{
-       private_local_connection_store_t *this = malloc_thing(private_local_connection_store_t);
-
-       this->public.connection_store.get_connection_by_hosts = (connection_t*(*)(connection_store_t*,host_t*,host_t*))get_connection_by_hosts;
-       this->public.connection_store.get_connection_by_ids = (connection_t*(*)(connection_store_t*,identification_t*,identification_t*))get_connection_by_ids;
-       this->public.connection_store.get_connection_by_name = (connection_t*(*)(connection_store_t*,char*))get_connection_by_name;
-       this->public.connection_store.add_connection = (status_t(*)(connection_store_t*,connection_t*))add_connection;
-       this->public.connection_store.destroy = (void(*)(connection_store_t*))destroy;
-       
-       /* private variables */
-       this->connections = linked_list_create();
-       this->logger = logger_manager->get_logger(logger_manager, CONFIG);
-
-       return (&this->public);
-}
diff --git a/src/charon/charon/config/connections/local_connection_store.h b/src/charon/charon/config/connections/local_connection_store.h
deleted file mode 100644 (file)
index 6e73ef9..0000000
+++ /dev/null
@@ -1,63 +0,0 @@
-/**
- * @file local_connection_store.h
- * 
- * @brief Interface of local_connection_store_t.
- *  
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-#ifndef LOCAL_CONNECTION_H_
-#define LOCAL_CONNECTION_H_
-
-#include <types.h>
-#include <config/connections/connection_store.h>
-
-
-typedef struct local_connection_store_t local_connection_store_t;
-
-/**
- * @brief A connection_store_t implementation using a simple connection list.
- *
- * The local_connection_store_t class implements the connection_store_t interface
- * as simple as possible. connection_t's are stored in an in-memory list.
- *
- * @b Constructors:
- *  - local_connection_store_create()
- *
- * @todo Make thread-save first
- * @todo Add remove_connection method
- *
- * @ingroup config
- */
-struct local_connection_store_t {
-       
-       /**
-        * Implements connection_store_t interface
-        */
-       connection_store_t connection_store;
-};
-
-/**
- * @brief Creates a local_connection_store_t instance.
- *
- * @return connection store instance.
- * 
- * @ingroup config
- */
-local_connection_store_t * local_connection_store_create(void);
-
-#endif /* LOCAL_CONNECTION_H_ */
diff --git a/src/charon/charon/config/credentials/Makefile.credentials b/src/charon/charon/config/credentials/Makefile.credentials
deleted file mode 100644 (file)
index 720d566..0000000
+++ /dev/null
@@ -1,20 +0,0 @@
-# Copyright (C) 2006 Martin Willi
-# Hochschule fuer Technik Rapperswil
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-#
-
-CREDENTIALS_DIR= $(CONFIG_DIR)credentials/
-
-
-CHARON_OBJS+= $(BUILD_DIR)local_credential_store.o
-$(BUILD_DIR)local_credential_store.o : $(CREDENTIALS_DIR)local_credential_store.c $(CREDENTIALS_DIR)local_credential_store.h
-                                                                               $(CC) $(CFLAGS) -c -o $@ $<
diff --git a/src/charon/charon/config/credentials/credential_store.h b/src/charon/charon/config/credentials/credential_store.h
deleted file mode 100755 (executable)
index 2339469..0000000
+++ /dev/null
@@ -1,91 +0,0 @@
-/**
- * @file credential_store.h
- * 
- * @brief Interface credential_store_t.
- *  
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef CREDENTIAL_STORE_H_
-#define CREDENTIAL_STORE_H_
-
-#include <types.h>
-#include <crypto/rsa/rsa_private_key.h>
-#include <crypto/rsa/rsa_public_key.h>
-#include <utils/identification.h>
-
-
-typedef struct credential_store_t credential_store_t;
-
-/**
- * @brief The interface for a credential_store backend.
- * 
- * @b Constructors:
- *     - stroke_create()
- * 
- * @ingroup config
- */
-struct credential_store_t { 
-
-       /**
-        * @brief Returns the preshared secret of a specific ID.
-        * 
-        * The returned chunk must be destroyed by the caller after usage.
-        * 
-        * @param this                                  calling object
-        * @param identification                identification_t object identifiying the secret.
-        * @param[out] preshared_secret the preshared secret will be written there.
-        * @return
-        *                                                              - NOT_FOUND     if no preshared secrets for specific ID could be found
-        *                                                              - SUCCESS
-        *
-        * @todo We should use two IDs to query shared secrets, since we want to use different
-        * keys for different peers...
-        */     
-       status_t (*get_shared_secret) (credential_store_t *this, identification_t *identification, chunk_t *preshared_secret);
-       
-       /**
-        * @brief Returns the RSA public key of a specific ID.
-        * 
-        * The returned rsa_public_key_t must be destroyed by the caller after usage.
-        * 
-        * @param this                                  calling object
-        * @param identification                identification_t object identifiying the key.
-        * @return                                              public key, or NULL if not found
-        */
-       rsa_public_key_t * (*get_rsa_public_key) (credential_store_t *this, identification_t *identification);
-       
-       /**
-        * @brief Returns the RSA private key of a specific ID.
-        * 
-        * The returned rsa_private_key_t must be destroyed by the caller after usage.
-        * 
-        * @param this                                  calling object
-        * @param identification                identification_t object identifiying the key
-        * @return                                              private key, or NULL if not found
-        */     
-       rsa_private_key_t *(*get_rsa_private_key) (credential_store_t *this, identification_t *identification);
-
-       /**
-        * @brief Destroys a credential_store_t object.
-        * 
-        * @param this                                  calling object
-        */
-       void (*destroy) (credential_store_t *this);
-};
-
-#endif /*CREDENTIAL_STORE_H_*/
diff --git a/src/charon/charon/config/credentials/local_credential_store.c b/src/charon/charon/config/credentials/local_credential_store.c
deleted file mode 100644 (file)
index 2554eec..0000000
+++ /dev/null
@@ -1,381 +0,0 @@
-/**
- * @file local_credential_store.c
- * 
- * @brief Implementation of local_credential_store_t.
- *  
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <sys/stat.h>
-#include <dirent.h>
-#include <string.h>
-
-#include "local_credential_store.h"
-
-#include <utils/lexparser.h>
-#include <utils/linked_list.h>
-#include <utils/logger_manager.h>
-#include <crypto/x509.h>
-
-#define PATH_BUF       256
-
-typedef struct key_entry_t key_entry_t;
-
-/**
- * Private key with an associated ID to find it
- */
-struct key_entry_t {
-       
-       /**
-        * ID, as added
-        */
-       identification_t *id;
-       
-       /**
-        * Associated rsa private key
-        */
-       rsa_private_key_t *key;
-};
-
-
-typedef struct private_local_credential_store_t private_local_credential_store_t;
-
-/**
- * Private data of an local_credential_store_t object
- */
-struct private_local_credential_store_t {
-
-       /**
-        * Public part
-        */
-       local_credential_store_t public;
-       
-       /**
-        * list of key_entry_t's with private keys
-        */
-       linked_list_t *private_keys;
-       
-       /**
-        * list of x509 certificates with public keys
-        */
-       linked_list_t *certificates;
-       
-       /**
-        * Assigned logger
-        */
-       logger_t *logger;
-};
-
-
-/**
- * Implementation of credential_store_t.get_shared_secret.
- */    
-static status_t get_shared_secret(private_local_credential_store_t *this, identification_t *identification, chunk_t *preshared_secret)
-{
-       return FAILED;
-}
-
-/**
- * Implementation of credential_store_t.get_rsa_public_key.
- */
-static rsa_public_key_t * get_rsa_public_key(private_local_credential_store_t *this, identification_t *identification)
-{
-       x509_t *current;
-       rsa_public_key_t *found = NULL;
-       iterator_t *iterator;
-       
-       this->logger->log(this->logger, CONTROL|LEVEL2, "Looking for public key for %s",
-                                         identification->get_string(identification));
-       iterator = this->certificates->create_iterator(this->certificates, TRUE);
-       while (iterator->has_next(iterator))
-       {
-               iterator->current(iterator, (void**)&current);
-               identification_t *stored = current->get_subject(current);
-               this->logger->log(this->logger, CONTROL|LEVEL2, "there is one for %s",
-                                                 stored->get_string(stored));
-               if (identification->equals(identification, stored))
-               {
-                       found = current->get_public_key(current);
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-       return found;
-}
-
-/**
- * Implementation of credential_store_t.get_rsa_private_key.
- */
-static rsa_private_key_t *get_rsa_private_key(private_local_credential_store_t *this, identification_t *identification)
-{
-       rsa_private_key_t *found = NULL;
-       key_entry_t *current;
-       iterator_t *iterator;
-       
-       iterator = this->private_keys->create_iterator(this->private_keys, TRUE);
-       while (iterator->has_next(iterator))
-       {
-               iterator->current(iterator, (void**)&current);
-               if (identification->equals(identification, current->id))
-               {
-                       found = current->key->clone(current->key);
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-       return found;
-}
-
-/**
- * Implements local_credential_store_t.load_certificates
- */
-static void load_certificates(private_local_credential_store_t *this, const char *path)
-{
-       struct dirent* entry;
-       struct stat stb;
-       DIR* dir;
-       x509_t *cert;
-       
-       dir = opendir(path);
-       if (dir == NULL) {
-               this->logger->log(this->logger, ERROR, "error opening certificate directory \"%s\"", path);
-               return;
-       }
-       while ((entry = readdir(dir)) != NULL)
-       {
-               char file[PATH_BUF];
-
-               snprintf(file, sizeof(file), "%s/%s", path, entry->d_name);
-               
-               if (stat(file, &stb) == -1)
-               {
-                       continue;
-               }
-               /* try to parse all regular files */
-               if (stb.st_mode & S_IFREG)
-               {
-                       cert = x509_create_from_file(file);
-                       if (cert)
-                       {
-                               this->certificates->insert_last(this->certificates, (void*)cert);
-                       }
-                       else
-                       {
-                               this->logger->log(this->logger, ERROR, "certificate \"%s\" invalid, skipped", file);
-                       }
-               }
-       }
-       closedir(dir);
-}
-
-/**
- * Query the ID for a private key, by doing a lookup in the certificates
- */
-static identification_t *get_id_for_private_key(private_local_credential_store_t *this, rsa_private_key_t *private_key)
-{
-       iterator_t *iterator;
-       x509_t *cert;
-       identification_t *found = NULL;
-       rsa_public_key_t *public_key;
-       
-       this->logger->log(this->logger, CONTROL|LEVEL2, "Getting ID for a private key...");
-       
-       iterator = this->certificates->create_iterator(this->certificates, TRUE);
-       while (!found && iterator->has_next(iterator))
-       {
-               iterator->current(iterator, (void**)&cert);
-               public_key = cert->get_public_key(cert);
-               if (public_key)
-               {
-                       if (private_key->belongs_to(private_key, public_key))
-                       {
-                               this->logger->log(this->logger, CONTROL|LEVEL2, "found a match");
-                               found = cert->get_subject(cert);
-                               found = found->clone(found);
-                       }
-                       else
-                       {
-                               this->logger->log(this->logger, CONTROL|LEVEL3, "this one did not match");
-                       }
-                       public_key->destroy(public_key);
-               }
-       }
-       iterator->destroy(iterator);
-       return found;
-}
-
-/**
- * Implements local_credential_store_t.load_private_keys
- */
-static void load_private_keys(private_local_credential_store_t *this, const char *secretsfile, const char *defaultpath)
-{
-       FILE *fd = fopen(secretsfile, "r");
-
-       if (fd)
-       {
-               int bytes;
-               int line_nr = 0;
-       chunk_t chunk, src, line;
-
-               this->logger->log(this->logger, CONTROL, "loading secrets from \"%s\"", secretsfile);
-
-               fseek(fd, 0, SEEK_END);
-               chunk.len = ftell(fd);
-               rewind(fd);
-               chunk.ptr = malloc(chunk.len);
-               bytes = fread(chunk.ptr, 1, chunk.len, fd);
-               fclose(fd);
-
-               src = chunk;
-
-               while (fetchline(&src, &line))
-               {
-                       chunk_t ids, token;
-
-                       line_nr++;
-
-                       if (!eat_whitespace(&line))
-                       {
-                               continue;
-                       }
-                       if (!extract_token(&ids, ':', &line))
-                       {
-                               this->logger->log(this->logger, ERROR, "line %d: missing ':' separator", line_nr);
-                               goto error;
-                       }
-                       if (!eat_whitespace(&line) || !extract_token(&token, ' ', &line))
-                       {
-                               this->logger->log(this->logger, ERROR, "line %d: missing token", line_nr);
-                               goto error;
-                       }
-                       if (match("RSA", &token))
-                       {
-                               char path[PATH_BUF];
-                               chunk_t filename;
-
-                               err_t ugh = extract_value(&filename, &line);
-
-                               if (ugh != NULL)
-                               {
-                                       this->logger->log(this->logger, ERROR, "line %d: %s", line_nr, ugh);
-                                       goto error;
-                               }
-                               if (filename.len == 0)
-                               {
-                                       this->logger->log(this->logger, ERROR,
-                                               "line %d: empty filename", line_nr);
-                                       goto error;
-                               }
-                               if (*filename.ptr == '/')
-                               {
-                                       /* absolute path name */
-                                       snprintf(path, sizeof(path), "%.*s", filename.len, filename.ptr);
-                               }
-                               else
-                               {
-                                       /* relative path name */
-                                       snprintf(path, sizeof(path), "%s/%.*s", defaultpath, filename.len, filename.ptr);
-                               }
-
-                               rsa_private_key_t *key = rsa_private_key_create_from_file(path, NULL);
-                               if (key)
-                               {
-                                       key_entry_t *entry;
-                                       identification_t *id = get_id_for_private_key(this, key);
-
-                                       if (!id)
-                                       {
-                                               this->logger->log(this->logger, ERROR, 
-                                                       "no certificate found for private key \"%s\", skipped", path);
-                                               key->destroy(key);
-                                               continue;
-                                       }
-                                       entry = malloc_thing(key_entry_t);
-                                       entry->key = key;
-                                       entry->id = id;
-                                       this->private_keys->insert_last(this->private_keys, (void*)entry);
-                               }
-                       }
-                       else if (match("PSK", &token))
-                       {
-
-                       }
-                       else if (match("PIN", &token))
-                       {
-
-                       }
-                       else
-                       {
-                               this->logger->log(this->logger, ERROR,
-                                        "line %d: token must be either RSA, PSK, or PIN",
-                                         line_nr, token.len);
-                               goto error;
-                       }
-               }
-error:
-               free(chunk.ptr);
-       }
-       else
-       {
-               this->logger->log(this->logger, ERROR, "could not open file '%s'", secretsfile);
-       }
-}
-
-/**
- * Implementation of credential_store_t.destroy.
- */
-static void destroy(private_local_credential_store_t *this)
-{
-       x509_t *certificate;
-       key_entry_t *key_entry;
-       
-       while (this->certificates->remove_last(this->certificates, (void**)&certificate) == SUCCESS)
-       {
-               certificate->destroy(certificate);
-       }
-       this->certificates->destroy(this->certificates);
-       while (this->private_keys->remove_last(this->private_keys, (void**)&key_entry) == SUCCESS)
-       {
-               key_entry->id->destroy(key_entry->id);
-               key_entry->key->destroy(key_entry->key);
-               free(key_entry);
-       }
-       this->private_keys->destroy(this->private_keys);
-       free(this);
-}
-
-/**
- * Described in header.
- */
-local_credential_store_t * local_credential_store_create(void)
-{
-       private_local_credential_store_t *this = malloc_thing(private_local_credential_store_t);
-
-       this->public.credential_store.get_shared_secret = (status_t(*)(credential_store_t*,identification_t*,chunk_t*))get_shared_secret;
-       this->public.credential_store.get_rsa_private_key = (rsa_private_key_t*(*)(credential_store_t*,identification_t*))get_rsa_private_key;
-       this->public.credential_store.get_rsa_public_key = (rsa_public_key_t*(*)(credential_store_t*,identification_t*))get_rsa_public_key;
-       this->public.load_certificates = (void(*)(local_credential_store_t*,const char*))load_certificates;
-       this->public.load_private_keys = (void(*)(local_credential_store_t*,const char*, const char*))load_private_keys;
-       this->public.credential_store.destroy = (void(*)(credential_store_t*))destroy;
-       
-       /* private variables */
-       this->private_keys = linked_list_create();
-       this->certificates = linked_list_create();
-       this->logger = logger_manager->get_logger(logger_manager, CONFIG);
-
-       return (&this->public);
-}
diff --git a/src/charon/charon/config/credentials/local_credential_store.h b/src/charon/charon/config/credentials/local_credential_store.h
deleted file mode 100644 (file)
index 81b7568..0000000
+++ /dev/null
@@ -1,85 +0,0 @@
-/**
- * @file local_credential_store.h
- *
- * @brief Interface of local_credential_store_t.
- *
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-#ifndef LOCAL_CREDENTIAL_H_
-#define LOCAL_CREDENTIAL_H_
-
-#include <types.h>
-#include <config/credentials/credential_store.h>
-
-
-typedef struct local_credential_store_t local_credential_store_t;
-
-/**
- * @brief A credential_store_t implementation using simple credentail lists.
- *
- * The local_credential_store_t class implements the credential_store_t interface
- * as simple as possible. The credentials are stored in lists, and can be loaded
- * from folders.
- * Shared secret are not handled yet, so get_shared_secret always returns NOT_FOUND.
- *
- * @b Constructors:
- *  - local_credential_store_create()
- * 
- * @ingroup config
- */
-struct local_credential_store_t {
-       
-       /**
-        * Implements credential_store_t interface
-        */
-       credential_store_t credential_store;
-       
-       /**
-        * @brief Loads trusted certificates from a folder.
-        *
-        * Currently, all keys must be in binary DER format.
-        *
-        * @param this          calling object
-        * @param path          directory to load certificates from
-        */
-       void (*load_certificates) (local_credential_store_t *this, const char *path);
-       
-       /**
-        * @brief Loads RSA private keys from a folder.
-        * 
-        * Currently, all keys must be unencrypted in binary DER format. Anything
-        * other gets ignored. Further, a certificate for the specific private
-        * key must already be loaded to get the ID from.
-        * 
-        * @param this                  calling object
-        * @param secretsfile   file where secrets are stored
-        * @param defaultpath   default directory for private keys
-        */
-       void (*load_private_keys) (local_credential_store_t *this, const char *secretsfile, const char *defaultpath);
-};
-
-/**
- * @brief Creates a local_credential_store_t instance.
- *
- * @return credential store instance.
