diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2008-03-26 18:40:19 +0000 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2008-03-26 18:40:19 +0000 |
| commit | dc04b7c743fe6718bd361f13adbbe5436c481486 (patch) | |
| tree | 6e1f3550847a19bebac26609d28cc8858b10c432 | |
| parent | 685232670aa717850f304a5299781520405a419d (diff) | |
| download | strongswan-dc04b7c743fe6718bd361f13adbbe5436c481486.tar.bz2 strongswan-dc04b7c743fe6718bd361f13adbbe5436c481486.tar.xz | |
mediation extension adapted to the naming convention of the current version of the draft. note: the external interface (config, autotools) has not yet been changed
47 files changed, 522 insertions, 522 deletions
diff --git a/configure.in b/configure.in index c13d19b2e..a7a11d238 100644 --- a/configure.in +++ b/configure.in @@ -453,13 +453,13 @@ AM_CONDITIONAL(USE_MANAGER, test x$manager = xtrue) AC_ARG_ENABLE( [p2p], - AS_HELP_STRING([--enable-p2p],[enable peer-to-peer NAT traversal (default is NO).]), + AS_HELP_STRING([--enable-p2p],[enable mediation extensions for IKEv2 (default is NO).]), [if test x$enableval = xyes; then - p2p=true - AC_DEFINE(P2P) + me=true + AC_DEFINE(ME) fi] ) -AM_CONDITIONAL(USE_P2P, test x$p2p = xtrue) +AM_CONDITIONAL(USE_ME, test x$me = xtrue) AC_ARG_ENABLE( [integrity-test], diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am index 0c8650d44..2ce3dfa34 100644 --- a/src/charon/Makefile.am +++ b/src/charon/Makefile.am @@ -98,13 +98,13 @@ else charon_SOURCES += network/socket.c endif -if USE_P2P +if USE_ME charon_SOURCES += encoding/payloads/endpoint_notify.c encoding/payloads/endpoint_notify.h \ processing/jobs/initiate_mediation_job.c processing/jobs/initiate_mediation_job.h \ processing/jobs/mediation_job.c processing/jobs/mediation_job.h \ sa/connect_manager.c sa/connect_manager.h \ sa/mediation_manager.c sa/mediation_manager.h \ - sa/tasks/ike_p2p.c sa/tasks/ike_p2p.h + sa/tasks/ike_me.c sa/tasks/ike_me.h endif INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon diff --git a/src/charon/config/peer_cfg.c b/src/charon/config/peer_cfg.c index 3b6febc93..9e11f883e 100644 --- a/src/charon/config/peer_cfg.c +++ b/src/charon/config/peer_cfg.c @@ -165,23 +165,23 @@ struct private_peer_cfg_t { */ auth_info_t *auth; -#ifdef P2P +#ifdef ME /** * Is this a mediation connection? */ - bool p2p_mediation; + bool mediation; /** * Name of the mediation connection to mediate through */ - peer_cfg_t *p2p_mediated_by; + peer_cfg_t *mediated_by; /** * ID of our peer at the mediation server (= leftid of the peer's conn with * the mediation server) */ identification_t *peer_id; -#endif /* P2P */ +#endif /* ME */ }; /** @@ -435,13 +435,13 @@ static auth_info_t* get_auth(private_peer_cfg_t *this) return this->auth; } -#ifdef P2P +#ifdef ME /** * Implementation of peer_cfg_t.is_mediation. */ static bool is_mediation(private_peer_cfg_t *this) { - return this->p2p_mediation; + return this->mediation; } /** @@ -449,9 +449,9 @@ static bool is_mediation(private_peer_cfg_t *this) */ static peer_cfg_t* get_mediated_by(private_peer_cfg_t *this) { - if (this->p2p_mediated_by) { - this->p2p_mediated_by->get_ref(this->p2p_mediated_by); - return this->p2p_mediated_by; + if (this->mediated_by) { + this->mediated_by->get_ref(this->mediated_by); + return this->mediated_by; } return NULL; } @@ -463,7 +463,7 @@ static identification_t* get_peer_id(private_peer_cfg_t *this) { return this->peer_id; } -#endif /* P2P */ +#endif /* ME */ /** * Implementation of peer_cfg_t.equals. @@ -502,13 +502,13 @@ static bool equals(private_peer_cfg_t *this, private_peer_cfg_t *other) (this->other_virtual_ip && other->other_virtual_ip && this->other_virtual_ip->equals(this->other_virtual_ip, other->other_virtual_ip))) && this->auth->equals(this->auth, other->auth) -#ifdef P2P - && this->p2p_mediation == other->p2p_mediation && - this->p2p_mediated_by == other->p2p_mediated_by && +#ifdef ME + && this->mediation == other->mediation && + this->mediated_by == other->mediated_by && (this->peer_id == other->peer_id || (this->peer_id && other->peer_id && this->peer_id->equals(this->peer_id, other->peer_id))) -#endif /* P2P */ +#endif /* ME */ ); } @@ -534,10 +534,10 @@ static void destroy(private_peer_cfg_t *this) DESTROY_IF(this->my_virtual_ip); DESTROY_IF(this->other_virtual_ip); this->auth->destroy(this->auth); -#ifdef P2P - DESTROY_IF(this->p2p_mediated_by); +#ifdef ME + DESTROY_IF(this->mediated_by); DESTROY_IF(this->peer_id); -#endif /* P2P */ +#endif /* ME */ free(this->name); free(this); } @@ -556,7 +556,7 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg, u_int32_t over_time, bool mobike, u_int32_t dpd_delay, dpd_action_t dpd_action, host_t *my_virtual_ip, host_t *other_virtual_ip, - bool p2p_mediation, peer_cfg_t *p2p_mediated_by, + bool mediation, peer_cfg_t *mediated_by, identification_t *peer_id) { private_peer_cfg_t *this = malloc_thing(private_peer_cfg_t); @@ -587,11 +587,11 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg, this->public.equals = (bool(*)(peer_cfg_t*, peer_cfg_t *other))equals; this->public.get_ref = (void(*)(peer_cfg_t *))get_ref; this->public.destroy = (void(*)(peer_cfg_t *))destroy; -#ifdef P2P +#ifdef ME this->public.is_mediation = (bool (*) (peer_cfg_t *))is_mediation; this->public.get_mediated_by = (peer_cfg_t* (*) (peer_cfg_t *))get_mediated_by; this->public.get_peer_id = (identification_t* (*) (peer_cfg_t *))get_peer_id; -#endif /* P2P */ +#endif /* ME */ /* apply init values */ this->name = strdup(name); @@ -625,14 +625,14 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg, this->other_virtual_ip = other_virtual_ip; this->auth = auth_info_create(); this->refcount = 1; -#ifdef P2P - this->p2p_mediation = p2p_mediation; - this->p2p_mediated_by = p2p_mediated_by; +#ifdef ME + this->mediation = mediation; + this->mediated_by = mediated_by; this->peer_id = peer_id; -#else /* P2P */ - DESTROY_IF(p2p_mediated_by); +#else /* ME */ + DESTROY_IF(mediated_by); DESTROY_IF(peer_id); -#endif /* P2P */ +#endif /* ME */ return &this->public; } diff --git a/src/charon/config/peer_cfg.h b/src/charon/config/peer_cfg.h index 2053ce8e3..e8c0e6063 100644 --- a/src/charon/config/peer_cfg.h +++ b/src/charon/config/peer_cfg.h @@ -292,7 +292,7 @@ struct peer_cfg_t { */ host_t* (*get_other_virtual_ip) (peer_cfg_t *this, host_t *suggestion); -#ifdef P2P +#ifdef ME /** * Is this a mediation connection? * @@ -318,7 +318,7 @@ struct peer_cfg_t { * @return the id of the other peer */ identification_t* (*get_peer_id) (peer_cfg_t *this); -#endif /* P2P */ +#endif /* ME */ /** * Check if two peer configurations are equal. @@ -380,8 +380,8 @@ struct peer_cfg_t { * @param dpd_action what to do with CHILD_SAs when detected a dead peer * @param my_virtual_ip virtual IP for local host, or NULL * @param other_virtual_ip virtual IP for remote host, or NULL - * @param p2p_mediation TRUE if this is a mediation connection - * @param p2p_mediated_by name of the mediation connection to mediate through + * @param mediation TRUE if this is a mediation connection + * @param mediated_by peer_cfg_t of the mediation connection to mediate through * @param peer_id ID that identifies our peer at the mediation server * @return peer_cfg_t object */ @@ -395,7 +395,7 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ikev_version, ike_cfg_t *ike_cfg, u_int32_t over_time, bool mobike, u_int32_t dpd_delay, dpd_action_t dpd_action, host_t *my_virtual_ip, host_t *other_virtual_ip, - bool p2p_mediation, peer_cfg_t *p2p_mediated_by, + bool mediation, peer_cfg_t *mediated_by, identification_t *peer_id); #endif /* PEER_CFG_H_ @} */ diff --git a/src/charon/daemon.c b/src/charon/daemon.c index 122c5cfcc..cc41b1431 100644 --- a/src/charon/daemon.c +++ b/src/charon/daemon.c @@ -180,10 +180,10 @@ static void destroy(private_daemon_t *this) DESTROY_IF(this->public.scheduler); DESTROY_IF(this->public.controller); DESTROY_IF(this->public.eap); -#ifdef P2P +#ifdef ME DESTROY_IF(this->public.connect_manager); DESTROY_IF(this->public.mediation_manager); -#endif /* P2P */ +#endif /* ME */ DESTROY_IF(this->public.backends); DESTROY_IF(this->public.credentials); DESTROY_IF(this->public.sender); @@ -348,14 +348,14 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[]) return FALSE; } -#ifdef P2P +#ifdef ME this->public.connect_manager = connect_manager_create(); if (this->public.connect_manager == NULL) { return FALSE; } this->public.mediation_manager = mediation_manager_create(); -#endif /* P2P */ +#endif /* ME */ this->public.plugins->load(this->public.plugins, IPSEC_PLUGINDIR, "libcharon-"); diff --git a/src/charon/daemon.h b/src/charon/daemon.h index b9c84b2db..9dc29470b 100644 --- a/src/charon/daemon.h +++ b/src/charon/daemon.h @@ -161,10 +161,10 @@ typedef struct daemon_t daemon_t; #include <sa/authenticators/eap/eap_manager.h> #include <plugins/plugin_loader.h> -#ifdef P2P +#ifdef ME #include <sa/connect_manager.h> #include <sa/mediation_manager.h> -#endif /* P2P */ +#endif /* ME */ /** * Name of the daemon. @@ -277,7 +277,7 @@ struct daemon_t { */ eap_manager_t *eap; -#ifdef P2P +#ifdef ME /** * Connect manager */ @@ -287,7 +287,7 @@ struct daemon_t { * Mediation manager */ mediation_manager_t *mediation_manager; -#endif /* P2P */ +#endif /* ME */ /** * Shut down the daemon. diff --git a/src/charon/encoding/message.c b/src/charon/encoding/message.c index 88dafa033..42d169ff4 100644 --- a/src/charon/encoding/message.c +++ b/src/charon/encoding/message.c @@ -207,7 +207,7 @@ static payload_rule_t ike_auth_i_payload_rules[] = { {CERTIFICATE, 0, 4, TRUE, FALSE}, {CERTIFICATE_REQUEST, 0, 1, TRUE, FALSE}, {ID_RESPONDER, 0, 1, TRUE, FALSE}, -#ifdef P2P +#ifdef ME {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE}, {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE}, {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE}, @@ -215,7 +215,7 @@ static payload_rule_t ike_auth_i_payload_rules[] = { {SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE}, {TRAFFIC_SELECTOR_INITIATOR, 1, 1, TRUE, FALSE}, {TRAFFIC_SELECTOR_RESPONDER, 1, 1, TRUE, FALSE}, -#endif /* P2P */ +#endif /* ME */ {CONFIGURATION, 0, 1, TRUE, FALSE}, {VENDOR_ID, 0, 10, TRUE, FALSE}, }; @@ -400,11 +400,11 @@ static payload_order_t create_child_sa_r_payload_order[] = { {NOTIFY, 0}, }; -#ifdef P2P +#ifdef ME /** - * Message rule for P2P_CONNECT from initiator. + * Message rule for ME_CONNECT from initiator. */ -static payload_rule_t p2p_connect_i_payload_rules[] = { +static payload_rule_t me_connect_i_payload_rules[] = { /* payload type min max encr suff */ {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, {ID_PEER, 1, 1, TRUE, FALSE}, @@ -412,9 +412,9 @@ static payload_rule_t p2p_connect_i_payload_rules[] = { }; /** - * payload order for P2P_CONNECT from initiator. + * payload order for ME_CONNECT from initiator. */ -static payload_order_t p2p_connect_i_payload_order[] = { +static payload_order_t me_connect_i_payload_order[] = { /* payload type notify type */ {NOTIFY, 0}, {ID_PEER, 0}, @@ -422,23 +422,23 @@ static payload_order_t p2p_connect_i_payload_order[] = { }; /** - * Message rule for P2P_CONNECT from responder. + * Message rule for ME_CONNECT from responder. */ -static payload_rule_t p2p_connect_r_payload_rules[] = { +static payload_rule_t me_connect_r_payload_rules[] = { /* payload type min max encr suff */ {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, {VENDOR_ID, 0, 10, TRUE, FALSE} }; /** - * payload order for P2P_CONNECT from responder. + * payload order for ME_CONNECT from responder. */ -static payload_order_t p2p_connect_r_payload_order[] = { +static payload_order_t me_connect_r_payload_order[] = { /* payload type notify type */ {NOTIFY, 0}, {VENDOR_ID, 0}, }; -#endif /* P2P */ +#endif /* ME */ /** * Message rules, defines allowed payloads. @@ -492,20 +492,20 @@ static message_rule_t message_rules[] = { (sizeof(create_child_sa_r_payload_order)/sizeof(payload_order_t)), create_child_sa_r_payload_order, }, -#ifdef P2P - {P2P_CONNECT, TRUE, TRUE, - (sizeof(p2p_connect_i_payload_rules)/sizeof(payload_rule_t)), - p2p_connect_i_payload_rules, - (sizeof(p2p_connect_i_payload_order)/sizeof(payload_order_t)), - p2p_connect_i_payload_order, +#ifdef ME + {ME_CONNECT, TRUE, TRUE, + (sizeof(me_connect_i_payload_rules)/sizeof(payload_rule_t)), + me_connect_i_payload_rules, + (sizeof(me_connect_i_payload_order)/sizeof(payload_order_t)), + me_connect_i_payload_order, }, - {P2P_CONNECT, FALSE, TRUE, - (sizeof(p2p_connect_r_payload_rules)/sizeof(payload_rule_t)), - p2p_connect_r_payload_rules, - (sizeof(p2p_connect_r_payload_order)/sizeof(payload_order_t)), - p2p_connect_r_payload_order, + {ME_CONNECT, FALSE, TRUE, + (sizeof(me_connect_r_payload_rules)/sizeof(payload_rule_t)), + me_connect_r_payload_rules, + (sizeof(me_connect_r_payload_order)/sizeof(payload_order_t)), + me_connect_r_payload_order, }, -#endif /* P2P */ +#endif /* ME */ }; diff --git a/src/charon/encoding/payloads/endpoint_notify.c b/src/charon/encoding/payloads/endpoint_notify.c index