Add a closeaction ipsec.conf keyword to configure close action
authorMartin Willi <martin@revosec.ch>
Tue, 7 Jun 2011 09:37:15 +0000 (11:37 +0200)
committerMartin Willi <martin@revosec.ch>
Tue, 7 Jun 2011 10:07:21 +0000 (12:07 +0200)
src/libcharon/plugins/stroke/stroke_config.c
src/libcharon/plugins/stroke/stroke_socket.c
src/starter/args.c
src/starter/confread.h
src/starter/keywords.h
src/starter/keywords.txt
src/starter/starterstroke.c
src/stroke/stroke_msg.h

index 2b31643..a657e90 100644 (file)
@@ -775,13 +775,28 @@ static void add_ts(private_stroke_config_t *this,
 }
 
 /**
+ * map starter magic values to our action type
+ */
+static action_t map_action(int starter_action)
+{
+       switch (starter_action)
+       {
+               case 2: /* =hold */
+                       return ACTION_ROUTE;
+               case 3: /* =restart */
+                       return ACTION_RESTART;
+               default:
+                       return ACTION_NONE;
+       }
+}
+
+/**
  * build a child config from the stroke message
  */
 static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
                                                                        stroke_msg_t *msg)
 {
        child_cfg_t *child_cfg;
-       action_t dpd;
        lifetime_cfg_t lifetime = {
                .time = {
                        .life = msg->add_conn.rekey.ipsec_lifetime,
@@ -808,23 +823,11 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
                .mask = msg->add_conn.mark_out.mask
        };
 
-       switch (msg->add_conn.dpd.action)
-       {       /* map startes magic values to our action type */
-               case 2: /* =hold */
-                       dpd = ACTION_ROUTE;
-                       break;
-               case 3: /* =restart */
-                       dpd = ACTION_RESTART;
-                       break;
-               default:
-                       dpd = ACTION_NONE;
-                       break;
-       }
-
        child_cfg = child_cfg_create(
-                               msg->add_conn.name, &lifetime,
-                               msg->add_conn.me.updown, msg->add_conn.me.hostaccess,
-                               msg->add_conn.mode, ACTION_NONE, dpd, dpd, msg->add_conn.ipcomp,
+                               msg->add_conn.name, &lifetime, msg->add_conn.me.updown,
+                               msg->add_conn.me.hostaccess, msg->add_conn.mode, ACTION_NONE,
+                               map_action(msg->add_conn.dpd.action),
+                               map_action(msg->add_conn.close_action), msg->add_conn.ipcomp,
                                msg->add_conn.inactivity, msg->add_conn.reqid,
                                &mark_in, &mark_out, msg->add_conn.tfc);
        child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode,
index 74374ba..7b38c66 100644 (file)
@@ -190,6 +190,9 @@ static void stroke_add_conn(private_stroke_socket_t *this, stroke_msg_t *msg)
        DBG2(DBG_CFG, "  aaa_identity=%s", msg->add_conn.aaa_identity);
        DBG2(DBG_CFG, "  ike=%s", msg->add_conn.algorithms.ike);
        DBG2(DBG_CFG, "  esp=%s", msg->add_conn.algorithms.esp);
+       DBG2(DBG_CFG, "  dpddelay=%d", msg->add_conn.dpd.delay);
+       DBG2(DBG_CFG, "  dpdaction=%d", msg->add_conn.dpd.action);
+       DBG2(DBG_CFG, "  closeaction=%d", msg->add_conn.close_action);
        DBG2(DBG_CFG, "  mediation=%s", msg->add_conn.ikeme.mediation ? "yes" : "no");
        DBG2(DBG_CFG, "  mediated_by=%s", msg->add_conn.ikeme.mediated_by);
        DBG2(DBG_CFG, "  me_peerid=%s", msg->add_conn.ikeme.peerid);
index 4d8003a..78439e2 100644 (file)
@@ -228,6 +228,7 @@ static const token_info_t token_info[] =
        { ARG_TIME, offsetof(starter_conn_t, dpd_delay), NULL                          },
        { ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL                        },
        { ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action               },
+       { ARG_ENUM, offsetof(starter_conn_t, close_action), LST_dpd_action             },
        { ARG_TIME, offsetof(starter_conn_t, inactivity), NULL                         },
        { ARG_MISC, 0, NULL  /* KW_MODECONFIG */                                       },
        { ARG_MISC, 0, NULL  /* KW_XAUTH */                                            },
index 4f9c5f7..fe3219f 100644 (file)
@@ -143,6 +143,8 @@ struct starter_conn {
                dpd_action_t    dpd_action;
                int             dpd_count;
 
+               dpd_action_t    close_action;
+
                time_t          inactivity;
 
                bool            me_mediation;
index 9f46a8b..02be919 100644 (file)
@@ -91,6 +91,7 @@ typedef enum {
        KW_DPDDELAY,
        KW_DPDTIMEOUT,
        KW_DPDACTION,
+       KW_CLOSEACTION,
        KW_INACTIVITY,
        KW_MODECONFIG,
        KW_XAUTH,
index 2c0e5de..548fa2f 100644 (file)
@@ -82,6 +82,7 @@ pfsgroup,          KW_PFSGROUP
 dpddelay,          KW_DPDDELAY
 dpdtimeout,        KW_DPDTIMEOUT
 dpdaction,         KW_DPDACTION
+closeaction,       KW_CLOSEACTION
 inactivity,        KW_INACTIVITY
 modeconfig,        KW_MODECONFIG
 xauth,             KW_XAUTH
index 7272b25..cfb9bc6 100644 (file)
@@ -258,6 +258,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
        msg.add_conn.algorithms.esp = push_string(&msg, conn->esp);
        msg.add_conn.dpd.delay = conn->dpd_delay;
        msg.add_conn.dpd.action = conn->dpd_action;
+       msg.add_conn.close_action = conn->close_action;
        msg.add_conn.inactivity = conn->inactivity;
        msg.add_conn.ikeme.mediation = conn->me_mediation;
        msg.add_conn.ikeme.mediated_by = push_string(&msg, conn->me_mediated_by);
index 3c1221a..8324c77 100644 (file)
@@ -251,6 +251,7 @@ struct stroke_msg_t {
                        time_t inactivity;
                        int proxy_mode;
                        int install_policy;
+                       int close_action;
                        u_int32_t reqid;
                        u_int32_t tfc;