- * 
- * @ingroup config
- */
-local_credential_store_t *local_credential_store_create(void);
-
-#endif /* LOCAL_CREDENTIAL_H_ */
diff --git a/src/charon/charon/config/policies/Makefile.policies b/src/charon/charon/config/policies/Makefile.policies
deleted file mode 100644 (file)
index e7ed8ab..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# Copyright (C) 2006 Martin Willi
-# Hochschule fuer Technik Rapperswil
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-#
-
-POLICIES_DIR= $(CONFIG_DIR)policies/
-
-
-CHARON_OBJS+= $(BUILD_DIR)policy.o
-$(BUILD_DIR)policy.o :                                 $(POLICIES_DIR)policy.c $(POLICIES_DIR)policy.h
-                                                                               $(CC) $(CFLAGS) -c -o $@ $<
-
-CHARON_OBJS+= $(BUILD_DIR)local_policy_store.o
-$(BUILD_DIR)local_policy_store.o :             $(POLICIES_DIR)local_policy_store.c $(POLICIES_DIR)local_policy_store.h
-                                                                               $(CC) $(CFLAGS) -c -o $@ $<
\ No newline at end of file
diff --git a/src/charon/charon/config/policies/local_policy_store.c b/src/charon/charon/config/policies/local_policy_store.c
deleted file mode 100644 (file)
index 24d22f4..0000000
+++ /dev/null
@@ -1,136 +0,0 @@
-/**
- * @file local_policy_store.c
- * 
- * @brief Implementation of local_policy_store_t.
- *  
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "local_policy_store.h"
-
-#include <utils/linked_list.h>
-#include <utils/logger_manager.h>
-
-
-typedef struct private_local_policy_store_t private_local_policy_store_t;
-
-/**
- * Private data of an local_policy_store_t object
- */
-struct private_local_policy_store_t {
-
-       /**
-        * Public part
-        */
-       local_policy_store_t public;
-       
-       /**
-        * list of policy_t's
-        */
-       linked_list_t *policies;
-       
-       /**
-        * Assigned logger
-        */
-       logger_t *logger;
-};
-
-/**
- * Implementation of policy_store_t.add_policy.
- */
-static void add_policy(private_local_policy_store_t *this, policy_t *policy)
-{
-       this->policies->insert_last(this->policies, (void*)policy);
-}
-
-
-/**
- * Implementation of policy_store_t.get_policy.
- */
-static policy_t *get_policy(private_local_policy_store_t *this, identification_t *my_id, identification_t *other_id)
-{
-       iterator_t *iterator;
-       policy_t *current, *found = NULL;
-       
-       this->logger->log(this->logger, CONTROL|LEVEL1, "Looking for policy for IDs %s - %s",
-                                         my_id ? my_id->get_string(my_id) : "%any",
-                                         other_id->get_string(other_id));
-       iterator = this->policies->create_iterator(this->policies, TRUE);
-       while (iterator->has_next(iterator))
-       {
-               iterator->current(iterator, (void **)&current);
-               identification_t *config_my_id = current->get_my_id(current);
-               identification_t *config_other_id = current->get_other_id(current);
-               
-               this->logger->log(this->logger, CONTROL|LEVEL2, "Found one for %s - %s",
-                                                 config_my_id->get_string(config_my_id),
-                                                 config_other_id->get_string(config_other_id));
-               
-               /* check other host first */
-               if (other_id->belongs_to(other_id, config_other_id))
-               {
-                       /* get it if my_id not specified */
-                       if (my_id->belongs_to(my_id, config_my_id))
-                       {
-                               found = current->clone(current);
-                               break;
-                       }
-               }
-       }
-       iterator->destroy(iterator);
-       
-       /* apply IDs as they are requsted, since they may be configured as %any or such */
-       if (found)
-       {
-               found->update_my_id(found, my_id->clone(my_id));
-               found->update_other_id(found, other_id->clone(other_id));
-       }
-       return found;
-}
-
-/**
- * Implementation of policy_store_t.destroy.
- */
-static void destroy(private_local_policy_store_t *this)
-{
-       policy_t *policy;
-       
-       while (this->policies->remove_last(this->policies, (void**)&policy) == SUCCESS)
-       {
-               policy->destroy(policy);
-       }
-       this->policies->destroy(this->policies);
-       free(this);
-}
-
-/**
- * Described in header.
- */
-local_policy_store_t *local_policy_store_create(void)
-{
-       private_local_policy_store_t *this = malloc_thing(private_local_policy_store_t);
-       
-       this->public.policy_store.add_policy = (void(*)(policy_store_t*,policy_t*))add_policy;
-       this->public.policy_store.get_policy = (policy_t*(*)(policy_store_t*,identification_t*,identification_t*))get_policy;
-       this->public.policy_store.destroy = (void(*)(policy_store_t*))destroy;
-       
-       /* private variables */
-       this->policies = linked_list_create();
-       this->logger = logger_manager->get_logger(logger_manager, CONFIG);
-       
-       return (&this->public);
-}
diff --git a/src/charon/charon/config/policies/local_policy_store.h b/src/charon/charon/config/policies/local_policy_store.h
deleted file mode 100644 (file)
index ce9b33d..0000000
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * @file local_policy_store.h
- *
- * @brief Interface of local_policy_store_t.
- *
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-#ifndef LOCAL_POLICY_STORE_H_
-#define LOCAL_POLICY_STORE_H_
-
-#include <types.h>
-#include <config/policies/policy_store.h>
-
-
-typedef struct local_policy_store_t local_policy_store_t;
-
-/**
- * @brief A policy_store_t implementation using a simple policy lists.
- *
- * The local_policy_store_t class implements the policy_store_t interface
- * as simple as possible. The policies are stored in a in-memory list.
- *
- * @b Constructors:
- *  - local_policy_store_create()
- * 
- * @ingroup config
- */
-struct local_policy_store_t {
-       
-       /**
-        * Implements policy_store_t interface
-        */
-       policy_store_t policy_store;
-};
-
-/**
- * @brief Creates a local_policy_store_t instance.
- *
- * @return policy store instance.
- * 
- * @ingroup config
- */
-local_policy_store_t *local_policy_store_create(void);
-
-#endif /* LOCAL_POLICY_STORE_H_ */
diff --git a/src/charon/charon/config/policies/policy.c b/src/charon/charon/config/policies/policy.c
deleted file mode 100644 (file)
index cff87fc..0000000
+++ /dev/null
@@ -1,397 +0,0 @@
-/**
- * @file policy.c
- * 
- * @brief Implementation of policy_t.
- * 
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "policy.h"
-
-#include <utils/linked_list.h>
-#include <utils/identification.h>
-#include <utils/logger.h>
-
-typedef struct private_policy_t private_policy_t;
-
-/**
- * Private data of an policy_t object
- */
-struct private_policy_t {
-
-       /**
-        * Public part
-        */
-       policy_t public;
-       
-       /**
-        * id to use to identify us
-        */
-       identification_t *my_id;
-       
-       /**
-        * allowed id for other
-        */
-       identification_t *other_id;
-       
-       /**
-        * list for all proposals
-        */
-       linked_list_t *proposals;
-       
-       /**
-        * list for traffic selectors for my site
-        */
-       linked_list_t *my_ts;
-       
-       /**
-        * list for traffic selectors for others site
-        */
-       linked_list_t *other_ts;
-
-       /**
-        * select_traffic_selectors for both
-        */
-       linked_list_t *(*select_traffic_selectors) (private_policy_t *,linked_list_t*,linked_list_t*);
-};
-
-/**
- * Implementation of policy_t.get_my_id
- */
-static identification_t *get_my_id(private_policy_t *this)
-{
-       return this->my_id;
-}
-
-/**
- * Implementation of policy_t.get_other_id
- */
-static identification_t *get_other_id(private_policy_t *this)
-{
-       return this->other_id;
-}
-
-/**
- * Implementation of policy_t.update_my_id
- */
-static void update_my_id(private_policy_t *this, identification_t *my_id)
-{
-       this->my_id->destroy(this->my_id);
-       this->my_id = my_id;
-}
-
-/**
- * Implementation of policy_t.update_other_id
- */
-static void update_other_id(private_policy_t *this, identification_t *other_id)
-{
-       this->other_id->destroy(this->other_id);
-       this->other_id = other_id;
-}
-
-/** 
- * Helper function which does the work for policy_t.update_my_ts and update_other_ts
- */
-static void update_ts(linked_list_t* list, host_t *new_host)
-{
-       traffic_selector_t *ts;
-       iterator_t *iterator;
-        
-       iterator = list->create_iterator(list, TRUE);
-       while (iterator->has_next(iterator))
-       {
-               iterator->current(iterator, (void**)&ts);
-               ts->update_address_range(ts, new_host);
-       }
-       iterator->destroy(iterator);
-}
-
-/**
- * Implementation of policy_t.update_my_id
- */
-static void update_my_ts(private_policy_t *this, host_t *my_host)
-{
-       update_ts(this->my_ts, my_host);
-}
-
-/**
- * Implementation of policy_t.update_other_ts
- */
-static void update_other_ts(private_policy_t *this, host_t *my_host)
-{
-       update_ts(this->other_ts, my_host);
-}
-
-/**
- * Implementation of policy_t.get_my_traffic_selectors
- */
-static linked_list_t *get_my_traffic_selectors(private_policy_t *this)
-{
-       return this->my_ts;
-}
-
-/**
- * Implementation of policy_t.get_other_traffic_selectors
- */
-static linked_list_t *get_other_traffic_selectors(private_policy_t *this, traffic_selector_t **traffic_selectors[])
-{
-       return this->other_ts;
-}
-
-/**
- * Implementation of private_policy_t.select_my_traffic_selectors
- */
-static linked_list_t *select_my_traffic_selectors(private_policy_t *this, linked_list_t *supplied)
-{
-       return this->select_traffic_selectors(this, this->my_ts, supplied);
-}
-
-/**
- * Implementation of private_policy_t.select_other_traffic_selectors
- */
-static linked_list_t *select_other_traffic_selectors(private_policy_t *this, linked_list_t *supplied)
-{
-       return this->select_traffic_selectors(this, this->other_ts, supplied);
-}
-/**
- * Implementation of private_policy_t.select_traffic_selectors
- */
-static linked_list_t *select_traffic_selectors(private_policy_t *this, linked_list_t *stored, linked_list_t *supplied)
-{
-       iterator_t *supplied_iter, *stored_iter;
-       traffic_selector_t *supplied_ts, *stored_ts, *selected_ts;
-       linked_list_t *selected = linked_list_create();
-       
-       
-       stored_iter = stored->create_iterator(stored, TRUE);
-       supplied_iter = supplied->create_iterator(supplied, TRUE);
-       
-       /* iterate over all stored selectors */
-       while (stored_iter->has_next(stored_iter))
-       {
-               stored_iter->current(stored_iter, (void**)&stored_ts);
-               
-               supplied_iter->reset(supplied_iter);
-               /* iterate over all supplied traffic selectors */
-               while (supplied_iter->has_next(supplied_iter))
-               {
-                       supplied_iter->current(supplied_iter, (void**)&supplied_ts);
-                       
-                       selected_ts = stored_ts->get_subset(stored_ts, supplied_ts);
-                       if (selected_ts)
-                       {
-                               /* got a match, add to list */
-                               selected->insert_last(selected, (void*)selected_ts);
-                       }
-               }
-       }
-       stored_iter->destroy(stored_iter);
-       supplied_iter->destroy(supplied_iter);
-       
-       return selected;
-}
-
-/**
- * Implementation of policy_t.get_proposal_iterator
- */
-static linked_list_t *get_proposals(private_policy_t *this)
-{
-       return this->proposals;
-}
-
-/**
- * Implementation of policy_t.select_proposal
- */
-static proposal_t *select_proposal(private_policy_t *this, linked_list_t *proposals)
-{
-       iterator_t *stored_iter, *supplied_iter;
-       proposal_t *stored, *supplied, *selected;
-       
-       stored_iter = this->proposals->create_iterator(this->proposals, TRUE);
-       supplied_iter = proposals->create_iterator(proposals, TRUE);
-       
-       /* compare all stored proposals with all supplied. Stored ones are preferred. */
-       while (stored_iter->has_next(stored_iter))
-       {
-               supplied_iter->reset(supplied_iter);
-               stored_iter->current(stored_iter, (void**)&stored);
-
-               while (supplied_iter->has_next(supplied_iter))
-               {
-                       supplied_iter->current(supplied_iter, (void**)&supplied);
-                       selected = stored->select(stored, supplied);
-                       if (selected)
-                       {
-                               /* they match, return */
-                               stored_iter->destroy(stored_iter);
-                               supplied_iter->destroy(supplied_iter);
-                               return selected;
-                       }
-               }
-       }
-       
-       /* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */
-       stored_iter->destroy(stored_iter);
-       supplied_iter->destroy(supplied_iter);
-       
-       return NULL;
-}
-
-/**
- * Implementation of policy_t.add_my_traffic_selector
- */
-static void add_my_traffic_selector(private_policy_t *this, traffic_selector_t *traffic_selector)
-{
-       this->my_ts->insert_last(this->my_ts, (void*)traffic_selector);
-}
-
-/**
- * Implementation of policy_t.add_other_traffic_selector
- */
-static void add_other_traffic_selector(private_policy_t *this, traffic_selector_t *traffic_selector)
-{
-       this->other_ts->insert_last(this->other_ts, (void*)traffic_selector);
-}
-
-/**
- * Implementation of policy_t.add_proposal
- */
-static void add_proposal(private_policy_t *this, proposal_t *proposal)
-{
-       this->proposals->insert_last(this->proposals, (void*)proposal);
-}
-
-/**
- * Implements policy_t.destroy.
- */
-static status_t destroy(private_policy_t *this)
-{      
-       proposal_t *proposal;
-       traffic_selector_t *traffic_selector;
-       
-       
-       /* delete proposals */
-       while(this->proposals->remove_last(this->proposals, (void**)&proposal) == SUCCESS)
-       {
-               proposal->destroy(proposal);
-       }
-       this->proposals->destroy(this->proposals);
-       
-       /* delete traffic selectors */
-       while(this->my_ts->remove_last(this->my_ts, (void**)&traffic_selector) == SUCCESS)
-       {
-               traffic_selector->destroy(traffic_selector);
-       }
-       this->my_ts->destroy(this->my_ts);
-       
-       /* delete traffic selectors */
-       while(this->other_ts->remove_last(this->other_ts, (void**)&traffic_selector) == SUCCESS)
-       {
-               traffic_selector->destroy(traffic_selector);
-       }
-       this->other_ts->destroy(this->other_ts);
-       
-       /* delete ids */
-       this->my_id->destroy(this->my_id);
-       this->other_id->destroy(this->other_id);
-       
-       free(this);
-       return SUCCESS;
-}
-
-/**
- * Implements policy_t.clone.
- */
-static policy_t *clone(private_policy_t *this)
-{
-       private_policy_t *clone = (private_policy_t*)policy_create(this->my_id->clone(this->my_id), 
-                                                                                                                          this->other_id->clone(this->other_id));
-       iterator_t *iterator;
-       proposal_t *proposal;
-       traffic_selector_t *ts;
-       
-       /* clone all proposals */
-       iterator = this->proposals->create_iterator(this->proposals, TRUE);
-       while (iterator->has_next(iterator))
-       {
-               iterator->current(iterator, (void**)&proposal);
-               proposal = proposal->clone(proposal);
-               clone->proposals->insert_last(clone->proposals, (void*)proposal);
-       }
-       iterator->destroy(iterator);
-       
-       /* clone all local traffic selectors */
-       iterator = this->my_ts->create_iterator(this->my_ts, TRUE);
-       while (iterator->has_next(iterator))
-       {
-               iterator->current(iterator, (void**)&ts);
-               ts = ts->clone(ts);
-               clone->my_ts->insert_last(clone->my_ts, (void*)ts);
-       }
-       iterator->destroy(iterator);
-       
-       /* clone all remote traffic selectors */
-       iterator = this->other_ts->create_iterator(this->other_ts, TRUE);
-       while (iterator->has_next(iterator))
-       {
-               iterator->current(iterator, (void**)&ts);
-               ts = ts->clone(ts);
-               clone->other_ts->insert_last(clone->other_ts, (void*)ts);
-       }
-       iterator->destroy(iterator);
-       
-       return &clone->public;
-}
-
-/*
- * Described in header-file
- */
-policy_t *policy_create(identification_t *my_id, identification_t *other_id)
-{
-       private_policy_t *this = malloc_thing(private_policy_t);
-
-       /* public functions */
-       this->public.get_my_id = (identification_t*(*)(policy_t*))get_my_id;
-       this->public.get_other_id = (identification_t*(*)(policy_t*))get_other_id;
-       this->public.update_my_id = (void(*)(policy_t*,identification_t*))update_my_id;
-       this->public.update_other_id = (void(*)(policy_t*,identification_t*))update_other_id;
-       this->public.update_my_ts = (void(*)(policy_t*,host_t*))update_my_ts;
-       this->public.update_other_ts = (void(*)(policy_t*,host_t*))update_other_ts;
-       this->public.get_my_traffic_selectors = (linked_list_t*(*)(policy_t*))get_my_traffic_selectors;
-       this->public.select_my_traffic_selectors = (linked_list_t*(*)(policy_t*,linked_list_t*))select_my_traffic_selectors;
-       this->public.get_other_traffic_selectors = (linked_list_t*(*)(policy_t*))get_other_traffic_selectors;
-       this->public.select_other_traffic_selectors = (linked_list_t*(*)(policy_t*,linked_list_t*))select_other_traffic_selectors;
-       this->public.get_proposals = (linked_list_t*(*)(policy_t*))get_proposals;
-       this->public.select_proposal = (proposal_t*(*)(policy_t*,linked_list_t*))select_proposal;
-       this->public.add_my_traffic_selector = (void(*)(policy_t*,traffic_selector_t*))add_my_traffic_selector;
-       this->public.add_other_traffic_selector = (void(*)(policy_t*,traffic_selector_t*))add_other_traffic_selector;
-       this->public.add_proposal = (void(*)(policy_t*,proposal_t*))add_proposal;
-       this->public.clone = (policy_t*(*)(policy_t*))clone;
-       this->public.destroy = (void(*)(policy_t*))destroy;
-       
-       /* apply init values */
-       this->my_id = my_id;
-       this->other_id = other_id;
-       
-       /* init private members*/
-       this->select_traffic_selectors = select_traffic_selectors;
-       this->proposals = linked_list_create();
-       this->my_ts = linked_list_create();
-       this->other_ts = linked_list_create();
-
-       return (&this->public);
-}
diff --git a/src/charon/charon/config/policies/policy.h b/src/charon/charon/config/policies/policy.h
deleted file mode 100644 (file)
index 78cda1e..0000000
+++ /dev/null
@@ -1,249 +0,0 @@
-/**
- * @file policy.h
- * 
- * @brief Interface of policy_t.