bef51a249..ed5378ee4 100644 --- a/src/charon/encoding/payloads/endpoint_notify.c +++ b/src/charon/encoding/payloads/endpoint_notify.c @@ -41,12 +41,12 @@ struct private_endpoint_notify_t { /** * Family */ - p2p_endpoint_family_t family; + me_endpoint_family_t family; /** * Endpoint type */ - p2p_endpoint_type_t type; + me_endpoint_type_t type; /** * Endpoint @@ -71,7 +71,7 @@ struct private_endpoint_notify_t { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -ENUM(p2p_endpoint_type_names, HOST, RELAYED, +ENUM(me_endpoint_type_names, HOST, RELAYED, "HOST", "SERVER_REFLEXIVE", "PEER_REFLEXIVE", @@ -115,7 +115,7 @@ static status_t parse_uint32(u_int8_t **cur, u_int8_t *top, u_int32_t *val) } /** - * Parses the notification data of a P2P_ENDPOINT notify + * Parses the notification data of a ME_ENDPOINT notify */ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t data) { @@ -125,29 +125,29 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t u_int8_t *cur = data.ptr; u_int8_t *top = data.ptr + data.len; - DBG3(DBG_IKE, "p2p_endpoint_data %B", &data); + DBG3(DBG_IKE, "me_endpoint_data %B", &data); if (parse_uint32(&cur, top, &this->priority) != SUCCESS) { - DBG1(DBG_IKE, "failed to parse P2P_ENDPOINT: invalid priority"); + DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid priority"); return FAILED; } if (parse_uint8(&cur, top, &family) != SUCCESS || family >= MAX_FAMILY) { - DBG1(DBG_IKE, "failed to parse P2P_ENDPOINT: invalid family"); + DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid family"); return FAILED; } - this->family = (p2p_endpoint_family_t)family; + this->family = (me_endpoint_family_t)family; if (parse_uint8(&cur, top, &type) != SUCCESS || type >= MAX_TYPE) { - DBG1(DBG_IKE, "failed to parse P2P_ENDPOINT: invalid type"); + DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid type"); return FAILED; } - this->type = (p2p_endpoint_type_t)type; + this->type = (me_endpoint_type_t)type; addr_family = AF_INET; addr.len = 4; @@ -161,13 +161,13 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t case IPv4: if (parse_uint16(&cur, top, &port) != SUCCESS) { - DBG1(DBG_IKE, "failed to parse P2P_ENDPOINT: invalid port"); + DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid port"); return FAILED; } if (cur + addr.len > top) { - DBG1(DBG_IKE, "failed to parse P2P_ENDPOINT: invalid IP address"); + DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid IP address"); return FAILED; } @@ -185,7 +185,7 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t /** - * Generates the notification data of a P2P_ENDPOINT notify + * Generates the notification data of a ME_ENDPOINT notify */ static chunk_t build_notification_data(private_endpoint_notify_t *this) { @@ -217,7 +217,7 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this) /* data = prio | family | type | port | addr */ data = chunk_cat("ccccc", prio_chunk, family_chunk, type_chunk, port_chunk, addr_chunk); - DBG3(DBG_IKE, "p2p_endpoint_data %B", &data); + DBG3(DBG_IKE, "me_endpoint_data %B", &data); return data; } @@ -231,7 +231,7 @@ static notify_payload_t *build_notify(private_endpoint_notify_t *this) notify_payload_t *notify; notify = notify_payload_create(); - notify->set_notify_type(notify, P2P_ENDPOINT); + notify->set_notify_type(notify, ME_ENDPOINT); data = build_notification_data(this); notify->set_notification_data(notify, data); chunk_free(&data); @@ -258,7 +258,7 @@ static void set_priority(private_endpoint_notify_t *this, u_int32_t priority) /** * Implementation of endpoint_notify_t.get_type. */ -static p2p_endpoint_type_t get_type(private_endpoint_notify_t *this) +static me_endpoint_type_t get_type(private_endpoint_notify_t *this) { return this->type; } @@ -266,7 +266,7 @@ static p2p_endpoint_type_t get_type(private_endpoint_notify_t *this) /** * Implementation of endpoint_notify_t.get_family. */ -static p2p_endpoint_family_t get_family(private_endpoint_notify_t *this) +static me_endpoint_family_t get_family(private_endpoint_notify_t *this) { return this->family; } @@ -330,8 +330,8 @@ endpoint_notify_t *endpoint_notify_create() /* public functions */ this->public.get_priority = (u_int32_t (*) (endpoint_notify_t *)) get_priority; this->public.set_priority = (void (*) (endpoint_notify_t *, u_int32_t)) set_priority; - this->public.get_type = (p2p_endpoint_type_t (*) (endpoint_notify_t *)) get_type; - this->public.get_family = (p2p_endpoint_family_t (*) (endpoint_notify_t *)) get_family; + this->public.get_type = (me_endpoint_type_t (*) (endpoint_notify_t *)) get_type; + this->public.get_family = (me_endpoint_family_t (*) (endpoint_notify_t *)) get_family; this->public.get_host = (host_t *(*) (endpoint_notify_t *)) get_host; this->public.get_base = (host_t *(*) (endpoint_notify_t *)) get_base; this->public.build_notify = (notify_payload_t *(*) (endpoint_notify_t *)) build_notify; @@ -351,7 +351,7 @@ endpoint_notify_t *endpoint_notify_create() /** * Described in header */ -endpoint_notify_t *endpoint_notify_create_from_host(p2p_endpoint_type_t type, host_t *host, host_t *base) +endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, host_t *host, host_t *base) { private_endpoint_notify_t *this = (private_endpoint_notify_t*)endpoint_notify_create(); @@ -360,17 +360,17 @@ endpoint_notify_t *endpoint_notify_create_from_host(p2p_endpoint_type_t type, ho switch(type) { case HOST: - this->priority = pow(2, 16) * P2P_PRIO_HOST; + this->priority = pow(2, 16) * ME_PRIO_HOST; break; case SERVER_REFLEXIVE: - this->priority = pow(2, 16) * P2P_PRIO_SERVER; + this->priority = pow(2, 16) * ME_PRIO_SERVER; break; case PEER_REFLEXIVE: - this->priority = pow(2, 16) * P2P_PRIO_PEER; + this->priority = pow(2, 16) * ME_PRIO_PEER; break; case RELAYED: default: - this->priority = pow(2, 16) * P2P_PRIO_RELAY; + this->priority = pow(2, 16) * ME_PRIO_RELAY; break; } @@ -410,7 +410,7 @@ endpoint_notify_t *endpoint_notify_create_from_host(p2p_endpoint_type_t type, ho */ endpoint_notify_t *endpoint_notify_create_from_payload(notify_payload_t *notify) { - if (notify->get_notify_type(notify) != P2P_ENDPOINT) + if (notify->get_notify_type(notify) != ME_ENDPOINT) { return NULL; } diff --git a/src/charon/encoding/payloads/endpoint_notify.h b/src/charon/encoding/payloads/endpoint_notify.h index 9203dc8ec..88b63a636 100644 --- a/src/charon/encoding/payloads/endpoint_notify.h +++ b/src/charon/encoding/payloads/endpoint_notify.h @@ -23,21 +23,21 @@ #ifndef ENDPOINT_NOTIFY_H_ #define ENDPOINT_NOTIFY_H_ -#define P2P_PRIO_HOST 255 -#define P2P_PRIO_SERVER 100 -#define P2P_PRIO_PEER 120 -#define P2P_PRIO_RELAY 0 +#define ME_PRIO_HOST 255 +#define ME_PRIO_SERVER 100 +#define ME_PRIO_PEER 120 +#define ME_PRIO_RELAY 0 -typedef enum p2p_endpoint_family_t p2p_endpoint_family_t; -typedef enum p2p_endpoint_type_t p2p_endpoint_type_t; +typedef enum me_endpoint_family_t me_endpoint_family_t; +typedef enum me_endpoint_type_t me_endpoint_type_t; typedef struct endpoint_notify_t endpoint_notify_t; #include <encoding/payloads/notify_payload.h> /** - * P2P endpoint families. + * ME endpoint families. */ -enum p2p_endpoint_family_t { +enum me_endpoint_family_t { NO_FAMILY = 0, @@ -50,9 +50,9 @@ enum p2p_endpoint_family_t { }; /** - * P2P endpoint types. + * ME endpoint types. */ -enum p2p_endpoint_type_t { +enum me_endpoint_type_t { NO_TYPE = 0, @@ -69,12 +69,12 @@ enum p2p_endpoint_type_t { }; /** - * enum name for p2p_endpoint_type_t. + * enum name for me_endpoint_type_t. */ -extern enum_name_t *p2p_endpoint_type_names; +extern enum_name_t *me_endpoint_type_names; /** - * Class representing a P2P_ENDPOINT notify. In fact it's not + * Class representing a ME_ENDPOINT Notify payload. In fact it's not * the notify per se, but the notification data of that notify that is * handled with this class. */ @@ -98,14 +98,14 @@ struct endpoint_notify_t { * * @return endpoint type */ - p2p_endpoint_type_t (*get_type) (endpoint_notify_t *this); + me_endpoint_type_t (*get_type) (endpoint_notify_t *this); /** * Returns the endpoint family of this endpoint. * * @return endpoint family */ - p2p_endpoint_family_t (*get_family) (endpoint_notify_t *this); + me_endpoint_family_t (*get_family) (endpoint_notify_t *this); /** * Returns the host of this endpoint. @@ -160,7 +160,7 @@ endpoint_notify_t *endpoint_notify_create(void); * @param base base of the endpoint, applies only to reflexive endpoints (gets cloned) * @return created endpoint_notify_t object */ -endpoint_notify_t *endpoint_notify_create_from_host(p2p_endpoint_type_t type, +endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, host_t *host, host_t *base); /** diff --git a/src/charon/encoding/payloads/ike_header.c b/src/charon/encoding/payloads/ike_header.c index dbe0ee2a1..9cc55677f 100644 --- a/src/charon/encoding/payloads/ike_header.c +++ b/src/charon/encoding/payloads/ike_header.c @@ -105,13 +105,13 @@ ENUM_NEXT(exchange_type_names, IKE_SA_INIT, INFORMATIONAL, EXCHANGE_TYPE_UNDEFIN "IKE_AUTH", "CREATE_CHILD_SA", "INFORMATIONAL"); -#ifdef P2P -ENUM_NEXT(exchange_type_names, P2P_CONNECT, P2P_CONNECT, INFORMATIONAL, - "P2P_CONNECT"); -ENUM_END(exchange_type_names, P2P_CONNECT); +#ifdef ME +ENUM_NEXT(exchange_type_names, ME_CONNECT, ME_CONNECT, INFORMATIONAL, + "ME_CONNECT"); +ENUM_END(exchange_type_names, ME_CONNECT); #else ENUM_END(exchange_type_names, INFORMATIONAL); -#endif /* P2P */ +#endif /* ME */ /** * Encoding rules to parse or generate a IKEv2-Header. @@ -176,9 +176,9 @@ static status_t verify(private_ike_header_t *this) { if ((this->exchange_type < IKE_SA_INIT) || ((this->exchange_type > INFORMATIONAL) -#ifdef P2P - && (this->exchange_type != P2P_CONNECT) -#endif /* P2P */ +#ifdef ME + && (this->exchange_type != ME_CONNECT) +#endif /* ME */ )) { /* unsupported exchange type */ @@ -186,11 +186,11 @@ static status_t verify(private_ike_header_t *this) } if (this->initiator_spi == 0 -#ifdef P2P +#ifdef ME /* we allow zero spi for INFORMATIONAL exchanges, - * to allow P2P connectivity checks */ + * to allow connectivity checks */ && this->exchange_type != INFORMATIONAL -#endif /* P2P */ +#endif /* ME */ ) { /* initiator spi not set */ diff --git a/src/charon/encoding/payloads/ike_header.h b/src/charon/encoding/payloads/ike_header.h index d66db9374..06ee328a8 100644 --- a/src/charon/encoding/payloads/ike_header.h +++ b/src/charon/encoding/payloads/ike_header.h @@ -82,12 +82,12 @@ enum exchange_type_t{ * INFORMATIONAL. */ INFORMATIONAL = 37, -#ifdef P2P +#ifdef ME /** - * P2P_CONNECT + * ME_CONNECT */ - P2P_CONNECT = 240 -#endif /* P2P */ + ME_CONNECT = 240 +#endif /* ME */ }; /** diff --git a/src/charon/encoding/payloads/notify_payload.c b/src/charon/encoding/payloads/notify_payload.c index 0950f6b8a..975cc6d43 100644 --- a/src/charon/encoding/payloads/notify_payload.c +++ b/src/charon/encoding/payloads/notify_payload.c @@ -52,9 +52,9 @@ ENUM_NEXT(notify_type_names, SINGLE_PAIR_REQUIRED, UNEXPECTED_NAT_DETECTED, AUTH "INVALID_SELECTORS", "UNACCEPTABLE_ADDRESSES", "UNEXPECTED_NAT_DETECTED"); -ENUM_NEXT(notify_type_names, P2P_CONNECT_FAILED, P2P_CONNECT_FAILED, UNEXPECTED_NAT_DETECTED, - "P2P_CONNECT_FAILED"); -ENUM_NEXT(notify_type_names, INITIAL_CONTACT, AUTH_LIFETIME, P2P_CONNECT_FAILED, +ENUM_NEXT(notify_type_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, UNEXPECTED_NAT_DETECTED, + "ME_CONNECT_FAILED"); +ENUM_NEXT(notify_type_names, INITIAL_CONTACT, AUTH_LIFETIME, ME_CONNECT_FAILED, "INITIAL_CONTACT", "SET_WINDOW_SIZE", "ADDITIONAL_TS_POSSIBLE", @@ -79,14 +79,14 @@ ENUM_NEXT(notify_type_names, EAP_ONLY_AUTHENTICATION, EAP_ONLY_AUTHENTICATION, A "EAP_ONLY_AUTHENTICATION"); ENUM_NEXT(notify_type_names, USE_BEET_MODE, USE_BEET_MODE, EAP_ONLY_AUTHENTICATION, "USE_BEET_MODE"); -ENUM_NEXT(notify_type_names, P2P_MEDIATION, P2P_RESPONSE, USE_BEET_MODE, - "P2P_MEDIATION", - "P2P_ENDPOINT", - "P2P_CALLBACK", - "P2P_SESSIONID", - "P2P_SESSIONKEY", - "P2P_RESPONSE"); -ENUM_END(notify_type_names, P2P_RESPONSE); +ENUM_NEXT(notify_type_names, ME_MEDIATION, ME_RESPONSE, USE_BEET_MODE, + "ME_MEDIATION", + "ME_ENDPOINT", + "ME_CALLBACK", + "ME_CONNECTID", + "ME_CONNECTKEY", + "ME_RESPONSE"); +ENUM_END(notify_type_names, ME_RESPONSE); ENUM_BEGIN(notify_type_short_names, UNSUPPORTED_CRITICAL_PAYLOAD, UNSUPPORTED_CRITICAL_PAYLOAD, @@ -115,9 +115,9 @@ ENUM_NEXT(notify_type_short_names, SINGLE_PAIR_REQUIRED, UNEXPECTED_NAT_DETECTED "INVAL_SEL", "UNACCEPT_ADDR", "UNEXPECT_NAT"); -ENUM_NEXT(notify_type_short_names, P2P_CONNECT_FAILED, P2P_CONNECT_FAILED, UNEXPECTED_NAT_DETECTED, - "P2P_CONN_FAIL"); -ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, AUTH_LIFETIME, P2P_CONNECT_FAILED, +ENUM_NEXT(notify_type_short_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, UNEXPECTED_NAT_DETECTED, + "ME_CONN_FAIL"); +ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, AUTH_LIFETIME, ME_CONNECT_FAILED, "INIT_CONTACT", "SET_WINSIZE", "ADD_TS_POSS", @@ -142,14 +142,14 @@ ENUM_NEXT(notify_type_short_names, EAP_ONLY_AUTHENTICATION, EAP_ONLY_AUTHENTICAT "EAP_ONLY"); ENUM_NEXT(notify_type_short_names, USE_BEET_MODE, USE_BEET_MODE, EAP_ONLY_AUTHENTICATION, "BEET_MODE"); -ENUM_NEXT(notify_type_short_names, P2P_MEDIATION, P2P_RESPONSE, USE_BEET_MODE, - "P2P_MED", - "P2P_EP", - "P2P_CB", - "P2P_SID", - "P2P_SKEY", - "P2P_R"); -ENUM_END(notify_type_short_names, P2P_RESPONSE); +ENUM_NEXT(notify_type_short_names, ME_MEDIATION, ME_RESPONSE, USE_BEET_MODE, + "ME_MED", + "ME_EP", + "ME_CB", + "ME_CID", + "ME_CKEY", + "ME_R"); +ENUM_END(notify_type_short_names, ME_RESPONSE); typedef struct private_notify_payload_t private_notify_payload_t; @@ -329,7 +329,7 @@ static status_t verify(private_notify_payload_t *this) } break; } - /* FIXME: check size of P2P-NAT-T payloads */ + /* FIXME: check size of IKE-ME payloads */ default: /* TODO: verify */ break; diff --git a/src/charon/encoding/payloads/notify_payload.h b/src/charon/encoding/payloads/notify_payload.h index 2f147c929..5677bb563 100644 --- a/src/charon/encoding/payloads/notify_payload.h +++ b/src/charon/encoding/payloads/notify_payload.h @@ -63,8 +63,8 @@ enum notify_type_t { INVALID_SELECTORS = 39, UNACCEPTABLE_ADDRESSES = 40, UNEXPECTED_NAT_DETECTED = 41, - /* P2P-NAT-T, private use */ - P2P_CONNECT_FAILED = 8192, + /* IKE-ME, private use */ + ME_CONNECT_FAILED = 8192, /* notify status messages */ INITIAL_CONTACT = 16384, @@ -93,13 +93,13 @@ enum notify_type_t { EAP_ONLY_AUTHENTICATION = 40960, /* BEET mode, not even a draft yet. private use */ USE_BEET_MODE = 40961, - /* P2P-NAT-T, private use */ - P2P_MEDIATION = 40962, - P2P_ENDPOINT = 40963, - P2P_CALLBACK = 40964, - P2P_SESSIONID = 40965, - P2P_SESSIONKEY = 40966, - P2P_RESPONSE = 40967 + /* IKE-ME, private use */ + ME_MEDIATION = 40962, + ME_ENDPOINT = 40963, + ME_CALLBACK = 40964, + ME_CONNECTID = 40965, + ME_CONNECTKEY = 40966, + ME_RESPONSE = 40967 }; /** diff --git a/src/charon/encoding/payloads/payload.c b/src/charon/encoding/payloads/payload.c index 6e6a6e281..032de6e56 100644 --- a/src/charon/encoding/payloads/payload.c +++ b/src/charon/encoding/payloads/payload.c @@ -58,13 +58,13 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, N "ENCRYPTED", "CONFIGURATION", "EXTENSIBLE_AUTHENTICATION"); -#ifdef P2P +#ifdef ME ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION, "ID_PEER"); ENUM_NEXT(payload_type_names, HEADER, UNKNOWN_PAYLOAD, ID_PEER, #else ENUM_NEXT(payload_type_names, HEADER, UNKNOWN_PAYLOAD, EXTENSIBLE_AUTHENTICATION, -#endif /* P2P */ +#endif /* ME */ "HEADER", "PROPOSAL_SUBSTRUCTURE", "TRANSFORM_SUBSTRUCTURE", @@ -94,13 +94,13 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICAT "E", "CP", "EAP"); -#ifdef P2P +#ifdef ME ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION, "IDp"); ENUM_NEXT(payload_type_short_names, HEADER, UNKNOWN_PAYLOAD, ID_PEER, #else ENUM_NEXT(payload_type_short_names, HEADER, UNKNOWN_PAYLOAD, EXTENSIBLE_AUTHENTICATION, -#endif /* P2P */ +#endif /* ME */ "HDR", "PROP", "TRANS", @@ -133,10 +133,10 @@ payload_t *payload_create(payload_type_t type) return (payload_t*)id_payload_create(ID_INITIATOR); case ID_RESPONDER: return (payload_t*)id_payload_create(ID_RESPONDER); -#ifdef P2P +#ifdef ME case ID_PEER: return (payload_t*)id_payload_create(ID_PEER); -#endif /* P2P */ +#endif /* ME */ case AUTHENTICATION: return (payload_t*)auth_payload_create(); case CERTIFICATE: diff --git a/src/charon/encoding/payloads/payload.h b/src/charon/encoding/payloads/payload.h index a2c6e296d..28499eb3f 100644 --- a/src/charon/encoding/payloads/payload.h +++ b/src/charon/encoding/payloads/payload.h @@ -125,13 +125,13 @@ enum payload_type_t{ */ EXTENSIBLE_AUTHENTICATION = 48, -#ifdef P2P +#ifdef ME /** - * Identification payload for peers in P2P-NAT-T has a value from + * Identification payload for peers has a value from * the PRIVATE USE space. */ ID_PEER = 128, -#endif /* P2P */ +#endif /* ME */ /** * Header has a value of PRIVATE USE space. diff --git a/src/charon/plugins/stroke/stroke_config.c b/src/charon/plugins/stroke/stroke_config.c index 8c149d080..ef8ceed91 100644 --- a/src/charon/plugins/stroke/stroke_config.c +++ b/src/charon/plugins/stroke/stroke_config.c @@ -375,8 +375,8 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, } -#ifdef P2P - if (msg->add_conn.p2p.mediation && msg->add_conn.p2p.mediated_by) +#ifdef ME + if (msg->add_conn.ikeme.mediation && msg->add_conn.ikeme.mediated_by) { DBG1(DBG_CFG, "a mediation connection cannot be a" " mediated connection at the same time, aborting"); @@ -385,14 +385,14 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, return NULL; } - if (msg->add_conn.p2p.mediated_by) + if (msg->add_conn.ikeme.mediated_by) { mediated_by = charon->backends->get_peer_cfg_by_name(charon->backends, - msg->add_conn.p2p.mediated_by); + msg->add_conn.ikeme.mediated_by); if (!mediated_by) { DBG1(DBG_CFG, "mediation connection '%s' not found, aborting", - msg->add_conn.p2p.mediated_by); + msg->add_conn.ikeme.mediated_by); me->destroy(me); other->destroy(other); return NULL; @@ -402,7 +402,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, { DBG1(DBG_CFG, "connection '%s' as referred to by '%s' is" "no mediation connection, aborting", - msg->add_conn.p2p.mediated_by, msg->add_conn.name); + msg->add_conn.ikeme.mediated_by, msg->add_conn.name); mediated_by->destroy(mediated_by); me->destroy(me); other->destroy(other); @@ -410,12 +410,12 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, } } - if (msg->add_conn.p2p.peerid) + if (msg->add_conn.ikeme.peerid) { - peer_id = identification_create_from_string(msg->add_conn.p2p.peerid); + peer_id = identification_create_from_string(msg->add_conn.ikeme.peerid); if (!peer_id) { - DBG1(DBG_CFG, "invalid peer ID: %s\n", msg->add_conn.p2p.peerid); + DBG1(DBG_CFG, "invalid peer ID: %s\n", msg->add_conn.ikeme.peerid); mediated_by->destroy(mediated_by); me->destroy(me); other->destroy(other); @@ -427,7 +427,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, /* no peer ID supplied, assume right ID */ peer_id = other->clone(other); } -#endif /* P2P */ +#endif /* ME */ if (msg->add_conn.me.cert) { @@ -471,7 +471,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, msg->add_conn.eap_type, msg->add_conn.eap_vendor, msg->add_conn.rekey.tries, rekey, reauth, jitter, over, msg->add_conn.mobike, msg->add_conn.dpd.delay, msg->add_conn.dpd.action, - my_vip, other_vip, msg->add_conn.p2p.mediation, mediated_by, peer_id); + my_vip, other_vip, msg->add_conn.ikeme.mediation, mediated_by, peer_id); } /** diff --git a/src/charon/plugins/stroke/stroke_socket.c b/src/charon/plugins/stroke/stroke_socket.c index eda64be12..60ea3019c 100644 --- a/src/charon/plugins/stroke/stroke_socket.c +++ b/src/charon/plugins/stroke/stroke_socket.c @@ -166,11 +166,11 @@ static void stroke_add_conn(private_stroke_socket_t *this, stroke_msg_t *msg) pop_string(msg, &msg->add_conn.algorithms.esp); DBG2(DBG_CFG, " ike=%s", msg->add_conn.algorithms.ike); DBG2(DBG_CFG, " esp=%s", msg->add_conn.algorithms.esp); - pop_string(msg, &msg->add_conn.p2p.mediated_by); - pop_string(msg, &msg->add_conn.p2p.peerid); - DBG2(DBG_CFG, " p2p_mediation=%s", msg->add_conn.p2p.mediation ? "yes" : "no"); - DBG2(DBG_CFG, " p2p_mediated_by=%s", msg->add_conn.p2p.mediated_by); - DBG2(DBG_CFG, " p2p_peerid=%s", msg->add_conn.p2p.peerid); + pop_string(msg, &msg->add_conn.ikeme.mediated_by); + pop_string(msg, &msg->add_conn.ikeme.peerid); + DBG2(DBG_CFG, " p2p_mediation=%s", msg->add_conn.ikeme.mediation ? "yes" : "no"); + DBG2(DBG_CFG, " p2p_mediated_by=%s", msg->add_conn.ikeme.mediated_by); + DBG2(DBG_CFG, " p2p_peerid=%s", msg->add_conn.ikeme.peerid); this->config->add(this->config, msg); } diff --git a/src/charon/processing/jobs/mediation_job.c b/src/charon/processing/jobs/mediation_job.c index 6f3e004c6..5894b6aab 100644 --- a/src/charon/processing/jobs/mediation_job.c +++ b/src/charon/processing/jobs/mediation_job.c @@ -43,14 +43,14 @@ struct private_mediation_job_t { identification_t *source; /** - * P2P_SESSIONID + * ME_CONNECTID */ - chunk_t session_id; + chunk_t connect_id; /** - * P2P_SESSIONKEY + * ME_CONNECTKEY */ - chunk_t session_key; + chunk_t connect_key; /** * Submitted endpoints @@ -75,8 +75,8 @@ static void destroy(private_mediation_job_t *this) { DESTROY_IF(this->target); DESTROY_IF(this->source); - chunk_free(&this->session_id); - chunk_free(&this->session_key); + chunk_free(&this->connect_id); + chunk_free(&this->connect_key); DESTROY_OFFSET_IF(this->endpoints, offsetof(endpoint_notify_t, destroy)); free(this); } @@ -111,8 +111,8 @@ static void execute(private_mediation_job_t *this) else { /* normal mediation between two peers */ - if (target_sa->relay(target_sa, this->source, this->session_id, - this->session_key, this->endpoints, this->response) != SUCCESS) + if (target_sa->relay(target_sa, this->source, this->connect_id, + this->connect_key, this->endpoints, this->response) != SUCCESS) { DBG1(DBG_JOB, "mediation between '%D' and '%D' failed", this->source, this->target); @@ -154,8 +154,8 @@ static private_mediation_job_t *mediation_job_create_empty() this->target = NULL; this->source = NULL; this->callback = FALSE; - this->session_id = chunk_empty; - this->session_key = chunk_empty; + this->connect_id = chunk_empty; + this->connect_key = chunk_empty; this->endpoints = NULL; this->response = FALSE; @@ -166,15 +166,15 @@ static private_mediation_job_t *mediation_job_create_empty() * Described in header */ mediation_job_t *mediation_job_create(identification_t *peer_id, - identification_t *requester, chunk_t session_id, chunk_t session_key, + identification_t *requester, chunk_t connect_id, chunk_t connect_key, linked_list_t *endpoints, bool response) { private_mediation_job_t *this = mediation_job_create_empty(); this->target = peer_id->clone(peer_id); this->source = requester->clone(requester); - this->session_id = chunk_clone(session_id); - this->session_key = chunk_clone(session_key); + this->connect_id = chunk_clone(connect_id); + this->connect_key = chunk_clone(connect_key); this->endpoints = endpoints->clone_offset(endpoints, offsetof(endpoint_notify_t, clone)); this->response = response; diff --git a/src/charon/processing/jobs/mediation_job.h b/src/charon/processing/jobs/mediation_job.h index 8bf8a7e63..83f135611 100644 --- a/src/charon/processing/jobs/mediation_job.h +++ b/src/charon/processing/jobs/mediation_job.h @@ -49,14 +49,14 @@ struct mediation_job_t { * * @param peer_id ID of the requested peer * @param requester ID of the requesting peer - * @param session_id content of P2P_SESSIONID (could be NULL) - * @param session_key content of P2P_SESSIONKEY + * @param connect_id content of ME_CONNECTID (could be NULL) + * @param connect_key content of ME_CONNECTKEY * @param endpoints list of submitted endpoints * @param response TRUE if this is a response * @return job object */ mediation_job_t *mediation_job_create(identification_t *peer_id, - identification_t *requester, chunk_t session_id, chunk_t session_key, + identification_t *requester, chunk_t connect_id, chunk_t connect_key, linked_list_t *endpoints, bool response); diff --git a/src/charon/processing/jobs/process_message_job.c b/src/charon/processing/jobs/process_message_job.c index 9d7ab04f3..b4fb2baaf 100644 --- a/src/charon/processing/jobs/process_message_job.c +++ b/src/charon/processing/jobs/process_message_job.c @@ -53,7 +53,7 @@ static void execute(private_process_message_job_t *this) { ike_sa_t *ike_sa; -#ifdef P2P +#ifdef ME /* if this is an unencrypted INFORMATIONAL exchange it is likely a * connectivity check. */ if (this->message->get_exchange_type(this->message) == INFORMATIONAL && @@ -68,7 +68,7 @@ static void execute(private_process_message_job_t *this) destroy(this); return; } -#endif /* P2P */ +#endif /* ME */ ike_sa = charon->ike_sa_manager->checkout_by_message(charon->ike_sa_manager, this->message); diff --git a/src/charon/sa/connect_manager.c b/src/charon/sa/connect_manager.c index fa5be96ec..c0f49713e 100644 --- a/src/charon/sa/connect_manager.c +++ b/src/charon/sa/connect_manager.c @@ -29,13 +29,13 @@ #include <encoding/payloads/endpoint_notify.h> /* base timeout - * the sending interval is P2P_INTERVAL * active checklists (N) - * retransmission timeout is P2P_INTERVAL * N * checks in waiting state (NW) */ -#define P2P_INTERVAL 20 /* ms */ -/* min retransmission timeout (RTO is P2P_INTERVAL * N * checks in waiting state) */ -#define P2P_RTO_MIN 100 /* ms */ + * the sending interval is ME_INTERVAL * active checklists (N) + * retransmission timeout is ME_INTERVAL * N * checks in waiting state (NW) */ +#define ME_INTERVAL 20 /* ms */ +/* min retransmission timeout (RTO is ME_INTERVAL * N * checks in waiting state) */ +#define ME_RTO_MIN 100 /* ms */ /* max number of retransmissions (+ the initial check) */ -#define P2P_MAX_RETRANS 2 +#define ME_MAX_RETRANS 2 typedef struct private_connect_manager_t private_connect_manager_t; @@ -65,7 +65,7 @@ struct private_connect_manager_t { linked_list_t *initiated; /** - * Linked list with checklists (hash table with session ID as key would be better). + * Linked list with