diff options
| author | Martin Willi <martin@strongswan.org> | 2006-06-07 13:26:23 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2006-06-07 13:26:23 +0000 |
| commit | 8d77eddec2bddbbf44eeec1b95c44a69426c87a6 (patch) | |
| tree | b6cc5552d9f19357d9b789ee18d858236089da82 /src/charon/threads | |
| parent | a401efd09157382ba95a398e71995fd67a5fd337 (diff) | |
| download | strongswan-8d77eddec2bddbbf44eeec1b95c44a69426c87a6.tar.bz2 strongswan-8d77eddec2bddbbf44eeec1b95c44a69426c87a6.tar.xz | |
further work for rekeying:
get liftimes from policy
added new state
initiation of rekeying done
proposal redone:
removed support for AH+ESP proposals
Diffstat (limited to 'src/charon/threads')
| -rw-r--r-- | src/charon/threads/kernel_interface.c | 10 | ||||
| -rwxr-xr-x | src/charon/threads/stroke_interface.c | 31 |
2 files changed, 21 insertions, 20 deletions
diff --git a/src/charon/threads/kernel_interface.c b/src/charon/threads/kernel_interface.c index d88fa3f29..f0844ee5f 100644 --- a/src/charon/threads/kernel_interface.c +++ b/src/charon/threads/kernel_interface.c @@ -677,17 +677,19 @@ static void receive_messages(private_kernel_interface_t *this) job_t *job; this->logger->log(this->logger, CONTROL|LEVEL1, "Received a XFRM_MSG_EXPIRE"); - this->logger->log(this->logger, CONTROL|LEVEL0, - "creating %s job for CHILD_SA with reqid %d", - response.expire.hard ? "delete" : "rekey", - response.expire.state.reqid); if (response.expire.hard) { + this->logger->log(this->logger, CONTROL|LEVEL0, + "creating delete job for CHILD_SA with reqid %d", + response.expire.state.reqid); job = (job_t*)delete_child_sa_job_create( response.expire.state.reqid); } else { + this->logger->log(this->logger, CONTROL|LEVEL0, + "creating rekey job for CHILD_SA with reqid %d", + response.expire.state.reqid); job = (job_t*)rekey_child_sa_job_create( response.expire.state.reqid); } diff --git a/src/charon/threads/stroke_interface.c b/src/charon/threads/stroke_interface.c index 8d62fccb8..00d3d3b27 100755 --- a/src/charon/threads/stroke_interface.c +++ b/src/charon/threads/stroke_interface.c @@ -294,19 +294,19 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg) connection = connection_create(msg->add_conn.name, msg->add_conn.ikev2, my_host, other_host, RSA_DIGITAL_SIGNATURE); - proposal = proposal_create(1); - proposal->add_algorithm(proposal, PROTO_IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); - proposal->add_algorithm(proposal, PROTO_IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); - proposal->add_algorithm(proposal, PROTO_IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0); - proposal->add_algorithm(proposal, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0); - proposal->add_algorithm(proposal, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0); - proposal->add_algorithm(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); - proposal->add_algorithm(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0); - proposal->add_algorithm(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); - proposal->add_algorithm(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0); - proposal->add_algorithm(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0); + proposal = proposal_create(PROTO_IKE); + proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); + proposal->add_algorithm(proposal, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); + proposal->add_algorithm(proposal, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0); + proposal->add_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0); + proposal->add_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0); + proposal->add_algorithm(proposal, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); + proposal->add_algorithm(proposal, DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0); + proposal->add_algorithm(proposal, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); + proposal->add_algorithm(proposal, DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0); + proposal->add_algorithm(proposal, DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0); connection->add_proposal(connection, proposal); - + /* add to global connection list */ charon->connections->add_connection(charon->connections, connection); this->logger->log(this->logger, CONTROL, "added connection \"%s\": %s[%s]...%s[%s]", @@ -317,10 +317,9 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg) other_id->get_string(other_id)); policy = policy_create(msg->add_conn.name, my_id, other_id); - proposal = proposal_create(1); - proposal->add_algorithm(proposal, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); - proposal->add_algorithm(proposal, PROTO_ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); - proposal->add_algorithm(proposal, PROTO_ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0); + proposal = proposal_create(PROTO_ESP); + proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); + proposal->add_algorithm(proposal, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); policy->add_proposal(policy, proposal); policy->add_my_traffic_selector(policy, my_ts); policy->add_other_traffic_selector(policy, other_ts); |