- *  
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef POLICY_H_
-#define POLICY_H_
-
-#include <types.h>
-#include <utils/identification.h>
-#include <config/traffic_selector.h>
-#include <config/proposal.h>
-#include <encoding/payloads/auth_payload.h>
-
-
-typedef struct policy_t policy_t;
-
-/**
- * @brief A policy_t defines the policies to apply to CHILD_SAs.
- * 
- * The given two IDs identify a policy. These rules define how
- * child SAs may be set up and which traffic may be IPsec'ed.
- * 
- * @b Constructors:
- *   - policy_create()
- * 
- * @ingroup config
- */
-struct policy_t {
-       
-       /**
-        * @brief Get own id to use for identification.
-        * 
-        * Returned object is not getting cloned.
-        * 
-        * @param this                  calling object
-        * @return                              own id
-        */
-       identification_t *(*get_my_id) (policy_t *this);
-       
-       /**
-        * @brief Get id of communication partner.
-        *
-        * Returned object is not getting cloned.
-        * 
-        * @param this                  calling object
-        * @return                              other id
-        */
-       identification_t *(*get_other_id) (policy_t *this);
-
-       /**
-        * @brief Update own ID.
-        * 
-        * It may be necessary to uptdate own ID, as it 
-        * is set to %any or to e.g. *@strongswan.org in 
-        * some cases.
-        * Old ID is destroyed, new one NOT cloned.
-        * 
-        * @param this          calling object
-        * @param my_id         new ID to set as my_id
-        */
-       void (*update_my_id) (policy_t *this, identification_t *my_id);
-
-       /**
-        * @brief Update others ID.
-        * 
-        * It may be necessary to uptdate others ID, as it 
-        * is set to %any or to e.g. *@strongswan.org in 
-        * some cases.
-        * Old ID is destroyed, new one NOT cloned.
-        * 
-        * @param this          calling object
-        * @param other_id      new ID to set as other_id
-        */
-       void (*update_other_id) (policy_t *this, identification_t *other_id);
-
-       /**
-        * @brief Update own address in traffic selectors.
-        * 
-        * Update own 0.0.0.0 address in traffic selectors
-        * with supplied one. The size of the subnet will be
-        * set to /32.
-        * 
-        * @param this          calling object
-        * @param my_host       new address to set in traffic selectors
-        */
-       void (*update_my_ts) (policy_t *this, host_t *my_host);
-
-       /**
-        * @brief Update others address in traffic selectors.
-        * 
-        * Update remote 0.0.0.0 address in traffic selectors
-        * with supplied one. The size of the subnet will be
-        * set to /32.
-        * 
-        * @param this          calling object
-        * @param other_host    new address to set in traffic selectors
-        */
-       void (*update_other_ts) (policy_t *this, host_t *other_host);
-       
-       /**
-        * @brief Get configured traffic selectors for our site.
-        * 
-        * Returns a list with all traffic selectors for the local
-        * site. List and items MUST NOT be freed nor modified.
-        * 
-        * @param this                                          calling object
-        * @return                                                      list with traffic selectors
-        */
-       linked_list_t *(*get_my_traffic_selectors) (policy_t *this);
-       
-       /**
-        * @brief Get configured traffic selectors for others site.
-        * 
-        * Returns a list with all traffic selectors for the remote
-        * site. List and items MUST NOT be freed nor modified.
-        * 
-        * @param this                                          calling object
-        * @return                                                      list with traffic selectors
-        */
-       linked_list_t *(*get_other_traffic_selectors) (policy_t *this);
-       
-       /**
-        * @brief Select traffic selectors from a supplied list for local site.
-        * 
-        * Resulted list and traffic selectors must be destroyed after usage.
-        * 
-        * @param this                                          calling object
-        * @param supplied                                      linked list with traffic selectors
-        * @return                                                      list containing the selected traffic selectors
-        */
-       linked_list_t *(*select_my_traffic_selectors) (policy_t *this, linked_list_t *supplied);
-               
-       /**
-        * @brief Select traffic selectors from a supplied list for remote site.
-        * 
-        * Resulted list and traffic selectors must be destroyed after usage.
-        * 
-        * @param this                                          calling object
-        * @param supplied                                      linked list with traffic selectors
-        * @return                                                      list containing the selected traffic selectors
-        */
-       linked_list_t *(*select_other_traffic_selectors) (policy_t *this, linked_list_t *supplied);
-       
-       /**
-        * @brief Get the list of internally stored proposals.
-        * 
-        * Rembember: policy_t does store proposals for AH/ESP, 
-        * IKE proposals are in the connection_t
-        * 
-        * @warning List and Items are still owned by policy and MUST NOT
-        *                      be manipulated or freed!
-        * 
-        * @param this                                  calling object
-        * @return                                              lists with proposals
-        */
-       linked_list_t *(*get_proposals) (policy_t *this);
-       
-       /**
-        * @brief Select a proposal from a supplied list.
-        * 
-        * @param this                                  calling object
-        * @param proposals                             list from from wich proposals are selected
-        * @return                                              selected proposal, or NULL if nothing matches
-        */
-       proposal_t *(*select_proposal) (policy_t *this, linked_list_t *proposals);
-       
-       /**
-        * @brief Add a traffic selector to the list for local site.
-        * 
-        * After add, proposal is owned by policy.
-        * 
-        * @warning Do not add while other threads are reading.
-        * 
-        * @param this                                  calling object
-        * @param traffic_selector              traffic_selector to add
-        */
-       void (*add_my_traffic_selector) (policy_t *this, traffic_selector_t *traffic_selector);
-       
-       /**
-        * @brief Add a traffic selector to the list for remote site.
-        * 
-        * After add, proposal is owned by policy.
-        * 
-        * @warning Do not add while other threads are reading.
-        * 
-        * @param this                                  calling object
-        * @param traffic_selector              traffic_selector to add
-        */
-       void (*add_other_traffic_selector) (policy_t *this, traffic_selector_t *traffic_selector);
-       
-       /**
-        * @brief Add a proposal to the list. 
-        * 
-        * The proposals are stored by priority, first added
-        * is the most prefered.
-        * 
-        * @warning Do not add while other threads are reading.
-        * 
-        * @param this                                  calling object
-        * @param proposal                              proposal to add
-        */
-       void (*add_proposal) (policy_t *this, proposal_t *proposal);
-       
-       /**
-        * @brief Clone a policy.
-        * 
-        * @param this                          policy to clone
-        * @return                                      clone of it
-        */
-       policy_t *(*clone) (policy_t *this);
-       
-       /**
-        * @brief Destroys the policy object
-        * 
-        * @param this                          calling object
-        */
-       void (*destroy) (policy_t *this);
-};
-
-/**
- * @brief Create a configuration object for IKE_AUTH and later.
- * 
- * @param my_id                        identification_t for ourselves
- * @param other_id                     identification_t for the remote guy
- * @return                                     policy_t object
- * 
- * @ingroup config
- */
-policy_t *policy_create(identification_t *my_id, identification_t *other_id);
-
-#endif /* POLICY_H_ */
diff --git a/src/charon/charon/config/policies/policy_store.h b/src/charon/charon/config/policies/policy_store.h
deleted file mode 100755 (executable)
index 651dea6..0000000
+++ /dev/null
@@ -1,76 +0,0 @@
-/**
- * @file policy_store.h
- * 
- * @brief Interface policy_store_t.
- *  
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef POLICY_STORE_H_
-#define POLICY_STORE_H_
-
-#include <types.h>
-#include <config/policies/policy.h>
-
-
-typedef struct policy_store_t policy_store_t;
-
-/**
- * @brief The interface for a store of policy_t's.
- * 
- * @b Constructors:
- * - stroke_create()
- * 
- * @ingroup config
- */
-struct policy_store_t { 
-
-       /**
-        * @brief Returns a policy identified by two IDs.
-        * 
-        * The returned policy gets created/cloned and therefore must be
-        * destroyed by the caller.
-        * 
-        * @param this          calling object
-        * @param my_id         own ID of the policy
-        * @param other_id      others ID of the policy
-        * @return
-        *                                      - matching policy_t, if found
-        *                                      - NULL otherwise
-        */
-       policy_t *(*get_policy) (policy_store_t *this, identification_t *my_id, identification_t *other_id);
-
-       /**
-        * @brief Add a policy to the list.
-        * 
-        * The policy is owned by the store after the call. Do
-        * not modify nor free.
-        * 
-        * @param this          calling object
-        * @param policy        policy to add
-        */
-       void (*add_policy) (policy_store_t *this, policy_t *policy);
-       
-       /**
-        * @brief Destroys a policy_store_t object.
-        * 
-        * @param this                                  calling object
-        */
-       void (*destroy) (policy_store_t *this);
-};
-
-#endif /*POLICY_STORE_H_*/
diff --git a/src/charon/charon/config/proposal.c b/src/charon/charon/config/proposal.c
deleted file mode 100644 (file)
index cb71a75..0000000
+++ /dev/null
@@ -1,642 +0,0 @@
-/**
- * @file proposal.c
- * 
- * @brief Implementation of proposal_t.
- * 
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <string.h>
-
-#include "proposal.h"
-
-#include <utils/linked_list.h>
-#include <utils/identification.h>
-#include <utils/logger.h>
-
-
-/** 
- * String mappings for protocol_id_t.
- */
-mapping_t protocol_id_m[] = {
-       {PROTO_NONE, "PROTO_NONE"},
-       {PROTO_IKE, "PROTO_IKE"},
-       {PROTO_AH, "PROTO_AH"},
-       {PROTO_ESP, "PROTO_ESP"},
-       {MAPPING_END, NULL}
-};
-
-/** 
- * String mappings for transform_type_t.
- */
-mapping_t transform_type_m[] = {
-       {UNDEFINED_TRANSFORM_TYPE, "UNDEFINED_TRANSFORM_TYPE"},
-       {ENCRYPTION_ALGORITHM, "ENCRYPTION_ALGORITHM"},
-       {PSEUDO_RANDOM_FUNCTION, "PSEUDO_RANDOM_FUNCTION"},
-       {INTEGRITY_ALGORITHM, "INTEGRITY_ALGORITHM"},
-       {DIFFIE_HELLMAN_GROUP, "DIFFIE_HELLMAN_GROUP"},
-       {EXTENDED_SEQUENCE_NUMBERS, "EXTENDED_SEQUENCE_NUMBERS"},
-       {MAPPING_END, NULL}
-};
-
-/** 
- * String mappings for extended_sequence_numbers_t.
- */
-mapping_t extended_sequence_numbers_m[] = {
-       {NO_EXT_SEQ_NUMBERS, "NO_EXT_SEQ_NUMBERS"},
-       {EXT_SEQ_NUMBERS, "EXT_SEQ_NUMBERS"},
-       {MAPPING_END, NULL}
-};
-
-
-typedef struct protocol_proposal_t protocol_proposal_t;
-
-/**
- * substructure which holds all data algos for a specific protocol
- */
-struct protocol_proposal_t {
-       /**
-        * protocol (ESP or AH)
-        */
-       protocol_id_t protocol;
-       
-       /**
-        * priority ordered list of encryption algorithms
-        */
-       linked_list_t *encryption_algos;
-       
-       /**
-        * priority ordered list of integrity algorithms
-        */
-       linked_list_t *integrity_algos;
-       
-       /**
-        * priority ordered list of pseudo random functions
-        */
-       linked_list_t *prf_algos;
-       
-       /**
-        * priority ordered list of dh groups
-        */
-       linked_list_t *dh_groups;
-       
-       /**
-        * priority ordered list of extended sequence number flags
-       */
-       linked_list_t *esns;
-       
-       /** 
-        * senders SPI
-        */
-       chunk_t spi;
-};
-
-
-typedef struct private_proposal_t private_proposal_t;
-
-/**
- * Private data of an proposal_t object
- */
-struct private_proposal_t {
-
-       /**
-        * Public part
-        */
-       proposal_t public;
-       
-       /**
-        * number of this proposal, as used in the payload
-        */
-       u_int8_t number;
-       
-       /**
-        * list of protocol_proposal_t's
-        */
-       linked_list_t *protocol_proposals;
-};
-
-/**
- * Look up a protocol_proposal, or create one if necessary...
- */
-static protocol_proposal_t *get_protocol_proposal(private_proposal_t *this, protocol_id_t proto, bool create)
-{
-       protocol_proposal_t *proto_proposal = NULL, *current_proto_proposal;;
-       iterator_t *iterator;
-        
-       /* find our protocol in the proposals */
-       iterator = this->protocol_proposals->create_iterator(this->protocol_proposals, TRUE);
-       while (iterator->has_next(iterator))
-       {
-               iterator->current(iterator, (void**)&current_proto_proposal);
-               if (current_proto_proposal->protocol == proto)
-               {
-                       proto_proposal = current_proto_proposal;
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-
-       if (!proto_proposal && create)
-       {
-               /* nope, create a new one */
-               proto_proposal = malloc_thing(protocol_proposal_t);
-               proto_proposal->protocol = proto;
-               proto_proposal->encryption_algos = linked_list_create();
-               proto_proposal->integrity_algos = linked_list_create();
-               proto_proposal->prf_algos = linked_list_create();
-               proto_proposal->dh_groups = linked_list_create();
-               proto_proposal->esns = linked_list_create();
-               if (proto == PROTO_IKE)
-               {
-                       proto_proposal->spi.len = 8;
-               }
-               else
-               {
-                       proto_proposal->spi.len = 4;
-               }
-               proto_proposal->spi.ptr = malloc(proto_proposal->spi.len);
-               /* add to the list */
-               this->protocol_proposals->insert_last(this->protocol_proposals, (void*)proto_proposal);
-       }
-       return proto_proposal;
-}
-
-/**
- * Add algorithm/keysize to a algorithm list
- */
-static void add_algo(linked_list_t *list, u_int8_t algo, size_t key_size)
-{
-       algorithm_t *algo_key = malloc_thing(algorithm_t);
-       
-       algo_key->algorithm = algo;
-       algo_key->key_size = key_size;
-       list->insert_last(list, (void*)algo_key);
-}
-
-/**
- * Implements proposal_t.add_algorithm
- */
-static void add_algorithm(private_proposal_t *this, protocol_id_t proto, transform_type_t type, u_int16_t algo, size_t key_size)
-{
-       protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, TRUE);
-       
-       switch (type)
-       {
-               case ENCRYPTION_ALGORITHM:
-                       add_algo(proto_proposal->encryption_algos, algo, key_size);
-                       break;
-               case INTEGRITY_ALGORITHM:
-                       add_algo(proto_proposal->integrity_algos, algo, key_size);
-                       break;
-               case PSEUDO_RANDOM_FUNCTION:
-                       add_algo(proto_proposal->prf_algos, algo, key_size);
-                       break;
-               case DIFFIE_HELLMAN_GROUP:
-                       add_algo(proto_proposal->dh_groups, algo, 0);
-                       break;
-               case EXTENDED_SEQUENCE_NUMBERS:
-                       add_algo(proto_proposal->esns, algo, 0);
-                       break;
-               default:
-                       break;
-       }
-}
-
-/**
- * Implements proposal_t.get_algorithm.
- */
-static bool get_algorithm(private_proposal_t *this, protocol_id_t proto, transform_type_t type, algorithm_t** algo)
-{
-       linked_list_t * list;
-       protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, FALSE);
-       
-       if (proto_proposal == NULL)
-       {
-               return FALSE;
-       }
-       switch (type)
-       {
-               case ENCRYPTION_ALGORITHM:
-                       list = proto_proposal->encryption_algos;
-                       break;
-               case INTEGRITY_ALGORITHM:
-                       list = proto_proposal->integrity_algos;
-                       break;
-               case PSEUDO_RANDOM_FUNCTION:
-                       list = proto_proposal->prf_algos;
-                       break;
-               case DIFFIE_HELLMAN_GROUP:
-                       list = proto_proposal->dh_groups;
-                       break;
-               case EXTENDED_SEQUENCE_NUMBERS:
-                       list = proto_proposal->esns;
-                       break;
-               default:
-                       return FALSE;
-       }
-       if (list->get_first(list, (void**)algo) != SUCCESS)
-       {
-               return FALSE;
-       }
-       return TRUE;
-}
-
-/**
- * Implements proposal_t.create_algorithm_iterator.
- */
-static iterator_t *create_algorithm_iterator(private_proposal_t *this, protocol_id_t proto, transform_type_t type)
-{
-       protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, FALSE);
-       if (proto_proposal == NULL)
-       {
-               return NULL;
-       }
-       
-       switch (type)
-       {
-               case ENCRYPTION_ALGORITHM:
-                       return proto_proposal->encryption_algos->create_iterator(proto_proposal->encryption_algos, TRUE);
-               case INTEGRITY_ALGORITHM:
-                       return proto_proposal->integrity_algos->create_iterator(proto_proposal->integrity_algos, TRUE);
-               case PSEUDO_RANDOM_FUNCTION:
-                       return proto_proposal->prf_algos->create_iterator(proto_proposal->prf_algos, TRUE);
-               case DIFFIE_HELLMAN_GROUP:
-                       return proto_proposal->dh_groups->create_iterator(proto_proposal->dh_groups, TRUE);
-               case EXTENDED_SEQUENCE_NUMBERS:
-                       return proto_proposal->esns->create_iterator(proto_proposal->esns, TRUE);
-               default:
-                       break;
-       }
-       return NULL;
-}
-
-/**
- * Find a matching alg/keysize in two linked lists
- */
-static bool select_algo(linked_list_t *first, linked_list_t *second, bool *add, u_int16_t *alg, size_t *key_size)
-{
-       iterator_t *first_iter, *second_iter;
-       algorithm_t *first_alg, *second_alg;
-       
-       /* if in both are zero algorithms specified, we HAVE a match */
-       if (first->get_count(first) == 0 && second->get_count(second) == 0)
-       {
-               *add = FALSE;
-               return TRUE;
-       }
-       
-       first_iter = first->create_iterator(first, TRUE);
-       second_iter = second->create_iterator(second, TRUE);
-       /* compare algs, order of algs in "first" is preferred */
-       while (first_iter->has_next(first_iter))
-       {
-               first_iter->current(first_iter, (void**)&first_alg);
-               second_iter->reset(second_iter);
-               while (second_iter->has_next(second_iter))
-               {
-                       second_iter->current(second_iter, (void**)&second_alg);
-                       if (first_alg->algorithm == second_alg->algorithm &&
-                               first_alg->key_size == second_alg->key_size)
-                       {
-                               /* ok, we have an algorithm */
-                               *alg = first_alg->algorithm;
-                               *key_size = first_alg->key_size;
-                               *add = TRUE;
-                               first_iter->destroy(first_iter);
-                               second_iter->destroy(second_iter);
-                               return TRUE;
-                       }
-               }
-       }
-       /* no match in all comparisons */
-       first_iter->destroy(first_iter);
-       second_iter->destroy(second_iter);
-       return FALSE;
-}
-
-/**
- * Implements proposal_t.select.
