|
|
|
@@ -1,115 +1,37 @@
|
|
|
|
From 921093c4c0d4be10a74f148536029fb46fd31966 Mon Sep 17 00:00:00 2001
|
|
|
|
From 1baf500104e963e0d0d410c95e7dcec899173b77 Mon Sep 17 00:00:00 2001
|
|
|
|
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
|
|
|
|
From: =?UTF-8?q?Zoran=20Peri=C4=8Di=C4=87?= <zpericic@netst.org>
|
|
|
|
Date: Mon, 21 Sep 2015 13:41:58 +0300
|
|
|
|
Date: Tue, 9 Jul 2024 19:07:57 +0200
|
|
|
|
Subject: [PATCH 1/4] charon: add optional source and remote overrides for
|
|
|
|
Subject: [PATCH 1/4] charon: add optional source and remote overrides for
|
|
|
|
initiate
|
|
|
|
initiate
|
|
|
|
MIME-Version: 1.0
|
|
|
|
|
|
|
|
Content-Type: text/plain; charset=UTF-8
|
|
|
|
|
|
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This introduces support for specifying optional IKE SA specific
|
|
|
|
This introduces support for specifying optional IKE SA specific
|
|
|
|
source and remote address for child sa initiation. This allows
|
|
|
|
source and remote address for child sa initiation. This allows
|
|
|
|
to initiate wildcard connection for known address via vici.
|
|
|
|
to initiate wildcard connection for known address via vici.
|
|
|
|
|
|
|
|
|
|
|
|
In addition this allows impler implementation of trap-any patches
|
|
|
|
In addition this allows simpler implementation of trap-any patches
|
|
|
|
and is a prerequisite for dmvpn support.
|
|
|
|
and is a prerequisite for dmvpn support.
|
|
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
|
|
|
|
|
|
|
|
---
|
|
|
|
---
|
|
|
|
src/charon-cmd/cmd/cmd_connection.c | 2 +-
|
|
|
|
src/libcharon/control/controller.c | 34 ++++++++++++++++--
|
|
|
|
src/charon-nm/nm/nm_service.c | 2 +-
|
|
|
|
src/libcharon/control/controller.h | 28 +++++++++++++++
|
|
|
|
src/conftest/actions.c | 2 +-
|
|
|
|
src/libcharon/plugins/vici/vici_control.c | 41 +++++++++++++++++----
|
|
|
|
src/libcharon/control/controller.c | 43 +++++++++++++-
|
|
|
|
src/libcharon/sa/ike_sa_manager.c | 34 +++++++++++++++++-
|
|
|
|
src/libcharon/control/controller.h | 3 +
|
|
|
|
src/libcharon/sa/ike_sa_manager.h | 25 ++++++++++++-
|
|
|
|
.../plugins/load_tester/load_tester_control.c | 1 +
|
|
|
|
src/libcharon/sa/trap_manager.c | 44 +++++++++--------------
|
|
|
|
.../plugins/load_tester/load_tester_plugin.c | 1 +
|
|
|
|
src/swanctl/commands/initiate.c | 19 +++++++++-
|
|
|
|
src/libcharon/plugins/medcli/medcli_config.c | 2 +-
|
|
|
|
7 files changed, 186 insertions(+), 39 deletions(-)
|
|
|
|
src/libcharon/plugins/smp/smp.c | 3 +-
|
|
|
|
|
|
|
|
src/libcharon/plugins/stroke/stroke_control.c | 5 +-
|
|
|
|
|
|
|
|
src/libcharon/plugins/uci/uci_control.c | 3 +-
|
|
|
|
|
|
|
|
src/libcharon/plugins/vici/vici_config.c | 2 +-
|
|
|
|
|
|
|
|
src/libcharon/plugins/vici/vici_control.c | 59 +++++++++++++++++--
|
|
|
|
|
|
|
|
.../processing/jobs/initiate_mediation_job.c | 1 +
|
|
|
|
|
|
|
|
.../processing/jobs/start_action_job.c | 2 +-
|
|
|
|
|
|
|
|
src/libcharon/sa/ike_sa_manager.c | 49 ++++++++++++++-
|
|
|
|
|
|
|
|
src/libcharon/sa/ike_sa_manager.h | 8 ++-
|
|
|
|
|
|
|
|
src/libcharon/sa/trap_manager.c | 44 ++++++--------
|
|
|
|
|
|
|
|
src/swanctl/commands/initiate.c | 40 ++++++++++++-
|
|
|
|
|
|
|
|
21 files changed, 225 insertions(+), 50 deletions(-)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c
|
|
|
|
|
|
|
|
index 8e8d8236e..7df5bc9bf 100644
|
|
|
|
|
|
|
|
--- a/src/charon-cmd/cmd/cmd_connection.c
|
|
|
|
|
|
|
|
+++ b/src/charon-cmd/cmd/cmd_connection.c
|
|
|
|
|
|
|
|
@@ -439,7 +439,7 @@ static job_requeue_t initiate(private_cmd_connection_t *this)
|
|
|
|
|
|
|
|
child_cfg = create_child_cfg(this, peer_cfg);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
|
|
|
|
|
|
|
|
- controller_cb_empty, NULL, LEVEL_SILENT, 0, FALSE) != SUCCESS)
|
|
|
|
|
|
|
|
+ NULL, NULL, controller_cb_empty, NULL, LEVEL_SILENT, 0, FALSE) != SUCCESS)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
terminate(pid);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
|
|
|
|
|
|
|
|
index 8570ef0e3..bc74f1b90 100644
|
|
|
|
|
|
|
|
--- a/src/charon-nm/nm/nm_service.c
|
|
|
|
|
|
|
|
+++ b/src/charon-nm/nm/nm_service.c
|
|
|
|
|
|
|
|
@@ -982,7 +982,7 @@ static gboolean connect_(NMVpnServicePlugin *plugin, NMConnection *connection,
|
|
|
|
|
|
|
|
* Prepare IKE_SA
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager,
|
|
|
|
|
|
|
|
- peer_cfg);
|
|
|
|
|
|
|
|
+ peer_cfg, NULL, NULL);
|
|
|
|
|
|
|
|
peer_cfg->destroy(peer_cfg);
|
|
|
|
|
|
|
|
if (!ike_sa)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
diff --git a/src/conftest/actions.c b/src/conftest/actions.c
|
|
|
|
|
|
|
|
index b6b186117..21e329e3e 100644
|
|
|
|
|
|
|
|
--- a/src/conftest/actions.c
|
|
|
|
|
|
|
|
+++ b/src/conftest/actions.c
|
|
|
|
|
|
|
|
@@ -66,7 +66,7 @@ static job_requeue_t initiate(char *config)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
DBG1(DBG_CFG, "initiating IKE_SA for CHILD_SA config '%s'", config);
|
|
|
|
|
|
|
|
charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
|
|
|
|
|
|
|
|
- NULL, NULL, 0, 0, FALSE);
|
|
|
|
|
|
|
|
+ NULL, NULL, NULL, NULL, 0, 0, FALSE);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
else
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c
|
|
|
|
diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c
|
|
|
|
index 027f48e93..9109b20e4 100644
|
|
|
|
index 027f48e93..26501768d 100644
|
|
|
|
--- a/src/libcharon/control/controller.c
|
|
|
|
--- a/src/libcharon/control/controller.c
|
|
|
|
+++ b/src/libcharon/control/controller.c
|
|
|
|
+++ b/src/libcharon/control/controller.c
|
|
|
|
@@ -15,6 +15,28 @@
|
|
|
|
@@ -1,4 +1,6 @@
|
|
|
|
* for more details.
