starter: Removed pfs and pfsgroup options (handled via esp option).
authorTobias Brunner <tobias@strongswan.org>
Tue, 15 May 2012 11:26:49 +0000 (13:26 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 11 Jun 2012 15:33:31 +0000 (17:33 +0200)
src/starter/args.c
src/starter/confread.c
src/starter/confread.h
src/starter/keywords.h
src/starter/keywords.txt

index 3856c3d..2f3e48b 100644 (file)
@@ -103,22 +103,6 @@ static const char *LST_keyexchange[] = {
         NULL
 };
 
-static const char *LST_pfsgroup[] = {
-       "modp1024",
-       "modp1536",
-       "modp2048",
-       "modp3072",
-       "modp4096",
-       "modp6144",
-       "modp8192",
-       "ecp192",
-       "ecp224",
-       "ecp256",
-       "ecp384",
-       "ecp521",
-        NULL
-};
-
 static const char *LST_plutodebug[] = {
        "none",
        "all",
@@ -215,7 +199,6 @@ static const token_info_t token_info[] =
        { ARG_ENUM, offsetof(starter_conn_t, startup), LST_startup                     },
        { ARG_ENUM, offsetof(starter_conn_t, keyexchange), LST_keyexchange             },
        { ARG_MISC, 0, NULL  /* KW_TYPE */                                             },
-       { ARG_MISC, 0, NULL  /* KW_PFS */                                              },
        { ARG_MISC, 0, NULL  /* KW_COMPRESS */                                         },
        { ARG_ENUM, offsetof(starter_conn_t, install_policy), LST_bool                 },
        { ARG_ENUM, offsetof(starter_conn_t, aggressive), LST_bool                     },
@@ -238,7 +221,6 @@ static const token_info_t token_info[] =
        { ARG_MISC, 0, NULL  /* KW_REAUTH */                                           },
        { ARG_STR,  offsetof(starter_conn_t, ike), NULL                                },
        { ARG_STR,  offsetof(starter_conn_t, esp), NULL                                },
-       { ARG_STR,  offsetof(starter_conn_t, pfsgroup), LST_pfsgroup                   },
        { ARG_TIME, offsetof(starter_conn_t, dpd_delay), NULL                          },
        { ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL                        },
        { ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action               },
index 3779649..a003a14 100644 (file)
@@ -35,7 +35,7 @@
 #define ip_version(string)     (strchr(string, '.') ? AF_INET : AF_INET6)
 
 static const char ike_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536";
-static const char esp_defaults[] = "aes128-sha1,3des-sha1";
+static const char esp_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536";
 
 static const char firewall_defaults[] = "ipsec _updown iptables";
 
@@ -84,7 +84,7 @@ static void default_values(starter_config_t *cfg)
        cfg->conn_default.startup = STARTUP_NO;
        cfg->conn_default.state   = STATE_IGNORE;
        cfg->conn_default.mode    = MODE_TUNNEL;
-       cfg->conn_default.policy  = POLICY_PFS | POLICY_MOBIKE;
+       cfg->conn_default.policy  = POLICY_MOBIKE;
 
        cfg->conn_default.ike                   = strdupnull(ike_defaults);
        cfg->conn_default.esp                   = strdupnull(esp_defaults);
@@ -561,9 +561,6 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg
                                cfg->err++;
                        }
                        break;
-               case KW_PFS:
-                       KW_POLICY_FLAG("yes", "no", POLICY_PFS)
-                       break;
                case KW_COMPRESS:
                        KW_POLICY_FLAG("yes", "no", POLICY_COMPRESS)
                        break;
index e9a77d4..0aa6bd5 100644 (file)
@@ -143,7 +143,6 @@ struct starter_conn {
 
                char            *esp;
                char            *ike;
-               char            *pfsgroup;
 
                time_t          dpd_delay;
                time_t          dpd_timeout;
index c1b98df..3af235f 100644 (file)
@@ -64,7 +64,6 @@ typedef enum {
        KW_CONN_SETUP,
        KW_KEYEXCHANGE,
        KW_TYPE,
-       KW_PFS,
        KW_COMPRESS,
        KW_INSTALLPOLICY,
        KW_AGGRESSIVE,
@@ -87,7 +86,6 @@ typedef enum {
        KW_REAUTH,
        KW_IKE,
        KW_ESP,
-       KW_PFSGROUP,
        KW_DPDDELAY,
        KW_DPDTIMEOUT,
        KW_DPDACTION,
index 9622177..ab76eb5 100644 (file)
@@ -57,7 +57,6 @@ pkcs11keepstate,   KW_PKCS11KEEPSTATE
 pkcs11proxy,       KW_PKCS11PROXY
 keyexchange,       KW_KEYEXCHANGE
 type,              KW_TYPE
-pfs,               KW_PFS
 compress,          KW_COMPRESS
 installpolicy,     KW_INSTALLPOLICY
 aggressive,        KW_AGGRESSIVE
@@ -78,7 +77,6 @@ rekey,             KW_REKEY
 reauth,            KW_REAUTH
 esp,               KW_ESP
 ike,               KW_IKE
-pfsgroup,          KW_PFSGROUP
 dpddelay,          KW_DPDDELAY
 dpdtimeout,        KW_DPDTIMEOUT
 dpdaction,         KW_DPDACTION