diff options
| author | Martin Willi <martin@strongswan.org> | 2009-09-04 13:46:09 +0200 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2009-09-04 13:46:09 +0200 |
| commit | 7daf5226b74e14a6e0f1a888b0be26f3d246f9f8 (patch) | |
| tree | 6436de2e84e7a677ecfb83db4bf44766cc273d9f /src/charon | |
| parent | 7d1b0304467bc668b592ccd6680fd9615efbb5b2 (diff) | |
| download | strongswan-7daf5226b74e14a6e0f1a888b0be26f3d246f9f8.tar.bz2 strongswan-7daf5226b74e14a6e0f1a888b0be26f3d246f9f8.tar.xz | |
removed trailing spaces ([[:space:]]+$)
Diffstat (limited to 'src/charon')
328 files changed, 6406 insertions, 6406 deletions
diff --git a/src/charon/bus/bus.c b/src/charon/bus/bus.c index 2671f848e..7075586e1 100644 --- a/src/charon/bus/bus.c +++ b/src/charon/bus/bus.c @@ -57,22 +57,22 @@ struct private_bus_t { * Public part of a bus_t object. */ bus_t public; - + /** * List of registered listeners as entry_t's */ linked_list_t *listeners; - + /** * mutex to synchronize active listeners, recursively */ mutex_t *mutex; - + /** * Thread local storage for a unique, simple thread ID */ pthread_key_t thread_id; - + /** * Thread local storage the threads IKE_SA */ @@ -90,17 +90,17 @@ struct entry_t { * registered listener interface */ listener_t *listener; - + /** * is this a active listen() call with a blocking thread */ bool blocker; - + /** * are we currently calling this listener */ int calling; - + /** * condvar where active listeners wait */ @@ -113,12 +113,12 @@ struct entry_t { static entry_t *entry_create(listener_t *listener, bool blocker) { entry_t *this = malloc_thing(entry_t); - + this->listener = listener; this->blocker = blocker; this->calling = 0; this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT); - + return this; } @@ -140,7 +140,7 @@ static u_int get_thread_number(private_bus_t *this) { static uintptr_t current_num = 0; uintptr_t stored_num; - + stored_num = (uintptr_t)pthread_getspecific(this->thread_id); if (stored_num == 0) { /* first call of current thread */ @@ -214,7 +214,7 @@ static void listen_(private_bus_t *this, listener_t *listener, job_t *job) { int old; cleanup_data_t data; - + data.this = this; data.entry = entry_create(listener, TRUE); @@ -302,20 +302,20 @@ static void vlog(private_bus_t *this, debug_t group, level_t level, char* format, va_list args) { log_data_t data; - + data.ike_sa = pthread_getspecific(this->thread_sa); data.thread = get_thread_number(this); data.group = group; data.level = level; data.format = format; va_copy(data.args, args); - + this->mutex->lock(this->mutex); /* We use the remove() method to invoke all listeners. This is cheap and * does not require an allocation for this performance critical function. */ this->listeners->remove(this->listeners, &data, (void*)log_cb); this->mutex->unlock(this->mutex); - + va_end(data.args); } @@ -326,7 +326,7 @@ static void log_(private_bus_t *this, debug_t group, level_t level, char* format, ...) { va_list args; - + va_start(args, format); vlog(this, group, level, format, args); va_end(args); @@ -360,9 +360,9 @@ static void alert(private_bus_t *this, alert_t alert, ...) entry_t *entry; va_list args; bool keep; - + ike_sa = pthread_getspecific(this->thread_sa); - + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -394,7 +394,7 @@ static void ike_state_change(private_bus_t *this, ike_sa_t *ike_sa, enumerator_t *enumerator; entry_t *entry; bool keep; - + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -425,9 +425,9 @@ static void child_state_change(private_bus_t *this, child_sa_t *child_sa, ike_sa_t *ike_sa; entry_t *entry; bool keep; - + ike_sa = pthread_getspecific(this->thread_sa); - + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -458,9 +458,9 @@ static void message(private_bus_t *this, message_t *message, bool incoming) ike_sa_t *ike_sa; entry_t *entry; bool keep; - + ike_sa = pthread_getspecific(this->thread_sa); - + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -492,7 +492,7 @@ static void ike_keys(private_bus_t *this, ike_sa_t *ike_sa, enumerator_t *enumerator; entry_t *entry; bool keep; - + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -524,9 +524,9 @@ static void child_keys(private_bus_t *this, child_sa_t *child_sa, ike_sa_t *ike_sa; entry_t *entry; bool keep; - + ike_sa = pthread_getspecific(this->thread_sa); - + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -557,9 +557,9 @@ static void child_updown(private_bus_t *this, child_sa_t *child_sa, bool up) ike_sa_t *ike_sa; entry_t *entry; bool keep; - + ike_sa = pthread_getspecific(this->thread_sa); - + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -590,9 +590,9 @@ static void child_rekey(private_bus_t *this, child_sa_t *old, child_sa_t *new) ike_sa_t *ike_sa; entry_t *entry; bool keep; - + ike_sa = pthread_getspecific(this->thread_sa); - + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -621,7 +621,7 @@ static void ike_updown(private_bus_t *this, ike_sa_t *ike_sa, bool up) enumerator_t *enumerator; entry_t *entry; bool keep; - + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -640,13 +640,13 @@ static void ike_updown(private_bus_t *this, ike_sa_t *ike_sa, bool up) } enumerator->destroy(enumerator); this->mutex->unlock(this->mutex); - + /* a down event for IKE_SA implicitly downs all CHILD_SAs */ if (!up) { iterator_t *iterator; child_sa_t *child_sa; - + iterator = ike_sa->create_child_sa_iterator(ike_sa); while (iterator->iterate(iterator, (void**)&child_sa)) { @@ -664,7 +664,7 @@ static void ike_rekey(private_bus_t *this, ike_sa_t *old, ike_sa_t *new) enumerator_t *enumerator; entry_t *entry; bool keep; - + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -694,9 +694,9 @@ static bool authorize(private_bus_t *this, linked_list_t *auth, bool final) ike_sa_t *ike_sa; entry_t *entry; bool keep, success = TRUE; - + ike_sa = pthread_getspecific(this->thread_sa); - + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -739,7 +739,7 @@ static void destroy(private_bus_t *this) bus_t *bus_create() { private_bus_t *this = malloc_thing(private_bus_t); - + this->public.add_listener = (void(*)(bus_t*,listener_t*))add_listener; this->public.remove_listener = (void(*)(bus_t*,listener_t*))remove_listener; this->public.listen = (void(*)(bus_t*, listener_t *listener, job_t *job))listen_; @@ -758,12 +758,12 @@ bus_t *bus_create() this->public.child_rekey = (void(*)(bus_t*, child_sa_t *old, child_sa_t *new))child_rekey; this->public.authorize = (bool(*)(bus_t*, linked_list_t *auth, bool final))authorize; this->public.destroy = (void(*)(bus_t*)) destroy; - + this->listeners = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); pthread_key_create(&this->thread_id, NULL); pthread_key_create(&this->thread_sa, NULL); - + return &this->public; } diff --git a/src/charon/bus/bus.h b/src/charon/bus/bus.h index 9c90db6f9..9a4492ffc 100644 --- a/src/charon/bus/bus.h +++ b/src/charon/bus/bus.h @@ -142,7 +142,7 @@ enum alert_t { * may wait actively to events using the blocking listen() call. */ struct bus_t { - + /** * Register a listener to the bus. * @@ -153,14 +153,14 @@ struct bus_t { * @param listener listener to register. */ void (*add_listener) (bus_t *this, listener_t *listener); - + /** * Unregister a listener from the bus. * * @param listener listener to unregister. */ void (*remove_listener) (bus_t *this, listener_t *listener); - + /** * Register a listener and block the calling thread. * @@ -174,20 +174,20 @@ struct bus_t { * @param job job to execute asynchronously when registered, or NULL */ void (*listen)(bus_t *this, listener_t *listener, job_t *job); - + /** * Set the IKE_SA the calling thread is using. * * To associate an received log message to an IKE_SA without passing it as * parameter each time, the thread registers the currenlty used IKE_SA - * during check-out. Before check-in, the thread unregisters the IKE_SA. + * during check-out. Before check-in, the thread unregisters the IKE_SA. * This IKE_SA is stored per-thread, so each thread has its own IKE_SA * registered. - * + * * @param ike_sa ike_sa to register, or NULL to unregister */ void (*set_sa) (bus_t *this, ike_sa_t *ike_sa); - + /** * Send a log message to the bus. * @@ -202,7 +202,7 @@ struct bus_t { * @param ... printf() style argument list */ void (*log)(bus_t *this, debug_t group, level_t level, char* format, ...); - + /** * Send a log message to the bus using va_list arguments. * @@ -215,7 +215,7 @@ struct bus_t { */ void (*vlog)(bus_t *this, debug_t group, level_t level, char* format, va_list args); - + /** * Raise an alert over the bus. * @@ -223,7 +223,7 @@ struct bus_t { * @param ... alert specific attributes */ void (*alert)(bus_t *this, alert_t alert, ...); - + /** * Send a IKE_SA state change event to the bus. * @@ -247,7 +247,7 @@ struct bus_t { * @param incoming TRUE for incoming messages, FALSE for outgoing */ void (*message)(bus_t *this, message_t *message, bool incoming); - + /** * IKE_SA authorization hook. * @@ -256,7 +256,7 @@ struct bus_t { * @return TRUE to establish IKE_SA, FALSE to send AUTH_FAILED */ bool (*authorize)(bus_t *this, linked_list_t *auth, bool final); - + /** * IKE_SA keymat hook. * @@ -278,7 +278,7 @@ struct bus_t { */ void (*child_keys)(bus_t *this, child_sa_t *child_sa, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r); - + /** * IKE_SA up/down hook. * @@ -286,7 +286,7 @@ struct bus_t { * @param up TRUE for an up event, FALSE for a down event */ void (*ike_updown)(bus_t *this, ike_sa_t *ike_sa, bool up); - + /** * IKE_SA rekeying hook. * @@ -294,7 +294,7 @@ struct bus_t { * @param new new IKE_SA replacing old */ void (*ike_rekey)(bus_t *this, ike_sa_t *old, ike_sa_t *new); - + /** * CHILD_SA up/down hook. * @@ -302,7 +302,7 @@ struct bus_t { * @param up TRUE for an up event, FALSE for a down event */ void (*child_updown)(bus_t *this, child_sa_t *child_sa, bool up); - + /** * CHILD_SA rekeying hook. * @@ -310,7 +310,7 @@ struct bus_t { * @param new new CHILD_SA replacing old */ void (*child_rekey)(bus_t *this, child_sa_t *old, child_sa_t *new); - + /** * Destroy the event bus. */ diff --git a/src/charon/bus/listeners/file_logger.c b/src/charon/bus/listeners/file_logger.c index c3213f5f8..12587deaf 100644 --- a/src/charon/bus/listeners/file_logger.c +++ b/src/charon/bus/listeners/file_logger.c @@ -25,17 +25,17 @@ typedef struct private_file_logger_t private_file_logger_t; * Private data of a file_logger_t object */ struct private_file_logger_t { - + /** * Public data. */ file_logger_t public; - + /** * output file */ FILE *out; - + /** * Maximum level to log, for each group */ @@ -52,10 +52,10 @@ static bool log_(private_file_logger_t *this, debug_t group, level_t level, { char buffer[8192]; char *current = buffer, *next; - + /* write in memory buffer first */ vsnprintf(buffer, sizeof(buffer), format, args); - + /* prepend a prefix in front of every line */ while (current) { @@ -109,17 +109,17 @@ static void destroy(private_file_logger_t *this) file_logger_t *file_logger_create(FILE *out) { private_file_logger_t *this = malloc_thing(private_file_logger_t); - + /* public functions */ memset(&this->public.listener, 0, sizeof(listener_t)); this->public.listener.log = (bool(*)(listener_t*,debug_t,level_t,int,ike_sa_t*,char*,va_list))log_; this->public.set_level = (void(*)(file_logger_t*,debug_t,level_t))set_level; this->public.destroy = (void(*)(file_logger_t*))destroy; - + /* private variables */ this->out = out; set_level(this, DBG_ANY, LEVEL_SILENT); - + return &this->public; } diff --git a/src/charon/bus/listeners/file_logger.h b/src/charon/bus/listeners/file_logger.h index a69374f23..bd443fdb8 100644 --- a/src/charon/bus/listeners/file_logger.h +++ b/src/charon/bus/listeners/file_logger.h @@ -29,12 +29,12 @@ typedef struct file_logger_t file_logger_t; * Logger to files which implements listener_t. */ struct file_logger_t { - + /** * Implements the listener_t interface. */ listener_t listener; - + /** * Set the loglevel for a debug group. * @@ -42,7 +42,7 @@ struct file_logger_t { * @param level max level to log (0..4) */ void (*set_level) (file_logger_t *this, debug_t group, level_t level); - + /** * Destroys a file_logger_t object. */ diff --git a/src/charon/bus/listeners/listener.h b/src/charon/bus/listeners/listener.h index 578f08ebe..4cd14e2d7 100644 --- a/src/charon/bus/listeners/listener.h +++ b/src/charon/bus/listeners/listener.h @@ -29,7 +29,7 @@ typedef struct listener_t listener_t; * Listener interface, listens to events if registered to the bus. */ struct listener_t { - + /** * Log a debugging message. * @@ -48,7 +48,7 @@ struct listener_t { */ bool (*log)(listener_t *this, debug_t group, level_t level, int thread, ike_sa_t *ike_sa, char* format, va_list args); - + /** * Hook called if a critical alert is risen. * @@ -59,7 +59,7 @@ struct listener_t { */ bool (*alert)(listener_t *this, ike_sa_t *ike_sa, alert_t alert, va_list args); - + /** * Handle state changes in an IKE_SA. * @@ -69,7 +69,7 @@ struct listener_t { */ bool (*ike_state_change)(listener_t *this, ike_sa_t *ike_sa, ike_sa_state_t state); - + /** * Handle state changes in a CHILD_SA. * @@ -80,7 +80,7 @@ struct listener_t { */ bool (*child_state_change)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, child_sa_state_t state); - + /** * Hook called for received/sent messages of an IKE_SA. * @@ -91,7 +91,7 @@ struct listener_t { */ bool (*message)(listener_t *this, ike_sa_t *ike_sa, message_t *message, bool incoming); - + /** * Hook called with IKE_SA key material. * @@ -104,7 +104,7 @@ struct listener_t { */ bool (*ike_keys)(listener_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey); - + /** * Hook called with CHILD_SA key material. * @@ -117,7 +117,7 @@ struct listener_t { */ bool (*child_keys)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r); - + /** * Hook called if an IKE_SA gets up or down. * @@ -126,7 +126,7 @@ struct listener_t { * @return TRUE to stay registered, FALSE to unregister */ bool (*ike_updown)(listener_t *this, ike_sa_t *ike_sa, bool up); - + /** * Hook called when an IKE_SA gets rekeyed. * @@ -135,7 +135,7 @@ struct listener_t { * @return TRUE to stay registered, FALSE to unregister */ bool (*ike_rekey)(listener_t *this, ike_sa_t *old, ike_sa_t *new); - + /** * Hook called when a CHILD_SA gets up or down. * @@ -146,7 +146,7 @@ struct listener_t { */ bool (*child_updown)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, bool up); - + /** * Hook called when an CHILD_SA gets rekeyed. * @@ -157,7 +157,7 @@ struct listener_t { */ bool (*child_rekey)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *old, child_sa_t *new); - + /** * Hook called to invoke additional authorization rules. * diff --git a/src/charon/bus/listeners/sys_logger.c b/src/charon/bus/listeners/sys_logger.c index 0b579ce92..11421ad05 100644 --- a/src/charon/bus/listeners/sys_logger.c +++ b/src/charon/bus/listeners/sys_logger.c @@ -25,17 +25,17 @@ typedef struct private_sys_logger_t private_sys_logger_t; * Private data of a sys_logger_t object */ struct private_sys_logger_t { - + /** * Public data. */ sys_logger_t public; - + /** * syslog facility to use */ int facility; - + /** * Maximum level to log, for each group */ @@ -52,10 +52,10 @@ static bool log_(private_sys_logger_t *this, debug_t group, level_t level, { char buffer[8192]; char *current = buffer, *next; - + /* write in memory buffer first */ vsnprintf(buffer, sizeof(buffer), format, args); - + /* do a syslog with every line */ while (current) { @@ -106,16 +106,16 @@ static void destroy(private_sys_logger_t *this) sys_logger_t *sys_logger_create(int facility) { private_sys_logger_t *this = malloc_thing(private_sys_logger_t); - + /* public functions */ memset(&this->public.listener, 0, sizeof(listener_t)); this->public.listener.log = (bool(*)(listener_t*,debug_t,level_t,int,ike_sa_t*,char*,va_list))log_; this->public.set_level = (void(*)(sys_logger_t*,debug_t,level_t))set_level; this->public.destroy = (void(*)(sys_logger_t*))destroy; - + /* private variables */ this->facility = facility; set_level(this, DBG_ANY, LEVEL_SILENT); - + return &this->public; } diff --git a/src/charon/bus/listeners/sys_logger.h b/src/charon/bus/listeners/sys_logger.h index 3ed0f02fa..730890d68 100644 --- a/src/charon/bus/listeners/sys_logger.h +++ b/src/charon/bus/listeners/sys_logger.h @@ -31,12 +31,12 @@ typedef struct sys_logger_t sys_logger_t; * Logger for syslog which implements listener_t. */ struct sys_logger_t { - + /** * Implements the listener_t interface. */ listener_t listener; - + /** * Set the loglevel for a debug group. * @@ -44,7 +44,7 @@ struct sys_logger_t { * @param level max level to log (0..4) */ void (*set_level) (sys_logger_t *this, debug_t group, level_t level); - + /** * Destroys a sys_logger_t object. */ diff --git a/src/charon/config/attributes/attribute_handler.h b/src/charon/config/attributes/attribute_handler.h index de1c4414d..d752d512e 100644 --- a/src/charon/config/attributes/attribute_handler.h +++ b/src/charon/config/attributes/attribute_handler.h @@ -30,7 +30,7 @@ typedef struct attribute_handler_t attribute_handler_t; * Interface to handle configuration payload attributes. */ struct attribute_handler_t { - + /** * Handle a configuration attribute. * @@ -43,7 +43,7 @@ struct attribute_handler_t { */ bool (*handle)(attribute_handler_t *this, ike_sa_t *ike_sa, configuration_attribute_type_t type, chunk_t data); - + /** * Release an attribute handled during handle(). * diff --git a/src/charon/config/attributes/attribute_manager.c b/src/charon/config/attributes/attribute_manager.c index bf45fdb42..86d7d0759 100644 --- a/src/charon/config/attributes/attribute_manager.c +++ b/src/charon/config/attributes/attribute_manager.c @@ -30,17 +30,17 @@ struct private_attribute_manager_t { * public functions */ attribute_manager_t public; - + /** * list of registered providers */ linked_list_t *providers; - + /** * list of registered handlers */ linked_list_t *handlers; - + /** * rwlock provider list */ @@ -57,7 +57,7 @@ static host_t* acquire_address(private_attribute_manager_t *this, enumerator_t *enumerator; attribute_provider_t *current; host_t *host = NULL; - + this->lock->read_lock(this->lock); enumerator = this->providers->create_enumerator(this->providers); while (enumerator->enumerate(enumerator, ¤t)) @@ -70,7 +70,7 @@ static host_t* acquire_address(private_attribute_manager_t *this, } enumerator->destroy(enumerator); this->lock->unlock(this->lock); - + if (!host) { DBG1(DBG_CFG, "acquiring address from pool '%s' failed", pool); @@ -87,7 +87,7 @@ static void release_address(private_attribute_manager_t *this, enumerator_t *enumerator; attribute_provider_t *current; bool found = FALSE; - + this->lock->read_lock(this->lock); enumerator = this->providers->create_enumerator(this->providers); while (enumerator->enumerate(enumerator, ¤t)) @@ -100,7 +100,7 @@ static void release_address(private_attribute_manager_t *this, } enumerator->destroy(enumerator); this->lock->unlock(this->lock); - + if (!found) { DBG1(DBG_CFG, "releasing address to pool '%s' failed", pool); @@ -161,7 +161,7 @@ static attribute_handler_t* handle(private_attribute_manager_t *this, { enumerator_t *enumerator; attribute_handler_t *current, *handled = NULL; - + this->lock->read_lock(this->lock); enumerator = this->handlers->create_enumerator(this->handlers); while (enumerator->enumerate(enumerator, ¤t)) @@ -174,7 +174,7 @@ static attribute_handler_t* handle(private_attribute_manager_t *this, } enumerator->destroy(enumerator); this->lock->unlock(this->lock); - + if (!handled) { DBG1(DBG_CFG, "handling %N attribute failed", @@ -192,7 +192,7 @@ static void release(private_attribute_manager_t *this, { enumerator_t *enumerator; attribute_handler_t *current; - + this->lock->read_lock(this->lock); enumerator = this->handlers->create_enumerator(this->handlers); while (enumerator->enumerate(enumerator, ¤t)) @@ -246,7 +246,7 @@ static void destroy(private_attribute_manager_t *this) attribute_manager_t *attribute_manager_create() { private_attribute_manager_t *this = malloc_thing(private_attribute_manager_t); - + this->public.acquire_address = (host_t*(*)(attribute_manager_t*, char*, identification_t*,host_t*))acquire_address; this->public.release_address = (void(*)(attribute_manager_t*, char *, host_t*, identification_t*))release_address; this->public.create_attribute_enumerator = (enumerator_t*(*)(attribute_manager_t*, identification_t *id))create_attribute_enumerator; @@ -257,11 +257,11 @@ attribute_manager_t *attribute_manager_create() this->public.add_handler = (void(*)(attribute_manager_t*, attribute_handler_t *handler))add_handler; this->public.remove_handler = (void(*)(attribute_manager_t*, attribute_handler_t *handler))remove_handler; this->public.destroy = (void(*)(attribute_manager_t*))destroy; - + this->providers = linked_list_create(); this->handlers = linked_list_create(); this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); - + return &this->public; } diff --git a/src/charon/config/attributes/attribute_manager.h b/src/charon/config/attributes/attribute_manager.h index ceea06581..68eb8b1bf 100644 --- a/src/charon/config/attributes/attribute_manager.h +++ b/src/charon/config/attributes/attribute_manager.h @@ -35,7 +35,7 @@ typedef struct attribute_manager_t attribute_manager_t; * are received on the requesting peer. */ struct attribute_manager_t { - + /** * Acquire a virtual IP address to assign to a peer. * @@ -47,7 +47,7 @@ struct attribute_manager_t { host_t* (*acquire_address)(attribute_manager_t *this, char *pool, identification_t *id, host_t *requested); - + /** * Release a previously acquired address. * @@ -57,7 +57,7 @@ struct attribute_manager_t { */ void (*release_address)(attribute_manager_t *this, char *pool, host_t *address, identification_t *id); - + /** * Create an enumerator over attributes to hand out to a peer. * @@ -66,7 +66,7 @@ struct attribute_manager_t { */ enumerator_t* (*create_attribute_enumerator)(attribute_manager_t *this, identification_t *id); - + /** * Register an attribute provider to the manager. * @@ -81,7 +81,7 @@ struct attribute_manager_t { */ void (*remove_provider)(attribute_manager_t *this, attribute_provider_t *provider); - + /** * Handle a configuration attribute by passing them to the handlers. * @@ -92,7 +92,7 @@ struct attribute_manager_t { */ attribute_handler_t* (*handle)(attribute_manager_t *this, ike_sa_t *ike_sa, configuration_attribute_type_t type, chunk_t data); - + /** * Release an attribute previously handle()d by a handler. * @@ -104,7 +104,7 @@ struct attribute_manager_t { void (*release)(attribute_manager_t *this, attribute_handler_t *handler, ike_sa_t *ike_sa, configuration_attribute_type_t type, chunk_t data); - + /** * Register an attribute handler to the manager. * @@ -112,7 +112,7 @@ struct attribute_manager_t { */ void (*add_handler)(attribute_manager_t *this, attribute_handler_t *handler); - + /** * Unregister an attribute handler from the manager. * @@ -120,7 +120,7 @@ struct attribute_manager_t { */ void (*remove_handler)(attribute_manager_t *this, attribute_handler_t *handler); - + /** * Destroy a attribute_manager instance. */ diff --git a/src/charon/config/attributes/attribute_provider.h b/src/charon/config/attributes/attribute_provider.h index 0f1057af4..b8825723d 100644 --- a/src/charon/config/attributes/attribute_provider.h +++ b/src/charon/config/attributes/attribute_provider.h @@ -41,7 +41,7 @@ struct attribute_provider_t { * @return allocated address, NULL to serve none */ host_t* (*acquire_address)(attribute_provider_t *this, - char *pool, identification_t *id, + char *pool, identification_t *id, host_t *requested); /** * Release a previously acquired address. @@ -53,7 +53,7 @@ struct attribute_provider_t { */ bool (*release_address)(attribute_provider_t *this, char *pool, host_t *address, identification_t *id); - + /** * Create an enumerator over attributes to hand out to a peer. * diff --git a/src/charon/config/auth_cfg.c b/src/charon/config/auth_cfg.c index e4501bc93..94362c756 100644 --- a/src/charon/config/auth_cfg.c +++ b/src/charon/config/auth_cfg.c @@ -45,12 +45,12 @@ typedef struct private_auth_cfg_t private_auth_cfg_t; * private data of item_set */ struct private_auth_cfg_t { - + /** * public functions */ auth_cfg_t public; - + /** * list of entry_t */ @@ -84,7 +84,7 @@ typedef struct { static bool enumerate(entry_enumerator_t *this, auth_rule_t *type, void **value) { entry_t *entry; - + if (this->inner->enumerate(this->inner, &entry)) { this->current = entry; @@ -110,7 +110,7 @@ static void entry_enumerator_destroy(entry_enumerator_t *this) static enumerator_t* create_enumerator(private_auth_cfg_t *this) { entry_enumerator_t *enumerator; - + enumerator = malloc_thing(entry_enumerator_t); enumerator->inner = this->entries->create_enumerator(this->entries); enumerator->public.enumerate = (void*)enumerate; @@ -168,9 +168,9 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator, if (enumerator->current) { va_list args; - + va_start(args, type); - + destroy_entry_value(enumerator->current); enumerator->current->type = type; switch (type) @@ -210,7 +210,7 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type) void *current_value, *best_value = NULL; auth_rule_t current_type; bool found = FALSE; - + enumerator = create_enumerator(this); while (enumerator->enumerate(enumerator, ¤t_type, ¤t_value)) { @@ -270,7 +270,7 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...) { entry_t *entry = malloc_thing(entry_t); va_list args; - + va_start(args, type); entry->type = type; switch (type) @@ -311,7 +311,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, bool success = TRUE; auth_rule_t t1, t2; void *value; - + e1 = constraints->create_enumerator(constraints); while (e1->enumerate(e1, &t1, &value)) { @@ -321,9 +321,9 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, case AUTH_RULE_IM_CERT: { certificate_t *c1, *c2; - + c1 = (certificate_t*)value; - + success = FALSE; e2 = create_enumerator(this); while (e2->enumerate(e2, &t2, &c2)) @@ -345,7 +345,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, case AUTH_RULE_SUBJECT_CERT: { certificate_t *c1, *c2; - + c1 = (certificate_t*)value; c2 = get(this, AUTH_RULE_SUBJECT_CERT); if (!c2 || !c1->equals(c1, c2)) @@ -364,7 +364,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, case AUTH_RULE_OCSP_VALIDATION: { cert_validation_t validated, required; - + required = (uintptr_t)value; validated = (uintptr_t)get(this, t1); switch (required) @@ -401,7 +401,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, case AUTH_RULE_EAP_IDENTITY: { identification_t *id1, *id2; - + id1 = (identification_t*)value; id2 = get(this, t1); if (!id2 || !id2->matches(id2, id1)) @@ -499,7 +499,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy enumerator_t *enumerator; auth_rule_t type; void *value; - + enumerator = create_enumerator(other); while (enumerator->enumerate(enumerator, &type, &value)) { @@ -512,7 +512,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy case AUTH_HELPER_SUBJECT_CERT: { certificate_t *cert = (certificate_t*)value; - + add(this, type, cert->get_ref(cert)); break; } @@ -530,7 +530,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy case AUTH_RULE_AC_GROUP: { identification_t *id = (identification_t*)value; - + add(this, type, id->clone(id)); break; } @@ -547,7 +547,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy else { entry_t *entry; - + while (other->entries->remove_first(other->entries, (void**)&entry) == SUCCESS) { @@ -564,7 +564,7 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) enumerator_t *e1, *e2; entry_t *i1, *i2; bool equal = TRUE, found; - + if (this->entries->get_count(this->entries) != other->entries->get_count(other->entries)) { @@ -601,10 +601,10 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) case AUTH_HELPER_SUBJECT_CERT: { certificate_t *c1, *c2; - + c1 = (certificate_t*)i1->value; c2 = (certificate_t*)i2->value; - + if (c1->equals(c1, c2)) { found = TRUE; @@ -617,10 +617,10 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) case AUTH_RULE_AC_GROUP: { identification_t *id1, *id2; - + id1 = (identification_t*)i1->value; id2 = (identification_t*)i2->value; - + if (id1->equals(id1, id2)) { found = TRUE; @@ -660,7 +660,7 @@ static void purge(private_auth_cfg_t *this, bool keep_ca) { entry_t *entry; linked_list_t *cas; - + cas = linked_list_create(); while (this->entries->remove_last(this->entries, (void**)&entry) == SUCCESS) { @@ -689,7 +689,7 @@ static auth_cfg_t* clone_(private_auth_cfg_t *this) enumerator_t *enumerator; auth_cfg_t *clone; entry_t *entry; - + clone = auth_cfg_create(); enumerator = this->entries->create_enumerator(this->entries); while (enumerator->enumerate(enumerator, &entry)) @@ -749,7 +749,7 @@ static void destroy(private_auth_cfg_t *this) auth_cfg_t *auth_cfg_create() { private_auth_cfg_t *this = malloc_thing(private_auth_cfg_t); - + this->public.add = (void(*)(auth_cfg_t*, auth_rule_t type, ...))add; this->public.get = (void*(*)(auth_cfg_t*, auth_rule_t type))get; this->public.create_enumerator = (enumerator_t*(*)(auth_cfg_t*))create_enumerator; @@ -760,9 +760,9 @@ auth_cfg_t *auth_cfg_create() this->public.equals = (bool(*)(auth_cfg_t*, auth_cfg_t *other))equals; this->public.clone = (auth_cfg_t*(*)(auth_cfg_t*))clone_; this->public.destroy = (void(*)(auth_cfg_t*))destroy; - + this->entries = linked_list_create(); - + return &this->public; } diff --git a/src/charon/config/auth_cfg.h b/src/charon/config/auth_cfg.h index c6bc1959b..5e6215a4a 100644 --- a/src/charon/config/auth_cfg.h +++ b/src/charon/config/auth_cfg.h @@ -41,7 +41,7 @@ typedef enum auth_rule_t auth_rule_t; * to transport credentials during the authentication process. */ enum auth_rule_t { - + /** identity to use for IKEv2 authentication exchange, identification_t* */ AUTH_RULE_IDENTITY, /** authentication class, auth_class_t */ @@ -64,7 +64,7 @@ enum auth_rule_t { AUTH_RULE_OCSP_VALIDATION, /** subject is in attribute certificate group, identification_t* */ AUTH_RULE_AC_GROUP, - + /** intermediate certificate, certificate_t* */ AUTH_HELPER_IM_CERT, /** subject certificate, certificate_t* */ @@ -86,7 +86,7 @@ extern enum_name_t *auth_rule_names; * RFC4739 defines multiple authentication rounds. This class defines such * a round from a configuration perspective, either for the local or the remote * peer. Local config are called "rulesets", as they define how we authenticate. - * Remote peer configs are called "constraits", they define what is needed to + * Remote peer configs are called "constraits", they define what is needed to * complete the authentication round successfully. * * @verbatim @@ -122,7 +122,7 @@ struct auth_cfg_t { * @param ... associated value to rule */ void (*add)(auth_cfg_t *this, auth_rule_t rule, ...); - + /** * Get an rule value. * @@ -130,14 +130,14 @@ struct auth_cfg_t { * @return bool if item has been found */ void* (*get)(auth_cfg_t *this, auth_rule_t rule); - + /** * Create an enumerator over added rules. * * @return enumerator over (auth_rule_t, union{void*,uintpr_t}) */ enumerator_t* (*create_enumerator)(auth_cfg_t *this); - + /** * Replace an rule at enumerator position. * @@ -147,7 +147,7 @@ struct auth_cfg_t { */ void (*replace)(auth_cfg_t *this, enumerator_t *pos, auth_rule_t rule, ...); - + /** * Check if a used config fulfills a set of configured constraints. * @@ -156,7 +156,7 @@ struct auth_cfg_t { * @return TRUE if this complies with constraints */ bool (*complies)(auth_cfg_t *this, auth_cfg_t *constraints, bool log_error); - + /** * Merge items from other into this. * @@ -164,14 +164,14 @@ struct auth_cfg_t { * @param copy TRUE to copy items, FALSE to move them */ void (*merge)(auth_cfg_t *this, auth_cfg_t *other, bool copy); - + /** * Purge all rules in a config. * * @param keep_ca wheter to keep AUTH_RULE_CA_CERT entries */ void (*purge)(auth_cfg_t *this, bool keep_ca); - + /** * Check two configs for equality. * @@ -179,14 +179,14 @@ struct auth_cfg_t { * @return TRUE if auth infos identical */ bool (*equals)(auth_cfg_t *this, auth_cfg_t *other); - + /** * Clone a authentication config, including all rules. * * @return cloned configuration */ auth_cfg_t* (*clone)(auth_cfg_t *this); - + /** * Destroy a config with all associated rules/values. */ diff --git a/src/charon/config/backend_manager.c b/src/charon/config/backend_manager.c index cfd611858..f6cbff4be 100644 --- a/src/charon/config/backend_manager.c +++ b/src/charon/config/backend_manager.c @@ -34,12 +34,12 @@ struct private_backend_manager_t { * Public part of backend_manager_t object. */ backend_manager_t public; - + /** * list of registered backends */ linked_list_t *backends; - + /** * rwlock for backends */ @@ -80,7 +80,7 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other) { host_t *me_cand, *other_cand; ike_cfg_match_t match = MATCH_NONE; - + if (me) { me_cand = host_create_from_dns(cand->get_my_addr(cand), @@ -103,7 +103,7 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other) { match += MATCH_ANY; } - + if (other) { other_cand = host_create_from_dns(cand->get_other_addr(cand), @@ -132,21 +132,21 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other) /** * implements backend_manager_t.get_ike_cfg. */ -static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this, +static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this, host_t *me, host_t *other) { ike_cfg_t *current, *found = NULL; enumerator_t *enumerator; ike_cfg_match_t match, best = MATCH_ANY; ike_data_t *data; - + data = malloc_thing(ike_data_t); data->this = this; data->me = me; data->other = other; - + DBG2(DBG_CFG, "looking for an ike config for %H...%H", me, other); - + this->lock->read_lock(this->lock); enumerator = enumerator_create_nested( this->backends->create_enumerator(this->backends), @@ -154,11 +154,11 @@ static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this, while (enumerator->enumerate(enumerator, (void**)¤t)) { match = get_ike_match(current, me, other); - + if (match) { - DBG2(DBG_CFG, " candidate: %s...%s, prio %d", - current->get_my_addr(current), + DBG2(DBG_CFG, " candidate: %s...%s, prio %d", + current->get_my_addr(current), current->get_other_addr(current), match); if (match > best) { @@ -173,7 +173,7 @@ static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this, this->lock->unlock(this->lock); if (found) { - DBG2(DBG_CFG, "found matching ike config: %s...%s with prio %d", + DBG2(DBG_CFG, "found matching ike config: %s...%s with prio %d", found->get_my_addr(found), found->get_other_addr(found), best); } return found; @@ -189,12 +189,12 @@ static id_match_t get_peer_match(identification_t *id, auth_cfg_t *auth; identification_t *candidate; id_match_t match = ID_MATCH_NONE; - + if (!id) { return ID_MATCH_ANY; } - + /* compare first auth config only */ enumerator = cfg->create_auth_cfg_enumerator(cfg, local); if (enumerator->enumerate(enumerator, &auth)) @@ -269,7 +269,7 @@ static bool peer_enum_filter(linked_list_t *configs, static void peer_enum_filter_destroy(linked_list_t *configs) { match_entry_t *entry; - + while (configs->remove_last(configs, (void**)&entry) == SUCCESS) { entry->cfg->destroy(entry->cfg); @@ -285,7 +285,7 @@ static void insert_sorted(match_entry_t *entry, linked_list_t *list, linked_list_t *helper) { match_entry_t *current; - + while (list->remove_first(list, (void**)¤t) == SUCCESS) { helper->insert_last(helper, current); @@ -311,7 +311,7 @@ static void insert_sorted(match_entry_t *entry, linked_list_t *list, /** * Implements backend_manager_t.create_peer_cfg_enumerator. - */ + */ static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this, host_t *me, host_t *other, identification_t *my_id, identification_t *other_id) @@ -320,26 +320,26 @@ static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this, peer_data_t *data; peer_cfg_t *cfg; linked_list_t *configs, *helper; - + data = malloc_thing(peer_data_t); data->lock = this->lock; data->me = my_id; data->other = other_id; - + /* create a sorted list with all matches */ this->lock->read_lock(this->lock); enumerator = enumerator_create_nested( this->backends->create_enumerator(this->backends), (void*)peer_enum_create, data, (void*)peer_enum_destroy); - + if (!me && !other && !my_id && !other_id) { /* shortcut if we are doing a "listall" */ return enumerator; } - + DBG1(DBG_CFG, "looking for peer configs matching %H[%Y]...%H[%Y]", me, my_id, other, other_id); - + configs = linked_list_create(); /* only once allocated helper list for sorting */ helper = linked_list_create(); @@ -348,16 +348,16 @@ static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this, id_match_t match_peer_me, match_peer_other; ike_cfg_match_t match_ike; match_entry_t *entry; - + match_peer_me = get_peer_match(my_id, cfg, TRUE); match_peer_other = get_peer_match(other_id, cfg, FALSE); match_ike = get_ike_match(cfg->get_ike_cfg(cfg), me, other); - + if (match_peer_me && match_peer_other && match_ike) { DBG2(DBG_CFG, " candidate \"%s\", match: %d/%d/%d (me/other/ike)", cfg->get_name(cfg), match_peer_me, match_peer_other, match_ike); - + entry = malloc_thing(match_entry_t); entry->match_peer = match_peer_me + match_peer_other; entry->match_ike = match_ike; @@ -367,7 +367,7 @@ static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this, } enumerator->destroy(enumerator); helper->destroy(helper); - + return enumerator_create_filter(configs->create_enumerator(configs), (void*)peer_enum_filter, configs, (void*)peer_enum_filter_destroy); @@ -375,13 +375,13 @@ static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this, /** * implements backend_manager_t.get_peer_cfg_by_name. - */ + */ static peer_cfg_t *get_peer_cfg_by_name(private_backend_manager_t *this, char *name) { backend_t *backend; peer_cfg_t *config = NULL; enumerator_t *enumerator; - + this->lock->read_lock(this->lock); enumerator = this->backends->create_enumerator(this->backends); while (config == NULL && enumerator->enumerate(enumerator, (void**)&backend)) @@ -429,17 +429,17 @@ static void destroy(private_backend_manager_t *this) backend_manager_t *backend_manager_create() { private_backend_manager_t *this = malloc_thing(private_backend_manager_t); - + this->public.get_ike_cfg = (ike_cfg_t* (*)(backend_manager_t*, host_t*, host_t*))get_ike_cfg; this->public.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_manager_t*,char*))get_peer_cfg_by_name; this->public.create_peer_cfg_enumerator = (enumerator_t* (*)(backend_manager_t*,host_t*,host_t*,identification_t*,identification_t*))create_peer_cfg_enumerator; this->public.add_backend = (void(*)(backend_manager_t*, backend_t *backend))add_backend; this->public.remove_backend = (void(*)(backend_manager_t*, backend_t *backend))remove_backend; this->public.destroy = (void (*)(backend_manager_t*))destroy; - + this->backends = linked_list_create(); this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); - + return &this->public; } diff --git a/src/charon/config/backend_manager.h b/src/charon/config/backend_manager.h index 0b7d7d0f8..5b394f791 100644 --- a/src/charon/config/backend_manager.h +++ b/src/charon/config/backend_manager.h @@ -46,11 +46,11 @@ typedef struct backend_manager_t backend_manager_t; | |----->| | +--------------+ | | | | | | +---------+ +-----------+ | - + @endverbatim */ struct backend_manager_t { - + /** * Get an ike_config identified by two hosts. * @@ -58,9 +58,9 @@ struct backend_manager_t { * @param other_host address of remote host * @return matching ike_config, or NULL if none found */ - ike_cfg_t* (*get_ike_cfg)(backend_manager_t *this, + ike_cfg_t* (*get_ike_cfg)(backend_manager_t *this, host_t *my_host, host_t *other_host); - + /** * Get a peer_config identified by it's name. * @@ -68,7 +68,7 @@ struct backend_manager_t { * @return matching peer_config, or NULL if none found */ peer_cfg_t* (*get_peer_cfg_by_name)(backend_manager_t *this, char *name); - + /** * Create an enumerator over all matching peer configs. * @@ -90,14 +90,14 @@ struct backend_manager_t { * @param backend backend to register */ void (*add_backend)(backend_manager_t *this, backend_t *backend); - + /** * Unregister a backend. * * @param backend backend to unregister */ void (*remove_backend)(backend_manager_t *this, backend_t *backend); - + /** * Destroys a backend_manager_t object. */ diff --git a/src/charon/config/child_cfg.c b/src/charon/config/child_cfg.c index 05c47f747..036a25007 100644 --- a/src/charon/config/child_cfg.c +++ b/src/charon/config/child_cfg.c @@ -25,7 +25,7 @@ ENUM(action_names, ACTION_NONE, ACTION_RESTART, "restart", ); -ENUM_BEGIN(ipcomp_transform_names, IPCOMP_NONE, IPCOMP_NONE, +ENUM_BEGIN(ipcomp_transform_names, IPCOMP_NONE, IPCOMP_NONE, "IPCOMP_NONE"); ENUM_NEXT(ipcomp_transform_names, IPCOMP_OUI, IPCOMP_LZJH, IPCOMP_NONE, "IPCOMP_OUI", @@ -45,62 +45,62 @@ struct private_child_cfg_t { * Public part */ child_cfg_t public; - + /** * Number of references hold by others to this child_cfg */ refcount_t refcount; - + /** * Name of the child_cfg, used to query it */ char *name; - + /** * list for all proposals */ linked_list_t *proposals; - + /** * list for traffic selectors for my site */ linked_list_t *my_ts; - + /** * list for traffic selectors for others site */ linked_list_t *other_ts; - + /** * updown script */ char *updown; - + /** * allow host access */ bool hostaccess; - + /** * Mode to propose for a initiated CHILD: tunnel/transport */ ipsec_mode_t mode; - + /** * action to take on DPD */ action_t dpd_action; - + /** * action to take on CHILD_SA close */ action_t close_action; - + /** * CHILD_SA lifetime config */ lifetime_cfg_t lifetime; - + /** * enable IPComp */ @@ -141,7 +141,7 @@ static linked_list_t* get_proposals(private_child_cfg_t *this, bool strip_dh) enumerator_t *enumerator; proposal_t *current; linked_list_t *proposals = linked_list_create(); - + enumerator = this->proposals->create_enumerator(this->proposals); while (enumerator->enumerate(enumerator, ¤t)) { @@ -153,7 +153,7 @@ static linked_list_t* get_proposals(private_child_cfg_t *this, bool strip_dh) proposals->insert_last(proposals, current); } enumerator->destroy(enumerator); - + return proposals; } @@ -165,10 +165,10 @@ static proposal_t* select_proposal(private_child_cfg_t*this, { enumerator_t *stored_enum, *supplied_enum; proposal_t *stored, *supplied, *selected = NULL; - + stored_enum = this->proposals->create_enumerator(this->proposals); supplied_enum = proposals->create_enumerator(proposals); - + /* compare all stored proposals with all supplied. Stored ones are preferred. */ while (stored_enum->enumerate(stored_enum, &stored)) { @@ -194,7 +194,7 @@ static proposal_t* select_proposal(private_child_cfg_t*this, break; } supplied_enum->destroy(supplied_enum); - supplied_enum = proposals->create_enumerator(proposals); + supplied_enum = proposals->create_enumerator(proposals); } stored_enum->destroy(stored_enum); supplied_enum->destroy(supplied_enum); @@ -232,7 +232,7 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca enumerator_t *e1, *e2; traffic_selector_t *ts1, *ts2, *selected; linked_list_t *result = linked_list_create(); - + if (local) { e1 = this->my_ts->create_enumerator(this->my_ts); @@ -241,11 +241,11 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca { e1 = this->other_ts->create_enumerator(this->other_ts); } - + /* no list supplied, just fetch the stored traffic selectors */ if (supplied == NULL) { - DBG2(DBG_CFG, "proposing traffic selectors for %s:", + DBG2(DBG_CFG, "proposing traffic selectors for %s:", local ? "us" : "other"); while (e1->enumerate(e1, &ts1)) { @@ -262,7 +262,7 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca } else { - DBG2(DBG_CFG, "selecting traffic selectors for %s:", + DBG2(DBG_CFG, "selecting traffic selectors for %s:", local ? "us" : "other"); e2 = supplied->create_enumerator(supplied); /* iterate over all stored selectors */ @@ -274,7 +274,7 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca { ts1->set_address(ts1, host); } - + /* iterate over all supplied traffic selectors */ while (e2->enumerate(e2, &ts2)) { @@ -298,7 +298,7 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca e1->destroy(e1); e2->destroy(e2); } - + /* remove any redundant traffic selectors in the list */ e1 = result->create_enumerator(result); e2 = result->create_enumerator(result); @@ -329,7 +329,7 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca } e1->destroy(e1); e2->destroy(e2); - + return result; } @@ -410,7 +410,7 @@ static diffie_hellman_group_t get_dh_group(private_child_cfg_t *this) enumerator_t *enumerator; proposal_t *proposal; u_int16_t dh_group = MODP_NONE; - + enumerator = this->proposals->create_enumerator(this->proposals); while (enumerator->enumerate(enumerator, &proposal)) { @@ -514,16 +514,16 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, this->public.install_policy = (bool (*) (child_cfg_t *))install_policy; this->public.get_ref = (child_cfg_t* (*) (child_cfg_t*))get_ref; this->public.destroy = (void (*) (child_cfg_t*))destroy; - + this->name = strdup(name); this->updown = updown ? strdup(updown) : NULL; this->hostaccess = hostaccess; this->mode = mode; this->dpd_action = dpd_action; this->close_action = close_action; - this->use_ipcomp = ipcomp; + this->use_ipcomp = ipcomp; this->proxy_mode = FALSE; - this->install_policy = TRUE; + this->install_policy = TRUE; this->refcount = 1; this->proposals = linked_list_create(); this->my_ts = linked_list_create(); diff --git a/src/charon/config/child_cfg.h b/src/charon/config/child_cfg.h index 492514eae..becee8107 100644 --- a/src/charon/config/child_cfg.h +++ b/src/charon/config/child_cfg.h @@ -88,68 +88,68 @@ struct lifetime_cfg_t { * After creation, proposals and traffic selectors may be added to the config. * A child_cfg object is referenced multiple times, and is not thread save. * Reading from the object is save, adding things is not allowed while other - * threads may access the object. + * threads may access the object. * A reference counter handles the number of references hold to this config. * * @see peer_cfg_t to get an overview over the configurations. */ struct child_cfg_t { - + /** * Get the name of the child_cfg. - * + * * @return child_cfg's name */ char *(*get_name) (child_cfg_t *this); - + /** - * Add a proposal to the list. - * + * Add a proposal to the list. + * * The proposals are stored by priority, first added * is the most prefered. * After add, proposal is owned by child_cfg. - * + * * @param proposal proposal to add */ void (*add_proposal) (child_cfg_t *this, proposal_t *proposal); - + /** * Get the list of proposals for the CHILD_SA. * * Resulting list and all of its proposals must be freed after use. - * + * * @param strip_dh TRUE strip out diffie hellman groups * @return list of proposals */ linked_list_t* (*get_proposals)(child_cfg_t *this, bool strip_dh); - + /** * Select a proposal from a supplied list. * * Returned propsal is newly created and must be destroyed after usage. - * + * * @param proposals list from from wich proposals are selected * @param strip_dh TRUE strip out diffie hellman groups * @return selected proposal, or NULL if nothing matches */ proposal_t* (*select_proposal)(child_cfg_t*this, linked_list_t *proposals, bool strip_dh); - + /** * Add a traffic selector to the config. - * + * * Use the "local" parameter to add it for the local or the remote side. * After add, traffic selector is owned by child_cfg. - * + * * @param local TRUE for local side, FALSE for remote * @param ts traffic_selector to add */ void (*add_traffic_selector)(child_cfg_t *this, bool local, traffic_selector_t *ts); - + /** * Get a list of traffic selectors to use for the CHILD_SA. - * + * * The config contains two set of traffic selectors, one for the local * side, one for the remote side. * If a list with traffic selectors is supplied, these are used to narrow @@ -158,7 +158,7 @@ struct child_cfg_t { * to a specific address (host-to-host or virtual-IP setups). Use * the "host" parameter to narrow such traffic selectors to that address. * Resulted list and its traffic selectors must be destroyed after use. - * + * * @param local TRUE for TS on local side, FALSE for remote * @param supplied list with TS to select from, or NULL * @param host address to use for narrowing "dynamic" TS', or NULL @@ -169,14 +169,14 @@ struct child_cfg_t { host_t *host); /** * Get the updown script to run for the CHILD_SA. - * + * * @return path to updown script */ char* (*get_updown)(child_cfg_t *this); - + /** * Should we allow access to the local host (gateway)? - * + * * @return value of hostaccess flag */ bool (*get_hostaccess) (child_cfg_t *this); @@ -190,41 +190,41 @@ struct child_cfg_t { * @return lifetime_cfg_t (has to be freed) */ lifetime_cfg_t* (*get_lifetime) (child_cfg_t *this); - + /** * Get the mode to use for the CHILD_SA. * * The mode is either tunnel, transport or BEET. The peer must agree * on the method, fallback is tunnel mode. - * + * * @return ipsec mode */ ipsec_mode_t (*get_mode) (child_cfg_t *this); - + /** * Action to take on DPD. * * @return DPD action - */ + */ action_t (*get_dpd_action) (child_cfg_t *this); - + /** * Action to take if CHILD_SA gets closed. * * @return close action - */ + */ action_t (*get_close_action) (child_cfg_t *this); - + /** * Get the DH group to use for CHILD_SA setup. - * + * * @return dh group to use */ diffie_hellman_group_t (*get_dh_group)(child_cfg_t *this); - + /** * Check whether IPComp should be used, if the other peer supports it. - * + * * @return TRUE, if IPComp should be used * FALSE, otherwise */ @@ -232,7 +232,7 @@ struct child_cfg_t { /** * Sets two options needed for Mobile IPv6 interoperability - * + * * @param proxy_mode use IPsec transport proxy mode (default FALSE) * @param install_policy install IPsec kernel policies (default TRUE) */ @@ -241,27 +241,27 @@ struct child_cfg_t { /** * Check whether IPsec transport SA should be set up in proxy mode - * + * * @return TRUE, if proxy mode should be used * FALSE, otherwise */ bool (*use_proxy_mode)(child_cfg_t *this); - + /** * Check whether IPsec policies should be installed in the kernel - * + * * @return TRUE, if IPsec kernel policies should be installed * FALSE, otherwise */ bool (*install_policy)(child_cfg_t *this); - + /** * Increase the reference count. * * @return reference to this */ child_cfg_t* (*get_ref) (child_cfg_t *this); - + /** * Destroys the child_cfg object. * @@ -273,7 +273,7 @@ struct child_cfg_t { /** * Create a configuration template for CHILD_SA setup. - * + * * The "name" string gets cloned. * * The lifetime_cfg_t object gets cloned. @@ -281,7 +281,7 @@ struct child_cfg_t { * specified. Rekeying of an SA starts at (x.rekey - random(0, x.jitter)). * * After a call to create, a reference is obtained (refcount = 1). - * + * * @param name name of the child_cfg * @param lifetime lifetime_cfg_t for this child_cfg * @param updown updown script to execute on up/down event diff --git a/src/charon/config/ike_cfg.c b/src/charon/config/ike_cfg.c index e80ab577e..c2ebf648b 100644 --- a/src/charon/config/ike_cfg.c +++ b/src/charon/config/ike_cfg.c @@ -32,7 +32,7 @@ struct private_ike_cfg_t { * Public part */ ike_cfg_t public; - + /** * Number of references hold by others to this ike_cfg */ @@ -45,19 +45,19 @@ struct private_ike_cfg_t { /** * Address of remote host - */ + */ char *other; - + /** * should we send a certificate request? */ bool certreq; - + /** * enforce UDP encapsulation */ bool force_encap; - + /** * List of proposals to use */ @@ -71,7 +71,7 @@ static bool send_certreq(private_ike_cfg_t *this) { return this->certreq; } - + /** * Implementation of ike_cfg_t.force_encap. */ @@ -112,7 +112,7 @@ static linked_list_t* get_proposals(private_ike_cfg_t *this) iterator_t *iterator; proposal_t *current; linked_list_t *proposals = linked_list_create(); - + iterator = this->proposals->create_iterator(this->proposals, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { @@ -120,10 +120,10 @@ static linked_list_t* get_proposals(private_ike_cfg_t *this) proposals->insert_last(proposals, (void*)current); } iterator->destroy(iterator); - + return proposals; } - + /** * Implementation of ike_cfg_t.select_proposal. */ @@ -132,16 +132,16 @@ static proposal_t *select_proposal(private_ike_cfg_t *this, { iterator_t *stored_iter, *supplied_iter; proposal_t *stored, *supplied, *selected; - + stored_iter = this->proposals->create_iterator(this->proposals, TRUE); supplied_iter = proposals->create_iterator(proposals, TRUE); - - + + /* compare all stored proposals with all supplied. Stored ones are preferred.