|
|
|
|
/*
|
|
|
|
*/
|
|
|
|
+ * Copyright (C) 2023 Zoran Peričić <zpericic@netst.org>
|
|
|
|
|
|
|
|
|
|
|
|
+/*
|
|
|
|
|
|
|
|
+ * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi>
|
|
|
|
+ * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi>
|
|
|
|
+ *
|
|
|
|
* Copyright (C) 2011-2023 Tobias Brunner
|
|
|
|
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
* Copyright (C) 2007-2011 Martin Willi
|
|
|
|
+ * of this software and associated documentation files (the "Software"), to deal
|
|
|
|
*
|
|
|
|
+ * in the Software without restriction, including without limitation the rights
|
|
|
|
@@ -107,6 +109,16 @@ struct interface_listener_t {
|
|
|
|
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
|
|
|
|
+ * copies of the Software, and to permit persons to whom the Software is
|
|
|
|
|
|
|
|
+ * furnished to do so, subject to the following conditions:
|
|
|
|
|
|
|
|
+ *
|
|
|
|
|
|
|
|
+ * The above copyright notice and this permission notice shall be included in
|
|
|
|
|
|
|
|
+ * all copies or substantial portions of the Software.
|
|
|
|
|
|
|
|
+ *
|
|
|
|
|
|
|
|
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
|
|
|
|
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
|
|
|
|
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
|
|
|
|
|
|
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
|
|
|
|
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
|
|
|
|
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
|
|
|
|
|
|
+ * THE SOFTWARE.
|
|
|
|
|
|
|
|
+ */
|
|
|
|
|
|
|
|
+
|
|
|
|
|
|
|
|
#include "controller.h"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
|
|
|
@@ -107,6 +129,16 @@ struct interface_listener_t {
|
|
|
|
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
ike_sa_t *ike_sa;
|
|
|
|
ike_sa_t *ike_sa;
|
|
|
|
|
|
|
|
|
|
|
|
@@ -126,15 +48,16 @@ index 027f48e93..9109b20e4 100644
|
|
|
|
/**
|
|
|
|
/**
|
|
|
|
* unique ID, used for various methods
|
|
|
|
* unique ID, used for various methods
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
@@ -417,10 +449,16 @@ METHOD(job_t, initiate_execute, job_requeue_t,
|
|
|
|
@@ -417,10 +429,16 @@ METHOD(job_t, initiate_execute, job_requeue_t,
|
|
|
|
ike_sa_t *ike_sa;
|
|
|
|
ike_sa_t *ike_sa;
|
|
|
|
interface_listener_t *listener = &job->listener;
|
|
|
|
interface_listener_t *listener = &job->listener;
|
|
|
|
peer_cfg_t *peer_cfg = listener->peer_cfg;
|
|
|
|
peer_cfg_t *peer_cfg = listener->peer_cfg;
|
|
|
|
+ host_t *my_host = listener->my_host;
|
|
|
|
+ host_t *my_host = listener->my_host;
|
|
|
|
+ host_t *other_host = listener->other_host;
|
|
|
|
+ host_t *other_host = listener->other_host;
|
|
|
|
|
|
|
|
|
|
|
|
ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager,
|
|
|
|
- ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager,
|
|
|
|
- peer_cfg);
|
|
|
|
- peer_cfg);
|
|
|
|
|
|
|
|
+ ike_sa = charon->ike_sa_manager->checkout_by_config2(charon->ike_sa_manager,
|
|
|
|
+ peer_cfg, my_host, other_host);
|
|
|
|
+ peer_cfg, my_host, other_host);
|
|
|
|
peer_cfg->destroy(peer_cfg);
|
|
|
|
peer_cfg->destroy(peer_cfg);
|
|
|
|
+
|
|
|
|
+
|
|
|
|
@@ -144,15 +67,23 @@ index 027f48e93..9109b20e4 100644
|
|
|
|
if (!ike_sa)
|
|
|
|
if (!ike_sa)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
DESTROY_IF(listener->child_cfg);
|
|
|
|
DESTROY_IF(listener->child_cfg);
|
|
|
|
@@ -499,6 +537,7 @@ METHOD(job_t, initiate_execute, job_requeue_t,
|
|
|
|
@@ -501,6 +519,15 @@ METHOD(controller_t, initiate, status_t,
|
|
|
|
|
|
|
|
|
|
|
|
METHOD(controller_t, initiate, status_t,
|
|
|
|
|
|
|
|
private_controller_t *this, peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
|
|
|
|
private_controller_t *this, peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
|
|
|
|
+ host_t *my_host, host_t *other_host,
|
|
|
|
|
|
|
|
controller_cb_t callback, void *param, level_t max_level, u_int timeout,
|
|
|
|
controller_cb_t callback, void *param, level_t max_level, u_int timeout,
|
|
|
|
bool limits)
|
|
|
|
bool limits)
|
|
|
|
|
|
|
|
+{
|
|
|
|
|
|
|
|
+ return this->public.initiate2(this, peer_cfg, child_cfg, NULL, NULL, callback, param, max_level, timeout, limits);
|
|
|
|
|
|
|
|
+}
|
|
|
|
|
|
|
|
+
|
|
|
|
|
|
|
|
+METHOD(controller_t, initiate2, status_t,
|
|
|
|
|
|
|
|
+ private_controller_t *this, peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
|
|
|
|
|
|
|
|
+ host_t *my_host, host_t *other_host,
|
|
|
|
|
|
|
|
+ controller_cb_t callback, void *param, level_t max_level, u_int timeout,
|
|
|
|
|
|
|
|
+ bool limits)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
@@ -523,6 +562,8 @@ METHOD(controller_t, initiate, status_t,
|
|
|
|
interface_job_t *job;
|
|
|
|
|
|
|
|
status_t status;
|
|
|
|
|
|
|
|
@@ -523,6 +550,8 @@ METHOD(controller_t, initiate, status_t,
|
|
|
|
.status = FAILED,
|
|
|
|
.status = FAILED,
|
|
|
|
.child_cfg = child_cfg,
|
|
|
|
.child_cfg = child_cfg,
|
|
|
|
.peer_cfg = peer_cfg,
|
|
|
|
.peer_cfg = peer_cfg,
|
|
|
|
@@ -161,162 +92,65 @@ index 027f48e93..9109b20e4 100644
|
|
|
|
.lock = spinlock_create(),
|
|
|
|
.lock = spinlock_create(),
|
|
