From 2796cf59bc11a59d4ae9bb67e07d75d2dafb3798 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 4 Feb 2014 11:17:37 +0100 Subject: [PATCH] charon-cmd: Add an --ike-proposal option to specify non-default IKE proposals --- src/charon-cmd/cmd/cmd_connection.c | 32 +++++++++++++++++++++++++++++++- src/charon-cmd/cmd/cmd_options.c | 2 ++ src/charon-cmd/cmd/cmd_options.h | 1 + 3 files changed, 34 insertions(+), 1 deletion(-) diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c index 180e8da..e015d01 100644 --- a/src/charon-cmd/cmd/cmd_connection.c +++ b/src/charon-cmd/cmd/cmd_connection.c @@ -87,6 +87,11 @@ struct private_cmd_connection_t { linked_list_t *remote_ts; /** + * List of IKE proposals + */ + linked_list_t *ike_proposals; + + /** * Hostname to connect to */ char *host; @@ -135,6 +140,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this) u_int16_t local_port, remote_port = IKEV2_UDP_PORT; ike_version_t version = IKE_ANY; bool aggressive = FALSE; + proposal_t *proposal; switch (this->profile) { @@ -165,7 +171,18 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this) } ike_cfg = ike_cfg_create(version, TRUE, FALSE, "0.0.0.0", local_port, this->host, remote_port, FRAGMENTATION_NO, 0); - ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); + if (this->ike_proposals->get_count(this->ike_proposals)) + { + while (this->ike_proposals->remove_first(this->ike_proposals, + (void**)&proposal) == SUCCESS) + { + ike_cfg->add_proposal(ike_cfg, proposal); + } + } + else + { + ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); + } peer_cfg = peer_cfg_create("cmd", ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */ 36000, 0, /* rekey 10h, reauth none */ @@ -421,6 +438,8 @@ static void set_profile(private_cmd_connection_t *this, char *name) METHOD(cmd_connection_t, handle, bool, private_cmd_connection_t *this, cmd_option_type_t opt, char *arg) { + proposal_t *proposal; + switch (opt) { case CMD_OPT_HOST: @@ -447,6 +466,14 @@ METHOD(cmd_connection_t, handle, bool, case CMD_OPT_REMOTE_TS: add_ts(this, this->remote_ts, arg); break; + case CMD_OPT_IKE_PROPOSAL: + proposal = proposal_create_from_string(PROTO_IKE, arg); + if (!proposal) + { + exit(1); + } + this->ike_proposals->insert_last(this->ike_proposals, proposal); + break; case CMD_OPT_PROFILE: set_profile(this, arg); break; @@ -459,6 +486,8 @@ METHOD(cmd_connection_t, handle, bool, METHOD(cmd_connection_t, destroy, void, private_cmd_connection_t *this) { + this->ike_proposals->destroy_offset(this->ike_proposals, + offsetof(proposal_t, destroy)); this->local_ts->destroy_offset(this->local_ts, offsetof(traffic_selector_t, destroy)); this->remote_ts->destroy_offset(this->remote_ts, @@ -481,6 +510,7 @@ cmd_connection_t *cmd_connection_create() .pid = getpid(), .local_ts = linked_list_create(), .remote_ts = linked_list_create(), + .ike_proposals = linked_list_create(), .profile = PROF_UNDEF, ); diff --git a/src/charon-cmd/cmd/cmd_options.c b/src/charon-cmd/cmd/cmd_options.c index 597ccda..5622441 100644 --- a/src/charon-cmd/cmd/cmd_options.c +++ b/src/charon-cmd/cmd/cmd_options.c @@ -56,6 +56,8 @@ cmd_option_t cmd_options[CMD_OPT_COUNT] = { "additional traffic selector to propose for our side", {}}, { CMD_OPT_REMOTE_TS, "remote-ts", required_argument, "subnet", "traffic selector to propose for remote side", {}}, + { CMD_OPT_IKE_PROPOSAL, "ike-proposal", required_argument, "proposal", + "a single IKE proposal to offer instead of the default", {}}, { CMD_OPT_PROFILE, "profile", required_argument, "name", "authentication profile to use, where name is one of:", { " ikev2-pub, ikev2-eap, ikev2-pub-eap", diff --git a/src/charon-cmd/cmd/cmd_options.h b/src/charon-cmd/cmd/cmd_options.h index 6b8b04c..ecb5e6c 100644 --- a/src/charon-cmd/cmd/cmd_options.h +++ b/src/charon-cmd/cmd/cmd_options.h @@ -45,6 +45,7 @@ enum cmd_option_type_t { CMD_OPT_AGENT, CMD_OPT_LOCAL_TS, CMD_OPT_REMOTE_TS, + CMD_OPT_IKE_PROPOSAL, CMD_OPT_PROFILE, CMD_OPT_COUNT -- 2.7.4