*/ while (stored_iter->iterate(stored_iter, (void**)&stored)) { supplied_iter->reset(supplied_iter); - + while (supplied_iter->iterate(supplied_iter, (void**)&supplied)) { selected = stored->select(stored, supplied); @@ -162,7 +162,7 @@ static proposal_t *select_proposal(private_ike_cfg_t *this, supplied_iter->destroy(supplied_iter); DBG1(DBG_CFG, "received proposals: %#P", proposals); DBG1(DBG_CFG, "configured proposals: %#P", this->proposals); - + return NULL; } @@ -174,7 +174,7 @@ static diffie_hellman_group_t get_dh_group(private_ike_cfg_t *this) enumerator_t *enumerator; proposal_t *proposal; u_int16_t dh_group = MODP_NONE; - + enumerator = this->proposals->create_enumerator(this->proposals); while (enumerator->enumerate(enumerator, &proposal)) { @@ -195,7 +195,7 @@ static bool equals(private_ike_cfg_t *this, private_ike_cfg_t *other) enumerator_t *e1, *e2; proposal_t *p1, *p2; bool eq = TRUE; - + if (this == other) { return TRUE; @@ -260,7 +260,7 @@ ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap, char *me, char *other) { private_ike_cfg_t *this = malloc_thing(private_ike_cfg_t); - + /* public functions */ this->public.send_certreq = (bool(*)(ike_cfg_t*))send_certreq; this->public.force_encap = (bool (*) (ike_cfg_t *))force_encap_meth; @@ -273,7 +273,7 @@ ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap, this->public.equals = (bool(*)(ike_cfg_t*,ike_cfg_t*)) equals; this->public.get_ref = (ike_cfg_t*(*)(ike_cfg_t*))get_ref; this->public.destroy = (void(*)(ike_cfg_t*))destroy; - + /* private variables */ this->refcount = 1; this->certreq = certreq; @@ -281,6 +281,6 @@ ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap, this->me = strdup(me); this->other = strdup(other); this->proposals = linked_list_create(); - + return &this->public; } diff --git a/src/charon/config/ike_cfg.h b/src/charon/config/ike_cfg.h index 064906423..8b68af3e9 100644 --- a/src/charon/config/ike_cfg.h +++ b/src/charon/config/ike_cfg.h @@ -37,71 +37,71 @@ typedef struct ike_cfg_t ike_cfg_t; * @see peer_cfg_t to get an overview over the configurations. */ struct ike_cfg_t { - + /** * Get own address. - * + * * @return string of address/DNS name */ char* (*get_my_addr) (ike_cfg_t *this); /** * Get peers address. - * + * * @return string of address/DNS name */ char* (*get_other_addr) (ike_cfg_t *this); - + /** * Adds a proposal to the list. - * + * * The first added proposal has the highest priority, the last * added the lowest. - * + * * @param proposal proposal to add */ void (*add_proposal) (ike_cfg_t *this, proposal_t *proposal); - + /** * Returns a list of all supported proposals. - * + * * Returned list and its proposals must be destroyed after use. - * + * * @return list containing all the proposals */ linked_list_t* (*get_proposals) (ike_cfg_t *this); - + /** * Select a proposed from suggested proposals. - * + * * Returned proposal must be destroyed after use. - * + * * @param proposals list of proposals to select from * @return selected proposal, or NULL if none matches. */ proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals); - + /** * Should we send a certificate request in IKE_SA_INIT? * * @return certificate request sending policy */ bool (*send_certreq) (ike_cfg_t *this); - + /** * Enforce UDP encapsulation by faking NATD notifies? - * + * * @return TRUE to enfoce UDP encapsulation */ bool (*force_encap) (ike_cfg_t *this); - + /** * Get the DH group to use for IKE_SA setup. - * + * * @return dh group to use for initialization */ diffie_hellman_group_t (*get_dh_group)(ike_cfg_t *this); - + /** * Check if two IKE configs are equal. * @@ -109,17 +109,17 @@ struct ike_cfg_t { * @return TRUE if other equal to this */ bool (*equals)(ike_cfg_t *this, ike_cfg_t *other); - + /** * Increase reference count. * * @return reference to this */ ike_cfg_t* (*get_ref) (ike_cfg_t *this); - + /** * Destroys a ike_cfg_t object. - * + * * Decrements the internal reference counter and * destroys the ike_cfg when it reaches zero. */ @@ -137,7 +137,7 @@ struct ike_cfg_t { * @param other address/DNS name of remote peer * @return ike_cfg_t object. */ -ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap, +ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap, char *me, char *other); #endif /** IKE_CFG_H_ @}*/ diff --git a/src/charon/config/peer_cfg.c b/src/charon/config/peer_cfg.c index b2d29919d..df946b73a 100644 --- a/src/charon/config/peer_cfg.c +++ b/src/charon/config/peer_cfg.c @@ -48,113 +48,113 @@ struct private_peer_cfg_t { * Public part */ peer_cfg_t public; - + /** * Number of references hold by others to this peer_cfg */ refcount_t refcount; - + /** * Name of the peer_cfg, used to query it */ char *name; - + /** * IKE version to use for initiation */ u_int ike_version; - + /** * IKE config associated to this peer config */ ike_cfg_t *ike_cfg; - + /** * list of child configs associated to this peer config */ linked_list_t *child_cfgs; - + /** * mutex to lock access to list of child_cfgs */ mutex_t *mutex; - + /** * should we send a certificate */ cert_policy_t cert_policy; - + /** * uniqueness of an IKE_SA */ unique_policy_t unique; - + /** * number of tries after giving up if peer does not respond */ u_int32_t keyingtries; - + /** * enable support for MOBIKE */ bool use_mobike; - + /** * Time before starting rekeying */ u_int32_t rekey_time; - + /** * Time before starting reauthentication */ u_int32_t reauth_time; - + /** * Time, which specifies the range of a random value substracted from above. */ u_int32_t jitter_time; - + /** * Delay before deleting a rekeying/reauthenticating SA */ u_int32_t over_time; - + /** * DPD check intervall */ u_int32_t dpd; - + /** * virtual IP to use locally */ host_t *virtual_ip; - + /** * pool to acquire configuration attributes from */ char *pool; - + /** * local authentication configs (rulesets) */ linked_list_t *local_auth; - + /** * remote authentication configs (constraints) */ linked_list_t *remote_auth; - + #ifdef ME /** * Is this a mediation connection? */ bool mediation; - + /** * Name of the mediation connection to mediate through */ peer_cfg_t *mediated_by; - + /** * ID of our peer at the mediation server (= leftid of the peer's conn with * the mediation server) @@ -239,12 +239,12 @@ static bool child_cfg_enumerate(child_cfg_enumerator_t *this, child_cfg_t **chd) static enumerator_t* create_child_cfg_enumerator(private_peer_cfg_t *this) { child_cfg_enumerator_t *enumerator = malloc_thing(child_cfg_enumerator_t); - + enumerator->public.enumerate = (void*)child_cfg_enumerate; enumerator->public.destroy = (void*)child_cfg_enumerator_destroy; enumerator->mutex = this->mutex; enumerator->wrapped = this->child_cfgs->create_enumerator(this->child_cfgs); - + this->mutex->lock(this->mutex); return &enumerator->public; } @@ -259,13 +259,13 @@ static int get_ts_match(child_cfg_t *cfg, bool local, enumerator_t *sup_enum, *cfg_enum; traffic_selector_t *sup_ts, *cfg_ts; int match = 0, round; - + /* fetch configured TS list, narrowing dynamic TS */ cfg_list = cfg->get_traffic_selectors(cfg, local, NULL, host); - + /* use a round counter to rate leading TS with higher priority */ round = sup_list->get_count(sup_list); - + sup_enum = sup_list->create_enumerator(sup_list); while (sup_enum->enumerate(sup_enum, &sup_ts)) { @@ -286,9 +286,9 @@ static int get_ts_match(child_cfg_t *cfg, bool local, round--; } sup_enum->destroy(sup_enum); - + cfg_list->destroy_offset(cfg_list, offsetof(traffic_selector_t, destroy)); - + return match; } @@ -303,16 +303,16 @@ static child_cfg_t* select_child_cfg(private_peer_cfg_t *this, child_cfg_t *current, *found = NULL; enumerator_t *enumerator; int best = 0; - + DBG2(DBG_CFG, "looking for a child config for %#R=== %#R", my_ts, other_ts); enumerator = create_child_cfg_enumerator(this); while (enumerator->enumerate(enumerator, ¤t)) { int my_prio, other_prio; - + my_prio = get_ts_match(current, TRUE, my_ts, my_host); other_prio = get_ts_match(current, FALSE, other_ts, other_host); - + if (my_prio && other_prio) { DBG2(DBG_CFG, " candidate \"%s\" with prio %d+%d", @@ -421,7 +421,7 @@ static host_t* get_virtual_ip(private_peer_cfg_t *this) { return this->virtual_ip; } - + /** * Implementation of peer_cfg_t.get_pool. */ @@ -493,7 +493,7 @@ static bool auth_cfg_equal(private_peer_cfg_t *this, private_peer_cfg_t *other) enumerator_t *e1, *e2; auth_cfg_t *cfg1, *cfg2; bool equal = TRUE; - + if (this->local_auth->get_count(this->local_auth) != other->local_auth->get_count(other->local_auth)) { @@ -504,7 +504,7 @@ static bool auth_cfg_equal(private_peer_cfg_t *this, private_peer_cfg_t *other) { return FALSE; } - + e1 = this->local_auth->create_enumerator(this->local_auth); e2 = other->local_auth->create_enumerator(other->local_auth); while (e1->enumerate(e1, &cfg1) && e2->enumerate(e2, &cfg2)) @@ -517,12 +517,12 @@ static bool auth_cfg_equal(private_peer_cfg_t *this, private_peer_cfg_t *other) } e1->destroy(e1); e2->destroy(e2); - + if (!equal) { return FALSE; } - + e1 = this->remote_auth->create_enumerator(this->remote_auth); e2 = other->remote_auth->create_enumerator(other->remote_auth); while (e1->enumerate(e1, &cfg1) && e2->enumerate(e2, &cfg2)) @@ -535,7 +535,7 @@ static bool auth_cfg_equal(private_peer_cfg_t *this, private_peer_cfg_t *other) } e1->destroy(e1); e2->destroy(e2); - + return equal; } @@ -552,7 +552,7 @@ static bool equals(private_peer_cfg_t *this, private_peer_cfg_t *other) { return FALSE; } - + return ( this->ike_version == other->ike_version && this->cert_policy == other->cert_policy && @@ -657,7 +657,7 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg, this->public.get_mediated_by = (peer_cfg_t* (*) (peer_cfg_t *))get_mediated_by; this->public.get_peer_id = (identification_t* (*) (peer_cfg_t *))get_peer_id; #endif /* ME */ - + /* apply init values */ this->name = strdup(name); this->ike_version = ike_version; diff --git a/src/charon/config/peer_cfg.h b/src/charon/config/peer_cfg.h index e6f0db443..00c8a0cad 100644 --- a/src/charon/config/peer_cfg.h +++ b/src/charon/config/peer_cfg.h @@ -114,7 +114,7 @@ extern enum_name_t *unique_policy_names; * to gain access to the configuration. */ struct peer_cfg_t { - + /** * Get the name of the peer_cfg. * @@ -123,42 +123,42 @@ struct peer_cfg_t { * @return peer_cfg's name */ char* (*get_name) (peer_cfg_t *this); - + /** * Get the IKE version to use for initiating. * * @return IKE major version */ u_int (*get_ike_version)(peer_cfg_t *this); - + /** * Get the IKE config to use for initiaton. * * @return the IKE config to use */ ike_cfg_t* (*get_ike_cfg) (peer_cfg_t *this); - + /** * Attach a CHILD config. * * @param child_cfg CHILD config to add */ void (*add_child_cfg) (peer_cfg_t *this, child_cfg_t *child_cfg); - + /** * Detach a CHILD config, pointed to by an enumerator. * * @param enumerator enumerator indicating element position */ void (*remove_child_cfg)(peer_cfg_t *this, enumerator_t *enumerator); - + /** * Create an enumerator for all attached CHILD configs. * * @return an enumerator over all CHILD configs. */ enumerator_t* (*create_child_cfg_enumerator) (peer_cfg_t *this); - + /** * Select a CHILD config from traffic selectors. * @@ -171,7 +171,7 @@ struct peer_cfg_t { child_cfg_t* (*select_child_cfg) (peer_cfg_t *this, linked_list_t *my_ts, linked_list_t *other_ts, host_t *my_host, host_t *other_host); - + /** * Add an authentication config to the peer configuration. * @@ -179,7 +179,7 @@ struct peer_cfg_t { * @param local TRUE for local rules, FALSE for remote constraints */ void (*add_auth_cfg)(peer_cfg_t *this, auth_cfg_t *cfg, bool local); - + /** * Create an enumerator over registered authentication configs. * @@ -201,49 +201,49 @@ struct peer_cfg_t { * @return unique policy */ unique_policy_t (*get_unique_policy) (peer_cfg_t *this); - + /** * Get the max number of retries after timeout. * * @return max number retries */ u_int32_t (*get_keyingtries) (peer_cfg_t *this); - + /** * Get a time to start rekeying (is randomized with jitter). * * @return time in s when to start rekeying, 0 disables rekeying */ u_int32_t (*get_rekey_time)(peer_cfg_t *this); - + /** * Get a time to start reauthentication (is randomized with jitter). * * @return time in s when to start reauthentication, 0 disables it */ u_int32_t (*get_reauth_time)(peer_cfg_t *this); - + /** * Get the timeout of a rekeying/reauthenticating SA. * * @return timeout in s */ u_int32_t (*get_over_time)(peer_cfg_t *this); - + /** * Use MOBIKE (RFC4555) if peer supports it? * * @return TRUE to enable MOBIKE support */ bool (*use_mobike) (peer_cfg_t *this); - + /** * Get the DPD check interval. * * @return dpd_delay in seconds */ u_int32_t (*get_dpd) (peer_cfg_t *this); - + /** * Get a virtual IP for the local peer. * @@ -255,14 +255,14 @@ struct peer_cfg_t { * @return virtual IP, %any or NULL */ host_t* (*get_virtual_ip) (peer_cfg_t *this); - + /** * Get the name of the pool to acquire configuration attributes from. * * @return pool name, NULL if none defined */ char* (*get_pool)(peer_cfg_t *this); - + #ifdef ME /** * Is this a mediation connection? @@ -270,14 +270,14 @@ struct peer_cfg_t { * @return TRUE, if this is a mediation connection */ bool (*is_mediation) (peer_cfg_t *this); - + /** * Get peer_cfg of the connection this one is mediated through. * * @return the peer_cfg of the mediation connection */ peer_cfg_t* (*get_mediated_by) (peer_cfg_t *this); - + /** * Get the id of the other peer at the mediation server. * @@ -300,14 +300,14 @@ struct peer_cfg_t { * @return TRUE if peer_cfg and ike_cfg are equal */ bool (*equals)(peer_cfg_t *this, peer_cfg_t *other); - + /** * Increase reference count. * * @return reference to this */ peer_cfg_t* (*get_ref) (peer_cfg_t *this); - + /** * Destroys the peer_cfg object. * diff --git a/src/charon/config/proposal.c b/src/charon/config/proposal.c index cf7e19605..66a0a3bf8 100644 --- a/src/charon/config/proposal.c +++ b/src/charon/config/proposal.c @@ -52,52 +52,52 @@ struct private_proposal_t { * Public part */ proposal_t public; - + /** * protocol (ESP or AH) */ protocol_id_t protocol; - + /** * priority ordered list of encryption algorithms */ linked_list_t *encryption_algos; - + /** * priority ordered list of integrity algorithms */ linked_list_t *integrity_algos; - + /** * priority ordered list of pseudo random functions */ linked_list_t *prf_algos; - + /** * priority ordered list of dh groups */ linked_list_t *dh_groups; - + /** * priority ordered list of extended sequence number flags */ linked_list_t *esns; - - /** + + /** * senders SPI */ u_int64_t spi; }; /** - * Struct used to store different kinds of algorithms. + * Struct used to store different kinds of algorithms. */ struct algorithm_t { /** * Value from an encryption_algorithm_t/integrity_algorithm_t/... */ u_int16_t algorithm; - + /** * the associated key size in bits, or zero if not needed */ @@ -110,7 +110,7 @@ struct algorithm_t { static void add_algo(linked_list_t *list, u_int16_t algo, u_int16_t key_size) { algorithm_t *algo_key; - + algo_key = malloc_thing(algorithm_t); algo_key->algorithm = algo; algo_key->key_size = key_size; @@ -200,7 +200,7 @@ static bool get_algorithm(private_proposal_t *this, transform_type_t type, { enumerator_t *enumerator; bool found = FALSE; - + enumerator = create_enumerator(this, type); if (enumerator->enumerate(enumerator, alg, key_size)) { @@ -216,12 +216,12 @@ static bool get_algorithm(private_proposal_t *this, transform_type_t type, static bool has_dh_group(private_proposal_t *this, diffie_hellman_group_t group) { bool result = FALSE; - + if (this->dh_groups->get_count(this->dh_groups)) { algorithm_t *current; enumerator_t *enumerator; - + enumerator = this->dh_groups->create_enumerator(this->dh_groups); while (enumerator->enumerate(enumerator, (void**)¤t)) { @@ -246,7 +246,7 @@ static bool has_dh_group(private_proposal_t *this, diffie_hellman_group_t group) static void strip_dh(private_proposal_t *this) { algorithm_t *alg; - + while (this->dh_groups->remove_last(this->dh_groups, (void**)&alg) == SUCCESS) { free(alg); @@ -282,14 +282,14 @@ static bool select_algo(linked_list_t *first, linked_list_t *second, bool *add, { enumerator_t *e1, *e2; algorithm_t *alg1, *alg2; - + /* if in both are zero algorithms specified, we HAVE a match */ if (first->get_count(first) == 0 && second->get_count(second) == 0) { *add = FALSE; return TRUE; } - + e1 = first->create_enumerator(first); e2 = second->create_enumerator(second); /* compare algs, order of algs in "first" is preferred */ @@ -327,18 +327,18 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t u_int16_t algo; size_t key_size; bool add; - + DBG2(DBG_CFG, "selecting proposal:"); - + /* check protocol */ if (this->protocol != other->protocol) { DBG2(DBG_CFG, " protocol mismatch, skipping"); return NULL; } - + selected = proposal_create(this->protocol); - + /* select encryption algorithm */ if (select_algo(this->encryption_algos, other->encryption_algos, &add, &algo, &key_size)) @@ -359,7 +359,7 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t /* select integrity algorithm */ if (!is_authenticated_encryption(algo)) { - if (select_algo(this->integrity_algos, other->integrity_algos, + if (select_algo(this->integrity_algos, other->integrity_algos, &add, &algo, &key_size)) { if (add) @@ -424,10 +424,10 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t return NULL; } DBG2(DBG_CFG, " proposal matches"); - + /* apply SPI from "other" */ selected->set_spi(selected, other->spi); - + /* everything matched, return new proposal */ return selected; } @@ -463,7 +463,7 @@ static void clone_algo_list(linked_list_t *list, linked_list_t *clone_list) { algorithm_t *algo, *clone_algo; enumerator_t *enumerator; - + enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &algo)) { @@ -482,12 +482,12 @@ static bool algo_list_equals(linked_list_t *l1, linked_list_t *l2) enumerator_t *e1, *e2; algorithm_t *alg1, *alg2; bool equals = TRUE; - + if (l1->get_count(l1) != l2->get_count(l2)) { return FALSE; } - + e1 = l1->create_enumerator(l1); e2 = l2->create_enumerator(l2); while (e1->enumerate(e1, &alg1) && e2->enumerate(e2, &alg2)) @@ -531,15 +531,15 @@ static bool equals(private_proposal_t *this, private_proposal_t *other) static proposal_t *clone_(private_proposal_t *this) { private_proposal_t *clone = (private_proposal_t*)proposal_create(this->protocol); - + clone_algo_list(this->encryption_algos, clone->encryption_algos); clone_algo_list(this->integrity_algos, clone->integrity_algos); clone_algo_list(this->prf_algos, clone->prf_algos); clone_algo_list(this->dh_groups, clone->dh_groups); clone_algo_list(this->esns, clone->esns); - + clone->spi = this->spi; - + return &clone->public; } @@ -551,7 +551,7 @@ static void check_proposal(private_proposal_t *this) enumerator_t *e; algorithm_t *alg; bool all_aead = TRUE; - + e = this->encryption_algos->create_enumerator(this->encryption_algos); while (e->enumerate(e, &alg)) { @@ -562,7 +562,7 @@ static void check_proposal(private_proposal_t *this) } } e->destroy(e); - + if (all_aead) { /* if all encryption algorithms in the proposal are authenticated encryption @@ -613,7 +613,7 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg) case AUTH_AES_XCBC_96: prf = PRF_AES128_XCBC; break; - default: + default: prf = PRF_UNDEFINED; } if (prf != PRF_UNDEFINED) @@ -633,7 +633,7 @@ static int print_alg(private_proposal_t *this, char **dst, size_t *len, enumerator_t *enumerator; size_t written = 0; u_int16_t alg, size; - + enumerator = create_enumerator(this, kind); while (enumerator->enumerate(enumerator, &alg, &size)) { @@ -666,12 +666,12 @@ int proposal_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, enumerator_t *enumerator; size_t written = 0; bool first = TRUE; - + if (this == NULL) { return print_in_hook(dst, len, "(null)"); } - + if (spec->hash) { enumerator = list->create_enumerator(list); @@ -690,7 +690,7 @@ int proposal_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, enumerator->destroy(enumerator); return written; } - + written = print_in_hook(dst, len, "%N:", protocol_id_names, this->protocol); written += print_alg(this, &dst, &len, ENCRYPTION_ALGORITHM, encryption_algorithm_names, &first); @@ -724,7 +724,7 @@ static void destroy(private_proposal_t *this) proposal_t *proposal_create(protocol_id_t protocol) { private_proposal_t *this = malloc_thing(private_proposal_t); - + this->public.add_algorithm = (void (*)(proposal_t*,transform_type_t,u_int16_t,u_int16_t))add_algorithm; this->public.create_enumerator = (enumerator_t* (*)(proposal_t*,transform_type_t))create_enumerator; this->public.get_algorithm = (bool (*)(proposal_t*,transform_type_t,u_int16_t*,u_int16_t*))get_algorithm; @@ -737,16 +737,16 @@ proposal_t *proposal_create(protocol_id_t protocol) this->public.equals = (bool(*)(proposal_t*, proposal_t *other))equals; this->public.clone = (proposal_t*(*)(proposal_t*))clone_; this->public.destroy = (void(*)(proposal_t*))destroy; - + this->spi = 0; this->protocol = protocol; - + this->encryption_algos = linked_list_create(); this->integrity_algos = linked_list_create(); this->prf_algos = linked_list_create(); this->dh_groups = linked_list_create(); this->esns = linked_list_create(); - + return &this->public; } @@ -760,7 +760,7 @@ static void proposal_add_supported_ike(private_proposal_t *this) integrity_algorithm_t integrity; pseudo_random_function_t prf; diffie_hellman_group_t group; - + enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &encryption)) { @@ -787,10 +787,10 @@ static void proposal_add_supported_ike(private_proposal_t *this) break; default: break; - } + } } enumerator->destroy(enumerator); - + enumerator = lib->crypto->create_signer_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &integrity)) { @@ -806,10 +806,10 @@ static void proposal_add_supported_ike(private_proposal_t *this) break; default: break; - } + } } enumerator->destroy(enumerator); - + enumerator = lib->crypto->create_prf_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &prf)) { @@ -828,7 +828,7 @@ static void proposal_add_supported_ike(private_proposal_t *this) } } enumerator->destroy(enumerator); - + enumerator = lib->crypto->create_dh_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &group)) { @@ -865,7 +865,7 @@ static void proposal_add_supported_ike(private_proposal_t *this) proposal_t *proposal_create_default(protocol_id_t protocol) { private_proposal_t *this = (private_proposal_t*)proposal_create(protocol); - + switch (protocol) { case PROTO_IKE: @@ -903,14 +903,14 @@ proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs chunk_t string = {(void*)algs, strlen(algs)}; chunk_t alg; status_t status = SUCCESS; - + eat_whitespace(&string); if (string.len < 1) { destroy(this); return NULL; } - + /* get all tokens, separated by '-' */ while (extract_token(&alg, '-', &string)) { @@ -925,9 +925,9 @@ proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs destroy(this); return NULL; } - + check_proposal(this); - + if (protocol == PROTO_AH || protocol == PROTO_ESP) { add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); diff --git a/src/charon/config/proposal.h b/src/charon/config/proposal.h index bc7a8c5e7..f3857cbd2 100644 --- a/src/charon/config/proposal.h +++ b/src/charon/config/proposal.h @@ -65,17 +65,17 @@ extern enum_name_t *extended_sequence_numbers_names; /** * Stores a set of algorithms used for an SA. - * - * A proposal stores algorithms for a specific + * + * A proposal stores algorithms for a specific * protocol. It can store algorithms for one protocol. * Proposals with multiple protocols are not supported, * as it's not specified in RFC4301 anymore. */ struct proposal_t { - + /** * Add an algorithm to the proposal. - * + * * The algorithms are stored by priority, first added * is the most preferred. * Key size is only needed for encryption algorithms @@ -84,27 +84,27 @@ struct proposal_t { * The alg parameter accepts encryption_algorithm_t, * integrity_algorithm_t, dh_group_number_t and * extended_sequence_numbers_t. - * + * * @param type kind of algorithm * @param alg identifier for algorithm * @param key_size key size to use */ void (*add_algorithm) (proposal_t *this, transform_type_t type, u_int16_t alg, u_int16_t key_size); - + /** * Get an enumerator over algorithms for a specifc algo type. - * + * * @param type kind of algorithm * @return enumerator over u_int16_t alg, u_int16_t key_size */ enumerator_t *(*create_enumerator) (proposal_t *this, transform_type_t type); - + /** * Get the algorithm for a type to use. - * + * * If there are multiple algorithms, only the first is returned. - * + * * @param type kind of algorithm * @param alg pointer which receives algorithm * @param key_size pointer which receives the key size @@ -112,53 +112,53 @@ struct proposal_t { */ bool (*get_algorithm) (proposal_t *this, transform_type_t type, u_int16_t *alg, u_int16_t *key_size); - + /** * Check if the proposal has a specific DH group. - * + * * @param group group to check for * @return TRUE if algorithm included */ bool (*has_dh_group) (proposal_t *this, diffie_hellman_group_t group); - + /** * Strip DH groups from proposal to use it without PFS. */ - void (*strip_dh)(proposal_t *this); + void (*strip_dh)(proposal_t *this); /** * Compare two proposal, and select a matching subset. - * + * * If the proposals are for the same protocols (AH/ESP), they are * compared. If they have at least one algorithm of each type * in common, a resulting proposal of this kind is created. - * + * * @param other proposal to compair agains * @return selected proposal, NULL if proposals don't match */ proposal_t *(*select) (proposal_t *this, proposal_t *other); - + /** * Get the protocol ID of the proposal. * * @return protocol of the proposal */ protocol_id_t (*get_protocol) (proposal_t *this); - + /** * Get the SPI of the proposal. - * + * * @return spi for proto */ u_int64_t (*get_spi) (proposal_t *this); - + /** * Set the SPI of the proposal. - * + * * @param spi spi to set for proto */ void (*set_spi) (proposal_t *this, u_int64_t spi); - + /** * Check for the eqality of two proposals. * @@ -166,14 +166,14 @@ struct proposal_t { * @return TRUE if other equal to this */ bool (*equals)(proposal_t *this, proposal_t *other); - + /** * Clone a proposal. - * + * * @return clone of proposal */ proposal_t *(*clone) (proposal_t *this); - + /** * Destroys the proposal object. */ @@ -214,7 +214,7 @@ proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs /** * printf hook function for proposal_t. * - * Arguments are: + * Arguments are: * proposal_t *proposal * With the #-specifier, arguments are: * linked_list_t *list containing proposal_t* diff --git a/src/charon/config/traffic_selector.c b/src/charon/config/traffic_selector.c index a8ea10008..0168acc0e 100644 --- a/src/charon/config/traffic_selector.c +++ b/src/charon/config/traffic_selector.c @@ -42,24 +42,24 @@ struct private_traffic_selector_t { * Public part */ traffic_selector_t public; - + /** * Type of address */ ts_type_t type; - + /** * IP protocol (UDP, TCP, ICMP, ...) */ u_int8_t protocol; - + /** * narrow this traffic selector to hosts external ip * if set, from and to have no meaning until set_address() is called */ bool dynamic; - - /** + + /** * begin of address range, network order */ union { @@ -70,7 +70,7 @@ struct private_traffic_selector_t { /** IPv6 address */ u_int32_t from6[4]; }; - + /** * end of address range, network order */ @@ -82,14 +82,14 @@ struct private_traffic_selector_t { /** IPv6 address */ u_int32_t to6[4]; }; - + /** - * begin of port range + * begin of port range */ u_int16_t from_port; - + /** - * end of port range + * end of port range */ u_int16_t to_port; }; @@ -101,7 +101,7 @@ static void calc_range(private_traffic_selector_t *this, u_int8_t netbits) { int byte; size_t size = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16; - + /* go through the from address, starting at the tail. While we * have not processed the bits belonging to the host, set them to 1 on * the to address. If we reach the bits for the net, copy them from "from". */ @@ -109,7 +109,7 @@ static void calc_range(private_traffic_selector_t *this, u_int8_t netbits) { u_char mask = 0x00; int shift; - + shift = (byte+1) * 8 - netbits; if (shift > 0) { @@ -130,7 +130,7 @@ static u_int8_t calc_netbits(private_traffic_selector_t *this) { int byte, bit; size_t size = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16; - + /* go trough all bits of the addresses, beginning in the front. * as long as they are equal, the subnet gets larger */ @@ -169,12 +169,12 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec bool has_ports; size_t written = 0; u_int32_t from[4], to[4]; - + if (this == NULL) { return print_in_hook(dst, len, "(null)"); } - + if (spec->hash) { iterator = list->create_iterator(list, TRUE); @@ -186,11 +186,11 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec iterator->destroy(iterator); return written; } - + memset(from, 0, sizeof(from)); memset(to, 0xFF, sizeof(to)); if (this->dynamic && - memeq(this->from, from, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16) && + memeq(this->from, from, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16) && memeq(this->to, to, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16)) { written += print_in_hook(dst, len, "dynamic"); @@ -208,7 +208,7 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec mask = calc_netbits(this); written += print_in_hook(dst, len, "%s/%d", addr_str, mask); } - + /* check if we have protocol and/or port selectors */ has_proto = this->protocol != 0; has_ports = !(this->from_port == 0 && this->to_port == 0xFFFF); @@ -235,7 +235,7 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec written += print_in_hook(dst, len, "%d", this->protocol); } } - + if (has_proto && has_ports) { written += print_in_hook(dst, len, "/"); @@ -262,7 +262,7 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec written += print_in_hook(dst, len, "%d-%d", this->from_port, this->to_port); } } - + written += print_in_hook(dst, len, "]"); return written; @@ -281,7 +281,7 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_ u_int8_t protocol; size_t size; private_traffic_selector_t *new_ts; - + /* calculate the maximum port range allowed for both */ from_port = max(this->from_port, other->from_port); to_port = min(this->to_port, other->to_port); @@ -291,7 +291,7 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_ } /* select protocol, which is not zero */ protocol = max(this->protocol, other->protocol); - + switch (this->type) { case TS_IPV4_ADDR_RANGE: @@ -303,7 +303,7 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_ default: return NULL; } - + /* get higher from-address */ if (memcmp(this->from, other->from, size) > 0) { @@ -327,14 +327,14 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_ { return NULL; } - + /* we have a match in protocol, port, and address: return it... */ new_ts = traffic_selector_create(protocol, this->type, from_port, to_port); new_ts->type = this->type; new_ts->dynamic = this->dynamic || other->dynamic; memcpy(new_ts->from, from, size); memcpy(new_ts->to, to, size); - + return &new_ts->public; } return NULL; @@ -390,7 +390,7 @@ static chunk_t get_from_address(private_traffic_selector_t *this) return chunk_empty; } } - + /** * Implements traffic_selector_t.get_to_address. */ @@ -406,7 +406,7 @@ static chunk_t get_to_address(private_traffic_selector_t *this) return chunk_empty; } } - + /** * Implements traffic_selector_t.get_from_port. */ @@ -414,7 +414,7 @@ static u_int16_t get_from_port(private_traffic_selector_t *this) { return this->from_port; } - + /** * Implements traffic_selector_t.get_to_port. */ @@ -448,7 +448,7 @@ static bool is_host(private_traffic_selector_t *this, host_t *host) { chunk_t addr; int family = host->get_family(host); - + if ((family == AF_INET && this->type == TS_IPV4_ADDR_RANGE) || (family == AF_INET6 && this->type == TS_IPV6_ADDR_RANGE)) { @@ -463,12 +463,12 @@ static bool is_host(private_traffic_selector_t *this, host_t *host) else { size_t length = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16; - + if (this->dynamic) { return TRUE; } - + if (memeq(this->from, this->to, length)) { return TRUE; @@ -494,7 +494,7 @@ static void set_address(private_traffic_selector_t *this, host_t *host) { this->type = host->get_family(host) == AF_INET ? TS_IPV4_ADDR_RANGE : TS_IPV6_ADDR_RANGE; - + if (host->is_anyaddr(host)) { memset(this->from6, 0x00, sizeof(this->from6)); @@ -517,9 +517,9 @@ static bool is_contained_in(private_traffic_selector_t *this, { private_traffic_selector_t *subset; bool contained_in = FALSE; - + subset = (private_traffic_selector_t*)get_subset(this, other); - + if (subset) { if (equals(subset, this)) @@ -528,7 +528,7 @@ static bool is_contained_in(private_traffic_selector_t *this, } free(subset); } - return contained_in; + return contained_in; } /** @@ -543,12 +543,12 @@ static bool includes(private_traffic_selector_t *this, host_t *host) (family == AF_INET6 && this->type == TS_IPV6_ADDR_RANGE)) { addr = host->get_address(host); - + return memcmp(this->from, addr.ptr, addr.len) <= 0 && memcmp(this->to, addr.ptr, addr.len) >= 0; } - return FALSE; + return FALSE; } /** @@ -557,15 +557,15 @@ static bool includes(private_traffic_selector_t *this, host_t *host) static void to_subnet(private_traffic_selector_t *this, host_t **net, u_int8_t *mask) { /* there is no way to do this cleanly, as the address range may - * be anything else but a subnet. We use from_addr as subnet + * be anything else but a subnet. We use from_addr as subnet * and try to calculate a usable subnet mask. */ int family, byte; u_int16_t port = 0; chunk_t net_chunk; - + *mask = calc_netbits(this); - + switch (this->type) { case TS_IPV4_ADDR_RANGE: @@ -586,22 +586,22 @@ static void to_subnet(private_traffic_selector_t *this, host_t **net, u_int8_t * return; } } - + net_chunk.ptr = malloc(net_chunk.len); memcpy(net_chunk.ptr, this->from, net_chunk.len); - + for (byte = net_chunk.len - 1; byte >= (*mask / 8); --byte) { int shift = (byte + 1) * 8 - *mask; net_chunk.ptr[byte] = net_chunk.ptr[byte] & (0xFF << shift); } - + if (this->to_port == this->from_port) { port = this->to_port; } - - *net = host_create_from_chunk(family, net_chunk, port); + + *net = host_create_from_chunk(family, net_chunk, port); chunk_free(&net_chunk); } @@ -611,10 +611,10 @@ static void to_subnet(private_traffic_selector_t *this, host_t **net, u_int8_t * static traffic_selector_t *clone_(private_traffic_selector_t *this) { private_traffic_selector_t *clone; - - clone = traffic_selector_create(this->protocol, this->type, + + clone = traffic_selector_create(this->protocol, this->type, this->from_port, this->to_port); - + clone->dynamic = this->dynamic; switch (clone->type) { @@ -650,13 +650,13 @@ static void destroy(private_traffic_selector_t *this) * see header */ traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, - ts_type_t type, - chunk_t from, u_int16_t from_port, + ts_type_t type, + chunk_t from, u_int16_t from_port, chunk_t to, u_int16_t to_port) { private_traffic_selector_t *this = traffic_selector_create(protocol, type, from_port, to_port); - + switch (type) { case TS_IPV4_ADDR_RANGE: @@ -684,7 +684,7 @@ traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, default: { free(this); - return NULL; + return NULL; } } return (&this->public); @@ -693,7 +693,7 @@ traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, /* * see header */ -traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, +traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t netbits, u_int8_t protocol, u_int16_t port) { private_traffic_selector_t *this = traffic_selector_create(protocol, 0, 0, 65535); @@ -703,7 +703,7 @@ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, case AF_INET: { chunk_t from; - + this->type = TS_IPV4_ADDR_RANGE; from = net->get_address(net); memcpy(this->from4, from.ptr, from.len); @@ -721,7 +721,7 @@ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, case AF_INET6: { chunk_t from; - + this->type = TS_IPV6_ADDR_RANGE; from = net->get_address(net); memcpy(this->from6, from.ptr, from.len); @@ -782,7 +782,7 @@ traffic_selector_t *traffic_selector_create_from_string( free(this); return NULL; } - break; + break; } case TS_IPV6_ADDR_RANGE: { @@ -805,17 +805,17 @@ traffic_selector_t *traffic_selector_create_from_string( /* * see header */ -traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol, +traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol, u_int16_t from_port, u_int16_t to_port) { private_traffic_selector_t *this = traffic_selector_create( protocol, TS_IPV4_ADDR_RANGE, from_port, to_port); - + memset(this->from6, 0, sizeof(this->from6)); memset(this->to6, 0xFF, sizeof(this->to6)); - + this->dynamic = TRUE; - + return &this->public; } @@ -833,7 +833,7 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, this->public.get_from_address = (chunk_t(*)(traffic_selector_t*))get_from_address; this->public.get_to_address = (chunk_t(*)(traffic_selector_t*))get_to_address; this->public.get_from_port = (u_int16_t(*)(traffic_selector_t*))get_from_port; - this->public.get_to_port = (u_int16_t(*)(traffic_selector_t*))get_to_port; + this->public.get_to_port = (u_int16_t(*)(traffic_selector_t*))get_to_port; this->public.get_type = (ts_type_t(*)(traffic_selector_t*))get_type; this->public.get_protocol = (u_int8_t(*)(traffic_selector_t*))get_protocol; this->public.is_host = (bool(*)(traffic_selector_t*,host_t*))is_host; @@ -844,13 +844,13 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, this->public.to_subnet = (void(*)(traffic_selector_t*,host_t**,u_int8_t*))to_subnet; this->public.clone = (traffic_selector_t*(*)(traffic_selector_t*))clone_; this->public.destroy = (void(*)(traffic_selector_t*))destroy; - + this->from_port = from_port; this->to_port = to_port; this->protocol = protocol; this->type = type; this->dynamic = FALSE; - + return this; } diff --git a/src/charon/config/traffic_selector.h b/src/charon/config/traffic_selector.h index a57da43a8..e71a03119 100644 --- a/src/charon/config/traffic_selector.h +++ b/src/charon/config/traffic_selector.h @@ -33,7 +33,7 @@ typedef struct traffic_selector_t traffic_selector_t; * Traffic selector types. */ enum ts_type_t { - + /** * A range of IPv4 addresses, represented by two four (4) octet * values. The first value is the beginning IPv4 address @@ -42,7 +42,7 @@ enum ts_type_t { * addresses are considered to be within the list. */ TS_IPV4_ADDR_RANGE = 7, - + /** * A range of IPv6 addresses, represented by two sixteen (16) * octet values. The first value is the beginning IPv6 address @@ -65,7 +65,7 @@ extern enum_name_t *ts_type_name; * and a range of ports. IPv6 is not fully supported yet. */ struct traffic_selector_t { - + /** * Compare two traffic selectors, and create a new one * which is the largest subset of both (subnet & port). @@ -77,16 +77,16 @@ struct traffic_selector_t { * - created subset of them * - or NULL if no match between this and other */ - traffic_selector_t *(*get_subset) (traffic_selector_t *this, + traffic_selector_t *(*get_subset) (traffic_selector_t *this, traffic_selector_t *other); - + /** * Clone a traffic selector. * * @return clone of it */ traffic_selector_t *(*clone) (traffic_selector_t *this); - + /** * Get starting address of this ts as a chunk. * @@ -95,7 +95,7 @@ struct traffic_selector_t { * @return chunk containing the address */ chunk_t (*get_from_address) (traffic_selector_t *this); - + /** * Get ending address of this ts as a chunk. * @@ -104,17 +104,17 @@ struct traffic_selector_t { * @return chunk containing the address */ chunk_t (*get_to_address) (traffic_selector_t *this); - + /** * Get starting port of this ts. - * + * * Port is in host order, since the parser converts it. * Size depends on protocol. - * + * * @return port */ u_int16_t (*get_from_port) (traffic_selector_t *this); - + /** * Get ending port of this ts. * @@ -124,21 +124,21 @@ struct traffic_selector_t { * @return port */ u_int16_t (*get_to_port) (traffic_selector_t *this); - + /** * Get the type of the traffic selector. * * @return ts_type_t specifying the type */ ts_type_t (*get_type) (traffic_selector_t *this); - + /** * Get the protocol id of this ts. * * @return protocol id */ u_int8_t (*get_protocol) (traffic_selector_t *this); - + /** * Check if the traffic selector is for a single host. * @@ -151,14 +151,14 @@ struct traffic_selector_t { * @param host host_t specifying the address range */ bool (*is_host) (traffic_selector_t *this, host_t* host); - + /** * Check if a traffic selector has been created by create_dynamic(). * * @return TRUE if TS is dynamic */ bool (*is_dynamic)(traffic_selector_t *this); - + /** * Update the address of a traffic selector. * @@ -168,15 +168,15 @@ struct traffic_selector_t { * @param host host_t specifying the address */ void (*set_address) (traffic_selector_t *this, host_t* host); - + /** * Compare two traffic selectors for equality. - * + * * @param other ts to compare with this * @return TRUE if equal, FALSE otherwise */ bool (*equals) (traffic_selector_t *this, traffic_selector_t *other); - + /** * Check if a traffic selector is contained completly in another. * @@ -188,24 +188,24 @@ struct traffic_selector_t { bool (*is_contained_in) (traffic_selector_t *this, traffic_selector_t *other); /** - * Check if a specific host is included in the address range of + * Check if a specific host is included in the address range of * this traffic selector. * * @param host the host to check */ bool (*includes) (traffic_selector_t *this, host_t *host); - + /** * Convert a traffic selector address range to a subnet * and its net mask. * If from and to ports of this traffic selector are equal, * the port of the returned host_t is set to that port. - * + * * @param net converted subnet (has to be freed) * @param mask converted net mask */ void (*to_subnet) (traffic_selector_t *this, host_t **net, u_int8_t *mask); - + /** * Destroys the ts object */ @@ -214,7 +214,7 @@ struct traffic_selector_t { /** * Create a new traffic selector using human readable params. - * + * * @param protocol protocol for this ts, such as TCP or UDP * @param type type of following addresses, such as TS_IPV4_ADDR_RANGE * @param from_addr start of address range as string @@ -232,11 +232,11 @@ traffic_selector_t *traffic_selector_create_from_string( /** * Create a new traffic selector using data read from the net. - * + * * There exists a mix of network and host order in the params. * But the parser gives us this data in this format, so we * don't have to convert twice. - * + * * @param protocol protocol for this ts, such as TCP or UDP * @param type type of following addresses, such as TS_IPV4_ADDR_RANGE * @param from_address start of address range, network order @@ -252,14 +252,14 @@ traffic_selector_t *traffic_selector_create_from_bytes( /** * Create a new traffic selector defining a whole subnet. - * + * * In most cases, definition of a traffic selector for full subnets * is sufficient. This constructor creates a traffic selector for * all protocols, all ports and the address range specified by the * subnet. * Additionally, a protocol and a port may be specified. Port ranges * are not supported via this constructor. - * + * * @param net subnet to use * @param netbits size of the subnet, as used in e.g. 192.168.0.0/24 notation * @param protocol protocol for this ts, such as TCP or UDP @@ -269,17 +269,17 @@ traffic_selector_t *traffic_selector_create_from_bytes( * - NULL if address family of net not supported */ traffic_selector_t *traffic_selector_create_from_subnet( - host_t *net, u_int8_t netbits, + host_t *net, u_int8_t netbits, u_int8_t protocol, u_int16_t port); /** * Create a traffic selector for host-to-host cases. - * + * * For host2host or virtual IP setups, the traffic selectors gets * created at runtime using the external/virtual IP. Using this constructor, * a call to set_address() sets this traffic selector to the supplied host. - * - * + * + * * @param protocol upper layer protocl to allow * @param from_port start of allowed port range * @param to_port end of range @@ -293,7 +293,7 @@ traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol, /** * printf hook function for traffic_selector_t. * - * Arguments are: + * Arguments are: * traffic_selector_t *ts * With the #-specifier, arguments are: * linked_list_t *list containing traffic_selector_t* diff --git a/src/charon/control/controller.c b/src/charon/control/controller.c index 97d7e33ea..94c64028c 100644 --- a/src/charon/control/controller.c +++ b/src/charon/control/controller.c @@ -47,42 +47,42 @@ struct interface_listener_t { * public bus listener interface */ listener_t public; - + /** * status of the operation, return to method callers */ status_t status; - + /** * interface callback (listener gets redirected to here) */ controller_cb_t callback; - + /** * user parameter to pass to callback */ void *param; - + /** * child configuration, used for initiate */ child_cfg_t *child_cfg; - + /** * peer configuration, used for initiate */ peer_cfg_t *peer_cfg; - + /** * IKE_SA to handle */ ike_sa_t *ike_sa; - + /** * CHILD_SA to handle */ child_sa_t *child_sa; - + /** * unique ID, used for various methods */ @@ -100,7 +100,7 @@ struct interface_job_t { * job interface */ job_t public; - + /** * associated listener */ @@ -138,7 +138,7 @@ static bool listener_ike_state(interface_listener_t *this, ike_sa_t *ike_sa, case IKE_ESTABLISHED: { /* mediation connections are complete without CHILD_SA */ peer_cfg_t *peer_cfg = ike_sa->get_peer_cfg(ike_sa); - + if (peer_cfg->is_mediation(peer_cfg)) { this->status = SUCCESS; @@ -219,17 +219,17 @@ static status_t initiate_execute(interface_job_t *job) ike_sa_t *ike_sa; interface_listener_t *listener = &job->listener; peer_cfg_t *peer_cfg = listener->peer_cfg; - + ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager, peer_cfg); listener->ike_sa = ike_sa; - + if (ike_sa->get_peer_cfg(ike_sa) == NULL) { ike_sa->set_peer_cfg(ike_sa, peer_cfg); } peer_cfg->destroy(peer_cfg); - + if (ike_sa->initiate(ike_sa, listener->child_cfg, 