|
|
.options.limits = limits,
|
|
|
|
.options.limits = limits,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
|
|
|
|
@@ -770,6 +799,7 @@ controller_t *controller_create(void)
|
|
|
|
|
|
|
|
.public = {
|
|
|
|
|
|
|
|
.create_ike_sa_enumerator = _create_ike_sa_enumerator,
|
|
|
|
|
|
|
|
.initiate = _initiate,
|
|
|
|
|
|
|
|
+ .initiate2 = _initiate2,
|
|
|
|
|
|
|
|
.terminate_ike = _terminate_ike,
|
|
|
|
|
|
|
|
.terminate_child = _terminate_child,
|
|
|
|
|
|
|
|
.destroy = _destroy,
|
|
|
|
diff --git a/src/libcharon/control/controller.h b/src/libcharon/control/controller.h
|
|
|
|
diff --git a/src/libcharon/control/controller.h b/src/libcharon/control/controller.h
|
|
|
|
index 36a1d4631..a130fbb6b 100644
|
|
|
|
index 36a1d4631..f5c60e2e7 100644
|
|
|
|
--- a/src/libcharon/control/controller.h
|
|
|
|
--- a/src/libcharon/control/controller.h
|
|
|
|
+++ b/src/libcharon/control/controller.h
|
|
|
|
+++ b/src/libcharon/control/controller.h
|
|
|
|
@@ -81,6 +81,8 @@ struct controller_t {
|
|
|
|
@@ -98,6 +98,34 @@ struct controller_t {
|
|
|
|
*
|
|
|
|
|
|
|
|
* @param peer_cfg peer_cfg to use for IKE_SA setup
|
|
|
|
|
|
|
|
* @param child_cfg optional child_cfg to set up CHILD_SA from
|
|
|
|
|
|
|
|
+ * @param my_host optional address hint for source
|
|
|
|
|
|
|
|
+ * @param other_host optional address hint for destination
|
|
|
|
|
|
|
|
* @param cb logging callback
|
|
|
|
|
|
|
|
* @param param parameter to include in each call of cb
|
|
|
|
|
|
|
|
* @param max_level maximum log level for which cb is invoked
|
|
|
|
|
|
|
|
@@ -95,6 +97,7 @@ struct controller_t {
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
status_t (*initiate)(controller_t *this,
|
|
|
|
|
|
|
|
peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
|
|
|
|
|
|
|
|
+ host_t *my_host, host_t *other_host,
|
|
|
|
|
|
|
|
controller_cb_t callback, void *param,
|
|
|
|
controller_cb_t callback, void *param,
|
|
|
|
level_t max_level, u_int timeout, bool limits);
|
|
|
|
level_t max_level, u_int timeout, bool limits);
|
|
|
|
|
|
|
|
|
|
|
|
diff --git a/src/libcharon/plugins/load_tester/load_tester_control.c b/src/libcharon/plugins/load_tester/load_tester_control.c
|
|
|
|
+ /**
|
|
|
|
index b5356289a..ddef85b4a 100644
|
|
|
|
+ * Initiate a CHILD_SA, and if required, an IKE_SA.
|
|
|
|
--- a/src/libcharon/plugins/load_tester/load_tester_control.c
|
|
|
|
+ *
|
|
|
|
+++ b/src/libcharon/plugins/load_tester/load_tester_control.c
|
|
|
|
+ * If a callback is provided the function is synchronous and thus blocks
|
|
|
|
@@ -240,6 +240,7 @@ static bool on_accept(private_load_tester_control_t *this, stream_t *io)
|
|
|
|
+ * until the IKE_SA is established or failed.
|
|
|
|
|
|
|
|
+ *
|
|
|
|
switch (charon->controller->initiate(charon->controller,
|
|
|
|
+ * @param peer_cfg peer_cfg to use for IKE_SA setup
|
|
|
|
peer_cfg, child_cfg->get_ref(child_cfg),
|
|
|
|
+ * @param child_cfg optional child_cfg to set up CHILD_SA from
|
|
|
|
+ NULL, NULL,
|
|
|
|
+ * @param my_host optional address hint for source
|
|
|
|
(void*)initiate_cb, listener, LEVEL_CTRL, 0, FALSE))
|
|
|
|
+ * @param other_host optional address hint for destination
|
|
|
|
{
|
|
|
|
+ * @param cb logging callback
|
|
|
|
case NEED_MORE:
|
|
|
|
+ * @param param parameter to include in each call of cb
|
|
|
|
diff --git a/src/libcharon/plugins/load_tester/load_tester_plugin.c b/src/libcharon/plugins/load_tester/load_tester_plugin.c
|
|
|
|
+ * @param max_level maximum log level for which cb is invoked
|
|
|
|
index 695e75b83..e3f740281 100644
|
|
|
|
+ * @param timeout timeout in ms to wait for callbacks, 0 to disable
|
|
|
|
--- a/src/libcharon/plugins/load_tester/load_tester_plugin.c
|
|
|
|
+ * @param limits whether to check limits regarding IKE_SA initiation
|
|
|
|
+++ b/src/libcharon/plugins/load_tester/load_tester_plugin.c
|
|
|
|
+ * @return
|
|
|
|
@@ -152,6 +152,7 @@ static job_requeue_t do_load_test(private_load_tester_plugin_t *this)
|
|
|
|
+ * - SUCCESS, if CHILD_SA established
|
|
|
|
|
|
|
|
+ * - FAILED, if setup failed
|
|
|
|
charon->controller->initiate(charon->controller,
|
|
|
|
+ * - NEED_MORE, if callback returned FALSE
|
|
|
|
peer_cfg, child_cfg->get_ref(child_cfg),
|
|
|
|
+ * - OUT_OF_RES if timed out
|
|
|
|
+ NULL, NULL,
|
|
|
|
+ * - INVALID_STATE if limits prevented initiation
|
|
|
|
NULL, NULL, 0, 0, FALSE);
|
|
|
|
+ */
|
|
|
|
if (s)
|
|
|
|
+ status_t (*initiate2)(controller_t *this,
|
|
|
|
{
|
|
|
|
+ peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
|
|
|
|
diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c
|
|
|
|
+ host_t *my_host, host_t *other_host,
|
|
|
|
index 59a9358a1..6e322a9c1 100644
|
|
|
|
+ controller_cb_t callback, void *param,
|
|
|
|
--- a/src/libcharon/plugins/medcli/medcli_config.c
|
|
|
|
+ level_t max_level, u_int timeout, bool limits);
|
|
|
|
+++ b/src/libcharon/plugins/medcli/medcli_config.c
|
|
|
|
+
|
|
|
|
@@ -350,7 +350,7 @@ static job_requeue_t initiate_config(peer_cfg_t *peer_cfg)
|
|
|
|
/**
|
|
|
|
peer_cfg->get_ref(peer_cfg);
|
|
|
|
* Terminate an IKE_SA and all of its CHILD_SAs.