- */
-static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t *other)
-{
-       proposal_t *selected;
-       u_int16_t algo;
-       size_t key_size;
-       iterator_t *iterator;
-       protocol_proposal_t *this_prop, *other_prop;
-       protocol_id_t proto;
-       bool add;
-       u_int64_t spi;
-       
-       /* empty proposal? no match */
-       if (this->protocol_proposals->get_count(this->protocol_proposals) == 0 ||
-               other->protocol_proposals->get_count(other->protocol_proposals) == 0)
-       {
-               return NULL;
-       }
-       /* they MUST have the same amount of protocols */
-       if (this->protocol_proposals->get_count(this->protocol_proposals) !=
-               other->protocol_proposals->get_count(other->protocol_proposals))
-       {
-               return NULL;
-       }
-       
-       selected = proposal_create(this->number);
-       
-       /* iterate over supplied proposals */
-       iterator = other->protocol_proposals->create_iterator(other->protocol_proposals, TRUE);
-       while (iterator->has_next(iterator))
-       {
-               iterator->current(iterator, (void**)&other_prop);
-               /* get the proposal with the same protocol */
-               proto = other_prop->protocol;
-               this_prop = get_protocol_proposal(this, proto, FALSE);
-               
-               if (this_prop == NULL)
-               {
-                       iterator->destroy(iterator);
-                       selected->destroy(selected);
-                       return NULL;
-               }
-               
-               /* select encryption algorithm */
-               if (select_algo(this_prop->encryption_algos, other_prop->encryption_algos, &add, &algo, &key_size))
-               {
-                       if (add)
-                       {
-                               selected->add_algorithm(selected, proto, ENCRYPTION_ALGORITHM, algo, key_size);
-                       }
-               }
-               else
-               {
-                       iterator->destroy(iterator);
-                       selected->destroy(selected);
-                       return NULL;
-               }
-               /* select integrity algorithm */
-               if (select_algo(this_prop->integrity_algos, other_prop->integrity_algos, &add, &algo, &key_size))
-               {
-                       if (add)
-                       {
-                               selected->add_algorithm(selected, proto, INTEGRITY_ALGORITHM, algo, key_size);
-                       }
-               }
-               else
-               {
-                       iterator->destroy(iterator);
-                       selected->destroy(selected);
-                       return NULL;
-               }
-               /* select prf algorithm */
-               if (select_algo(this_prop->prf_algos, other_prop->prf_algos, &add, &algo, &key_size))
-               {
-                       if (add)
-                       {
-                               selected->add_algorithm(selected, proto, PSEUDO_RANDOM_FUNCTION, algo, key_size);
-                       }
-               }
-               else
-               {
-                       iterator->destroy(iterator);
-                       selected->destroy(selected);
-                       return NULL;
-               }
-               /* select a DH-group */
-               if (select_algo(this_prop->dh_groups, other_prop->dh_groups, &add, &algo, &key_size))
-               {
-                       if (add)
-                       {
-                               selected->add_algorithm(selected, proto, DIFFIE_HELLMAN_GROUP, algo, 0);
-                       }
-               }
-               else
-               {
-                       iterator->destroy(iterator);
-                       selected->destroy(selected);
-                       return NULL;
-               }
-               /* select if we use ESNs */
-               if (select_algo(this_prop->esns, other_prop->esns, &add, &algo, &key_size))
-               {
-                       if (add)
-                       {
-                               selected->add_algorithm(selected, proto, EXTENDED_SEQUENCE_NUMBERS, algo, 0);
-                       }
-               }
-               else
-               {
-                       iterator->destroy(iterator);
-                       selected->destroy(selected);
-                       return NULL;
-               }
-       }
-       iterator->destroy(iterator);
-       
-       /* apply spis from "other" */
-       spi = other->public.get_spi(&(other->public), PROTO_AH);
-       if (spi)
-       {
-               selected->set_spi(selected, PROTO_AH, spi);
-       }
-       spi = other->public.get_spi(&(other->public), PROTO_ESP);
-       if (spi)
-       {
-               selected->set_spi(selected, PROTO_ESP, spi);
-       }
-       
-       /* everything matched, return new proposal */
-       return selected;
-}
-
-/**
- * Implements proposal_t.get_number.
- */
-static u_int8_t get_number(private_proposal_t *this)
-{
-       return this->number;
-}
-
-/**
- * Implements proposal_t.get_protocols.
- */
-static void get_protocols(private_proposal_t *this, protocol_id_t ids[2])
-{
-       iterator_t *iterator = this->protocol_proposals->create_iterator(this->protocol_proposals, TRUE);
-       u_int i = 0;
-       
-       ids[0] = PROTO_NONE;
-       ids[1] = PROTO_NONE;
-       while (iterator->has_next(iterator))
-       {
-               protocol_proposal_t *proto_prop;
-               iterator->current(iterator, (void**)&proto_prop);
-               ids[i++] = proto_prop->protocol;
-               if (i>1)
-               {
-                       /* should not happen, but who knows */
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-}
-
-/**
- * Implements proposal_t.set_spi.
- */
-static void set_spi(private_proposal_t *this, protocol_id_t proto, u_int64_t spi)
-{
-       protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, FALSE);
-       if (proto_proposal)
-       {
-               if (proto == PROTO_AH || proto == PROTO_ESP)
-               {
-                       *((u_int32_t*)proto_proposal->spi.ptr) = (u_int32_t)spi;
-               }
-               else
-               {
-                       *((u_int64_t*)proto_proposal->spi.ptr) = spi;
-               }
-       }
-}
-
-/**
- * Implements proposal_t.get_spi.
- */
-static u_int64_t get_spi(private_proposal_t *this, protocol_id_t proto)
-{
-       protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, FALSE);
-       if (proto_proposal)
-       {
-               if (proto == PROTO_AH || proto == PROTO_ESP)
-               {
-                       return (u_int64_t)*((u_int32_t*)proto_proposal->spi.ptr);
-               }
-               else
-               {
-                       return *((u_int64_t*)proto_proposal->spi.ptr);
-               }
-       }
-       return 0;
-}
-
-/**
- * Clone a algorithm list
- */
-static void clone_algo_list(linked_list_t *list, linked_list_t *clone_list)
-{
-       algorithm_t *algo, *clone_algo;
-       iterator_t *iterator = list->create_iterator(list, TRUE);
-       while (iterator->has_next(iterator))
-       {
-               iterator->current(iterator, (void**)&algo);
-               clone_algo = malloc_thing(algorithm_t);
-               memcpy(clone_algo, algo, sizeof(algorithm_t));
-               clone_list->insert_last(clone_list, (void*)clone_algo);
-       }
-       iterator->destroy(iterator);
-}
-
-/**
- * Implements proposal_t.clone
- */
-static proposal_t *clone(private_proposal_t *this)
-{
-       private_proposal_t *clone = (private_proposal_t*)proposal_create(this->number);
-       
-       iterator_t *iterator = this->protocol_proposals->create_iterator(this->protocol_proposals, TRUE);
-       while (iterator->has_next(iterator))
-       {
-               protocol_proposal_t *proto_prop, *clone_proto_prop;
-               iterator->current(iterator, (void**)&proto_prop);
-               
-               clone_proto_prop = get_protocol_proposal(clone, proto_prop->protocol, TRUE);
-               memcpy(clone_proto_prop->spi.ptr, proto_prop->spi.ptr, clone_proto_prop->spi.len);
-               
-               clone_algo_list(proto_prop->encryption_algos, clone_proto_prop->encryption_algos);
-               clone_algo_list(proto_prop->integrity_algos, clone_proto_prop->integrity_algos);
-               clone_algo_list(proto_prop->prf_algos, clone_proto_prop->prf_algos);
-               clone_algo_list(proto_prop->dh_groups, clone_proto_prop->dh_groups);
-               clone_algo_list(proto_prop->esns, clone_proto_prop->esns);
-       }
-       iterator->destroy(iterator);
-       
-       return &clone->public;
-}
-
-/**
- * Frees all list items and destroys the list
- */
-static void free_algo_list(linked_list_t *list)
-{
-       algorithm_t *algo;
-       
-       while(list->get_count(list) > 0)
-       {
-               list->remove_last(list, (void**)&algo);
-               free(algo);
-       }
-       list->destroy(list);
-}
-
-/**
- * Implements proposal_t.destroy.
- */
-static void destroy(private_proposal_t *this)
-{
-       while(this->protocol_proposals->get_count(this->protocol_proposals) > 0)
-       {
-               protocol_proposal_t *proto_prop;
-               this->protocol_proposals->remove_last(this->protocol_proposals, (void**)&proto_prop);
-               
-               free_algo_list(proto_prop->encryption_algos);
-               free_algo_list(proto_prop->integrity_algos);
-               free_algo_list(proto_prop->prf_algos);
-               free_algo_list(proto_prop->dh_groups);
-               free_algo_list(proto_prop->esns);
-               
-               free(proto_prop->spi.ptr);
-               free(proto_prop);
-       }
-       this->protocol_proposals->destroy(this->protocol_proposals);
-       
-       free(this);
-}
-
-/*
- * Describtion in header-file
- */
-proposal_t *proposal_create(u_int8_t number)
-{
-       private_proposal_t *this = malloc_thing(private_proposal_t);
-       
-       this->public.add_algorithm = (void (*)(proposal_t*,protocol_id_t,transform_type_t,u_int16_t,size_t))add_algorithm;
-       this->public.create_algorithm_iterator = (iterator_t* (*)(proposal_t*,protocol_id_t,transform_type_t))create_algorithm_iterator;
-       this->public.get_algorithm = (bool (*)(proposal_t*,protocol_id_t,transform_type_t,algorithm_t**))get_algorithm;
-       this->public.select = (proposal_t* (*)(proposal_t*,proposal_t*))select_proposal;
-       this->public.get_number = (u_int8_t (*)(proposal_t*))get_number;
-       this->public.get_protocols = (void(*)(proposal_t *this, protocol_id_t ids[2]))get_protocols;
-       this->public.set_spi = (void(*)(proposal_t*,protocol_id_t,u_int64_t spi))set_spi;
-       this->public.get_spi = (u_int64_t(*)(proposal_t*,protocol_id_t))get_spi;
-       this->public.clone = (proposal_t*(*)(proposal_t*))clone;
-       this->public.destroy = (void(*)(proposal_t*))destroy;
-       
-       /* init private members*/
-       this->number = number;
-       this->protocol_proposals = linked_list_create();
-       
-       return (&this->public);
-}
diff --git a/src/charon/charon/config/proposal.h b/src/charon/charon/config/proposal.h
deleted file mode 100644 (file)
index 48e3ad8..0000000
+++ /dev/null
@@ -1,269 +0,0 @@
-/**
- * @file proposal.h
- * 
- * @brief Interface of proposal_t.
- *
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef PROPOSAL_H_
-#define PROPOSAL_H_
-
-#include <types.h>
-#include <utils/identification.h>
-#include <utils/linked_list.h>
-#include <utils/host.h>
-#include <crypto/crypters/crypter.h>
-#include <crypto/signers/signer.h>
-#include <crypto/diffie_hellman.h>
-#include <config/traffic_selector.h>
-
-
-typedef enum protocol_id_t protocol_id_t;
-
-/**
- * Protocol ID of a proposal.
- * 
- * @ingroup config
- */
-enum protocol_id_t {
-       PROTO_NONE = 0,
-       PROTO_IKE = 1,
-       PROTO_AH = 2,
-       PROTO_ESP = 3,
-};
-
-/** 
- * String mappings for protocol_id_t.
- * 
- * @ingroup config
- */
-extern mapping_t protocol_id_m[];
-
-
-typedef enum transform_type_t transform_type_t;
-
-/**
- * Type of a transform, as in IKEv2 RFC 3.3.2.
- * 
- * @ingroup payloads
- */
-enum transform_type_t {
-       UNDEFINED_TRANSFORM_TYPE = 241,
-       ENCRYPTION_ALGORITHM = 1,
-       PSEUDO_RANDOM_FUNCTION = 2,
-       INTEGRITY_ALGORITHM = 3,
-       DIFFIE_HELLMAN_GROUP = 4,
-       EXTENDED_SEQUENCE_NUMBERS = 5
-};
-
-/** 
- * String mappings for transform_type_t.
- * 
- * @ingroup payloads
- */
-extern mapping_t transform_type_m[];
-
-
-typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
-
-/** 
- * Extended sequence numbers, as in IKEv2 RFC 3.3.2.
- * 
- * @ingroup payloads
- */
-enum extended_sequence_numbers_t {
-       NO_EXT_SEQ_NUMBERS = 0,
-       EXT_SEQ_NUMBERS = 1
-};
-
-/** 
- * String mappings for extended_sequence_numbers_t.
- * 
- * @ingroup payloads
- */
-extern mapping_t extended_sequence_numbers_m[];
-
-
-typedef struct algorithm_t algorithm_t;
-
-/**
- * Struct used to store different kinds of algorithms. The internal
- * lists of algorithms contain such structures.
- */
-struct algorithm_t {
-       /**
-        * Value from an encryption_algorithm_t/integrity_algorithm_t/...
-        */
-       u_int16_t algorithm;
-       
-       /**
-        * the associated key size, or zero if not needed
-        */
-       u_int16_t key_size;
-};
-
-typedef struct proposal_t proposal_t;
-
-/**
- * @brief Stores a set of algorithms used for an SA.
- * 
- * A proposal stores algorithms for a specific 
- * protocol. It can store algorithms for more than
- * one protocol (e.g. AH and ESP). Then the proposal
- * means both protocols must be used.
- * A proposal may contain more than one algorithm
- * of the same kind. ONE of them can be selected.
- *
- * @warning This class is NOT thread-save!
- * 
- * @b Constructors:
- *   - proposal_create()
- * 
- * @ingroup config
- */
-struct proposal_t {
-       
-       /**
-        * @brief Add an algorithm to the proposal.
-        * 
-        * The algorithms are stored by priority, first added
-        * is the most preferred.
-        * Key size is only needed for encryption algorithms
-        * with variable key size (such as AES). Must be set
-        * to zero if key size is not specified.
-        * The alg parameter accepts encryption_algorithm_t,
-        * integrity_algorithm_t, dh_group_number_t and
-        * extended_sequence_numbers_t.
-        * 
-        * @warning Do not add while other threads are reading.
-        * 
-        * @param this                                  calling object
-        * @param proto                                 desired protocol
-        * @param type                                  kind of algorithm
-        * @param alg                                   identifier for algorithm
-        * @param key_size                              key size to use
-        */
-       void (*add_algorithm) (proposal_t *this, protocol_id_t proto, transform_type_t type, u_int16_t alg, size_t key_size);
-       
-       /**
-        * @brief Get an iterator over algorithms for a specifc protocol/algo type.
-        * 
-        * @param this                                  calling object
-        * @param proto                                 desired protocol
-        * @param type                                  kind of algorithm
-        * @return                                              iterator over algorithms
-        */
-       iterator_t *(*create_algorithm_iterator) (proposal_t *this, protocol_id_t proto, transform_type_t type);
-       
-       /**
-        * @brief Get the algorithm for a type to use.
-        * 
-        * If there are multiple algorithms, only the first is returned.
-        * Result is still owned by proposal, do not modify!
-        * 
-        * @param this                                  calling object
-        * @param proto                                 desired protocol
-        * @param type                                  kind of algorithm
-        * @param[out] algo                             pointer which receives algorithm and key size
-        * @return                                              TRUE if algorithm of this kind available
-        */
-       bool (*get_algorithm) (proposal_t *this, protocol_id_t proto, transform_type_t type, algorithm_t** algo);
-
-       /**
-        * @brief Compare two proposal, and select a matching subset.
-        * 
-        * If the proposals are for the same protocols (AH/ESP), they are
-        * compared. If they have at least one algorithm of each type
-        * in common, a resulting proposal of this kind is created.
-        * 
-        * @param this                                  calling object
-        * @param other                                 proposal to compair agains
-        * @return                                              
-        *                                                              - selected proposal, if possible
-        *                                                              - NULL, if proposals don't match
-        */
-       proposal_t *(*select) (proposal_t *this, proposal_t *other);
-       
-       /**
-        * @brief Get the number set on construction.
-        * 
-        * @param this                          calling object
-        * @return                                      number
-        */
-       u_int8_t (*get_number) (proposal_t *this);
-       
-       /**
-        * @brief Get the protocol ids in the proposals.
-        * 
-        * With AH and ESP, there could be two protocols in one
-        * proposal.
-        * 
-        * @param this                          calling object
-        * @param ids                           array of protocol ids, 
-        */
-       void (*get_protocols) (proposal_t *this, protocol_id_t ids[2]);
-       
-       /**
-        * @brief Get the spi for a specific protocol.
-        * 
-        * @param this                          calling object
-        * @param proto                         AH/ESP
-        * @return                                      spi for proto
-        */
-       u_int64_t (*get_spi) (proposal_t *this, protocol_id_t proto);
-       
-       /**
-        * @brief Set the spi for a specific protocol.
-        * 
-        * @param this                          calling object
-        * @param proto                         AH/ESP
-        * @param spi                           spi to set for proto
-        */
-       void (*set_spi) (proposal_t *this, protocol_id_t proto, u_int64_t spi);
-       
-       /**
-        * @brief Clone a proposal.
-        * 
-        * @param this                          proposal to clone
-        * @return                                      clone of it
-        */
-       proposal_t *(*clone) (proposal_t *this);
-       
-       /**
-        * @brief Destroys the proposal object.
-        * 
-        * @param this                          calling object
-        */
-       void (*destroy) (proposal_t *this);
-};
-
-/**
- * @brief Create a child proposal for AH and/or ESP.
- * 
- * Since the order of multiple proposals is important for
- * key derivation, we must assign them numbers as they
- * appear in the raw payload. Numbering starts at 1.