0, NULL, NULL) == SUCCESS) { charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); @@ -279,9 +279,9 @@ static status_t terminate_ike_execute(interface_job_t *job) { interface_listener_t *listener = &job->listener; ike_sa_t *ike_sa = listener->ike_sa; - + charon->bus->set_sa(charon->bus, ike_sa); - + if (ike_sa->delete(ike_sa) != DESTROY_ME) { charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); @@ -316,7 +316,7 @@ static status_t terminate_ike(controller_t *this, u_int32_t unique_id, .destroy = (void*)recheckin, }, }; - + ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, unique_id, FALSE); if (ike_sa == NULL) @@ -325,7 +325,7 @@ static status_t terminate_ike(controller_t *this, u_int32_t unique_id, return NOT_FOUND; } job.listener.ike_sa = ike_sa; - + if (callback == NULL) { return terminate_ike_execute(&job); @@ -342,7 +342,7 @@ static status_t terminate_child_execute(interface_job_t *job) interface_listener_t *listener = &job->listener; ike_sa_t *ike_sa = listener->ike_sa; child_sa_t *child_sa = listener->child_sa; - + charon->bus->set_sa(charon->bus, ike_sa); if (ike_sa->delete_child_sa(ike_sa, child_sa->get_protocol(child_sa), child_sa->get_spi(child_sa, TRUE)) != DESTROY_ME) @@ -380,7 +380,7 @@ static status_t terminate_child(controller_t *this, u_int32_t reqid, .destroy = (void*)recheckin, }, }; - + ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, reqid, TRUE); if (ike_sa == NULL) @@ -390,7 +390,7 @@ static status_t terminate_child(controller_t *this, u_int32_t reqid, return NOT_FOUND; } job.listener.ike_sa = ike_sa; - + iterator = ike_sa->create_child_sa_iterator(ike_sa); while (iterator->iterate(iterator, (void**)&child_sa)) { @@ -402,7 +402,7 @@ static status_t terminate_child(controller_t *this, u_int32_t reqid, child_sa = NULL; } iterator->destroy(iterator); - + if (child_sa == NULL) { DBG1(DBG_IKE, "unable to terminate, established " @@ -443,13 +443,13 @@ static void destroy(private_controller_t *this) controller_t *controller_create(void) { private_controller_t *this = malloc_thing(private_controller_t); - + this->public.create_ike_sa_enumerator = (enumerator_t*(*)(controller_t*))create_ike_sa_enumerator; this->public.initiate = (status_t(*)(controller_t*,peer_cfg_t*,child_cfg_t*,controller_cb_t,void*))initiate; this->public.terminate_ike = (status_t(*)(controller_t*,u_int32_t,controller_cb_t, void*))terminate_ike; this->public.terminate_child = (status_t(*)(controller_t*,u_int32_t,controller_cb_t, void *param))terminate_child; this->public.destroy = (void (*)(controller_t*))destroy; - + return &this->public; } diff --git a/src/charon/control/controller.h b/src/charon/control/controller.h index 3c928d2ea..31b69c78c 100644 --- a/src/charon/control/controller.h +++ b/src/charon/control/controller.h @@ -95,7 +95,7 @@ struct controller_t { * Terminate an IKE_SA and all of its CHILD_SAs. * * The terminate() function is synchronous and thus blocks until the - * IKE_SA is properly deleted, or the delete timed out. + * IKE_SA is properly deleted, or the delete timed out. * The terminate() function contains a thread cancellation point. * * @param unique_id unique id of the IKE_SA to terminate. @@ -106,9 +106,9 @@ struct controller_t { * - NOT_FOUND, if no such CHILD_SA found * - NEED_MORE, if callback returned FALSE */ - status_t (*terminate_ike)(controller_t *this, u_int32_t unique_id, + status_t (*terminate_ike)(controller_t *this, u_int32_t unique_id, controller_cb_t callback, void *param); - + /** * Terminate a CHILD_SA. * @@ -120,9 +120,9 @@ struct controller_t { * - NOT_FOUND, if no such CHILD_SA found * - NEED_MORE, if callback returned FALSE */ - status_t (*terminate_child)(controller_t *this, u_int32_t reqid, + status_t (*terminate_child)(controller_t *this, u_int32_t reqid, controller_cb_t callback, void *param); - + /** * Destroy a controller_t instance. */ @@ -132,7 +132,7 @@ struct controller_t { /** * Creates a controller instance. - * + * * @return controller_t object */ controller_t *controller_create(void); diff --git a/src/charon/credentials/credential_manager.c b/src/charon/credentials/credential_manager.c index 78b0922ec..636d83bf1 100644 --- a/src/charon/credentials/credential_manager.c +++ b/src/charon/credentials/credential_manager.c @@ -41,27 +41,27 @@ struct private_credential_manager_t { * public functions */ credential_manager_t public; - + /** * list of credential sets */ linked_list_t *sets; - + /** * thread local set of credentials, linked_list_t with credential_set_t's */ pthread_key_t local_sets; - + /** * trust relationship and certificate cache */ cert_cache_t *cache; - + /** * certificates queued for persistent caching */ linked_list_t *cache_queue; - + /** * read-write lock to sets list */ @@ -149,7 +149,7 @@ static enumerator_t *create_sets_enumerator(private_credential_manager_t *this) { linked_list_t *local; sets_enumerator_t *enumerator = malloc_thing(sets_enumerator_t); - + enumerator->public.enumerate = (void*)sets_enumerator_enumerate; enumerator->public.destroy = (void*)sets_enumerator_destroy; enumerator->global = this->sets->create_enumerator(this->sets); @@ -176,7 +176,7 @@ static void destroy_cert_data(cert_data_t *data) */ static enumerator_t *create_cert(credential_set_t *set, cert_data_t *data) { - return set->create_cert_enumerator(set, data->cert, data->key, + return set->create_cert_enumerator(set, data->cert, data->key, data->id, data->trusted); } @@ -193,7 +193,7 @@ static enumerator_t *create_cert_enumerator(private_credential_manager_t *this, data->key = key; data->id = id; data->trusted = trusted; - + this->lock->read_lock(this->lock); return enumerator_create_nested(create_sets_enumerator(this), (void*)create_cert, data, @@ -209,7 +209,7 @@ static certificate_t *get_cert(private_credential_manager_t *this, { certificate_t *current, *found = NULL; enumerator_t *enumerator; - + enumerator = create_cert_enumerator(this, cert, key, id, trusted); if (enumerator->enumerate(enumerator, ¤t)) { @@ -247,7 +247,7 @@ static enumerator_t * create_cdp_enumerator(private_credential_manager_t *this, data->this = this; data->type = type; data->id = id; - + this->lock->read_lock(this->lock); return enumerator_create_nested(create_sets_enumerator(this), (void*)create_cdp, data, @@ -279,7 +279,7 @@ static enumerator_t* create_private_enumerator( key_type_t key, identification_t *keyid) { private_data_t *data; - + data = malloc_thing(private_data_t); data->this = this; data->type = key; @@ -292,13 +292,13 @@ static enumerator_t* create_private_enumerator( /** * Implementation of credential_manager_t.get_private_by_keyid. - */ + */ static private_key_t *get_private_by_keyid(private_credential_manager_t *this, key_type_t key, identification_t *keyid) { private_key_t *found = NULL; enumerator_t *enumerator; - + enumerator = create_private_enumerator(this, key, keyid); if (enumerator->enumerate(enumerator, &found)) { @@ -328,7 +328,7 @@ static enumerator_t *create_shared(credential_set_t *set, shared_data_t *data) /** * Implementation of credential_manager_t.create_shared_enumerator. */ -static enumerator_t *create_shared_enumerator(private_credential_manager_t *this, +static enumerator_t *create_shared_enumerator(private_credential_manager_t *this, shared_key_type_t type, identification_t *me, identification_t *other) { @@ -337,16 +337,16 @@ static enumerator_t *create_shared_enumerator(private_credential_manager_t *this data->type = type; data->me = me; data->other = other; - + this->lock->read_lock(this->lock); return enumerator_create_nested(create_sets_enumerator(this), - (void*)create_shared, data, + (void*)create_shared, data, (void*)destroy_shared_data); } /** * Implementation of credential_manager_t.get_shared. - */ + */ static shared_key_t *get_shared(private_credential_manager_t *this, shared_key_type_t type, identification_t *me, identification_t *other) @@ -355,7 +355,7 @@ static shared_key_t *get_shared(private_credential_manager_t *this, id_match_t *best_me = ID_MATCH_NONE, *best_other = ID_MATCH_NONE; id_match_t *match_me, *match_other; enumerator_t *enumerator; - + enumerator = create_shared_enumerator(this, type, me, other); while (enumerator->enumerate(enumerator, ¤t, &match_me, &match_other)) { @@ -396,7 +396,7 @@ static void remove_local_set(private_credential_manager_t *this, credential_set_t *set) { linked_list_t *sets; - + sets = pthread_getspecific(this->local_sets); sets->remove(sets, set, NULL); } @@ -408,7 +408,7 @@ static void cache_cert(private_credential_manager_t *this, certificate_t *cert) { credential_set_t *set; enumerator_t *enumerator; - + if (this->lock->try_write_lock(this->lock)) { enumerator = this->sets->create_enumerator(this->sets); @@ -434,7 +434,7 @@ static void cache_queue(private_credential_manager_t *this) credential_set_t *set; certificate_t *cert; enumerator_t *enumerator; - + if (this->cache_queue->get_count(this->cache_queue) > 0 && this->lock->try_write_lock(this->lock)) { @@ -454,7 +454,7 @@ static void cache_queue(private_credential_manager_t *this) } /** - * forward declaration + * forward declaration */ static enumerator_t *create_trusted_enumerator(private_credential_manager_t *this, key_type_t type, identification_t *id, bool crl, bool ocsp); @@ -467,7 +467,7 @@ static certificate_t *fetch_ocsp(private_credential_manager_t *this, char *url, { certificate_t *request, *response; chunk_t send, receive; - + /* TODO: requestor name, signature */ request = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST, @@ -478,12 +478,12 @@ static certificate_t *fetch_ocsp(private_credential_manager_t *this, char *url, DBG1(DBG_CFG, "generating ocsp request failed"); return NULL; } - + send = request->get_encoding(request); request->destroy(request); DBG1(DBG_CFG, " requesting ocsp status from '%s' ...", url); - if (lib->fetcher->fetch(lib->fetcher, url, &receive, + if (lib->fetcher->fetch(lib->fetcher, url, &receive, FETCH_REQUEST_DATA, send, FETCH_REQUEST_TYPE, "application/ocsp-request", FETCH_END) != SUCCESS) @@ -493,7 +493,7 @@ static certificate_t *fetch_ocsp(private_credential_manager_t *this, char *url, return NULL; } chunk_free(&send); - + response = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE, BUILD_BLOB_ASN1_DER, receive, BUILD_END); @@ -507,9 +507,9 @@ static certificate_t *fetch_ocsp(private_credential_manager_t *this, char *url, } /** - * check the signature of an OCSP response + * check the signature of an OCSP response */ -static bool verify_ocsp(private_credential_manager_t *this, +static bool verify_ocsp(private_credential_manager_t *this, ocsp_response_t *response) { certificate_t *issuer, *subject; @@ -520,7 +520,7 @@ static bool verify_ocsp(private_credential_manager_t *this, wrapper = ocsp_response_wrapper_create((ocsp_response_t*)response); add_local_set(this, &wrapper->set); - + subject = &response->certificate; responder = subject->get_issuer(subject); enumerator = create_trusted_enumerator(this, KEY_ANY, responder, FALSE, FALSE); @@ -535,7 +535,7 @@ static bool verify_ocsp(private_credential_manager_t *this, } } enumerator->destroy(enumerator); - + remove_local_set(this, &wrapper->set); wrapper->destroy(wrapper); return verified; @@ -553,7 +553,7 @@ static certificate_t *get_better_ocsp(private_credential_manager_t *this, time_t revocation, this_update, next_update, valid_until; crl_reason_t reason; bool revoked = FALSE; - + response = (ocsp_response_t*)cand; /* check ocsp signature */ @@ -622,7 +622,7 @@ static certificate_t *get_better_ocsp(private_credential_manager_t *this, * validate a x509 certificate using OCSP */ static cert_validation_t check_ocsp(private_credential_manager_t *this, - x509_t *subject, x509_t *issuer, + x509_t *subject, x509_t *issuer, auth_cfg_t *auth) { enumerator_t *enumerator; @@ -632,7 +632,7 @@ static cert_validation_t check_ocsp(private_credential_manager_t *this, public_key_t *public; chunk_t chunk; char *uri = NULL; - + /** lookup cache for valid OCSP responses */ enumerator = create_cert_enumerator(this, CERT_X509_OCSP_RESPONSE, KEY_ANY, NULL, FALSE); @@ -648,7 +648,7 @@ static cert_validation_t check_ocsp(private_credential_manager_t *this, } } enumerator->destroy(enumerator); - + /* derive the authorityKeyIdentifier from the issuer's public key */ current = &issuer->interface; public = current->get_public_key(current); @@ -723,7 +723,7 @@ static certificate_t* fetch_crl(private_credential_manager_t *this, char *url) { certificate_t *crl; chunk_t chunk; - + DBG1(DBG_CFG, " fetching crl from '%s' ...", url); if (lib->fetcher->fetch(lib->fetcher, url, &chunk, FETCH_END) != SUCCESS) { @@ -749,7 +749,7 @@ static bool verify_crl(private_credential_manager_t *this, certificate_t *crl) certificate_t *issuer; enumerator_t *enumerator; bool verified = FALSE; - + enumerator = create_trusted_enumerator(this, KEY_ANY, crl->get_issuer(crl), FALSE, FALSE); while (enumerator->enumerate(enumerator, &issuer, NULL)) @@ -763,7 +763,7 @@ static bool verify_crl(private_credential_manager_t *this, certificate_t *crl) } } enumerator->destroy(enumerator); - + return verified; } @@ -788,7 +788,7 @@ static certificate_t *get_better_crl(private_credential_manager_t *this, cand->destroy(cand); return best; } - + crl = (crl_t*)cand; enumerator = crl->create_enumerator(crl); while (enumerator->enumerate(enumerator, &serial, &revocation, &reason)) @@ -837,7 +837,7 @@ static certificate_t *get_better_crl(private_credential_manager_t *this, * validate a x509 certificate using CRL */ static cert_validation_t check_crl(private_credential_manager_t *this, - x509_t *subject, x509_t *issuer, + x509_t *subject, x509_t *issuer, auth_cfg_t *auth) { cert_validation_t valid = VALIDATION_SKIPPED; @@ -848,16 +848,16 @@ static cert_validation_t check_crl(private_credential_manager_t *this, enumerator_t *enumerator; chunk_t chunk; char *uri = NULL; - + /* derive the authorityKeyIdentifier from the issuer's public key */ current = &issuer->interface; public = current->get_public_key(current); if (public && public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &chunk)) { keyid = identification_create_from_encoding(ID_KEY_ID, chunk); - + /* find a cached crl by authorityKeyIdentifier */ - enumerator = create_cert_enumerator(this, CERT_X509_CRL, KEY_ANY, + enumerator = create_cert_enumerator(this, CERT_X509_CRL, KEY_ANY, keyid, FALSE); while (enumerator->enumerate(enumerator, ¤t)) { @@ -871,12 +871,12 @@ static cert_validation_t check_crl(private_credential_manager_t *this, } } enumerator->destroy(enumerator); - + /* fallback to fetching crls from credential sets cdps */ if (valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED) { enumerator = create_cdp_enumerator(this, CERT_X509_CRL, keyid); - + while (enumerator->enumerate(enumerator, &uri)) { current = fetch_crl(this, uri); @@ -895,12 +895,12 @@ static cert_validation_t check_crl(private_credential_manager_t *this, keyid->destroy(keyid); } DESTROY_IF(public); - + /* fallback to fetching crls from cdps from subject's certificate */ if (valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED) { enumerator = subject->create_crl_uri_enumerator(subject); - + while (enumerator->enumerate(enumerator, &uri)) { current = fetch_crl(this, uri); @@ -916,7 +916,7 @@ static cert_validation_t check_crl(private_credential_manager_t *this, } enumerator->destroy(enumerator); } - + /* an uri was found, but no result. switch validation state to failed */ if (valid == VALIDATION_SKIPPED && uri) { @@ -947,7 +947,7 @@ static bool check_certificate(private_credential_manager_t *this, bool crl, bool ocsp, auth_cfg_t *auth) { time_t not_before, not_after; - + if (!subject->get_validity(subject, NULL, ¬_before, ¬_after)) { DBG1(DBG_CFG, "subject certificate invalid (valid from %T to %T)", @@ -1020,7 +1020,7 @@ static certificate_t *get_pretrusted_cert(private_credential_manager_t *this, { certificate_t *subject; public_key_t *public; - + subject = get_cert(this, CERT_ANY, type, id, TRUE); if (!subject) { @@ -1044,8 +1044,8 @@ static certificate_t *get_issuer_cert(private_credential_manager_t *this, { enumerator_t *enumerator; certificate_t *issuer = NULL, *candidate; - - enumerator = create_cert_enumerator(this, subject->get_type(subject), KEY_ANY, + + enumerator = create_cert_enumerator(this, subject->get_type(subject), KEY_ANY, subject->get_issuer(subject), trusted); while (enumerator->enumerate(enumerator, &candidate)) { @@ -1069,7 +1069,7 @@ static bool verify_trust_chain(private_credential_manager_t *this, certificate_t *current, *issuer; auth_cfg_t *auth; u_int level = 0; - + auth = auth_cfg_create(); current = subject->get_ref(subject); while (level++ < MAX_CA_LEVELS) @@ -1110,7 +1110,7 @@ static bool verify_trust_chain(private_credential_manager_t *this, } else { - DBG1(DBG_CFG, "no issuer certificate found for \"%Y\"", + DBG1(DBG_CFG, "no issuer certificate found for \"%Y\"", current->get_subject(current)); break; } @@ -1173,10 +1173,10 @@ static bool trusted_enumerate(trusted_enumerator_t *this, certificate_t **cert, auth_cfg_t **auth) { certificate_t *current; - + DESTROY_IF(this->auth); this->auth = auth_cfg_create(); - + if (!this->candidates) { /* first invocation, build enumerator for next one */ @@ -1187,7 +1187,7 @@ static bool trusted_enumerate(trusted_enumerator_t *this, if (this->pretrusted) { /* if we find a trusted self signed certificate, we just accept it. - * However, in order to fulfill authorization rules, we try to build + * However, in order to fulfill authorization rules, we try to build * the trust chain if it is not self signed */ if (this->this->cache->issued_by(this->this->cache, this->pretrusted, this->pretrusted) || @@ -1215,7 +1215,7 @@ static bool trusted_enumerate(trusted_enumerator_t *this, { /* skip pretrusted certificate we already served */ continue; } - + DBG1(DBG_CFG, " using certificate \"%Y\"", current->get_subject(current)); if (verify_trust_chain(this->this, current, this->auth, FALSE, @@ -1250,10 +1250,10 @@ static enumerator_t *create_trusted_enumerator(private_credential_manager_t *thi key_type_t type, identification_t *id, bool crl, bool ocsp) { trusted_enumerator_t *enumerator = malloc_thing(trusted_enumerator_t); - + enumerator->public.enumerate = (void*)trusted_enumerate; enumerator->public.destroy = (void*)trusted_destroy; - + enumerator->candidates = NULL; enumerator->this = this; enumerator->type = type; @@ -1262,7 +1262,7 @@ static enumerator_t *create_trusted_enumerator(private_credential_manager_t *thi enumerator->ocsp = ocsp; enumerator->pretrusted = NULL; enumerator->auth = NULL; - + return &enumerator->public; } @@ -1289,7 +1289,7 @@ static bool public_enumerate(public_enumerator_t *this, public_key_t **key, auth_cfg_t **auth) { certificate_t *cert; - + while (this->inner->enumerate(this->inner, &cert, auth)) { DESTROY_IF(this->current); @@ -1316,7 +1316,7 @@ static void public_destroy(public_enumerator_t *this) this->wrapper->destroy(this->wrapper); } this->this->lock->unlock(this->this->lock); - + /* check for delayed certificate cache queue */ cache_queue(this->this); free(this); @@ -1329,7 +1329,7 @@ static enumerator_t* create_public_enumerator(private_credential_manager_t *this key_type_t type, identification_t *id, auth_cfg_t *auth) { public_enumerator_t *enumerator = malloc_thing(public_enumerator_t); - + enumerator->public.enumerate = (void*)public_enumerate; enumerator->public.destroy = (void*)public_destroy; enumerator->inner = create_trusted_enumerator(this, type, id, TRUE, TRUE); @@ -1374,13 +1374,13 @@ static bool auth_contains_cacert(auth_cfg_t *auth, certificate_t *cert) */ static auth_cfg_t *build_trustchain(private_credential_manager_t *this, certificate_t *subject, auth_cfg_t *auth) -{ +{ certificate_t *issuer, *current; auth_cfg_t *trustchain; u_int level = 0; - + trustchain = auth_cfg_create(); - + current = auth->get(auth, AUTH_RULE_CA_CERT); if (!current) { @@ -1428,7 +1428,7 @@ static private_key_t *get_private_by_cert(private_credential_manager_t *this, identification_t *keyid; chunk_t chunk; public_key_t *public; - + public = cert->get_public_key(cert); if (public) { @@ -1454,13 +1454,13 @@ static private_key_t *get_private(private_credential_manager_t *this, certificate_t *cert; private_key_t *private = NULL; auth_cfg_t *trustchain; - + /* check if this is a lookup by key ID, and do it if so */ if (id && id->get_type(id) == ID_KEY_ID) { return get_private_by_keyid(this, type, id); } - + /* if a specific certificate is preferred, check for a matching key */ cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT); if (cert) @@ -1477,7 +1477,7 @@ static private_key_t *get_private(private_credential_manager_t *this, return private; } } - + /* try to build a trust chain for each certificate found */ enumerator = create_cert_enumerator(this, CERT_ANY, type, id, FALSE); while (enumerator->enumerate(enumerator, &cert)) @@ -1497,7 +1497,7 @@ static private_key_t *get_private(private_credential_manager_t *this, } } enumerator->destroy(enumerator); - + /* if no valid trustchain was found, fall back to the first usable cert */ if (!private) { @@ -1567,7 +1567,7 @@ static void destroy(private_credential_manager_t *this) credential_manager_t *credential_manager_create() { private_credential_manager_t *this = malloc_thing(private_credential_manager_t); - + this->public.create_cert_enumerator = (enumerator_t *(*)(credential_manager_t *this,certificate_type_t cert, key_type_t key,identification_t *id,bool))create_cert_enumerator; this->public.create_shared_enumerator = (enumerator_t *(*)(credential_manager_t *this, shared_key_type_t type,identification_t *me, identification_t *other))create_shared_enumerator; this->public.create_cdp_enumerator = (enumerator_t *(*)(credential_manager_t*, certificate_type_t type, identification_t *id))create_cdp_enumerator; @@ -1580,14 +1580,14 @@ credential_manager_t *credential_manager_create() this->public.add_set = (void(*)(credential_manager_t*, credential_set_t *set))add_set; this->public.remove_set = (void(*)(credential_manager_t*, credential_set_t *set))remove_set; this->public.destroy = (void(*)(credential_manager_t*))destroy; - + this->sets = linked_list_create(); pthread_key_create(&this->local_sets, (void*)this->sets->destroy); this->cache = cert_cache_create(); this->cache_queue = linked_list_create(); this->sets->insert_first(this->sets, this->cache); this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); - + return &this->public; } diff --git a/src/charon/credentials/credential_manager.h b/src/charon/credentials/credential_manager.h index 0af54c0b1..192b34871 100644 --- a/src/charon/credentials/credential_manager.h +++ b/src/charon/credentials/credential_manager.h @@ -36,11 +36,11 @@ typedef struct credential_manager_t credential_manager_t; * * The credential manager is the entry point of the credential framework. It * uses so called "sets" to access credentials in a modular fashion, these - * are implemented through the credential_set_t interface. + * are implemented through the credential_set_t interface. * The manager additionally does trust chain verification and trust status * chaching. A set may call the managers methods if it needs credentials itself, * the manager uses recursive locking. - * + * * @verbatim +-------+ +----------------+ @@ -58,14 +58,14 @@ typedef struct credential_manager_t credential_manager_t; | o | may be recursive | r | +-------+ - - @endverbatim + + @endverbatim * * The credential manager uses rwlocks for performance reasons, credential * sets must be fully thread save. */ struct credential_manager_t { - + /** * Create an enumerator over all certificates. * @@ -90,7 +90,7 @@ struct credential_manager_t { * @param second second subject between key is shared * @return enumerator over shared keys */ - enumerator_t *(*create_shared_enumerator)(credential_manager_t *this, + enumerator_t *(*create_shared_enumerator)(credential_manager_t *this, shared_key_type_t type, identification_t *first, identification_t *second); /** @@ -121,14 +121,14 @@ struct credential_manager_t { * @param me own identity * @param other peers identity * @return shared_key_t, NULL if none found - */ + */ shared_key_t *(*get_shared)(credential_manager_t *this, shared_key_type_t type, identification_t *me, identification_t *other); /** * Get a private key to create a signature. * * The get_private() method gets a secret private key identified by either - * the keyid itself or an id the key belongs to. + * the keyid itself or an id the key belongs to. * The auth parameter contains additional information, such as receipients * trusted CA certs. Auth gets filled with subject and CA certificates * needed to validate a created signature. @@ -140,12 +140,12 @@ struct credential_manager_t { */ private_key_t* (*get_private)(credential_manager_t *this, key_type_t type, identification_t *id, auth_cfg_t *auth); - + /** * Create an enumerator over trusted public keys. * * This method gets a an enumerator over trusted public keys to verify a - * signature created by id. The auth parameter contains additional + * signature created by id. The auth parameter contains additional * authentication infos, e.g. peer and intermediate certificates. * The resulting enumerator enumerates over public_key_t *, auth_cfg_t *, * where the auth config helper contains rules for constraint checks. @@ -157,14 +157,14 @@ struct credential_manager_t { */ enumerator_t* (*create_public_enumerator)(credential_manager_t *this, key_type_t type, identification_t *id, auth_cfg_t *auth); - + /** * Cache a certificate by invoking cache_cert() on all registerd sets. * * @param cert certificate to cache */ void (*cache_cert)(credential_manager_t *this, certificate_t *cert); - + /** * Flush the certificate cache. * @@ -174,21 +174,21 @@ struct credential_manager_t { * @param type type of certificate to flush, or CERT_ANY */ void (*flush_cache)(credential_manager_t *this, certificate_type_t type); - + /** * Register a credential set to the manager. * * @param set set to register */ void (*add_set)(credential_manager_t *this, credential_set_t *set); - + /** * Unregister a credential set from the manager. * * @param set set to unregister */ void (*remove_set)(credential_manager_t *this, credential_set_t *set); - + /** * Destroy a credential_manager instance. */ diff --git a/src/charon/credentials/credential_set.h b/src/charon/credentials/credential_set.h index e9ad99bfd..274eb3feb 100644 --- a/src/charon/credentials/credential_set.h +++ b/src/charon/credentials/credential_set.h @@ -43,12 +43,12 @@ typedef struct credential_set_t credential_set_t; * enumerator is alive, so it is save to use a write lock there. */ struct credential_set_t { - + /** * Create an enumerator over private keys (private_key_t). * * The id is either a key identifier of the requested key, or an identity - * of the key owner. + * of the key owner. * * @param type type of requested private key * @param id key identifier/owner @@ -80,10 +80,10 @@ struct credential_set_t { * @param other other identity who owns that secret * @return enumerator as described above */ - enumerator_t *(*create_shared_enumerator)(credential_set_t *this, + enumerator_t *(*create_shared_enumerator)(credential_set_t *this, shared_key_type_t type, identification_t *me, identification_t *other); - + /** * Create an enumerator over certificate distribution points. * @@ -93,7 +93,7 @@ struct credential_set_t { */ enumerator_t *(*create_cdp_enumerator)(credential_set_t *this, certificate_type_t type, identification_t *id); - + /** * Cache a certificate in the credential set. * @@ -102,7 +102,7 @@ struct credential_set_t { * * @param cert certificate to cache */ - void (*cache_cert)(credential_set_t *this, certificate_t *cert); + void (*cache_cert)(credential_set_t *this, certificate_t *cert); }; #endif /** CREDENTIAL_SET_H_ @}*/ diff --git a/src/charon/credentials/sets/auth_cfg_wrapper.c b/src/charon/credentials/sets/auth_cfg_wrapper.c index b2cf5d960..82e33d283 100644 --- a/src/charon/credentials/sets/auth_cfg_wrapper.c +++ b/src/charon/credentials/sets/auth_cfg_wrapper.c @@ -29,7 +29,7 @@ struct private_auth_cfg_wrapper_t { * public functions */ auth_cfg_wrapper_t public; - + /** * wrapped auth info */ @@ -67,10 +67,10 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator, /* fetching the certificate previously failed */ return FALSE; } - + chunk_t data; certificate_t *cert; - + DBG1(DBG_CFG, " fetching certificate from '%s' ...", url); if (lib->fetcher->fetch(lib->fetcher, url, &data, FETCH_END) != SUCCESS) { @@ -80,11 +80,11 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator, *rule, NULL); return FALSE; } - + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_BLOB_ASN1_DER, data, BUILD_END); free(data.ptr); - + if (!cert) { DBG1(DBG_CFG, " parsing fetched certificate failed"); @@ -93,10 +93,10 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator, *rule, NULL); return FALSE; } - + DBG1(DBG_CFG, " fetched certificate \"%Y\"", cert->get_subject(cert)); charon->credentials->cache_cert(charon->credentials, cert); - + if (*rule == AUTH_HELPER_IM_HASH_URL) { *rule = AUTH_HELPER_IM_CERT; @@ -174,11 +174,11 @@ static void wrapper_enumerator_destroy(wrapper_enumerator_t *this) * implementation of auth_cfg_wrapper_t.set.create_cert_enumerator */ static enumerator_t *create_enumerator(private_auth_cfg_wrapper_t *this, - certificate_type_t cert, key_type_t key, + certificate_type_t cert, key_type_t key, identification_t *id, bool trusted) { wrapper_enumerator_t *enumerator; - + if (trusted) { return NULL; @@ -208,16 +208,16 @@ static void destroy(private_auth_cfg_wrapper_t *this) auth_cfg_wrapper_t *auth_cfg_wrapper_create(auth_cfg_t *auth) { private_auth_cfg_wrapper_t *this = malloc_thing(private_auth_cfg_wrapper_t); - + this->public.set.create_private_enumerator = (void*)return_null; this->public.set.create_cert_enumerator = (void*)create_enumerator; this->public.set.create_shared_enumerator = (void*)return_null; this->public.set.create_cdp_enumerator = (void*)return_null; this->public.set.cache_cert = (void*)nop; this->public.destroy = (void(*)(auth_cfg_wrapper_t*))destroy; - + this->auth = auth; - + return &this->public; } diff --git a/src/charon/credentials/sets/auth_cfg_wrapper.h b/src/charon/credentials/sets/auth_cfg_wrapper.h index dd5e0fff6..1d9824182 100644 --- a/src/charon/credentials/sets/auth_cfg_wrapper.h +++ b/src/charon/credentials/sets/auth_cfg_wrapper.h @@ -35,7 +35,7 @@ struct auth_cfg_wrapper_t { * implements credential_set_t */ credential_set_t set; - + /** * Destroy a auth_cfg_wrapper instance. */ diff --git a/src/charon/credentials/sets/cert_cache.c b/src/charon/credentials/sets/cert_cache.c index dee0463e6..de8994b82 100644 --- a/src/charon/credentials/sets/cert_cache.c +++ b/src/charon/credentials/sets/cert_cache.c @@ -35,22 +35,22 @@ typedef struct relation_t relation_t; * A trusted relation between subject and issuer */ struct relation_t { - + /** * subject of this relation */ certificate_t *subject; - + /** * issuer of this relation */ certificate_t *issuer; - + /** * Cache hits */ u_int hits; - + /** * Lock for this relation */ @@ -61,12 +61,12 @@ struct relation_t { * private data of cert_cache */ struct private_cert_cache_t { - + /** * public functions */ cert_cache_t public; - + /** * array of trusted subject-issuer relations */ @@ -82,12 +82,12 @@ static void cache(private_cert_cache_t *this, relation_t *rel; int i, offset, try; u_int total_hits = 0; - + /* check for a unused relation slot first */ for (i = 0; i < CACHE_SIZE; i++) { rel = &this->relations[i]; - + if (!rel->subject && rel->lock->try_write_lock(rel->lock)) { /* double-check having lock */ @@ -109,7 +109,7 @@ static void cache(private_cert_cache_t *this, for (i = 0; i < CACHE_SIZE; i++) { rel = &this->relations[(i + offset) % CACHE_SIZE]; - + if (rel->hits > total_hits / CACHE_SIZE) { /* skip often used slots */ continue; @@ -140,11 +140,11 @@ static bool issued_by(private_cert_cache_t *this, { relation_t *found = NULL, *current; int i; - + for (i = 0; i < CACHE_SIZE; i++) { current = &this->relations[i]; - + current->lock->read_lock(current->lock); if (current->subject) { @@ -203,14 +203,14 @@ static bool cert_enumerate(cert_enumerator_t *this, certificate_t **out) { public_key_t *public; relation_t *rel; - + if (this->locked >= 0) { rel = &this->relations[this->locked]; rel->lock->unlock(rel->lock); this->locked = -1; } - + while (++this->index < CACHE_SIZE) { rel = &this->relations[this->index]; @@ -219,7 +219,7 @@ static bool cert_enumerate(cert_enumerator_t *this, certificate_t **out) if (rel->subject) { /* CRL lookup is done using issuer/authkeyidentifier */ - if (this->key == KEY_ANY && this->id && + if (this->key == KEY_ANY && this->id && (this->cert == CERT_ANY || this->cert == CERT_X509_CRL) && rel->subject->get_type(rel->subject) == CERT_X509_CRL && rel->subject->has_issuer(rel->subject, this->id)) @@ -261,7 +261,7 @@ static bool cert_enumerate(cert_enumerator_t *this, certificate_t **out) static void cert_enumerator_destroy(cert_enumerator_t *this) { relation_t *rel; - + if (this->locked >= 0) { rel = &this->relations[this->locked]; @@ -274,11 +274,11 @@ static void cert_enumerator_destroy(cert_enumerator_t *this) * implementation of credential_set_t.create_cert_enumerator */ static enumerator_t *create_enumerator(private_cert_cache_t *this, - certificate_type_t cert, key_type_t key, + certificate_type_t cert, key_type_t key, identification_t *id, bool trusted) { cert_enumerator_t *enumerator; - + if (trusted) { return NULL; @@ -292,7 +292,7 @@ static enumerator_t *create_enumerator(private_cert_cache_t *this, enumerator->relations = this->relations; enumerator->index = -1; enumerator->locked = -1; - + return &enumerator->public; } @@ -303,7 +303,7 @@ static void flush(private_cert_cache_t *this, certificate_type_t type) { relation_t *rel; int i; - + for (i = 0; i < CACHE_SIZE; i++) { rel = &this->relations[i]; @@ -346,7 +346,7 @@ static void destroy(private_cert_cache_t *this) { relation_t *rel; int i; - + for (i = 0; i < CACHE_SIZE; i++) { rel = &this->relations[i]; @@ -367,7 +367,7 @@ cert_cache_t *cert_cache_create() { private_cert_cache_t *this; int i; - + this = malloc_thing(private_cert_cache_t); this->public.set.create_private_enumerator = (void*)return_null; this->public.set.create_cert_enumerator = (void*)create_enumerator; @@ -377,7 +377,7 @@ cert_cache_t *cert_cache_create() this->public.issued_by = (bool(*)(cert_cache_t*, certificate_t *subject, certificate_t *issuer))issued_by; this->public.flush = (void(*)(cert_cache_t*, certificate_type_t type))flush; this->public.destroy = (void(*)(cert_cache_t*))destroy; - + for (i = 0; i < CACHE_SIZE; i++) { this->relations[i].subject = NULL; diff --git a/src/charon/credentials/sets/cert_cache.h b/src/charon/credentials/sets/cert_cache.h index a2cae367c..d2721866e 100644 --- a/src/charon/credentials/sets/cert_cache.h +++ b/src/charon/credentials/sets/cert_cache.h @@ -39,7 +39,7 @@ struct cert_cache_t { * Implements credential_set_t. */ credential_set_t set; - + /** * Caching wrapper around certificate_t.issued_by. * @@ -49,14 +49,14 @@ struct cert_cache_t { */ bool (*issued_by)(cert_cache_t *this, certificate_t *subject, certificate_t *issuer); - + /** * Flush the certificate cache. * * @param type type of certificate to flush, or CERT_ANY */ void (*flush)(cert_cache_t *this, certificate_type_t type); - + /** * Destroy a cert_cache instance. */ diff --git a/src/charon/credentials/sets/ocsp_response_wrapper.c b/src/charon/credentials/sets/ocsp_response_wrapper.c index e9faec472..82079209a 100644 --- a/src/charon/credentials/sets/ocsp_response_wrapper.c +++ b/src/charon/credentials/sets/ocsp_response_wrapper.c @@ -26,7 +26,7 @@ struct private_ocsp_response_wrapper_t { * public functions */ ocsp_response_wrapper_t public; - + /** * wrapped OCSP response */ @@ -98,16 +98,16 @@ static void enumerator_destroy(wrapper_enumerator_t *this) * implementation of ocsp_response_wrapper_t.set.create_cert_enumerator */ static enumerator_t *create_enumerator(private_ocsp_response_wrapper_t *this, - certificate_type_t cert, key_type_t key, + certificate_type_t cert, key_type_t key, identification_t *id, bool trusted) { wrapper_enumerator_t *enumerator; - + if (trusted) { return NULL; } - + enumerator = malloc_thing(wrapper_enumerator_t); enumerator->cert = cert; enumerator->key = key; @@ -132,16 +132,16 @@ static void destroy(private_ocsp_response_wrapper_t *this) ocsp_response_wrapper_t *ocsp_response_wrapper_create(ocsp_response_t *response) { private_ocsp_response_wrapper_t *this = malloc_thing(private_ocsp_response_wrapper_t); - + this->public.set.create_private_enumerator = (void*)return_null; this->public.set.create_cert_enumerator = (void*)create_enumerator; this->public.set.create_shared_enumerator = (void*)return_null; this->public.set.create_cdp_enumerator = (void*)return_null; this->public.set.cache_cert = (void*)nop; this->public.destroy = (void(*)(ocsp_response_wrapper_t*))destroy; - + this->response = response; - + return &this->public; } diff --git a/src/charon/credentials/sets/ocsp_response_wrapper.h b/src/charon/credentials/sets/ocsp_response_wrapper.h index 8f141f7a1..bf746320a 100644 --- a/src/charon/credentials/sets/ocsp_response_wrapper.h +++ b/src/charon/credentials/sets/ocsp_response_wrapper.h @@ -35,7 +35,7 @@ struct ocsp_response_wrapper_t { * implements credential_set_t */ credential_set_t set; - + /** * Destroy a ocsp_response_wrapper instance. */ diff --git a/src/charon/daemon.c b/src/charon/daemon.c index 26858af6c..aa8a6a0b8 100644 --- a/src/charon/daemon.c +++ b/src/charon/daemon.c @@ -58,7 +58,7 @@ struct private_daemon_t { * Public members of daemon_t. */ daemon_t public; - + /** * Signal set used for signal handling. */ @@ -88,7 +88,7 @@ extern void (*dbg) (int level, char *fmt, ...); static void dbg_bus(int level, char *fmt, ...) { va_list args; - + va_start(args, fmt); charon->bus->vlog(charon->bus, DBG_LIB, level, fmt, args); va_end(args); @@ -100,7 +100,7 @@ static void dbg_bus(int level, char *fmt, ...) static void dbg_stderr(int level, char *fmt, ...) { va_list args; - + if (level <= 1) { va_start(args, fmt); @@ -117,18 +117,18 @@ static void dbg_stderr(int level, char *fmt, ...) static void run(private_daemon_t *this) { sigset_t set; - + /* handle SIGINT, SIGHUP ans SIGTERM in this handler */ sigemptyset(&set); sigaddset(&set, SIGINT); sigaddset(&set, SIGHUP); sigaddset(&set, SIGTERM); - + while (TRUE) { int sig; int error; - + error = sigwait(&set, &sig); if (error) { @@ -200,7 +200,7 @@ static void destroy(private_daemon_t *this) DESTROY_IF(this->public.socket); /* wait until all threads are gone */ DESTROY_IF(this->public.processor); - + /* rehook library logging, shutdown logging */ dbg = dbg_stderr; DESTROY_IF(this->public.bus); @@ -257,7 +257,7 @@ static void drop_capabilities(private_daemon_t *this) { kill_daemon(this, "change to unprivileged user failed"); } - + #ifdef CAPABILITIES if (cap_set_proc(this->caps) != 0) { @@ -287,7 +287,7 @@ static void lookup_uid_gid(private_daemon_t *this) { char buf[1024]; struct passwd passwd, *pwp; - + if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 || pwp == NULL) { @@ -300,7 +300,7 @@ static void lookup_uid_gid(private_daemon_t *this) { char buf[1024]; struct group group, *grp; - + if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 || grp == NULL) { @@ -319,7 +319,7 @@ static void print_plugins() char buf[512], *plugin; int len = 0; enumerator_t *enumerator; - + buf[0] = '\0'; enumerator = lib->plugins->create_plugin_enumerator(lib->plugins); while (len < sizeof(buf) && enumerator->enumerate(enumerator, &plugin)) @@ -345,7 +345,7 @@ static void initialize_loggers(private_daemon_t *this, bool use_stderr, level_t def; bool append; FILE *file; - + /* setup sysloggers */ enumerator = lib->settings->create_section_enumerator(lib->settings, "charon.syslog"); @@ -378,7 +378,7 @@ static void initialize_loggers(private_daemon_t *this, bool use_stderr, this->public.bus->add_listener(this->public.bus, &sys_logger->listener); } enumerator->destroy(enumerator); - + /* and file loggers */ enumerator = lib->settings->create_section_enumerator(lib->settings, "charon.filelog"); @@ -418,10 +418,10 @@ static void initialize_loggers(private_daemon_t *this, bool use_stderr, this->public.file_loggers->insert_last(this->public.file_loggers, file_logger); this->public.bus->add_listener(this->public.bus, &file_logger->listener); - + } enumerator->destroy(enumerator); - + /* set up legacy style default loggers provided via command-line */ if (!loggers_defined) { @@ -443,7 +443,7 @@ static void initialize_loggers(private_daemon_t *this, bool use_stderr, file_logger->set_level(file_logger, group, levels[group]); } } - + /* set up default auth sys_logger */ sys_logger = sys_logger_create(LOG_AUTHPRIV); this->public.bus->add_listener(this->public.bus, &sys_logger->listener); @@ -460,14 +460,14 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[]) { /* for uncritical pseudo random numbers */ srandom(time(NULL) + getpid()); - + /* setup bus and it's listeners first to enable log output */ this->public.bus = bus_create(); /* set up hook to log dbg message in library via charons message bus */ dbg = dbg_bus; - + initialize_loggers(this, !syslog, levels); - + DBG1(DBG_DMN, "Starting IKEv2 charon daemon (strongSwan "VERSION")"); if (lib->integrity) @@ -489,14 +489,14 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[]) this->public.kernel_interface = kernel_interface_create(); this->public.socket = socket_create(); this->public.traps = trap_manager_create(); - + /* load plugins, further infrastructure may need it */ if (!lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, lib->settings->get_str(lib->settings, "charon.load", PLUGINS))) { return FALSE; } - + print_plugins(); this->public.ike_sa_manager = ike_sa_manager_create(); @@ -510,7 +510,7 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[]) { return FALSE; } - + #ifdef ME this->public.connect_manager = connect_manager_create(); if (this->public.connect_manager == NULL) @@ -519,7 +519,7 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[]) } this->public.mediation_manager = mediation_manager_create(); #endif /* ME */ - + return TRUE; } @@ -529,12 +529,12 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[]) static void segv_handler(int signal) { backtrace_t *backtrace; - + DBG1(DBG_DMN, "thread %u received %d", pthread_self(), signal); backtrace = backtrace_create(2); backtrace->log(backtrace, stderr); backtrace->destroy(backtrace); - + DBG1(DBG_DMN, "killing ourself, received critical signal"); raise(SIGKILL); } @@ -546,11 +546,11 @@ private_daemon_t *daemon_create(void) { struct sigaction action; private_daemon_t *this = malloc_thing(private_daemon_t); - + /* assign methods */ this->public.kill = (void (*) (daemon_t*,char*))kill_daemon; this->public.keep_cap = (void(*)(daemon_t*, u_int cap))keep_cap; - + /* NULL members for clean destruction */ this->public.socket = NULL; this->public.ike_sa_manager = NULL; @@ -575,7 +575,7 @@ private_daemon_t *daemon_create(void) #endif /* ME */ this->public.uid = 0; this->public.gid = 0; - + this->public.main_thread_id = pthread_self(); #ifdef CAPABILITIES this->caps = cap_init(); @@ -585,7 +585,7 @@ private_daemon_t *daemon_create(void) keep_cap(this, CAP_SYS_NICE); } #endif /* CAPABILITIES */ - + /* add handler for SEGV and ILL, * add handler for USR1 (cancellation). * INT, TERM and HUP are handled by sigwait() in run() */ @@ -600,9 +600,9 @@ private_daemon_t *daemon_create(void) sigaction(SIGBUS, &action, NULL); action.sa_handler = SIG_IGN; sigaction(SIGPIPE, &action, NULL); - + pthread_sigmask(SIG_SETMASK, &action.sa_mask, 0); - + return this; } @@ -613,7 +613,7 @@ static bool check_pidfile() { struct stat stb; FILE *file; - + if (stat(PID_FILE, &stb) == 0) { file = fopen(PID_FILE, "r"); @@ -621,7 +621,7 @@ static bool check_pidfile() { char buf[64]; pid_t pid = 0; - + memset(buf, 0, sizeof(buf)); if (fread(buf, 1, sizeof(buf), file)) { @@ -636,7 +636,7 @@ static bool check_pidfile() DBG1(DBG_DMN, "removing pidfile '"PID_FILE"', process not running"); unlink(PID_FILE); } - + /* create new pidfile */ file = fopen(PID_FILE, "w"); if (file) @@ -679,17 +679,17 @@ int main(int argc, char *argv[]) private_daemon_t *private_charon; level_t levels[DBG_MAX]; int group; - + /* logging for library during initialization, as we have no bus yet */ dbg = dbg_stderr; - + /* initialize library */ if (!library_init(STRONGSWAN_CONF)) { library_deinit(); exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); } - + if (lib->integrity && !lib->integrity->check_file(lib->integrity, "charon", argv[0])) { @@ -697,7 +697,7 @@ int main(int argc, char *argv[]) library_deinit(); exit(SS_RC_DAEMON_INTEGRITY); } - + lib->printf_hook->add_handler(lib->printf_hook, 'R', traffic_selector_printf_hook, PRINTF_HOOK_ARGTYPE_POINTER, @@ -708,15 +708,15 @@ int main(int argc, char *argv[]) PRINTF_HOOK_ARGTYPE_END); private_charon = daemon_create(); charon = (daemon_t*)private_charon; - + lookup_uid_gid(private_charon); - + /* use CTRL loglevel for default */ for (group = 0; group < DBG_MAX; group++) { levels[group] = LEVEL_CTRL; } - + /* handle arguments */ for (;;) { @@ -737,7 +737,7 @@ int main(int argc, char *argv[]) { "debug-lib", required_argument, &group, DBG_LIB }, { 0,0,0,0 } }; - + int c = getopt_long(argc, argv, "", long_opts, NULL); switch (c) { @@ -762,7 +762,7 @@ int main(int argc, char *argv[]) } break; } - + /* initialize daemon */ if (!initialize(private_charon, use_syslog, levels)) { @@ -770,31 +770,31 @@ int main(int argc, char *argv[]) destroy(private_charon); exit(SS_RC_INITIALIZATION_FAILED); } - + if (check_pidfile()) { DBG1(DBG_DMN, "charon already running (\""PID_FILE"\" exists)"); destroy(private_charon); exit(-1); } - + /* drop the capabilities we won't need */ drop_capabilities(private_charon); - + /* start the engine, go multithreaded */ charon->processor->set_threads(charon->processor, lib->settings->get_int(lib->settings, "charon.threads", DEFAULT_THREADS)); - + /* run daemon */ run(private_charon); - + /* normal termination, cleanup and exit */ destroy(private_charon); unlink(PID_FILE); - + library_deinit(); - + return 0; } diff --git a/src/charon/daemon.h b/src/charon/daemon.h index 430654c8e..e00a1afba 100644 --- a/src/charon/daemon.h +++ b/src/charon/daemon.h @@ -199,104 +199,104 @@ typedef struct daemon_t daemon_t; * Main class of daemon, contains some globals. */ struct daemon_t { - + /** * A socket_t instance. */ socket_t *socket; - + /** * A ike_sa_manager_t instance. */ ike_sa_manager_t *ike_sa_manager; - + /** * Manager for triggering policies, called traps */ trap_manager_t *traps; - + /** * Manager for the different configuration backends. */ backend_manager_t *backends; - + /** * Manager for IKEv2 cfg payload attributes */ attribute_manager_t *attributes; - + /** * Manager for the credential backends */ credential_manager_t *credentials; - + /** * The Sender-Thread. */ sender_t *sender; - + /** * The Receiver-Thread. */ receiver_t *receiver; - + /** * The Scheduler-Thread. */ scheduler_t *scheduler; - + /** * Job processing using a thread pool. */ processor_t *processor; - + /** * The signaling bus. */ bus_t *bus; - + /** * A list of installed file_logger_t's */ linked_list_t *file_loggers; - + /** * A list of installed sys_logger_t's */ linked_list_t *sys_loggers; - + /** * Kernel Interface to communicate with kernel */ kernel_interface_t *kernel_interface; - + /** * Controller to control the daemon */ controller_t *controller; - + /** * EAP manager to maintain registered EAP methods */ eap_manager_t *eap; - + /** * SIM manager to maintain SIM cards/providers */ sim_manager_t *sim; - + #ifdef ME /** * Connect manager */ connect_manager_t *connect_manager; - + /** * Mediation manager */ mediation_manager_t *mediation_manager; #endif /* ME */ - + /** * User ID the daemon will user after initialization */ @@ -306,12 +306,12 @@ struct daemon_t { * Group ID the daemon will use after initialization */ gid_t gid; - + /** * The thread_id of main-thread. */ pthread_t main_thread_id; - + /** * Do not drop a given capability after initialization. * @@ -320,7 +320,7 @@ struct daemon_t { * drop these. */ void (*keep_cap)(daemon_t *this, u_int cap); - + /** * Shut down the daemon. * diff --git a/src/charon/encoding/generator.c b/src/charon/encoding/generator.c index 406cfc688..e8db55a7f 100644 --- a/src/charon/encoding/generator.c +++ b/src/charon/encoding/generator.c @@ -53,55 +53,55 @@ struct private_generator_t { * Public part of a generator_t object. */ generator_t public; - + /** * Buffer used to generate the data into. */ u_int8_t *buffer; - + /** * Current write position in buffer (one byte aligned). */ u_int8_t *out_position; - + /** * Position of last byte in buffer. */ u_int8_t *roof_position; - + /** * Current bit writing to in current byte (between 0 and 7). */ u_int8_t current_bit; - + /** * Associated data struct to read informations from. */ void *data_struct; - + /* * Last payload length position offset in the buffer. */ u_int32_t last_payload_length_position_offset; - + /** * Offset of the header length field in the buffer. */ u_int32_t header_length_position_offset; - + /** * Last SPI size. */ u_int8_t last_spi_size; - + /** * Attribute format of the last generated transform attribute. * - * Used to check if a variable value field is used or not for + * Used to check if a variable value field is used or not for * the transform attribute value. */ bool attribute_format; - + /** * Depending on the value of attribute_format this field is used * to hold the length of the transform attribute in bytes. @@ -149,14 +149,14 @@ static void make_space_available(private_generator_t *this, int bits) while ((get_space(this) * 8 - this->current_bit) < bits) { int old_buffer_size, new_buffer_size, out_position_offset; - + old_buffer_size = get_size(this); new_buffer_size = old_buffer_size + GENERATOR_DATA_BUFFER_INCREASE_VALUE; out_position_offset = this->out_position - this->buffer; - - DBG2(DBG_ENC, "increasing gen buffer from %d to %d byte", + + DBG2(DBG_ENC, "increasing gen buffer from %d to %d byte", old_buffer_size, new_buffer_size); - + this->buffer = realloc(this->buffer,new_buffer_size); this->out_position = (this->buffer + out_position_offset); this->roof_position = (this->buffer + new_buffer_size); @@ -171,9 +171,9 @@ static void write_bytes_to_buffer(private_generator_t *this, void *bytes, { int i; u_int8_t *read_position = (u_int8_t *)bytes; - + make_space_available(this, number_of_bytes * 8); - + for (i = 0; i < number_of_bytes; i++) { *(this->out_position) = *(read_position); @@ -192,14 +192,14 @@ static void write_bytes_to_buffer_at_offset(private_generator_t *this, u_int8_t *read_position = (u_int8_t *)bytes; u_int8_t *write_position; u_int32_t free_space_after_offset = get_size(this) - offset; - - /* check first if enough space for new data is available */ + + /* check first if enough space for new data is available */ if (number_of_bytes > free_space_after_offset) { - make_space_available(this, + make_space_available(this, (number_of_bytes - free_space_after_offset) * 8); } - + write_position = this->buffer + offset; for (i = 0; i < number_of_bytes; i++) { @@ -216,7 +216,7 @@ static void generate_u_int_type(private_generator_t *this, encoding_type_t int_type,u_int32_t offset) { int number_of_bits = 0; - + /* find out number of bits of each U_INT type to check for enough space */ switch (int_type) { @@ -251,14 +251,14 @@ static void generate_u_int_type(private_generator_t *this, encoding_type_names, int_type); return; } - + make_space_available(this, number_of_bits); switch (int_type) { case U_INT_4: { u_int8_t high, low; - + if (this->current_bit == 0) { /* high of current byte in buffer has to be set to the new value*/ @@ -303,7 +303,7 @@ static void generate_u_int_type(private_generator_t *this, { u_int8_t attribute_format_flag; u_int16_t val; - + /* attribute type must not change first bit of current byte */ if (this->current_bit != 1) { @@ -325,7 +325,7 @@ static void generate_u_int_type(private_generator_t *this, write_bytes_to_buffer(this, &val, sizeof(u_int16_t)); this->current_bit = 0; break; - + } case U_INT_16: case CONFIGURATION_ATTRIBUTE_LENGTH: @@ -372,11 +372,11 @@ static void generate_reserved_field(private_generator_t *this, int bits) return ; } make_space_available(this, bits); - + if (bits == 1) { u_int8_t reserved_bit = ~(1 << (7 - this->current_bit)); - + *(this->out_position) = *(this->out_position) & reserved_bit; if (this->current_bit == 0) { @@ -410,11 +410,11 @@ static void generate_flag(private_generator_t *this, u_int32_t offset) { u_int8_t flag_value; u_int8_t flag; - + flag_value = (*((bool *) (this->data_struct + offset))) ? 