checklists (hash table with connect ID as key would be better). */ linked_list_t *checklists; }; @@ -175,8 +175,8 @@ struct check_list_t { linked_list_t *endpoints; } responder; - /** session id */ - chunk_t session_id; + /** connect id */ + chunk_t connect_id; /** list of endpoint pairs */ linked_list_t *pairs; @@ -200,7 +200,7 @@ static void check_list_destroy(check_list_t *this) DESTROY_IF(this->initiator.id); DESTROY_IF(this->responder.id); - chunk_free(&this->session_id); + chunk_free(&this->connect_id); chunk_free(&this->initiator.key); chunk_free(&this->responder.key); @@ -218,12 +218,12 @@ static void check_list_destroy(check_list_t *this) * Creates a new checklist */ static check_list_t *check_list_create(identification_t *initiator, identification_t *responder, - chunk_t session_id, chunk_t initiator_key, linked_list_t *initiator_endpoints, + chunk_t connect_id, chunk_t initiator_key, linked_list_t *initiator_endpoints, bool is_initiator) { check_list_t *this = malloc_thing(check_list_t); - this->session_id = chunk_clone(session_id); + this->connect_id = chunk_clone(connect_id); this->initiator.id = initiator->clone(initiator); this->initiator.key = chunk_clone(initiator_key); @@ -335,8 +335,8 @@ struct check_t { /** destination of the connectivity check */ host_t *dst; - /** session id */ - chunk_t session_id; + /** connect id */ + chunk_t connect_id; /** endpoint */ endpoint_notify_t *endpoint; @@ -353,7 +353,7 @@ struct check_t { */ static void check_destroy(check_t *this) { - chunk_free(&this->session_id); + chunk_free(&this->connect_id); chunk_free(&this->endpoint_raw); chunk_free(&this->cookie); DESTROY_IF(this->endpoint); @@ -367,7 +367,7 @@ static check_t *check_create() { check_t *this = malloc_thing(check_t); - this->session_id = chunk_empty; + this->connect_id = chunk_empty; this->cookie = chunk_empty; this->endpoint_raw = chunk_empty; this->endpoint = NULL; @@ -386,8 +386,8 @@ struct sender_data_t { /** connect manager */ private_connect_manager_t *connect_manager; - /** session id */ - chunk_t session_id; + /** connect id */ + chunk_t connect_id; }; /** @@ -395,18 +395,18 @@ struct sender_data_t { */ static void sender_data_destroy(sender_data_t *this) { - chunk_free(&this->session_id); + chunk_free(&this->connect_id); free(this); } /** * Creates a new sender data object */ -static sender_data_t *sender_data_create(private_connect_manager_t *connect_manager, chunk_t session_id) +static sender_data_t *sender_data_create(private_connect_manager_t *connect_manager, chunk_t connect_id) { sender_data_t *this = malloc_thing(sender_data_t); this->connect_manager = connect_manager; - this->session_id = session_id; + this->connect_id = connect_id; return this; } @@ -419,8 +419,8 @@ struct retransmit_data_t { /** connect manager */ private_connect_manager_t *connect_manager; - /** session id */ - chunk_t session_id; + /** connect id */ + chunk_t connect_id; /** message (pair) id */ u_int32_t mid; @@ -431,7 +431,7 @@ struct retransmit_data_t { */ static void retransmit_data_destroy(retransmit_data_t *this) { - chunk_free(&this->session_id); + chunk_free(&this->connect_id); free(this); } @@ -439,12 +439,12 @@ static void retransmit_data_destroy(retransmit_data_t *this) * Creates a new retransmission data object */ static retransmit_data_t *retransmit_data_create(private_connect_manager_t *connect_manager, - chunk_t session_id, u_int32_t mid) + chunk_t connect_id, u_int32_t mid) { retransmit_data_t *this = malloc_thing(retransmit_data_t); this->connect_manager = connect_manager; - this->session_id = session_id; + this->connect_id = connect_id; this->mid = mid; return this; @@ -539,19 +539,19 @@ static status_t get_waiting_sa(initiated_t *initiated, ike_sa_id_t *ike_sa_id, w } /** - * Find the checklist with a specific session ID + * Find the checklist with a specific connect ID */ -static bool match_checklist_by_id(check_list_t *current, chunk_t *session_id) +static bool match_checklist_by_id(check_list_t *current, chunk_t *connect_id) { - return chunk_equals(*session_id, current->session_id); + return chunk_equals(*connect_id, current->connect_id); } static status_t get_checklist_by_id(private_connect_manager_t *this, - chunk_t session_id, check_list_t **check_list) + chunk_t connect_id, check_list_t **check_list) { return this->checklists->find_first(this->checklists, (linked_list_match_t)match_checklist_by_id, - (void**)check_list, &session_id); + (void**)check_list, &connect_id); } /** @@ -833,34 +833,34 @@ static status_t process_payloads(message_t *message, check_t *check) switch (notify->get_notify_type(notify)) { - case P2P_ENDPOINT: + case ME_ENDPOINT: { if (check->endpoint) { - DBG1(DBG_IKE, "connectivity check contains multiple P2P_ENDPOINT notifies"); + DBG1(DBG_IKE, "connectivity check contains multiple ME_ENDPOINT notifies"); break; } endpoint_notify_t *endpoint = endpoint_notify_create_from_payload(notify); if (!endpoint) { - DBG1(DBG_IKE, "received invalid P2P_ENDPOINT notify"); + DBG1(DBG_IKE, "received invalid ME_ENDPOINT notify"); break; } check->endpoint = endpoint; check->endpoint_raw = chunk_clone(notify->get_notification_data(notify)); - DBG2(DBG_IKE, "received P2P_ENDPOINT notify"); + DBG2(DBG_IKE, "received ME_ENDPOINT notify"); break; } - case P2P_SESSIONID: + case ME_CONNECTID: { - if (check->session_id.ptr) + if (check->connect_id.ptr) { - DBG1(DBG_IKE, "connectivity check contains multiple P2P_SESSIONID notifies"); + DBG1(DBG_IKE, "connectivity check contains multiple ME_CONNECTID notifies"); break; } - check->session_id = chunk_clone(notify->get_notification_data(notify)); - DBG2(DBG_IKE, "received P2P_SESSIONID %#B", &check->session_id); + check->connect_id = chunk_clone(notify->get_notification_data(notify)); + DBG2(DBG_IKE, "received ME_CONNECTID %#B", &check->connect_id); break; } case COOKIE: @@ -880,7 +880,7 @@ static status_t process_payloads(message_t *message, check_t *check) } iterator->destroy(iterator); - if (!check->session_id.ptr || !check->endpoint || !check->cookie.ptr) + if (!check->connect_id.ptr || !check->endpoint || !check->cookie.ptr) { DBG1(DBG_IKE, "at least one payload was missing from the connectivity check"); return FAILED; @@ -903,8 +903,8 @@ static chunk_t build_signature(private_connect_manager_t *this, key_chunk = (checklist->is_initiator && outbound) || (!checklist->is_initiator && !outbound) ? checklist->initiator.key : checklist->responder.key; - /* signature = SHA1( MID | P2P_SESSIONID | P2P_ENDPOINT | P2P_SESSIONKEY ) */ - sig_chunk = chunk_cat("cccc", mid_chunk, check->session_id, check->endpoint_raw, key_chunk); + /* signature = SHA1( MID | ME_CONNECTID | ME_ENDPOINT | ME_CONNECTKEY ) */ + sig_chunk = chunk_cat("cccc", mid_chunk, check->connect_id, check->endpoint_raw, key_chunk); this->hasher->allocate_hash(this->hasher, sig_chunk, &sig_hash); DBG3(DBG_IKE, "sig_chunk %B", &sig_chunk); DBG3(DBG_IKE, "sig_hash %B", &sig_hash); @@ -913,7 +913,7 @@ static chunk_t build_signature(private_connect_manager_t *this, return sig_hash; } -static void queue_retransmission(private_connect_manager_t *this, chunk_t session_id, u_int32_t mid); +static void queue_retransmission(private_connect_manager_t *this, chunk_t connect_id, u_int32_t mid); static void schedule_checks(private_connect_manager_t *this, check_list_t *checklist, u_int32_t time); static void finish_checks(private_connect_manager_t *this, check_list_t *checklist); @@ -927,10 +927,10 @@ static job_requeue_t retransmit(retransmit_data_t *data) pthread_mutex_lock(&(this->mutex)); check_list_t *checklist; - if (get_checklist_by_id(this, data->session_id, &checklist) != SUCCESS) + if (get_checklist_by_id(this, data->connect_id, &checklist) != SUCCESS) { DBG1(DBG_IKE, "checklist with id '%B' not found, can't retransmit connectivity check", - &data->session_id); + &data->connect_id); pthread_mutex_unlock(&(this->mutex)); return JOB_REQUEUE_NONE; } @@ -950,7 +950,7 @@ static job_requeue_t retransmit(retransmit_data_t *data) goto retransmit_end; } - if (++pair->retransmitted >= P2P_MAX_RETRANS) + if (++pair->retransmitted >= ME_MAX_RETRANS) { DBG2(DBG_IKE, "pair with id '%d' failed after %d tries", data->mid, pair->retransmitted); @@ -960,7 +960,7 @@ static job_requeue_t retransmit(retransmit_data_t *data) charon->sender->send(charon->sender, pair->packet->clone(pair->packet)); - queue_retransmission(this, checklist->session_id, pair->id); + queue_retransmission(this, checklist->connect_id, pair->id); retransmit_end: update_checklist_state(checklist); @@ -984,11 +984,11 @@ retransmit_end: /** * Queues a retransmission job */ -static void queue_retransmission(private_connect_manager_t *this, chunk_t session_id, u_int32_t mid) +static void queue_retransmission(private_connect_manager_t *this, chunk_t connect_id, u_int32_t mid) { - retransmit_data_t *data = retransmit_data_create(this, chunk_clone(session_id), mid); + retransmit_data_t *data = retransmit_data_create(this, chunk_clone(connect_id), mid); job_t *job = (job_t*)callback_job_create((callback_job_cb_t)retransmit, data, (callback_job_cleanup_t)retransmit_data_destroy, NULL); - charon->scheduler->schedule_job(charon->scheduler, (job_t*)job, P2P_RTO_MIN); + charon->scheduler->schedule_job(charon->scheduler, (job_t*)job, ME_RTO_MIN); } /** @@ -1006,13 +1006,13 @@ static void send_check(private_connect_manager_t *this, check_list_t *checklist, message->set_ike_sa_id(message, ike_sa_id_create(0, 0, request)); - message->add_notify(message, FALSE, P2P_SESSIONID, check->session_id); - DBG2(DBG_IKE, "send P2P_SESSIONID %#B", &check->session_id); + message->add_notify(message, FALSE, ME_CONNECTID, check->connect_id); + DBG2(DBG_IKE, "send ME_CONNECTID %#B", &check->connect_id); notify_payload_t *endpoint = check->endpoint->build_notify(check->endpoint); check->endpoint_raw = chunk_clone(endpoint->get_notification_data(endpoint)); message->add_payload(message, (payload_t*)endpoint); - DBG2(DBG_IKE, "send P2P_ENDPOINT notify"); + DBG2(DBG_IKE, "send ME_ENDPOINT notify"); check->cookie = build_signature(this, checklist, check, TRUE); message->add_notify(message, FALSE, COOKIE, check->cookie); @@ -1027,7 +1027,7 @@ static void send_check(private_connect_manager_t *this, check_list_t *checklist, { DESTROY_IF(pair->packet); pair->packet = packet; - queue_retransmission(this, checklist->session_id, pair->id); + queue_retransmission(this, checklist->connect_id, pair->id); } else { @@ -1055,10 +1055,10 @@ static job_requeue_t sender(sender_data_t *data) pthread_mutex_lock(&(this->mutex)); check_list_t *checklist; - if (get_checklist_by_id(this, data->session_id, &checklist) != SUCCESS) + if (get_checklist_by_id(this, data->connect_id, &checklist) != SUCCESS) { DBG1(DBG_IKE, "checklist with id '%B' not found, can't send connectivity check", - &data->session_id); + &data->connect_id); pthread_mutex_unlock(&(this->mutex)); return JOB_REQUEUE_NONE; } @@ -1085,7 +1085,7 @@ static job_requeue_t sender(sender_data_t *data) check->mid = pair->id; check->src = pair->local->clone(pair->local); check->dst = pair->remote->clone(pair->remote); - check->session_id = chunk_clone(checklist->session_id); + check->connect_id = chunk_clone(checklist->connect_id); check->endpoint = endpoint_notify_create(); pair->state = CHECK_IN_PROGRESS; @@ -1096,7 +1096,7 @@ static job_requeue_t sender(sender_data_t *data) /* schedule this job again */ u_int32_t N = this->checklists->get_count(this->checklists); - schedule_checks(this, checklist, P2P_INTERVAL * N); + schedule_checks(this, checklist, ME_INTERVAL * N); pthread_mutex_unlock(&(this->mutex)); @@ -1109,8 +1109,8 @@ static job_requeue_t sender(sender_data_t *data) */ static void schedule_checks(private_connect_manager_t *this, check_list_t *checklist, u_int32_t time) { - chunk_t session_id = chunk_clone(checklist->session_id); - sender_data_t *data = sender_data_create(this, session_id); + chunk_t connect_id = chunk_clone(checklist->connect_id); + sender_data_t *data = sender_data_create(this, connect_id); job_t *job = (job_t*)callback_job_create((callback_job_cb_t)sender, data, (callback_job_cleanup_t)sender_data_destroy, NULL); charon->scheduler->schedule_job(charon->scheduler, job, time); } @@ -1251,7 +1251,7 @@ static void process_request(private_connect_manager_t *this, check_t *check, { case CHECK_IN_PROGRESS: /* prevent retransmissions */ - pair->retransmitted = P2P_MAX_RETRANS; + pair->retransmitted = ME_MAX_RETRANS; /* FIXME: we should wait to the next rto to send the triggered check * fall-through */ case CHECK_WAITING: @@ -1286,7 +1286,7 @@ static void process_request(private_connect_manager_t *this, check_t *check, response->mid = check->mid; response->src = check->dst->clone(check->dst); response->dst = check->src->clone(check->src); - response->session_id = chunk_clone(check->session_id); + response->connect_id = chunk_clone(check->connect_id); response->endpoint = peer_reflexive; send_check(this, checklist, response, pair, FALSE); @@ -1324,10 +1324,10 @@ static void