- * 
- * @param number                       number of the proposal, as in the payload
- * @return                                     proposal_t object
- * 
- * @ingroup config
- */
-proposal_t *proposal_create(u_int8_t number);
-
-#endif /* PROPOSAL_H_ */
diff --git a/src/charon/charon/config/traffic_selector.c b/src/charon/charon/config/traffic_selector.c
deleted file mode 100644 (file)
index 8127265..0000000
+++ /dev/null
@@ -1,425 +0,0 @@
-/**
- * @file traffic_selector.c
- * 
- * @brief Implementation of traffic_selector_t.
- * 
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "traffic_selector.h"
-
-#include <utils/linked_list.h>
-#include <utils/identification.h>
-#include <arpa/inet.h>
-#include <string.h>
-
-typedef struct private_traffic_selector_t private_traffic_selector_t;
-
-/**
- * Private data of an traffic_selector_t object
- */
-struct private_traffic_selector_t {
-
-       /**
-        * Public part
-        */
-       traffic_selector_t public;
-       
-       /**
-        * Type of address
-        */
-       ts_type_t type;
-       
-       /**
-        * IP protocol (UDP, TCP, ICMP, ...)
-        */
-       u_int8_t protocol;
-       
-       /** 
-        * begin of address range, host order
-        */
-       union {
-               u_int32_t from_addr_ipv4;
-       };
-       
-       /**
-        * end of address range, host order
-        */
-       union {
-               u_int32_t to_addr_ipv4;
-       };
-       
-       /**
-        * begin of port range 
-        */
-       u_int16_t from_port;
-       
-       /**
-        * end of port range 
-        */
-       u_int16_t to_port;
-};
-
-/**
- * internal generic constructor
- */
-static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts_type_t type, u_int16_t from_port, u_int16_t to_port);
-
-/**
- * implements traffic_selector_t.get_subset
- */
-static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_traffic_selector_t *other)
-{
-       if ((this->type == TS_IPV4_ADDR_RANGE) &&
-               (other->type == TS_IPV4_ADDR_RANGE) &&
-               (this->protocol == other->protocol))
-       {
-               u_int32_t from_addr, to_addr;
-               u_int16_t from_port, to_port;
-               private_traffic_selector_t *new_ts;
-               
-               /* calculate the maximum address range allowed for both */
-               from_addr = max(this->from_addr_ipv4, other->from_addr_ipv4);
-               to_addr = min(this->to_addr_ipv4, other->to_addr_ipv4);
-               if (from_addr > to_addr)
-               {
-                       /* no match */
-                       return NULL;    
-               }
-               
-               /* calculate the maximum port range allowed for both */
-               from_port = max(this->from_port, other->from_port);
-               to_port = min(this->to_port, other->to_port);
-               if (from_port > to_port)
-               {
-                       /* no match */
-                       return NULL;    
-               }
-               
-               /* got a match, return it */
-               new_ts = traffic_selector_create(this->protocol, this->type, from_port, to_port); 
-               new_ts->from_addr_ipv4 = from_addr;
-               new_ts->to_addr_ipv4 = to_addr;
-               new_ts->type = TS_IPV4_ADDR_RANGE;
-               return &(new_ts->public);
-       }
-       return NULL;
-}
-
-/**
- * Implements traffic_selector_t.get_from_address.
- */
-static chunk_t get_from_address(private_traffic_selector_t *this)
-{
-       chunk_t from_addr = CHUNK_INITIALIZER;
-       
-       switch (this->type)
-       {
-               case TS_IPV4_ADDR_RANGE:
-               {
-                       u_int32_t network;
-                       from_addr.len = sizeof(network);
-                       from_addr.ptr = malloc(from_addr.len);
-                       /* chunk must contain network order, convert! */
-                       network = htonl(this->from_addr_ipv4);
-                       memcpy(from_addr.ptr, &network, from_addr.len);
-                       break;  
-               }
-               case TS_IPV6_ADDR_RANGE:
-               {
-                       break;
-               }
-       }
-       return from_addr;
-}
-       
-/**
- * Implements traffic_selector_t.get_to_address.
- */
-static chunk_t get_to_address(private_traffic_selector_t *this)
-{
-       chunk_t to_addr = CHUNK_INITIALIZER;
-       
-       switch (this->type)
-       {
-               case TS_IPV4_ADDR_RANGE:
-               {
-                       u_int32_t network;
-                       to_addr.len = sizeof(network);
-                       to_addr.ptr = malloc(to_addr.len);
-                       /* chunk must contain network order, convert! */
-                       network = htonl(this->to_addr_ipv4);
-                       memcpy(to_addr.ptr, &network, to_addr.len);
-                       break;  
-               }
-               case TS_IPV6_ADDR_RANGE:
-               {
-                       break;
-               }
-       }
-       return to_addr;
-}
-       
-/**
- * Implements traffic_selector_t.get_from_port.
- */
-static u_int16_t get_from_port(private_traffic_selector_t *this)
-{
-       return this->from_port;
-}
-       
-/**
- * Implements traffic_selector_t.get_to_port.
- */
-static u_int16_t get_to_port(private_traffic_selector_t *this)
-{
-       return this->to_port;
-}
-
-/**
- * Implements traffic_selector_t.get_type.
- */
-static ts_type_t get_type(private_traffic_selector_t *this)
-{
-       return this->type;
-}
-
-/**
- * Implements traffic_selector_t.get_protocol.
- */
-static u_int8_t get_protocol(private_traffic_selector_t *this)
-{
-       return this->protocol;
-}
-
-/**
- * Implements traffic_selector_t.get_netmask.
- */
-static u_int8_t get_netmask(private_traffic_selector_t *this)
-{
-       switch (this->type)
-       {
-               case TS_IPV4_ADDR_RANGE:
-               {
-                       u_int32_t from, to, bit;
-                       from = htonl(this->from_addr_ipv4);
-                       to = htonl(this->to_addr_ipv4);
-                       for (bit = 0; bit < 32; bit++)
-                       {                               
-                               if ((1<<bit & from) != (1<<bit & to))
-                               {
-                                       return bit;
-                               }
-                       }
-                       return 32;
-               }
-               case TS_IPV6_ADDR_RANGE:
-               default:
-               {
-                       return 0;
-               }
-       }
-}
-
-/**
- * Implements traffic_selector_t.update_address_range.
- */
-static void update_address_range(private_traffic_selector_t *this, host_t *host)
-{
-       if (host->get_family(host) == AF_INET &&
-               this->type == TS_IPV4_ADDR_RANGE)
-       {
-               if (this->from_addr_ipv4 == 0)
-               {
-                       chunk_t from = host->get_address_as_chunk(host);
-                       this->from_addr_ipv4 = ntohl(*((u_int32_t*)from.ptr));
-                       this->to_addr_ipv4 = this->from_addr_ipv4;
-                       chunk_free(&from);
-               }
-       }
-}
-
-/**
- * Implements traffic_selector_t.clone.
- */
-static traffic_selector_t *clone(private_traffic_selector_t *this)
-{
-       private_traffic_selector_t *clone = traffic_selector_create(this->protocol, this->type, this->from_port, this->to_port);
-       clone->type = this->type;
-       switch (clone->type)
-       {
-               case TS_IPV4_ADDR_RANGE:
-               {
-                       clone->from_addr_ipv4 = this->from_addr_ipv4;
-                       clone->to_addr_ipv4 = this->to_addr_ipv4;
-                       return &(clone->public);        
-               }
-               case TS_IPV6_ADDR_RANGE:
-               default:
-               {
-                       free(this);
-                       return NULL;    
-               }
-       }
-}
-
-/**
- * Implements traffic_selector_t.destroy.
- */
-static void destroy(private_traffic_selector_t *this)
-{      
-       free(this);
-}
-
-/*
- * see header
- */
-traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, ts_type_t type, chunk_t from_addr, int16_t from_port, chunk_t to_addr, u_int16_t to_port)
-{
-       private_traffic_selector_t *this = traffic_selector_create(protocol, type, from_port, to_port);
-
-       this->type = type;
-       switch (type)
-       {
-               case TS_IPV4_ADDR_RANGE:
-               {
-                       if (from_addr.len != 4 || to_addr.len != 4)
-                       {
-                               free(this);
-                               return NULL;    
-                       }
-                       /* chunk contains network order, convert! */
-                       this->from_addr_ipv4 = ntohl(*((u_int32_t*)from_addr.ptr));
-                       this->to_addr_ipv4 = ntohl(*((u_int32_t*)to_addr.ptr));
-                       break;  
-               }
-               case TS_IPV6_ADDR_RANGE:
-               default:
-               {
-                       free(this);
-                       return NULL;    
-               }
-       }
-       return (&this->public);
-}
-
-/*
- * see header
- */
-traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t netbits)
-{
-       private_traffic_selector_t *this = traffic_selector_create(0, 0, 0, 65535);
-
-       switch (net->get_family(net))
-       {
-               case AF_INET:
-               {
-                       chunk_t from;
-                       
-                       this->type = TS_IPV4_ADDR_RANGE;
-                       from = net->get_address_as_chunk(net);
-                       this->from_addr_ipv4 = ntohl(*((u_int32_t*)from.ptr));
-                       if (this->from_addr_ipv4 == 0)
-                       {
-                               /* use /32 for 0.0.0.0 */
-                               this->to_addr_ipv4 = 0xFFFFFF;
-                       }
-                       else
-                       {
-                               this->to_addr_ipv4 = this->from_addr_ipv4 | ((1 << (32 - netbits)) - 1);
-                       }
-                       chunk_free(&from);
-                       break;  
-               }
-               case AF_INET6:
-               default:
-               {
-                       free(this);
-                       return NULL;    
-               }
-       }
-       return (&this->public);
-}
-
-/*
- * see header
- */
-traffic_selector_t *traffic_selector_create_from_string(u_int8_t protocol, ts_type_t type, char *from_addr, u_int16_t from_port, char *to_addr, u_int16_t to_port)
-{
-       private_traffic_selector_t *this = traffic_selector_create(protocol, type, from_port, to_port);
-
-       /* public functions */
-       this->public.get_subset = (traffic_selector_t*(*)(traffic_selector_t*,traffic_selector_t*))get_subset;
-       this->public.destroy = (void(*)(traffic_selector_t*))destroy;
-
-       this->type = type;
-       switch (type)
-       {
-               case TS_IPV4_ADDR_RANGE:
-               {
-                       if (inet_aton(from_addr, (struct in_addr*)&(this->from_addr_ipv4)) == 0)
-                       {
-                               free(this);
-                               return NULL;
-                       }
-                       if (inet_aton(to_addr, (struct in_addr*)&(this->to_addr_ipv4)) == 0)
-                       {
-                               free(this);
-                               return NULL;
-                       }
-                       /* convert to host order, inet_aton has network order */
-                       this->from_addr_ipv4 = ntohl(this->from_addr_ipv4);
-                       this->to_addr_ipv4 = ntohl(this->to_addr_ipv4);
-                       break;  
-               }
-               case TS_IPV6_ADDR_RANGE:
-               {
-                       free(this);
-                       return NULL;    
-               }
-       }
-
-       return (&this->public);
-}
-
-/*
- * see declaration
- */
-static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts_type_t type, u_int16_t from_port, u_int16_t to_port)
-{
-       private_traffic_selector_t *this = malloc_thing(private_traffic_selector_t);
-
-       /* public functions */
-       this->public.get_subset = (traffic_selector_t*(*)(traffic_selector_t*,traffic_selector_t*))get_subset;
-       this->public.get_from_address = (chunk_t(*)(traffic_selector_t*))get_from_address;
-       this->public.get_to_address = (chunk_t(*)(traffic_selector_t*))get_to_address;
-       this->public.get_from_port = (u_int16_t(*)(traffic_selector_t*))get_from_port;
-       this->public.get_to_port = (u_int16_t(*)(traffic_selector_t*))get_to_port;      
-       this->public.get_type = (ts_type_t(*)(traffic_selector_t*))get_type;    
-       this->public.get_protocol = (u_int8_t(*)(traffic_selector_t*))get_protocol;
-       this->public.get_netmask = (u_int8_t(*)(traffic_selector_t*))get_netmask;
-       this->public.update_address_range = (void(*)(traffic_selector_t*,host_t*))update_address_range;
-       this->public.clone = (traffic_selector_t*(*)(traffic_selector_t*))clone;
-       this->public.destroy = (void(*)(traffic_selector_t*))destroy;
-       
-       this->from_port = from_port;
-       this->to_port = to_port;
-       this->protocol = protocol;
-       this->type = type;
-       
-       return this;
-}
diff --git a/src/charon/charon/config/traffic_selector.h b/src/charon/charon/config/traffic_selector.h
deleted file mode 100644 (file)
index 5ac5bde..0000000
+++ /dev/null
@@ -1,258 +0,0 @@
-/**
- * @file traffic_selector.h
- * 
- * @brief Interface of traffic_selector_t.
- *  
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef TRAFFIC_SELECTOR_H_
-#define TRAFFIC_SELECTOR_H_
-
-#include <types.h>
-#include <utils/host.h>
-
-typedef enum ts_type_t ts_type_t;
-
-/**
- * Traffic selector types.
- * 
- * @ingroup config
- */
-enum ts_type_t {
-       
-       /**
-        * A range of IPv4 addresses, represented by two four (4) octet
-     * values.  The first value is the beginning IPv4 address
-     * (inclusive) and the second value is the ending IPv4 address
-     * (inclusive). All addresses falling between the two specified
-     * addresses are considered to be within the list.
-     */
-       TS_IPV4_ADDR_RANGE = 7,
-       
-       /**
-        * A range of IPv6 addresses, represented by two sixteen (16)
-     * octet values.  The first value is the beginning IPv6 address
-     * (inclusive) and the second value is the ending IPv6 address
-     * (inclusive). All addresses falling between the two specified
-     *  addresses are considered to be within the list.
-        */
-       TS_IPV6_ADDR_RANGE = 8
-};
-
-/**
- * string mappings for ts_type_t
- */
-extern mapping_t ts_type_m[];
-
-
-typedef struct traffic_selector_t traffic_selector_t;
-
-/**
- * @brief Object representing a traffic selector entry.
- * 
- * A traffic selector defines an range of addresses
- * and a range of ports. IPv6 is not fully supported yet.
- * 
- * @b Constructors:
- * - traffic_selector_create_from_bytes()
- * - traffic_selector_create_from_string()
- * 
- * @todo Add IPv6 support
- * 
- * @ingroup config
- */
-struct traffic_selector_t {
-       
-       /**
-        * @brief Compare two traffic selectors, and create a new one
-        * which is the largest subset of both (subnet & port).
-        * 
-        * Resulting traffic_selector is newly created and must be destroyed.
-        * 
-        * @param this          first to compare
-        * @param other         second to compare
-        * @return
-        *                                      - created subset of them
-        *                                      - or NULL if no match between this and other
-        */
-       traffic_selector_t *(*get_subset) (traffic_selector_t *this, traffic_selector_t *other);
-       
-       /**
-        * @brief Clone a traffic selector.
-        *  
-        * @param this          traffic selector to clone
-        * @return                      clone of it
-        */
-       traffic_selector_t *(*clone) (traffic_selector_t *this);
-       
-       /**
-        * @brief Get starting address of this ts as a chunk.
-        * 
-        * Data is in network order and represents the address.
-        * Size depends on protocol.
-        * 
-        * Resulting chunk data is allocated and must be freed!
-        *  
-        * @param this          calling object
-        * @return                      chunk containing the address
-        */
-       chunk_t (*get_from_address) (traffic_selector_t *this);
-       
-       /**
-        * @brief Get ending address of this ts as a chunk.
-        * 
-        * Data is in network order and represents the address.
-        * Size depends on protocol.
-        * 
-        * Resulting chunk data is allocated and must be freed!
-        *  
-        * @param this          calling object
-        * @return                      chunk containing the address
-        */
-       chunk_t (*get_to_address) (traffic_selector_t *this);
-       
-       /**
-        * @brief Get starting port of this ts.
-        * 
-        * Port is in host order, since the parser converts it.
-        * Size depends on protocol.
-        *  
-        * @param this          calling object
-        * @return                      port
-        */
-       u_int16_t (*get_from_port) (traffic_selector_t *this);
-       
-       /**
-        * @brief Get ending port of this ts.
-        * 
-        * Port is in host order, since the parser converts it.
-        * Size depends on protocol.
-        *  
-        * @param this          calling object
-        * @return                      port
-        */
-       u_int16_t (*get_to_port) (traffic_selector_t *this);
-       
-       /**
-        * @brief Get the type of the traffic selector.
-        * 
-        * @param this          calling obect
-        * @return                      ts_type_t specifying the type
-        */
-       ts_type_t (*get_type) (traffic_selector_t *this);
-               
-       /**
-        * @brief Get the protocol id of this ts.
-        * 
-        * @param this          calling obect
-        * @return                      protocol id
-        */
-       u_int8_t (*get_protocol) (traffic_selector_t *this);
-               
-       /**
-        * @brief Get the netmask of the address range.
-        * 
-        * Returns the number of bits associated to the subnet.
-        * (As the "24" in "192.168.0.0/24"). This is approximated
-        * if the address range is not a complete subnet! Since Linux
-        * does not support full IP address ranges (yet), we can't do this
-        * (much) better.
-        * 
-        * @param this          calling obect
-        * @return                      netmask as "bits for subnet"
-        */
-       u_int8_t (*get_netmask) (traffic_selector_t *this);
-               
-       /**
-        * @brief Update the address of a traffic selector.
-        * 
-        * Update the address range of a traffic selector, 
-        * if the current address is 0.0.0.0. The new address range
-        * starts from the supplied address and also ends there 
-        * (which means it is a one-host-address-range ;-).
-        * 
-        * @param this          calling obect
-        * @param host          host_t specifying the address range
-        */
-       void (*update_address_range) (traffic_selector_t *this, host_t* host);
-       
-       /**
-        * @brief Destroys the ts object
-        * 
-        * @param this          calling object
-        */
-       void (*destroy) (traffic_selector_t *this);
-};
-
-/**
- * @brief Create a new traffic selector using human readable params.
- * 
- * @param protocol             protocol for this ts, such as TCP or UDP
- * @param type                 type of following addresses, such as TS_IPV4_ADDR_RANGE
- * @param from_addr            start of address range as string
- * @param from_port            port number in host order
- * @param to_addr              end of address range as string
- * @param to_port              port number in host order
- * @return
- *                                             - traffic_selector_t object
- *                                             - NULL if invalid address strings/protocol
- * 
- * @ingroup config
- */
-traffic_selector_t *traffic_selector_create_from_string(u_int8_t protocol, ts_type_t type, char *from_addr, u_int16_t from_port, char *to_addr, u_int16_t to_port);
-
-/**
- * @brief Create a new traffic selector using data read from the net.
- * 
- * There exists a mix of network and host order in the params.