|
|
|
|
enumerator->destroy(enumerator);
|
|
|
|
*
|
|
|
|
charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
|
|
|
|
|
|
|
|
- NULL, NULL, 0, 0, FALSE);
|
|
|
|
|
|
|
|
+ NULL, NULL, NULL, NULL, 0, 0, FALSE);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
else
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
diff --git a/src/libcharon/plugins/smp/smp.c b/src/libcharon/plugins/smp/smp.c
|
|
|
|
|
|
|
|
index 6ca9f1399..31a4e1d63 100644
|
|
|
|
|
|
|
|
--- a/src/libcharon/plugins/smp/smp.c
|
|
|
|
|
|
|
|
+++ b/src/libcharon/plugins/smp/smp.c
|
|
|
|
|
|
|
|
@@ -495,7 +495,8 @@ static void request_control_initiate(xmlTextReaderPtr reader,
|
|
|
|
|
|
|
|
if (child)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
status = charon->controller->initiate(charon->controller,
|
|
|
|
|
|
|
|
- peer, child, (controller_cb_t)xml_callback,
|
|
|
|
|
|
|
|
+ peer, child, NULL, NULL,
|
|
|
|
|
|
|
|
+ (controller_cb_t)xml_callback,
|
|
|
|
|
|
|
|
writer, LEVEL_CTRL, 0, FALSE);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
else
|
|
|
|
|
|
|
|
diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c
|
|
|
|
|
|
|
|
index 2824c93cb..21ff6b31f 100644
|
|
|
|
|
|
|
|
--- a/src/libcharon/plugins/stroke/stroke_control.c
|
|
|
|
|
|
|
|
+++ b/src/libcharon/plugins/stroke/stroke_control.c
|
|
|
|
|
|
|
|
@@ -109,7 +109,7 @@ static void charon_initiate(private_stroke_control_t *this, peer_cfg_t *peer_cfg
|
|
|
|
|
|
|
|
if (msg->output_verbosity < 0)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
|
|
|
|
|
|
|
|
- NULL, NULL, 0, 0, FALSE);
|
|
|
|
|
|
|
|
+ NULL, NULL, NULL, NULL, 0, 0, FALSE);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
else
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
@@ -117,7 +117,8 @@ static void charon_initiate(private_stroke_control_t *this, peer_cfg_t *peer_cfg
|
|
|
|
|
|
|
|
status_t status;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
status = charon->controller->initiate(charon->controller,
|
|
|
|
|
|
|
|
- peer_cfg, child_cfg, (controller_cb_t)stroke_log,
|
|
|
|
|
|
|
|
+ peer_cfg, child_cfg, NULL, NULL,
|
|
|
|
|
|
|
|
+ (controller_cb_t)stroke_log,
|
|
|
|
|
|
|
|
&info, msg->output_verbosity, this->timeout, FALSE);
|
|
|
|
|
|
|
|
switch (status)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
diff --git a/src/libcharon/plugins/uci/uci_control.c b/src/libcharon/plugins/uci/uci_control.c
|
|
|
|
|
|
|
|
index b033c832c..f8d1be745 100644
|
|
|
|
|
|
|
|
--- a/src/libcharon/plugins/uci/uci_control.c
|
|
|
|
|
|
|
|
+++ b/src/libcharon/plugins/uci/uci_control.c
|
|
|
|
|
|
|
|
@@ -147,7 +147,8 @@ static void initiate(private_uci_control_t *this, char *name)
|
|
|
|
|
|
|
|
enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg);
|
|
|
|
|
|
|
|
if (enumerator->enumerate(enumerator, &child_cfg) &&
|
|
|
|
|
|
|
|
charon->controller->initiate(charon->controller, peer_cfg,
|
|
|
|
|
|
|
|
- child_cfg->get_ref(child_cfg), controller_cb_empty,
|
|
|
|
|
|
|
|
+ child_cfg->get_ref(child_cfg), NULL, NULL,
|
|
|
|
|
|
|
|
+ controller_cb_empty,
|
|
|
|
|
|
|
|
NULL, LEVEL_SILENT, 0, FALSE) == SUCCESS)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
write_fifo(this, "connection '%s' established\n", name);
|
|
|
|
|
|
|
|
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
|
|
|
|
|
|
|
|
index c858e9945..a42ebf041 100644
|
|
|
|
|
|
|
|
--- a/src/libcharon/plugins/vici/vici_config.c
|
|
|
|
|
|
|
|
+++ b/src/libcharon/plugins/vici/vici_config.c
|
|
|
|
|
|
|
|
@@ -2277,7 +2277,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg,
|
|
|
|
|
|
|
|
DBG1(DBG_CFG, "initiating '%s'", child_cfg->get_name(child_cfg));
|
|
|
|
|
|
|
|
charon->controller->initiate(charon->controller,
|
|
|
|
|
|
|
|
peer_cfg->get_ref(peer_cfg), child_cfg->get_ref(child_cfg),
|
|
|
|
|
|
|
|
- NULL, NULL, 0, 0, FALSE);
|
|
|
|
|
|
|
|
+ NULL, NULL, NULL, NULL, 0, 0, FALSE);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
|
|
|
|
diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
|
|
|
|
index 1c236d249..b3a76efa2 100644
|
|
|
|
index 1c236d249..932d0cb5a 100644
|
|
|
|
--- a/src/libcharon/plugins/vici/vici_control.c
|
|
|
|
--- a/src/libcharon/plugins/vici/vici_control.c
|
|
|
|
+++ b/src/libcharon/plugins/vici/vici_control.c
|
|
|
|
+++ b/src/libcharon/plugins/vici/vici_control.c
|
|
|
|
@@ -15,6 +15,28 @@
|
|
|
|
@@ -1,4 +1,6 @@
|
|
|
|
* for more details.