process_check(private_connect_manager_t *this, message_t *message) pthread_mutex_lock(&(this->mutex)); check_list_t *checklist; - if (get_checklist_by_id(this, check->session_id, &checklist) != SUCCESS) + if (get_checklist_by_id(this, check->connect_id, &checklist) != SUCCESS) { DBG1(DBG_IKE, "checklist with id '%B' not found", - &check->session_id); + &check->connect_id); check_destroy(check); pthread_mutex_unlock(&(this->mutex)); return; @@ -1427,21 +1427,21 @@ static void check_and_initiate(private_connect_manager_t *this, ike_sa_id_t *med */ static status_t set_initiator_data(private_connect_manager_t *this, identification_t *initiator, identification_t *responder, - chunk_t session_id, chunk_t key, linked_list_t *endpoints, bool is_initiator) + chunk_t connect_id, chunk_t key, linked_list_t *endpoints, bool is_initiator) { check_list_t *checklist; pthread_mutex_lock(&(this->mutex)); - if (get_checklist_by_id(this, session_id, NULL) == SUCCESS) + if (get_checklist_by_id(this, connect_id, NULL) == SUCCESS) { DBG1(DBG_IKE, "checklist with id '%B' already exists, aborting", - &session_id); + &connect_id); pthread_mutex_unlock(&(this->mutex)); return FAILED; } - checklist = check_list_create(initiator, responder, session_id, key, endpoints, is_initiator); + checklist = check_list_create(initiator, responder, connect_id, key, endpoints, is_initiator); this->checklists->insert_last(this->checklists, checklist); pthread_mutex_unlock(&(this->mutex)); @@ -1453,16 +1453,16 @@ static status_t set_initiator_data(private_connect_manager_t *this, * Implementation of connect_manager_t.set_responder_data. */ static status_t set_responder_data(private_connect_manager_t *this, - chunk_t session_id, chunk_t key, linked_list_t *endpoints) + chunk_t connect_id, chunk_t key, linked_list_t *endpoints) { check_list_t *checklist; pthread_mutex_lock(&(this->mutex)); - if (get_checklist_by_id(this, session_id, &checklist) != SUCCESS) + if (get_checklist_by_id(this, connect_id, &checklist) != SUCCESS) { DBG1(DBG_IKE, "checklist with id '%B' not found", - &session_id); + &connect_id); pthread_mutex_unlock(&(this->mutex)); return NOT_FOUND; } diff --git a/src/charon/sa/connect_manager.h b/src/charon/sa/connect_manager.h index c1a443557..2f121c123 100644 --- a/src/charon/sa/connect_manager.h +++ b/src/charon/sa/connect_manager.h @@ -67,7 +67,7 @@ struct connect_manager_t { * * @param initiator ID of the initiator * @param responder ID of the responder - * @param session_id the session ID provided by the initiator + * @param connect_id the connect ID provided by the initiator * @param key the initiator's key * @param endpoints the initiator's endpoints * @param is_initiator TRUE, if the caller of this method is the initiator @@ -76,13 +76,13 @@ struct connect_manager_t { */ status_t (*set_initiator_data) (connect_manager_t *this, identification_t *initiator, identification_t *responder, - chunk_t session_id, chunk_t key, linked_list_t *endpoints, bool is_initiator); + chunk_t connect_id, chunk_t key, linked_list_t *endpoints, bool is_initiator); /** * Updates a checklist and sets the responder's data. The checklist's * state is advanced to WAITING which means that checks will be sent. * - * @param session_id the session ID + * @param connect_id the connect ID * @param chunk_t the responder's key * @param endpoints the responder's endpoints * @returns @@ -90,7 +90,7 @@ struct connect_manager_t { * - SUCCESS, otherwise */ status_t (*set_responder_data) (connect_manager_t *this, - chunk_t session_id, chunk_t key, linked_list_t *endpoints); + chunk_t connect_id, chunk_t key, linked_list_t *endpoints); /** diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c index 33537bc74..da5f0e0aa 100644 --- a/src/charon/sa/ike_sa.c +++ b/src/charon/sa/ike_sa.c @@ -63,8 +63,8 @@ #include <processing/jobs/send_keepalive_job.h> #include <processing/jobs/rekey_ike_sa_job.h> -#ifdef P2P -#include <sa/tasks/ike_p2p.h> +#ifdef ME +#include <sa/tasks/ike_me.h> #include <processing/jobs/initiate_mediation_job.h> #endif @@ -142,12 +142,12 @@ struct private_ike_sa_t { */ host_t *other_host; -#ifdef P2P +#ifdef ME /** * Server reflexive host */ host_t *server_reflexive_host; -#endif /* P2P */ +#endif /* ME */ /** * Identification used for us @@ -924,7 +924,7 @@ static void send_notify_response(private_ike_sa_t *this, message_t *request, response->destroy(response); } -#ifdef P2P +#ifdef ME /** * Implementation of ike_sa_t.get_server_reflexive_host. */ @@ -946,10 +946,10 @@ static void set_server_reflexive_host(private_ike_sa_t *this, host_t *host) * Implementation of ike_sa_t.respond */ static status_t respond(private_ike_sa_t *this, identification_t *peer_id, - chunk_t session_id) + chunk_t connect_id) { - ike_p2p_t *task = ike_p2p_create(&this->public, TRUE); - task->respond(task, peer_id, session_id); + ike_me_t *task = ike_me_create(&this->public, TRUE); + task->respond(task, peer_id, connect_id); this->task_manager->queue_task(this->task_manager, (task_t*)task); return this->task_manager->initiate(this->task_manager); } @@ -959,7 +959,7 @@ static status_t respond(private_ike_sa_t *this, identification_t *peer_id, */ static status_t callback(private_ike_sa_t *this, identification_t *peer_id) { - ike_p2p_t *task = ike_p2p_create(&this->public, TRUE); + ike_me_t *task = ike_me_create(&this->public, TRUE); task->callback(task, peer_id); this->task_manager->queue_task(this->task_manager, (task_t*)task); return this->task_manager->initiate(this->task_manager); @@ -969,10 +969,10 @@ static status_t callback(private_ike_sa_t *this, identification_t *peer_id) * Implementation of ike_sa_t.relay */ static status_t relay(private_ike_sa_t *this, identification_t *requester, - chunk_t session_id, chunk_t session_key, linked_list_t *endpoints, bool response) + chunk_t connect_id, chunk_t connect_key, linked_list_t *endpoints, bool response) { - ike_p2p_t *task = ike_p2p_create(&this->public, TRUE); - task->relay(task, requester, session_id, session_key, endpoints, response); + ike_me_t *task = ike_me_create(&this->public, TRUE); + task->relay(task, requester, connect_id, connect_key, endpoints, response); this->task_manager->queue_task(this->task_manager, (task_t*)task); return this->task_manager->initiate(this->task_manager); } @@ -982,7 +982,7 @@ static status_t relay(private_ike_sa_t *this, identification_t *requester, */ static status_t initiate_mediation(private_ike_sa_t *this, peer_cfg_t *mediated_cfg) { - ike_p2p_t *task = ike_p2p_create(&this->public, TRUE); + ike_me_t *task = ike_me_create(&this->public, TRUE); task->connect(task, mediated_cfg->get_peer_id(mediated_cfg)); this->task_manager->queue_task(this->task_manager, (task_t*)task); return this->task_manager->initiate(this->task_manager); @@ -1008,7 +1008,7 @@ static status_t initiate_mediated(private_ike_sa_t *this, host_t *me, host_t *ot iterator->destroy(iterator); return this->task_manager->initiate(this->task_manager); } -#endif /* P2P */ +#endif /* ME */ /** * Implementation of ike_sa_t.initiate. @@ -1020,9 +1020,9 @@ static status_t initiate(private_ike_sa_t *this, child_cfg_t *child_cfg) if (this->state == IKE_CREATED) { if (this->other_host->is_anyaddr(this->other_host) -#ifdef P2P +#ifdef ME && !this->peer_cfg->get_mediated_by(this->peer_cfg) -#endif /* P2P */ +#endif /* ME */ ) { child_cfg->destroy(child_cfg); @@ -1052,13 +1052,13 @@ static status_t initiate(private_ike_sa_t *this, child_cfg_t *child_cfg) task = (task_t*)ike_mobike_create(&this->public, TRUE); this->task_manager->queue_task(this->task_manager, task); } -#ifdef P2P - task = (task_t*)ike_p2p_create(&this->public, TRUE); +#ifdef ME + task = (task_t*)ike_me_create(&this->public, TRUE); this->task_manager->queue_task(this->task_manager, task); -#endif /* P2P */ +#endif /* ME */ } -#ifdef P2P +#ifdef ME if (this->peer_cfg->get_mediated_by(this->peer_cfg)) { /* mediated connection, initiate mediation process */ @@ -1075,7 +1075,7 @@ static status_t initiate(private_ike_sa_t *this, child_cfg_t *child_cfg) } } else -#endif /* P2P */ +#endif /* ME */ { /* normal IKE_SA with CHILD_SA */ task = (task_t*)child_create_create(&this->public, child_cfg); @@ -1090,7 +1090,7 @@ static status_t initiate(private_ike_sa_t *this, child_cfg_t *child_cfg) * Implementation of ike_sa_t.acquire. */ static status_t acquire(private_ike_sa_t *this, u_int32_t reqid) -{ /* FIXME: P2P-NAT-T */ +{ /* FIXME: IKE-ME */ child_cfg_t *child_cfg; iterator_t *iterator; child_sa_t *current, *child_sa = NULL; @@ -1418,7 +1418,7 @@ static status_t process_message(private_ike_sa_t *this, message_t *message) * Implementation of ike_sa_t.retransmit. */ static status_t retransmit(private_ike_sa_t *this, u_int32_t message_id) -{ /* FIXME: P2P-NAT-T */ +{ /* FIXME: IKE-ME */ this->time.outbound = time(NULL); if (this->task_manager->retransmit(this->task_manager, message_id) != SUCCESS) { @@ -2306,7 +2306,7 @@ static void destroy(private_ike_sa_t *this) offsetof(host_t, destroy)); this->additional_addresses->destroy_offset(this->additional_addresses, offsetof(host_t, destroy)); -#ifdef P2P +#ifdef ME if (this->peer_cfg && this->peer_cfg->is_mediation(this->peer_cfg) && !this->ike_sa_id->is_initiator(this->ike_sa_id)) { @@ -2314,7 +2314,7 @@ static void destroy(private_ike_sa_t *this) charon->mediation_manager->remove(charon->mediation_manager, this->ike_sa_id); } DESTROY_IF(this->server_reflexive_host); -#endif /* P2P */ +#endif /* ME */ DESTROY_IF(this->my_host); DESTROY_IF(this->other_host); @@ -2400,7 +2400,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->public.set_virtual_ip = (void (*)(ike_sa_t*,bool,host_t*))set_virtual_ip; this->public.get_virtual_ip = (host_t* (*)(ike_sa_t*,bool))get_virtual_ip; this->public.add_dns_server = (void (*)(ike_sa_t*,host_t*))add_dns_server; -#ifdef P2P +#ifdef ME this->public.get_server_reflexive_host = (host_t* (*)(ike_sa_t*)) get_server_reflexive_host; this->public.set_server_reflexive_host = (void (*)(ike_sa_t*,host_t*)) set_server_reflexive_host; this->public.initiate_mediation = (status_t (*)(ike_sa_t*,peer_cfg_t*)) initiate_mediation; @@ -2408,7 +2408,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->public.relay = (status_t (*)(ike_sa_t*,identification_t*,chunk_t,chunk_t,linked_list_t*,bool)) relay; this->public.callback = (status_t (*)(ike_sa_t*,identification_t*)) callback; this->public.respond = (status_t (*)(ike_sa_t*,identification_t*,chunk_t)) respond; -#endif /* P2P */ +#endif /* ME */ /* initialize private fields */ this->ike_sa_id = ike_sa_id->clone(ike_sa_id); @@ -2446,9 +2446,9 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->pending_updates = 0; this->keyingtry = 0; this->ike_initiator = FALSE; -#ifdef P2P +#ifdef ME this->server_reflexive_host = NULL; -#endif /* P2P */ +#endif /* ME */ return &this->public; } diff --git a/src/charon/sa/ike_sa.h b/src/charon/sa/ike_sa.h index f3d96f9de..33b990703 100644 --- a/src/charon/sa/ike_sa.h +++ b/src/charon/sa/ike_sa.h @@ -434,7 +434,7 @@ struct ike_sa_t { */ void (*set_pending_updates)(ike_sa_t *this, u_int32_t updates); -#ifdef P2P +#ifdef ME /** * Get the server reflexive host. * @@ -451,7 +451,7 @@ struct ike_sa_t { /** * Initiate the mediation of a mediated connection (i.e. initiate a - * P2P_CONNECT exchange). + * ME_CONNECT exchange). * * @param mediated_cfg peer_cfg of the mediated connection * @return @@ -475,21 +475,21 @@ struct ike_sa_t { /** * Relay data from one peer to another (i.e. initiate a - * P2P_CONNECT exchange). + * ME_CONNECT exchange). * * Data is cloned. * * @param requester ID of the requesting peer - * @param session_id data of the P2P_SESSIONID payload - * @param session_key data of the P2P_SESSIONKEY payload + * @param connect_id data of the ME_CONNECTID payload + * @param connect_key data of the ME_CONNECTKEY payload * @param endpoints endpoints * @param response TRUE if this is a response * @return * - SUCCESS if relay started * - DESTROY_ME if relay failed */ - status_t (*relay) (ike_sa_t *this, identification_t *requester, chunk_t session_id, - chunk_t session_key, linked_list_t *endpoints, bool response); + status_t (*relay) (ike_sa_t *this, identification_t *requester, chunk_t connect_id, + chunk_t connect_key, linked_list_t *endpoints, bool response); /** * Send a callback to a peer. @@ -504,18 +504,18 @@ struct ike_sa_t { status_t (*callback) (ike_sa_t *this, identification_t *peer_id); /** - * Respond to a P2P_CONNECT request. + * Respond to a ME_CONNECT request. * * Data is cloned. * * @param peer_id ID of the other peer - * @param session_id the session ID supplied by the initiator + * @param connect_id the connect ID supplied by the initiator * @return * - SUCCESS if response started * - DESTROY_ME if response failed */ - status_t (*respond) (ike_sa_t *this, identification_t *peer_id, chunk_t session_id); -#endif /* P2P */ + status_t (*respond) (ike_sa_t *this, identification_t *peer_id, chunk_t connect_id); +#endif /* ME */ /** * Initiate a new connection. diff --git