- * But the parser gives us this data in this format, so we
- * don't have to convert twice.
- * 
- * @param protocol             protocol for this ts, such as TCP or UDP
- * @param type                 type of following addresses, such as TS_IPV4_ADDR_RANGE
- * @param from_address start of address range, network order
- * @param from_port            port number, host order
- * @param to_address   end of address range as string, network
- * @param to_port              port number, host order
- * @return
- *                                             - traffic_selector_t object
- *                                             - NULL if invalid address input/protocol
- *
- * @ingroup config
- */
-traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, ts_type_t type, chunk_t from_address, int16_t from_port, chunk_t to_address, u_int16_t to_port);
-
-/**
- * @brief Create a new traffic selector defining a whole subnet.
- * 
- * In most cases, definition of a traffic selector for full subnets
- * is sufficient. This constructor creates a traffic selector for
- * all protocols, all ports and the address range specified by the
- * subnet.
- * 
- * @param net                  subnet to use
- * @param netbits              size of the subnet, as used in e.g. 192.168.0.0/24 notation
- * @return
- *                                             - traffic_selector_t object
- *                                             - NULL if address family of net not supported
- *
- * @ingroup config
- */
-traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t netbits);
-
-#endif /* TRAFFIC_SELECTOR_H_ */
diff --git a/src/charon/charon/daemon.c b/src/charon/charon/daemon.c
deleted file mode 100644 (file)
index c3d7ed7..0000000
+++ /dev/null
@@ -1,390 +0,0 @@
-/**
- * @file daemon.c
- * 
- * @brief Implementation of daemon_t and main of IKEv2-Daemon.
- * 
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-#include <stdio.h>
-#include <signal.h>
-#include <pthread.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <execinfo.h>
-#include <string.h>
-
-#include "daemon.h" 
-
-#include <types.h>
-#include <config/connections/local_connection_store.h>
-#include <config/credentials/local_credential_store.h>
-#include <config/policies/local_policy_store.h>
-
-
-typedef struct private_daemon_t private_daemon_t;
-
-/**
- * Private additions to daemon_t, contains threads and internal functions.
- */
-struct private_daemon_t {
-       /**
-        * Public members of daemon_t.
-        */
-       daemon_t public;
-       
-       /**
-        * A logger_t object assigned for daemon things.
-        */
-       logger_t *logger;
-
-       /**
-        * Signal set used for signal handling.
-        */
-       sigset_t signal_set;
-       
-       /** 
-        * The thread_id of main-thread.
-        */
-       pthread_t main_thread_id;
-       
-       /**
-        * Main loop function.
-        * 
-        * @param this  calling object
-        */
-       void (*run) (private_daemon_t *this);
-       
-       /**
-        * Initialize the daemon.
-        * 
-        * @param this  calling object
-        */
-       void (*initialize) (private_daemon_t *this);
-       
-       /**
-        * Destroy the daemon.
-        * 
-        * @param this  calling object
-        */
-       void (*destroy) (private_daemon_t *this);
-};
-
-/** 
- * One and only instance of the daemon.
- */
-daemon_t *charon;
-
-/**
- * Implementation of private_daemon_t.run.
- */
-static void run(private_daemon_t *this)
-{
-       /* reselect signals for this thread */
-       sigemptyset(&(this->signal_set));
-       sigaddset(&(this->signal_set), SIGINT); 
-       sigaddset(&(this->signal_set), SIGHUP); 
-       sigaddset(&(this->signal_set), SIGTERM); 
-       pthread_sigmask(SIG_BLOCK, &(this->signal_set), 0);
-       
-       while(TRUE)
-       {
-               int signal_number;
-               int error;
-               
-               error = sigwait(&(this->signal_set), &signal_number);
-               if(error)
-               {
-                       this->logger->log(this->logger, ERROR, "Error %d when waiting for signal", error);
-                       return;
-               }
-               switch (signal_number)
-               {
-                       case SIGHUP:
-                       {
-                               this->logger->log(this->logger, CONTROL, "Signal of type SIGHUP received. Do nothing");
-                               break;
-                       }
-                       case SIGINT:
-                       {
-                               this->logger->log(this->logger, CONTROL, "Signal of type SIGINT received. Exit main loop");
-                               return;
-                       }
-                       case SIGTERM:
-                               this->logger->log(this->logger, CONTROL, "Signal of type SIGTERM received. Exit main loop");
-                               return;
-                       default:
-                       {
-                               this->logger->log(this->logger, CONTROL, "Unknown signal %d received. Do nothing", signal_number);
-                               break;
-                       }
-               }
-       }
-}
-
-/**
- * Implementation of daemon_t.kill.
- */
-static void kill_daemon(private_daemon_t *this, char *reason)
-{
-       /* we send SIGTERM, so the daemon can cleanly shut down */
-       this->logger->log(this->logger, CONTROL, "Killing daemon: %s", reason);
-       if (this->main_thread_id == pthread_self())
-       {
-               /* initialization failed, terminate daemon */
-               this->destroy(this);
-               unlink(PID_FILE);
-               exit(-1);
-       }
-       else
-       {
-               this->logger->log(this->logger, CONTROL, "sending SIGTERM to ourself", reason);
-               kill(0, SIGTERM);
-               /* thread must die, since he produced a ciritcal failure and can't continue */
-               pthread_exit(NULL);
-       }
-}
-
-/**
- * Implementation of private_daemon_t.initialize.
- */
-static void initialize(private_daemon_t *this)
-{
-       local_credential_store_t* cred_store;
-       
-       this->public.configuration = configuration_create();
-       this->public.socket = socket_create(IKEV2_UDP_PORT);
-       this->public.ike_sa_manager = ike_sa_manager_create();
-       this->public.job_queue = job_queue_create();
-       this->public.event_queue = event_queue_create();
-       this->public.send_queue = send_queue_create();
-       this->public.connections = (connection_store_t*)local_connection_store_create();
-       this->public.policies = (policy_store_t*)local_policy_store_create();
-       this->public.credentials = (credential_store_t*)(cred_store = local_credential_store_create());
-       
-       /* load keys & certs */
-       cred_store->load_certificates(cred_store, CERTIFICATE_DIR);
-       cred_store->load_private_keys(cred_store, SECRETS_FILE, PRIVATE_KEY_DIR);
-       
-       
-       /* start building threads, we are multi-threaded NOW */
-       this->public.stroke = stroke_create();
-       this->public.sender = sender_create();
-       this->public.receiver = receiver_create();
-       this->public.scheduler = scheduler_create();
-       this->public.kernel_interface = kernel_interface_create();
-       this->public.thread_pool = thread_pool_create(NUMBER_OF_WORKING_THREADS);
-}
-
-/**
- * Destory all initiated objects
- */
-static void destroy(private_daemon_t *this)
-{
-       if (this->public.ike_sa_manager != NULL)
-       {
-               this->public.ike_sa_manager->destroy(this->public.ike_sa_manager);
-       }
-       if (this->public.kernel_interface != NULL)
-       {
-               this->public.kernel_interface->destroy(this->public.kernel_interface);
-       }
-       if (this->public.receiver != NULL)
-       {
-               this->public.receiver->destroy(this->public.receiver);
-       }
-       if (this->public.scheduler != NULL)
-       {
-               this->public.scheduler->destroy(this->public.scheduler);        
-       }
-       if (this->public.sender != NULL)
-       {
-               this->public.sender->destroy(this->public.sender);
-       }
-       if (this->public.thread_pool != NULL)
-       {
-               this->public.thread_pool->destroy(this->public.thread_pool);    
-       }
-       if (this->public.job_queue != NULL)
-       {
-               this->public.job_queue->destroy(this->public.job_queue);
-       }
-       if (this->public.event_queue != NULL)
-       {
-               this->public.event_queue->destroy(this->public.event_queue);    
-       }
-       if (this->public.send_queue != NULL)
-       {
-               this->public.send_queue->destroy(this->public.send_queue);      
-       }
-       if (this->public.socket != NULL)
-       {
-               this->public.socket->destroy(this->public.socket);
-       }
-       if (this->public.configuration != NULL)
-       {
-               this->public.configuration->destroy(this->public.configuration);
-       }
-       if (this->public.credentials != NULL)
-       {
-               this->public.credentials->destroy(this->public.credentials);
-       }
-       if (this->public.connections != NULL)
-       {
-               this->public.connections->destroy(this->public.connections);
-       }
-       if (this->public.policies != NULL)
-       {
-               this->public.policies->destroy(this->public.policies);
-       }
-       if (this->public.stroke != NULL)
-       {
-               this->public.stroke->destroy(this->public.stroke);
-       }
-       free(this);
-}
-
-void signal_handler(int signal)
-{
-       void *array[20];
-       size_t size;
-       char **strings;
-       size_t i;
-       logger_t *logger;
-
-       size = backtrace(array, 20);
-       strings = backtrace_symbols(array, size);
-       logger = logger_manager->get_logger(logger_manager, DAEMON);
-
-       logger->log(logger, ERROR, "Thread %u received SIGSEGV. Dumping %d frames from stack:", pthread_self(), size);
-
-       for (i = 0; i < size; i++)
-       {
-               logger->log(logger, ERROR, "    %s", strings[i]);
-       }
-       free (strings);
-       logger->log(logger, ERROR, "Killing ourself hard after SIGSEGV");
-       kill(getpid(), SIGKILL);
-}
-
-/**
- * @brief Create the daemon.
- * 
- * @return     created daemon_t
- */
-private_daemon_t *daemon_create(void)
-{      
-       private_daemon_t *this = malloc_thing(private_daemon_t);
-       struct sigaction action;
-               
-       /* assign methods */
-       this->run = run;
-       this->destroy = destroy;
-       this->initialize = initialize;
-       this->public.kill = (void (*) (daemon_t*,char*))kill_daemon;
-       
-       /* NULL members for clean destruction */
-       this->public.socket = NULL;
-       this->public.ike_sa_manager = NULL;
-       this->public.job_queue = NULL;
-       this->public.event_queue = NULL;
-       this->public.send_queue = NULL;
-       this->public.configuration = NULL;
-       this->public.credentials = NULL;
-       this->public.connections = NULL;
-       this->public.policies = NULL;
-       this->public.sender= NULL;
-       this->public.receiver = NULL;
-       this->public.scheduler = NULL;
-       this->public.kernel_interface = NULL;
-       this->public.thread_pool = NULL;
-       this->public.stroke = NULL;
-       
-       this->main_thread_id = pthread_self();
-       
-       /* setup signal handling for all threads */
-       sigemptyset(&(this->signal_set));
-       sigaddset(&(this->signal_set), SIGSEGV);
-       sigaddset(&(this->signal_set), SIGINT); 
-       sigaddset(&(this->signal_set), SIGHUP); 
-       sigaddset(&(this->signal_set), SIGTERM); 
-       pthread_sigmask(SIG_BLOCK, &(this->signal_set), 0);
-       
-       /* setup SIGSEGV handler for all threads */
-       action.sa_handler = signal_handler;
-       action.sa_mask = this->signal_set;
-       action.sa_flags = 0;
-       if (sigaction(SIGSEGV, &action, NULL) == -1)
-       {
-               this->logger->log(this->logger, ERROR, "signal handler setup for SIGSEGV failed");
-       }
-       return this;
-}
-
-/**
- * Main function, manages the daemon.
- */
-int main(int argc, char *argv[])
-{      
-       private_daemon_t *private_charon;
-       FILE *pid_file;
-       struct stat stb;
-       int i;
-       
-       /* trivial argument parsing */
-       for (i = 1; i < argc; i++)
-       {
-               if (strcmp(argv[i], "--use-syslog") == 0)
-               {
-                       logger_manager->set_output(logger_manager, ALL_LOGGERS, NULL);
-               }
-       }
-       private_charon = daemon_create();
-       charon = (daemon_t*)private_charon;
-       
-       private_charon->logger = logger_manager->get_logger(logger_manager, DAEMON);
-               
-       /* initialize daemon */
-       private_charon->initialize(private_charon);
-       
-       /* check/setup PID file */
-       if (stat(PID_FILE, &stb) == 0)
-       {
-               private_charon->logger->log(private_charon->logger, ERROR, 
-                                                                       "charon already running (\""PID_FILE"\" exists)");
-               private_charon->destroy(private_charon);
-               exit(-1);
-       }
-       pid_file = fopen(PID_FILE, "w");
-       if (pid_file)
-       {
-               fprintf(pid_file, "%d\n", getpid());
-               fclose(pid_file);
-       }
-       
-       /* run daemon */
-       private_charon->run(private_charon);
-       
-       /* normal termination, cleanup and exit */
-       private_charon->destroy(private_charon);
-       unlink(PID_FILE);
-
-       return 0;
-}
-
-
diff --git a/src/charon/charon/daemon.h b/src/charon/charon/daemon.h
deleted file mode 100644 (file)
index 5cad133..0000000
+++ /dev/null
@@ -1,337 +0,0 @@
-/**
- * @file daemon.h
- * 
- * @brief Interface of daemon_t.
- * 
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef DAEMON_H_
-#define DAEMON_H_
-
-#include <threads/sender.h>
-#include <threads/receiver.h>
-#include <threads/scheduler.h>
-#include <threads/kernel_interface.h>
-#include <threads/thread_pool.h>
-#include <threads/stroke_interface.h>
-#include <network/socket.h>
-#include <sa/ike_sa_manager.h>
-#include <queues/send_queue.h>
-#include <queues/job_queue.h>
-#include <queues/event_queue.h>
-#include <utils/logger_manager.h>
-#include <config/configuration.h>
-#include <config/connections/connection_store.h>
-#include <config/policies/policy_store.h>
-#include <config/credentials/credential_store.h>
-
-/**
- * @defgroup charon charon
- *
- * @brief IKEv2 keying daemon.
- *
- * @section Architecture
- *
- * All IKEv2 stuff is handled in charon. It uses a newer and more flexible
- * architecture than pluto. Charon uses a thread-pool, which allows parallel
- * execution SA-management. Beside the thread-pool, there are some special purpose
- * threads which do their job for the common health of the daemon.
-   @verbatim 
-                         +------+
-                         | E  Q |
-                         | v  u |---+                   +------+  +------+
-                         | e  e |   |                   |      |  | IKE- |
-                         | n  u |  +-----------+        |      |--| SA   |
-                         | t  e |  |           |        | I  M |  +------+
-       +------------+    | -    |  | Scheduler |        | K  a |
-       |  receiver  |    +------+  |           |        | E  n |  +------+
-       +----+-------+              +-----------+        | -  a |  | IKE- |
-            |      |     +------+   |                   | S  g |--| SA   |
-    +-------+--+   +-----| J  Q |---+  +------------+   | A  e |  +------+
-   -|  socket  |         | o  u |      |            |   | -  r |
-    +-------+--+         | b  e |      |   Thread-  |   |      |
-            |            | -  u |      |   Pool     |   |      |
-       +----+-------+    |    e |------|            |---|      |
-       |   sender   |    +------+      +------------+   +------+
-       +----+-------+
-            |            +------+
-            |            | S  Q |
-            |            | e  u |
-            |            | n  e |
-            +------------| d  u |
-                         | -  e |
-                         +--+---+
-   @endverbatim
- * The thread-pool is the heart of the architecture. It processes jobs from a
- * (fully synchronized) job-queue. Mostly, a job is associated with a specific
- * IKE SA. These IKE SAs are synchronized, only one thread can work one an IKE SA.
- * This makes it unnecesary to use further synchronisation methods once a IKE SA
- * is checked out. The (rather complex) synchronization of IKE SAs is completely
- * done in the IKE SA manager.
- * The sceduler is responsible for event firing. It waits until a event in the
- * (fully synchronized) event-queue is ready for processing and pushes the event
- * down to the job-queue. A thread form the pool will pick it up as quick as
- * possible. Every thread can queue events or jobs. Furter, an event can place a
- * packet in the send-queue. The sender thread waits for those packets and sends
- * them over the wire, via the socket. The receiver does exactly the opposite of
- * the sender. It waits on the socket, reads in packets an places them on the
- * job-queue for further processing by a thread from the pool.
- * There are even more threads, not drawn in the upper scheme. The stroke thread
- * is responsible for reading and processessing commands from another process. The
- * kernel interface thread handles communication from and to the kernel via a
- * netlink socket. It waits for kernel events and processes them appropriately.
- */
-
-/**
- * @defgroup config config
- *
- * Classes implementing configuration related things.
- *
- * @ingroup charon
- */
-
-/**
- * @defgroup encoding encoding
- *
- * Classes used to encode and decode IKEv2 messages.
- *
- * @ingroup charon
- */
-
- /**
- * @defgroup payloads payloads
- *
- * Classes representing specific IKEv2 payloads.
- *
- * @ingroup encoding
- */
-
-/**
- * @defgroup network network
- *
- * Classes for network relevant stuff.
- *
- * @ingroup charon
- */
-
-/**
- * @defgroup queues queues
- *
- * Different kind of queues
- * (thread save lists).
- *
- * @ingroup charon
- */
-
-/**
- * @defgroup jobs jobs
- *
- * Jobs used in job queue and event queue.
- *
- * @ingroup queues
- */
-
-/**
- * @defgroup sa sa
- *
- * Security associations for IKE and IPSec,
- * and some helper classes.
- *
- * @ingroup charon
- */
-
-/**
- * @defgroup states states
- *
- * Varius states in which an IKE SA can be.
- *
- * @ingroup sa
- */
-
-/**
- * @defgroup threads threads
- *
- * Threaded classes, which will do their job alone.
- *
- * @ingroup charon
- */
-
-/**
- * Name of the daemon.
- * 
- * @ingroup charon
- */
-#define DAEMON_NAME "charon"
-
-/**
- * @brief Number of threads in the thread pool.
- * 
- * There are several other threads, this defines
- * only the number of threads in thread_pool_t.
- * 
- * @ingroup charon
- */
-#define NUMBER_OF_WORKING_THREADS 4
-
-/**
- * UDP Port on which the daemon will listen for incoming traffic.
- * 
- * @ingroup charon
- */
-#define IKEV2_UDP_PORT 500
-
-/**
- * PID file, in which charon stores its process id
- * 
- * @ingroup charon
- */
-#define PID_FILE "/var/run/charon.pid"
-
-/**
- * Configuration directory
- * 
- * @ingroup charon
- */
-#define CONFIG_DIR "/etc"
-
-/**
- * Directory of IPsec relevant files
- * 
- * @ingroup charon
- */
-#define IPSEC_DIR CONFIG_DIR "/ipsec.d"
-
-/**
- * Directory for private keys
- * 
- * @ingroup charon
- */
-#define PRIVATE_KEY_DIR IPSEC_DIR "/private"
-
-/**
- * Directory for trusted certificates
- * 
- * @ingroup charon
- */
-#define CERTIFICATE_DIR IPSEC_DIR "/certs"
-
-/**
- * Secrets files
- * 
- * @ingroup charon
- */
-#define SECRETS_FILE CONFIG_DIR "/ipsec.secrets"
-
-typedef struct daemon_t daemon_t;
-
-/**
- * @brief Main class of daemon, contains some globals.