1 : 0; /* get flag position */ flag = (flag_value << (7 - this->current_bit)); - + /* make sure one bit is available in buffer */ make_space_available(this, 1); if (this->current_bit == 0) @@ -422,10 +422,10 @@ static void generate_flag(private_generator_t *this, u_int32_t offset) /* memory must be zero */ *(this->out_position) = 0x00; } - + *(this->out_position) = *(this->out_position) | flag; DBG3(DBG_ENC, " => %d", *this->out_position); - + this->current_bit++; if (this->current_bit >= 8) { @@ -440,16 +440,16 @@ static void generate_flag(private_generator_t *this, u_int32_t offset) static void generate_from_chunk(private_generator_t *this, u_int32_t offset) { chunk_t *value; - + if (this->current_bit != 0) { DBG1(DBG_ENC, "can not generate a chunk at Bitpos %d", this->current_bit); return ; } - + value = (chunk_t *)(this->data_struct + offset); DBG3(DBG_ENC, " => %B", value); - + write_bytes_to_buffer(this, value->ptr, value->len); } @@ -460,7 +460,7 @@ static void write_to_chunk(private_generator_t *this,chunk_t *data) { int data_length = get_length(this); u_int32_t header_length_field = data_length; - + /* write length into header length field */ if (this->header_length_position_offset > 0) { @@ -468,14 +468,14 @@ static void write_to_chunk(private_generator_t *this,chunk_t *data) write_bytes_to_buffer_at_offset(this, &val, sizeof(u_int32_t), this->header_length_position_offset); } - + if (this->current_bit > 0) { data_length++; } *data = chunk_alloc(data_length); memcpy(data->ptr, this->buffer, data_length); - + DBG3(DBG_ENC, "generated data of this generator %B", data); } @@ -488,20 +488,20 @@ static void generate_payload (private_generator_t *this,payload_t *payload) size_t rule_count; encoding_rule_t *rules; payload_type_t payload_type; - + this->data_struct = payload; payload_type = payload->get_type(payload); /* spi size has to get reseted */ this->last_spi_size = 0; - + offset_start = this->out_position - this->buffer; - + DBG2(DBG_ENC, "generating payload of type %N", payload_type_names, payload_type); - + /* each payload has its own encoding rules */ payload->get_encoding_rules(payload, &rules, &rule_count); - + for (i = 0; i < rule_count;i++) { DBG2(DBG_ENC, " generating rule %d %N", @@ -529,7 +529,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload) { generate_reserved_field(this, 8); break; - } + } case FLAG: { generate_flag(this, rules[i].offset); @@ -578,7 +578,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload) u_int16_t length_of_payload; u_int16_t header_length = 0; u_int16_t length_in_network_order; - + switch(rules[i].type) { case KEY_EXCHANGE_DATA: @@ -619,13 +619,13 @@ static void generate_payload (private_generator_t *this,payload_t *payload) break; } generate_from_chunk(this, rules[i].offset); - + payload_length_position_offset = this->last_payload_length_position_offset; - - length_of_payload = header_length + + + length_of_payload = header_length + ((chunk_t *)(this->data_struct + rules[i].offset))->len; - + length_in_network_order = htons(length_of_payload); write_bytes_to_buffer_at_offset(this, &length_in_network_order, sizeof(u_int16_t), payload_length_position_offset); @@ -633,7 +633,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload) } case PROPOSALS: { - u_int32_t payload_length_position_offset = + u_int32_t payload_length_position_offset = this->last_payload_length_position_offset; /* Length of SA_PAYLOAD is calculated */ u_int16_t length_of_sa_payload = SA_PAYLOAD_HEADER_LENGTH; @@ -642,13 +642,13 @@ static void generate_payload (private_generator_t *this,payload_t *payload) (this->data_struct + rules[i].offset)); iterator_t *iterator; payload_t *current_proposal; - + iterator = proposals->create_iterator(proposals,TRUE); while (iterator->iterate(iterator, (void**)¤t_proposal)) { u_int32_t before_generate_position_offset; u_int32_t after_generate_position_offset; - + before_generate_position_offset = get_offset(this); generate_payload(this, current_proposal); after_generate_position_offset = get_offset(this); @@ -656,7 +656,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload) before_generate_position_offset); } iterator->destroy(iterator); - + int16_val = htons(length_of_sa_payload); write_bytes_to_buffer_at_offset(this, &int16_val, sizeof(u_int16_t),payload_length_position_offset); @@ -664,36 +664,36 @@ static void generate_payload (private_generator_t *this,payload_t *payload) } case TRANSFORMS: { - u_int32_t payload_length_position_offset = + u_int32_t payload_length_position_offset = this->last_payload_length_position_offset; - u_int16_t length_of_proposal = + u_int16_t length_of_proposal = PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH + this->last_spi_size; u_int16_t int16_val; linked_list_t *transforms = *((linked_list_t **) (this->data_struct + rules[i].offset)); iterator_t *iterator; payload_t *current_transform; - + iterator = transforms->create_iterator(transforms,TRUE); while (iterator->iterate(iterator, (void**)¤t_transform)) { u_int32_t before_generate_position_offset; u_int32_t after_generate_position_offset; - + before_generate_position_offset = get_offset(this); generate_payload(this, current_transform); after_generate_position_offset = get_offset(this); - + length_of_proposal += (after_generate_position_offset - before_generate_position_offset); } iterator->destroy(iterator); - + int16_val = htons(length_of_proposal); write_bytes_to_buffer_at_offset(this, &int16_val, sizeof(u_int16_t), payload_length_position_offset); break; - } + } case TRANSFORM_ATTRIBUTES: { u_int32_t transform_length_position_offset = @@ -705,32 +705,32 @@ static void generate_payload (private_generator_t *this,payload_t *payload) (this->data_struct + rules[i].offset)); iterator_t *iterator; payload_t *current_attribute; - + iterator = transform_attributes->create_iterator( transform_attributes, TRUE); while (iterator->iterate(iterator, (void**)¤t_attribute)) { u_int32_t before_generate_position_offset; u_int32_t after_generate_position_offset; - + before_generate_position_offset = get_offset(this); generate_payload(this, current_attribute); after_generate_position_offset = get_offset(this); - + length_of_transform += (after_generate_position_offset - before_generate_position_offset); } - + iterator->destroy(iterator); - + int16_val = htons(length_of_transform); - write_bytes_to_buffer_at_offset(this, &int16_val, + write_bytes_to_buffer_at_offset(this, &int16_val, sizeof(u_int16_t),transform_length_position_offset); break; } case CONFIGURATION_ATTRIBUTES: { - u_int32_t configurations_length_position_offset = + u_int32_t configurations_length_position_offset = this->last_payload_length_position_offset; u_int16_t length_of_configurations = CP_PAYLOAD_HEADER_LENGTH; u_int16_t int16_val; @@ -738,29 +738,29 @@ static void generate_payload (private_generator_t *this,payload_t *payload) (this->data_struct + rules[i].offset)); iterator_t *iterator; payload_t *current_attribute; - + iterator = configuration_attributes->create_iterator( configuration_attributes,TRUE); while (iterator->iterate(iterator, (void**)¤t_attribute)) { u_int32_t before_generate_position_offset; u_int32_t after_generate_position_offset; - + before_generate_position_offset = get_offset(this); generate_payload(this, current_attribute); after_generate_position_offset = get_offset(this); - + length_of_configurations += after_generate_position_offset - before_generate_position_offset; } - + iterator->destroy(iterator); - + int16_val = htons(length_of_configurations); - write_bytes_to_buffer_at_offset(this, &int16_val, + write_bytes_to_buffer_at_offset(this, &int16_val, sizeof(u_int16_t),configurations_length_position_offset); break; - } + } case ATTRIBUTE_FORMAT: { generate_flag(this, rules[i].offset); @@ -768,7 +768,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload) this->attribute_format = *((bool *)(this->data_struct + rules[i].offset)); break; - } + } case ATTRIBUTE_LENGTH_OR_VALUE: { @@ -797,7 +797,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload) } case TRAFFIC_SELECTORS: { - u_int32_t payload_length_position_offset = + u_int32_t payload_length_position_offset = this->last_payload_length_position_offset; u_int16_t length_of_ts_payload = TS_PAYLOAD_HEADER_LENGTH; u_int16_t int16_val; @@ -805,29 +805,29 @@ static void generate_payload (private_generator_t *this,payload_t *payload) (this->data_struct + rules[i].offset)); iterator_t *iterator; payload_t *current_tss; - + iterator = traffic_selectors->create_iterator( traffic_selectors,TRUE); while (iterator->iterate(iterator, (void **)¤t_tss)) { u_int32_t before_generate_position_offset; u_int32_t after_generate_position_offset; - + before_generate_position_offset = get_offset(this); generate_payload(this, current_tss); after_generate_position_offset = get_offset(this); - + length_of_ts_payload += (after_generate_position_offset - before_generate_position_offset); } iterator->destroy(iterator); - + int16_val = htons(length_of_ts_payload); write_bytes_to_buffer_at_offset(this, &int16_val, sizeof(u_int16_t),payload_length_position_offset); break; - } - + } + case ENCRYPTED_DATA: { generate_from_chunk(this, rules[i].offset); @@ -869,10 +869,10 @@ generator_t *generator_create() this->public.generate_payload = (void(*)(generator_t*, payload_t *))generate_payload; this->public.destroy = (void(*)(generator_t*)) destroy; this->public.write_to_chunk = (void (*) (generator_t *,chunk_t *))write_to_chunk; - + /* allocate memory for buffer */ this->buffer = malloc(GENERATOR_DATA_BUFFER_SIZE); - + /* initiate private variables */ this->out_position = this->buffer; this->roof_position = this->buffer + GENERATOR_DATA_BUFFER_SIZE; @@ -880,7 +880,7 @@ generator_t *generator_create() this->current_bit = 0; this->last_payload_length_position_offset = 0; this->header_length_position_offset = 0; - + return &(this->public); } diff --git a/src/charon/encoding/generator.h b/src/charon/encoding/generator.h index f6fb8981c..2221c84af 100644 --- a/src/charon/encoding/generator.h +++ b/src/charon/encoding/generator.h @@ -44,7 +44,7 @@ typedef struct generator_t generator_t; * A generator_t class used to generate IKEv2 payloads. * * After creation, multiple payloads can be generated with the generate_payload - * method. The generated bytes are appended. After all payloads are added, + * method. The generated bytes are appended. After all payloads are added, * the write_to_chunk method writes out all generated data since * the creation of the generator. After that, the generator must be destroyed. * The generater uses a set of encoding rules, which it can get from @@ -52,7 +52,7 @@ typedef struct generator_t generator_t; * the payload and all substructures automatically. */ struct generator_t { - + /** * Generates a specific payload from given payload object. * @@ -61,14 +61,14 @@ struct generator_t { * @param payload interface payload_t implementing object */ void (*generate_payload) (generator_t *this,payload_t *payload); - + /** * Writes all generated data of the generator to a chunk. * * @param data chunk to write the data to */ void (*write_to_chunk) (generator_t *this,chunk_t *data); - + /** * Destroys a generator_t object. */ @@ -77,7 +77,7 @@ struct generator_t { /** * Constructor to create a generator. - * + * * @return generator_t object. */ generator_t *generator_create(void); diff --git a/src/charon/encoding/message.c b/src/charon/encoding/message.c index ff82a57c7..5fe840604 100644 --- a/src/charon/encoding/message.c +++ b/src/charon/encoding/message.c @@ -56,7 +56,7 @@ struct payload_rule_t { * Payload type. */ payload_type_t payload_type; - + /** * Minimal occurence of this payload. */ @@ -66,12 +66,12 @@ struct payload_rule_t { * Max occurence of this payload. */ size_t max_occurence; - + /** * TRUE if payload must be encrypted */ bool encrypted; - + /** * If this payload occurs, the message rule is * fullfilled in any case. This applies e.g. to @@ -91,7 +91,7 @@ struct payload_order_t { * payload type */ payload_type_t type; - + /** * notify type, if payload == NOTIFY */ @@ -111,7 +111,7 @@ struct message_rule_t { * Type of message. */ exchange_type_t exchange_type; - + /** * Is message a request or response. */ @@ -121,22 +121,22 @@ struct message_rule_t { * Message contains encrypted content. */ bool encrypted_content; - + /** * Number of payload rules which will follow */ int payload_rule_count; - + /** * Pointer to first payload rule */ payload_rule_t *payload_rules; - + /** * Number of payload order rules */ int payload_order_count; - + /** * payload ordering rules */ @@ -536,12 +536,12 @@ struct private_message_t { * Minor version of message. */ u_int8_t major_version; - + /** * Major version of message. */ u_int8_t minor_version; - + /** * First Payload in message. */ @@ -556,32 +556,32 @@ struct private_message_t { * TRUE if message is a request, FALSE if a reply. */ bool is_request; - + /** * Message ID of this message. */ u_int32_t message_id; - + /** * ID of assigned IKE_SA. */ ike_sa_id_t *ike_sa_id; - + /** * Assigned UDP packet, stores incoming packet or last generated one. */ packet_t *packet; - + /** * Linked List where payload data are stored in. */ linked_list_t *payloads; - + /** * Assigned parser to parse Header and Body of this message. */ parser_t *parser; - + /** * The message rule for this message instance */ @@ -594,7 +594,7 @@ struct private_message_t { static status_t set_message_rule(private_message_t *this) { int i; - + for (i = 0; i < (sizeof(message_rules) / sizeof(message_rule_t)); i++) { if ((this->exchange_type == message_rules[i].exchange_type) && @@ -615,7 +615,7 @@ static status_t set_message_rule(private_message_t *this) static status_t get_payload_rule(private_message_t *this, payload_type_t payload_type, payload_rule_t **payload_rule) { int i; - + for (i = 0; i < this->message_rule->payload_rule_count;i++) { if (this->message_rule->payload_rules[i].payload_type == payload_type) @@ -624,7 +624,7 @@ static status_t get_payload_rule(private_message_t *this, payload_type_t payload return SUCCESS; } } - + *payload_rule = NULL; return NOT_FOUND; } @@ -757,7 +757,7 @@ static exchange_type_t get_request (private_message_t *this) static bool is_encoded(private_message_t *this) { chunk_t data = this->packet->get_data(this->packet); - + if (data.ptr == NULL) { return FALSE; @@ -796,7 +796,7 @@ static void add_notify(private_message_t *this, bool flush, notify_type_t type, { notify_payload_t *notify; payload_t *payload; - + if (flush) { while (this->payloads->remove_last(this->payloads, @@ -858,7 +858,7 @@ static payload_t *get_payload(private_message_t *this, payload_type_t type) { payload_t *current, *found = NULL; enumerator_t *enumerator; - + enumerator = create_payload_enumerator(this); while (enumerator->enumerate(enumerator, ¤t)) { @@ -880,7 +880,7 @@ static notify_payload_t* get_notify(private_message_t *this, notify_type_t type) enumerator_t *enumerator; notify_payload_t *notify = NULL; payload_t *payload; - + enumerator = create_payload_enumerator(this); while (enumerator->enumerate(enumerator, &payload)) { @@ -907,10 +907,10 @@ static char* get_string(private_message_t *this, char *buf, int len) payload_t *payload; int written; char *pos = buf; - + memset(buf, 0, len); len--; - + written = snprintf(pos, len, "%N %s %d [", exchange_type_names, this->exchange_type, this->is_request ? "request" : "response", @@ -921,7 +921,7 @@ static char* get_string(private_message_t *this, char *buf, int len) } pos += written; len -= written; - + enumerator = create_payload_enumerator(this); while (enumerator->enumerate(enumerator, &payload)) { @@ -947,7 +947,7 @@ static char* get_string(private_message_t *this, char *buf, int len) } } enumerator->destroy(enumerator); - + /* remove last space */ snprintf(pos, len, " ]"); return buf; @@ -961,7 +961,7 @@ static void order_payloads(private_message_t *this) linked_list_t *list; payload_t *payload; int i; - + /* move to temp list */ list = linked_list_create(); while (this->payloads->remove_last(this->payloads, @@ -975,7 +975,7 @@ static void order_payloads(private_message_t *this) enumerator_t *enumerator; notify_payload_t *notify; payload_order_t order = this->message_rule->payload_order[i]; - + /* ... find all payload ... */ enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &payload)) @@ -984,7 +984,7 @@ static void order_payloads(private_message_t *this) if (payload->get_type(payload) == order.type) { notify = (notify_payload_t*)payload; - + /**... and check notify for type. */ if (order.type != NOTIFY || order.notify == 0 || order.notify == notify->get_notify_type(notify)) @@ -1017,24 +1017,24 @@ static status_t encrypt_payloads(private_message_t *this, encryption_payload_t *encryption_payload = NULL; status_t status; linked_list_t *all_payloads; - + if (!this->message_rule->encrypted_content) { DBG2(DBG_ENC, "message doesn't have to be encrypted"); /* message contains no content to encrypt */ return SUCCESS; } - + if (!crypter || !signer) { DBG2(DBG_ENC, "no crypter or signer specified, do not encrypt message"); /* message contains no content to encrypt */ return SUCCESS; } - + DBG2(DBG_ENC, "copy all payloads to a temporary list"); all_payloads = linked_list_create(); - + /* first copy all payloads in a temporary list */ while (this->payloads->get_count(this->payloads) > 0) { @@ -1042,7 +1042,7 @@ static status_t encrypt_payloads(private_message_t *this, this->payloads->remove_first(this->payloads,¤t_payload); all_payloads->insert_last(all_payloads,current_payload); } - + encryption_payload = encryption_payload_create(); DBG2(DBG_ENC, "check each payloads if they have to get encrypted"); @@ -1051,9 +1051,9 @@ static status_t encrypt_payloads(private_message_t *this, payload_rule_t *payload_rule; payload_t *current_payload; bool to_encrypt = FALSE; - + all_payloads->remove_first(all_payloads,(void **)¤t_payload); - + status = get_payload_rule(this, current_payload->get_type(current_payload),&payload_rule); /* for payload types which are not found in supported payload list, @@ -1064,7 +1064,7 @@ static status_t encrypt_payloads(private_message_t *this, payload_type_names, current_payload->get_type(current_payload)); to_encrypt = TRUE; } - + if (to_encrypt) { DBG2(DBG_ENC, "insert payload %N to encryption payload", @@ -1085,9 +1085,9 @@ static status_t encrypt_payloads(private_message_t *this, status = encryption_payload->encrypt(encryption_payload); DBG2(DBG_ENC, "add encrypted payload to payload list"); add_payload(this, (payload_t*)encryption_payload); - + all_payloads->destroy(all_payloads); - + return status; } @@ -1104,20 +1104,20 @@ static status_t generate(private_message_t *this, crypter_t *crypter, status_t status; chunk_t packet_data; char str[256]; - + if (is_encoded(this)) { /* already generated, return a new packet clone */ *packet = this->packet->clone(this->packet); return SUCCESS; } - + if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED) { DBG1(DBG_ENC, "exchange type is not defined"); return INVALID_STATE; } - + if (this->packet->get_source(this->packet) == NULL || this->packet->get_destination(this->packet) == NULL) { @@ -1125,7 +1125,7 @@ static status_t generate(private_message_t *this, crypter_t *crypter, !this->packet->get_source(this->packet) ? "source" : "destination"); return INVALID_STATE; } - + /* set the rules for this messge */ status = set_message_rule(this); if (status != SUCCESS) @@ -1133,11 +1133,11 @@ static status_t generate(private_message_t *this, crypter_t *crypter, DBG1(DBG_ENC, "no message rules specified for this message type"); return NOT_SUPPORTED; } - + order_payloads(this); - + DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str))); - + /* going to encrypt all content which have to be encrypted */ status = encrypt_payloads(this, crypter, signer); if (status != SUCCESS) @@ -1145,21 +1145,21 @@ static status_t generate(private_message_t *this, crypter_t *crypter, DBG1(DBG_ENC, "payload encryption failed"); return status; } - + /* build ike header */ ike_header = ike_header_create(); - + ike_header->set_exchange_type(ike_header, this->exchange_type); ike_header->set_message_id(ike_header, this->message_id); ike_header->set_response_flag(ike_header, !this->is_request); ike_header->set_initiator_flag(ike_header, this->ike_sa_id->is_initiator(this->ike_sa_id)); ike_header->set_initiator_spi(ike_header, this->ike_sa_id->get_initiator_spi(this->ike_sa_id)); ike_header->set_responder_spi(ike_header, this->ike_sa_id->get_responder_spi(this->ike_sa_id)); - + generator = generator_create(); - + payload = (payload_t*)ike_header; - + /* generate every payload expect last one, this is done later*/ enumerator = create_payload_enumerator(this); while (enumerator->enumerate(enumerator, &next_payload)) @@ -1169,18 +1169,18 @@ static status_t generate(private_message_t *this, crypter_t *crypter, payload = next_payload; } enumerator->destroy(enumerator); - + /* last payload has no next payload*/ payload->set_next_type(payload, NO_PAYLOAD); generator->generate_payload(generator, payload); ike_header->destroy(ike_header); - + /* build packet */ generator->write_to_chunk(generator, &packet_data); generator->destroy(generator); - + /* if last payload is of type encrypted, integrity checksum if necessary */ if (payload->get_type(payload) == ENCRYPTED) { @@ -1192,12 +1192,12 @@ static status_t generate(private_message_t *this, crypter_t *crypter, return status; } } - + this->packet->set_data(this->packet, packet_data); - + /* clone packet for caller */ *packet = this->packet->clone(this->packet); - + DBG2(DBG_ENC, "message generated successfully"); return SUCCESS; } @@ -1233,18 +1233,18 @@ static status_t parse_header(private_message_t *this) { ike_header_t *ike_header; status_t status; - + DBG2(DBG_ENC, "parsing header of message"); - + this->parser->reset_context(this->parser); status = this->parser->parse_payload(this->parser,HEADER,(payload_t **) &ike_header); if (status != SUCCESS) { DBG1(DBG_ENC, "header could not be parsed"); return status; - + } - + /* verify payload */ status = ike_header->payload_interface.verify(&(ike_header->payload_interface)); if (status != SUCCESS) @@ -1253,12 +1253,12 @@ static status_t parse_header(private_message_t *this) ike_header->destroy(ike_header); return status; } - + if (this->ike_sa_id != NULL) { this->ike_sa_id->destroy(this->ike_sa_id); } - + this->ike_sa_id = ike_sa_id_create(ike_header->get_initiator_spi(ike_header), ike_header->get_responder_spi(ike_header), ike_header->get_initiator_flag(ike_header)); @@ -1269,12 +1269,12 @@ static status_t parse_header(private_message_t *this) this->major_version = ike_header->get_maj_version(ike_header); this->minor_version = ike_header->get_min_version(ike_header); this->first_payload = ike_header->payload_interface.get_next_type(&(ike_header->payload_interface)); - + DBG2(DBG_ENC, "parsed a %N %s", exchange_type_names, this->exchange_type, this->is_request ? "request" : "response"); - + ike_header->destroy(ike_header); - + /* get the rules for this messge */ status = set_message_rule(this); if (status != SUCCESS) @@ -1283,7 +1283,7 @@ static status_t parse_header(private_message_t *this) exchange_type_names, this->exchange_type, this->is_request ? "request" : "response"); } - + return status; } @@ -1306,20 +1306,20 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig { payload_rule_t *payload_rule; payload_type_t current_payload_type; - + /* needed to check */ current_payload_type = current_payload->get_type(current_payload); - + DBG2(DBG_ENC, "process payload of type %N", payload_type_names, current_payload_type); - + if (current_payload_type == ENCRYPTED) { encryption_payload_t *encryption_payload; payload_t *current_encrypted_payload; - + encryption_payload = (encryption_payload_t*)current_payload; - + DBG2(DBG_ENC, "found an encryption payload"); if (payload_number != this->payloads->get_count(this->payloads)) @@ -1348,10 +1348,10 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig iterator->destroy(iterator); return PARSE_ERROR; } - + /* needed later to find out if a payload was encrypted */ current_payload_was_encrypted = TRUE; - + /* check if there are payloads contained in the encryption payload */ if (encryption_payload->get_payload_count(encryption_payload) == 0) { @@ -1368,7 +1368,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig iterator->replace(iterator,NULL,(void *) current_encrypted_payload); current_payload_type = current_encrypted_payload->get_type(current_encrypted_payload); } - + /* is the current paylad the first in the message? */ if (previous_payload == NULL) { @@ -1380,7 +1380,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig /* no, set the next_type of the previous payload to the current type */ previous_payload->set_next_type(previous_payload, current_payload_type); } - + /* all encrypted payloads are added to the payload list */ while (encryption_payload->get_payload_count(encryption_payload) > 0) { @@ -1389,7 +1389,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig payload_type_names, current_encrypted_payload->get_type(current_encrypted_payload)); this->payloads->insert_last(this->payloads,current_encrypted_payload); } - + /* encryption payload is processed, payloads are moved. Destroy it. */ encryption_payload->destroy(encryption_payload); } @@ -1407,7 +1407,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig iterator->destroy(iterator); return VERIFY_ERROR; } - + /* check if the payload was encrypted, and if it should been have encrypted */ if (payload_rule->encrypted != current_payload_was_encrypted) { @@ -1437,24 +1437,24 @@ static status_t verify(private_message_t *this) enumerator_t *enumerator; payload_t *current_payload; size_t total_found_payloads = 0; - + DBG2(DBG_ENC, "verifying message structure"); - + /* check for payloads with wrong count*/ for (i = 0; i < this->message_rule->payload_rule_count; i++) { size_t found_payloads = 0; payload_rule_t *rule; - + rule = &this->message_rule->payload_rules[i]; enumerator = create_payload_enumerator(this); - + /* check all payloads for specific rule */ while (enumerator->enumerate(enumerator, ¤t_payload)) { payload_type_t current_payload_type; unknown_payload_t *unknown_payload; - + current_payload_type = current_payload->get_type(current_payload); if (current_payload_type == UNKNOWN_PAYLOAD) { @@ -1474,7 +1474,7 @@ static status_t verify(private_message_t *this) total_found_payloads++; DBG2(DBG_ENC, "found payload of type %N", payload_type_names, rule->payload_type); - + /* as soon as ohe payload occures more then specified, * the verification fails */ if (found_payloads > @@ -1489,7 +1489,7 @@ static status_t verify(private_message_t *this) } } } - + if (found_payloads < rule->min_occurence) { DBG1(DBG_ENC, "payload of type %N not occured %d times (%d)", @@ -1517,9 +1517,9 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t status_t status = SUCCESS; payload_type_t current_payload_type; char str[256]; - + current_payload_type = this->first_payload; - + DBG2(DBG_ENC, "parsing body of message, first payload is %N", payload_type_names, current_payload_type); @@ -1527,13 +1527,13 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t while ((current_payload_type != NO_PAYLOAD)) { payload_t *current_payload; - + DBG2(DBG_ENC, "starting parsing a %N payload", payload_type_names, current_payload_type); - + /* parse current payload */ status = this->parser->parse_payload(this->parser,current_payload_type,(payload_t **) ¤t_payload); - + if (status != SUCCESS) { DBG1(DBG_ENC, "payload type %N could not be parsed", @@ -1543,7 +1543,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t DBG2(DBG_ENC, "verifying payload of type %N", payload_type_names, current_payload_type); - + /* verify it, stop parsig if its invalid */ status = current_payload->verify(current_payload); if (status != SUCCESS) @@ -1553,11 +1553,11 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t current_payload->destroy(current_payload); return VERIFY_ERROR; } - + DBG2(DBG_ENC, "%N payload verified. Adding to payload list", payload_type_names, current_payload_type); this->payloads->insert_last(this->payloads,current_payload); - + /* an encryption payload is the last one, so STOP here. decryption is done later */ if (current_payload_type == ENCRYPTED) { @@ -1565,7 +1565,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t payload_type_names, current_payload_type); break; } - + /* get next payload type */ current_payload_type = current_payload->get_next_type(current_payload); } @@ -1579,15 +1579,15 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t return status; } } - + status = verify(this); if (status != SUCCESS) { return status; } - + DBG1(DBG_ENC, "parsed %s", get_string(this, str, sizeof(str))); - + return SUCCESS; } @@ -1641,14 +1641,14 @@ message_t *message_create_from_packet(packet_t *packet) this->public.get_packet = (packet_t * (*) (message_t*)) get_packet; this->public.get_packet_data = (chunk_t (*) (message_t *this)) get_packet_data; this->public.destroy = (void(*)(message_t*))destroy; - + /* private values */ this->exchange_type = EXCHANGE_TYPE_UNDEFINED; this->is_request = TRUE; this->ike_sa_id = NULL; this->first_payload = NO_PAYLOAD; this->message_id = 0; - + /* private values */ if (packet == NULL) { @@ -1657,10 +1657,10 @@ message_t *message_create_from_packet(packet_t *packet) this->message_rule = NULL; this->packet = packet; this->payloads = linked_list_create(); - + /* parser is created from data of packet */ this->parser = parser_create(this->packet->get_data(this->packet)); - + return (&this->public); } diff --git a/src/charon/encoding/message.h b/src/charon/encoding/message.h index 1db3ea0cc..2c7718f49 100644 --- a/src/charon/encoding/message.h +++ b/src/charon/encoding/message.h @@ -58,7 +58,7 @@ struct message_t { * @return major version of the message */ u_int8_t (*get_major_version) (message_t *this); - + /** * Sets the IKE minor version of the message. * @@ -86,7 +86,7 @@ struct message_t { * @return message_id type of the message */ u_int32_t (*get_message_id) (message_t *this); - + /** * Gets the initiator SPI of the message. * @@ -103,7 +103,7 @@ struct message_t { /** * Sets the IKE_SA ID of the message. - * + * * ike_sa_id gets cloned. * * @param ike_sa_id ike_sa_id to set @@ -132,10 +132,10 @@ struct message_t { * @return exchange type of the message */ exchange_type_t (*get_exchange_type) (message_t *this); - + /** * Gets the payload type of the first payload. - * + * * @return payload type of the first payload */ payload_type_t (*get_first_payload_type) (message_t *this); @@ -156,20 +156,20 @@ struct message_t { /** * Append a payload to the message. - * + * * If the payload must be encrypted is not specified here. Encryption * of payloads is evaluated via internal rules for the messages and * is done before generation. The order of payloads may change, since - * all payloads to encrypt are added to the encryption payload, which is + * all payloads to encrypt are added to the encryption payload, which is * always the last one. * * @param payload payload to append - */ + */ void (*add_payload) (message_t *this, payload_t *payload); /** * Build a notify payload and add it to the message. - * + * * This is a helper method to create notify messages or add * notify payload to messages. The flush parameter specifies if existing * payloads should get removed before appending the notify. @@ -177,13 +177,13 @@ struct message_t { * @param flush TRUE to remove existing payloads * @param type type of the notify * @param data a chunk of data to add to the notify, gets cloned - */ - void (*add_notify) (message_t *this, bool flush, notify_type_t type, + */ + void (*add_notify) (message_t *this, bool flush, notify_type_t type, chunk_t data); /** * Parses header of message. - * + * * Begins parisng of a message created via message_create_from_packet(). * The parsing context is stored, so a subsequent call to parse_body() * will continue the parsing process. @@ -194,17 +194,17 @@ struct message_t { * - FAILED if consistence check of header failed */ status_t (*parse_header) (message_t *this); - + /** * Parses body of message. - * - * The body gets not only parsed, but rather it gets verified. - * All payloads are verified if they are allowed to exist in the message - * of this type and if their own structure is ok. - * If there are encrypted payloads, they get decrypted via the supplied + * + * The body gets not only parsed, but rather it gets verified. + * All payloads are verified if they are allowed to exist in the message + * of this type and if their own structure is ok. + * If there are encrypted payloads, they get decrypted via the supplied * crypter. Also the message integrity gets verified with the supplied * signer. - * Crypter/signer can be omitted (by passing NULL) when no encryption + * Crypter/signer can be omitted (by passing NULL) when no encryption * payload is expected. * * @param crypter crypter to decrypt encryption payloads @@ -222,13 +222,13 @@ struct message_t { /** * Generates the UDP packet of specific message. - * + * * Payloads which must be encrypted are generated first and added to - * an encryption payload. This encryption payload will get encrypted via + * an encryption payload. This encryption payload will get encrypted via * the supplied crypter. Then all other payloads and the header get generated. - * After that, the checksum is added to the encryption payload over the full + * After that, the checksum is added to the encryption payload over the full * message. - * Crypter/signer can be omitted (by passing NULL) when no encryption + * Crypter/signer can be omitted (by passing NULL) when no encryption * payload is expected. * Generation is only done once, multiple calls will just return a packet copy. * @@ -240,66 +240,66 @@ struct message_t { * - INVALID_STATE if exchange type is currently not set * - NOT_FOUND if no rules found for message generation * - INVALID_STATE if crypter/signer not supplied but needed. - */ + */ status_t (*generate) (message_t *this, crypter_t *crypter, signer_t *signer, packet_t **packet); /** - * Gets the source host informations. - * - * @warning Returned host_t object is not getting cloned, + * Gets the source host informations. + * + * @warning Returned host_t object is not getting cloned, * do not destroy nor modify. * * @return host_t object representing source host - */ + */ host_t * (*get_source) (message_t *this); - + /** - * Sets the source host informations. - * + * Sets the source host informations. + * * @warning host_t object is not getting cloned and gets destroyed by * message_t.destroy or next call of message_t.set_source. * * @param host host_t object representing source host - */ + */ void (*set_source) (message_t *this, host_t *host); /** - * Gets the destination host informations. - * - * @warning Returned host_t object is not getting cloned, + * Gets the destination host informations. + * + * @warning Returned host_t object is not getting cloned, * do not destroy nor modify. * * @return host_t object representing destination host - */ + */ host_t * (*get_destination) (message_t *this); /** - * Sets the destination host informations. - * + * Sets the destination host informations. + * * @warning host_t object is not getting cloned and gets destroyed by * message_t.destroy or next call of message_t.set_destination. * * @param host host_t object representing destination host - */ + */ void (*set_destination) (message_t *this, host_t *host); - + /** * Create an enumerator over all payloads. * * @return enumerator over payload_t - */ + */ enumerator_t * (*create_payload_enumerator) (message_t *this); - + /** * Find a payload of a specific type. - * - * Returns the first occurance. + * + * Returns the first occurance. * * @param type type of the payload to find * @return payload, or NULL if no such payload found - */ + */ payload_t* (*get_payload) (message_t *this, payload_type_t type); - + /** * Get the first notify payload of a specific type. * @@ -307,21 +307,21 @@ struct message_t { * @return notify payload, NULL if no such notify found */ notify_payload_t* (*get_notify)(message_t *this, notify_type_t type); - + /** * Returns a clone of the internal stored packet_t object. * * @return packet_t object as clone of internal one - */ + */ packet_t * (*get_packet) (message_t *this); - + /** * Returns a clone of the internal stored packet_t data. * * @return clone of the internal stored packet_t data. - */ + */ chunk_t (*get_packet_data) (message_t *this); - + /** * Destroys a message and all including objects. */ @@ -330,16 +330,16 @@ struct message_t { /** * Creates an message_t object from a incoming UDP Packet. - * - * @warning the given packet_t object is not copied and gets + * + * @warning the given packet_t object is not copied and gets * destroyed in message_t's destroy call. - * + * * - exchange_type is set to NOT_SET * - original_initiator is set to TRUE * - is_request is set to TRUE * Call message_t.parse_header afterwards. - * - * @param packet packet_t object which is assigned to message + * + * @param packet packet_t object which is assigned to message * @return message_t object */ message_t * message_create_from_packet(packet_t *packet); @@ -351,7 +351,7 @@ message_t * message_create_from_packet(packet_t *packet); * - exchange_type is set to NOT_SET * - original_initiator is set to TRUE * - is_request is set to TRUE - * + * * @return message_t object */ message_t * message_create(void); diff --git a/src/charon/encoding/parser.c b/src/charon/encoding/parser.c index ac2b78c28..9aa34b1bc 100644 --- a/src/charon/encoding/parser.c +++ b/src/charon/encoding/parser.c @@ -50,7 +50,7 @@ typedef struct private_parser_t private_parser_t; /** * Private data stored in a context. - * + * * Contains pointers and counters to store current state. */ struct private_parser_t { @@ -58,27 +58,27 @@ struct private_parser_t { * Public members, see parser_t. */ parser_t public; - + /** * Current bit for reading in input data. */ u_int8_t bit_pos; - + /** * Current byte for reading in input data. */ u_int8_t *byte_pos; - + /** * Input data to parse. */ u_int8_t *input; - + /** * Roof of input, used for length-checking. */ u_int8_t *input_roof; - + /** * Set of encoding rules for this parsing session. */ @@ -277,11 +277,11 @@ static bool parse_bit(private_parser_t *this, int rule_number, return short_input(this, rule_number); } if (output_pos) - { + { u_int8_t mask; mask = 0x01 << (7 - this->bit_pos); *output_pos = *this->byte_pos & mask; - + if (*output_pos) { /* set to a "clean", comparable true */ *output_pos = TRUE; @@ -303,7 +303,7 @@ static bool parse_list(private_parser_t *this, int rule_number, linked_list_t **output_pos, payload_type_t payload_type, int length) { linked_list_t *list = *output_pos; - + if (length < 0) { return short_input(this, rule_number); @@ -316,10 +316,10 @@ static bool parse_list(private_parser_t *this, int rule_number, { u_int8_t *pos_before = this->byte_pos; payload_t *payload; - + DBG2(DBG_ENC, " %d bytes left, parsing recursively %N", length, payload_type_names, payload_type); - + if (parse_payload(this, payload_type, &payload) != SUCCESS) { DBG1(DBG_ENC, " parsing of a %N substructure failed", @@ -377,25 +377,25 @@ static status_t parse_payload(private_parser_t *this, bool attribute_format = FALSE; int rule_number; encoding_rule_t *rule; - + /* create instance of the payload to parse */ pld = payload_create(payload_type); - + DBG2(DBG_ENC, "parsing %N payload, %d bytes left", payload_type_names, payload_type, this->input_roof - this->byte_pos); - + DBG3(DBG_ENC, "parsing payload from %b", this->byte_pos, this->input_roof - this->byte_pos); - + if (pld->get_type(pld) == UNKNOWN_PAYLOAD) { DBG1(DBG_ENC, " payload type %d is unknown, handling as %N", payload_type, payload_type_names, UNKNOWN_PAYLOAD); } - + /* base pointer for output, avoids casting in every rule */ output = pld; - + /* parse the payload with its own rulse */ pld->get_encoding_rules(pld, &this->rules, &rule_count); for (rule_number = 0; rule_number < rule_count; rule_number++) @@ -765,7 +765,7 @@ static status_t parse_payload(private_parser_t *this, case ADDRESS: { int address_length = (ts_type == TS_IPV4_ADDR_RANGE) ? 