|
|
|
|
/*
|
|
|
|
*/
|
|
|
|
+ * Copyright (C) 2023 Zoran Peričić <zpericic@netst.org>
|
|
|
|
|
|
|
|
|
|
|
|
+/*
|
|
|
|
|
|
|
|
+ * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi>
|
|
|
|
+ * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi>
|
|
|
|
+ *
|
|
|
|
* Copyright (C) 2015-2017 Tobias Brunner
|
|
|
|
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
* Copyright (C) 2014 Martin Willi
|
|
|
|
+ * of this software and associated documentation files (the "Software"), to deal
|
|
|
|
*
|
|
|
|
+ * in the Software without restriction, including without limitation the rights
|
|
|
|
@@ -173,9 +175,12 @@ static child_cfg_t* find_child_cfg(char *name, char *pname, peer_cfg_t **out)
|
|
|
|
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
|
|
|
|
+ * copies of the Software, and to permit persons to whom the Software is
|
|
|
|
|
|
|
|
+ * furnished to do so, subject to the following conditions:
|
|
|
|
|
|
|
|
+ *
|
|
|
|
|
|
|
|
+ * The above copyright notice and this permission notice shall be included in
|
|
|
|
|
|
|
|
+ * all copies or substantial portions of the Software.
|
|
|
|
|
|
|
|
+ *
|
|
|
|
|
|
|
|
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
|
|
|
|
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
|
|
|
|
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
|
|
|
|
|
|
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
|
|
|
|
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
|
|
|
|
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
|
|
|
|
|
|
+ * THE SOFTWARE.
|
|
|
|
|
|
|
|
+ */
|
|
|
|
|
|
|
|
+
|
|
|
|
|
|
|
|
#include "vici_control.h"
|
|
|
|
|
|
|
|
#include "vici_builder.h"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@@ -173,9 +195,12 @@ static child_cfg_t* find_child_cfg(char *name, char *pname, peer_cfg_t **out)
|
|
|
|
|
|
|
|
CALLBACK(initiate, vici_message_t*,
|
|
|
|
CALLBACK(initiate, vici_message_t*,
|
|
|
|
private_vici_control_t *this, char *name, u_int id, vici_message_t *request)
|
|
|
|
private_vici_control_t *this, char *name, u_int id, vici_message_t *request)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
@@ -329,7 +163,7 @@ index 1c236d249..b3a76efa2 100644
|
|
|
|
int timeout;
|
|
|
|
int timeout;
|
|
|
|
bool limits;
|
|
|
|
bool limits;
|
|
|
|
controller_cb_t log_cb = NULL;
|
|
|
|
controller_cb_t log_cb = NULL;
|
|
|
|
@@ -189,6 +214,8 @@ CALLBACK(initiate, vici_message_t*,
|
|
|
|
@@ -189,6 +194,8 @@ CALLBACK(initiate, vici_message_t*,
|
|
|
|
timeout = request->get_int(request, 0, "timeout");
|
|
|
|
timeout = request->get_int(request, 0, "timeout");
|
|
|
|
limits = request->get_bool(request, FALSE, "init-limits");
|
|
|
|
limits = request->get_bool(request, FALSE, "init-limits");
|
|
|
|
log.level = request->get_int(request, 1, "loglevel");
|
|
|
|
log.level = request->get_int(request, 1, "loglevel");
|
|
|
|
@@ -338,7 +172,7 @@ index 1c236d249..b3a76efa2 100644
|
|
|
|
|
|
|
|
|
|
|
|
if (!child && !ike)
|
|
|
|
if (!child && !ike)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
@@ -202,28 +229,48 @@ CALLBACK(initiate, vici_message_t*,
|
|
|
|
@@ -202,28 +209,48 @@ CALLBACK(initiate, vici_message_t*,
|
|
|
|
type = child ? "CHILD_SA" : "IKE_SA";
|
|
|
|
type = child ? "CHILD_SA" : "IKE_SA";
|
|
|
|
sa = child ?: ike;
|
|
|
|
sa = child ?: ike;
|
|
|
|
|
|
|
|
|
|
|
|
@@ -362,7 +196,8 @@ index 1c236d249..b3a76efa2 100644
|
|
|
|
+ msg = send_reply(this, "%s config '%s' not found", type, sa);
|
|
|
|
+ msg = send_reply(this, "%s config '%s' not found", type, sa);
|
|
|
|
+ goto ret;
|
|
|
|
+ goto ret;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
switch (charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
|
|
|
|
- switch (charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
|
|
|
|
|
|
|
|
+ switch (charon->controller->initiate2(charon->controller, peer_cfg, child_cfg,
|
|
|
|
+ my_host, other_host,
|
|
|
|
+ my_host, other_host,
|
|
|
|
log_cb, &log, log.level, timeout, limits))
|
|
|
|
log_cb, &log, log.level, timeout, limits))
|
|
|
|
{
|
|
|
|
{
|
|
|
|
@@ -393,75 +228,32 @@ index 1c236d249..b3a76efa2 100644
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
/**
|
|
|
|
diff --git a/src/libcharon/processing/jobs/initiate_mediation_job.c b/src/libcharon/processing/jobs/initiate_mediation_job.c
|
|
|
|
|
|
|
|
index ed493bc76..9a1cdcda4 100644
|
|
|
|
|
|
|
|
--- a/src/libcharon/processing/jobs/initiate_mediation_job.c
|
|
|
|
|
|
|
|
+++ b/src/libcharon/processing/jobs/initiate_mediation_job.c
|
|
|
|
|
|
|
|
@@ -138,6 +138,7 @@ METHOD(job_t, initiate, job_requeue_t,
|
|
|
|
|
|
|
|
mediation_cfg->get_ref(mediation_cfg);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (charon->controller->initiate(charon->controller, mediation_cfg, NULL,