- * 
- * @ingroup charon
- */ 
-struct daemon_t {
-       /**
-        * A socket_t instance.
-        */
-       socket_t *socket;
-       
-       /**
-        * A send_queue_t instance.
-        */
-       send_queue_t *send_queue;
-       
-       /**
-        * A job_queue_t instance.
-        */
-       job_queue_t *job_queue;
-       
-       /**
-        * A event_queue_t instance.
-        */
-       event_queue_t *event_queue;
-
-       /**
-        * A ike_sa_manager_t instance.
-        */
-       ike_sa_manager_t *ike_sa_manager;
-       
-       /**
-        * A configuration_t instance.
-        */
-       configuration_t *configuration;
-       
-       /**
-        * A connection_store_t instance.
-        */
-       connection_store_t *connections;
-       
-       /**
-        * A policy_store_t instance.
-        */
-       policy_store_t *policies;
-       
-       /**
-        * A credential_store_t instance.
-        */
-       credential_store_t *credentials;
-       
-       /**
-        * The Sender-Thread.
-        */
-       sender_t *sender;
-       
-       /**
-        * The Receiver-Thread.
-        */
-       receiver_t *receiver;
-       
-       /**
-        * The Scheduler-Thread.
-        */
-       scheduler_t *scheduler;
-       
-       /**
-        * The Thread pool managing the worker threads.
-        */
-       thread_pool_t *thread_pool;
-       
-       /**
-        * Kernel Interface to communicate with kernel
-        */
-       kernel_interface_t *kernel_interface;
-       
-       /**
-        * IPC interface, as whack in pluto
-        */
-       stroke_t *stroke;
-       
-       /**
-        * @brief Shut down the daemon.
-        * 
-        * @param this          the daemon to kill
-        * @param reason        describtion why it will be killed
-        */
-       void (*kill) (daemon_t *this, char *reason);
-};
-
-/**
- * The one and only instance of the daemon.
- */
-extern daemon_t *charon;
-
-#endif /*DAEMON_H_*/
diff --git a/src/charon/charon/encoding/Makefile.encoding b/src/charon/charon/encoding/Makefile.encoding
deleted file mode 100644 (file)
index ccdb42f..0000000
+++ /dev/null
@@ -1,30 +0,0 @@
-# Copyright (C) 2005 Jan Hutter, Martin Willi
-# Hochschule fuer Technik Rapperswil
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-#
-
-ENCODING_DIR= $(CHARON_DIR)encoding/
-
-CHARON_OBJS+= $(BUILD_DIR)generator.o
-$(BUILD_DIR)generator.o :              $(ENCODING_DIR)generator.c $(ENCODING_DIR)generator.h
-                                                               $(CC) $(CFLAGS) -c -o $@ $<
-
-CHARON_OBJS+= $(BUILD_DIR)parser.o
-$(BUILD_DIR)parser.o :                 $(ENCODING_DIR)parser.c $(ENCODING_DIR)parser.h
-                                                               $(CC) $(CFLAGS) -c -o $@ $<
-
-CHARON_OBJS+= $(BUILD_DIR)message.o
-$(BUILD_DIR)message.o :                        $(ENCODING_DIR)message.c $(ENCODING_DIR)message.h
-                                                               $(CC) $(CFLAGS) -c -o $@ $<
-
-
-include $(ENCODING_DIR)payloads/Makefile.payloads
\ No newline at end of file
diff --git a/src/charon/charon/encoding/generator.c b/src/charon/charon/encoding/generator.c
deleted file mode 100644 (file)
index ba12190..0000000
+++ /dev/null
@@ -1,1077 +0,0 @@
-/**
- * @file generator.c
- *
- * @brief Implementation of generator_t.
- *
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <arpa/inet.h>
-#include <stdio.h>
-
-
-#include "generator.h"
-
-#include <types.h>
-#include <daemon.h>
-#include <utils/linked_list.h>
-#include <utils/logger_manager.h>
-#include <encoding/payloads/payload.h>
-#include <encoding/payloads/proposal_substructure.h>
-#include <encoding/payloads/transform_substructure.h>
-#include <encoding/payloads/sa_payload.h>
-#include <encoding/payloads/ke_payload.h>
-#include <encoding/payloads/notify_payload.h>
-#include <encoding/payloads/nonce_payload.h>
-#include <encoding/payloads/id_payload.h>
-#include <encoding/payloads/auth_payload.h>
-#include <encoding/payloads/cert_payload.h>
-#include <encoding/payloads/certreq_payload.h>
-#include <encoding/payloads/ts_payload.h>
-#include <encoding/payloads/delete_payload.h>
-#include <encoding/payloads/vendor_id_payload.h>
-#include <encoding/payloads/cp_payload.h>
-#include <encoding/payloads/configuration_attribute.h>
-#include <encoding/payloads/eap_payload.h>
-
-
-typedef struct private_generator_t private_generator_t;
-
-/**
- * Private part of a generator_t object.
- */
-struct private_generator_t {
-       /**
-        * Public part of a generator_t object.
-        */
-        generator_t public;
-        
-       /**
-        * Generates a U_INT-Field type and writes it to buffer.
-        *
-        * @param this                                  private_generator_t object
-        * @param int_type                              type of U_INT field (U_INT_4, U_INT_8, etc.)
-        *                                                              ATTRIBUTE_TYPE is also generated in this function
-        * @param offset                                offset of value in data struct
-        * @param generator_contexts    generator_contexts_t object where the context is written or read from
-        * @return
-        *                                                      - SUCCESS
-        *                                                              - FAILED if allignment is wrong
-        */
-       void (*generate_u_int_type) (private_generator_t *this,encoding_type_t int_type,u_int32_t offset);
-
-       /**
-        * Get size of current buffer in bytes.
-        *
-        * @param this                                  private_generator_t object
-        * @return                                              Size of buffer in bytes
-        */
-       size_t (*get_current_buffer_size) (private_generator_t *this);
-       
-       /**
-        * Get free space of current buffer in bytes.
-        *
-        * @param this                                  private_generator_t object
-        * @return                                              space in buffer in bytes
-        */
-       size_t (*get_current_buffer_space) (private_generator_t *this);
-
-       /**
-        * Get length of data in buffer (in bytes).
-        *
-        * @param this                                  private_generator_t object
-        * @return                                              length of data in bytes
-        */     
-       size_t (*get_current_data_length) (private_generator_t *this);
-
-       /**
-        * Get current offset in buffer (in bytes).
-        *
-        * @param this                                  private_generator_t object
-        * @return                                              offset in bytes
-        */     
-       u_int32_t (*get_current_buffer_offset) (private_generator_t *this);
-       
-       /**
-        * Generates a RESERVED BIT field or a RESERVED BYTE field and writes 
-        * it to the buffer.
-        *
-        * @param this                                  private_generator_t object
-        * @param generator_contexts    generator_contexts_t object where the context is written or read from
-        * @param bits                                  number of bits to generate
-        */
-       void (*generate_reserved_field) (private_generator_t *this,int bits);
-       
-       /**
-        * Generates a FLAG field.
-        *
-        * @param this                                  private_generator_t object
-        * @param generator_contexts    generator_contexts_t object where the context is written or read from
-        * @param offset                                offset of flag value in data struct
-        */
-       void (*generate_flag) (private_generator_t *this,u_int32_t offset);
-       
-       /**
-        * Writes the current buffer content into a chunk_t.
-        * 
-        * Memory of specific chunk_t gets allocated.
-        *
-        * @param this                          calling private_generator_t object
-        * @param data                          pointer of chunk_t to write to
-        */
-       void (*write_chunk) (private_generator_t *this,chunk_t *data);
-       
-       /**
-        * Generates a bytestream from a chunk_t.
-        *
-        * @param this                          private_generator_t object
-        * @param offset                        offset of chunk_t value in data struct
-        */
-       void (*generate_from_chunk) (private_generator_t *this,u_int32_t offset);       
-
-       /**
-        * Makes sure enough space is available in buffer to store amount of bits.
-     *
-        * If buffer is to small to hold the specific amount of bits it 
-        * is increased using reallocation function of allocator.
-        *
-        * @param this                          calling private_generator_t object
-        * @param bits                          number of bits to make available in buffer
-        */
-       void (*make_space_available) (private_generator_t *this,size_t bits);
-
-       /**
-        * Writes a specific amount of byte into the buffer.
-        * 
-        * If buffer is to small to hold the specific amount of bytes it 
-        * is increased.
-        *
-        * @param this                          calling private_generator_t object
-        * @param bytes                         pointer to bytes to write
-        * @param number_of_bytes       number of bytes to write into buffer
-        */
-       void (*write_bytes_to_buffer) (private_generator_t *this,void * bytes,size_t number_of_bytes);
-       
-       
-       /**
-        * Writes a specific amount of byte into the buffer at a specific offset.
-        * 
-        * @warning buffer size is not check to hold the data if offset is to large.
-        *
-        * @param this                          calling private_generator_t object
-        * @param bytes                         pointer to bytes to write
-        * @param number_of_bytes       number of bytes to write into buffer
-        * @param offset                        offset to write the data into
-        */
-       void (*write_bytes_to_buffer_at_offset) (private_generator_t *this,void * bytes,size_t number_of_bytes,u_int32_t offset);
-       
-       /**
-        * Buffer used to generate the data into.
-        */
-       u_int8_t *buffer;
-
-       /**
-        * Current write position in buffer (one byte aligned).
-        */
-       u_int8_t *out_position;
-
-       /**
-        * Position of last byte in buffer.
-        */
-       u_int8_t *roof_position;
-
-       /**
-        * Current bit writing to in current byte (between 0 and 7).
-        */
-       size_t current_bit;
-
-       /**
-        * Associated data struct to read informations from.
-        */
-       void * data_struct;
-       
-       /*
-        * Last payload length position offset in the buffer.
-        */
-       u_int32_t last_payload_length_position_offset;
-       
-       /**
-        * Offset of the header length field in the buffer.
-        */
-       u_int32_t header_length_position_offset;
-       
-       /**
-        * Last SPI size.
-        */
-       u_int8_t last_spi_size;
-       
-       /*
-        * Attribute format of the last generated transform attribute.
-        * 
-        * Used to check if a variable value field is used or not for 
-        * the transform attribute value.
-        */
-       bool attribute_format;
-       
-       /*
-        * Depending on the value of attribute_format this field is used
-        * to hold the length of the transform attribute in bytes.
-        */
-       u_int16_t attribute_length;
-       
-       /**
-        * Associated Logger.
-        */
-       logger_t *logger;
-};
-
-/**
- * Implementation of private_generator_t.get_current_buffer_size.
- */
-static size_t get_current_buffer_size (private_generator_t *this)
-{
-       return ((this->roof_position) - (this->buffer));
-}
-
-/**
- * Implementation of private_generator_t.get_current_buffer_space.
- */
-static size_t get_current_buffer_space (private_generator_t *this)
-{
-       /* we know, one byte more */
-       size_t space = (this->roof_position) - (this->out_position);
-       return (space);
-}
-
-/**
- * Implementation of private_generator_t.get_current_data_length.
- */
-static size_t get_current_data_length (private_generator_t *this)
-{
-       return (this->out_position - this->buffer);
-}
-
-/**
- * Implementation of private_generator_t.get_current_buffer_offset.
- */
-static u_int32_t get_current_buffer_offset (private_generator_t *this)
-{
-       return (this->out_position - this->buffer);
-}
-
-/**
- * Implementation of private_generator_t.generate_u_int_type.
- */
-static void generate_u_int_type (private_generator_t *this,encoding_type_t int_type,u_int32_t offset)
-{
-       size_t number_of_bits = 0;
-
-       /* find out number of bits of each U_INT type to check for enough space 
-          in buffer */
-       switch (int_type)
-       {
-                       case U_INT_4:
-                               number_of_bits = 4;
-                               break;
-                       case TS_TYPE:
-                       case U_INT_8:
-                               number_of_bits = 8;
-                               break;
-                       case U_INT_16:
-                       case CONFIGURATION_ATTRIBUTE_LENGTH:
-                               number_of_bits = 16;
-                               break;
-                       case U_INT_32:
-                               number_of_bits = 32;
-                               break;
-                       case U_INT_64:
-                               number_of_bits = 64;
-                               break;
-                       case ATTRIBUTE_TYPE:
-                               number_of_bits = 15;
-                               break;
-                       case IKE_SPI:
-                               number_of_bits = 64;
-                               break;
-
-                       default:
-                       this->logger->log(this->logger, ERROR, "U_INT Type %s is not supported", 
-                                                       mapping_find(encoding_type_m,int_type));
-
-                       return;
-       }
-       /* U_INT Types of multiple then 8 bits must be aligned */
-       if (((number_of_bits % 8) == 0) && (this->current_bit != 0))
-       {
-               this->logger->log(this->logger, ERROR, "U_INT Type %s is not 8 Bit aligned", 
-                                                       mapping_find(encoding_type_m,int_type));
-               /* current bit has to be zero for values multiple of 8 bits */
-               return;
-       }
-       
-       /* make sure enough space is available in buffer */
-       this->make_space_available(this,number_of_bits);
-       /* now handle each u int type differently */
-       switch (int_type)
-       {
-               case U_INT_4:
-               {
-                       if (this->current_bit == 0)
-                       {
-                               /* highval of current byte in buffer has to be set to the new value*/
-                               u_int8_t high_val = *((u_int8_t *)(this->data_struct + offset)) << 4;
-                               /* lowval in buffer is not changed */
-                               u_int8_t low_val = *(this->out_position) & 0x0F;
-                               /* highval is set, low_val is not changed */
-                               *(this->out_position) = high_val | low_val;
-                               this->logger->log(this->logger, RAW|LEVEL2, "   => %d", *(this->out_position));
-                               /* write position is not changed, just bit position is moved */
-                               this->current_bit = 4;
-                       }
-                       else if (this->current_bit == 4)
-                       {
-                               /* highval in buffer is not changed */
-                               u_int high_val = *(this->out_position) & 0xF0;
-                               /* lowval of current byte in buffer has to be set to the new value*/
-                               u_int low_val = *((u_int8_t *)(this->data_struct + offset)) & 0x0F;
-                               *(this->out_position) = high_val | low_val;
-                               this->logger->log(this->logger, RAW|LEVEL2, "   => %d", *(this->out_position));
-                               this->out_position++;
-                               this->current_bit = 0;
-
-                       }
-                       else
-                       {
-                               this->logger->log(this->logger, ERROR, "U_INT_4 Type is not 4 Bit aligned");
-                               /* 4 Bit integers must have a 4 bit alignment */
-                               return;
-                       };
-                       break;
-               }
-               case TS_TYPE:
-               case U_INT_8:
-               {
-                       /* 8 bit values are written as they are */
-                       *this->out_position = *((u_int8_t *)(this->data_struct + offset));
-                       this->logger->log(this->logger, RAW|LEVEL2, "   => %d", *(this->out_position));
-                       this->out_position++;
-                       break;
-
-               }
-               case ATTRIBUTE_TYPE:
-               {
-                       /* attribute type must not change first bit uf current byte ! */
-                       if (this->current_bit != 1)
-                       {
-                               this->logger->log(this->logger, ERROR, "ATTRIBUTE FORMAT flag is not set");
-                               /* first bit has to be set! */
-                               return;
-                       }
-                       /* get value of attribute format flag */
-                       u_int8_t attribute_format_flag = *(this->out_position) & 0x80;
-                       /* get attribute type value as 16 bit integer*/
-                       u_int16_t int16_val = htons(*((u_int16_t*)(this->data_struct + offset)));
-                       /* last bit must be unset */
-                       int16_val = int16_val & 0xFF7F;
-                       
-                       int16_val = int16_val | attribute_format_flag;
-                       this->logger->log(this->logger, RAW|LEVEL2, "   => %d", int16_val);
-                       /* write bytes to buffer (set bit is overwritten)*/                             
-                       this->write_bytes_to_buffer(this,&int16_val,sizeof(u_int16_t));
-                       this->current_bit = 0;
-                       break;
-                       
-               }
-               case U_INT_16:
-               case CONFIGURATION_ATTRIBUTE_LENGTH:
-               {
-                       u_int16_t int16_val = htons(*((u_int16_t*)(this->data_struct + offset)));
-                       this->logger->log_bytes(this->logger, RAW|LEVEL2, "   =>", (void*)&int16_val, sizeof(int16_val));
-                       this->write_bytes_to_buffer(this,&int16_val,sizeof(u_int16_t));
-                       break;
-               }
-               case U_INT_32:
-               {
-                       u_int32_t int32_val = htonl(*((u_int32_t*)(this->data_struct + offset)));
-                       this->logger->log_bytes(this->logger, RAW|LEVEL2, "   =>", (void*)&int32_val, sizeof(int32_val));
-                       this->write_bytes_to_buffer(this,&int32_val,sizeof(u_int32_t));
-                       break;
-               }
-               case U_INT_64:
-               {
-                       /* 64 bit integers are written as two 32 bit integers */
-                       u_int32_t int32_val_low = htonl(*((u_int32_t*)(this->data_struct + offset)));
-                       u_int32_t int32_val_high = htonl(*((u_int32_t*)(this->data_struct + offset) + 1));
-                       this->logger->log_bytes(this->logger, RAW|LEVEL2, "   => (low)", (void*)&int32_val_low, sizeof(int32_val_low));
-                       this->logger->log_bytes(this->logger, RAW|LEVEL2, "   => (high)", (void*)&int32_val_high, sizeof(int32_val_high));
-                       /* TODO add support for big endian machines */
-                       this->write_bytes_to_buffer(this,&int32_val_high,sizeof(u_int32_t));
-                       this->write_bytes_to_buffer(this,&int32_val_low,sizeof(u_int32_t));
-                       break;
-               }
-               
-               case IKE_SPI:
-               {
-                       /* 64 bit are written as they come :-) */
-                       this->write_bytes_to_buffer(this,(this->data_struct + offset),sizeof(u_int64_t));
-                       this->logger->log_bytes(this->logger, RAW|LEVEL2, "   =>", (void*)(this->data_struct + offset), sizeof(u_int64_t));
-                       break;
-               }
-               default:
-               {
-                       this->logger->log(this->logger, ERROR, "U_INT Type %s is not supported", mapping_find(encoding_type_m,int_type));
-                       return;
-               }
-       }
-}
-
-/**
- * Implementation of private_generator_t.generate_reserved_field.