4 : 16; - + if (!parse_chunk(this, rule_number, output + rule->offset, address_length)) { @@ -808,7 +808,7 @@ static status_t parse_payload(private_parser_t *this, /* process next rulue */ rule++; } - + *payload = pld; DBG2(DBG_ENC, "parsing %N payload finished", payload_type_names, payload_type); @@ -846,17 +846,17 @@ static void destroy(private_parser_t *this) parser_t *parser_create(chunk_t data) { private_parser_t *this = malloc_thing(private_parser_t); - + this->public.parse_payload = (status_t(*)(parser_t*,payload_type_t,payload_t**))parse_payload; this->public.reset_context = (void(*)(parser_t*)) reset_context; this->public.get_remaining_byte_count = (int (*) (parser_t *))get_remaining_byte_count; this->public.destroy = (void(*)(parser_t*)) destroy; - + this->input = data.ptr; this->byte_pos = data.ptr; this->bit_pos = 0; this->input_roof = data.ptr + data.len; - + return &this->public; } diff --git a/src/charon/encoding/parser.h b/src/charon/encoding/parser.h index 230492438..27c5f03fe 100644 --- a/src/charon/encoding/parser.h +++ b/src/charon/encoding/parser.h @@ -36,32 +36,32 @@ typedef struct parser_t parser_t; * The parser remains the state until destroyed. */ struct parser_t { - + /** * Parses the next payload. - * + * * @warning Caller is responsible for freeing allocated payload. - * + * * Rules for parsing are described in the payload definition. * * @param payload_type payload type to parse * @param payload pointer where parsed payload was allocated - * @return + * @return * - SUCCESSFUL if succeeded, * - PARSE_ERROR if corrupted/invalid data found */ status_t (*parse_payload) (parser_t *this, payload_type_t payload_type, payload_t **payload); - + /** * Gets the remaining byte count which is not currently parsed. */ int (*get_remaining_byte_count) (parser_t *this); - + /** * Resets the current parser context. */ void (*reset_context) (parser_t *this); - + /** * Destroys a parser_t object. */ @@ -70,7 +70,7 @@ struct parser_t { /** * Constructor to create a parser_t object. - * + * * @param data chunk of data to parse with this parser_t object * @return parser_t object */ diff --git a/src/charon/encoding/payloads/auth_payload.c b/src/charon/encoding/payloads/auth_payload.c index 53406f564..308af9bda 100644 --- a/src/charon/encoding/payloads/auth_payload.c +++ b/src/charon/encoding/payloads/auth_payload.c @@ -23,15 +23,15 @@ typedef struct private_auth_payload_t private_auth_payload_t; /** * Private data of an auth_payload_t object. - * + * */ struct private_auth_payload_t { - + /** * Public auth_payload_t interface. */ auth_payload_t public; - + /** * Next payload type. */ @@ -41,17 +41,17 @@ struct private_auth_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * Method of the AUTH Data. */ u_int8_t auth_method; - + /** * The contained auth data value. */ @@ -60,8 +60,8 @@ struct private_auth_payload_t { /** * Encoding rules to parse or generate a AUTH payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_auth_payload_t. */ encoding_rule_t auth_payload_encodings[] = { @@ -221,8 +221,8 @@ static void destroy(private_auth_payload_t *this) { chunk_free(&(this->auth_data)); } - - free(this); + + free(this); } /* @@ -240,7 +240,7 @@ auth_payload_t *auth_payload_create() this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.destroy = (void (*) (auth_payload_t *)) destroy; this->public.set_auth_method = (void (*) (auth_payload_t *,auth_method_t)) set_auth_method; @@ -248,7 +248,7 @@ auth_payload_t *auth_payload_create() this->public.set_data = (void (*) (auth_payload_t *,chunk_t)) set_data; this->public.get_data_clone = (chunk_t (*) (auth_payload_t *)) get_data_clone; this->public.get_data = (chunk_t (*) (auth_payload_t *)) get_data; - + /* private variables */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; diff --git a/src/charon/encoding/payloads/auth_payload.h b/src/charon/encoding/payloads/auth_payload.h index 4287f14d9..37ee149db 100644 --- a/src/charon/encoding/payloads/auth_payload.h +++ b/src/charon/encoding/payloads/auth_payload.h @@ -39,7 +39,7 @@ typedef struct auth_payload_t auth_payload_t; * The AUTH payload format is described in RFC section 3.8. */ struct auth_payload_t { - + /** * The payload_t interface. */ @@ -51,41 +51,41 @@ struct auth_payload_t { * @param method auth_method_t to use */ void (*set_auth_method) (auth_payload_t *this, auth_method_t method); - + /** * Get the AUTH method. * * @return auth_method_t used */ auth_method_t (*get_auth_method) (auth_payload_t *this); - + /** * Set the AUTH data. - * + * * Data gets cloned. * * @param data AUTH data as chunk_t */ void (*set_data) (auth_payload_t *this, chunk_t data); - + /** * Get the AUTH data. - * + * * Returned data are a copy of the internal one. * * @return AUTH data as chunk_t */ chunk_t (*get_data_clone) (auth_payload_t *this); - + /** * Get the AUTH data. - * + * * Returned data are NOT copied * * @return AUTH data as chunk_t */ chunk_t (*get_data) (auth_payload_t *this); - + /** * Destroys an auth_payload_t object. */ @@ -94,7 +94,7 @@ struct auth_payload_t { /** * Creates an empty auth_payload_t object. - * + * * @return auth_payload_t object */ auth_payload_t *auth_payload_create(void); diff --git a/src/charon/encoding/payloads/cert_payload.c b/src/charon/encoding/payloads/cert_payload.c index 54a8c1392..36a3bfb6b 100644 --- a/src/charon/encoding/payloads/cert_payload.c +++ b/src/charon/encoding/payloads/cert_payload.c @@ -43,14 +43,14 @@ typedef struct private_cert_payload_t private_cert_payload_t; /** * Private data of an cert_payload_t object. - * + * */ struct private_cert_payload_t { /** * Public cert_payload_t interface. */ cert_payload_t public; - + /** * Next payload type. */ @@ -60,22 +60,22 @@ struct private_cert_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * Encoding of the CERT Data. */ u_int8_t encoding; - + /** * The contained cert data value. */ chunk_t data; - + /** * TRUE if the "Hash and URL" data is invalid */ @@ -84,10 +84,10 @@ struct private_cert_payload_t { /** * Encoding rules to parse or generate a CERT payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_cert_payload_t. - * + * */ encoding_rule_t cert_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -139,7 +139,7 @@ static status_t verify(private_cert_payload_t *this) this->invalid_hash_and_url = TRUE; return SUCCESS; } - + int i = 20; /* skipping the hash */ for (; i < this->data.len; ++i) { @@ -156,7 +156,7 @@ static status_t verify(private_cert_payload_t *this) return SUCCESS; } } - + /* URL is not null terminated, correct that */ chunk_t data = chunk_alloc(this->data.len + 1); memcpy(data.ptr, this->data.ptr, this->data.len); @@ -268,7 +268,7 @@ static char *get_url(private_cert_payload_t *this) static void destroy(private_cert_payload_t *this) { chunk_free(&this->data); - free(this); + free(this); } /* @@ -285,13 +285,13 @@ cert_payload_t *cert_payload_create() this->public.payload_interface.set_next_type = (void (*) (payload_t*,payload_type_t))set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t*))get_payload_type; this->public.payload_interface.destroy = (void (*) (payload_t*))destroy; - + this->public.destroy = (void (*) (cert_payload_t*))destroy; this->public.get_cert = (certificate_t* (*) (cert_payload_t*))get_cert; this->public.get_cert_encoding = (cert_encoding_t (*) (cert_payload_t*))get_cert_encoding; this->public.get_hash = (chunk_t (*) (cert_payload_t*))get_hash; this->public.get_url = (char* (*) (cert_payload_t*))get_url; - + this->critical = FALSE; this->next_payload = NO_PAYLOAD; this->payload_length = CERT_PAYLOAD_HEADER_LENGTH; @@ -332,12 +332,12 @@ cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url) { private_cert_payload_t *this = (private_cert_payload_t*)cert_payload_create(); chunk_t url_chunk; - + this->encoding = ENC_X509_HASH_AND_URL; - + url_chunk.ptr = url; url_chunk.len = strlen(url) + 1; - + this->data = chunk_cat("cc", hash, url_chunk); this->payload_length = CERT_PAYLOAD_HEADER_LENGTH + this->data.len; return &this->public; diff --git a/src/charon/encoding/payloads/cert_payload.h b/src/charon/encoding/payloads/cert_payload.h index fba404ee2..aa1c7bf5a 100644 --- a/src/charon/encoding/payloads/cert_payload.h +++ b/src/charon/encoding/payloads/cert_payload.h @@ -65,45 +65,45 @@ extern enum_name_t *cert_encoding_names; * The CERT payload format is described in RFC section 3.6. */ struct cert_payload_t { - + /** * The payload_t interface. */ payload_t payload_interface; - + /** * Get the playoads encoded certifcate. * * @return certifcate copy */ certificate_t *(*get_cert)(cert_payload_t *this); - + /** * Get the encoding of the certificate. - * + * * @return encoding */ cert_encoding_t (*get_cert_encoding)(cert_payload_t *this); - + /** * Get the hash if this is a hash and URL encoded certificate. - * + * * This function returns internal data, do not free. - * + * * @return hash */ chunk_t (*get_hash)(cert_payload_t *this); - + /** * Get the URL if this is a hash and URL encoded certificate. - * + * * This function returns internal data, do not free. - * + * * @return url */ char *(*get_url)(cert_payload_t *this); - - + + /** * Destroys the cert_payload object. */ @@ -112,14 +112,14 @@ struct cert_payload_t { /** * Creates an empty certificate payload. - * + * * @return cert_payload_t object */ cert_payload_t *cert_payload_create(void); /** * Creates a certificate payload with an embedded certificate. - * + * * @param cert certificate to embed * @return cert_payload_t object */ @@ -127,7 +127,7 @@ cert_payload_t *cert_payload_create_from_cert(certificate_t *cert); /** * Creates a certificate payload with hash and URL encoding of a certificate. - * + * * @param hash hash of the DER encoded certificate (get's cloned) * @param url the URL to locate the certificate (get's cloned) * @return cert_payload_t object diff --git a/src/charon/encoding/payloads/certreq_payload.c b/src/charon/encoding/payloads/certreq_payload.c index 50adedb28..9ff0bdde0 100644 --- a/src/charon/encoding/payloads/certreq_payload.c +++ b/src/charon/encoding/payloads/certreq_payload.c @@ -27,14 +27,14 @@ typedef struct private_certreq_payload_t private_certreq_payload_t; /** * Private data of an certreq_payload_t object. - * + * */ struct private_certreq_payload_t { /** * Public certreq_payload_t interface. */ certreq_payload_t public; - + /** * Next payload type. */ @@ -44,17 +44,17 @@ struct private_certreq_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * Encoding of the CERT Data. */ u_int8_t encoding; - + /** * The contained certreq data value. */ @@ -63,10 +63,10 @@ struct private_certreq_payload_t { /** * Encoding rules to parse or generate a CERTREQ payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_certreq_payload_t. - * + * */ encoding_rule_t certreq_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -160,7 +160,7 @@ static size_t get_length(private_certreq_payload_t *this) { return this->payload_length; } - + /** * Implementation of certreq_payload_t.add_keyid. */ @@ -240,7 +240,7 @@ static certificate_type_t get_cert_type(private_certreq_payload_t *this) static void destroy(private_certreq_payload_t *this) { chunk_free(&this->data); - free(this); + free(this); } /* @@ -258,13 +258,13 @@ certreq_payload_t *certreq_payload_create() this->public.payload_interface.set_next_type = (void (*) (payload_t*,payload_type_t))set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t*))get_payload_type; this->public.payload_interface.destroy = (void (*) (payload_t*))destroy; - + /* public functions */ this->public.destroy = (void (*) (certreq_payload_t*)) destroy; this->public.create_keyid_enumerator = (enumerator_t*(*)(certreq_payload_t*))create_keyid_enumerator; this->public.get_cert_type = (certificate_type_t(*)(certreq_payload_t*))get_cert_type; this->public.add_keyid = (void(*)(certreq_payload_t*, chunk_t keyid))add_keyid; - + /* private variables */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; @@ -281,7 +281,7 @@ certreq_payload_t *certreq_payload_create() certreq_payload_t *certreq_payload_create_type(certificate_type_t type) { private_certreq_payload_t *this = (private_certreq_payload_t*)certreq_payload_create(); - + switch (type) { case CERT_X509: diff --git a/src/charon/encoding/payloads/certreq_payload.h b/src/charon/encoding/payloads/certreq_payload.h index ff9814f8a..914063628 100644 --- a/src/charon/encoding/payloads/certreq_payload.h +++ b/src/charon/encoding/payloads/certreq_payload.h @@ -50,14 +50,14 @@ struct certreq_payload_t { * @return enumerator over chunk_t's. */ enumerator_t* (*create_keyid_enumerator)(certreq_payload_t *this); - + /** * Get the type of contained certificate keyids. * * @return certificate keyid type */ certificate_type_t (*get_cert_type)(certreq_payload_t *this); - + /** * Add a certificates keyid to the payload. * @@ -65,7 +65,7 @@ struct certreq_payload_t { * @return */ void (*add_keyid)(certreq_payload_t *this, chunk_t keyid); - + /** * Destroys an certreq_payload_t object. */ @@ -74,14 +74,14 @@ struct certreq_payload_t { /** * Creates an empty certreq_payload_t object. - * + * * @return certreq payload */ certreq_payload_t *certreq_payload_create(void); /** * Creates an empty certreq_payload_t for a kind of certificates. - * + * * @param type type of the added keyids * @return certreq payload */ diff --git a/src/charon/encoding/payloads/configuration_attribute.c b/src/charon/encoding/payloads/configuration_attribute.c index 674feeddd..fb4336663 100644 --- a/src/charon/encoding/payloads/configuration_attribute.c +++ b/src/charon/encoding/payloads/configuration_attribute.c @@ -27,19 +27,19 @@ typedef struct private_configuration_attribute_t private_configuration_attribute /** * Private data of an configuration_attribute_t object. - * + * */ struct private_configuration_attribute_t { /** * Public configuration_attribute_t interface. */ configuration_attribute_t public; - + /** * Type of the attribute. */ u_int16_t attribute_type; - + /** * Length of the attribute. */ @@ -74,16 +74,16 @@ ENUM_END(configuration_attribute_type_names, INTERNAL_IP6_SERVER); /** * Encoding rules to parse or generate a configuration attribute. - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_configuration_attribute_t. - * + * */ encoding_rule_t configuration_attribute_encodings[] = { { RESERVED_BIT, 0 }, /* type of the attribute as 15 bit unsigned integer */ - { ATTRIBUTE_TYPE, offsetof(private_configuration_attribute_t, attribute_type) }, + { ATTRIBUTE_TYPE, offsetof(private_configuration_attribute_t, attribute_type) }, /* Length of attribute value */ { CONFIGURATION_ATTRIBUTE_LENGTH, offsetof(private_configuration_attribute_t, attribute_length)}, /* Value of attribute if attribute format flag is zero */ @@ -159,11 +159,11 @@ static status_t verify(private_configuration_attribute_t *this) /* any length acceptable */ break; default: - DBG1(DBG_ENC, "unknown attribute type %N", + DBG1(DBG_ENC, "unknown attribute type %N", configuration_attribute_type_names, this->attribute_type); break; } - + if (failed) { DBG1(DBG_ENC, "invalid attribute length %d for %N", @@ -222,12 +222,12 @@ static void set_value(private_configuration_attribute_t *this, chunk_t value) if (this->attribute_value.ptr != NULL) { /* free existing value */ - chunk_free(&(this->attribute_value)); + chunk_free(&(this->attribute_value)); } - + this->attribute_value.ptr = clalloc(value.ptr,value.len); this->attribute_value.len = value.len; - + this->attribute_length = this->attribute_value.len; } @@ -272,7 +272,7 @@ static void destroy(private_configuration_attribute_t *this) if (this->attribute_value.ptr != NULL) { free(this->attribute_value.ptr); - } + } free(this); } @@ -291,7 +291,7 @@ configuration_attribute_t *configuration_attribute_create() this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.set_value = (void (*) (configuration_attribute_t *,chunk_t)) set_value; this->public.get_value = (chunk_t (*) (configuration_attribute_t *)) get_value; @@ -299,7 +299,7 @@ configuration_attribute_t *configuration_attribute_create() this->public.get_type = (u_int16_t (*) (configuration_attribute_t *)) get_attribute_type; this->public.get_length = (u_int16_t (*) (configuration_attribute_t *)) get_attribute_length; this->public.destroy = (void (*) (configuration_attribute_t *)) destroy; - + /* set default values of the fields */ this->attribute_type = 0; this->attribute_value = chunk_empty; diff --git a/src/charon/encoding/payloads/configuration_attribute.h b/src/charon/encoding/payloads/configuration_attribute.h index 404130114..376fb4be6 100644 --- a/src/charon/encoding/payloads/configuration_attribute.h +++ b/src/charon/encoding/payloads/configuration_attribute.h @@ -57,14 +57,14 @@ enum configuration_attribute_type_t { INTERNAL_IP6_SERVER = 23457 }; -/** +/** * enum names for configuration_attribute_type_t. */ extern enum_name_t *configuration_attribute_type_names; /** * Class representing an IKEv2-CONFIGURATION Attribute. - * + * * The CONFIGURATION ATTRIBUTE format is described in RFC section 3.15.1. */ struct configuration_attribute_t { @@ -75,43 +75,43 @@ struct configuration_attribute_t { /** * Returns the currently set value of the attribute. - * + * * @warning Returned data are not copied. - * + * * @return chunk_t pointing to the value */ chunk_t (*get_value) (configuration_attribute_t *this); - + /** * Sets the value of the attribute. - * + * * Value is getting copied. - * + * * @param value chunk_t pointing to the value to set */ void (*set_value) (configuration_attribute_t *this, chunk_t value); /** * Sets the type of the attribute. - * + * * @param type type to set (most significant bit is set to zero) */ void (*set_type) (configuration_attribute_t *this, u_int16_t type); - + /** * get the type of the attribute. - * + * * @return type of the value */ u_int16_t (*get_type) (configuration_attribute_t *this); - + /** * get the length of an attribute. - * + * * @return type of the value */ u_int16_t (*get_length) (configuration_attribute_t *this); - + /** * Destroys an configuration_attribute_t object. */ @@ -120,7 +120,7 @@ struct configuration_attribute_t { /** * Creates an empty configuration_attribute_t object. - * + * * @return created configuration_attribute_t object */ configuration_attribute_t *configuration_attribute_create(void); diff --git a/src/charon/encoding/payloads/cp_payload.c b/src/charon/encoding/payloads/cp_payload.c index b5f1b35c7..6086ad102 100644 --- a/src/charon/encoding/payloads/cp_payload.c +++ b/src/charon/encoding/payloads/cp_payload.c @@ -32,14 +32,14 @@ typedef struct private_cp_payload_t private_cp_payload_t; /** * Private data of an cp_payload_t object. - * + * */ struct private_cp_payload_t { /** * Public cp_payload_t interface. */ cp_payload_t public; - + /** * Next payload type. */ @@ -49,17 +49,17 @@ struct private_cp_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * Configuration Attributes in this payload are stored in a linked_list_t. */ linked_list_t * attributes; - + /** * Config Type. */ @@ -68,32 +68,32 @@ struct private_cp_payload_t { /** * Encoding rules to parse or generate a IKEv2-CP Payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_cp_payload_t. - * + * */ encoding_rule_t cp_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_cp_payload_t, next_payload) }, /* the critical bit */ - { FLAG, offsetof(private_cp_payload_t, critical) }, + { FLAG, offsetof(private_cp_payload_t, critical) }, /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, /* Length of the whole CP payload*/ - { PAYLOAD_LENGTH, offsetof(private_cp_payload_t, payload_length) }, - /* Proposals are stored in a proposal substructure, + { PAYLOAD_LENGTH, offsetof(private_cp_payload_t, payload_length) }, + /* Proposals are stored in a proposal substructure, offset points to a linked_list_t pointer */ { U_INT_8, offsetof(private_cp_payload_t, config_type) }, - { RESERVED_BYTE,0 }, - { RESERVED_BYTE,0 }, - { RESERVED_BYTE,0 }, + { RESERVED_BYTE,0 }, + { RESERVED_BYTE,0 }, + { RESERVED_BYTE,0 }, { CONFIGURATION_ATTRIBUTES, offsetof(private_cp_payload_t, attributes) } }; @@ -119,7 +119,7 @@ static status_t verify(private_cp_payload_t *this) status_t status = SUCCESS; iterator_t *iterator; configuration_attribute_t *attribute; - + iterator = this->attributes->create_iterator(this->attributes,TRUE); while(iterator->iterate(iterator, (void**)&attribute)) { @@ -174,14 +174,14 @@ static void compute_length(private_cp_payload_t *this) iterator_t *iterator; payload_t *current_attribute; size_t length = CP_PAYLOAD_HEADER_LENGTH; - + iterator = this->attributes->create_iterator(this->attributes,TRUE); while (iterator->iterate(iterator, (void**)¤t_attribute)) { length += current_attribute->get_length(current_attribute); } iterator->destroy(iterator); - + this->payload_length = length; } @@ -243,7 +243,7 @@ static void destroy(private_cp_payload_t *this) cp_payload_t *cp_payload_create() { private_cp_payload_t *this = malloc_thing(private_cp_payload_t); - + /* public interface */ this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; @@ -252,14 +252,14 @@ cp_payload_t *cp_payload_create() this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.create_attribute_iterator = (iterator_t* (*) (cp_payload_t *)) create_attribute_iterator; this->public.add_configuration_attribute = (void (*) (cp_payload_t *,configuration_attribute_t *)) add_configuration_attribute; this->public.set_config_type = (void (*) (cp_payload_t *, config_type_t)) set_config_type; this->public.get_config_type = (config_type_t (*) (cp_payload_t *)) get_config_type; this->public.destroy = (void (*) (cp_payload_t *)) destroy; - + /* set default values of the fields */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; diff --git a/src/charon/encoding/payloads/cp_payload.h b/src/charon/encoding/payloads/cp_payload.h index 6ffcca708..11f5061b9 100644 --- a/src/charon/encoding/payloads/cp_payload.h +++ b/src/charon/encoding/payloads/cp_payload.h @@ -52,7 +52,7 @@ extern enum_name_t *config_type_names; /** * Class representing an IKEv2-CP Payload. - * + * * The CP Payload format is described in RFC section 3.15. */ struct cp_payload_t { @@ -60,41 +60,41 @@ struct cp_payload_t { * The payload_t interface. */ payload_t payload_interface; - + /** * Creates an iterator of stored configuration_attribute_t objects. - * + * * When deleting an attribute using this iterator, the length of this * configuration_attribute_t has to be refreshed by calling get_length()! * * @return created iterator_t object */ iterator_t *(*create_attribute_iterator) (cp_payload_t *this); - + /** * Adds a configuration_attribute_t object to this object. - * + * * The added configuration_attribute_t object is getting destroyed in * destroy function of cp_payload_t. * * @param attribute configuration_attribute_t object to add */ void (*add_configuration_attribute) (cp_payload_t *this, configuration_attribute_t *attribute); - + /** * Set the config type. * * @param config_type config_type_t to set */ void (*set_config_type) (cp_payload_t *this,config_type_t config_type); - + /** * Get the config type. * * @return config_type_t */ config_type_t (*get_config_type) (cp_payload_t *this); - + /** * Destroys an cp_payload_t object. */ @@ -103,7 +103,7 @@ struct cp_payload_t { /** * Creates an empty cp_payload_t object - * + * * @return cp_payload_t object */ cp_payload_t *cp_payload_create(void); diff --git a/src/charon/encoding/payloads/delete_payload.c b/src/charon/encoding/payloads/delete_payload.c index c2be1e8b5..c4fa0f8ae 100644 --- a/src/charon/encoding/payloads/delete_payload.c +++ b/src/charon/encoding/payloads/delete_payload.c @@ -23,14 +23,14 @@ typedef struct private_delete_payload_t private_delete_payload_t; /** * Private data of an delete_payload_t object. - * + * */ struct private_delete_payload_t { /** * Public delete_payload_t interface. */ delete_payload_t public; - + /** * Next payload type. */ @@ -40,12 +40,12 @@ struct private_delete_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * Protocol ID. */ @@ -55,29 +55,29 @@ struct private_delete_payload_t { * SPI Size. */ u_int8_t spi_size; - + /** * Number of SPI's. */ u_int16_t spi_count; - + /** * The contained SPI's. */ chunk_t spis; - + /** - * List containing u_int32_t spis + * List containing u_int32_t spis */ linked_list_t *spi_list; }; /** * Encoding rules to parse or generate a DELETE payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_delete_payload_t. - * + * */ encoding_rule_t delete_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -223,7 +223,7 @@ static void add_spi(private_delete_payload_t *this, u_int32_t spi) static iterator_t* create_spi_iterator(private_delete_payload_t *this) { int i; - + if (this->spi_list == NULL) { this->spi_list = linked_list_create(); @@ -253,7 +253,7 @@ static void destroy(private_delete_payload_t *this) { this->spi_list->destroy(this->spi_list); } - free(this); + free(this); } /* @@ -271,13 +271,13 @@ delete_payload_t *delete_payload_create(protocol_id_t protocol_id) this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.destroy = (void (*) (delete_payload_t *)) destroy; this->public.get_protocol_id = (protocol_id_t (*) (delete_payload_t *)) get_protocol_id; this->public.add_spi = (void (*) (delete_payload_t *,u_int32_t))add_spi; this->public.create_spi_iterator = (iterator_t* (*) (delete_payload_t *)) create_spi_iterator; - + /* private variables */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; diff --git a/src/charon/encoding/payloads/delete_payload.h b/src/charon/encoding/payloads/delete_payload.h index 58840741a..3b62c1af1 100644 --- a/src/charon/encoding/payloads/delete_payload.h +++ b/src/charon/encoding/payloads/delete_payload.h @@ -43,21 +43,21 @@ struct delete_payload_t { * The payload_t interface. */ payload_t payload_interface; - + /** * Get the protocol ID. * * @return protocol ID */ protocol_id_t (*get_protocol_id) (delete_payload_t *this); - + /** * Add an SPI to the list of deleted SAs. * * @param spi spi to add */ void (*add_spi) (delete_payload_t *this, u_int32_t spi); - + /** * Get an iterator over the SPIs. * @@ -66,7 +66,7 @@ struct delete_payload_t { * @return iterator over SPIs */ iterator_t *(*create_spi_iterator) (delete_payload_t *this); - + /** * Destroys an delete_payload_t object. */ @@ -75,7 +75,7 @@ struct delete_payload_t { /** * Creates an empty delete_payload_t object. - * + * * @param protocol_id protocol, such as AH|ESP * @return delete_payload_t object */ diff --git a/src/charon/encoding/payloads/eap_payload.c b/src/charon/encoding/payloads/eap_payload.c index 1199bac45..562faa221 100644 --- a/src/charon/encoding/payloads/eap_payload.c +++ b/src/charon/encoding/payloads/eap_payload.c @@ -24,14 +24,14 @@ typedef struct private_eap_payload_t private_eap_payload_t; /** * Private data of an eap_payload_t object. - * + * */ struct private_eap_payload_t { /** * Public eap_payload_t interface. */ eap_payload_t public; - + /** * Next payload type. */ @@ -41,12 +41,12 @@ struct private_eap_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * EAP message data, if available */ @@ -55,10 +55,10 @@ struct private_eap_payload_t { /** * Encoding rules to parse or generate a EAP payload. - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_eap_payload_t. - * + * */ encoding_rule_t eap_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -98,7 +98,7 @@ static status_t verify(private_eap_payload_t *this) { u_int16_t length; u_int8_t code; - + if (this->data.len < 4) { DBG1(DBG_ENC, "EAP payloads EAP message too short (%d)", this->data.len); @@ -264,7 +264,7 @@ static void destroy(private_eap_payload_t *this) eap_payload_t *eap_payload_create() { private_eap_payload_t *this = malloc_thing(private_eap_payload_t); - + /* interface functions */ this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; @@ -273,7 +273,7 @@ eap_payload_t *eap_payload_create() this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.destroy = (void (*) (eap_payload_t *)) destroy; this->public.get_data = (chunk_t (*) (eap_payload_t*))get_data; @@ -281,13 +281,13 @@ eap_payload_t *eap_payload_create() this->public.get_code = (eap_code_t (*) (eap_payload_t*))get_code; this->public.get_identifier = (u_int8_t (*) (eap_payload_t*))get_identifier; this->public.get_type = (eap_type_t (*) (eap_payload_t*,u_int32_t*))get_type; - + /* private variables */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; this->payload_length = EAP_PAYLOAD_HEADER_LENGTH; this->data = chunk_empty; - + return &(this->public); } @@ -297,7 +297,7 @@ eap_payload_t *eap_payload_create() eap_payload_t *eap_payload_create_data(chunk_t data) { eap_payload_t *this = eap_payload_create(); - + this->set_data(this, data); return this; } @@ -309,11 +309,11 @@ eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier) { eap_payload_t *this = eap_payload_create(); chunk_t data = chunk_alloca(4); - + *(data.ptr + 0) = code; *(data.ptr + 1) = identifier; *(u_int16_t*)(data.ptr + 2) = htons(data.len); - + this->set_data(this, data); return this; } @@ -325,12 +325,12 @@ eap_payload_t *eap_payload_create_nak(u_int8_t identifier) { eap_payload_t *this = eap_payload_create(); chunk_t data = chunk_alloca(5); - + *(data.ptr + 0) = EAP_RESPONSE; *(data.ptr + 1) = identifier; *(u_int16_t*)(data.ptr + 2) = htons(data.len); *(data.ptr + 4) = EAP_NAK; - + this->set_data(this, data); return this; } diff --git a/src/charon/encoding/payloads/eap_payload.h b/src/charon/encoding/payloads/eap_payload.h index a4d8a38c6..0bde4b15e 100644 --- a/src/charon/encoding/payloads/eap_payload.h +++ b/src/charon/encoding/payloads/eap_payload.h @@ -39,12 +39,12 @@ typedef struct eap_payload_t eap_payload_t; * The EAP payload format is described in RFC section 3.16. */ struct eap_payload_t { - + /** * The payload_t interface. */ payload_t payload_interface; - + /** * Set the contained EAP data. * @@ -54,7 +54,7 @@ struct eap_payload_t { * @param message EAP data */ void (*set_data) (eap_payload_t *this, chunk_t data); - + /** * Get the contained EAP data. * @@ -63,21 +63,21 @@ struct eap_payload_t { * @return EAP data (pointer to internal data) */ chunk_t (*get_data) (eap_payload_t *this); - + /** * Get the EAP code. * * @return EAP message as chunk_t */ eap_code_t (*get_code) (eap_payload_t *this); - + /** * Get the EAP identifier. * * @return unique identifier */ u_int8_t (*get_identifier) (eap_payload_t *this); - + /** * Get the EAP method type. * @@ -85,7 +85,7 @@ struct eap_payload_t { * @return EAP method type, vendor specific if vendor != 0 */ eap_type_t (*get_type) (eap_payload_t *this, u_int32_t *vendor); - + /** * Destroys an eap_payload_t object. */ @@ -109,7 +109,7 @@ eap_payload_t *eap_payload_create_data(chunk_t data); /** * Creates an eap_payload_t object with a code. * - * Could should be either EAP_SUCCESS/EAP_FAILURE, use + * Could should be either EAP_SUCCESS/EAP_FAILURE, use * constructor above otherwise. * * @param code EAP status code diff --git a/src/charon/encoding/payloads/encodings.h b/src/charon/encoding/payloads/encodings.h index 03554f0af..23389481c 100644 --- a/src/charon/encoding/payloads/encodings.h +++ b/src/charon/encoding/payloads/encodings.h @@ -28,266 +28,266 @@ typedef struct encoding_rule_t encoding_rule_t; #include <library.h> /** - * All different kinds of encoding types. + * All different kinds of encoding types. * - * Each field of an IKEv2-Message (in header or payload) + * Each field of an IKEv2-Message (in header or payload) * which has to be parsed or generated differently has its own * type defined here. * - * Header is parsed like a payload and gets its one payload_id - * from PRIVATE USE space. Also the substructures - * of specific payload types get their own payload_id + * Header is parsed like a payload and gets its one payload_id + * from PRIVATE USE space. Also the substructures + * of specific payload types get their own payload_id * from PRIVATE_USE space. See IKEv2-Draft for more informations. */ enum encoding_type_t { - + /** * Representing a 4 Bit unsigned int value. - * - * + * + * * When generating it must be changed from host to network order. * The value is read from the associated data struct. * The current write position is moved 4 bit forward afterwards. - * + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 4 bit forward afterwards. */ U_INT_4, - + /** * Representing a 8 Bit unsigned int value. - * - * + * + * * When generating it must be changed from host to network order. * The value is read from the associated data struct. * The current write position is moved 8 bit forward afterwards. - * + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 8 bit forward afterwards. */ U_INT_8, - + /** * Representing a 16 Bit unsigned int value. - * - * + * + * * When generating it must be changed from host to network order. * The value is read from the associated data struct. * The current write position is moved 16 bit forward afterwards. - * + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 16 bit forward afterwards. */ U_INT_16, - + /** * Representing a 32 Bit unsigned int value. - * + * * When generating it must be changed from host to network order. * The value is read from the associated data struct. * The current write position is moved 32 bit forward afterwards. - * + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 32 bit forward afterwards. */ U_INT_32, - + /** * represents a RESERVED_BIT used in FLAG-Bytes. - * - * When generating, the next bit is set to zero and the current write + * + * When generating, the next bit is set to zero and the current write * position is moved one bit forward. * No value is read from the associated data struct. * The current write position is moved 1 bit forward afterwards. - * + * * When parsing, the current read pointer is moved one bit forward. * No value is written to the associated data struct. * The current read pointer is moved 1 bit forward afterwards. */ RESERVED_BIT, - + /** * represents a RESERVED_BYTE. - * - * When generating, the next byte is set to zero and the current write + * + * When generating, the next byte is set to zero and the current write * position is moved one byte forward. * No value is read from the associated data struct. * The current write position is moved 1 byte forward afterwards. - * + * * When parsing, the current read pointer is moved one byte forward. * No value is written to the associated data struct. * The current read pointer is moved 1 byte forward afterwards. */ RESERVED_BYTE, - + /** * Representing a 1 Bit flag. - * - * When generation, the next bit is set to 1 if the associated value - * in the data struct is TRUE, 0 otherwise. The current write position + * + * When generation, the next bit is set to 1 if the associated value + * in the data struct is TRUE, 0 otherwise. The current write position * is moved 1 bit forward afterwards. * - * When parsing, the next bit is read and stored in the associated data - * struct. 0 means FALSE, 1 means TRUE, The current read pointer + * When parsing, the next bit is read and stored in the associated data + * struct. 0 means FALSE, 1 means TRUE, The current read pointer * is moved 1 bit forward afterwards */ FLAG, - + /** * Representating a length field of a payload. - * + * * When generating it must be changed from host to network order. * The value is read from the associated data struct. * The current write position is moved 16 bit forward afterwards. - * + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 16 bit forward afterwards. */ PAYLOAD_LENGTH, - + /** * Representating a length field of a header. - * + * * When generating it must be changed from host to network order. * The value is read from the associated data struct. * The current write position is moved 32 bit forward afterwards. - * + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 32 bit forward afterwards. */ HEADER_LENGTH, - + /** * Representating a spi size field. - * + * * When generating it must be changed from host to network order. * The value is read from the associated data struct. * The current write position is moved 8 bit forward afterwards. - * + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 8 bit forward afterwards. */ SPI_SIZE, - + /** * Representating a spi field. - * - * When generating the content of the chunkt pointing to + * + * When generating the content of the chunkt pointing to * is written. - * + * * When parsing SPI_SIZE bytes are read and written into the chunk pointing to. */ SPI, - + /** * Representating a Key Exchange Data field. - * - * When generating the content of the chunkt pointing to + * + * When generating the content of the chunkt pointing to * is written. - * + * * When parsing (Payload Length - 8) bytes are read and written into the chunk pointing to. */ KEY_EXCHANGE_DATA, - + /** * Representating a Notification field. - * - * When generating the content of the chunkt pointing to + * + * When generating the content of the chunkt pointing to * is written. - * + * * When parsing (Payload Length - spi size - 8) bytes are read and written into the chunk pointing to. */ NOTIFICATION_DATA, - + /** * Representating one or more proposal substructures. - * + * * The offset points to a linked_list_t pointer. - * - * When generating the proposal_substructure_t objects are stored + * + * When generating the proposal_substructure_t objects are stored * in the pointed linked_list. - * - * When parsing the parsed proposal_substructure_t objects have + * + * When parsing the parsed proposal_substructure_t objects have * to be stored in the pointed linked_list. - */ + */ PROPOSALS, - + /** * Representating one or more transform substructures. - * + * * The offset points to a linked_list_t pointer. - * - * When generating the transform_substructure_t objects are stored + * + * When generating the transform_substructure_t objects are stored * in the pointed linked_list. - * - * When parsing the parsed transform_substructure_t objects have + * + * When parsing the parsed transform_substructure_t objects have * to be stored in the pointed linked_list. - */ + */ TRANSFORMS, - + /** * Representating one or more Attributes of a transform substructure. - * + * * The offset points to a linked_list_t pointer. - * - * When generating the transform_attribute_t objects are stored + * + * When generating the transform_attribute_t objects are stored * in the pointed linked_list. - * - * When parsing the parsed transform_attribute_t objects have + * + * When parsing the parsed transform_attribute_t objects have * to be stored in the pointed linked_list. - */ + */ TRANSFORM_ATTRIBUTES, /** * Representating one or more Attributes of a configuration payload. - * + * * The offset points to a linked_list_t pointer. - * - * When generating the configuration_attribute_t objects are stored + * + * When generating the configuration_attribute_t objects are stored * in the pointed linked_list. - * - * When parsing the parsed configuration_attribute_t objects have + * + * When parsing the parsed configuration_attribute_t objects have * to be stored in the pointed linked_list. - */ + */ CONFIGURATION_ATTRIBUTES, - + /** - * - * When generating the content of the chunkt pointing to + * + * When generating the content of the chunkt pointing to * is written. - * + * * When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to. */ CONFIGURATION_ATTRIBUTE_VALUE, - + /** * Representing a 1 Bit flag specifying the format of a transform attribute. - * - * When generation, the next bit is set to 1 if the associated value - * in the data struct is TRUE, 0 otherwise. The current write position + * + * When generation, the next bit is set to 1 if the associated value + * in the data struct is TRUE, 0 otherwise. The current write position * is moved 1 bit forward afterwards. * - * When parsing, the next bit is read and stored in the associated data - * struct. 0 means FALSE, 1 means TRUE, The current read pointer + * When parsing, the next bit is read and stored in the associated data + * struct. 0 means FALSE, 1 means TRUE, The current read pointer * is moved 1 bit forward afterwards. */ ATTRIBUTE_FORMAT, /** - * Representing a 15 Bit unsigned int value used as attribute type + * Representing a 15 Bit unsigned int value used as attribute type * in an attribute transform. - * - * + * + * * When generating it must be changed from host to network order. * The value is read from the associated data struct. * The current write position is moved 15 bit forward afterwards. - * + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 15 bit forward afterwards. @@ -298,11 +298,11 @@ enum encoding_type_t { * Depending on the field of type ATTRIBUTE_FORMAT * this field contains the length or the value of an transform attribute. * Its stored in a 16 unsigned integer field. - * + * * When generating it must be changed from host to network order. * The value is read from the associated data struct. * The current write position is moved 16 bit forward afterwards. - * + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 16 bit forward afterwards. @@ -312,11 +312,11 @@ enum encoding_type_t { /** * This field contains the length or the value of an configuration attribute. * Its stored in a 16 unsigned integer field. - * + * * When generating it must be changed from host to network order. * The value is read from the associated data struct. * The current write position is moved 16 bit forward afterwards. - * + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 16 bit forward afterwards. @@ -325,155 +325,155 @@ enum encoding_type_t { /** * Depending on the field of type ATTRIBUTE_FORMAT - * this field is available or missing and so parsed/generated + * this field is available or missing and so parsed/generated * or not parsed/not generated. - * - * When generating the content of the chunkt pointing to + * + * When generating the content of the chunkt pointing to * is written. - * + * * When parsing SPI_SIZE bytes are read and written into the chunk pointing to. */ ATTRIBUTE_VALUE, - + /** * Representating one or more Traffic selectors of a TS payload. - * + * * The offset points to a linked_list_t pointer. - * - * When generating the traffic_selector_substructure_t objects are stored + * + * When generating the traffic_selector_substructure_t objects are stored * in the pointed linked_list. - * - * When parsing the parsed traffic_selector_substructure_t objects have + * + * When parsing the parsed traffic_selector_substructure_t objects have * to be stored in the pointed linked_list. - */ + */ TRAFFIC_SELECTORS, - + /** * Representating a Traffic selector type field. - * + * * When generating it must be changed from host to network order. * The value is read from the associated data struct. * The current write position is moved 16 bit forward afterwards. - * + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 16 bit forward afterwards. */ TS_TYPE, - + /** * Representating an address field in a traffic selector. - * + * * Depending on the last field of type TS_TYPE * this field is either 4 or 16 byte long. - * - * When generating the content of the chunkt pointing to + * + * When generating the content of the chunkt pointing to * is written. - * + * * When parsing 4 or 16 bytes are read and written into the chunk pointing to. */ ADDRESS, /** * Representating a Nonce Data field. - * - * When generating the content of the chunkt pointing to + * + * When generating the content of the chunkt pointing to * is written. - * + * * When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to. */ NONCE_DATA, - + /** * Representating a ID Data field. - * - * When generating the content of the chunkt pointing to + * + * When generating the content of the chunkt pointing to * is written. - * + * * When parsing (Payload Length - 8) bytes are read and written into the chunk pointing to. */ ID_DATA, - + /** * Representating a AUTH Data field. - * - * When generating the content of the chunkt pointing to + * + * When generating the content of the chunkt pointing to * is written. - * + * * When parsing (Payload Length - 8) bytes are read and written into the chunk pointing to. */ AUTH_DATA, - + /** * Representating a CERT Data field. - * - * When generating the content of the chunkt pointing to + * + * When generating the content of the chunkt pointing to * is written. - * + * * When parsing (Payload Length - 5) bytes are read and written into the chunk pointing to. */ CERT_DATA, /** * Representating a CERTREQ Data field. - * - * When generating the content of the chunkt pointing to + * + * When generating the content of the chunkt pointing to * is written. - * + * * When parsing (Payload Length - 5) bytes are read and written into the chunk pointing to. */ CERTREQ_DATA, - + /** * Representating an EAP message field. - * - * When generating the content of the chunkt pointing to + * + * When generating the content of the chunkt pointing to * is written. - * + * * When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to. */ EAP_DATA, - + /** * Representating the SPIS field in a DELETE payload. - * - * When generating the content of the chunkt pointing to + * + * When generating the content of the chunkt pointing to * is written. - * + * * When parsing (Payload Length - 8) bytes are read and written into the chunk pointing to. */ SPIS, - + /** * Representating the VID DATA field in a VENDOR ID payload. - * - * When generating the content of the chunkt pointing to + * + * When generating the content of the chunkt pointing to * is written. - * + * * When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to. */ VID_DATA, - + /** * Representating the DATA of an unknown payload. - * - * When generating the content of the chunkt pointing to + * + * When generating the content of the chunkt pointing to * is written. - * + * * When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to. */ UNKNOWN_DATA, - + /** * Representating an IKE_SPI field in an IKEv2 Header. - * - * When generating the value of the u_int64_t pointing to + * + * When generating the value of the u_int64_t pointing to * is written (host and networ order is not changed). - * + * * When parsing 8 bytes are read and written into the u_int64_t pointing to. */ IKE_SPI, - + /** * Representing the encrypted data body of a encryption payload. */ @@ -488,25 +488,25 @@ extern enum_name_t *encoding_type_names; /** * Rule how to en-/decode a payload field. * - * An encoding rule is a mapping of a specific encoding type to + * An encoding rule is a mapping of a specific encoding type to * a location in the data struct where the current field is stored to * or read from. * This rules are used by parser and generator. */ struct encoding_rule_t { - + /** * Encoding type. */ encoding_type_t type; - + /** * Offset in the data struct. - * - * When parsing, data are written to this offset of the + * + * When parsing, data are written to this offset of the * data struct. - * - * When generating, data are read from this offset in the + * + * When generating, data are read from this offset in the * data struct. */ u_int32_t offset; diff --git a/src/charon/encoding/payloads/encryption_payload.c b/src/charon/encoding/payloads/encryption_payload.c index 55a37bb25..389ab09d7 100644 --- a/src/charon/encoding/payloads/encryption_payload.c +++ b/src/charon/encoding/payloads/encryption_payload.c @@ -32,19 +32,19 @@ typedef struct private_encryption_payload_t private_encryption_payload_t; /** * Private data of an encryption_payload_t' Object. - * + * */ struct private_encryption_payload_t { - + /** * Public encryption_payload_t interface. */ encryption_payload_t public; - + /** - * There is no next payload for an encryption payload, + * There is no next payload for an encryption payload, * since encryption payload MUST be the last one. - * next_payload means here the first payload of the + * next_payload means here the first payload of the * contained, encrypted payload. */ u_int8_t next_payload; @@ -53,33 +53,33 @@ struct private_encryption_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload */ u_int16_t payload_length; - + /** * Chunk containing the iv, data, padding, * and (an eventually not calculated) signature. */ chunk_t encrypted; - + /** * Chunk containing the data in decrypted (unpadded) form. */ chunk_t decrypted; - + /** * Signer set by set_signer. */ signer_t *signer; - + /** * Crypter, supplied by encrypt/decrypt */ crypter_t *crypter; - + /** * Contained payloads of this encrpytion_payload. */ @@ -88,10 +88,10 @@ struct private_encryption_payload_t { /** * Encoding rules to parse or generate a IKEv2-Encryption Payload. - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_encryption_payload_t. - * + * */ encoding_rule_t encryption_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -170,7 +170,7 @@ static payload_type_t get_next_type(private_encryption_payload_t *this) */ static void set_next_type(private_encryption_payload_t *this, payload_type_t type) { - /* set next type is not allowed, since this payload MUST be the last one + /* set next type is not allowed, since this payload MUST be the last one * and so nothing is done in here*/ } @@ -190,7 +190,7 @@ static void compute_length(private_encryption_payload_t *this) length += current_payload->get_length(current_payload); } iterator->destroy(iterator); - + if (this->crypter && this->signer) { /* append one byte for padding length */ @@ -268,13 +268,13 @@ static void generate(private_encryption_payload_t *this) payload_t *current_payload, *next_payload; generator_t *generator; iterator_t *iterator; - + /* recalculate length before generating */ compute_length(this); - + /* create iterator */ iterator = this->payloads->create_iterator(this->payloads, TRUE); - + /* get first payload */ if (iterator->iterate(iterator, (void**)¤t_payload)) { @@ -289,9 +289,9 @@ static void generate(private_encryption_payload_t *this) iterator->destroy(iterator); return; } - + generator = generator_create(); - + /* build all payload, except last */ while(iterator->iterate(iterator, (void**)&next_payload)) { @@ -300,14 +300,14 @@ static void generate(private_encryption_payload_t *this) current_payload = next_payload; } iterator->destroy(iterator); - + /* build last payload */ current_payload->set_next_type(current_payload, NO_PAYLOAD); generator->generate_payload(generator, current_payload); - + /* free already generated data */ free(this->decrypted.ptr); - + generator->write_to_chunk(generator, &(this->decrypted)); generator->destroy(generator); DBG2(DBG_ENC, "successfully generated content in encryption payload"); @@ -321,13 +321,13 @@ static status_t encrypt(private_encryption_payload_t *this) chunk_t iv, padding, to_crypt, result; rng_t *rng; size_t block_size; - + if (this->signer == NULL || this->crypter == NULL) { DBG1(DBG_ENC, "could not encrypt, signer/crypter not set"); return INVALID_STATE; } - + /* for random data in iv and padding */ rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) @@ -337,15 +337,15 @@ static status_t encrypt(private_encryption_payload_t *this) } /* build payload chunk */ generate(this); - + DBG2(DBG_ENC, "encrypting payloads"); DBG3(DBG_ENC, "data to encrypt %B", &this->decrypted); - + /* build padding */ block_size = this->crypter->get_block_size(this->crypter); padding.len = block_size - ((this->decrypted.len + 1) % block_size); rng->allocate_bytes(rng, padding.len, &padding); - + /* concatenate payload data, padding, padding len */ to_crypt.len = this->decrypted.len + padding.len + 1; to_crypt.ptr = malloc(to_crypt.len); @@ -353,36 +353,36 @@ static status_t encrypt(private_encryption_payload_t *this) memcpy(to_crypt.ptr, this->decrypted.ptr, this->decrypted.len); memcpy(to_crypt.ptr + this->decrypted.len, padding.ptr, padding.len); *(to_crypt.ptr + to_crypt.len - 1) = padding.len; - + /* build iv */ iv.len = block_size; rng->allocate_bytes(rng, iv.len, &iv); rng->destroy(rng); - + DBG3(DBG_ENC, "data before encryption with padding %B", &to_crypt); - + /* encrypt to_crypt chunk */ free(this->encrypted.ptr); this->crypter->encrypt(this->crypter, to_crypt, iv, &result); free(padding.ptr); free(to_crypt.ptr); - + DBG3(DBG_ENC, "data after encryption %B", &result); - + /* build encrypted result with iv and signature */ this->encrypted.len = iv.len + result.len + this->signer->get_block_size(this->signer); free(this->encrypted.ptr); this->encrypted.ptr = malloc(this->encrypted.len); - + /* fill in result, signature is left out */ memcpy(this->encrypted.ptr, iv.ptr, iv.len); memcpy(this->encrypted.ptr + iv.len, result.ptr, result.len); - + free(result.ptr); free(iv.ptr); DBG3(DBG_ENC, "data after encryption with IV and (invalid) signature %B", &this->encrypted); - + return SUCCESS; } @@ -394,16 +394,16 @@ static status_t parse(private_encryption_payload_t *this) parser_t *parser; status_t status; payload_type_t current_payload_type; - + /* build a parser on the decrypted data */ parser = parser_create(this->decrypted); - + current_payload_type = this->next_payload; /* parse all payloads */ while (current_payload_type != NO_PAYLOAD) { - payload_t *current_payload; - + payload_t *current_payload; + status = parser->parse_payload(parser, current_payload_type, (payload_t**)¤t_payload); if (status != SUCCESS) { @@ -423,7 +423,7 @@ static status_t parse(private_encryption_payload_t *this) /* get next payload type */ current_payload_type = current_payload->get_next_type(current_payload); - + this->payloads->insert_last(this->payloads,current_payload); } parser->destroy(parser); @@ -438,50 +438,50 @@ static status_t decrypt(private_encryption_payload_t *this) { chunk_t iv, concatenated; u_int8_t padding_length; - + DBG2(DBG_ENC, "decrypting encryption payload"); DBG3(DBG_ENC, "data before decryption with IV and (invalid) signature %B", &this->encrypted); - + if (this->signer == NULL || this->crypter == NULL) { DBG1(DBG_ENC, "could not decrypt, no crypter/signer set"); return INVALID_STATE; } - + /* get IV */ iv.len = this->crypter->get_block_size(this->crypter); - + iv.ptr = this->encrypted.ptr; - + /* point concatenated to data + padding + padding_length*/ concatenated.ptr = this->encrypted.ptr + iv.len; concatenated.len = this->encrypted.len - iv.len - this->signer->get_block_size(this->signer); - + /* concatenated must be a multiple of block_size of crypter */ if (concatenated.len < iv.len || concatenated.len % iv.len) { DBG1(DBG_ENC, "could not decrypt, invalid input"); return FAILED; } - + /* free previus data, if any */ free(this->decrypted.ptr); - + DBG3(DBG_ENC, "data before decryption %B", &concatenated); - + this->crypter->decrypt(this->crypter, concatenated, iv, &this->decrypted); DBG3(DBG_ENC, "data after decryption with padding %B", &this->decrypted); - + /* get padding length, sits just bevore signature */ padding_length = *(this->decrypted.ptr + this->decrypted.len - 1); - /* add one byte to the padding length, since the padding_length field is + /* add one byte to the padding length, since the padding_length field is * not included */ padding_length++; this->decrypted.len -= padding_length; - + /* check size again */ if (padding_length > concatenated.len || this->decrypted.len < 0) { @@ -489,7 +489,7 @@ static status_t decrypt(private_encryption_payload_t *this) /* decryption failed :-/ */ return FAILED; } - + /* free padding */ this->decrypted.ptr = realloc(this->decrypted.ptr, this->decrypted.len); DBG3(DBG_ENC, "data after decryption without padding %B", &this->decrypted); @@ -513,13 +513,13 @@ static status_t build_signature(private_encryption_payload_t *this, chunk_t data { chunk_t data_without_sig = data; chunk_t sig; - + if (this->signer == NULL) { DBG1(DBG_ENC, "unable to build signature, no signer set"); return INVALID_STATE; } - + sig.len = this->signer->get_block_size(this->signer); data_without_sig.len -= sig.len; sig.ptr = data.ptr + data_without_sig.len; @@ -535,7 +535,7 @@ static status_t verify_signature(private_encryption_payload_t *this, chunk_t dat { chunk_t sig, data_without_sig; bool valid; - + if (this->signer == NULL) { DBG1(DBG_ENC, "unable to verify signature, no signer set"); @@ -549,18 +549,18 @@ static status_t verify_signature(private_encryption_payload_t *this, chunk_t dat return FAILED; } sig.ptr = data.ptr + data.len - sig.len; - + /* verify it */ data_without_sig.len = data.len - sig.len; data_without_sig.ptr = data.ptr; valid = this->signer->verify_signature(this->signer, data_without_sig, sig); - + if (!valid) { DBG1(DBG_ENC, "signature verification failed"); return FAILED; } - + DBG2(DBG_ENC, "signature verification successful"); return SUCCESS; } @@ -582,7 +582,7 @@ static void destroy(private_encryption_payload_t *this) encryption_payload_t *encryption_payload_create() { private_encryption_payload_t *this = malloc_thing(private_encryption_payload_t); - + /* payload_t interface functions */ this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; @@ -591,20 +591,20 @@ encryption_payload_t *encryption_payload_create() this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.create_payload_iterator = (iterator_t * (*) (encryption_payload_t *,bool)) create_payload_iterator; this->public.add_payload = (void (*) (encryption_payload_t *,payload_t *)) add_payload; this->public.remove_first_payload = (status_t (*)(encryption_payload_t*, payload_t **)) remove_first_payload; this->public.get_payload_count = (size_t (*)(encryption_payload_t*)) get_payload_count; - + this->public.encrypt = (status_t (*) (encryption_payload_t *)) encrypt; this->public.decrypt = (status_t (*) (encryption_payload_t *)) decrypt; this->public.set_transforms = (void (*) (encryption_payload_t*,crypter_t*,signer_t*)) set_transforms; this->public.build_signature = (status_t (*) (encryption_payload_t*, chunk_t)) build_signature; this->public.verify_signature = (status_t (*) (encryption_payload_t*, chunk_t)) verify_signature; this->public.destroy = (void (*) (encryption_payload_t *)) destroy; - + /* set default values of the fields */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; @@ -614,6 +614,6 @@ encryption_payload_t *encryption_payload_create() this->signer = NULL; this->crypter = NULL; this->payloads = linked_list_create(); - + return (&(this->public)); } diff --git a/src/charon/encoding/payloads/encryption_payload.h b/src/charon/encoding/payloads/encryption_payload.h index 3b94587ec..ac5326b87 100644 --- a/src/charon/encoding/payloads/encryption_payload.h +++ b/src/charon/encoding/payloads/encryption_payload.h @@ -39,7 +39,7 @@ typedef struct encryption_payload_t encryption_payload_t; /** * The encryption payload as described in RFC section 3.14. * - * Before any crypt/decrypt/sign/verify operation can occur, + * Before any crypt/decrypt/sign/verify operation can occur, * the transforms must be set. After that, a parsed encryption payload * can be decrypted, which also will parse the contained payloads. * Encryption is done the same way, added payloads will get generated @@ -54,24 +54,24 @@ struct encryption_payload_t { * Implements payload_t interface. */ payload_t payload_interface; - + /** * Creates an iterator for all contained payloads. - * + * * iterator_t object has to get destroyed by the caller. * * @param forward iterator direction (TRUE: front to end) * return created iterator_t object */ iterator_t *(*create_payload_iterator) (encryption_payload_t *this, bool forward); - + /** * Adds a payload to this encryption payload. * * @param payload payload_t object to add */ void (*add_payload) (encryption_payload_t *this, payload_t *payload); - + /** * Reove the last payload in the contained payload list. * @@ -81,20 +81,20 @@ struct encryption_payload_t { * - NOT_FOUND if list empty */ status_t (*remove_first_payload) (encryption_payload_t *this, payload_t **payload); - + /** * Get the number of payloads. * * @return number of contained payloads */ size_t (*get_payload_count) (encryption_payload_t *this); - + /** * Set transforms to use. - * + * * To decryption, encryption, signature building and verifying, * the payload needs a crypter and a signer object. - * + * * @warning Do NOT call this function again after encryption, since * the signer must be the same while encrypting and signature building! * @@ -102,10 +102,10 @@ struct encryption_payload_t { * @param signer signer_t to use for data signing/verifying */ void (*set_transforms) (encryption_payload_t *this, crypter_t *crypter, signer_t *signer); - + /** * Generate and encrypt contained payloads. - * + * * This function generates the content for added payloads * and encrypts them. Signature is not built, since we need * additional data (the full message). @@ -113,11 +113,11 @@ struct encryption_payload_t { * @return SUCCESS, or INVALID_STATE if transforms not set */ status_t (*encrypt) (encryption_payload_t *this); - + /** * Decrypt and parse contained payloads. - * - * This function decrypts the contained data. After, + * + * This function decrypts the contained data. After, * the payloads are parsed internally and are accessible * via the iterator. * @@ -127,29 +127,29 @@ struct encryption_payload_t { * - FAILED if data is invalid */ status_t (*decrypt) (encryption_payload_t *this); - + /** * Build the signature. - * + * * The signature is built over the FULL message, so the header * and every payload (inclusive this one) must already be generated. * The generated message is supplied via the data paramater. - * + * * @param data chunk contains the already generated message * @return * - SUCCESS, or * - INVALID_STATE if transforms not set */ status_t (*build_signature) (encryption_payload_t *this, chunk_t data); - + /** * Verify the signature. - * + * * Since the signature is built over the full message, we need * this data to do the verification. The message data * is supplied via the data argument. - * - * @param data chunk contains the message + * + * @param data chunk contains the message * @return * - SUCCESS, or * - FAILED if signature invalid, or @@ -165,7 +165,7 @@ struct encryption_payload_t { /** * Creates an empty encryption_payload_t object. - * + * * @return encryption_payload_t object */ encryption_payload_t *encryption_payload_create(void); diff --git a/src/charon/encoding/payloads/endpoint_notify.c b/src/charon/encoding/payloads/endpoint_notify.c index c30d29942..5b8848f11 100644 --- a/src/charon/encoding/payloads/endpoint_notify.c +++ b/src/charon/encoding/payloads/endpoint_notify.c @@ -23,34 +23,34 @@ typedef struct private_endpoint_notify_t private_endpoint_notify_t; /** * Private data of an notify_payload_t object. - * + * */ struct private_endpoint_notify_t { /** * Public endpoint_notify_t interface. */ endpoint_notify_t public; - + /** * Priority */ u_int32_t priority; - + /** * Family */ me_endpoint_family_t family; - + /** * Endpoint type */ me_endpoint_type_t type; - + /** * Endpoint */ host_t *endpoint; - + /** * Base (used for server reflexive endpoints) */ @@ -65,7 +65,7 @@ struct private_endpoint_notify_t { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Family ! Type ! Port ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - ! IP Address (variable) + ! IP Address (variable) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ @@ -122,9 +122,9 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t chunk_t addr; u_int8_t *cur = data.ptr; u_int8_t *top = data.ptr + data.len; - + DBG3(DBG_IKE, "me_endpoint_data %B", &data); - + if (parse_uint32(&cur, top, &this->priority) != SUCCESS) { DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid priority"); @@ -136,20 +136,20 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid family"); return FAILED; } - + this->family = (me_endpoint_family_t)family; - + if (parse_uint8(&cur, top, &type) != SUCCESS || type >= MAX_TYPE) { DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid type"); return FAILED; } - + this->type = (me_endpoint_type_t)type; - + addr_family = AF_INET; addr.len = 4; - + switch(this->family) { case IPv6: @@ -160,24 +160,24 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t if (parse_uint16(&cur, top, &port) != SUCCESS) { DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid port"); - return FAILED; + return FAILED; } - + if (cur + addr.len > top) { DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid IP address"); return FAILED; } - + addr.ptr = cur; - + this->endpoint = host_create_from_chunk(addr_family, addr, port); break; case NO_FAMILY: default: this->endpoint = NULL; break; - } + } return SUCCESS; } @@ -192,14 +192,14 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this) u_int32_t prio; u_int16_t port; u_int8_t family, type; - + prio = htonl(this->priority); prio_chunk = chunk_from_thing(prio); family = this->family; family_chunk = chunk_from_thing(family); type = this->type; type_chunk = chunk_from_thing(type); - + if (this->endpoint) { port = htons(this->endpoint->get_port(this->endpoint)); @@ -208,15 +208,15 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this) else { port = 0; - addr_chunk = chunk_empty; + addr_chunk = chunk_empty; } port_chunk = chunk_from_thing(port); - + /* data = prio | family | type | port | addr */ data = chunk_cat("ccccc", prio_chunk, family_chunk, type_chunk, port_chunk, addr_chunk); DBG3(DBG_IKE, "me_endpoint_data %B", &data); - + return data; } @@ -226,14 +226,14 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this) static notify_payload_t *build_notify(private_endpoint_notify_t *this) { chunk_t data; - notify_payload_t *notify; - + notify_payload_t *notify; + notify = notify_payload_create(); notify->set_notify_type(notify, ME_ENDPOINT); data = build_notification_data(this); notify->set_notification_data(notify, data); chunk_free(&data); - + return notify; } @@ -291,7 +291,7 @@ static host_t *get_base(private_endpoint_notify_t *this) static endpoint_notify_t *_clone(private_endpoint_notify_t *this) { private_endpoint_notify_t *clone = (private_endpoint_notify_t*)endpoint_notify_create(); - + clone->priority = this->priority; clone->type = this->type; clone->family = this->family; @@ -299,12 +299,12 @@ static endpoint_notify_t *_clone(private_endpoint_notify_t *this) { clone->endpoint = this->endpoint->clone(this->endpoint); } - + if (this->base) { clone->base = this->base->clone(this->base); } - + return &clone->public; } @@ -336,14 +336,14 @@ endpoint_notify_t *endpoint_notify_create() this->public.build_notify = (notify_payload_t *(*) (endpoint_notify_t *)) build_notify; this->public.clone = (endpoint_notify_t *(*) (endpoint_notify_t *)) _clone; this->public.destroy = (void (*) (endpoint_notify_t *)) destroy; - + /* set default values of the fields */ this->priority = 0; this->family = NO_FAMILY; this->type = NO_TYPE; this->endpoint = NULL; this->base = NULL; - + return &this->public; } @@ -353,34 +353,34 @@ endpoint_notify_t *endpoint_notify_create() endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, host_t *host, host_t *base) { private_endpoint_notify_t *this = (private_endpoint_notify_t*)endpoint_notify_create(); - + this->type = type; - + switch(type) { case HOST: - this->priority = pow(2, 16) * ME_PRIO_HOST; + this->priority = pow(2, 16) * ME_PRIO_HOST; break; case PEER_REFLEXIVE: - this->priority = pow(2, 16) * ME_PRIO_PEER; + this->priority = pow(2, 16) * ME_PRIO_PEER; break; case SERVER_REFLEXIVE: - this->priority = pow(2, 16) * ME_PRIO_SERVER; + this->priority = pow(2, 16) * ME_PRIO_SERVER; break; case RELAYED: default: - this->priority = pow(2, 16) * ME_PRIO_RELAY; + this->priority = pow(2, 16) * ME_PRIO_RELAY; break; } - + /* FIXME: if there is more than one ip address we should vary this priority */ this->priority += 65535; - + if (!host) { return &this->public; } - + switch(host->get_family(host)) { case AF_INET: @@ -394,14 +394,14 @@ endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, hos * (family is set to NO_FAMILY) */ return &this->public; } - + this->endpoint = host->clone(host); - + if (base) { this->base = base->clone(base); } - + return &this->public; } @@ -414,7 +414,7 @@ endpoint_notify_t *endpoint_notify_create_from_payload(notify_payload_t *notify) { return NULL; } - + private_endpoint_notify_t *this = (private_endpoint_notify_t*)endpoint_notify_create(); chunk_t data = notify->get_notification_data(notify); if (parse_notification_data(this, data) != SUCCESS) diff --git a/src/charon/encoding/payloads/endpoint_notify.h b/src/charon/encoding/payloads/endpoint_notify.h index 66aabc683..120eef49a 100644 --- a/src/charon/encoding/payloads/endpoint_notify.h +++ b/src/charon/encoding/payloads/endpoint_notify.h @@ -36,34 +36,34 @@ typedef struct endpoint_notify_t endpoint_notify_t; * ME endpoint families. */ enum me_endpoint_family_t { - + NO_FAMILY = 0, - + IPv4 = 1, - + IPv6 = 2, - + MAX_FAMILY = 3 - + }; /** * ME endpoint types. */ enum me_endpoint_type_t { - + NO_TYPE = 0, - + HOST = 1, - + PEER_REFLEXIVE = 2, - + SERVER_REFLEXIVE = 3, - + RELAYED = 4, - + MAX_TYPE = 5 - + }; /** @@ -79,52 +79,52 @@ extern enum_name_t *me_endpoint_type_names; struct endpoint_notify_t { /** * Returns the priority of this endpoint. - * + * * @return priority */ u_int32_t (*get_priority) (endpoint_notify_t *this); - + /** * Sets the priority of this endpoint. - * + * * @param priority priority */ void (*set_priority) (endpoint_notify_t *this, u_int32_t priority); - + /** * Returns the endpoint type of this endpoint. - * + * * @return endpoint type */ me_endpoint_type_t (*get_type) (endpoint_notify_t *this); - + /** * Returns the endpoint family of this endpoint. - * + * * @return endpoint family */ me_endpoint_family_t (*get_family) (endpoint_notify_t *this); - + /** * Returns the host of this endpoint. - * + * * @return host */ host_t *(*get_host) (endpoint_notify_t *this); - + /** * Returns the base of this endpoint. - * + * * If this is not a SERVER_REFLEXIVE endpoint, the returned host is the same * as the one returned by get_host. - * + * * @return host */ host_t *(*get_base) (endpoint_notify_t *this); - + /** - * Generates a notification payload from this endpoint. - * + * Generates a notification payload from this endpoint. + * * @return built notify_payload_t */ notify_payload_t *(*build_notify) (endpoint_notify_t *this); @@ -135,7 +135,7 @@ struct endpoint_notify_t { * @return cloned object */ endpoint_notify_t *(*clone) (endpoint_notify_t *this); - + /** * Destroys an endpoint_notify_t object. */ @@ -144,7 +144,7 @@ struct endpoint_notify_t { /** * Creates an empty endpoint_notify_t object. - * + * * @return created endpoint_notify_t object */ endpoint_notify_t *endpoint_notify_create(void); @@ -152,7 +152,7 @@ endpoint_notify_t *endpoint_notify_create(void); /** * Creates an endpoint_notify_t object from a host. - * + * * @param type the endpoint type * @param host host to base the notify on (gets cloned) * @param base base of the endpoint, applies only to reflexive endpoints (gets cloned) @@ -163,7 +163,7 @@ endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, /** * Creates an endpoint_notify_t object from a notify payload. - * + * * @param notify the notify payload * @return - created endpoint_notify_t object * - NULL if invalid payload diff --git a/src/charon/encoding/payloads/id_payload.c b/src/charon/encoding/payloads/id_payload.c index 4a527cb24..801f720b9 100644 --- a/src/charon/encoding/payloads/id_payload.c +++ b/src/charon/encoding/payloads/id_payload.c @@ -27,19 +27,19 @@ typedef struct private_id_payload_t private_id_payload_t; /** * Private data of an id_payload_t object. - * + * */ struct private_id_payload_t { /** * Public id_payload_t interface. */ id_payload_t public; - + /** * one of ID_INITIATOR, ID_RESPONDER */ payload_type_t payload_type; - + /** * Next payload type. */ @@ -49,17 +49,17 @@ struct private_id_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * Type of the ID Data. */ u_int8_t id_type; - + /** * The contained id data value. */ @@ -68,10 +68,10 @@ struct private_id_payload_t { /** * Encoding rules to parse or generate a ID payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_id_payload_t. - * + * */ encoding_rule_t id_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -126,7 +126,7 @@ static status_t verify(private_id_payload_t *this) DBG1(DBG_ENC, "received ID with reserved type %d", this->id_type); return FAILED; } - + return SUCCESS; } @@ -242,7 +242,7 @@ static void destroy(private_id_payload_t *this) { chunk_free(&(this->id_data)); } - free(this); + free(this); } /* @@ -260,7 +260,7 @@ id_payload_t *id_payload_create(payload_type_t payload_type) this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.destroy = (void (*) (id_payload_t *)) destroy; this->public.set_id_type = (void (*) (id_payload_t *,id_type_t)) set_id_type; @@ -268,7 +268,7 @@ id_payload_t *id_payload_create(payload_type_t payload_type) this->public.set_data = (void (*) (id_payload_t *,chunk_t)) set_data; this->public.get_data = (chunk_t (*) (id_payload_t *)) get_data; this->public.get_data_clone = (chunk_t (*) (id_payload_t *)) get_data_clone; - + this->public.get_identification = (identification_t * (*) (id_payload_t *this)) get_identification; /* private variables */ diff --git a/src/charon/encoding/payloads/id_payload.h b/src/charon/encoding/payloads/id_payload.h index 555b1324b..5502dc961 100644 --- a/src/charon/encoding/payloads/id_payload.h +++ b/src/charon/encoding/payloads/id_payload.h @@ -51,35 +51,35 @@ struct id_payload_t { * @param type Type of ID */ void (*set_id_type) (id_payload_t *this, id_type_t type); - + /** * Get the ID type. * - * @return type of the ID + * @return type of the ID */ id_type_t (*get_id_type) (id_payload_t *this); - + /** * Set the ID data. - * + * * Data are getting cloned. * * @param data ID data as chunk_t */ void (*set_data) (id_payload_t *this, chunk_t data); - + /** * Get the ID data. - * + * * Returned data are a copy of the internal one * * @return ID data as chunk_t */ chunk_t (*get_data_clone) (id_payload_t *this); - + /** * Get the ID data. - * + * * Returned data are NOT copied. * * @return ID data as chunk_t @@ -88,13 +88,13 @@ struct id_payload_t { /** * Creates an identification object of this id payload. - * + * * Returned object has to get destroyed by the caller. * - * @return identification_t object + * @return identification_t object */ identification_t *(*get_identification) (id_payload_t *this); - + /** * Destroys an id_payload_t object. */ @@ -103,7 +103,7 @@ struct id_payload_t { /** * Creates an empty id_payload_t object. - * + * * @param payload_type one of ID_INITIATOR, ID_RESPONDER * @return id_payload_t object */ @@ -111,7 +111,7 @@ id_payload_t *id_payload_create(payload_type_t payload_type); /** * Creates an id_payload_t from an existing identification_t object. - * + * * @param payload_type one of ID_INITIATOR, ID_RESPONDER * @param identification identification_t object * @return id_payload_t object diff --git a/src/charon/encoding/payloads/ike_header.c b/src/charon/encoding/payloads/ike_header.c index 614919fac..0ce1ca6b2 100644 --- a/src/charon/encoding/payloads/ike_header.c +++ b/src/charon/encoding/payloads/ike_header.c @@ -33,7 +33,7 @@ struct private_ike_header_t { * Public interface. */ ike_header_t public; - + /** * SPI of the initiator. */ @@ -62,7 +62,7 @@ struct private_ike_header_t { * Exchange type . */ u_int8_t exchange_type; - + /** * Flags of the Message. */ @@ -87,7 +87,7 @@ struct private_ike_header_t { * Associated Message-ID. */ u_int32_t message_id; - + /** * Length of the whole IKEv2-Message (header and all payloads). */ @@ -111,7 +111,7 @@ ENUM_END(exchange_type_names, INFORMATIONAL); /** * Encoding rules to parse or generate a IKEv2-Header. - * + * * The defined offsets are the positions in a object of type * ike_header_t. */ @@ -191,9 +191,9 @@ static status_t verify(private_ike_header_t *this) /* initiator spi not set */ return FAILED; } - + /* verification of version is not done in here */ - + return SUCCESS; } @@ -372,7 +372,7 @@ static size_t get_length(payload_t *this) ike_header_t *ike_header_create() { private_ike_header_t *this = malloc_thing(private_ike_header_t); - + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.get_encoding_rules = get_encoding_rules; this->public.payload_interface.get_length = get_length; @@ -381,7 +381,7 @@ ike_header_t *ike_header_create() this->public.payload_interface.get_type = get_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; this->public.destroy = destroy; - + this->public.get_initiator_spi = (u_int64_t (*) (ike_header_t*))get_initiator_spi; this->public.set_initiator_spi = (void (*) (ike_header_t*,u_int64_t))set_initiator_spi; this->public.get_responder_spi = (u_int64_t (*) (ike_header_t*))get_responder_spi; @@ -397,7 +397,7 @@ ike_header_t *ike_header_create() this->public.set_exchange_type = (void (*) (ike_header_t*,u_int8_t))set_exchange_type; this->public.get_message_id = (u_int32_t (*) (ike_header_t*))get_message_id; this->public.set_message_id = (void (*) (ike_header_t*,u_int32_t))set_message_id; - + /* set default values of the fields */ this->initiator_spi = 0; this->responder_spi = 0; @@ -410,6 +410,6 @@ ike_header_t *ike_header_create() this->flags.response = FALSE; this->message_id = 0; this->length = IKE_HEADER_LENGTH; - + return (ike_header_t*)this; } diff --git a/src/charon/encoding/payloads/ike_header.h b/src/charon/encoding/payloads/ike_header.h index 4514c23b7..e63e8bf06 100644 --- a/src/charon/encoding/payloads/ike_header.h +++ b/src/charon/encoding/payloads/ike_header.h @@ -60,7 +60,7 @@ enum exchange_type_t{ * EXCHANGE_TYPE_UNDEFINED. In private space, since not a official message type. */ EXCHANGE_TYPE_UNDEFINED = 255, - + /** * IKE_SA_INIT. */ @@ -106,56 +106,56 @@ struct ike_header_t { * The payload_t interface. */ payload_t payload_interface; - + /** * Get the initiator spi. * * @return initiator_spi */ u_int64_t (*get_initiator_spi) (ike_header_t *this); - + /** * Set the initiator spi. * * @param initiator_spi initiator_spi */ void (*set_initiator_spi) (ike_header_t *this, u_int64_t initiator_spi); - + /** * Get the responder spi. * * @return responder_spi */ u_int64_t (*get_responder_spi) (ike_header_t *this); - + /** * Set the responder spi. * * @param responder_spi responder_spi */ void (*set_responder_spi) (ike_header_t *this, u_int64_t responder_spi); - + /** * Get the major version. * * @return major version */ u_int8_t (*get_maj_version) (ike_header_t *this); - + /** * Get the minor version. * * @return minor version */ u_int8_t (*get_min_version) (ike_header_t *this); - + /** * Get the response flag. * * @return response flag */ bool (*get_response_flag) (ike_header_t *this); - + /** * Set the response flag- * @@ -168,14 +168,14 @@ struct ike_header_t { * @return version flag */ bool (*get_version_flag) (ike_header_t *this); - + /** * Get the initiator flag. * * @return initiator flag */ bool (*get_initiator_flag) (ike_header_t *this); - + /** * Set the initiator flag. * @@ -189,28 +189,28 @@ struct ike_header_t { * @return exchange type */ u_int8_t (*get_exchange_type) (ike_header_t *this); - + /** * Set the exchange type. * * @param exchange_type exchange type */ void (*set_exchange_type) (ike_header_t *this, u_int8_t exchange_type); - + /** * Get the message id. * * @return message id */ u_int32_t (*get_message_id) (ike_header_t *this); - + /** * Set the message id. * * @param initiator_spi message id */ void (*set_message_id) (ike_header_t *this, u_int32_t message_id); - + /** * Destroys a ike_header_t object. */ diff --git a/src/charon/encoding/payloads/ke_payload.c b/src/charon/encoding/payloads/ke_payload.c index aa3e075ca..343a50d2c 100644 --- a/src/charon/encoding/payloads/ke_payload.c +++ b/src/charon/encoding/payloads/ke_payload.c @@ -25,14 +25,14 @@ typedef struct private_ke_payload_t private_ke_payload_t; /** * Private data of an ke_payload_t object. - * + * */ struct private_ke_payload_t { /** * Public ke_payload_t interface. */ ke_payload_t public; - + /** * Next payload type. */ @@ -42,17 +42,17 @@ struct private_ke_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * DH Group Number. */ u_int16_t dh_group_number; - + /** * Key Exchange Data of this KE payload. */ @@ -61,30 +61,30 @@ struct private_ke_payload_t { /** * Encoding rules to parse or generate a IKEv2-KE Payload. - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_ke_payload_t. - * + * */ encoding_rule_t ke_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_ke_payload_t, next_payload) }, /* the critical bit */ - { FLAG, offsetof(private_ke_payload_t, critical) }, + { FLAG, offsetof(private_ke_payload_t, critical) }, /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, /* Length of the whole payload*/ - { PAYLOAD_LENGTH, offsetof(private_ke_payload_t, payload_length) }, + { PAYLOAD_LENGTH, offsetof(private_ke_payload_t, payload_length) }, /* DH Group number as 16 bit field*/ { U_INT_16, offsetof(private_ke_payload_t, dh_group_number) }, - { RESERVED_BYTE, 0 }, - { RESERVED_BYTE, 0 }, + { RESERVED_BYTE, 0 }, + { RESERVED_BYTE, 0 }, /* Key Exchange Data is from variable size */ { KEY_EXCHANGE_DATA, offsetof(private_ke_payload_t, key_exchange_data)} }; @@ -166,7 +166,7 @@ static void compute_length(private_ke_payload_t *this) if (this->key_exchange_data.ptr != NULL) { length += this->key_exchange_data.len; - } + } this->payload_length = length; } @@ -199,9 +199,9 @@ static void set_key_exchange_data(private_ke_payload_t *this, chunk_t key_exchan free(this->key_exchange_data.ptr); this->key_exchange_data.ptr = NULL; this->key_exchange_data.len = 0; - + } - + this->key_exchange_data = chunk_clone(key_exchange_data); compute_length(this); } @@ -244,7 +244,7 @@ ke_payload_t *ke_payload_create() this->public.get_dh_group_number = (diffie_hellman_group_t (*) (ke_payload_t *)) get_dh_group_number; this->public.set_dh_group_number =(void (*) (ke_payload_t *,diffie_hellman_group_t)) set_dh_group_number; this->public.destroy = (void (*) (ke_payload_t *)) destroy; - + /* set default values of the fields */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; @@ -261,10 +261,10 @@ ke_payload_t *ke_payload_create() ke_payload_t *ke_payload_create_from_diffie_hellman(diffie_hellman_t *dh) { private_ke_payload_t *this = (private_ke_payload_t*)ke_payload_create(); - + dh->get_my_public_value(dh, &this->key_exchange_data); this->dh_group_number = dh->get_dh_group(dh); compute_length(this); - + return &this->public; } diff --git a/src/charon/encoding/payloads/ke_payload.h b/src/charon/encoding/payloads/ke_payload.h index 7e182d970..3ca05009e 100644 --- a/src/charon/encoding/payloads/ke_payload.h +++ b/src/charon/encoding/payloads/ke_payload.h @@ -45,38 +45,38 @@ struct ke_payload_t { * The payload_t interface. */ payload_t payload_interface; - + /** * Returns the currently set key exchange data of this KE payload. - * + * * @warning Returned data are not copied. - * + * * @return chunk_t pointing to the value */ chunk_t (*get_key_exchange_data) (ke_payload_t *this); - + /** * Sets the key exchange data of this KE payload. - * + * * Value is getting copied. - * + * * @param key_exchange_data chunk_t pointing to the value to set */ void (*set_key_exchange_data) (ke_payload_t *this, chunk_t key_exchange_data); /** * Gets the Diffie-Hellman Group Number of this KE payload. - * + * * @return DH Group Number of this payload */ diffie_hellman_group_t (*get_dh_group_number) (ke_payload_t *this); /** * Sets the Diffie-Hellman Group Number of this KE payload. - * + * * @param dh_group_number DH Group to set */ - void (*set_dh_group_number) (ke_payload_t *this, + void (*set_dh_group_number) (ke_payload_t *this, diffie_hellman_group_t dh_group_number); /** @@ -87,14 +87,14 @@ struct ke_payload_t { /** * Creates an empty ke_payload_t object - * + * * @return ke_payload_t object */ ke_payload_t *ke_payload_create(void); /** * Creates a ke_payload_t from a diffie_hellman_t - * + * * @param diffie_hellman diffie hellman object containing group and key * @return ke_payload_t object */ diff --git a/src/charon/encoding/payloads/nonce_payload.c b/src/charon/encoding/payloads/nonce_payload.c index f9e075380..3de889ec3 100644 --- a/src/charon/encoding/payloads/nonce_payload.c +++ b/src/charon/encoding/payloads/nonce_payload.c @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /* offsetof macro */ #include <stddef.h> @@ -26,14 +26,14 @@ typedef struct private_nonce_payload_t private_nonce_payload_t; /** * Private data of an nonce_payload_t object. - * + * */ struct private_nonce_payload_t { /** * Public nonce_payload_t interface. */ nonce_payload_t public; - + /** * Next payload type. */ @@ -43,12 +43,12 @@ struct private_nonce_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * The contained nonce value. */ @@ -57,26 +57,26 @@ struct private_nonce_payload_t { /** * Encoding rules to parse or generate a nonce payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_nonce_payload_t. - * + * */ encoding_rule_t nonce_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_nonce_payload_t, next_payload) }, /* the critical bit */ - { FLAG, offsetof(private_nonce_payload_t, critical) }, + { FLAG, offsetof(private_nonce_payload_t, critical) }, /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, /* Length of the whole nonce payload*/ - { PAYLOAD_LENGTH, offsetof(private_nonce_payload_t, payload_length) }, + { PAYLOAD_LENGTH, offsetof(private_nonce_payload_t, payload_length) }, /* some nonce bytes, lenth is defined in PAYLOAD_LENGTH */ { NONCE_DATA, offsetof(private_nonce_payload_t, nonce) } }; @@ -102,7 +102,7 @@ static status_t verify(private_nonce_payload_t *this) /* nonce length is wrong */ return FAILED; } - + return SUCCESS; } @@ -187,8 +187,8 @@ static void destroy(private_nonce_payload_t *this) { free(this->nonce.ptr); } - - free(this); + + free(this); } /* @@ -206,12 +206,12 @@ nonce_payload_t *nonce_payload_create() this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.destroy = (void (*) (nonce_payload_t *)) destroy; this->public.set_nonce = (void (*) (nonce_payload_t *,chunk_t)) set_nonce; this->public.get_nonce = (chunk_t (*) (nonce_payload_t *)) get_nonce; - + /* private variables */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; diff --git a/src/charon/encoding/payloads/nonce_payload.h b/src/charon/encoding/payloads/nonce_payload.h index 4adaba481..025d77524 100644 --- a/src/charon/encoding/payloads/nonce_payload.h +++ b/src/charon/encoding/payloads/nonce_payload.h @@ -39,7 +39,7 @@ typedef struct nonce_payload_t nonce_payload_t; /** * Object representing an IKEv2 Nonce payload. - * + * * The Nonce payload format is described in RFC section 3.3. */ struct nonce_payload_t { @@ -54,14 +54,14 @@ struct nonce_payload_t { * @param nonce chunk containing the nonce, will be cloned */ void (*set_nonce) (nonce_payload_t *this, chunk_t nonce); - + /** * Get the nonce value. * * @return a chunk containing the cloned nonce */ chunk_t (*get_nonce) (nonce_payload_t *this); - + /** * Destroys an nonce_payload_t object. */ @@ -70,7 +70,7 @@ struct nonce_payload_t { /** * Creates an empty nonce_payload_t object - * + * * @return nonce_payload_t object */ nonce_payload_t *nonce_payload_create(void); diff --git a/src/charon/encoding/payloads/notify_payload.c b/src/charon/encoding/payloads/notify_payload.c index d2a995ace..838fae0cc 100644 --- a/src/charon/encoding/payloads/notify_payload.c +++ b/src/charon/encoding/payloads/notify_payload.c @@ -160,14 +160,14 @@ typedef struct private_notify_payload_t private_notify_payload_t; /** * Private data of an notify_payload_t object. - * + * */ struct private_notify_payload_t { /** * Public notify_payload_t interface. */ notify_payload_t public; - + /** * Next payload type. */ @@ -177,27 +177,27 @@ struct private_notify_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * Protocol id. */ u_int8_t protocol_id; - + /** * Spi size. */ u_int8_t spi_size; - + /** * Notify message type. */ u_int16_t notify_type; - + /** * Security parameter index (spi). */ @@ -211,26 +211,26 @@ struct private_notify_payload_t { /** * Encoding rules to parse or generate a IKEv2-Notify Payload. - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_notify_payload_t. - * + * */ encoding_rule_t notify_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_notify_payload_t, next_payload) }, /* the critical bit */ - { FLAG, offsetof(private_notify_payload_t, critical) }, + { FLAG, offsetof(private_notify_payload_t, critical) }, /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, /* Length of the whole payload*/ - { PAYLOAD_LENGTH, offsetof(private_notify_payload_t, payload_length) }, + { PAYLOAD_LENGTH, offsetof(private_notify_payload_t, payload_length) }, /* Protocol ID as 8 bit field*/ { U_INT_8, offsetof(private_notify_payload_t, protocol_id) }, /* SPI Size as 8 bit field*/ @@ -279,7 +279,7 @@ static status_t verify(private_notify_payload_t *this) DBG1(DBG_ENC, "Unknown protocol (%d)", this->protocol_id); return FAILED; } - + switch (this->notify_type) { case INVALID_KE_PAYLOAD: @@ -567,7 +567,7 @@ notify_payload_t *notify_payload_create() this->public.get_notification_data = (chunk_t (*) (notify_payload_t *)) get_notification_data; this->public.set_notification_data = (void (*) (notify_payload_t *,chunk_t)) set_notification_data; this->public.destroy = (void (*) (notify_payload_t *)) destroy; - + /* set default values of the fields */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; @@ -579,7 +579,7 @@ notify_payload_t *notify_payload_create() this->spi_size = 0; this->notification_data.ptr = NULL; this->notification_data.len = 0; - + return &this->public; } @@ -592,6 +592,6 @@ notify_payload_t *notify_payload_create_from_protocol_and_type(protocol_id_t pro notify->set_notify_type(notify,notify_type); notify->set_protocol_id(notify,protocol_id); - + return notify; } diff --git a/src/charon/encoding/payloads/notify_payload.h b/src/charon/encoding/payloads/notify_payload.h index a5f501dca..c8dbd9171 100644 --- a/src/charon/encoding/payloads/notify_payload.h +++ b/src/charon/encoding/payloads/notify_payload.h @@ -63,7 +63,7 @@ enum notify_type_t { UNEXPECTED_NAT_DETECTED = 41, /* IKE-ME, private use */ ME_CONNECT_FAILED = 8192, - + /* notify status messages */ INITIAL_CONTACT = 16384, SET_WINDOW_SIZE = 16385, @@ -116,7 +116,7 @@ extern enum_name_t *notify_type_short_names; /** * Class representing an IKEv2-Notify Payload. - * + * * The Notify Payload format is described in Draft section 3.10. */ struct notify_payload_t { @@ -124,67 +124,67 @@ struct notify_payload_t { * The payload_t interface. */ payload_t payload_interface; - + /** * Gets the protocol id of this payload. - * + * * @return protocol id of this payload */ u_int8_t (*get_protocol_id) (notify_payload_t *this); /** * Sets the protocol id of this payload. - * + * * @param protocol_id protocol id to set */ void (*set_protocol_id) (notify_payload_t *this, u_int8_t protocol_id); /** * Gets the notify message type of this payload. - * + * * @return notify message type of this payload */ notify_type_t (*get_notify_type) (notify_payload_t *this); /** * Sets notify message type of this payload. - * + * * @param type notify message type to set */ void (*set_notify_type) (notify_payload_t *this, notify_type_t type); /** * Returns the currently set spi of this payload. - * + * * This is only valid for notifys with protocol AH|ESP * * @return SPI value */ u_int32_t (*get_spi) (notify_payload_t *this); - + /** * Sets the spi of this payload. - * + * * This is only valid for notifys with protocol AH|ESP - * + * * @param spi SPI value */ void (*set_spi) (notify_payload_t *this, u_int32_t spi); /** * Returns the currently set notification data of payload. - * + * * Returned data are not copied. - * + * * @return chunk_t pointing to the value */ chunk_t (*get_notification_data) (notify_payload_t *this); - + /** * Sets the notification data of this payload. - * + * * @warning Value is getting copied. - * + * * @param notification_data chunk_t pointing to the value to set */ void (*set_notification_data) (notify_payload_t *this, @@ -198,14 +198,14 @@ struct notify_payload_t { /** * Creates an empty notify_payload_t object - * + * * @return created notify_payload_t object */ notify_payload_t *notify_payload_create(void); /** * Creates an notify_payload_t object of specific type for specific protocol id. - * + * * @param protocol_id protocol id (IKE, AH or ESP) * @param type notify type (see notify_type_t) * @return notify_payload_t object diff --git a/src/charon/encoding/payloads/payload.h b/src/charon/encoding/payloads/payload.h index 95e702ff8..2e783cb30 100644 --- a/src/charon/encoding/payloads/payload.h +++ b/src/charon/encoding/payloads/payload.h @@ -42,7 +42,7 @@ enum payload_type_t{ * End of payload list in next_payload */ NO_PAYLOAD = 0, - + /** * The security association (SA) payload containing proposals. */ @@ -122,7 +122,7 @@ enum payload_type_t{ * Extensible authentication payload (EAP). */ EXTENSIBLE_AUTHENTICATION = 48, - + #ifdef ME /** * Identification payload for peers has a value from @@ -130,7 +130,7 @@ enum payload_type_t{ */ ID_PEER = 128, #endif /* ME */ - + /** * Header has a value of PRIVATE USE space. * @@ -138,7 +138,7 @@ enum payload_type_t{ * used internally to handle IKEv2-Header like a payload. */ HEADER = 140, - + /** * PROPOSAL_SUBSTRUCTURE has a value of PRIVATE USE space. * @@ -154,7 +154,7 @@ enum payload_type_t{ * used internally to handle a transform substructure like a payload. */ TRANSFORM_SUBSTRUCTURE = 142, - + /** * TRANSFORM_ATTRIBUTE has a value of PRIVATE USE space. * @@ -170,7 +170,7 @@ enum payload_type_t{ * used internally to handle a transform selector like a payload. */ TRAFFIC_SELECTOR_SUBSTRUCTURE = 144, - + /** * CONFIGURATION_ATTRIBUTE has a value of PRIVATE USE space. * @@ -178,7 +178,7 @@ enum payload_type_t{ * used internally to handle a transform attribute like a payload. */ CONFIGURATION_ATTRIBUTE = 145, - + /** * A unknown payload has a value of PRIVATE USE space. * @@ -207,7 +207,7 @@ extern enum_name_t *payload_type_short_names; * handling of all payloads. */ struct payload_t { - + /** * Get encoding rules for this payload. * @@ -229,7 +229,7 @@ struct payload_t { * @return type of next payload */ payload_type_t (*get_next_type) (payload_t *this); - + /** * Set type of next payload. * @@ -243,14 +243,14 @@ struct payload_t { * @return length of this payload */ size_t (*get_length) (payload_t *this); - + /** * Verifies payload structure and makes consistence check. * * @return SUCCESS, FAILED if consistence not given */ status_t (*verify) (payload_t *this); - + /** * Destroys a payload and all included substructures. */ diff --git a/src/charon/encoding/payloads/proposal_substructure.c b/src/charon/encoding/payloads/proposal_substructure.c index a8166023c..15630e7ed 100644 --- a/src/charon/encoding/payloads/proposal_substructure.c +++ b/src/charon/encoding/payloads/proposal_substructure.c @@ -35,14 +35,14 @@ typedef struct private_proposal_substructure_t private_proposal_substructure_t; /** * Private data of an proposal_substructure_t object. - * + * */ struct private_proposal_substructure_t { /** * Public proposal_substructure_t interface. */ proposal_substructure_t public; - + /** * Next payload type. */ @@ -52,12 +52,12 @@ struct private_proposal_substructure_t { * Length of this payload. */ u_int16_t proposal_length; - + /** * Proposal number. */ u_int8_t proposal_number; - + /** * Protocol ID. */ @@ -72,12 +72,12 @@ struct private_proposal_substructure_t { * Number of transforms. */ u_int8_t transforms_count; - + /** * SPI is stored as chunk. */ chunk_t spi; - + /** * Transforms are stored in a linked_list_t. */ @@ -87,7 +87,7 @@ struct private_proposal_substructure_t { /** * Encoding rules to parse or generate a Proposal substructure. * - * The defined offsets are the positions in a object of type + * The defined offsets are the positions in a object of type * private_proposal_substructure_t. */ encoding_rule_t proposal_substructure_encodings[] = { @@ -107,7 +107,7 @@ encoding_rule_t proposal_substructure_encodings[] = { { U_INT_8, offsetof(private_proposal_substructure_t, transforms_count) }, /* SPI is a chunk of variable size*/ { SPI, offsetof(private_proposal_substructure_t, spi) }, - /* Transforms are stored in a transform substructure, + /* Transforms are stored in a transform substructure, offset points to a linked_list_t pointer */ { TRANSFORMS, offsetof(private_proposal_substructure_t, transforms) } }; @@ -136,7 +136,7 @@ static status_t verify(private_proposal_substructure_t *this) status_t status = SUCCESS; iterator_t *iterator; payload_t *current_transform; - + if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 2)) { /* must be 0 or 2 */ @@ -178,7 +178,7 @@ static status_t verify(private_proposal_substructure_t *this) DBG1(DBG_ENC, "invalid protocol"); return FAILED; } - + iterator = this->transforms->create_iterator(this->transforms,TRUE); while(iterator->iterate(iterator, (void**)¤t_transform)) { @@ -190,8 +190,8 @@ static status_t verify(private_proposal_substructure_t *this) } } iterator->destroy(iterator); - - /* proposal number is checked in SA payload */ + + /* proposal number is checked in SA payload */ return status; } @@ -236,7 +236,7 @@ static void compute_length(private_proposal_substructure_t *this) payload_t *current_transform; size_t transforms_count = 0; size_t length = PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH; - + iterator = this->transforms->create_iterator(this->transforms,TRUE); while (iterator->iterate(iterator, (void**)¤t_transform)) { @@ -244,7 +244,7 @@ static void compute_length(private_proposal_substructure_t *this) transforms_count++; } iterator->destroy(iterator); - + length += this->spi.len; this->transforms_count = transforms_count; this->proposal_length = length; @@ -282,7 +282,7 @@ static void add_transform_substructure (private_proposal_substructure_t *this,tr } transform->set_is_last_transform(transform,TRUE); - + this->transforms->insert_last(this->transforms,(void *) transform); compute_length(this); } @@ -340,7 +340,7 @@ static void set_spi(private_proposal_substructure_t *this, chunk_t spi) this->spi.len = 0; compute_length(this); } - + this->spi.ptr = clalloc(spi.ptr,spi.len); this->spi.len = spi.len; this->spi_size = spi.len; @@ -355,7 +355,7 @@ static chunk_t get_spi(private_proposal_substructure_t *this) chunk_t spi; spi.ptr = this->spi.ptr; spi.len = this->spi.len; - + return spi; } @@ -384,24 +384,24 @@ proposal_t* get_proposal(private_proposal_substructure_t *this) transform_substructure_t *transform; proposal_t *proposal; u_int64_t spi; - + proposal = proposal_create(this->protocol_id); - + iterator = this->transforms->create_iterator(this->transforms, TRUE); while (iterator->iterate(iterator, (void**)&transform)) { transform_type_t transform_type; u_int16_t transform_id; u_int16_t key_length = 0; - + transform_type = transform->get_transform_type(transform); transform_id = transform->get_transform_id(transform); transform->get_key_length(transform, &key_length); - + proposal->add_algorithm(proposal, transform_type, transform_id, key_length); } iterator->destroy(iterator); - + switch (this->spi.len) { case 4: @@ -414,7 +414,7 @@ proposal_t* get_proposal(private_proposal_substructure_t *this) spi = 0; } proposal->set_spi(proposal, spi); - + return proposal; } @@ -426,7 +426,7 @@ static private_proposal_substructure_t* clone_(private_proposal_substructure_t * private_proposal_substructure_t *clone; iterator_t *transforms; transform_substructure_t *current_transform; - + clone = (private_proposal_substructure_t *) proposal_substructure_create(); clone->next_payload = this->next_payload; clone->proposal_number = this->proposal_number; @@ -444,8 +444,8 @@ static private_proposal_substructure_t* clone_(private_proposal_substructure_t * current_transform = current_transform->clone(current_transform); clone->public.add_transform_substructure(&clone->public, current_transform); } - transforms->destroy(transforms); - + transforms->destroy(transforms); + return clone; } @@ -468,16 +468,16 @@ proposal_substructure_t *proposal_substructure_create() { private_proposal_substructure_t *this = malloc_thing(private_proposal_substructure_t); - /* interface functions */ + /* interface functions */ this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; - this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; + this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - - + + /* public functions */ this->public.create_transform_substructure_iterator = (iterator_t* (*) (proposal_substructure_t *,bool)) create_transform_substructure_iterator; this->public.add_transform_substructure = (void (*) (proposal_substructure_t *,transform_substructure_t *)) add_transform_substructure; @@ -490,10 +490,10 @@ proposal_substructure_t *proposal_substructure_create() this->public.set_spi = (void (*) (proposal_substructure_t *,chunk_t))set_spi; this->public.get_spi = (chunk_t (*) (proposal_substructure_t *)) get_spi; this->public.get_transform_count = (size_t (*) (proposal_substructure_t *)) get_transform_count; - this->public.get_spi_size = (size_t (*) (proposal_substructure_t *)) get_spi_size; + this->public.get_spi_size = (size_t (*) (proposal_substructure_t *)) get_spi_size; this->public.clone = (proposal_substructure_t * (*) (proposal_substructure_t *)) clone_; this->public.destroy = (void (*) (proposal_substructure_t *)) destroy; - + /* set default values of the fields */ this->next_payload = NO_PAYLOAD; this->proposal_length = 0; @@ -503,9 +503,9 @@ proposal_substructure_t *proposal_substructure_create() this->spi_size = 0; this->spi.ptr = NULL; this->spi.len = 0; - + this->transforms = linked_list_create(); - + return (&(this->public)); } @@ -518,9 +518,9 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t * private_proposal_substructure_t *this; u_int16_t alg, key_size; enumerator_t *enumerator; - + this = (private_proposal_substructure_t*)proposal_substructure_create(); - + /* encryption algorithm is only availble in ESP */ enumerator = proposal->create_enumerator(proposal, ENCRYPTION_ALGORITHM); while (enumerator->enumerate(enumerator, &alg, &key_size)) @@ -530,7 +530,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t * add_transform_substructure(this, transform); } enumerator->destroy(enumerator); - + /* integrity algorithms */ enumerator = proposal->create_enumerator(proposal, INTEGRITY_ALGORITHM); while (enumerator->enumerate(enumerator, &alg, &key_size)) @@ -540,7 +540,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t * add_transform_substructure(this, transform); } enumerator->destroy(enumerator); - + /* prf algorithms */ enumerator = proposal->create_enumerator(proposal, PSEUDO_RANDOM_FUNCTION); while (enumerator->enumerate(enumerator, &alg, &key_size)) @@ -550,17 +550,17 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t * add_transform_substructure(this, transform); } enumerator->destroy(enumerator); - + /* dh groups */ enumerator = proposal->create_enumerator(proposal, DIFFIE_HELLMAN_GROUP); while (enumerator->enumerate(enumerator, &alg, NULL)) { - transform = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP, + transform = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP, alg, 0); add_transform_substructure(this, transform); } enumerator->destroy(enumerator); - + /* extended sequence numbers */ enumerator = proposal->create_enumerator(proposal, EXTENDED_SEQUENCE_NUMBERS); while (enumerator->enumerate(enumerator, &alg, NULL)) @@ -570,7 +570,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t * add_transform_substructure(this, transform); } enumerator->destroy(enumerator); - + /* add SPI, if necessary */ switch (proposal->get_protocol(proposal)) { @@ -593,6 +593,6 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t * } this->proposal_number = 0; this->protocol_id = proposal->get_protocol(proposal); - + return &this->public; } diff --git a/src/charon/encoding/payloads/proposal_substructure.h b/src/charon/encoding/payloads/proposal_substructure.h index 8ccb917d6..4934802af 100644 --- a/src/charon/encoding/payloads/proposal_substructure.h +++ b/src/charon/encoding/payloads/proposal_substructure.h @@ -38,7 +38,7 @@ typedef struct proposal_substructure_t proposal_substructure_t; /** * Class representing an IKEv2-PROPOSAL SUBSTRUCTURE. - * + * * The