|
|
|
|
|
|
|
|
+ NULL, NULL,
|
|
|
|
|
|
|
|
(controller_cb_t)initiate_callback, this, LEVEL_CTRL,
|
|
|
|
|
|
|
|
0, FALSE) != SUCCESS)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
diff --git a/src/libcharon/processing/jobs/start_action_job.c b/src/libcharon/processing/jobs/start_action_job.c
|
|
|
|
|
|
|
|
index 122e5cee9..dec458c84 100644
|
|
|
|
|
|
|
|
--- a/src/libcharon/processing/jobs/start_action_job.c
|
|
|
|
|
|
|
|
+++ b/src/libcharon/processing/jobs/start_action_job.c
|
|
|
|
|
|
|
|
@@ -84,7 +84,7 @@ METHOD(job_t, execute, job_requeue_t,
|
|
|
|
|
|
|
|
charon->controller->initiate(charon->controller,
|
|
|
|
|
|
|
|
peer_cfg->get_ref(peer_cfg),
|
|
|
|
|
|
|
|
child_cfg->get_ref(child_cfg),
|
|
|
|
|
|
|
|
- NULL, NULL, 0, 0, FALSE);
|
|
|
|
|
|
|
|
+ NULL, NULL, NULL, NULL, 0, 0, FALSE);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
children->destroy(children);
|
|
|
|
|
|
|
|
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
|
|
|
|
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
|
|
|
|
index 7763ae844..3fb9d4c35 100644
|
|
|
|
index 7763ae844..59852f253 100644
|
|
|
|
--- a/src/libcharon/sa/ike_sa_manager.c
|
|
|
|
--- a/src/libcharon/sa/ike_sa_manager.c
|
|
|
|
+++ b/src/libcharon/sa/ike_sa_manager.c
|
|
|
|
+++ b/src/libcharon/sa/ike_sa_manager.c
|
|
|
|
@@ -16,6 +16,28 @@
|
|
|
|
@@ -1,4 +1,6 @@
|
|
|
|
* for more details.
|
|
|
|
/*
|
|
|
|
*/
|
|
|
|
+ * Copyright (C) 2023 Zoran Peričić <zpericic@netst.org>
|
|
|
|
|
|
|
|
|
|
|
|
+/*
|
|
|
|
|
|
|
|
+ * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi>
|
|
|
|
+ * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi>
|
|
|
|
+ *
|
|
|
|
* Copyright (C) 2008-2022 Tobias Brunner
|
|
|
|
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
* Copyright (C) 2005-2011 Martin Willi
|
|
|
|
+ * of this software and associated documentation files (the "Software"), to deal
|
|
|
|
* Copyright (C) 2005 Jan Hutter
|
|
|
|
+ * in the Software without restriction, including without limitation the rights
|
|
|
|
@@ -1499,6 +1501,13 @@ typedef struct {
|
|
|
|
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
|
|
|
|
+ * copies of the Software, and to permit persons to whom the Software is
|
|
|
|
|
|
|
|
+ * furnished to do so, subject to the following conditions:
|
|
|
|
|
|
|
|
+ *
|
|
|
|
|
|
|
|
+ * The above copyright notice and this permission notice shall be included in
|
|
|
|
|
|
|
|
+ * all copies or substantial portions of the Software.
|
|
|
|
|
|
|
|
+ *
|
|
|
|
|
|
|
|
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
|
|
|
|
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
|
|
|
|
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
|
|
|
|
|
|
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
|
|
|
|
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
|
|
|
|
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
|
|
|
|
|
|
+ * THE SOFTWARE.
|
|
|
|
|
|
|
|
+ */
|
|
|
|
|
|
|
|
+
|
|
|
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
#include <inttypes.h>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@@ -1498,7 +1520,8 @@ typedef struct {
|
|
|
|
|
|
|
|
} config_entry_t;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
|
|
|
|
METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
|
|
|
|
- private_ike_sa_manager_t *this, peer_cfg_t *peer_cfg)
|
|
|
|
private_ike_sa_manager_t *this, peer_cfg_t *peer_cfg)
|
|
|
|
|
|
|
|
+{
|
|
|
|
|
|
|
|
+ return this->public.checkout_by_config2(this, peer_cfg, NULL, NULL);
|
|
|
|
|
|
|
|
+}
|
|
|
|
|
|
|
|
+
|
|
|
|
|
|
|
|
+METHOD(ike_sa_manager_t, checkout_by_config2, ike_sa_t*,
|
|
|
|
+ private_ike_sa_manager_t *this, peer_cfg_t *peer_cfg,
|
|
|
|
+ private_ike_sa_manager_t *this, peer_cfg_t *peer_cfg,
|
|
|
|
+ host_t *my_host, host_t *other_host)
|
|
|
|
+ host_t *my_host, host_t *other_host)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
enumerator_t *enumerator;
|
|
|
|
enumerator_t *enumerator;
|
|
|
|
entry_t *entry;
|
|
|
|
entry_t *entry;
|
|
|
|
@@ -1509,7 +1532,16 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
|
|
|
|
@@ -1509,7 +1518,16 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
|
|
|
|
u_int segment;
|
|
|
|
u_int segment;
|
|
|
|
int i;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
|
|
@@ -479,7 +271,7 @@ index 7763ae844..3fb9d4c35 100644
|
|
|
|
|
|
|
|
|
|
|
|
if (!this->reuse_ikesa && peer_cfg->get_ike_version(peer_cfg) != IKEV1)
|
|
|
|
if (!this->reuse_ikesa && peer_cfg->get_ike_version(peer_cfg) != IKEV1)
|
|
|
|
{ /* IKE_SA reuse disabled by config (not possible for IKEv1) */
|
|
|
|
{ /* IKE_SA reuse disabled by config (not possible for IKEv1) */
|
|
|
|