- */
-static void generate_reserved_field(private_generator_t *this,int bits)
-{
-       /* only one bit or 8 bit fields are supported */
-       if ((bits != 1) && (bits != 8))
-       {
-               this->logger->log(this->logger, ERROR, "Reserved field of %d bits cannot be generated", bits);
-               return ;
-       }
-       /* make sure enough space is available in buffer */
-       this->make_space_available(this,bits);
-       
-       if (bits == 1)
-       {       
-               /* one bit processing */
-               u_int8_t reserved_bit = ~(1 << (7 - this->current_bit));
-               *(this->out_position) = *(this->out_position) & reserved_bit;
-               if (this->current_bit == 0)
-               {
-                       /* memory must be zero */
-                       *(this->out_position) = 0x00;
-               }
-
-
-               this->current_bit++;
-               if (this->current_bit >= 8)
-               {
-                       this->current_bit = this->current_bit % 8;
-                       this->out_position++;
-               }
-       }
-       else
-       {
-               /* one byte processing*/
-               if (this->current_bit > 0)
-               {
-                       this->logger->log(this->logger, ERROR, 
-                                                               "Reserved field cannot be written cause allignement of current bit is %d",
-                                                               this->current_bit);
-                       return;
-               }
-               *(this->out_position) = 0x00;
-               this->out_position++;
-       }
-}
-
-/**
- * Implementation of private_generator_t.generate_flag.
- */
-static void generate_flag (private_generator_t *this,u_int32_t offset)
-{
-       /* value of current flag */
-       u_int8_t flag_value;
-       /* position of flag in current byte */
-       u_int8_t flag;
-       
-       /* if the value in the data_struct is TRUE, flag_value is set to 1, 0 otherwise */
-       flag_value = (*((bool *) (this->data_struct + offset))) ? 1 : 0;
-       /* get flag position */
-       flag = (flag_value << (7 - this->current_bit));
-       
-       /* make sure one bit is available in buffer */
-       this->make_space_available(this,1);
-       if (this->current_bit == 0)
-       {
-               /* memory must be zero */
-               *(this->out_position) = 0x00;
-       }
-
-       *(this->out_position) = *(this->out_position) | flag;
-       
-       
-       this->logger->log(this->logger, RAW|LEVEL2, "   => %d", *(this->out_position));
-
-       this->current_bit++;
-       if (this->current_bit >= 8)
-       {
-               this->current_bit = this->current_bit % 8;
-               this->out_position++;
-       }
-}
-
-/**
- * Implementation of private_generator_t.generate_from_chunk.
- */
-static void generate_from_chunk (private_generator_t *this,u_int32_t offset)
-{
-       if (this->current_bit != 0)
-       {
-               this->logger->log(this->logger, ERROR, "can not generate a chunk at Bitpos %d", this->current_bit);
-               return ;
-       }
-       
-       /* position in buffer */
-       chunk_t *attribute_value = (chunk_t *)(this->data_struct + offset);
-       
-       this->logger->log_chunk(this->logger, RAW|LEVEL2, "   =>", *attribute_value);
-       
-       /* use write_bytes_to_buffer function to do the job */
-       this->write_bytes_to_buffer(this,attribute_value->ptr,attribute_value->len);
-}
-
-/**
- * Implementation of private_generator_t.make_space_available.
- */
-static void make_space_available (private_generator_t *this, size_t bits)
-{
-       while (((this->get_current_buffer_space(this) * 8) - this->current_bit) < bits)
-       {
-               /* must increase buffer */
-               size_t old_buffer_size = this->get_current_buffer_size(this);
-               size_t new_buffer_size = old_buffer_size + GENERATOR_DATA_BUFFER_INCREASE_VALUE;
-               size_t out_position_offset = ((this->out_position) - (this->buffer));
-
-               this->logger->log(this->logger, CONTROL|LEVEL3, "increased gen buffer from %d to %d byte", 
-                                                       old_buffer_size, new_buffer_size);
-               
-               /* Reallocate space for new buffer */
-               this->buffer = realloc(this->buffer,new_buffer_size);
-
-               this->out_position = (this->buffer + out_position_offset);
-               this->roof_position = (this->buffer + new_buffer_size);
-       }
-}
-
-/**
- * Implementation of private_generator_t.write_bytes_to_buffer.
- */
-static void write_bytes_to_buffer (private_generator_t *this,void * bytes, size_t number_of_bytes)
-{
-       int i;
-       u_int8_t *read_position = (u_int8_t *) bytes;
-       
-       this->make_space_available(this,number_of_bytes * 8);
-
-       for (i = 0; i < number_of_bytes; i++)
-       {
-               *(this->out_position) = *(read_position);
-               read_position++;
-               this->out_position++;
-       }
-}
-
-/**
- * Implementation of private_generator_t.write_bytes_to_buffer_at_offset.
- */
-static void write_bytes_to_buffer_at_offset (private_generator_t *this,void * bytes,size_t number_of_bytes,u_int32_t offset)
-{
-       int i;
-       u_int8_t *read_position = (u_int8_t *) bytes;
-       u_int8_t *write_position;
-       u_int32_t free_space_after_offset = (this->get_current_buffer_size(this) - offset);
-
-       /* check first if enough space for new data is available */     
-       if (number_of_bytes > free_space_after_offset)
-       {
-               this->make_space_available(this,(number_of_bytes - free_space_after_offset) * 8);
-       }
-       
-       write_position = this->buffer + offset;
-       for (i = 0; i < number_of_bytes; i++)
-       {
-               *(write_position) = *(read_position);
-               read_position++;
-               write_position++;
-       }
-}
-
-/**
- * Implementation of private_generator_t.write_to_chunk.
- */
-static void write_to_chunk (private_generator_t *this,chunk_t *data)
-{
-       size_t data_length = this->get_current_data_length(this);
-       u_int32_t header_length_field = data_length;
-       
-       /* write length into header length field */
-       if (this->header_length_position_offset > 0)
-       {
-               u_int32_t int32_val = htonl(header_length_field);
-               this->write_bytes_to_buffer_at_offset(this,&int32_val,sizeof(u_int32_t),this->header_length_position_offset);
-       }
-
-       if (this->current_bit > 0)
-       data_length++;
-       data->ptr = malloc(data_length);
-       memcpy(data->ptr,this->buffer,data_length);
-       data->len = data_length;
-       
-       this->logger->log_chunk(this->logger, RAW|LEVEL3, "generated data of this generator", *data);
-}
-
-/**
- * Implementation of private_generator_t.generate_payload.
- */
-static void generate_payload (private_generator_t *this,payload_t *payload)
-{
-       int i;
-       this->data_struct = payload;
-       size_t rule_count;
-       encoding_rule_t *rules;
-       payload_type_t payload_type;
-       u_int8_t *payload_start;
-       
-       /* get payload type */
-       payload_type = payload->get_type(payload);
-       /* spi size has to get reseted */
-       this->last_spi_size = 0;
-       
-       payload_start = this->out_position;
-       
-       this->logger->log(this->logger, CONTROL|LEVEL1, "generating payload of type %s",
-                                                                                       mapping_find(payload_type_m,payload_type));
-       
-       /* each payload has its own encoding rules */
-       payload->get_encoding_rules(payload,&rules,&rule_count);
-
-       for (i = 0; i < rule_count;i++)
-       {
-               this->logger->log(this->logger, CONTROL|LEVEL2, "  generating rule %d %s",
-                                                       i, mapping_find(encoding_type_m,rules[i].type));
-               switch (rules[i].type)
-               {
-                       /* all u int values, IKE_SPI,TS_TYPE and ATTRIBUTE_TYPE are generated in generate_u_int_type */
-                       case U_INT_4:
-                       case U_INT_8:
-                       case U_INT_16:
-                       case U_INT_32:
-                       case U_INT_64:
-                       case IKE_SPI:
-                       case TS_TYPE:
-                       case ATTRIBUTE_TYPE:
-                       case CONFIGURATION_ATTRIBUTE_LENGTH:
-                       {
-                               this->generate_u_int_type(this,rules[i].type,rules[i].offset);
-                               break;
-                       }
-                       case RESERVED_BIT:
-                       {
-                               this->generate_reserved_field(this,1);
-                               break;
-                       }
-                       case RESERVED_BYTE:
-                       {
-                               this->generate_reserved_field(this,8);
-                               break;
-                       } 
-                       case FLAG:
-                       {
-                               this->generate_flag(this,rules[i].offset);
-                               break;
-                       }
-                       case PAYLOAD_LENGTH:
-                       {
-                               /* position of payload lenght field is temporary stored */
-                               this->last_payload_length_position_offset = this->get_current_buffer_offset(this);
-                               /* payload length is generated like an U_INT_16 */
-                               this->generate_u_int_type(this,U_INT_16,rules[i].offset);
-                               break;
-                       }
-                       case HEADER_LENGTH:
-                       {
-                               /* position of header length field is temporary stored */                       
-                               this->header_length_position_offset = this->get_current_buffer_offset(this);    
-                               /* header length is generated like an U_INT_32 */
-                               this->generate_u_int_type(this,U_INT_32,rules[i].offset);
-                               break;
-                       }
-                       case SPI_SIZE:
-                               /* spi size is handled as 8 bit unsigned integer */
-                               this->generate_u_int_type(this,U_INT_8,rules[i].offset);
-                               /* last spi size is temporary stored */
-                               this->last_spi_size = *((u_int8_t *)(this->data_struct + rules[i].offset));
-                               break;
-                       case ADDRESS:
-                       {
-                               /* the Address value is generated from chunk */
-                               this->generate_from_chunk(this,rules[i].offset);
-                               break;
-                       }
-                       case SPI:
-                       {
-                               /* the SPI value is generated from chunk */
-                               this->generate_from_chunk(this,rules[i].offset);
-                               break;
-                       }
-                       case KEY_EXCHANGE_DATA:
-                       case NOTIFICATION_DATA:
-                       case NONCE_DATA:
-                       case ID_DATA:
-                       case AUTH_DATA:
-                       case CERT_DATA:
-                       case CERTREQ_DATA:
-                       case SPIS:
-                       case CONFIGURATION_ATTRIBUTE_VALUE:
-                       case VID_DATA:
-                       case EAP_MESSAGE:
-                       {
-                               u_int32_t payload_length_position_offset;
-                               u_int16_t length_of_payload;
-                               u_int16_t header_length = 0;
-                               u_int16_t length_in_network_order;
-
-                               switch(rules[i].type)
-                               {
-                                       case KEY_EXCHANGE_DATA:
-                                               header_length = KE_PAYLOAD_HEADER_LENGTH;
-                                               break;
-                                       case NOTIFICATION_DATA:
-                                               header_length = NOTIFY_PAYLOAD_HEADER_LENGTH + this->last_spi_size ;
-                                               break;
-                                       case NONCE_DATA:
-                                               header_length = NONCE_PAYLOAD_HEADER_LENGTH;
-                                               break;
-                                       case ID_DATA:
-                                               header_length = ID_PAYLOAD_HEADER_LENGTH;
-                                               break;
-                                       case AUTH_DATA:
-                                               header_length = AUTH_PAYLOAD_HEADER_LENGTH;
-                                               break;
-                                       case CERT_DATA:
-                                               header_length = CERT_PAYLOAD_HEADER_LENGTH;
-                                               break;
-                                       case CERTREQ_DATA:
-                                               header_length = CERTREQ_PAYLOAD_HEADER_LENGTH;
-                                               break;
-                                       case SPIS:
-                                               header_length = DELETE_PAYLOAD_HEADER_LENGTH;
-                                               break;
-                                       case VID_DATA:
-                                               header_length = VENDOR_ID_PAYLOAD_HEADER_LENGTH;
-                                               break;
-                                       case CONFIGURATION_ATTRIBUTE_VALUE:
-                                               header_length = CONFIGURATION_ATTRIBUTE_HEADER_LENGTH;
-                                               break;
-                                       case EAP_MESSAGE:
-                                               header_length = EAP_PAYLOAD_HEADER_LENGTH;
-                                               break;
-                                       default:
-                                               break;
-                               }
-                               
-                               /* the data value is generated from chunk */
-                               this->generate_from_chunk(this,rules[i].offset);
-
-                               payload_length_position_offset = this->last_payload_length_position_offset;
-                               
-                               
-                               /* Length of payload is calculated */
-                               length_of_payload = header_length + ((chunk_t *)(this->data_struct + rules[i].offset))->len;
-
-                               length_in_network_order = htons(length_of_payload);                     
-                               this->write_bytes_to_buffer_at_offset(this,&length_in_network_order,sizeof(u_int16_t),payload_length_position_offset);
-                               break;
-                       }
-                       case PROPOSALS:
-                       {
-                               /* before iterative generate the transforms, store the current payload length position */
-                               u_int32_t payload_length_position_offset = this->last_payload_length_position_offset;
-                               /* Length of SA_PAYLOAD is calculated */
-                               u_int16_t length_of_sa_payload = SA_PAYLOAD_HEADER_LENGTH;
-                               u_int16_t int16_val;
-                               /* proposals are stored in a linked list and so accessed */
-                               linked_list_t *proposals = *((linked_list_t **)(this->data_struct + rules[i].offset));
-
-                               iterator_t *iterator;
-                               /* create forward iterator */
-                               iterator = proposals->create_iterator(proposals,TRUE);
-                               /* every proposal is processed (iterative call )*/
-                               while (iterator->has_next(iterator))
-                               {
-                                       payload_t *current_proposal;
-                                       u_int32_t before_generate_position_offset;
-                                       u_int32_t after_generate_position_offset;
-                                       
-                                       iterator->current(iterator,(void **)&current_proposal);
-
-                                       before_generate_position_offset = this->get_current_buffer_offset(this);
-                                       this->public.generate_payload(&(this->public),current_proposal);
-                                       after_generate_position_offset = this->get_current_buffer_offset(this);
-                                       
-                                       /* increase size of transform */
-                                       length_of_sa_payload += (after_generate_position_offset - before_generate_position_offset);
-                               }
-                               iterator->destroy(iterator);
-                               
-                               int16_val = htons(length_of_sa_payload);
-                               this->write_bytes_to_buffer_at_offset(this,&int16_val,sizeof(u_int16_t),payload_length_position_offset);
-                               break;
-                       }       
-                       case TRANSFORMS:
-                       {       
-                               /* before iterative generate the transforms, store the current length position */
-                               u_int32_t payload_length_position_offset = this->last_payload_length_position_offset;
-                               u_int16_t length_of_proposal = PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH + this->last_spi_size;
-                               u_int16_t int16_val;
-                               linked_list_t *transforms = *((linked_list_t **)(this->data_struct + rules[i].offset));
-                               iterator_t *iterator;
-                                                               
-                               /* create forward iterator */
-                               iterator = transforms->create_iterator(transforms,TRUE);
-                               while (iterator->has_next(iterator))
-                               {
-                                       payload_t *current_transform;
-                                       u_int32_t before_generate_position_offset;
-                                       u_int32_t after_generate_position_offset;
-                                       
-                                       iterator->current(iterator,(void **)&current_transform);
-                                       
-                                       before_generate_position_offset = this->get_current_buffer_offset(this);
-                                       this->public.generate_payload(&(this->public),current_transform);
-                                       after_generate_position_offset = this->get_current_buffer_offset(this);
-                                       
-                                       /* increase size of transform */
-                                       length_of_proposal += (after_generate_position_offset - before_generate_position_offset);
-                               }
-                               
-                               iterator->destroy(iterator);
-                                                               
-                               int16_val = htons(length_of_proposal);
-                               this->write_bytes_to_buffer_at_offset(this,&int16_val,sizeof(u_int16_t),payload_length_position_offset);
-                               
-                               break;
-                       }       
-                       case TRANSFORM_ATTRIBUTES:
-                       {
-                               /* before iterative generate the transform attributes, store the current length position */
-                               u_int32_t transform_length_position_offset = this->last_payload_length_position_offset;
-
-                               u_int16_t length_of_transform = TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH;
-                               u_int16_t int16_val;
-                               linked_list_t *transform_attributes =*((linked_list_t **)(this->data_struct + rules[i].offset));
-
-                               iterator_t *iterator;
-                               /* create forward iterator */
-                               iterator = transform_attributes->create_iterator(transform_attributes,TRUE);
-                               while (iterator->has_next(iterator))
-                               {
-                                       payload_t *current_attribute;
-                                       u_int32_t before_generate_position_offset;
-                                       u_int32_t after_generate_position_offset;
-                                       
-                                       iterator->current(iterator,(void **)&current_attribute);
-                                       
-                                       before_generate_position_offset = this->get_current_buffer_offset(this);
-                                       this->public.generate_payload(&(this->public),current_attribute);
-                                       after_generate_position_offset = this->get_current_buffer_offset(this);
-                                       
-                                       /* increase size of transform */
-                                       length_of_transform += (after_generate_position_offset - before_generate_position_offset);
-                               }
-                               
-                               iterator->destroy(iterator);
-                               
-                               int16_val = htons(length_of_transform);
-                               this->write_bytes_to_buffer_at_offset(this,&int16_val,sizeof(u_int16_t),transform_length_position_offset);
-                               
-                               break;
-                       }
-                       case CONFIGURATION_ATTRIBUTES:
-                       {
-                               /* before iterative generate the configuration attributes, store the current length position */
-                               u_int32_t configurations_length_position_offset = this->last_payload_length_position_offset;
-
-                               u_int16_t length_of_configurations = CP_PAYLOAD_HEADER_LENGTH;
-                               u_int16_t int16_val;
-                               linked_list_t *configuration_attributes =*((linked_list_t **)(this->data_struct + rules[i].offset));
-
-                               iterator_t *iterator;
-                               /* create forward iterator */
-                               iterator = configuration_attributes->create_iterator(configuration_attributes,TRUE);
-                               while (iterator->has_next(iterator))
-                               {
-                                       payload_t *current_attribute;
-                                       u_int32_t before_generate_position_offset;
-                                       u_int32_t after_generate_position_offset;
-                                       
-                                       iterator->current(iterator,(void **)&current_attribute);
-                                       
-                                       before_generate_position_offset = this->get_current_buffer_offset(this);
-                                       this->public.generate_payload(&(this->public),current_attribute);
-                                       after_generate_position_offset = this->get_current_buffer_offset(this);
-                                       
-                                       /* increase size of transform */
-                                       length_of_configurations += (after_generate_position_offset - before_generate_position_offset);
-                               }
-                               
-                               iterator->destroy(iterator);
-                               
-                               int16_val = htons(length_of_configurations);
-                 &