PROPOSAL SUBSTRUCTURE format is described in RFC section 3.3.1. */ struct proposal_substructure_t { @@ -55,7 +55,7 @@ struct proposal_substructure_t { */ iterator_t *(*create_transform_substructure_iterator) ( proposal_substructure_t *this, bool forward); - + /** * Adds a transform_substructure_t object to this object. * @@ -63,7 +63,7 @@ struct proposal_substructure_t { */ void (*add_transform_substructure) (proposal_substructure_t *this, transform_substructure_t *transform); - + /** * Sets the proposal number of current proposal. * @@ -71,24 +71,24 @@ struct proposal_substructure_t { */ void (*set_proposal_number) (proposal_substructure_t *this, u_int8_t proposal_number); - + /** * get proposal number of current proposal. - * + * * @return proposal number of current proposal substructure. */ u_int8_t (*get_proposal_number) (proposal_substructure_t *this); /** * get the number of transforms in current proposal. - * + * * @return transform count in current proposal */ size_t (*get_transform_count) (proposal_substructure_t *this); /** * get size of the set spi in bytes. - * + * * @return size of the spi in bytes */ size_t (*get_spi_size) (proposal_substructure_t *this); @@ -100,43 +100,43 @@ struct proposal_substructure_t { */ void (*set_protocol_id) (proposal_substructure_t *this, u_int8_t protocol_id); - + /** * get protocol id of current proposal. - * + * * @return protocol id of current proposal substructure. */ u_int8_t (*get_protocol_id) (proposal_substructure_t *this); - + /** * Sets the next_payload field of this substructure - * + * * If this is the last proposal, next payload field is set to 0, * otherwise to 2 * * @param is_last When TRUE, next payload field is set to 0, otherwise to 2 */ void (*set_is_last_proposal) (proposal_substructure_t *this, bool is_last); - + /** * Returns the currently set SPI of this proposal. * * @return chunk_t pointing to the value */ chunk_t (*get_spi) (proposal_substructure_t *this); - + /** * Sets the SPI of the current proposal. - * + * * @warning SPI is getting copied - * + * * @param spi chunk_t pointing to the value to set */ void (*set_spi) (proposal_substructure_t *this, chunk_t spi); - + /** * Get a proposal_t from the propsal_substructure_t. - * + * * @return proposal_t */ proposal_t * (*get_proposal) (proposal_substructure_t *this); @@ -156,7 +156,7 @@ struct proposal_substructure_t { /** * Creates an empty proposal_substructure_t object - * + * * @return proposal_substructure_t object */ proposal_substructure_t *proposal_substructure_create(void); diff --git a/src/charon/encoding/payloads/sa_payload.c b/src/charon/encoding/payloads/sa_payload.c index 3ca2f08c8..6a9aac645 100644 --- a/src/charon/encoding/payloads/sa_payload.c +++ b/src/charon/encoding/payloads/sa_payload.c @@ -27,14 +27,14 @@ typedef struct private_sa_payload_t private_sa_payload_t; /** * Private data of an sa_payload_t object. - * + * */ struct private_sa_payload_t { /** * Public sa_payload_t interface. */ sa_payload_t public; - + /** * Next payload type. */ @@ -44,12 +44,12 @@ struct private_sa_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * Proposals in this payload are stored in a linked_list_t. */ @@ -58,27 +58,27 @@ struct private_sa_payload_t { /** * Encoding rules to parse or generate a IKEv2-SA Payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_sa_payload_t. - * + * */ encoding_rule_t sa_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_sa_payload_t, next_payload) }, /* the critical bit */ - { FLAG, offsetof(private_sa_payload_t, critical) }, + { FLAG, offsetof(private_sa_payload_t, critical) }, /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, /* Length of the whole SA payload*/ - { PAYLOAD_LENGTH, offsetof(private_sa_payload_t, payload_length) }, - /* Proposals are stored in a proposal substructure, + { PAYLOAD_LENGTH, offsetof(private_sa_payload_t, payload_length) }, + /* Proposals are stored in a proposal substructure, offset points to a linked_list_t pointer */ { PROPOSALS, offsetof(private_sa_payload_t, proposals) } }; @@ -108,12 +108,12 @@ static status_t verify(private_sa_payload_t *this) /* check proposal numbering */ iterator = this->proposals->create_iterator(this->proposals,TRUE); - + while(iterator->iterate(iterator, (void**)¤t_proposal)) { current_number = current_proposal->get_proposal_number(current_proposal); if (current_number < expected_number) - { + { if (current_number != (expected_number + 1)) { DBG1(DBG_ENC, "proposal number is %d, expected %d or %d", @@ -129,7 +129,7 @@ static status_t verify(private_sa_payload_t *this) status = FAILED; break; } - + status = current_proposal->payload_interface.verify(&(current_proposal->payload_interface)); if (status != SUCCESS) { @@ -139,7 +139,7 @@ static status_t verify(private_sa_payload_t *this) first = FALSE; expected_number = current_number; } - + iterator->destroy(iterator); return status; } @@ -197,14 +197,14 @@ static void compute_length (private_sa_payload_t *this) iterator_t *iterator; payload_t *current_proposal; size_t length = SA_PAYLOAD_HEADER_LENGTH; - + iterator = this->proposals->create_iterator(this->proposals,TRUE); while (iterator->iterate(iterator, (void **)¤t_proposal)) { length += current_proposal->get_length(current_proposal); } iterator->destroy(iterator); - + this->payload_length = length; } @@ -232,7 +232,7 @@ static void add_proposal_substructure(private_sa_payload_t *this,proposal_substr { status_t status; u_int proposal_count = this->proposals->get_count(this->proposals); - + if (proposal_count > 0) { proposal_substructure_t *last_proposal; @@ -252,7 +252,7 @@ static void add_proposal_substructure(private_sa_payload_t *this,proposal_substr static void add_proposal(private_sa_payload_t *this, proposal_t *proposal) { proposal_substructure_t *substructure; - + substructure = proposal_substructure_create_from_proposal(proposal); add_proposal_substructure(this, substructure); } @@ -267,10 +267,10 @@ static linked_list_t *get_proposals(private_sa_payload_t *this) iterator_t *iterator; proposal_substructure_t *proposal_struct; linked_list_t *proposal_list; - + /* this list will hold our proposals */ proposal_list = linked_list_create(); - + /* we do not support proposals split up to two proposal substructures, as * AH+ESP bundles are not supported in RFC4301 anymore. * To handle such structures safely, we just skip proposals with multiple @@ -280,7 +280,7 @@ static linked_list_t *get_proposals(private_sa_payload_t *this) while (iterator->iterate(iterator, (void **)&proposal_struct)) { proposal_t *proposal; - + /* check if a proposal has a single protocol */ if (proposal_struct->get_proposal_number(proposal_struct) == struct_number) { @@ -310,7 +310,7 @@ static linked_list_t *get_proposals(private_sa_payload_t *this) sa_payload_t *sa_payload_create() { private_sa_payload_t *this = malloc_thing(private_sa_payload_t); - + /* public interface */ this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; @@ -319,14 +319,14 @@ sa_payload_t *sa_payload_create() this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.create_proposal_substructure_iterator = (iterator_t* (*) (sa_payload_t *,bool)) create_proposal_substructure_iterator; this->public.add_proposal_substructure = (void (*) (sa_payload_t *,proposal_substructure_t *)) add_proposal_substructure; this->public.add_proposal = (void (*) (sa_payload_t*,proposal_t*))add_proposal; this->public.get_proposals = (linked_list_t* (*) (sa_payload_t *)) get_proposals; this->public.destroy = (void (*) (sa_payload_t *)) destroy; - + /* set default values of the fields */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; @@ -343,7 +343,7 @@ sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals) iterator_t *iterator; proposal_t *proposal; sa_payload_t *sa_payload = sa_payload_create(); - + /* add every payload from the list */ iterator = proposals->create_iterator(proposals, TRUE); while (iterator->iterate(iterator, (void**)&proposal)) @@ -351,7 +351,7 @@ sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals) add_proposal((private_sa_payload_t*)sa_payload, proposal); } iterator->destroy(iterator); - + return sa_payload; } @@ -361,8 +361,8 @@ sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals) sa_payload_t *sa_payload_create_from_proposal(proposal_t *proposal) { sa_payload_t *sa_payload = sa_payload_create(); - + add_proposal((private_sa_payload_t*)sa_payload, proposal); - + return sa_payload; } diff --git a/src/charon/encoding/payloads/sa_payload.h b/src/charon/encoding/payloads/sa_payload.h index 58ae72544..25f5a2407 100644 --- a/src/charon/encoding/payloads/sa_payload.h +++ b/src/charon/encoding/payloads/sa_payload.h @@ -44,12 +44,12 @@ struct sa_payload_t { * The payload_t interface. */ payload_t payload_interface; - + /** * Creates an iterator of stored proposal_substructure_t objects. - * - * When deleting an proposal using this iterator, - * the length of this transform substructure has to be refreshed + * + * When deleting an proposal using this iterator, + * the length of this transform substructure has to be refreshed * by calling get_length()! * * @param forward iterator direction (TRUE: front to end) @@ -57,7 +57,7 @@ struct sa_payload_t { */ iterator_t *(*create_proposal_substructure_iterator) (sa_payload_t *this, bool forward); - + /** * Adds a proposal_substructure_t object to this object. * @@ -68,18 +68,18 @@ struct sa_payload_t { /** * Gets the proposals in this payload as a list. - * + * * @return a list containing proposal_t s */ linked_list_t *(*get_proposals) (sa_payload_t *this); - + /** * Add a child proposal (AH/ESP) to the payload. - * + * * @param proposal child proposal to add to the payload */ void (*add_proposal) (sa_payload_t *this, proposal_t *proposal); - + /** * Destroys an sa_payload_t object. */ @@ -88,14 +88,14 @@ struct sa_payload_t { /** * Creates an empty sa_payload_t object - * + * * @return created sa_payload_t object */ sa_payload_t *sa_payload_create(void); /** * Creates a sa_payload_t object from a list of proposals. - * + * * @param proposals list of proposals to build the payload from * @return sa_payload_t object */ @@ -103,10 +103,10 @@ sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals); /** * Creates a sa_payload_t object from a single proposal. - * + * * This is only for convenience. Use sa_payload_create_from_proposal_list * if you want to add more than one proposal. - * + * * @param proposal proposal from which the payload should be built. * @return sa_payload_t object */ diff --git a/src/charon/encoding/payloads/traffic_selector_substructure.c b/src/charon/encoding/payloads/traffic_selector_substructure.c index 7dcdce6aa..a034adee2 100644 --- a/src/charon/encoding/payloads/traffic_selector_substructure.c +++ b/src/charon/encoding/payloads/traffic_selector_substructure.c @@ -24,19 +24,19 @@ typedef struct private_traffic_selector_substructure_t private_traffic_selector_ /** * Private data of an traffic_selector_substructure_t object. - * + * */ struct private_traffic_selector_substructure_t { /** * Public traffic_selector_substructure_t interface. */ traffic_selector_substructure_t public; - + /** * Type of traffic selector. */ u_int8_t ts_type; - + /** * IP Protocol ID. */ @@ -46,7 +46,7 @@ struct private_traffic_selector_substructure_t { * Length of this payload. */ u_int16_t payload_length; - + /** * Start port number. */ @@ -56,7 +56,7 @@ struct private_traffic_selector_substructure_t { * End port number. */ u_int16_t end_port; - + /** * Starting address. */ @@ -70,17 +70,17 @@ struct private_traffic_selector_substructure_t { /** * Encoding rules to parse or generate a TS payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_traffic_selector_substructure_t. - * + * */ encoding_rule_t traffic_selector_substructure_encodings[] = { /* 1 Byte next ts type*/ { TS_TYPE, offsetof(private_traffic_selector_substructure_t, ts_type) }, /* 1 Byte IP protocol id*/ { U_INT_8, offsetof(private_traffic_selector_substructure_t, ip_protocol_id) }, - /* Length of the whole payload*/ + /* Length of the whole payload*/ { PAYLOAD_LENGTH, offsetof(private_traffic_selector_substructure_t, payload_length) }, /* 2 Byte start port*/ { U_INT_16, offsetof(private_traffic_selector_substructure_t, start_port) }, @@ -124,7 +124,7 @@ static status_t verify(private_traffic_selector_substructure_t *this) { case TS_IPV4_ADDR_RANGE: { - if ((this->starting_address.len != 4) || + if ((this->starting_address.len != 4) || (this->ending_address.len != 4)) { /* ipv4 address must be 4 bytes long */ @@ -148,7 +148,7 @@ static status_t verify(private_traffic_selector_substructure_t *this) return FAILED; } } - + return SUCCESS; } @@ -182,7 +182,7 @@ static payload_type_t get_next_type(private_traffic_selector_substructure_t *thi */ static void set_next_type(private_traffic_selector_substructure_t *this,payload_type_t type) { - + } /** @@ -199,8 +199,8 @@ static size_t get_length(private_traffic_selector_substructure_t *this) static traffic_selector_t *get_traffic_selector(private_traffic_selector_substructure_t *this) { traffic_selector_t *ts; - ts = traffic_selector_create_from_bytes(this->ip_protocol_id, this->ts_type, - this->starting_address, this->start_port, + ts = traffic_selector_create_from_bytes(this->ip_protocol_id, this->ts_type, + this->starting_address, this->start_port, this->ending_address, this->end_port); return ts; } @@ -221,7 +221,7 @@ static void destroy(private_traffic_selector_substructure_t *this) { free(this->starting_address.ptr); free(this->ending_address.ptr); - free(this); + free(this); } /* @@ -239,11 +239,11 @@ traffic_selector_substructure_t *traffic_selector_substructure_create() this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.get_traffic_selector = (traffic_selector_t* (*)(traffic_selector_substructure_t*))get_traffic_selector; this->public.destroy = (void (*) (traffic_selector_substructure_t *)) destroy; - + /* private variables */ this->payload_length = TRAFFIC_SELECTOR_HEADER_LENGTH; this->start_port = 0; @@ -269,8 +269,8 @@ traffic_selector_substructure_t *traffic_selector_substructure_create_from_traff this->end_port = traffic_selector->get_to_port(traffic_selector); this->starting_address = chunk_clone(traffic_selector->get_from_address(traffic_selector)); this->ending_address = chunk_clone(traffic_selector->get_to_address(traffic_selector)); - + compute_length(this); - + return &(this->public); } diff --git a/src/charon/encoding/payloads/traffic_selector_substructure.h b/src/charon/encoding/payloads/traffic_selector_substructure.h index ee3e204a0..da4c9a4b2 100644 --- a/src/charon/encoding/payloads/traffic_selector_substructure.h +++ b/src/charon/encoding/payloads/traffic_selector_substructure.h @@ -36,7 +36,7 @@ typedef struct traffic_selector_substructure_t traffic_selector_substructure_t; /** * Class representing an IKEv2 TRAFFIC SELECTOR. - * + * * The TRAFFIC SELECTOR format is described in RFC section 3.13.1. */ struct traffic_selector_substructure_t { @@ -44,49 +44,49 @@ struct traffic_selector_substructure_t { * The payload_t interface. */ payload_t payload_interface; - + /** * Get the type of Traffic selector. * * @return type of traffic selector - * + * */ ts_type_t (*get_ts_type) (traffic_selector_substructure_t *this); - + /** * Set the type of Traffic selector. * - * @param ts_type type of traffic selector + * @param ts_type type of traffic selector */ void (*set_ts_type) (traffic_selector_substructure_t *this, ts_type_t ts_type); - + /** * Get the IP protocol ID of Traffic selector. * * @return type of traffic selector - * + * */ u_int8_t (*get_protocol_id) (traffic_selector_substructure_t *this); - + /** * Set the IP protocol ID of Traffic selector * - * @param protocol_id protocol ID of traffic selector + * @param protocol_id protocol ID of traffic selector */ void (*set_protocol_id) (traffic_selector_substructure_t *this, u_int8_t protocol_id); - + /** * Get the start port and address as host_t object. * * Returned host_t object has to get destroyed by the caller. - * + * * @return start host as host_t object - * + * */ host_t *(*get_start_host) (traffic_selector_substructure_t *this); - + /** * Set the start port and address as host_t object. * @@ -94,17 +94,17 @@ struct traffic_selector_substructure_t { */ void (*set_start_host) (traffic_selector_substructure_t *this, host_t *start_host); - + /** * Get the end port and address as host_t object. * * Returned host_t object has to get destroyed by the caller. - * + * * @return end host as host_t object - * + * */ host_t *(*get_end_host) (traffic_selector_substructure_t *this); - + /** * Set the end port and address as host_t object. * @@ -112,17 +112,17 @@ struct traffic_selector_substructure_t { */ void (*set_end_host) (traffic_selector_substructure_t *this, host_t *end_host); - + /** * Get a traffic_selector_t from this substructure. * * @warning traffic_selector_t must be destroyed after usage. - * + * * @return contained traffic_selector_t */ traffic_selector_t *(*get_traffic_selector) ( traffic_selector_substructure_t *this); - + /** * Destroys an traffic_selector_substructure_t object. */ @@ -133,7 +133,7 @@ struct traffic_selector_substructure_t { * Creates an empty traffic_selector_substructure_t object. * * TS type is set to default TS_IPV4_ADDR_RANGE! - * + * * @return traffic_selector_substructure_t object */ traffic_selector_substructure_t *traffic_selector_substructure_create(void); @@ -141,7 +141,7 @@ traffic_selector_substructure_t *traffic_selector_substructure_create(void); /** * Creates an initialized traffif selector substructure using * the values from a traffic_selector_t. - * + * * @param traffic_selector traffic_selector_t to use for initialization * @return traffic_selector_substructure_t object */ diff --git a/src/charon/encoding/payloads/transform_attribute.c b/src/charon/encoding/payloads/transform_attribute.c index 507d04a34..8bf2ddef4 100644 --- a/src/charon/encoding/payloads/transform_attribute.c +++ b/src/charon/encoding/payloads/transform_attribute.c @@ -26,32 +26,32 @@ typedef struct private_transform_attribute_t private_transform_attribute_t; /** * Private data of an transform_attribute_t object. - * + * */ struct private_transform_attribute_t { /** * Public transform_attribute_t interface. */ transform_attribute_t public; - + /** * Attribute Format Flag. - * + * * - TRUE means value is stored in attribute_length_or_value * - FALSE means value is stored in attribute_value */ bool attribute_format; - + /** * Type of the attribute. */ u_int16_t attribute_type; - + /** * Attribute Length if attribute_format is 0, attribute Value otherwise. */ u_int16_t attribute_length_or_value; - + /** * Attribute value as chunk if attribute_format is 0 (FALSE). */ @@ -67,16 +67,16 @@ ENUM_END(transform_attribute_type_name, KEY_LENGTH); /** * Encoding rules to parse or generate a Transform attribute. - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_transform_attribute_t. - * + * */ encoding_rule_t transform_attribute_encodings[] = { /* Flag defining the format of this payload */ { ATTRIBUTE_FORMAT, offsetof(private_transform_attribute_t, attribute_format) }, /* type of the attribute as 15 bit unsigned integer */ - { ATTRIBUTE_TYPE, offsetof(private_transform_attribute_t, attribute_type) }, + { ATTRIBUTE_TYPE, offsetof(private_transform_attribute_t, attribute_type) }, /* Length or value, depending on the attribute format flag */ { ATTRIBUTE_LENGTH_OR_VALUE, offsetof(private_transform_attribute_t, attribute_length_or_value) }, /* Value of attribute if attribute format flag is zero */ @@ -104,7 +104,7 @@ static status_t verify(private_transform_attribute_t *this) { return FAILED; } - + return SUCCESS; } @@ -164,16 +164,16 @@ static void set_value_chunk(private_transform_attribute_t *this, chunk_t value) free(this->attribute_value.ptr); this->attribute_value.ptr = NULL; this->attribute_value.len = 0; - + } - + if (value.len > 2) { this->attribute_value.ptr = clalloc(value.ptr,value.len); this->attribute_value.len = value.len; this->attribute_length_or_value = value.len; /* attribute has not a fixed length */ - this->attribute_format = FALSE; + this->attribute_format = FALSE; } else { @@ -192,7 +192,7 @@ static void set_value(private_transform_attribute_t *this, u_int16_t value) free(this->attribute_value.ptr); this->attribute_value.ptr = NULL; this->attribute_value.len = 0; - + } this->attribute_length_or_value = value; } @@ -207,14 +207,14 @@ static chunk_t get_value_chunk (private_transform_attribute_t *this) if (this->attribute_format == FALSE) { value.ptr = this->attribute_value.ptr; - value.len = this->attribute_value.len; + value.len = this->attribute_value.len; } else { value.ptr = (void *) &(this->attribute_length_or_value); value.len = 2; } - + return value; } @@ -249,19 +249,19 @@ static u_int16_t get_attribute_type (private_transform_attribute_t *this) static transform_attribute_t * _clone(private_transform_attribute_t *this) { private_transform_attribute_t *new_clone; - + new_clone = (private_transform_attribute_t *) transform_attribute_create(); - + new_clone->attribute_format = this->attribute_format; new_clone->attribute_type = this->attribute_type; new_clone->attribute_length_or_value = this->attribute_length_or_value; - + if (!new_clone->attribute_format) { - new_clone->attribute_value.ptr = clalloc(this->attribute_value.ptr,this->attribute_value.len); + new_clone->attribute_value.ptr = clalloc(this->attribute_value.ptr,this->attribute_value.len); new_clone->attribute_value.len = this->attribute_value.len; } - + return (transform_attribute_t *) new_clone; } @@ -273,7 +273,7 @@ static void destroy(private_transform_attribute_t *this) if (this->attribute_value.ptr != NULL) { free(this->attribute_value.ptr); - } + } free(this); } @@ -292,7 +292,7 @@ transform_attribute_t *transform_attribute_create() this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.set_value_chunk = (void (*) (transform_attribute_t *,chunk_t)) set_value_chunk; this->public.set_value = (void (*) (transform_attribute_t *,u_int16_t)) set_value; @@ -302,7 +302,7 @@ transform_attribute_t *transform_attribute_create() this->public.get_attribute_type = (u_int16_t (*) (transform_attribute_t *)) get_attribute_type; this->public.clone = (transform_attribute_t * (*) (transform_attribute_t *)) _clone; this->public.destroy = (void (*) (transform_attribute_t *)) destroy; - + /* set default values of the fields */ this->attribute_format = TRUE; this->attribute_type = 0; diff --git a/src/charon/encoding/payloads/transform_attribute.h b/src/charon/encoding/payloads/transform_attribute.h index f7d71a9df..a5fe0154b 100644 --- a/src/charon/encoding/payloads/transform_attribute.h +++ b/src/charon/encoding/payloads/transform_attribute.h @@ -37,14 +37,14 @@ enum transform_attribute_type_t { KEY_LENGTH = 14 }; -/** +/** * enum name for transform_attribute_type_t. */ extern enum_name_t *transform_attribute_type_names; /** * Class representing an IKEv2- TRANSFORM Attribute. - * + * * The TRANSFORM ATTRIBUTE format is described in RFC section 3.3.5. */ struct transform_attribute_t { @@ -55,52 +55,52 @@ struct transform_attribute_t { /** * Returns the currently set value of the attribute. - * + * * Returned data are not copied. - * + * * @return chunk_t pointing to the value */ chunk_t (*get_value_chunk) (transform_attribute_t *this); - + /** * Returns the currently set value of the attribute. - * + * * Returned data are not copied. - * + * * @return value */ u_int16_t (*get_value) (transform_attribute_t *this); - + /** * Sets the value of the attribute. - * + * * Value is getting copied. - * + * * @param value chunk_t pointing to the value to set */ void (*set_value_chunk) (transform_attribute_t *this, chunk_t value); /** * Sets the value of the attribute. - * + * * @param value value to set */ void (*set_value) (transform_attribute_t *this, u_int16_t value); /** * Sets the type of the attribute. - * + * * @param type type to set (most significant bit is set to zero) */ void (*set_attribute_type) (transform_attribute_t *this, u_int16_t type); - + /** * get the type of the attribute. - * + * * @return type of the value */ u_int16_t (*get_attribute_type) (transform_attribute_t *this); - + /** * Clones an transform_attribute_t object. * @@ -116,14 +116,14 @@ struct transform_attribute_t { /** * Creates an empty transform_attribute_t object. - * + * * @return transform_attribute_t object */ transform_attribute_t *transform_attribute_create(void); /** * Creates an transform_attribute_t of type KEY_LENGTH. - * + * * @param key_length key length in bytes * @return transform_attribute_t object */ diff --git a/src/charon/encoding/payloads/transform_substructure.c b/src/charon/encoding/payloads/transform_substructure.c index 497bd53b2..16156b7c6 100644 --- a/src/charon/encoding/payloads/transform_substructure.c +++ b/src/charon/encoding/payloads/transform_substructure.c @@ -29,36 +29,36 @@ typedef struct private_transform_substructure_t private_transform_substructure_t /** * Private data of an transform_substructure_t object. - * + * */ struct private_transform_substructure_t { /** * Public transform_substructure_t interface. */ transform_substructure_t public; - + /** * Next payload type. */ u_int8_t next_payload; - + /** * Length of this payload. */ u_int16_t transform_length; - - + + /** * Type of the transform. */ u_int8_t transform_type; - + /** * Transform ID. */ u_int16_t transform_id; - + /** * Transforms Attributes are stored in a linked_list_t. */ @@ -68,25 +68,25 @@ struct private_transform_substructure_t { /** * Encoding rules to parse or generate a Transform substructure. - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_transform_substructure_t. - * + * */ encoding_rule_t transform_substructure_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_transform_substructure_t, next_payload) }, /* Reserved Byte is skipped */ - { RESERVED_BYTE, 0 }, + { RESERVED_BYTE, 0 }, /* Length of the whole transform substructure*/ - { PAYLOAD_LENGTH, offsetof(private_transform_substructure_t, transform_length) }, + { PAYLOAD_LENGTH, offsetof(private_transform_substructure_t, transform_length) }, /* transform type is a number of 8 bit */ - { U_INT_8, offsetof(private_transform_substructure_t, transform_type) }, + { U_INT_8, offsetof(private_transform_substructure_t, transform_type) }, /* Reserved Byte is skipped */ - { RESERVED_BYTE, 0 }, + { RESERVED_BYTE, 0 }, /* tranform ID is a number of 8 bit */ - { U_INT_16, offsetof(private_transform_substructure_t, transform_id) }, - /* Attributes are stored in a transform attribute, + { U_INT_16, offsetof(private_transform_substructure_t, transform_id) }, + /* Attributes are stored in a transform attribute, offset points to a linked_list_t pointer */ { TRANSFORM_ATTRIBUTES, offsetof(private_transform_substructure_t, attributes) } }; @@ -114,7 +114,7 @@ static status_t verify(private_transform_substructure_t *this) status_t status = SUCCESS; iterator_t *iterator; payload_t *current_attributes; - + if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 3)) { /* must be 0 or 3 */ @@ -139,7 +139,7 @@ static status_t verify(private_transform_substructure_t *this) } } iterator = this->attributes->create_iterator(this->attributes,TRUE); - + while(iterator->iterate(iterator, (void**)¤t_attributes)) { status = current_attributes->verify(current_attributes); @@ -149,8 +149,8 @@ static status_t verify(private_transform_substructure_t *this) } } iterator->destroy(iterator); - - /* proposal number is checked in SA payload */ + + /* proposal number is checked in SA payload */ return status; } @@ -187,14 +187,14 @@ static void compute_length (private_transform_substructure_t *this) iterator_t *iterator; payload_t *current_attribute; size_t length = TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH; - + iterator = this->attributes->create_iterator(this->attributes,TRUE); while (iterator->iterate(iterator, (void**)¤t_attribute)) { length += current_attribute->get_length(current_attribute); } iterator->destroy(iterator); - + this->transform_length = length; } @@ -254,7 +254,7 @@ static void set_transform_type (private_transform_substructure_t *this,u_int8_t { this->transform_type = type; } - + /** * Implementation of transform_substructure_t.get_transform_type. */ @@ -270,7 +270,7 @@ static void set_transform_id (private_transform_substructure_t *this,u_int16_t i { this->transform_id = id; } - + /** * Implementation of transform_substructure_t.get_transform_id. */ @@ -287,20 +287,20 @@ static transform_substructure_t *clone_(private_transform_substructure_t *this) private_transform_substructure_t *clone; iterator_t *attributes; transform_attribute_t *current_attribute; - + clone = (private_transform_substructure_t *) transform_substructure_create(); clone->next_payload = this->next_payload; clone->transform_type = this->transform_type; clone->transform_id = this->transform_id; - + attributes = this->attributes->create_iterator(this->attributes, FALSE); while (attributes->iterate(attributes, (void**)¤t_attribute)) { current_attribute = current_attribute->clone(current_attribute); clone->public.add_transform_attribute(&clone->public, current_attribute); } - attributes->destroy(attributes); - + attributes->destroy(attributes); + return &clone->public; } @@ -312,14 +312,14 @@ static status_t get_key_length(private_transform_substructure_t *this, u_int16_t { iterator_t *attributes; transform_attribute_t *current_attribute; - + attributes = this->attributes->create_iterator(this->attributes, TRUE); while (attributes->iterate(attributes, (void**)¤t_attribute)) { if (current_attribute->get_attribute_type(current_attribute) == KEY_LENGTH) { *key_length = current_attribute->get_value(current_attribute); - attributes->destroy(attributes); + attributes->destroy(attributes); return SUCCESS; } } @@ -350,10 +350,10 @@ transform_substructure_t *transform_substructure_create() this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; - this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; + this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.create_transform_attribute_iterator = (iterator_t * (*) (transform_substructure_t *,bool)) create_transform_attribute_iterator; this->public.add_transform_attribute = (void (*) (transform_substructure_t *,transform_attribute_t *)) add_transform_attribute; @@ -366,14 +366,14 @@ transform_substructure_t *transform_substructure_create() this->public.get_key_length = (status_t (*) (transform_substructure_t *,u_int16_t *)) get_key_length; this->public.clone = (transform_substructure_t* (*) (transform_substructure_t *)) clone_; this->public.destroy = (void (*) (transform_substructure_t *)) destroy; - + /* set default values of the fields */ this->next_payload = NO_PAYLOAD; this->transform_length = TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH; this->transform_id = 0; this->transform_type = 0; this->attributes = linked_list_create(); - + return (&(this->public)); } @@ -385,17 +385,17 @@ transform_substructure_t *transform_substructure_create_type( u_int16_t transform_id, u_int16_t key_length) { transform_substructure_t *transform = transform_substructure_create(); - + transform->set_transform_type(transform,transform_type); transform->set_transform_id(transform,transform_id); - + if (key_length) { transform_attribute_t *attribute; - + attribute = transform_attribute_create_key_length(key_length); transform->add_transform_attribute(transform, attribute); - + } return transform; } diff --git a/src/charon/encoding/payloads/transform_substructure.h b/src/charon/encoding/payloads/transform_substructure.h index b02a94a6c..5d31f8c0a 100644 --- a/src/charon/encoding/payloads/transform_substructure.h +++ b/src/charon/encoding/payloads/transform_substructure.h @@ -48,7 +48,7 @@ typedef struct transform_substructure_t transform_substructure_t; /** * Class representing an IKEv2- TRANSFORM SUBSTRUCTURE. - * + * * The TRANSFORM SUBSTRUCTURE format is described in RFC section 3.3.2. */ struct transform_substructure_t { @@ -56,12 +56,12 @@ struct transform_substructure_t { * The payload_t interface. */ payload_t payload_interface; - + /** * Creates an iterator of stored transform_attribute_t objects. - * - * When deleting an transform attribute using this iterator, - * the length of this transform substructure has to be refreshed + * + * When deleting an transform attribute using this iterator, + * the length of this transform substructure has to be refreshed * by calling get_length(). * * @param forward iterator direction (TRUE: front to end) @@ -69,7 +69,7 @@ struct transform_substructure_t { */ iterator_t * (*create_transform_attribute_iterator) ( transform_substructure_t *this, bool forward); - + /** * Adds a transform_attribute_t object to this object. * @@ -77,59 +77,59 @@ struct transform_substructure_t { */ void (*add_transform_attribute) (transform_substructure_t *this, transform_attribute_t *attribute); - + /** * Sets the next_payload field of this substructure - * + * * If this is the last transform, next payload field is set to 0, * otherwise to 3 * * @param is_last When TRUE, next payload field is set to 0, otherwise to 3 */ void (*set_is_last_transform) (transform_substructure_t *this, bool is_last); - + /** * Checks if this is the last transform. - * + * * @return TRUE if this is the last Transform, FALSE otherwise */ bool (*get_is_last_transform) (transform_substructure_t *this); - + /** * Sets transform type of the current transform substructure. * * @param type type value to set */ void (*set_transform_type) (transform_substructure_t *this, u_int8_t type); - + /** * get transform type of the current transform. - * + * * @return Transform type of current transform substructure. */ u_int8_t (*get_transform_type) (transform_substructure_t *this); - + /** * Sets transform id of the current transform substructure. * * @param id transform id to set */ void (*set_transform_id) (transform_substructure_t *this, u_int16_t id); - + /** * get transform id of the current transform. - * + * * @return Transform id of current transform substructure. */ u_int16_t (*get_transform_id) (transform_substructure_t *this); - + /** * get transform id of the current transform. - * - * @param key_length The key length is written to this location - * @return + * + * @param key_length The key length is written to this location + * @return * - SUCCESS if a key length attribute is contained - * - FAILED if no key length attribute is part of this + * - FAILED if no key length attribute is part of this * transform or key length uses more then 16 bit! */ status_t (*get_key_length) (transform_substructure_t *this, @@ -150,18 +150,18 @@ struct transform_substructure_t { /** * Creates an empty transform_substructure_t object. - * + * * @return created transform_substructure_t object */ transform_substructure_t *transform_substructure_create(void); /** * Creates an empty transform_substructure_t object. - * + * * The key length is used for the transport types ENCRYPTION_ALGORITHM, - * PSEUDO_RANDOM_FUNCTION, INTEGRITY_ALGORITHM. For all + * PSEUDO_RANDOM_FUNCTION, INTEGRITY_ALGORITHM. For all * other transport types the key_length parameter is not used - * + * * @param transform_type type of transform to create * @param transform_id transform id specifying the specific algorithm of a transform type * @param key_length Key length for key lenght attribute diff --git a/src/charon/encoding/payloads/ts_payload.c b/src/charon/encoding/payloads/ts_payload.c index 92ddc380f..648919137 100644 --- a/src/charon/encoding/payloads/ts_payload.c +++ b/src/charon/encoding/payloads/ts_payload.c @@ -25,19 +25,19 @@ typedef struct private_ts_payload_t private_ts_payload_t; /** * Private data of an ts_payload_t object. - * + * */ struct private_ts_payload_t { /** * Public ts_payload_t interface. */ ts_payload_t public; - + /** * TRUE if this TS payload is of type TSi, FALSE for TSr. */ bool is_initiator; - + /** * Next payload type. */ @@ -47,17 +47,17 @@ struct private_ts_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * Number of traffic selectors */ u_int8_t number_of_traffic_selectors; - + /** * Contains the traffic selectors of type traffic_selector_substructure_t. */ @@ -66,10 +66,10 @@ struct private_ts_payload_t { /** * Encoding rules to parse or generate a TS payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_ts_payload_t. - * + * */ encoding_rule_t ts_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -84,7 +84,7 @@ encoding_rule_t ts_payload_encodings[] = { { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, - /* Length of the whole payload*/ + /* Length of the whole payload*/ { PAYLOAD_LENGTH, offsetof(private_ts_payload_t, payload_length)}, /* 1 Byte TS type*/ { U_INT_8, offsetof(private_ts_payload_t, number_of_traffic_selectors) }, @@ -118,13 +118,13 @@ static status_t verify(private_ts_payload_t *this) iterator_t *iterator; payload_t *current_traffic_selector; status_t status = SUCCESS; - + if (this->number_of_traffic_selectors != (this->traffic_selectors->get_count(this->traffic_selectors))) { /* must be the same */ return FAILED; } - + iterator = this->traffic_selectors->create_iterator(this->traffic_selectors,TRUE); while(iterator->iterate(iterator, (void**)¤t_traffic_selector)) { @@ -135,7 +135,7 @@ static status_t verify(private_ts_payload_t *this) } } iterator->destroy(iterator); - + return status; } @@ -188,7 +188,7 @@ static void compute_length (private_ts_payload_t *this) size_t ts_count = 0; size_t length = TS_PAYLOAD_HEADER_LENGTH; payload_t *current_traffic_selector; - + iterator = this->traffic_selectors->create_iterator(this->traffic_selectors,TRUE); while (iterator->iterate(iterator, (void**)¤t_traffic_selector)) { @@ -196,9 +196,9 @@ static void compute_length (private_ts_payload_t *this) ts_count++; } iterator->destroy(iterator); - + this->number_of_traffic_selectors= ts_count; - this->payload_length = length; + this->payload_length = length; } /** @@ -252,7 +252,7 @@ static linked_list_t *get_traffic_selectors(private_ts_payload_t *this) iterator_t *iterator; traffic_selector_substructure_t *ts_substructure; linked_list_t *ts_list = linked_list_create(); - + iterator = this->traffic_selectors->create_iterator(this->traffic_selectors, TRUE); while (iterator->iterate(iterator, (void**)&ts_substructure)) { @@ -260,7 +260,7 @@ static linked_list_t *get_traffic_selectors(private_ts_payload_t *this) ts_list->insert_last(ts_list, (void*)ts); } iterator->destroy(iterator); - + return ts_list; } @@ -289,7 +289,7 @@ ts_payload_t *ts_payload_create(bool is_initiator) this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.destroy = (void (*) (ts_payload_t *)) destroy; this->public.get_initiator = (bool (*) (ts_payload_t *)) get_initiator; @@ -297,14 +297,14 @@ ts_payload_t *ts_payload_create(bool is_initiator) this->public.add_traffic_selector_substructure = (void (*) (ts_payload_t *,traffic_selector_substructure_t *)) add_traffic_selector_substructure; this->public.create_traffic_selector_substructure_iterator = (iterator_t* (*) (ts_payload_t *,bool)) create_traffic_selector_substructure_iterator; this->public.get_traffic_selectors = (linked_list_t *(*) (ts_payload_t *)) get_traffic_selectors; - + /* private variables */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; this->payload_length =TS_PAYLOAD_HEADER_LENGTH; this->is_initiator = is_initiator; this->number_of_traffic_selectors = 0; - this->traffic_selectors = linked_list_create(); + this->traffic_selectors = linked_list_create(); return &(this->public); } @@ -318,9 +318,9 @@ ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, linked traffic_selector_t *ts; traffic_selector_substructure_t *ts_substructure; private_ts_payload_t *this; - + this = (private_ts_payload_t*)ts_payload_create(is_initiator); - + iterator = traffic_selectors->create_iterator(traffic_selectors, TRUE); while (iterator->iterate(iterator, (void**)&ts)) { @@ -328,7 +328,7 @@ ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, linked this->public.add_traffic_selector_substructure(&(this->public), ts_substructure); } iterator->destroy(iterator); - + return &(this->public); } diff --git a/src/charon/encoding/payloads/ts_payload.h b/src/charon/encoding/payloads/ts_payload.h index 3c8a6d595..1d198a6fa 100644 --- a/src/charon/encoding/payloads/ts_payload.h +++ b/src/charon/encoding/payloads/ts_payload.h @@ -47,7 +47,7 @@ struct ts_payload_t { * The payload_t interface. */ payload_t payload_interface; - + /** * Get the type of TSpayload (TSi or TSr). * @@ -56,16 +56,16 @@ struct ts_payload_t { * - FALSE if this payload is of type TSr */ bool (*get_initiator) (ts_payload_t *this); - + /** * Set the type of TS payload (TSi or TSr). * - * @param is_initiator + * @param is_initiator * - TRUE if this payload is of type TSi * - FALSE if this payload is of type TSr */ void (*set_initiator) (ts_payload_t *this,bool is_initiator); - + /** * Adds a traffic_selector_substructure_t object to this object. * @@ -73,12 +73,12 @@ struct ts_payload_t { */ void (*add_traffic_selector_substructure) (ts_payload_t *this, traffic_selector_substructure_t *traffic_selector); - + /** * Creates an iterator of stored traffic_selector_substructure_t objects. - * - * When removing an traffic_selector_substructure_t object - * using this iterator, the length of this payload + * + * When removing an traffic_selector_substructure_t object + * using this iterator, the length of this payload * has to get refreshed by calling payload_t.get_length! * * @param forward iterator direction (TRUE: front to end) @@ -86,10 +86,10 @@ struct ts_payload_t { */ iterator_t *(*create_traffic_selector_substructure_iterator) ( ts_payload_t *this, bool forward); - + /** * Get a list of nested traffic selectors as traffic_selector_t. - * + * * Resulting list and its traffic selectors must be destroyed after usage * * @return list of traffic selectors @@ -104,8 +104,8 @@ struct ts_payload_t { /** * Creates an empty ts_payload_t object. - * - * @param is_initiator + * + * @param is_initiator * - TRUE if this payload is of type TSi * - FALSE if this payload is of type TSr * @return ts_payload_t object @@ -114,14 +114,14 @@ ts_payload_t *ts_payload_create(bool is_initiator); /** * Creates ts_payload with a list of traffic_selector_t - * - * @param is_initiator + * + * @param is_initiator * - TRUE if this payload is of type TSi * - FALSE if this payload is of type TSr * @param traffic_selectors list of traffic selectors to include * @return ts_payload_t object */ -ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, +ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, linked_list_t *traffic_selectors); #endif /** TS_PAYLOAD_H_ @}*/ diff --git a/src/charon/encoding/payloads/unknown_payload.c b/src/charon/encoding/payloads/unknown_payload.c index 309663233..3c31ab1a2 100644 --- a/src/charon/encoding/payloads/unknown_payload.c +++ b/src/charon/encoding/payloads/unknown_payload.c @@ -26,12 +26,12 @@ typedef struct private_unknown_payload_t private_unknown_payload_t; * Private data of an unknown_payload_t object. */ struct private_unknown_payload_t { - + /** * Public unknown_payload_t interface. */ unknown_payload_t public; - + /** * Next payload type. */ @@ -41,12 +41,12 @@ struct private_unknown_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * The contained data. */ @@ -55,10 +55,10 @@ struct private_unknown_payload_t { /** * Encoding rules to parse an payload which is not further specified. - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_unknown_payload_t. - * + * */ encoding_rule_t unknown_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -146,7 +146,7 @@ static size_t get_length(private_unknown_payload_t *this) */ static bool is_critical(private_unknown_payload_t *this) { - return this->critical; + return this->critical; } /** @@ -166,8 +166,8 @@ static void destroy(private_unknown_payload_t *this) { chunk_free(&(this->data)); } - - free(this); + + free(this); } /* @@ -185,12 +185,12 @@ unknown_payload_t *unknown_payload_create() this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.destroy = (void (*) (unknown_payload_t *)) destroy; this->public.is_critical = (bool (*) (unknown_payload_t *)) is_critical; this->public.get_data = (chunk_t (*) (unknown_payload_t *)) get_data; - + /* private variables */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; diff --git a/src/charon/encoding/payloads/unknown_payload.h b/src/charon/encoding/payloads/unknown_payload.h index 44b6e1a71..c761ed2b6 100644 --- a/src/charon/encoding/payloads/unknown_payload.h +++ b/src/charon/encoding/payloads/unknown_payload.h @@ -40,29 +40,29 @@ typedef struct unknown_payload_t unknown_payload_t; * a check for the critical bit in the header. */ struct unknown_payload_t { - + /** * The payload_t interface. */ payload_t payload_interface; - + /** - * Get the raw data of this payload, without + * Get the raw data of this payload, without * the generic payload header. - * + * * Returned data are NOT copied and must not be freed. * * @return data as chunk_t */ chunk_t (*get_data) (unknown_payload_t *this); - + /** * Get the critical flag. * * @return TRUE if payload is critical, FALSE if not */ bool (*is_critical) (unknown_payload_t *this); - + /** * Destroys an unknown_payload_t object. */ @@ -71,7 +71,7 @@ struct unknown_payload_t { /** * Creates an empty unknown_payload_t object. - * + * * @return unknown_payload_t object */ unknown_payload_t *unknown_payload_create(void); diff --git a/src/charon/encoding/payloads/vendor_id_payload.c b/src/charon/encoding/payloads/vendor_id_payload.c index 52d9e12a5..dc16763e0 100644 --- a/src/charon/encoding/payloads/vendor_id_payload.c +++ b/src/charon/encoding/payloads/vendor_id_payload.c @@ -23,14 +23,14 @@ typedef struct private_vendor_id_payload_t private_vendor_id_payload_t; /** * Private data of an vendor_id_payload_t object. - * + * */ struct private_vendor_id_payload_t { /** * Public vendor_id_payload_t interface. */ vendor_id_payload_t public; - + /** * Next payload type. */ @@ -40,12 +40,12 @@ struct private_vendor_id_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * The contained vendor_id data value. */ @@ -54,10 +54,10 @@ struct private_vendor_id_payload_t { /** * Encoding rules to parse or generate a VENDOR ID payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_vendor_id_payload_t. - * + * */ encoding_rule_t vendor_id_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -185,7 +185,7 @@ static void destroy(private_vendor_id_payload_t *this) { chunk_free(&(this->vendor_id_data)); } - free(this); + free(this); } /* @@ -203,13 +203,13 @@ vendor_id_payload_t *vendor_id_payload_create() this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.destroy = (void (*) (vendor_id_payload_t *)) destroy; this->public.set_data = (void (*) (vendor_id_payload_t *,chunk_t)) set_data; this->public.get_data_clone = (chunk_t (*) (vendor_id_payload_t *)) get_data_clone; this->public.get_data = (chunk_t (*) (vendor_id_payload_t *)) get_data; - + /* private variables */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; diff --git a/src/charon/encoding/payloads/vendor_id_payload.h b/src/charon/encoding/payloads/vendor_id_payload.h index 9ee9ea1d4..76d422e0a 100644 --- a/src/charon/encoding/payloads/vendor_id_payload.h +++ b/src/charon/encoding/payloads/vendor_id_payload.h @@ -46,31 +46,31 @@ struct vendor_id_payload_t { /** * Set the VID data. - * + * * Data are getting cloned. * * @param data VID data as chunk_t */ void (*set_data) (vendor_id_payload_t *this, chunk_t data); - + /** * Get the VID data. - * + * * Returned data are a copy of the internal one. * * @return VID data as chunk_t */ chunk_t (*get_data_clone) (vendor_id_payload_t *this); - + /** * Get the VID data. - * + * * Returned data are NOT copied. * * @return VID data as chunk_t */ chunk_t (*get_data) (vendor_id_payload_t *this); - + /** * Destroys an vendor_id_payload_t object. */ @@ -79,7 +79,7 @@ struct vendor_id_payload_t { /** * Creates an empty vendor_id_payload_t object. - * + * * @return vendor_id_payload_t object */ vendor_id_payload_t *vendor_id_payload_create(void); diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c index f33451383..b1a1d703f 100644 --- a/src/charon/kernel/kernel_interface.c +++ b/src/charon/kernel/kernel_interface.c @@ -30,12 +30,12 @@ struct private_kernel_interface_t { * Public part of kernel_interface_t object. */ kernel_interface_t public; - + /** * ipsec interface */ kernel_ipsec_t *ipsec; - + /** * network interface */ @@ -45,7 +45,7 @@ struct private_kernel_interface_t { /** * Implementation of kernel_interface_t.get_spi */ -static status_t get_spi(private_kernel_interface_t *this, host_t *src, host_t *dst, +static status_t get_spi(private_kernel_interface_t *this, host_t *src, host_t *dst, protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi) { if (!this->ipsec) @@ -58,7 +58,7 @@ static status_t get_spi(private_kernel_interface_t *this, host_t *src, host_t *d /** * Implementation of kernel_interface_t.get_cpi */ -static status_t get_cpi(private_kernel_interface_t *this, host_t *src, host_t *dst, +static status_t get_cpi(private_kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t reqid, u_int16_t *cpi) { if (!this->ipsec) @@ -92,7 +92,7 @@ static status_t