@@ -1567,6 +1599,15 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
|
|
|
|
@@ -1567,6 +1585,15 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
|
|
|
|
continue;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@@ -495,7 +287,7 @@ index 7763ae844..3fb9d4c35 100644
|
|
|
|
current_peer = entry->ike_sa->get_peer_cfg(entry->ike_sa);
|
|
|
|
current_peer = entry->ike_sa->get_peer_cfg(entry->ike_sa);
|
|
|
|
if (current_peer && current_peer->equals(current_peer, peer_cfg))
|
|
|
|
if (current_peer && current_peer->equals(current_peer, peer_cfg))
|
|
|
|
{
|
|
|
|
{
|
|
|
|
@@ -1593,6 +1634,10 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
|
|
|
|
@@ -1593,6 +1620,10 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
|
|
|
|
{
|
|
|
|
{
|
|
|
|
ike_sa->set_peer_cfg(ike_sa, peer_cfg);
|
|
|
|
ike_sa->set_peer_cfg(ike_sa, peer_cfg);
|
|
|
|
checkout_new(this, ike_sa);
|
|
|
|
checkout_new(this, ike_sa);
|
|
|
|
@@ -506,8 +298,16 @@ index 7763ae844..3fb9d4c35 100644
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
charon->bus->set_sa(charon->bus, ike_sa);
|
|
|
|
charon->bus->set_sa(charon->bus, ike_sa);
|
|
|
|
|
|
|
|
@@ -2558,6 +2589,7 @@ ike_sa_manager_t *ike_sa_manager_create()
|
|
|
|
|
|
|
|
.checkout = _checkout,
|
|
|
|
|
|
|
|
.checkout_by_message = _checkout_by_message,
|
|
|
|
|
|
|
|
.checkout_by_config = _checkout_by_config,
|
|
|
|
|
|
|
|
+ .checkout_by_config2 = _checkout_by_config,
|
|
|
|
|
|
|
|
.checkout_by_id = _checkout_by_id,
|
|
|
|
|
|
|
|
.checkout_by_name = _checkout_by_name,
|
|
|
|
|
|
|
|
.new_initiator_spi = _new_initiator_spi,
|
|
|
|
diff --git a/src/libcharon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h
|
|
|
|
diff --git a/src/libcharon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h
|
|
|
|
index 004cc2216..56ef869be 100644
|
|
|
|
index 004cc2216..d001f5a80 100644
|
|
|
|
--- a/src/libcharon/sa/ike_sa_manager.h
|
|
|
|
--- a/src/libcharon/sa/ike_sa_manager.h
|
|
|
|
+++ b/src/libcharon/sa/ike_sa_manager.h
|
|
|
|
+++ b/src/libcharon/sa/ike_sa_manager.h
|
|
|
|
@@ -123,7 +123,8 @@ struct ike_sa_manager_t {
|
|
|
|
@@ -123,7 +123,8 @@ struct ike_sa_manager_t {
|
|
|
|
@@ -520,22 +320,37 @@ index 004cc2216..56ef869be 100644
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* To initiate, a CHILD_SA may be established within an existing IKE_SA.
|
|
|
|
* To initiate, a CHILD_SA may be established within an existing IKE_SA.
|
|
|
|
* This call checks for an existing IKE_SA by comparing the configuration.
|
|
|
|
* This call checks for an existing IKE_SA by comparing the configuration.
|
|
|
|
@@ -136,9 +137,12 @@ struct ike_sa_manager_t {
|
|
|
|
@@ -140,6 +141,28 @@ struct ike_sa_manager_t {
|
|
|
|
* @note The peer_config is always set on the returned IKE_SA.
|
|
|
|
*/
|
|
|
|
*
|
|
|
|
ike_sa_t *(*checkout_by_config)(ike_sa_manager_t* this, peer_cfg_t *peer_cfg);
|
|
|
|
* @param peer_cfg configuration used to find an existing IKE_SA
|
|
|
|
|
|
|
|
|
|
|
|
+ /**
|
|
|
|
|
|
|
|
+ * Checkout an IKE_SA for initiation by a peer_config and optional
|
|
|
|
|
|
|
|
+ * source and remote host addresses.
|
|
|
|
|
|
|
|
+ *
|
|
|
|
|
|
|
|
+ * To initiate, a CHILD_SA may be established within an existing IKE_SA.
|
|
|
|
|
|
|
|
+ * This call checks for an existing IKE_SA by comparing the configuration.
|
|
|
|
|
|
|
|
+ * If the CHILD_SA can be created in an existing IKE_SA, the matching SA
|
|
|
|
|
|
|
|
+ * is returned.
|
|
|
|
|
|
|
|
+ * If no IKE_SA is found, a new one is created and registered in the
|
|
|
|
|
|
|
|
+ * manager. This is also the case when the found IKE_SA is in an unusable
|
|
|
|
|
|
|
|
+ * state (e.g. DELETING).
|
|
|
|
|
|
|
|
+ *
|
|
|
|
|
|
|
|
+ * @note The peer_config is always set on the returned IKE_SA.
|
|
|
|
|
|
|
|
+ *
|
|
|
|
|
|
|
|
+ * @param peer_cfg configuration used to find an existing IKE_SA
|
|
|
|
+ * @param my_host source host address for wildcard peer_cfg
|
|
|
|
+ * @param my_host source host address for wildcard peer_cfg
|
|
|
|
+ * @param other_host remote host address for wildcard peer_cfg
|
|
|
|
+ * @param other_host remote host address for wildcard peer_cfg
|
|
|
|
* @return checked out/created IKE_SA
|
|
|
|
+ * @return checked out/created IKE_SA
|
|
|
|
*/
|
|
|
|
+ */
|
|
|
|
- ike_sa_t *(*checkout_by_config)(ike_sa_manager_t* this, peer_cfg_t *peer_cfg);
|
|
|
|
+ ike_sa_t *(*checkout_by_config2)(ike_sa_manager_t* this, peer_cfg_t *peer_cfg,
|
|
|
|
+ ike_sa_t *(*checkout_by_config)(ike_sa_manager_t* this, peer_cfg_t *peer_cfg,
|
|
|
|
|
|
|
|
+ host_t *my_host, host_t *other_host);
|
|
|
|
+ host_t *my_host, host_t *other_host);
|
|
|
|
|
|
|
|
+
|
|
|
|
/**
|
|
|
|
/**
|
|
|
|
* Reset initiator SPI.
|
|
|
|
* Reset initiator SPI.