a/src/charon/sa/task_manager.c b/src/charon/sa/task_manager.c index df0697055..b1c755a1a 100644 --- a/src/charon/sa/task_manager.c +++ b/src/charon/sa/task_manager.c @@ -38,8 +38,8 @@ #include <encoding/payloads/delete_payload.h> #include <processing/jobs/retransmit_job.h> -#ifdef P2P -#include <sa/tasks/ike_p2p.h> +#ifdef ME +#include <sa/tasks/ike_me.h> #endif typedef struct exchange_t exchange_t; @@ -325,13 +325,13 @@ static status_t build_request(private_task_manager_t *this) exchange = IKE_SA_INIT; activate_task(this, IKE_NATD); activate_task(this, IKE_CERT_PRE); -#ifdef P2P +#ifdef ME /* this task has to be activated before the IKE_AUTHENTICATE * task, because that task pregenerates the packet after * which no payloads can be added to the message anymore. */ - activate_task(this, IKE_P2P); -#endif /* P2P */ + activate_task(this, IKE_ME); +#endif /* ME */ activate_task(this, IKE_AUTHENTICATE); activate_task(this, IKE_CERT_POST); activate_task(this, IKE_CONFIG); @@ -381,13 +381,13 @@ static status_t build_request(private_task_manager_t *this) exchange = INFORMATIONAL; break; } -#ifdef P2P - if (activate_task(this, IKE_P2P)) +#ifdef ME + if (activate_task(this, IKE_ME)) { - exchange = P2P_CONNECT; + exchange = ME_CONNECT; break; } -#endif /* P2P */ +#endif /* ME */ case IKE_REKEYING: if (activate_task(this, IKE_DELETE)) { @@ -686,10 +686,10 @@ static status_t process_request(private_task_manager_t *this, this->passive_tasks->insert_last(this->passive_tasks, task); task = (task_t*)ike_cert_pre_create(this->ike_sa, FALSE); this->passive_tasks->insert_last(this->passive_tasks, task); -#ifdef P2P - task = (task_t*)ike_p2p_create(this->ike_sa, FALSE); +#ifdef ME + task = (task_t*)ike_me_create(this->ike_sa, FALSE); this->passive_tasks->insert_last(this->passive_tasks, task); -#endif /* P2P */ +#endif /* ME */ task = (task_t*)ike_auth_create(this->ike_sa, FALSE); this->passive_tasks->insert_last(this->passive_tasks, task); task = (task_t*)ike_cert_post_create(this->ike_sa, FALSE); @@ -817,13 +817,13 @@ static status_t process_request(private_task_manager_t *this, this->passive_tasks->insert_last(this->passive_tasks, task); break; } -#ifdef P2P - case P2P_CONNECT: +#ifdef ME + case ME_CONNECT: { - task = (task_t*)ike_p2p_create(this->ike_sa, FALSE); + task = (task_t*)ike_me_create(this->ike_sa, FALSE); this->passive_tasks->insert_last(this->passive_tasks, task); } -#endif /* P2P */ +#endif /* ME */ default: break; } diff --git a/src/charon/sa/tasks/ike_auth.c b/src/charon/sa/tasks/ike_auth.c index b96371bcf..6efd47244 100644 --- a/src/charon/sa/tasks/ike_auth.c +++ b/src/charon/sa/tasks/ike_auth.c @@ -649,8 +649,8 @@ static status_t process_i(private_ike_auth_t *this, message_t *message) case AUTH_LIFETIME: /* handled in ike_auth_lifetime task */ break; - case P2P_ENDPOINT: - /* handled in ike_p2p task */ + case ME_ENDPOINT: + /* handled in ike_me task */ break; default: { diff --git a/src/charon/sa/tasks/ike_p2p.c b/src/charon/sa/tasks/ike_me.c index 5a9ae00a4..64741c6ba 100644 --- a/src/charon/sa/tasks/ike_p2p.c +++ b/src/charon/sa/tasks/ike_me.c @@ -15,7 +15,7 @@ * $Id$ */ -#include "ike_p2p.h" +#include "ike_me.h" #include <string.h> @@ -26,27 +26,27 @@ #include <encoding/payloads/endpoint_notify.h> #include <processing/jobs/mediation_job.h> -#define P2P_SESSIONID_LEN 8 -#define P2P_SESSIONKEY_LEN 16 +#define ME_CONNECTID_LEN 8 +#define ME_CONNECTKEY_LEN 16 /* FIXME: proposed values */ -#define P2P_SESSIONID_MIN_LEN 4 -#define P2P_SESSIONID_MAX_LEN 16 -#define P2P_SESSIONKEY_MIN_LEN 8 -#define P2P_SESSIONKEY_MAX_LEN 64 +#define ME_CONNECTID_MIN_LEN 4 +#define ME_CONNECTID_MAX_LEN 16 +#define ME_CONNECTKEY_MIN_LEN 8 +#define ME_CONNECTKEY_MAX_LEN 64 -typedef struct private_ike_p2p_t private_ike_p2p_t; +typedef struct private_ike_me_t private_ike_me_t; /** - * Private members of a ike_p2p_t task. + * Private members of a ike_me_t task. */ -struct private_ike_p2p_t { +struct private_ike_me_t { /** * Public methods and task_t interface. */ - ike_p2p_t public; + ike_me_t public; /** * Assigned IKE_SA. @@ -100,12 +100,12 @@ struct private_ike_p2p_t { /** * Received ID used for connectivity checks */ - chunk_t session_id; + chunk_t connect_id; /** * Received key used for connectivity checks */ - chunk_t session_key; + chunk_t connect_key; /** * Peer config of the mediated connection @@ -133,7 +133,7 @@ static void add_endpoints_to_message(message_t *message, linked_list_t *endpoint /** * Gathers endpoints and adds them to the current message */ -static void gather_and_add_endpoints(private_ike_p2p_t *this, message_t *message) +static void gather_and_add_endpoints(private_ike_me_t *this, message_t *message) { iterator_t *iterator; host_t *addr, *host; @@ -171,7 +171,7 @@ static void gather_and_add_endpoints(private_ike_p2p_t *this, message_t *message /** * read notifys from message and evaluate them */ -static void process_payloads(private_ike_p2p_t *this, message_t *message) +static void process_payloads(private_ike_me_t *this, message_t *message) { iterator_t *iterator; payload_t *payload; @@ -188,55 +188,55 @@ static void process_payloads(private_ike_p2p_t *this, message_t *message) switch (notify->get_notify_type(notify)) { - case P2P_CONNECT_FAILED: + case ME_CONNECT_FAILED: { - DBG2(DBG_IKE, "received P2P_CONNECT_FAILED notify"); + DBG2(DBG_IKE, "received ME_CONNECT_FAILED notify"); this->failed = TRUE; break; } - case P2P_MEDIATION: + case ME_MEDIATION: { - DBG2(DBG_IKE, "received P2P_MEDIATION notify"); + DBG2(DBG_IKE, "received ME_MEDIATION notify"); this->mediation = TRUE; break; } - case P2P_ENDPOINT: + case ME_ENDPOINT: { endpoint_notify_t *endpoint = endpoint_notify_create_from_payload(notify); if (!endpoint) { - DBG1(DBG_IKE, "received invalid P2P_ENDPOINT notify"); + DBG1(DBG_IKE, "received invalid ME_ENDPOINT notify"); break; } - DBG1(DBG_IKE, "received %N P2P_ENDPOINT %#H", p2p_endpoint_type_names, + DBG1(DBG_IKE, "received %N ME_ENDPOINT %#H", me_endpoint_type_names, endpoint->get_type(endpoint), endpoint->get_host(endpoint)); this->remote_endpoints->insert_last(this->remote_endpoints, endpoint); break; } - case P2P_CALLBACK: + case ME_CALLBACK: { - DBG2(DBG_IKE, "received P2P_CALLBACK notify"); + DBG2(DBG_IKE, "received ME_CALLBACK notify"); this->callback = TRUE; break; } - case P2P_SESSIONID: + case ME_CONNECTID: { - chunk_free(&this->session_id); - this->session_id = chunk_clone(notify->get_notification_data(notify)); - DBG2(DBG_IKE, "received P2P_SESSIONID %#B", &this->session_id); + chunk_free(&this->connect_id); + this->connect_id = chunk_clone(notify->get_notification_data(notify)); + DBG2(DBG_IKE, "received ME_CONNECTID %#B", &this->connect_id); break; } - case P2P_SESSIONKEY: + case ME_CONNECTKEY: { - chunk_free(&this->session_key); - this->session_key = chunk_clone(notify->get_notification_data(notify)); - DBG4(DBG_IKE, "received P2P_SESSIONKEY %#B", &this->session_key); + chunk_free(&this->connect_key); + this->connect_key = chunk_clone(notify->get_notification_data(notify)); + DBG4(DBG_IKE, "received ME_CONNECTKEY %#B", &this->connect_key); break; } - case P2P_RESPONSE: + case ME_RESPONSE: { - DBG2(DBG_IKE, "received P2P_RESPONSE notify"); + DBG2(DBG_IKE, "received ME_RESPONSE notify"); this->response = TRUE; break; } @@ -250,7 +250,7 @@ static void process_payloads(private_ike_p2p_t *this, message_t *message) /** * Implementation of task_t.process for initiator */ -static status_t build_i(private_ike_p2p_t *this, message_t *message) +static status_t build_i(private_ike_me_t *this, message_t *message) { switch(message->get_exchange_type(message)) { @@ -259,8 +259,8 @@ static status_t build_i(private_ike_p2p_t *this, message_t *message) peer_cfg_t *peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); if (peer_cfg->is_mediation(peer_cfg)) { - DBG2(DBG_IKE, "adding P2P_MEDIATION"); - message->add_notify(message, FALSE, P2P_MEDIATION, chunk_empty); + DBG2(DBG_IKE, "adding ME_MEDIATION"); + message->add_notify(message, FALSE, ME_MEDIATION, chunk_empty); } else { @@ -278,7 +278,7 @@ static status_t build_i(private_ike_p2p_t *this, message_t *message) } break; } - case P2P_CONNECT: + case ME_CONNECT: { id_payload_t *id_payload; randomizer_t *rand = randomizer_create(); @@ -288,38 +288,38 @@ static status_t build_i(private_ike_p2p_t *this, message_t *message) if (!this->response) { - /* only the initiator creates a session ID. the responder returns - * the session ID that it received from the initiator */ + /* only the initiator creates a connect ID. the responder returns + * the connect ID that it received from the initiator */ if (rand->allocate_pseudo_random_bytes(rand, - P2P_SESSIONID_LEN, &this->session_id) != SUCCESS) + ME_CONNECTID_LEN, &this->connect_id) != SUCCESS) { - DBG1(DBG_IKE, "unable to generate session ID for P2P_CONNECT"); + DBG1(DBG_IKE, "unable to generate connect ID for ME_CONNECT"); rand->destroy(rand); return FAILED; } } if (rand->allocate_pseudo_random_bytes(rand, - P2P_SESSIONKEY_LEN, &this->session_key) != SUCCESS) + ME_CONNECTKEY_LEN, &this->connect_key) != SUCCESS) { - DBG1(DBG_IKE, "unable to generate session key for P2P_CONNECT"); + DBG1(DBG_IKE, "unable to generate connect key for ME_CONNECT"); rand->destroy(rand); return FAILED; } rand->destroy(rand); - message->add_notify(message, FALSE, P2P_SESSIONID, this->session_id); - message->add_notify(message, FALSE, P2P_SESSIONKEY, this->session_key); + message->add_notify(message, FALSE, ME_CONNECTID, this->connect_id); + message->add_notify(message, FALSE, ME_CONNECTKEY, this->connect_key); if (this->response) { - message->add_notify(message, FALSE, P2P_RESPONSE, chunk_empty); + message->add_notify(message, FALSE, ME_RESPONSE, chunk_empty); } else { /* FIXME: should we make that configurable? */ - message->add_notify(message, FALSE, P2P_CALLBACK, chunk_empty); + message->add_notify(message, FALSE, ME_CALLBACK, chunk_empty); } gather_and_add_endpoints(this, message); @@ -335,17 +335,17 @@ static status_t build_i(private_ike_p2p_t *this, message_t *message) /** * Implementation of task_t.process for responder */ -static status_t process_r(private_ike_p2p_t *this, message_t *message) +static status_t process_r(private_ike_me_t *this, message_t *message) { switch(message->get_exchange_type(message)) { - case P2P_CONNECT: + case ME_CONNECT: { id_payload_t *id_payload; id_payload = (id_payload_t*)message->get_payload(message, ID_PEER); if (!id_payload) { - DBG1(DBG_IKE, "received P2P_CONNECT without ID_PEER payload, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without ID_PEER payload, aborting"); break; } this->peer_id = id_payload->get_identification(id_payload); @@ -354,32 +354,32 @@ static status_t process_r(private_ike_p2p_t *this, message_t *message) if (this->callback) { - DBG1(DBG_IKE, "received P2P_CALLBACK for '%D'", this->peer_id); + DBG1(DBG_IKE, "received ME_CALLBACK for '%D'", this->peer_id); break; } - if (!this->session_id.ptr) + if (!this->connect_id.ptr) { - DBG1(DBG_IKE, "received P2P_CONNECT without P2P_SESSIONID notify, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTID notify, aborting"); this->invalid_syntax = TRUE; break; } - if (!this->session_key.ptr) + if (!this->connect_key.ptr) { - DBG1(DBG_IKE, "received P2P_CONNECT without P2P_SESSIONKEY notify, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTKEY notify, aborting"); this->invalid_syntax = TRUE; break; } if (!this->remote_endpoints->get_count(this->remote_endpoints)) { - DBG1(DBG_IKE, "received P2P_CONNECT without any P2P_ENDPOINT payloads, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without any ME_ENDPOINT payloads, aborting"); this->invalid_syntax = TRUE; break; } - DBG1(DBG_IKE, "received P2P_CONNECT"); + DBG1(DBG_IKE, "received ME_CONNECT"); break; } default: @@ -391,11 +391,11 @@ static status_t process_r(private_ike_p2p_t *this, message_t *message) /** * Implementation of task_t.build for responder */ -static status_t build_r(private_ike_p2p_t *this, message_t *message) +static status_t build_r(private_ike_me_t *this, message_t *message) { switch(message->get_exchange_type(message)) { - case P2P_CONNECT: + case ME_CONNECT: { if (this->invalid_syntax) { @@ -417,7 +417,7 @@ static status_t build_r(private_ike_p2p_t *this, message_t *message) * as initiator, upon receiving a response from another peer, * update the checklist and start sending checks */ charon->connect_manager->set_responder_data(charon->connect_manager, - this->session_id, this->session_key, this->remote_endpoints); + this->connect_id, this->connect_key, this->remote_endpoints); } else { @@ -425,10 +425,10 @@ static status_t build_r(private_ike_p2p_t *this, message_t *message) * as responder, create a checklist with the initiator's data */ charon->connect_manager->set_initiator_data(charon->connect_manager, this->peer_id, this->ike_sa->get_my_id(this->ike_sa), - this->session_id, this->session_key, this->remote_endpoints, + this->connect_id, this->connect_key, this->remote_endpoints, FALSE); if (this->ike_sa->respond(this->ike_sa, this->peer_id, - this->session_id) != SUCCESS) + this->connect_id) != SUCCESS) { return FAILED; } @@ -444,7 +444,7 @@ static status_t build_r(private_ike_p2p_t *this, message_t *message) /** * Implementation of task_t.process for initiator */ -static status_t process_i(private_ike_p2p_t *this, message_t *message) +static status_t process_i(private_ike_me_t *this, message_t *message) { switch(message->get_exchange_type(message)) { @@ -454,7 +454,7 @@ static status_t process_i(private_ike_p2p_t *this, message_t *message) if (!this->mediation) { - DBG1(DBG_IKE, "server did not return a P2P_MEDIATION, aborting"); + DBG1(DBG_IKE, "server did not return a ME_MEDIATION, aborting"); return FAILED; } @@ -480,7 +480,7 @@ static status_t process_i(private_ike_p2p_t *this, message_t *message) break; } - case P2P_CONNECT: + case ME_CONNECT: { process_payloads(this, message); @@ -498,7 +498,7 @@ static status_t process_i(private_ike_p2p_t *this, message_t *message) /* FIXME: handle result of set_responder_data. * as responder, we update the checklist and start sending checks */ charon->connect_manager->set_responder_data(charon->connect_manager, - this->session_id, this->session_key, this->local_endpoints); + this->connect_id, this->connect_key, this->local_endpoints); } else { @@ -506,7 +506,7 @@ static status_t process_i(private_ike_p2p_t *this, message_t *message) * as initiator, we create a checklist and set the initiator's data */ charon->connect_manager->set_initiator_data(charon->connect_manager, this->ike_sa->get_my_id(this->ike_sa), this->peer_id, - this->session_id, this->session_key, this->local_endpoints, + this->connect_id, this->connect_key, this->local_endpoints, TRUE); } } @@ -521,27 +521,27 @@ static status_t process_i(private_ike_p2p_t *this, message_t *message) /** * Implementation of task_t.process for initiator (mediation server) */ -static status_t build_i_ms(private_ike_p2p_t *this, message_t *message) +static status_t build_i_ms(private_ike_me_t *this, message_t *message) { switch(message->get_exchange_type(message)) { - case P2P_CONNECT: + case ME_CONNECT: { id_payload_t *id_payload = id_payload_create_from_identification(ID_PEER, this->peer_id); message->add_payload(message, (payload_t*)id_payload); if (this->callback) { - message->add_notify(message, FALSE, P2P_CALLBACK, chunk_empty); + message->add_notify(message, FALSE, ME_CALLBACK, chunk_empty); } else { if (this->response) { - message->add_notify(message, FALSE, P2P_RESPONSE, chunk_empty); + message->add_notify(message, FALSE, ME_RESPONSE, chunk_empty); } - message->add_notify(message, FALSE, P2P_SESSIONID, this->session_id); - message->add_notify(message, FALSE, P2P_SESSIONKEY, this->session_key); + message->add_notify(message, FALSE, ME_CONNECTID, this->connect_id); + message->add_notify(message, FALSE, ME_CONNECTKEY, this->connect_key); add_endpoints_to_message(message, this->remote_endpoints); } @@ -557,7 +557,7 @@ static status_t build_i_ms(private_ike_p2p_t *this, message_t *message) /** * Implementation of task_t.process for responder (mediation server) */ -static status_t process_r_ms(private_ike_p2p_t *this, message_t *message) +static status_t process_r_ms(private_ike_me_t *this, message_t *message) { switch(message->get_exchange_type(message)) { @@ -571,13 +571,13 @@ static status_t process_r_ms(private_ike_p2p_t *this, message_t *message) process_payloads(this, message); break; } - case P2P_CONNECT: + case ME_CONNECT: { id_payload_t *id_payload; id_payload = (id_payload_t*)message->get_payload(message, ID_PEER); if (!id_payload) { - DBG1(DBG_IKE, "received P2P_CONNECT without ID_PEER payload, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without ID_PEER payload, aborting"); this->invalid_syntax = TRUE; break; } @@ -586,23 +586,23 @@ static status_t process_r_ms(private_ike_p2p_t *this, message_t *message) process_payloads(this, message); - if (!this->session_id.ptr) + if (!this->connect_id.ptr) { - DBG1(DBG_IKE, "received P2P_CONNECT without P2P_SESSIONID notify, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTID notify, aborting"); this->invalid_syntax = TRUE; break; } - if (!this->session_key.ptr) + if (!this->connect_key.ptr) { - DBG1(DBG_IKE, "received P2P_CONNECT without P2P_SESSIONKEY notify, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTKEY notify, aborting"); this->invalid_syntax = TRUE; break; } if (!this->remote_endpoints->get_count(this->remote_endpoints)) { - DBG1(DBG_IKE, "received P2P_CONNECT without any P2P_ENDPOINT payloads, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without any ME_ENDPOINT payloads, aborting"); this->invalid_syntax = TRUE; break; } @@ -618,13 +618,13 @@ static status_t process_r_ms(private_ike_p2p_t *this, message_t *message) /** * Implementation of task_t.build for responder (mediation server) */ -static status_t build_r_ms(private_ike_p2p_t *this, message_t *message) +static status_t build_r_ms(private_ike_me_t *this, message_t *message) { switch(message->get_exchange_type(message)) { case IKE_SA_INIT: { - message->add_notify(message, FALSE, P2P_MEDIATION, chunk_empty); + message->add_notify(message, FALSE, ME_MEDIATION, chunk_empty); return NEED_MORE; } case IKE_AUTH: @@ -650,7 +650,7 @@ static status_t build_r_ms(private_ike_p2p_t *this, message_t *message) break; } - case P2P_CONNECT: + case ME_CONNECT: { if (this->invalid_syntax) { @@ -673,13 +673,13 @@ static status_t build_r_ms(private_ike_p2p_t *this, message_t *message) if (!peer_sa) { /* the peer is not online */ - message->add_notify(message, TRUE, P2P_CONNECT_FAILED, chunk_empty); + message->add_notify(message, TRUE, ME_CONNECT_FAILED, chunk_empty); break; } job_t *job = (job_t*)mediation_job_create(this->peer_id, - this->ike_sa->get_other_id(this->ike_sa), this->session_id, - this->session_key, this->remote_endpoints, this->response); + this->ike_sa->get_other_id(this->ike_sa), this->connect_id, + this->connect_key, this->remote_endpoints, this->response); charon->processor->queue_job(charon->processor, job); break; @@ -693,48 +693,48 @@ static status_t build_r_ms(private_ike_p2p_t *this, message_t *message) /** * Implementation of task_t.process for initiator (mediation server) */ -static status_t process_i_ms(private_ike_p2p_t *this, message_t *message) +static status_t process_i_ms(private_ike_me_t *this, message_t *message) { return SUCCESS; } /** - * Implementation of ike_p2p.connect + * Implementation of ike_me.connect */ -static void p2p_connect(private_ike_p2p_t *this, identification_t *peer_id) +static void me_connect(private_ike_me_t *this, identification_t *peer_id) { this->peer_id = peer_id->clone(peer_id); } /** - * Implementation of ike_p2p.respond + * Implementation of ike_me.respond */ -static void p2p_respond(private_ike_p2p_t *this, identification_t *peer_id, - chunk_t session_id) +static void me_respond(private_ike_me_t *this, identification_t *peer_id, + chunk_t connect_id) { this->peer_id = peer_id->clone(peer_id); - this->session_id = chunk_clone(session_id); + this->connect_id = chunk_clone(connect_id); this->response = TRUE; } /** - * Implementation of ike_p2p.callback + * Implementation of ike_me.callback */ -static void p2p_callback(private_ike_p2p_t *this, identification_t *peer_id) +static void me_callback(private_ike_me_t *this, identification_t *peer_id) { this->peer_id = peer_id->clone(peer_id); this->callback = TRUE; } /** - * Implementation of ike_p2p.relay + * Implementation of ike_me.relay */ -static void relay(private_ike_p2p_t *this, identification_t *requester, chunk_t session_id, - chunk_t session_key, linked_list_t *endpoints, bool response) +static void relay(private_ike_me_t *this, identification_t *requester, chunk_t connect_id, + chunk_t connect_key, linked_list_t *endpoints, bool response) { this->peer_id = requester->clone(requester); - this->session_id = chunk_clone(session_id); - this->session_key = chunk_clone(session_key); + this->connect_id = chunk_clone(connect_id); + this->connect_key = chunk_clone(connect_key); this->remote_endpoints = endpoints->clone_offset(endpoints, offsetof(endpoint_notify_t, clone)); this->response = response; } @@ -742,15 +742,15 @@ static void relay(private_ike_p2p_t *this, identification_t *requester, chunk_t /** * Implementation of task_t.get_type */ -static task_type_t get_type(private_ike_p2p_t *this) +static task_type_t get_type(private_ike_me_t *this) { - return IKE_P2P; + return IKE_ME; } /** * Implementation of task_t.migrate */ -static void migrate(private_ike_p2p_t *this, ike_sa_t *ike_sa) +static void migrate(private_ike_me_t *this, ike_sa_t *ike_sa) { this->ike_sa = ike_sa; } @@ -758,12 +758,12 @@ static void migrate(private_ike_p2p_t *this, ike_sa_t *ike_sa) /** * Implementation of task_t.destroy */ -static void destroy(private_ike_p2p_t *this) +static void destroy(private_ike_me_t *this) { DESTROY_IF(this->peer_id); - chunk_free(&this->session_id); - chunk_free(&this->session_key); + chunk_free(&this->connect_id); + chunk_free(&this->connect_key); this->local_endpoints->destroy_offset(this->local_endpoints, offsetof(endpoint_notify_t, destroy)); this->remote_endpoints->destroy_offset(this->remote_endpoints, offsetof(endpoint_notify_t, destroy)); @@ -775,9 +775,9 @@ static void destroy(private_ike_p2p_t *this) /* * Described in header. */ -ike_p2p_t *ike_p2p_create(ike_sa_t *ike_sa, bool initiator) +ike_me_t *ike_me_create(ike_sa_t *ike_sa, bool initiator) { - private_ike_p2p_t *this = malloc_thing(private_ike_p2p_t); + private_ike_me_t *this = malloc_thing(private_ike_me_t); this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; @@ -812,17 +812,17 @@ ike_p2p_t *ike_p2p_create(ike_sa_t *ike_sa, bool initiator) } } - this->public.connect = (void(*)(ike_p2p_t*,identification_t*))p2p_connect; - this->public.respond = (void(*)(ike_p2p_t*,identification_t*,chunk_t))p2p_respond; - this->public.callback = (void(*)(ike_p2p_t*,identification_t*))p2p_callback; - this->public.relay = (void(*)(ike_p2p_t*,identification_t*,chunk_t,chunk_t,linked_list_t*,bool))relay; + this->public.connect = (void(*)(ike_me_t*,identification_t*))me_connect; + this->public.respond = (void(*)(ike_me_t*,identification_t*,chunk_t))me_respond; + this->public.callback = (void(*)(ike_me_t*,identification_t*))me_callback; + this->public.relay = (void(*)(ike_me_t*,identification_t*,chunk_t,chunk_t,linked_list_t*,bool))relay; this->ike_sa = ike_sa; this->initiator = initiator; this->peer_id = NULL; - this->session_id = chunk_empty; - this->session_key = chunk_empty; + this->connect_id = chunk_empty; + this->connect_key = chunk_empty; this->local_endpoints = linked_list_create(); this->remote_endpoints = linked_list_create(); this->mediation = FALSE; diff --git a/src/charon/sa/tasks/ike_p2p.h b/src/charon/sa/tasks/ike_me.h index fe6bbd1a2..7fdc7243f 100644 --- a/src/charon/sa/tasks/ike_p2p.h +++ b/src/charon/sa/tasks/ike_me.h @@ -16,32 +16,32 @@ */ /** - * @defgroup ike_p2p ike_p2p + * @defgroup ike_me ike_me * @{ @ingroup tasks */ -#ifndef IKE_P2P_H_ -#define IKE_P2P_H_ +#ifndef IKE_ME_H_ +#define IKE_ME_H_ -typedef struct ike_p2p_t ike_p2p_t; +typedef struct ike_me_t ike_me_t; #include <library.h> #include <sa/ike_sa.h> #include <sa/tasks/task.h> /** - * Task of type IKE_P2P, detects and handles P2P-NAT-T extensions. + * Task of type IKE_ME, detects and handles IKE-ME extensions. * - * This tasks handles the P2P_MEDIATION notify exchange to setup a mediation - * connection, allows to initiate mediated connections using P2P_CONNECT + * This tasks handles the ME_MEDIATION Notify exchange to setup a mediation + * connection, allows to initiate mediated connections using ME_CONNECT * exchanges and to request reflexive addresses from the mediation server using - * P2P_ENDPOINT notifies. + * ME_ENDPOINT notifies. * * @note This task has to be activated before the IKE_AUTH task, because that * task generates the IKE_SA_INIT message so that no more payloads can be added * to it afterwards. */ -struct ike_p2p_t { +struct ike_me_t { /** * Implements the task_t interface @@ -49,52 +49,52 @@ struct ike_p2p_t { task_t task; /** - * Initiates a connection with another peer (i.e. sends a P2P_CONNECT + * Initiates a connection with another peer (i.e. sends a ME_CONNECT * to the mediation server) * * @param peer_id ID of the other peer (gets cloned) */ - void (*connect)(ike_p2p_t *this, identification_t *peer_id); + void (*connect)(ike_me_t *this, identification_t *peer_id); /** - * Responds to a P2P_CONNECT from another peer (i.e. sends a P2P_CONNECT + * Responds to a ME_CONNECT from another peer (i.e. sends a ME_CONNECT * to the mediation server) * * @param peer_id ID of the other peer (gets cloned) - * @param session_id the session ID as provided by the initiator (gets cloned) + * @param connect_id the connect ID as provided by the initiator (gets cloned) */ - void (*respond)(ike_p2p_t *this, identification_t *peer_id, chunk_t session_id); + void (*respond)(ike_me_t *this, identification_t *peer_id, chunk_t