diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2017-05-10 19:04:25 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2017-05-23 16:51:15 +0200 |
| commit | 749ac175fa9052a360c6393c93efbca8d5cc7621 (patch) | |
| tree | 24e9805fe6015ba9ced8b43309539d432285756d | |
| parent | d42948fc057e25624c547649425b19ae4ebfa1e4 (diff) | |
| download | strongswan-749ac175fa9052a360c6393c93efbca8d5cc7621.tar.bz2 strongswan-749ac175fa9052a360c6393c93efbca8d5cc7621.tar.xz | |
child-cfg: Use flags for boolean options
Makes it potentially easier to add new flags.
| -rw-r--r-- | src/charon-nm/nm/nm_service.c | 2 | ||||
| -rw-r--r-- | src/libcharon/config/child_cfg.c | 91 | ||||
| -rw-r--r-- | src/libcharon/config/child_cfg.h | 76 | ||||
| -rw-r--r-- | src/libcharon/plugins/sql/sql_config.c | 4 | ||||
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_config.c | 8 | ||||
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_list.c | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/updown/updown_listener.c | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/vici/vici_config.c | 69 | ||||
| -rw-r--r-- | src/libcharon/plugins/vici/vici_query.c | 2 | ||||
| -rw-r--r-- | src/libcharon/sa/child_sa.c | 16 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev1/tasks/quick_mode.c | 4 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev2/tasks/child_create.c | 6 |
12 files changed, 129 insertions, 153 deletions
diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c index dee538b92..3e8392a57 100644 --- a/src/charon-nm/nm/nm_service.c +++ b/src/charon-nm/nm/nm_service.c @@ -346,7 +346,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, str = nm_setting_vpn_get_data_item(vpn, "encap"); encap = streq(str, "yes"); str = nm_setting_vpn_get_data_item(vpn, "ipcomp"); - child.ipcomp = streq(str, "yes"); + child.options |= streq(str, "yes") ? OPT_IPCOMP : 0; str = nm_setting_vpn_get_data_item(vpn, "method"); if (streq(str, "psk")) { diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index 3c6dd5198..669eedf7a 100644 --- a/src/libcharon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c @@ -1,6 +1,6 @@ /* + * Copyright (C) 2008-2017 Tobias Brunner * Copyright (C) 2016 Andreas Steffen - * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -54,6 +54,11 @@ struct private_child_cfg_t { char *name; /** + * Options + */ + child_cfg_option_t options; + + /** * list for all proposals */ linked_list_t *proposals; @@ -74,11 +79,6 @@ struct private_child_cfg_t { char *updown; /** - * allow host access - */ - bool hostaccess; - - /** * Mode to propose for a initiated CHILD: tunnel/transport */ ipsec_mode_t mode; @@ -104,11 +104,6 @@ struct private_child_cfg_t { lifetime_cfg_t lifetime; /** - * enable IPComp - */ - bool use_ipcomp; - - /** * Inactivity timeout */ uint32_t inactivity; @@ -144,21 +139,6 @@ struct private_child_cfg_t { char *interface; /** - * set up IPsec transport SA in MIPv6 proxy mode - */ - bool proxy_mode; - - /** - * enable installation and removal of kernel IPsec policies - */ - bool install_policy; - - /** - * Install outbound FWD policies - */ - bool fwd_out_policy; - - /** * anti-replay window size */ uint32_t replay_window; @@ -170,6 +150,12 @@ METHOD(child_cfg_t, get_name, char*, return this->name; } +METHOD(child_cfg_t, has_option, bool, + private_child_cfg_t *this, child_cfg_option_t option) +{ + return this->options & option; +} + METHOD(child_cfg_t, add_proposal, void, private_child_cfg_t *this, proposal_t *proposal) { @@ -311,8 +297,9 @@ METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*, { if (hosts && hosts->get_count(hosts)) { /* set hosts if TS is dynamic or as initiator in transport mode */ - bool dynamic = ts1->is_dynamic(ts1); - if (dynamic || (this->mode == MODE_TRANSPORT && !this->proxy_mode && + bool dynamic = ts1->is_dynamic(ts1), + proxy_mode = has_option(this, OPT_PROXY_MODE); + if (dynamic || (this->mode == MODE_TRANSPORT && !proxy_mode && !supplied)) { e2 = hosts->create_enumerator(hosts); @@ -428,12 +415,6 @@ METHOD(child_cfg_t, get_updown, char*, return this->updown; } -METHOD(child_cfg_t, get_hostaccess, bool, - private_child_cfg_t *this) -{ - return this->hostaccess; -} - /** * Applies jitter to the rekey value. Returns the new rekey value. * Note: The distribution of random values is not perfect, but it @@ -508,12 +489,6 @@ METHOD(child_cfg_t, get_dh_group, diffie_hellman_group_t, return dh_group; } -METHOD(child_cfg_t, use_ipcomp, bool, - private_child_cfg_t *this) -{ - return this->use_ipcomp; -} - METHOD(child_cfg_t, get_inactivity, uint32_t, private_child_cfg_t *this) { @@ -562,24 +537,6 @@ METHOD(child_cfg_t, set_replay_window, void, this->replay_window = replay_window; } -METHOD(child_cfg_t, use_proxy_mode, bool, - private_child_cfg_t *this) -{ - return this->proxy_mode; -} - -METHOD(child_cfg_t, install_policy, bool, - private_child_cfg_t *this) -{ - return this->install_policy; -} - -METHOD(child_cfg_t, install_fwd_out_policy, bool, - private_child_cfg_t *this) -{ - return this->fwd_out_policy; -} - #define LT_PART_EQUALS(a, b) ({ a.life == b.life && a.rekey == b.rekey && a.jitter == b.jitter; }) #define LIFETIME_EQUALS(a, b) ({ LT_PART_EQUALS(a.time, b.time) && LT_PART_EQUALS(a.bytes, b.bytes) && LT_PART_EQUALS(a.packets, b.packets); }) @@ -611,13 +568,12 @@ METHOD(child_cfg_t, equals, bool, { return FALSE; } - return this->hostaccess == other->hostaccess && + return this->options == other->options && this->mode == other->mode && this->start_action == other->start_action && this->dpd_action == other->dpd_action && this->close_action == other->close_action && LIFETIME_EQUALS(this->lifetime, other->lifetime) && - this->use_ipcomp == other->use_ipcomp && this->inactivity == other->inactivity && this->reqid == other->reqid && this->mark_in.value == other->mark_in.value && @@ -627,9 +583,6 @@ METHOD(child_cfg_t, equals, bool, this->tfc == other->tfc && this->manual_prio == other->manual_prio && this->replay_window == other->replay_window && - this->proxy_mode == other->proxy_mode && - this->install_policy == other->install_policy && - this->fwd_out_policy == other->fwd_out_policy && streq(this->updown, other->updown) && streq(this->interface, other->interface); } @@ -672,14 +625,12 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data) .get_proposals = _get_proposals, .select_proposal = _select_proposal, .get_updown = _get_updown, - .get_hostaccess = _get_hostaccess, .get_mode = _get_mode, .get_start_action = _get_start_action, .get_dpd_action = _get_dpd_action, .get_close_action = _get_close_action, .get_lifetime = _get_lifetime, .get_dh_group = _get_dh_group, - .use_ipcomp = _use_ipcomp, .get_inactivity = _get_inactivity, .get_reqid = _get_reqid, .get_mark = _get_mark, @@ -688,19 +639,16 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data) .get_interface = _get_interface, .get_replay_window = _get_replay_window, .set_replay_window = _set_replay_window, - .use_proxy_mode = _use_proxy_mode, - .install_policy = _install_policy, - .install_fwd_out_policy = _install_fwd_out_policy, + .has_option = _has_option, .equals = _equals, .get_ref = _get_ref, .destroy = _destroy, }, .name = strdup(name), + .options = data->options, .updown = strdupnull(data->updown), - .hostaccess = data->hostaccess, .reqid = data->reqid, .mode = data->mode, - .proxy_mode = data->proxy_mode, .start_action = data->start_action, .dpd_action = data->dpd_action, .close_action = data->close_action, @@ -708,12 +656,9 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data) .mark_out = data->mark_out, .lifetime = data->lifetime, .inactivity = data->inactivity, - .use_ipcomp = data->ipcomp, .tfc = data->tfc, .manual_prio = data->priority, .interface = strdupnull(data->interface), - .install_policy = !data->suppress_policies, - .fwd_out_policy = data->fwd_out_policies, .refcount = 1, .proposals = linked_list_create(), .my_ts = linked_list_create(), diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index b85bfd9bc..7985c3cf6 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -1,6 +1,6 @@ /* + * Copyright (C) 2008-2017 Tobias Brunner * Copyright (C) 2016 Andreas Steffen - * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -25,6 +25,7 @@ #define CHILD_CFG_H_ typedef enum action_t action_t; +typedef enum child_cfg_option_t child_cfg_option_t; typedef struct child_cfg_t child_cfg_t; typedef struct child_cfg_create_t child_cfg_create_t; @@ -147,13 +148,6 @@ struct child_cfg_t { char* (*get_updown)(child_cfg_t *this); /** - * Should we allow access to the local host (gateway)? - * - * @return value of hostaccess flag - */ - bool (*get_hostaccess) (child_cfg_t *this); - - /** * Get the lifetime configuration of a CHILD_SA. * * The rekey limits automatically contain a jitter to avoid simultaneous @@ -203,14 +197,6 @@ struct child_cfg_t { diffie_hellman_group_t (*get_dh_group)(child_cfg_t *this); /** - * Check whether IPComp should be used, if the other peer supports it. - * - * @return TRUE, if IPComp should be used - * FALSE, otherwise - */ - bool (*use_ipcomp)(child_cfg_t *this); - - /** * Get the inactivity timeout value. * * @return inactivity timeout in s @@ -263,33 +249,17 @@ struct child_cfg_t { /** * Set anti-replay window size * - * @param window anti-replay window size + * @param window anti-replay window size */ void (*set_replay_window)(child_cfg_t *this, uint32_t window); /** - * Check whether IPsec transport SA should be set up in proxy mode. - * - * @return TRUE, if proxy mode should be used - * FALSE, otherwise - */ - bool (*use_proxy_mode)(child_cfg_t *this); - - /** - * Check whether IPsec policies should be installed in the kernel. - * - * @return TRUE, if IPsec kernel policies should be installed - * FALSE, otherwise - */ - bool (*install_policy)(child_cfg_t *this); - - /** - * Check whether outbound FWD IPsec policies should be installed. + * Check if an option flag is set. * - * @return TRUE, if outbound FWD policies should be installed - * FALSE, otherwise + * @param option option flag to check + * @return TRUE if option flag set, FALSE otherwise */ - bool (*install_fwd_out_policy)(child_cfg_t *this); + bool (*has_option)(child_cfg_t *this, child_cfg_option_t option); /** * Check if two child_cfg objects are equal. @@ -315,11 +285,33 @@ struct child_cfg_t { void (*destroy) (child_cfg_t *this); }; +/** + * Option flags that may be set on a child_cfg_t object + */ +enum child_cfg_option_t { + + /** Use IPsec transport proxy mode */ + OPT_PROXY_MODE = (1<<0), + + /** Use IPComp, if peer supports it */ + OPT_IPCOMP = (1<<1), + + /** Allow access to the local host */ + OPT_HOSTACCESS = (1<<2), + + /** Don't install any IPsec policies */ + OPT_NO_POLICIES = (1<<3), + + /** Install outbound FWD IPsec policies to bypass drop policies */ + OPT_FWD_OUT_POLICIES = (1<<4), +}; /** * Data passed to the constructor of a child_cfg_t object. */ struct child_cfg_create_t { + /** Options set for CHILD_SA */ + child_cfg_option_t options; /** Specific reqid to use for CHILD_SA, 0 for auto assignment */ uint32_t reqid; /** Optional inbound mark */ @@ -328,10 +320,6 @@ struct child_cfg_create_t { mark_t mark_out; /** Mode to propose for CHILD_SA */ ipsec_mode_t mode; - /** Use IPsec transport proxy mode */ - bool proxy_mode; - /** Use IPComp, if peer supports it */ - bool ipcomp; /** TFC padding size, 0 to disable, -1 to pad to PMTU */ uint32_t tfc; /** Optional manually-set IPsec policy priority */ @@ -350,12 +338,6 @@ struct child_cfg_create_t { action_t close_action; /** updown script to execute on up/down event (cloned) */ char *updown; - /** TRUE to allow access to the local host */ - bool hostaccess; - /** Don't install IPsec policies */ - bool suppress_policies; - /** Install outbound FWD IPsec policies to bypass drop policies */ - bool fwd_out_policies; }; /** diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index 88cac7f26..cf7c3b814 100644 --- a/src/libcharon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -173,7 +173,8 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e) child_cfg_create_t child = { .mode = mode, .reqid = reqid, - .ipcomp = ipcomp, + .options = (ipcomp ? OPT_IPCOMP : 0) | + (hostaccess ? OPT_HOSTACCESS : 0), .lifetime = { .time = { .life = lifetime, .rekey = rekeytime, .jitter = jitter @@ -183,7 +184,6 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e) .dpd_action = dpd, .close_action = close, .updown = updown, - .hostaccess = hostaccess, }; child_cfg = child_cfg_create(name, &child); add_esp_proposals(this, child_cfg, id); diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index bbdc2116d..a9d073684 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -1071,15 +1071,15 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, }, .reqid = msg->add_conn.reqid, .mode = msg->add_conn.mode, - .proxy_mode = msg->add_conn.proxy_mode, - .ipcomp = msg->add_conn.ipcomp, + .options = (msg->add_conn.proxy_mode ? OPT_PROXY_MODE : 0) | + (msg->add_conn.ipcomp ? OPT_IPCOMP : 0) | + (msg->add_conn.me.hostaccess ? OPT_HOSTACCESS : 0) | + (msg->add_conn.install_policy ? 0 : OPT_NO_POLICIES), .tfc = msg->add_conn.tfc, .inactivity = msg->add_conn.inactivity, .dpd_action = map_action(msg->add_conn.dpd.action), .close_action = map_action(msg->add_conn.close_action), .updown = msg->add_conn.me.updown, - .hostaccess = msg->add_conn.me.hostaccess, - .suppress_policies = !msg->add_conn.install_policy, }; child_cfg = child_cfg_create(msg->add_conn.name, &child); diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c index 92e368669..a33316658 100644 --- a/src/libcharon/plugins/stroke/stroke_list.c +++ b/src/libcharon/plugins/stroke/stroke_list.c @@ -218,7 +218,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) child_sa->get_name(child_sa), child_sa->get_unique_id(child_sa), child_sa_state_names, child_sa->get_state(child_sa), ipsec_mode_names, child_sa->get_mode(child_sa), - config->use_proxy_mode(config) ? "_PROXY" : "", + config->has_option(config, OPT_PROXY_MODE) ? "_PROXY" : "", child_sa->get_reqid(child_sa)); if (child_sa->get_state(child_sa) == CHILD_INSTALLED) diff --git a/src/libcharon/plugins/updown/updown_listener.c b/src/libcharon/plugins/updown/updown_listener.c index 6a1581c85..bbefd6a02 100644 --- a/src/libcharon/plugins/updown/updown_listener.c +++ b/src/libcharon/plugins/updown/updown_listener.c @@ -366,7 +366,7 @@ static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa, push_env(envp, countof(envp), "PLUTO_IPCOMP=1"); } push_dns_env(this, ike_sa, envp, countof(envp)); - if (config->get_hostaccess(config)) + if (config->has_option(config, OPT_HOSTACCESS)) { push_env(envp, countof(envp), "PLUTO_HOST_ACCESS=1"); } diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index baa350784..02fb9e27d 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -478,7 +478,6 @@ typedef struct { linked_list_t *remote_ts; uint32_t replay_window; bool policies; - bool policies_fwd_out; child_cfg_create_t cfg; } child_data_t; @@ -500,12 +499,12 @@ static void log_child_data(child_data_t *data, char *name) DBG2(DBG_CFG, " life_packets = %llu", cfg->lifetime.packets.life); DBG2(DBG_CFG, " rand_packets = %llu", cfg->lifetime.packets.jitter); DBG2(DBG_CFG, " updown = %s", cfg->updown); - DBG2(DBG_CFG, " hostaccess = %u", cfg->hostaccess); - DBG2(DBG_CFG, " ipcomp = %u", cfg->ipcomp); + DBG2(DBG_CFG, " hostaccess = %u", cfg->options & OPT_HOSTACCESS); + DBG2(DBG_CFG, " ipcomp = %u", cfg->options & OPT_IPCOMP); DBG2(DBG_CFG, " mode = %N%s", ipsec_mode_names, cfg->mode, - cfg->proxy_mode ? "_PROXY" : ""); + cfg->options & OPT_PROXY_MODE ? "_PROXY" : ""); DBG2(DBG_CFG, " policies = %u", data->policies); - DBG2(DBG_CFG, " policies_fwd_out = %u", data->policies_fwd_out); + DBG2(DBG_CFG, " policies_fwd_out = %u", cfg->options & OPT_FWD_OUT_POLICIES); if (data->replay_window != REPLAY_UNDEFINED) { DBG2(DBG_CFG, " replay_window = %u", data->replay_window); @@ -827,13 +826,62 @@ CALLBACK(parse_mode, bool, if (parse_map(map, countof(map), &d, v)) { cfg->mode = d; - cfg->proxy_mode = (d == MODE_TRANSPORT) && (v.len > 9); + if ((d == MODE_TRANSPORT) && (v.len > 9)) + { + cfg->options |= OPT_PROXY_MODE; + } return TRUE; } return FALSE; } /** + * Enable a child_cfg_option_t + */ +static bool parse_option(child_cfg_option_t *out, child_cfg_option_t opt, + chunk_t v) +{ + bool val; + + if (parse_bool(&val, v)) + { + if (val) + { + *out |= opt; + } + return TRUE; + } + return FALSE; +} + +/** + * Parse OPT_HOSTACCESS option + */ +CALLBACK(parse_opt_haccess, bool, + child_cfg_option_t *out, chunk_t v) +{ + return parse_option(out, OPT_HOSTACCESS, v); +} + +/** + * Parse OPT_FWD_OUT_POLICIES option + */ +CALLBACK(parse_opt_fwd_out, bool, + child_cfg_option_t *out, chunk_t v) +{ + return parse_option(out, OPT_FWD_OUT_POLICIES, v); +} + +/** + * Parse OPT_FWD_OUT_POLICIES option + */ +CALLBACK(parse_opt_ipcomp, bool, + child_cfg_option_t *out, chunk_t v) +{ + return parse_option(out, OPT_IPCOMP, v); +} + +/** * Parse an action_t */ CALLBACK(parse_action, bool, @@ -1466,10 +1514,10 @@ CALLBACK(child_kv, bool, { parse_rule_t rules[] = { { "updown", parse_string, &child->cfg.updown }, - { "hostaccess", parse_bool, &child->cfg.hostaccess }, + { "hostaccess", parse_opt_haccess, &child->cfg.options }, { "mode", parse_mode, &child->cfg }, { "policies", parse_bool, &child->policies }, - { "policies_fwd_out", parse_bool, &child->policies_fwd_out }, + { "policies_fwd_out", parse_opt_fwd_out, &child->cfg.options }, { "replay_window", parse_uint32, &child->replay_window }, { "rekey_time", parse_time, &child->cfg.lifetime.time.rekey }, { "life_time", parse_time, &child->cfg.lifetime.time.life }, @@ -1483,7 +1531,7 @@ CALLBACK(child_kv, bool, { "dpd_action", parse_action, &child->cfg.dpd_action }, { "start_action", parse_action, &child->cfg.start_action }, { "close_action", parse_action, &child->cfg.close_action }, - { "ipcomp", parse_bool, &child->cfg.ipcomp }, + { "ipcomp", parse_opt_ipcomp, &child->cfg.options }, { "inactivity", parse_time, &child->cfg.inactivity }, { "reqid", parse_uint32, &child->cfg.reqid }, { "mark_in", parse_mark, &child->cfg.mark_in }, @@ -1756,8 +1804,7 @@ CALLBACK(children_sn, bool, child.proposals->insert_last(child.proposals, proposal); } } - child.cfg.suppress_policies = !child.policies; - child.cfg.fwd_out_policies = child.policies_fwd_out; + child.cfg.options |= child.policies ? 0 : OPT_NO_POLICIES; check_lifetimes(&child.cfg.lifetime); diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c index c0f4e2de9..2cc59591f 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c @@ -107,7 +107,7 @@ static void list_mode(vici_builder_t *b, child_sa_t *child, child_cfg_t *cfg) cfg = child->get_config(child); } mode = child ? child->get_mode(child) : cfg->get_mode(cfg); - if (mode == MODE_TRANSPORT && cfg->use_proxy_mode(cfg)) + if (mode == MODE_TRANSPORT && cfg->has_option(cfg, OPT_PROXY_MODE)) { /* only report this if the negotiated mode is actually TRANSPORT */ sub_mode = "_PROXY"; } diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index b9dd59b07..a5acb8ac3 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -1052,7 +1052,7 @@ METHOD(child_sa_t, add_policies, status_t, enumerator->destroy(enumerator); array_sort(this->other_ts, (void*)traffic_selector_cmp, NULL); - if (this->config->install_policy(this->config)) + if (!this->config->has_option(this->config, OPT_NO_POLICIES)) { policy_priority_t priority; ipsec_sa_cfg_t my_sa, other_sa; @@ -1134,8 +1134,9 @@ METHOD(child_sa_t, update, status_t, old = this->state; set_state(this, CHILD_UPDATING); - transport_proxy_mode = this->config->use_proxy_mode(this->config) && - this->mode == MODE_TRANSPORT; + transport_proxy_mode = this->mode == MODE_TRANSPORT && + this->config->has_option(this->config, + OPT_PROXY_MODE); if (!transport_proxy_mode) { @@ -1189,7 +1190,8 @@ METHOD(child_sa_t, update, status_t, } } - if (this->config->install_policy(this->config) && require_policy_update()) + if (!this->config->has_option(this->config, OPT_NO_POLICIES) && + require_policy_update()) { if (!me->ip_equals(me, this->my_addr) || !other->ip_equals(other, this->other_addr)) @@ -1287,7 +1289,7 @@ METHOD(child_sa_t, destroy, void, set_state(this, CHILD_DESTROYING); - if (this->config->install_policy(this->config)) + if (!this->config->has_option(this->config, OPT_NO_POLICIES)) { ipsec_sa_cfg_t my_sa, other_sa; uint32_t manual_prio; @@ -1456,7 +1458,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, .mark_in = config->get_mark(config, TRUE), .mark_out = config->get_mark(config, FALSE), .install_time = time_monotonic(NULL), - .policies_fwd_out = config->install_fwd_out_policy(config), + .policies_fwd_out = config->has_option(config, OPT_FWD_OUT_POLICIES), ); this->config = config; @@ -1509,7 +1511,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, /* MIPv6 proxy transport mode sets SA endpoints to TS hosts */ if (config->get_mode(config) == MODE_TRANSPORT && - config->use_proxy_mode(config)) + config->has_option(config, OPT_PROXY_MODE)) { this->mode = MODE_TRANSPORT; diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index bbb885850..d65db2875 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -853,7 +853,7 @@ METHOD(task_t, build_i, status_t, add_nat_oa_payloads(this, message); } - if (this->config->use_ipcomp(this->config)) + if (this->config->has_option(this->config, OPT_IPCOMP)) { this->cpi_i = this->child_sa->alloc_cpi(this->child_sa); if (!this->cpi_i) @@ -1108,7 +1108,7 @@ METHOD(task_t, process_r, status_t, return send_notify(this, INVALID_ID_INFORMATION); } - if (this->config->use_ipcomp(this->config)) + if (this->config->has_option(this->config, OPT_IPCOMP)) { list = sa_payload->get_ipcomp_proposals(sa_payload, &this->cpi_i); diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index 71cb6b8ea..7180bfd13 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -602,7 +602,7 @@ static status_t select_and_install(private_child_create_t *this, switch (this->mode) { case MODE_TRANSPORT: - if (!this->config->use_proxy_mode(this->config) && + if (!this->config->has_option(this->config, OPT_PROXY_MODE) && (!ts_list_is_host(this->tsi, other) || !ts_list_is_host(this->tsr, me)) ) @@ -1073,7 +1073,7 @@ METHOD(task_t, build_i, status_t, this->dh_group); } - if (this->config->use_ipcomp(this->config)) + if (this->config->has_option(this->config, OPT_IPCOMP)) { /* IPCOMP_DEFLATE is the only transform we support at the moment */ add_ipcomp_notify(this, message, IPCOMP_DEFLATE); @@ -1327,7 +1327,7 @@ METHOD(task_t, build_r, status_t, if (this->ipcomp_received != IPCOMP_NONE) { - if (this->config->use_ipcomp(this->config)) + if (this->config->has_option(this->config, OPT_IPCOMP)) { add_ipcomp_notify(this, message, this->ipcomp_received); } |