|
|
|
|
|
|
|
|
*
|
|
|
|
diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c
|
|
|
|
diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c
|
|
|
|
index 1b85c66a5..f8c87437f 100644
|
|
|
|
index 1b85c66a5..bbc480c0c 100644
|
|
|
|
--- a/src/libcharon/sa/trap_manager.c
|
|
|
|
--- a/src/libcharon/sa/trap_manager.c
|
|
|
|
+++ b/src/libcharon/sa/trap_manager.c
|
|
|
|
+++ b/src/libcharon/sa/trap_manager.c
|
|
|
|
@@ -523,7 +523,7 @@ METHOD(trap_manager_t, acquire, void,
|
|
|
|
@@ -523,7 +523,7 @@ METHOD(trap_manager_t, acquire, void,
|
|
|
|
@@ -592,7 +407,7 @@ index 1b85c66a5..f8c87437f 100644
|
|
|
|
+ data->src->to_subnet(data->src, &my_host, &mask);
|
|
|
|
+ data->src->to_subnet(data->src, &my_host, &mask);
|
|
|
|
+ my_host->set_port(my_host, port);
|
|
|
|
+ my_host->set_port(my_host, port);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
+ ike_sa = charon->ike_sa_manager->checkout_by_config(
|
|
|
|
+ ike_sa = charon->ike_sa_manager->checkout_by_config2(
|
|
|
|
+ charon->ike_sa_manager, peer,
|
|
|
|
+ charon->ike_sa_manager, peer,
|
|
|
|
+ my_host, other_host);
|
|
|
|
+ my_host, other_host);
|
|
|
|
+ if (my_host) my_host->destroy(my_host);
|
|
|
|
+ if (my_host) my_host->destroy(my_host);
|
|
|
|
@@ -601,39 +416,16 @@ index 1b85c66a5..f8c87437f 100644
|
|
|
|
|
|
|
|
|
|
|
|
if (ike_sa)
|
|
|
|
if (ike_sa)
|
|
|
|
diff --git a/src/swanctl/commands/initiate.c b/src/swanctl/commands/initiate.c
|
|
|
|
diff --git a/src/swanctl/commands/initiate.c b/src/swanctl/commands/initiate.c
|
|
|
|
index e0fffb907..dcaded59d 100644
|
|
|
|
index e0fffb907..c0fc8c595 100644
|
|
|
|
--- a/src/swanctl/commands/initiate.c
|
|
|
|
--- a/src/swanctl/commands/initiate.c
|
|
|
|
+++ b/src/swanctl/commands/initiate.c
|
|
|
|
+++ b/src/swanctl/commands/initiate.c
|
|
|
|
@@ -14,6 +14,28 @@
|
|
|
|
@@ -1,4 +1,5 @@
|
|
|
|
* for more details.
|
|
|
|
/*
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
+/*
|
|
|
|
|
|
|
|
+ * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi>
|
|
|
|
+ * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi>
|
|
|
|
+ *
|
|
|
|
* Copyright (C) 2014 Martin Willi
|
|
|
|
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
*
|
|
|
|
+ * of this software and associated documentation files (the "Software"), to deal
|
|
|
|
* Copyright (C) secunet Security Networks AG
|
|
|
|
+ * in the Software without restriction, including without limitation the rights
|
|
|
|
@@ -38,7 +39,7 @@ static int initiate(vici_conn_t *conn)
|
|
|
|
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
|
|
|
|
+ * copies of the Software, and to permit persons to whom the Software is
|
|
|
|
|
|
|
|
+ * furnished to do so, subject to the following conditions:
|
|
|
|
|
|
|
|
+ *
|
|
|
|
|
|
|
|
+ * The above copyright notice and this permission notice shall be included in
|
|
|
|
|
|
|
|
+ * all copies or substantial portions of the Software.
|
|
|
|
|
|
|
|
+ *
|
|
|
|
|
|
|
|
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
|
|
|
|
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
|
|
|
|
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
|
|
|
|
|
|
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
|
|
|
|
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
|
|
|
|
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
|
|
|
|
|
|
+ * THE SOFTWARE.
|
|
|
|
|
|
|
|
+ */
|
|
|
|
|
|
|
|
+
|
|
|
|
|
|
|
|
#include "command.h"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#include <errno.h>
|
|
|
|
|
|
|
|
@@ -38,7 +60,7 @@ static int initiate(vici_conn_t *conn)
|
|
|
|
|
|
|
|
vici_req_t *req;
|
|
|
|
vici_req_t *req;
|
|
|
|
vici_res_t *res;
|
|
|
|
vici_res_t *res;
|
|
|
|
command_format_options_t format = COMMAND_FORMAT_NONE;
|
|
|
|
command_format_options_t format = COMMAND_FORMAT_NONE;
|
|
|
|
@@ -642,7 +434,7 @@ index e0fffb907..dcaded59d 100644
|
|
|
|
int ret = 0, timeout = 0, level = 1;
|
|
|
|
int ret = 0, timeout = 0, level = 1;
|
|
|
|
|
|
|
|
|
|
|
|
while (TRUE)
|
|
|
|
while (TRUE)
|
|
|
|
@@ -65,6 +87,12 @@ static int initiate(vici_conn_t *conn)
|
|
|
|
@@ -65,6 +66,12 @@ static int initiate(vici_conn_t *conn)
|
|
|
|
case 'l':
|
|
|
|
case 'l':
|
|
|
|
level = atoi(arg);
|
|
|
|
level = atoi(arg);
|
|
|
|
continue;
|
|
|
|
continue;
|
|
|
|
@@ -655,7 +447,7 @@ index e0fffb907..dcaded59d 100644
|
|
|
|
case EOF:
|
|
|
|
case EOF:
|
|
|
|
break;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
default:
|
|
|
|
@@ -88,6 +116,14 @@ static int initiate(vici_conn_t *conn)
|
|
|
|
@@ -88,6 +95,14 @@ static int initiate(vici_conn_t *conn)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
vici_add_key_valuef(req, "ike", "%s", ike);
|
|
|
|
vici_add_key_valuef(req, "ike", "%s", ike);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
@@ -670,7 +462,7 @@ index e0fffb907..dcaded59d 100644
|
|
|
|
if (timeout)
|
|
|
|
if (timeout)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
vici_add_key_valuef(req, "timeout", "%d", timeout * 1000);
|
|
|
|
vici_add_key_valuef(req, "timeout", "%d", timeout * 1000);
|
|
|
|
@@ -134,6 +170,8 @@ static void __attribute__ ((constructor))reg()
|
|
|
|
@@ -134,6 +149,8 @@ static void __attribute__ ((constructor))reg()
|
|
|
|
{"help", 'h', 0, "show usage information"},
|
|
|
|
{"help", 'h', 0, "show usage information"},
|
|
|
|
{"child", 'c', 1, "initiate a CHILD_SA configuration"},
|
|
|
|
{"child", 'c', 1, "initiate a CHILD_SA configuration"},
|
|
|
|
{"ike", 'i', 1, "initiate an IKE_SA, or name of child's parent"},
|
|
|
|
{"ike", 'i', 1, "initiate an IKE_SA, or name of child's parent"},
|
|
|
|
|