connect_id); /** - * Sends a P2P_CALLBACK to a peer that previously requested another peer. + * Sends a ME_CALLBACK to a peer that previously requested another peer. * * @param peer_id ID of the other peer (gets cloned) */ - void (*callback)(ike_p2p_t *this, identification_t *peer_id); + void (*callback)(ike_me_t *this, identification_t *peer_id); /** - * Relays data to another peer (i.e. sends a P2P_CONNECT to the peer) + * Relays data to another peer (i.e. sends a ME_CONNECT to the peer) * * Data gets cloned. * * @param requester ID of the requesting peer - * @param session_id content of the P2P_SESSIONID notify - * @param session_key content of the P2P_SESSIONKEY notify + * @param connect_id content of the ME_CONNECTID notify + * @param connect_key content of the ME_CONNECTKEY notify * @param endpoints endpoints * @param response TRUE if this is a response */ - void (*relay)(ike_p2p_t *this, identification_t *requester, chunk_t session_id, - chunk_t session_key, linked_list_t *endpoints, bool response); + void (*relay)(ike_me_t *this, identification_t *requester, chunk_t connect_id, + chunk_t connect_key, linked_list_t *endpoints, bool response); }; /** - * Create a new ike_p2p task. + * Create a new ike_me task. * * @param ike_sa IKE_SA this task works for * @param initiator TRUE if taks is initiated by us - * @return ike_p2p task to handle by the task_manager + * @return ike_me task to handle by the task_manager */ -ike_p2p_t *ike_p2p_create(ike_sa_t *ike_sa, bool initiator); +ike_me_t *ike_me_create(ike_sa_t *ike_sa, bool initiator); -#endif /*IKE_P2P_H_ @} */ +#endif /*IKE_ME_H_ @} */ diff --git a/src/charon/sa/tasks/ike_natd.c b/src/charon/sa/tasks/ike_natd.c index 1662a3268..e8daecdba 100644 --- a/src/charon/sa/tasks/ike_natd.c +++ b/src/charon/sa/tasks/ike_natd.c @@ -254,7 +254,7 @@ static status_t process_i(private_ike_natd_t *this, message_t *message) { peer_cfg_t *peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); -#ifdef P2P +#ifdef ME /* if we are on a mediated connection we have already switched to * port 4500 and the correct destination port is already configured, * therefore we must not switch again */ @@ -262,14 +262,14 @@ static status_t process_i(private_ike_natd_t *this, message_t *message) { return SUCCESS; } -#endif /* P2P */ +#endif /* ME */ if (this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY) || -#ifdef P2P +#ifdef ME /* if we are on a mediation connection we swith to port 4500 even * if no NAT is detected. */ peer_cfg->is_mediation(peer_cfg) || -#endif /* P2P */ +#endif /* ME */ /* if peer supports NAT-T, we switch to port 4500 even * if no NAT is detected. MOBIKE requires this. */ (peer_cfg->use_mobike(peer_cfg) && diff --git a/src/charon/sa/tasks/task.c b/src/charon/sa/tasks/task.c index 0ff2afd77..4ff50a610 100644 --- a/src/charon/sa/tasks/task.c +++ b/src/charon/sa/tasks/task.c @@ -31,9 +31,9 @@ ENUM(task_type_names, IKE_INIT, CHILD_REKEY, "IKE_REAUTH", "IKE_DELETE", "IKE_DPD", -#ifdef P2P - "IKE_P2P", -#endif /* P2P */ +#ifdef ME + "IKE_ME", +#endif /* ME */ "CHILD_CREATE", "CHILD_DELETE", "CHILD_REKEY", diff --git a/src/charon/sa/tasks/task.h b/src/charon/sa/tasks/task.h index 773bc60c6..d2854701e 100644 --- a/src/charon/sa/tasks/task.h +++ b/src/charon/sa/tasks/task.h @@ -59,10 +59,10 @@ enum task_type_t { IKE_DELETE, /** liveness check */ IKE_DPD, -#ifdef P2P - /** handle P2P-NAT-T stuff */ - IKE_P2P, -#endif /* P2P */ +#ifdef ME + /** handle ME stuff */ + IKE_ME, +#endif /* ME */ /** establish a CHILD_SA within an IKE_SA */ CHILD_CREATE, /** delete an established CHILD_SA */ diff --git a/src/starter/args.c b/src/starter/args.c index 2520bf8df..479321ccf 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -210,9 +210,9 @@ static const token_info_t token_info[] = { ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action }, { ARG_MISC, 0, NULL /* KW_MODECONFIG */ }, { ARG_MISC, 0, NULL /* KW_XAUTH */ }, - { ARG_ENUM, offsetof(starter_conn_t, p2p_mediation), LST_bool }, - { ARG_STR, offsetof(starter_conn_t, p2p_mediated_by), NULL }, - { ARG_STR, offsetof(starter_conn_t, p2p_peerid), NULL }, + { ARG_ENUM, offsetof(starter_conn_t, me_mediation), LST_bool }, + { ARG_STR, offsetof(starter_conn_t, me_mediated_by), NULL }, + { ARG_STR, offsetof(starter_conn_t, me_peerid), NULL }, /* ca section keywords */ { ARG_STR, offsetof(starter_ca_t, name), NULL }, diff --git a/src/starter/confread.h b/src/starter/confread.h index 3270eab10..b866a915b 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -130,9 +130,9 @@ struct starter_conn { dpd_action_t dpd_action; int dpd_count; - bool p2p_mediation; - char *p2p_mediated_by; - char *p2p_peerid; + bool me_mediation; + char *me_mediated_by; + char *me_peerid; starter_conn_t *next; }; diff --git a/src/starter/keywords.h b/src/starter/keywords.h index e1957b3d8..79e4e4ea7 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -87,12 +87,12 @@ typedef enum { KW_DPDACTION, KW_MODECONFIG, KW_XAUTH, - KW_P2P_MEDIATION, - KW_P2P_MEDIATED_BY, - KW_P2P_PEERID, + KW_ME_MEDIATION, + KW_ME_MEDIATED_BY, + KW_ME_PEERID, #define KW_CONN_FIRST KW_CONN_SETUP -#define KW_CONN_LAST KW_P2P_PEERID +#define KW_CONN_LAST KW_ME_PEERID /* ca section keywords */ KW_CA_NAME, diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt index bcadb1770..97bb4e450 100644 --- a/src/starter/keywords.txt +++ b/src/starter/keywords.txt @@ -76,9 +76,9 @@ dpdtimeout, KW_DPDTIMEOUT dpdaction, KW_DPDACTION modeconfig, KW_MODECONFIG xauth, KW_XAUTH -p2p_mediation, KW_P2P_MEDIATION -p2p_mediated_by, KW_P2P_MEDIATED_BY -p2p_peerid, KW_P2P_PEERID +p2p_mediation, KW_ME_MEDIATION +p2p_mediated_by, KW_ME_MEDIATED_BY +p2p_peerid, KW_ME_PEERID cacert, KW_CACERT ldaphost, KW_LDAPHOST ldapbase, KW_LDAPBASE diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index 0ce0937b2..83db1430c 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -237,9 +237,9 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) msg.add_conn.algorithms.esp = push_string(&msg, conn->esp); msg.add_conn.dpd.delay = conn->dpd_delay; msg.add_conn.dpd.action = conn->dpd_action; - msg.add_conn.p2p.mediation = conn->p2p_mediation; - msg.add_conn.p2p.mediated_by = push_string(&msg, conn->p2p_mediated_by); - msg.add_conn.p2p.peerid = push_string(&msg, conn->p2p_peerid); + msg.add_conn.ikeme.mediation = conn->me_mediation; + msg.add_conn.ikeme.mediated_by = push_string(&msg, conn->me_mediated_by); + msg.add_conn.ikeme.peerid = push_string(&msg, conn->me_peerid); starter_stroke_add_end(&msg, &msg.add_conn.me, &conn->left); starter_stroke_add_end(&msg, &msg.add_conn.other, &conn->right); diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c index 6b2e33d1f..3f2a661ba 100644 --- a/src/stroke/stroke.c +++ b/src/stroke/stroke.c @@ -129,9 +129,9 @@ static int add_connection(char *name, msg.add_conn.dpd.delay = 0; msg.add_conn.dpd.action = 1; - msg.add_conn.p2p.mediation = 0; - msg.add_conn.p2p.mediated_by = NULL; - msg.add_conn.p2p.peerid = NULL; + msg.add_conn.ikeme.mediation = 0; + msg.add_conn.ikeme.mediated_by = NULL; + msg.add_conn.ikeme.peerid = NULL; msg.add_conn.me.id = push_string(&msg, my_id); msg.add_conn.me.address = push_string(&msg, my_addr); diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h index 1af3c6ec7..c48ebe812 100644 --- a/src/stroke/stroke_msg.h +++ b/src/stroke/stroke_msg.h @@ -218,7 +218,7 @@ struct stroke_msg_t { int mediation; char *mediated_by; char *peerid; - } p2p; + } ikeme; stroke_end_t me, other; } add_conn; diff --git a/testing/tests/p2pnat/behind-same-nat/evaltest.dat b/testing/tests/p2pnat/behind-same-nat/evaltest.dat index 0036e073f..e59334db9 100644 --- a/testing/tests/p2pnat/behind-same-nat/evaltest.dat +++ b/testing/tests/p2pnat/behind-same-nat/evaltest.dat @@ -2,10 +2,10 @@ alice::ipsec statusall::medsrv.*ESTABLISHED::YES venus::ipsec statusall::medsrv.*ESTABLISHED::YES carol::ipsec statusall::medsrv.*ESTABLISHED.*PH_IP_MOON.*6cu1UTVw@medsrv.org::YES carol::ipsec statusall::medsrv.*ESTABLISHED.*PH_IP_MOON.*F1ubAio8@medsrv.org::YES -alice::cat /var/log/daemon.log::received P2P_CALLBACK::YES -alice::ipsec statusall::p2p.*ESTABLISHED::YES -venus::ipsec statusall::p2p.*ESTABLISHED::YES -alice::ipsec statusall::p2p.*INSTALLED::YES -venus::ipsec statusall::p2p.*INSTALLED::YES +alice::cat /var/log/daemon.log::received ME_CALLBACK::YES +alice::ipsec statusall::peer.*ESTABLISHED::YES +venus::ipsec statusall::peer.*ESTABLISHED::YES +alice::ipsec statusall::peer.*INSTALLED::YES +venus::ipsec statusall::peer.*INSTALLED::YES alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/init.d/iptables b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/init.d/iptables index 937486984..1eb88c15c 100755 --- a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/init.d/iptables +++ b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/init.d/iptables @@ -25,7 +25,7 @@ start() { iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT - # allow NAT-T including P2P + # allow NAT-T iptables -A INPUT -i eth0 -p udp --dport 4500 -j ACCEPT iptables -A OUTPUT -o eth0 -p udp --sport 4500 -j ACCEPT diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/ipsec.conf b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/ipsec.conf index e481996f7..6ddb04a2f 100755 --- a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/ipsec.conf +++ b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/ipsec.conf @@ -25,7 +25,7 @@ conn medsrv authby=psk auto=add -conn p2p +conn peer leftcert=aliceCert.pem leftid=alice@strongswan.org right=%any diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/init.d/iptables b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/init.d/iptables index 06d0ebca8..6fca87b4a 100755 --- a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/init.d/iptables +++ b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/init.d/iptables @@ -25,7 +25,7 @@ start() { iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT - # allow NAT-T including P2P + # allow NAT-T iptables -A INPUT -i eth0 -p udp --dport 4500 -j ACCEPT iptables -A OUTPUT -o eth0 -p udp --sport 4500 -j ACCEPT diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/ipsec.conf b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/ipsec.conf index d21009353..0a4bb644b 100755 --- a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/ipsec.conf +++ b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/ipsec.conf @@ -25,7 +25,7 @@ conn medsrv p2p_mediation=yes auto=start -conn p2p +conn peer leftcert=venusCert.pem leftid=@venus.strongswan.org right=%any diff --git a/testing/tests/p2pnat/medsrv-psk/evaltest.dat b/testing/tests/p2pnat/medsrv-psk/evaltest.dat index b8280c325..ba14bb858 100644 --- a/testing/tests/p2pnat/medsrv-psk/evaltest.dat +++ b/testing/tests/p2pnat/medsrv-psk/evaltest.dat @@ -2,10 +2,10 @@ alice::ipsec statusall::medsrv.*ESTABLISHED::YES bob::ipsec statusall::medsrv.*ESTABLISHED::YES carol::ipsec statusall::medsrv.*ESTABLISHED.*PH_IP_MOON.*6cu1UTVw@medsrv.org::YES carol::ipsec statusall::medsrv.*ESTABLISHED.*PH_IP_SUN.*v9oEPMz@medsrv.org::YES -alice::ipsec statusall::p2p.*ESTABLISHED::YES -bob::ipsec statusall::p2p.*ESTABLISHED::YES -alice::ipsec statusall::p2p.*INSTALLED::YES -bob::ipsec statusall::p2p.*INSTALLED::YES +alice::ipsec statusall::peer.*ESTABLISHED::YES +bob::ipsec statusall::peer.*ESTABLISHED::YES +alice::ipsec statusall::peer.*INSTALLED::YES +bob::ipsec statusall::peer.*INSTALLED::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES bob::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.*: UDP::YES diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/init.d/iptables b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/init.d/iptables index 09b4cabfa..c6371c745 100755 --- a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/init.d/iptables +++ b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/init.d/iptables @@ -21,7 +21,7 @@ start() { iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT - # allow NAT-T including P2P + # allow NAT-T iptables -A INPUT -i eth0 -p udp --dport 4500 -j ACCEPT iptables -A OUTPUT -o eth0 -p udp --sport 4500 -j ACCEPT diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/ipsec.conf b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/ipsec.conf index 370934ce7..8dd41424e 100755 --- a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/ipsec.conf +++ b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/ipsec.conf @@ -25,7 +25,7 @@ conn medsrv authby=psk auto=add -conn p2p +conn peer leftcert=aliceCert.pem leftid=alice@strongswan.org right=%any diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/ipsec.conf b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/ipsec.conf index 8d8d9391f..abf4320b1 100755 --- a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/ipsec.conf +++ b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/ipsec.conf @@ -25,7 +25,7 @@ conn medsrv p2p_mediation=yes auto=start -conn p2p +conn peer leftcert=bobCert.pem leftid=bob@strongswan.org right=%any |