add_sa(private_kernel_interface_t *this, host_t *src, host_t *ds * Implementation of kernel_interface_t.update_sa */ static status_t update_sa(private_kernel_interface_t *this, u_int32_t spi, - protocol_id_t protocol, u_int16_t cpi, host_t *src, host_t *dst, + protocol_id_t protocol, u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, bool encap, bool new_encap) { if (!this->ipsec) @@ -289,13 +289,13 @@ static status_t get_address_by_ts(private_kernel_interface_t *this, host_t *host; int family; bool found = FALSE; - + DBG2(DBG_KNL, "getting a local address in traffic selector %R", ts); - + /* if we have a family which includes localhost, we do not * search for an IP, we use the default */ family = ts->get_type(ts) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6; - + if (family == AF_INET) { host = host_create_from_string("127.0.0.1", 0); @@ -304,7 +304,7 @@ static status_t get_address_by_ts(private_kernel_interface_t *this, { host = host_create_from_string("::1", 0); } - + if (ts->includes(ts, host)) { *ip = host_create_any(family); @@ -313,7 +313,7 @@ static status_t get_address_by_ts(private_kernel_interface_t *this, return SUCCESS; } host->destroy(host); - + addrs = create_address_enumerator(this, TRUE, TRUE); while (addrs->enumerate(addrs, (void**)&host)) { @@ -325,13 +325,13 @@ static status_t get_address_by_ts(private_kernel_interface_t *this, } } addrs->destroy(addrs); - + if (!found) { DBG1(DBG_KNL, "no local address found in traffic selector %R", ts); return FAILED; } - + DBG2(DBG_KNL, "using host %H", *ip); return SUCCESS; } @@ -395,7 +395,7 @@ static void destroy(private_kernel_interface_t *this) kernel_interface_t *kernel_interface_create() { private_kernel_interface_t *this = malloc_thing(private_kernel_interface_t); - + this->public.get_spi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi; this->public.get_cpi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi; this->public.add_sa = (status_t(*)(kernel_interface_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool))add_sa; @@ -405,7 +405,7 @@ kernel_interface_t *kernel_interface_create() this->public.add_policy = (status_t(*)(kernel_interface_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy; this->public.query_policy = (status_t(*)(kernel_interface_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy; this->public.del_policy = (status_t(*)(kernel_interface_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy; - + this->public.get_source_addr = (host_t*(*)(kernel_interface_t*, host_t *dest, host_t *src))get_source_addr; this->public.get_nexthop = (host_t*(*)(kernel_interface_t*, host_t *dest))get_nexthop; this->public.get_interface = (char*(*)(kernel_interface_t*,host_t*))get_interface; @@ -414,18 +414,18 @@ kernel_interface_t *kernel_interface_create() this->public.del_ip = (status_t(*)(kernel_interface_t*,host_t*)) del_ip; this->public.add_route = (status_t(*)(kernel_interface_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) add_route; this->public.del_route = (status_t(*)(kernel_interface_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) del_route; - + this->public.get_address_by_ts = (status_t(*)(kernel_interface_t*,traffic_selector_t*,host_t**))get_address_by_ts; - + this->public.add_ipsec_interface = (void(*)(kernel_interface_t*, kernel_ipsec_constructor_t))add_ipsec_interface; this->public.remove_ipsec_interface = (void(*)(kernel_interface_t*, kernel_ipsec_constructor_t))remove_ipsec_interface; this->public.add_net_interface = (void(*)(kernel_interface_t*, kernel_net_constructor_t))add_net_interface; this->public.remove_net_interface = (void(*)(kernel_interface_t*, kernel_net_constructor_t))remove_net_interface; - + this->public.destroy = (void (*)(kernel_interface_t*))destroy; - + this->ipsec = NULL; this->net = NULL; - + return &this->public; } diff --git a/src/charon/kernel/kernel_interface.h b/src/charon/kernel/kernel_interface.h index f4247a260..505fb1f56 100644 --- a/src/charon/kernel/kernel_interface.h +++ b/src/charon/kernel/kernel_interface.h @@ -45,7 +45,7 @@ typedef kernel_net_t* (*kernel_net_constructor_t)(void); /** * Manager and wrapper for different kernel interfaces. - * + * * The kernel interface handles the communication with the kernel * for SA and policy management and interface and IP address management. */ @@ -61,21 +61,21 @@ struct kernel_interface_t { * @param spi allocated spi * @return SUCCESS if operation completed */ - status_t (*get_spi)(kernel_interface_t *this, host_t *src, host_t *dst, + status_t (*get_spi)(kernel_interface_t *this, host_t *src, host_t *dst, protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi); - + /** * Get a Compression Parameter Index (CPI) from the kernel. - * + * * @param src source address of SA * @param dst destination address of SA * @param reqid unique ID for the corresponding SA * @param cpi allocated cpi * @return SUCCESS if operation completed */ - status_t (*get_cpi)(kernel_interface_t *this, host_t *src, host_t *dst, + status_t (*get_cpi)(kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t reqid, u_int16_t *cpi); - + /** * Add an SA to the SAD. * @@ -110,7 +110,7 @@ struct kernel_interface_t { u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound); - + /** * Update the hosts on an installed SA. * @@ -133,13 +133,13 @@ struct kernel_interface_t { */ status_t (*update_sa)(kernel_interface_t *this, u_int32_t spi, protocol_id_t protocol, u_int16_t cpi, - host_t *src, host_t *dst, + host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, bool encap, bool new_encap); - + /** * Query the number of bytes processed by an SA from the SAD. - * + * * @param src source address for this SA * @param dst destination address for this SA * @param spi SPI allocated by us or remote peer @@ -149,10 +149,10 @@ struct kernel_interface_t { */ status_t (*query_sa) (kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes); - + /** * Delete a previously installed SA from the SAD. - * + * * @param src source address for this SA * @param dst destination address for this SA * @param spi SPI allocated by us or remote peer @@ -162,13 +162,13 @@ struct kernel_interface_t { */ status_t (*del_sa) (kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, protocol_id_t protocol, u_int16_t cpi); - + /** * Add a policy to the SPD. - * + * * A policy is always associated to an SA. Traffic which matches a * policy is handled by the SA with the same reqid. - * + * * @param src source address of SA * @param dst dest address of SA * @param src_ts traffic selector to match traffic source @@ -191,13 +191,13 @@ struct kernel_interface_t { protocol_id_t protocol, u_int32_t reqid, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool routed); - + /** * Query the use time of a policy. * * The use time of a policy is the time the policy was used * for the last time. - * + * * @param src_ts traffic selector to match traffic source * @param dst_ts traffic selector to match traffic dest * @param direction direction of traffic, POLICY_IN, POLICY_OUT, POLICY_FWD @@ -205,10 +205,10 @@ struct kernel_interface_t { * @return SUCCESS if operation completed */ status_t (*query_policy) (kernel_interface_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time); - + /** * Remove a policy from the SPD. * @@ -224,11 +224,11 @@ struct kernel_interface_t { * @return SUCCESS if operation completed */ status_t (*del_policy) (kernel_interface_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted); - + /** * Get our outgoing source address for a destination. * @@ -243,7 +243,7 @@ struct kernel_interface_t { */ host_t* (*get_source_addr)(kernel_interface_t *this, host_t *dest, host_t *src); - + /** * Get the next hop for a destination. * @@ -254,7 +254,7 @@ struct kernel_interface_t { * @return next hop address, NULL if unreachable */ host_t* (*get_nexthop)(kernel_interface_t *this, host_t *dest); - + /** * Get the interface name of a local address. * @@ -262,21 +262,21 @@ struct kernel_interface_t { * @return allocated interface name, or NULL if not found */ char* (*get_interface) (kernel_interface_t *this, host_t *host); - + /** * Creates an enumerator over all local addresses. - * + * * This function blocks an internal cached address list until the * enumerator gets destroyed. * The hosts are read-only, do not modify of free. - * + * * @param include_down_ifaces TRUE to enumerate addresses from down interfaces * @param include_virtual_ips TRUE to enumerate virtual ip addresses * @return enumerator over host_t's */ enumerator_t *(*create_address_enumerator) (kernel_interface_t *this, bool include_down_ifaces, bool include_virtual_ips); - + /** * Add a virtual IP to an interface. * @@ -291,7 +291,7 @@ struct kernel_interface_t { */ status_t (*add_ip) (kernel_interface_t *this, host_t *virtual_ip, host_t *iface_ip); - + /** * Remove a virtual IP from an interface. * @@ -301,10 +301,10 @@ struct kernel_interface_t { * @return SUCCESS if operation completed */ status_t (*del_ip) (kernel_interface_t *this, host_t *virtual_ip); - + /** * Add a route. - * + * * @param dst_net destination net * @param prefixlen destination net prefix length * @param gateway gateway for this route @@ -315,10 +315,10 @@ struct kernel_interface_t { */ status_t (*add_route) (kernel_interface_t *this, chunk_t dst_net, u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name); - + /** * Delete a route. - * + * * @param dst_net destination net * @param prefixlen destination net prefix length * @param gateway gateway for this route @@ -328,50 +328,50 @@ struct kernel_interface_t { */ status_t (*del_route) (kernel_interface_t *this, chunk_t dst_net, u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name); - + /** * manager methods */ - + /** * Tries to find an ip address of a local interface that is included in the * supplied traffic selector. - * + * * @param ts traffic selector * @param ip returned ip (has to be destroyed) * @return SUCCESS if address found */ status_t (*get_address_by_ts) (kernel_interface_t *this, traffic_selector_t *ts, host_t **ip); - + /** * Register an ipsec kernel interface constructor on the manager. * * @param create constructor to register */ void (*add_ipsec_interface)(kernel_interface_t *this, kernel_ipsec_constructor_t create); - + /** * Unregister an ipsec kernel interface constructor. * * @param create constructor to unregister */ void (*remove_ipsec_interface)(kernel_interface_t *this, kernel_ipsec_constructor_t create); - + /** * Register a network kernel interface constructor on the manager. * * @param create constructor to register */ void (*add_net_interface)(kernel_interface_t *this, kernel_net_constructor_t create); - + /** * Unregister a network kernel interface constructor. * * @param create constructor to unregister */ void (*remove_net_interface)(kernel_interface_t *this, kernel_net_constructor_t create); - + /** * Destroys a kernel_interface_manager_t object. */ diff --git a/src/charon/kernel/kernel_ipsec.h b/src/charon/kernel/kernel_ipsec.h index b21be849d..fdcc5f40a 100644 --- a/src/charon/kernel/kernel_ipsec.h +++ b/src/charon/kernel/kernel_ipsec.h @@ -71,9 +71,9 @@ extern enum_name_t *policy_dir_names; /** * Interface to the ipsec subsystem of the kernel. - * + * * The kernel ipsec interface handles the communication with the kernel - * for SA and policy management. It allows setup of these, and provides + * for SA and policy management. It allows setup of these, and provides * further the handling of kernel events. * Policy information are cached in the interface. This is necessary to do * reference counting. The Linux kernel does not allow the same policy @@ -81,7 +81,7 @@ extern enum_name_t *policy_dir_names; * when rekeying. Thats why we do reference counting of policies. */ struct kernel_ipsec_t { - + /** * Get a SPI from the kernel. * @@ -92,21 +92,21 @@ struct kernel_ipsec_t { * @param spi allocated spi * @return SUCCESS if operation completed */ - status_t (*get_spi)(kernel_ipsec_t *this, host_t *src, host_t *dst, + status_t (*get_spi)(kernel_ipsec_t *this, host_t *src, host_t *dst, protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi); - + /** * Get a Compression Parameter Index (CPI) from the kernel. - * + * * @param src source address of SA * @param dst destination address of SA * @param reqid unique ID for the corresponding SA * @param cpi allocated cpi * @return SUCCESS if operation completed */ - status_t (*get_cpi)(kernel_ipsec_t *this, host_t *src, host_t *dst, + status_t (*get_cpi)(kernel_ipsec_t *this, host_t *src, host_t *dst, u_int32_t reqid, u_int16_t *cpi); - + /** * Add an SA to the SAD. * @@ -141,7 +141,7 @@ struct kernel_ipsec_t { u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound); - + /** * Update the hosts on an installed SA. * @@ -164,13 +164,13 @@ struct kernel_ipsec_t { */ status_t (*update_sa)(kernel_ipsec_t *this, u_int32_t spi, protocol_id_t protocol, u_int16_t cpi, - host_t *src, host_t *dst, + host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, bool encap, bool new_encap); - + /** * Query the number of bytes processed by an SA from the SAD. - * + * * @param src source address for this SA * @param dst destination address for this SA * @param spi SPI allocated by us or remote peer @@ -180,10 +180,10 @@ struct kernel_ipsec_t { */ status_t (*query_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes); - + /** * Delete a previusly installed SA from the SAD. - * + * * @param src source address for this SA * @param dst destination address for this SA * @param spi SPI allocated by us or remote peer @@ -193,13 +193,13 @@ struct kernel_ipsec_t { */ status_t (*del_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, protocol_id_t protocol, u_int16_t cpi); - + /** * Add a policy to the SPD. - * + * * A policy is always associated to an SA. Traffic which matches a * policy is handled by the SA with the same reqid. - * + * * @param src source address of SA * @param dst dest address of SA * @param src_ts traffic selector to match traffic source @@ -222,14 +222,14 @@ struct kernel_ipsec_t { protocol_id_t protocol, u_int32_t reqid, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool routed); - + /** * Query the use time of a policy. * * The use time of a policy is the time the policy was used for the last * time. It is not the system time, but a monotonic timestamp as returned * by time_monotonic. - * + * * @param src_ts traffic selector to match traffic source * @param dst_ts traffic selector to match traffic dest * @param direction direction of traffic, POLICY_IN, POLICY_OUT, POLICY_FWD @@ -237,10 +237,10 @@ struct kernel_ipsec_t { * @return SUCCESS if operation completed */ status_t (*query_policy) (kernel_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time); - + /** * Remove a policy from the SPD. * @@ -256,11 +256,11 @@ struct kernel_ipsec_t { * @return SUCCESS if operation completed */ status_t (*del_policy) (kernel_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted); - + /** * Destroy the implementation. */ diff --git a/src/charon/kernel/kernel_net.h b/src/charon/kernel/kernel_net.h index 02242f3a8..efb221f88 100644 --- a/src/charon/kernel/kernel_net.h +++ b/src/charon/kernel/kernel_net.h @@ -29,7 +29,7 @@ typedef struct kernel_net_t kernel_net_t; /** * Interface to the network subsystem of the kernel. - * + * * The kernel network interface handles the communication with the kernel * for interface and IP address management. */ @@ -48,7 +48,7 @@ struct kernel_net_t { * @return outgoing source address, NULL if unreachable */ host_t* (*get_source_addr)(kernel_net_t *this, host_t *dest, host_t *src); - + /** * Get the next hop for a destination. * @@ -59,7 +59,7 @@ struct kernel_net_t { * @return next hop address, NULL if unreachable */ host_t* (*get_nexthop)(kernel_net_t *this, host_t *dest); - + /** * Get the interface name of a local address. * @@ -67,21 +67,21 @@ struct kernel_net_t { * @return allocated interface name, or NULL if not found */ char* (*get_interface) (kernel_net_t *this, host_t *host); - + /** * Creates an enumerator over all local addresses. - * + * * This function blocks an internal cached address list until the * enumerator gets destroyed. * The hosts are read-only, do not modify of free. - * + * * @param include_down_ifaces TRUE to enumerate addresses from down interfaces * @param include_virtual_ips TRUE to enumerate virtual ip addresses * @return enumerator over host_t's */ enumerator_t *(*create_address_enumerator) (kernel_net_t *this, bool include_down_ifaces, bool include_virtual_ips); - + /** * Add a virtual IP to an interface. * @@ -96,7 +96,7 @@ struct kernel_net_t { */ status_t (*add_ip) (kernel_net_t *this, host_t *virtual_ip, host_t *iface_ip); - + /** * Remove a virtual IP from an interface. * @@ -106,10 +106,10 @@ struct kernel_net_t { * @return SUCCESS if operation completed */ status_t (*del_ip) (kernel_net_t *this, host_t *virtual_ip); - + /** * Add a route. - * + * * @param dst_net destination net * @param prefixlen destination net prefix length * @param gateway gateway for this route @@ -120,10 +120,10 @@ struct kernel_net_t { */ status_t (*add_route) (kernel_net_t *this, chunk_t dst_net, u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name); - + /** * Delete a route. - * + * * @param dst_net destination net * @param prefixlen destination net prefix length * @param gateway gateway for this route @@ -133,7 +133,7 @@ struct kernel_net_t { */ status_t (*del_route) (kernel_net_t *this, chunk_t dst_net, u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name); - + /** * Destroy the implementation. */ diff --git a/src/charon/network/packet.c b/src/charon/network/packet.c index fd3a274bd..19a62603d 100644 --- a/src/charon/network/packet.c +++ b/src/charon/network/packet.c @@ -27,17 +27,17 @@ struct private_packet_t { * Public part of a packet_t object. */ packet_t public; - + /** * source address */ host_t *source; - + /** * destination address */ host_t *destination; - + /** * message data */ @@ -77,7 +77,7 @@ static host_t *get_destination(private_packet_t *this) { return this->destination; } - + /** * Implements packet_t.get_data */ @@ -103,7 +103,7 @@ static void destroy(private_packet_t *this) if (this->source != NULL) { this->source->destroy(this->source); - } + } if (this->destination != NULL) { this->destination->destroy(this->destination); @@ -118,7 +118,7 @@ static void destroy(private_packet_t *this) static packet_t *clone_(private_packet_t *this) { private_packet_t *other = (private_packet_t*)packet_create(); - + if (this->destination != NULL) { other->destination = this->destination->clone(this->destination); @@ -150,10 +150,10 @@ packet_t *packet_create(void) this->public.get_destination = (host_t*(*) (packet_t *)) get_destination; this->public.clone = (packet_t*(*) (packet_t *))clone_; this->public.destroy = (void(*) (packet_t *)) destroy; - + this->destination = NULL; this->source = NULL; this->data = chunk_empty; - + return &(this->public); } diff --git a/src/charon/network/packet.h b/src/charon/network/packet.h index aacb203e9..18d82c6fc 100644 --- a/src/charon/network/packet.h +++ b/src/charon/network/packet.h @@ -34,71 +34,71 @@ struct packet_t { /** * Set the source address. - * + * * Set host_t is now owned by packet_t, it will destroy * it if necessary. - * + * * @param source address to set as source */ void (*set_source) (packet_t *packet, host_t *source); - + /** * Set the destination address. - * + * * Set host_t is now owned by packet_t, it will destroy * it if necessary. - * + * * @param source address to set as destination */ void (*set_destination) (packet_t *packet, host_t *destination); - + /** * Get the source address. - * + * * Set host_t is still owned by packet_t, clone it * if needed. - * + * * @return source address */ host_t *(*get_source) (packet_t *packet); - + /** * Get the destination address. - * + * * Set host_t is still owned by packet_t, clone it * if needed. - * + * * @return destination address */ host_t *(*get_destination) (packet_t *packet); - + /** * Get the data from the packet. - * - * The data pointed by the chunk is still owned + * + * The data pointed by the chunk is still owned * by the packet. Clone it if needed. - * + * * @return chunk containing the data */ chunk_t (*get_data) (packet_t *packet); - + /** * Set the data in the packet. - * - * Supplied chunk data is now owned by the + * + * Supplied chunk data is now owned by the * packet. It will free it. - * + * * @param data chunk with data to set */ void (*set_data) (packet_t *packet, chunk_t data); - + /** * Clones a packet_t object. - * + * * @param clone clone of the packet */ packet_t* (*clone) (packet_t *packet); - + /** * Destroy the packet, freeing contained data. */ @@ -107,7 +107,7 @@ struct packet_t { /** * create an empty packet - * + * * @return packet_t object */ packet_t *packet_create(void); diff --git a/src/charon/network/receiver.c b/src/charon/network/receiver.c index 5c24a6270..1a33251b6 100644 --- a/src/charon/network/receiver.c +++ b/src/charon/network/receiver.c @@ -50,57 +50,57 @@ struct private_receiver_t { * Public part of a receiver_t object. */ receiver_t public; - + /** * Threads job receiving packets */ callback_job_t *job; - + /** * Assigned thread. */ pthread_t assigned_thread; - + /** * current secret to use for cookie calculation */ char secret[SECRET_LENGTH]; - + /** * previous secret used to verify older cookies */ char secret_old[SECRET_LENGTH]; - + /** * how many times we have used "secret" so far */ u_int32_t secret_used; - + /** * time we did the cookie switch */ u_int32_t secret_switch; - + /** * time offset to use, hides our system time */ u_int32_t secret_offset; - + /** * the RNG to use for secret generation */ rng_t *rng; - + /** * hasher to use for cookie calculation */ hasher_t *hasher; - + /** * require cookies after this many half open IKE_SAs */ u_int32_t cookie_threshold; - + /** * how many half open IKE_SAs per peer before blocking */ @@ -119,7 +119,7 @@ static void send_notify(message_t *request, notify_type_t type, chunk_t data) host_t *src, *dst; packet_t *packet; ike_sa_id_t *ike_sa_id; - + response = message_create(); dst = request->get_source(request); src = request->get_destination(request); @@ -149,7 +149,7 @@ static chunk_t cookie_build(private_receiver_t *this, message_t *message, u_int64_t spi = message->get_initiator_spi(message); host_t *ip = message->get_source(message); chunk_t input, hash; - + /* COOKIE = t | sha1( IPi | SPIi | t | secret ) */ input = chunk_cata("cccc", ip->get_address(ip), chunk_from_thing(spi), chunk_from_thing(t), secret); @@ -167,18 +167,18 @@ static bool cookie_verify(private_receiver_t *this, message_t *message, u_int32_t t, now; chunk_t reference; chunk_t secret; - + now = time_monotonic(NULL); t = *(u_int32_t*)cookie.ptr; - + if (cookie.len != sizeof(u_int32_t) + - this->hasher->get_hash_size(this->hasher) || + this->hasher->get_hash_size(this->hasher) || t < now - this->secret_offset - COOKIE_LIFETIME) { DBG2(DBG_NET, "received cookie lifetime expired, rejecting"); - return FALSE; + return FALSE; } - + /* check if cookie is derived from old_secret */ if (t + this->secret_offset > this->secret_switch) { @@ -188,7 +188,7 @@ static bool cookie_verify(private_receiver_t *this, message_t *message, { secret = chunk_from_thing(this->secret_old); } - + /* compare own calculation against received */ reference = cookie_build(this, message, t, secret); if (chunk_equals(reference, cookie)) @@ -206,20 +206,20 @@ static bool cookie_verify(private_receiver_t *this, message_t *message, static bool cookie_required(private_receiver_t *this, message_t *message) { bool failed = FALSE; - + if (charon->ike_sa_manager->get_half_open_count(charon->ike_sa_manager, NULL) >= this->cookie_threshold) { /* check for a cookie. We don't use our parser here and do it - * quick and dirty for performance reasons. - * we assume the cookie is the first payload (which is a MUST), and + * quick and dirty for performance reasons. + * we assume the cookie is the first payload (which is a MUST), and * the cookie's SPI length is zero. */ packet_t *packet = message->get_packet(message); chunk_t data = packet->get_data(packet); - if (data.len < + if (data.len < IKE_HEADER_LENGTH + NOTIFY_PAYLOAD_HEADER_LENGTH + sizeof(u_int32_t) + this->hasher->get_hash_size(this->hasher) || - *(data.ptr + 16) != NOTIFY || + *(data.ptr + 16) != NOTIFY || *(u_int16_t*)(data.ptr + IKE_HEADER_LENGTH + 6) != htons(COOKIE)) { /* no cookie found */ @@ -261,14 +261,14 @@ static job_requeue_t receive_packets(private_receiver_t *this) packet_t *packet; message_t *message; job_t *job; - + /* read in a packet */ if (charon->socket->receive(charon->socket, &packet) != SUCCESS) { DBG2(DBG_NET, "receiving from socket failed!"); return JOB_REQUEUE_FAIR; } - + /* parse message header */ message = message_create_from_packet(packet); if (message->parse_header(message) != SUCCESS) @@ -278,18 +278,18 @@ static job_requeue_t receive_packets(private_receiver_t *this) message->destroy(message); return JOB_REQUEUE_DIRECT; } - + /* check IKE major version */ if (message->get_major_version(message) != IKE_MAJOR_VERSION) { DBG1(DBG_NET, "received unsupported IKE version %d.%d from %H, " - "sending INVALID_MAJOR_VERSION", message->get_major_version(message), + "sending INVALID_MAJOR_VERSION", message->get_major_version(message), message->get_minor_version(message), packet->get_source(packet)); send_notify(message, INVALID_MAJOR_VERSION, chunk_empty); message->destroy(message); return JOB_REQUEUE_DIRECT; } - + if (message->get_request(message) && message->get_exchange_type(message) == IKE_SA_INIT) { @@ -299,7 +299,7 @@ static job_requeue_t receive_packets(private_receiver_t *this) u_int32_t now = time_monotonic(NULL); chunk_t cookie = cookie_build(this, message, now - this->secret_offset, chunk_from_thing(this->secret)); - + DBG2(DBG_NET, "received packet from: %#H to %#H", message->get_source(message), message->get_destination(message)); @@ -312,7 +312,7 @@ static job_requeue_t receive_packets(private_receiver_t *this) /* create new cookie */ DBG1(DBG_NET, "generating new cookie secret after %d uses", this->secret_used); - memcpy(this->secret_old, this->secret, SECRET_LENGTH); + memcpy(this->secret_old, this->secret, SECRET_LENGTH); this->rng->get_bytes(this->rng, SECRET_LENGTH, this->secret); this->secret_switch = now; this->secret_used = 0; @@ -320,7 +320,7 @@ static job_requeue_t receive_packets(private_receiver_t *this) message->destroy(message); return JOB_REQUEUE_DIRECT; } - + /* check if peer has not too many IKE_SAs half open */ if (this->block_threshold && peer_to_aggressive(this, message)) { @@ -353,9 +353,9 @@ receiver_t *receiver_create() { private_receiver_t *this = malloc_thing(private_receiver_t); u_int32_t now = time_monotonic(NULL); - + this->public.destroy = (void(*)(receiver_t*)) destroy; - + this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_PREFERRED); if (this->hasher == NULL) { @@ -385,11 +385,11 @@ receiver_t *receiver_create() this->cookie_threshold = 0; this->block_threshold = 0; } - + this->job = callback_job_create((callback_job_cb_t)receive_packets, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public; } diff --git a/src/charon/network/receiver.h b/src/charon/network/receiver.h index 87797634e..d4187cc66 100644 --- a/src/charon/network/receiver.h +++ b/src/charon/network/receiver.h @@ -29,7 +29,7 @@ typedef struct receiver_t receiver_t; /** * Receives packets from the socket and adds them to the job queue. - * + * * The receiver starts a thread, wich reads on the blocking socket. A received * packet is preparsed and a process_message_job is queued in the job queue. * @@ -45,12 +45,12 @@ typedef struct receiver_t receiver_t; * * The secret is changed after a certain amount of cookies sent. The old * secret is stored to allow a clean migration between secret changes. - * + * * Further, the number of half-initiated IKE_SAs is limited per peer. This * mades it impossible for a peer to flood the server with its real IP address. */ struct receiver_t { - + /** * Destroys a receiver_t object. */ @@ -59,10 +59,10 @@ struct receiver_t { /** * Create a receiver_t object. - * + * * The receiver thread will start working, get data * from the socket and add those packets to the job queue. - * + * * @return receiver_t object, NULL if initialization fails */ receiver_t * receiver_create(void); diff --git a/src/charon/network/sender.c b/src/charon/network/sender.c index 19f589115..402773f89 100644 --- a/src/charon/network/sender.c +++ b/src/charon/network/sender.c @@ -40,7 +40,7 @@ struct private_sender_t { * Sender threads job. */ callback_job_t *job; - + /** * The packets are stored in a linked list */ @@ -55,7 +55,7 @@ struct private_sender_t { * condvar to signal for packets added to list */ condvar_t *got; - + /** * condvar to signal for packets sent */ @@ -68,11 +68,11 @@ struct private_sender_t { static void send_(private_sender_t *this, packet_t *packet) { host_t *src, *dst; - + src = packet->get_source(packet); dst = packet->get_destination(packet); DBG1(DBG_NET, "sending packet: from %#H to %#H", src, dst); - + this->mutex->lock(this->mutex); this->list->insert_last(this->list, packet); this->got->signal(this->got); @@ -86,23 +86,23 @@ static job_requeue_t send_packets(private_sender_t * this) { packet_t *packet; int oldstate; - + this->mutex->lock(this->mutex); while (this->list->get_count(this->list) == 0) { /* add cleanup handler, wait for packet, remove cleanup handler */ pthread_cleanup_push((void(*)(void*))this->mutex->unlock, this->mutex); pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); - + this->got->wait(this->got, this->mutex); - + pthread_setcancelstate(oldstate, NULL); pthread_cleanup_pop(0); } this->list->remove_first(this->list, (void**)&packet); this->sent->signal(this->sent); this->mutex->unlock(this->mutex); - + charon->socket->send(charon->socket, packet); packet->destroy(packet); return JOB_REQUEUE_DIRECT; @@ -134,19 +134,19 @@ static void destroy(private_sender_t *this) sender_t * sender_create() { private_sender_t *this = malloc_thing(private_sender_t); - + this->public.send = (void(*)(sender_t*,packet_t*))send_; this->public.destroy = (void(*)(sender_t*)) destroy; - + this->list = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); this->got = condvar_create(CONDVAR_TYPE_DEFAULT); this->sent = condvar_create(CONDVAR_TYPE_DEFAULT); - + this->job = callback_job_create((callback_job_cb_t)send_packets, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public; } diff --git a/src/charon/network/sender.h b/src/charon/network/sender.h index 55f67af70..0ac775520 100644 --- a/src/charon/network/sender.h +++ b/src/charon/network/sender.h @@ -31,7 +31,7 @@ typedef struct sender_t sender_t; * Thread responsible for sending packets over the socket. */ struct sender_t { - + /** * Send a packet over the network. * @@ -42,7 +42,7 @@ struct sender_t { * @param packet packet to send */ void (*send) (sender_t *this, packet_t *packet); - + /** * Destroys a sender object. */ @@ -51,10 +51,10 @@ struct sender_t { /** * Create the sender thread. - * + * * The thread will start to work, getting packets * from its queue and sends them out. - * + * * @return created sender object */ sender_t * sender_create(void); diff --git a/src/charon/network/socket-raw.c b/src/charon/network/socket-raw.c index 148be486c..18b31d637 100644 --- a/src/charon/network/socket-raw.c +++ b/src/charon/network/socket-raw.c @@ -85,12 +85,12 @@ struct private_socket_t{ * port used for nat-t */ int natt_port; - + /** * raw receiver socket for IPv4 */ int recv4; - + /** * raw receiver socket for IPv6 */ @@ -132,7 +132,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet) fd_set rfds; FD_ZERO(&rfds); - + if (this->recv4) { FD_SET(this->recv4, &rfds); @@ -141,9 +141,9 @@ static status_t receiver(private_socket_t *this, packet_t **packet) { FD_SET(this->recv6, &rfds); } - + DBG2(DBG_NET, "waiting for data on raw sockets"); - + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); if (select(max(this->recv4, this->recv6) + 1, &rfds, NULL, NULL, NULL) <= 0) { @@ -151,14 +151,14 @@ static status_t receiver(private_socket_t *this, packet_t **packet) return FAILED; } pthread_setcancelstate(oldstate, NULL); - + if (this->recv4 && FD_ISSET(this->recv4, &rfds)) { /* IPv4 raw sockets return the IP header. We read src/dest * information directly from the raw header */ struct iphdr *ip; struct sockaddr_in src, dst; - + bytes_read = recv(this->recv4, buffer, MAX_PACKET, 0); if (bytes_read < 0) { @@ -166,7 +166,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet) return FAILED; } DBG3(DBG_NET, "received IPv4 packet %b", buffer, bytes_read); - + /* read source/dest from raw IP/UDP header */ if (bytes_read < IP_LEN + UDP_LEN + MARKER_LEN) { @@ -184,13 +184,13 @@ static status_t receiver(private_socket_t *this, packet_t **packet) dst.sin_port = udp->dest; source = host_create_from_sockaddr((sockaddr_t*)&src); dest = host_create_from_sockaddr((sockaddr_t*)&dst); - + pkt = packet_create(); pkt->set_source(pkt, source); pkt->set_destination(pkt, dest); DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest); data_offset = IP_LEN + UDP_LEN; - /* remove non esp marker */ + /* remove non esp marker */ if (dest->get_port(dest) == IKEV2_NATT_PORT) { data_offset += MARKER_LEN; @@ -210,7 +210,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet) struct sockaddr_in6 src, dst; struct iovec iov; char ancillary[64]; - + msg.msg_name = &src; msg.msg_namelen = sizeof(src); iov.iov_base = buffer; @@ -220,7 +220,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet) msg.msg_control = ancillary; msg.msg_controllen = sizeof(ancillary); msg.msg_flags = 0; - + bytes_read = recvmsg(this->recv6, &msg, 0); if (bytes_read < 0) { @@ -228,14 +228,14 @@ static status_t receiver(private_socket_t *this, packet_t **packet) return FAILED; } DBG3(DBG_NET, "received IPv6 packet %b", buffer, bytes_read); - + if (bytes_read < IP_LEN + UDP_LEN + MARKER_LEN) { DBG3(DBG_NET, "received IPv6 packet too short (%d bytes)", bytes_read); return FAILED; } - + /* read ancillary data to get destination address */ for (cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL; cmsgptr = CMSG_NXTHDR(&msg, cmsgptr)) @@ -244,13 +244,13 @@ static status_t receiver(private_socket_t *this, packet_t **packet) { DBG1(DBG_NET, "error reading IPv6 ancillary data"); return FAILED; - } + } if (cmsgptr->cmsg_level == SOL_IPV6 && cmsgptr->cmsg_type == IPV6_2292PKTINFO) { struct in6_pktinfo *pktinfo; pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr); - + memset(&dst, 0, sizeof(dst)); memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr)); dst.sin6_family = AF_INET6; @@ -266,15 +266,15 @@ static status_t receiver(private_socket_t *this, packet_t **packet) DBG1(DBG_NET, "error reading IPv6 packet header"); return FAILED; } - + source = host_create_from_sockaddr((sockaddr_t*)&src); - + pkt = packet_create(); pkt->set_source(pkt, source); pkt->set_destination(pkt, dest); DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest); data_offset = UDP_LEN; - /* remove non esp marker */ + /* remove non esp marker */ if (dest->get_port(dest) == IKEV2_NATT_PORT) { data_offset += MARKER_LEN; @@ -290,7 +290,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet) /* oops, shouldn't happen */ return FAILED; } - + /* return packet */ *packet = pkt; return SUCCESS; @@ -308,13 +308,13 @@ status_t sender(private_socket_t *this, packet_t *packet) struct msghdr msg; struct cmsghdr *cmsg; struct iovec iov; - + src = packet->get_source(packet); dst = packet->get_destination(packet); data = packet->get_data(packet); DBG2(DBG_NET, "sending packet: from %#H to %#H", src, dst); - + /* send data */ sport = src->get_port(src); family = dst->get_family(dst); @@ -362,7 +362,7 @@ status_t sender(private_socket_t *this, packet_t *packet) DBG1(DBG_NET, "unable to locate a send socket for port %d", sport); return FAILED; } - + memset(&msg, 0, sizeof(struct msghdr)); msg.msg_name = dst->get_sockaddr(dst);; msg.msg_namelen = *dst->get_sockaddr_len(dst); @@ -371,7 +371,7 @@ status_t sender(private_socket_t *this, packet_t *packet) msg.msg_iov = &iov; msg.msg_iovlen = 1; msg.msg_flags = 0; - + if (!src->is_anyaddr(src)) { if (family == AF_INET) @@ -379,7 +379,7 @@ status_t sender(private_socket_t *this, packet_t *packet) char buf[CMSG_SPACE(sizeof(struct in_pktinfo))]; struct in_pktinfo *pktinfo; struct sockaddr_in *sin; - + msg.msg_control = buf; msg.msg_controllen = sizeof(buf); cmsg = CMSG_FIRSTHDR(&msg); @@ -396,7 +396,7 @@ status_t sender(private_socket_t *this, packet_t *packet) char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))]; struct in6_pktinfo *pktinfo; struct sockaddr_in6 *sin; - + msg.msg_control = buf; msg.msg_controllen = sizeof(buf); cmsg = CMSG_FIRSTHDR(&msg); @@ -409,7 +409,7 @@ status_t sender(private_socket_t *this, packet_t *packet) memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr)); } } - + bytes_sent = sendmsg(skt, &msg, 0); if (bytes_sent != data.len) @@ -430,7 +430,7 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port) struct sockaddr_storage addr; u_int sol; int skt; - + memset(&addr, 0, sizeof(addr)); /* precalculate constants depending on address family */ switch (family) @@ -456,14 +456,14 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port) default: return 0; } - + skt = socket(family, SOCK_DGRAM, IPPROTO_UDP); if (skt < 0) { DBG1(DBG_NET, "could not open send socket: %s", strerror(errno)); return 0; } - + if (setsockopt(skt, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) < 0) { DBG1(DBG_NET, "unable to set SO_REUSEADDR on send socket: %s", @@ -471,7 +471,7 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port) close(skt); return 0; } - + /* bind the send socket */ if (bind(skt, (struct sockaddr *)&addr, sizeof(addr)) < 0) { @@ -480,7 +480,7 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port) close(skt); return 0; } - + if (family == AF_INET) { /* enable UDP decapsulation globally, only for one socket needed */ @@ -490,7 +490,7 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port) strerror(errno)); } } - + return skt; } @@ -502,7 +502,7 @@ static int open_recv_socket(private_socket_t *this, int family) int skt; int on = TRUE; u_int proto_offset, ip_len, sol, udp_header, ike_header; - + /* precalculate constants depending on address family */ switch (family) { @@ -521,7 +521,7 @@ static int open_recv_socket(private_socket_t *this, int family) } udp_header = ip_len; ike_header = ip_len + UDP_LEN; - + /* This filter code filters out all non-IKEv2 traffic on * a SOCK_RAW IP_PROTP_UDP socket. Handling of other * IKE versions is done in pluto. @@ -560,7 +560,7 @@ static int open_recv_socket(private_socket_t *this, int family) sizeof(ikev2_filter_code) / sizeof(struct sock_filter), ikev2_filter_code }; - + /* set up a raw socket */ skt = socket(family, SOCK_RAW, IPPROTO_UDP); if (skt < 0) @@ -568,7 +568,7 @@ static int open_recv_socket(private_socket_t *this, int family) DBG1(DBG_NET, "unable to create raw socket: %s", strerror(errno)); return 0; } - + if (setsockopt(skt, SOL_SOCKET, SO_ATTACH_FILTER, &ikev2_filter, sizeof(ikev2_filter)) < 0) { @@ -577,7 +577,7 @@ static int open_recv_socket(private_socket_t *this, int family) close(skt); return 0; } - + if (family == AF_INET6 && /* we use IPV6_2292PKTINFO, as IPV6_PKTINFO is defined as * 2 or 50 depending on kernel header version */ @@ -588,7 +588,7 @@ static int open_recv_socket(private_socket_t *this, int family) close(skt); return 0; } - + return skt; } @@ -621,7 +621,7 @@ static bool enumerate(socket_enumerator_t *this, int *fd, int *family, int *port { offsetof(private_socket_t, send4_natt), AF_INET, IKEV2_NATT_PORT }, { offsetof(private_socket_t, send6_natt), AF_INET6, IKEV2_NATT_PORT } }; - + while(++this->index < countof(sockets)) { int sock = *(int*)((char*)this->socket + sockets[this->index].fd_offset); @@ -643,7 +643,7 @@ static bool enumerate(socket_enumerator_t *this, int *fd, int *family, int *port static enumerator_t *create_enumerator(private_socket_t *this) { socket_enumerator_t *enumerator; - + enumerator = malloc_thing(socket_enumerator_t); enumerator->index = -1; enumerator->socket = this; @@ -690,20 +690,20 @@ static void destroy(private_socket_t *this) socket_t *socket_create() { private_socket_t *this = malloc_thing(private_socket_t); - + /* public functions */ this->public.send = (status_t(*)(socket_t*, packet_t*))sender; this->public.receive = (status_t(*)(socket_t*, packet_t**))receiver; this->public.create_enumerator = (enumerator_t*(*)(socket_t*))create_enumerator; this->public.destroy = (void(*)(socket_t*)) destroy; - + this->recv4 = 0; this->recv6 = 0; this->send4 = 0; this->send6 = 0; this->send4_natt = 0; this->send6_natt = 0; - + this->recv4 = open_recv_socket(this, AF_INET); if (this->recv4 == 0) { @@ -726,7 +726,7 @@ socket_t *socket_create() } } } - + this->recv6 = open_recv_socket(this, AF_INET6); if (this->recv6 == 0) { @@ -749,13 +749,13 @@ socket_t *socket_create() } } } - + if (!(this->send4 || this->send6) || !(this->recv4 || this->recv6)) { DBG1(DBG_NET, "could not create any sockets"); destroy(this); charon->kill(charon, "socket initialization failed"); } - + return (socket_t*)this; } diff --git a/src/charon/network/socket.c b/src/charon/network/socket.c index 97c88be79..ab276aedc 100644 --- a/src/charon/network/socket.c +++ b/src/charon/network/socket.c @@ -86,22 +86,22 @@ struct private_socket_t { * public functions */ socket_t public; - + /** * IPv4 socket (500) */ int ipv4; - + /** * IPv4 socket for NATT (4500) */ int ipv4_natt; - + /** * IPv6 socket (500) */ int ipv6; - + /** * IPv6 socket for NATT (4500) */ @@ -122,9 +122,9 @@ static status_t receiver(private_socket_t *this, packet_t **packet) fd_set rfds; int max_fd = 0, selected = 0; u_int16_t port = 0; - + FD_ZERO(&rfds); - + if (this->ipv4) { FD_SET(this->ipv4, &rfds); @@ -142,7 +142,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet) FD_SET(this->ipv6_natt, &rfds); } max_fd = max(max(this->ipv4, this->ipv4_natt), max(this->ipv6, this->ipv6_natt)); - + DBG2(DBG_NET, "waiting for data on sockets"); pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); if (select(max_fd + 1, &rfds, NULL, NULL, NULL) <= 0) @@ -151,7 +151,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet) return FAILED; } pthread_setcancelstate(oldstate, NULL); - + if (FD_ISSET(this->ipv4, &rfds)) { port = IKEV2_UDP_PORT; @@ -182,7 +182,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet) struct sockaddr_in in4; struct sockaddr_in6 in6; } src; - + msg.msg_name = &src; msg.msg_namelen = sizeof(src); iov.iov_base = buffer; @@ -199,14 +199,14 @@ static status_t receiver(private_socket_t *this, packet_t **packet) return FAILED; } DBG3(DBG_NET, "received packet %b", buffer, bytes_read); - + if (bytes_read < MARKER_LEN) { DBG3(DBG_NET, "received packet too short (%d bytes)", bytes_read); return FAILED; } - + /* read ancillary data to get destination address */ for (cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL; cmsgptr = CMSG_NXTHDR(&msg, cmsgptr)) @@ -216,14 +216,14 @@ static status_t receiver(private_socket_t *this, packet_t **packet) DBG1(DBG_NET, "error reading ancillary data"); return FAILED; } - + if (cmsgptr->cmsg_level == SOL_IPV6 && cmsgptr->cmsg_type == IPV6_PKTINFO) { struct in6_pktinfo *pktinfo; pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr); struct sockaddr_in6 dst; - + memset(&dst, 0, sizeof(dst)); memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr)); dst.sin6_family = AF_INET6; @@ -252,7 +252,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet) #endif memset(&dst, 0, sizeof(dst)); memcpy(&dst.sin_addr, addr, sizeof(dst.sin_addr)); - + dst.sin_family = AF_INET; dst.sin_port = htons(port); dest = host_create_from_sockaddr((sockaddr_t*)&dst); @@ -268,13 +268,13 @@ static status_t receiver(private_socket_t *this, packet_t **packet) return FAILED; } source = host_create_from_sockaddr((sockaddr_t*)&src); - + pkt = packet_create(); pkt->set_source(pkt, source); pkt->set_destination(pkt, dest); DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest); data_offset = 0; - /* remove non esp marker */ + /* remove non esp marker */ if (dest->get_port(dest) == IKEV2_NATT_PORT) { data_offset += MARKER_LEN; @@ -307,13 +307,13 @@ status_t sender(private_socket_t *this, packet_t *packet) struct msghdr msg; struct cmsghdr *cmsg; struct iovec iov; - + src = packet->get_source(packet); dst = packet->get_destination(packet); data = packet->get_data(packet); DBG2(DBG_NET, "sending packet: from %#H to %#H", src, dst); - + /* send data */ sport = src->get_port(src); family = dst->get_family(dst); @@ -361,7 +361,7 @@ status_t sender(private_socket_t *this, packet_t *packet) DBG1(DBG_NET, "unable to locate a send socket for port %d", sport); return FAILED; } - + memset(&msg, 0, sizeof(struct msghdr)); msg.msg_name = dst->get_sockaddr(dst);; msg.msg_namelen = *dst->get_sockaddr_len(dst); @@ -370,7 +370,7 @@ status_t sender(private_socket_t *this, packet_t *packet) msg.msg_iov = &iov; msg.msg_iovlen = 1; msg.msg_flags = 0; - + if (!src->is_anyaddr(src)) { if (family == AF_INET) @@ -408,7 +408,7 @@ status_t sender(private_socket_t *this, packet_t *packet) char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))]; struct in6_pktinfo *pktinfo; struct sockaddr_in6 *sin; - + msg.msg_control = buf; msg.msg_controllen = sizeof(buf); cmsg = CMSG_FIRSTHDR(&msg); @@ -421,7 +421,7 @@ status_t sender(private_socket_t *this, packet_t *packet) memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr)); } } - + bytes_sent = sendmsg(skt, &msg, 0); if (bytes_sent != data.len) @@ -442,7 +442,7 @@ static int open_socket(private_socket_t *this, int family, u_int16_t port) socklen_t addrlen; u_int sol, pktinfo = 0; int skt; - + memset(&addr, 0, sizeof(addr)); /* precalculate constants depending on address family */ switch (family) @@ -476,7 +476,7 @@ static int open_socket(private_socket_t *this, int family, u_int16_t port) default: return 0; } - + skt = socket(family, SOCK_DGRAM, IPPROTO_UDP); if (skt < 0) { @@ -489,7 +489,7 @@ static int open_socket(private_socket_t *this, int family, u_int16_t port) close(skt); return 0; } - + /* bind the socket */ if (bind(skt, (struct sockaddr *)&addr, addrlen) < 0) { @@ -497,7 +497,7 @@ static int open_socket(private_socket_t *this, int family, u_int16_t port) close(skt); return 0; } - + /* get additional packet info on receive */ if (pktinfo > 0) { @@ -550,7 +550,7 @@ static bool enumerate(socket_enumerator_t *this, int *fd, int *family, int *port { offsetof(private_socket_t, ipv4_natt), AF_INET, IKEV2_NATT_PORT }, { offsetof(private_socket_t, ipv6_natt), AF_INET6, IKEV2_NATT_PORT } }; - + while(++this->index < countof(sockets)) { int sock = *(int*)((char*)this->socket + sockets[this->index].fd_offset); @@ -572,7 +572,7 @@ static bool enumerate(socket_enumerator_t *this, int *fd, int *family, int *port static enumerator_t *create_enumerator(private_socket_t *this) { socket_enumerator_t *enumerator; - + enumerator = malloc_thing(socket_enumerator_t); enumerator->index = -1; enumerator->socket = this; @@ -617,7 +617,7 @@ socket_t *socket_create() this->public.receive = (status_t(*)(socket_t*, packet_t**))receiver; this->public.create_enumerator = (enumerator_t*(*)(socket_t*))create_enumerator; this->public.destroy = (void(*)(socket_t*)) destroy; - + this->ipv4 = 0; this->ipv6 = 0; this->ipv4_natt = 0; @@ -634,7 +634,7 @@ socket_t *socket_create() } } #endif - + this->ipv4 = open_socket(this, AF_INET, IKEV2_UDP_PORT); if (this->ipv4 == 0) { @@ -648,7 +648,7 @@ socket_t *socket_create() DBG1(DBG_NET, "could not open IPv4 NAT-T socket"); } } - + this->ipv6 = open_socket(this, AF_INET6, IKEV2_UDP_PORT); if (this->ipv6 == 0) { @@ -662,13 +662,13 @@ socket_t *socket_create() DBG1(DBG_NET, "could not open IPv6 NAT-T socket"); } } - + if (!this->ipv4 && !this->ipv6) { DBG1(DBG_NET, "could not create any sockets"); destroy(this); charon->kill(charon, "socket initialization failed"); - } + } return (socket_t*)this; } diff --git a/src/charon/network/socket.h b/src/charon/network/socket.h index 81f2ec5fe..83bb9d4c9 100644 --- a/src/charon/network/socket.h +++ b/src/charon/network/socket.h @@ -44,48 +44,48 @@ typedef struct socket_t socket_t; * All available sockets are bound and the receive function * reads from them. There are actually two implementations: * The first uses raw sockets to allow binding of other daemons (pluto) to - * UDP/500. An installed "Linux socket filter" filters out all non-IKEv2 - * traffic and handles just IKEv2 messages. An other daemon (pluto) must - * handle all traffic separately, e.g. ignore IKEv2 traffic, since charon + * UDP/500. An installed "Linux socket filter" filters out all non-IKEv2 + * traffic and handles just IKEv2 messages. An other daemon (pluto) must + * handle all traffic separately, e.g. ignore IKEv2 traffic, since charon * handles that. * The other implementation uses normal sockets and is built if * --disable-pluto is given to the configure script. */ struct socket_t { - + /** * Receive a packet. - * + * * Reads a packet from the socket and sets source/dest * appropriately. - * + * * @param packet pinter gets address from allocated packet_t - * @return + * @return * - SUCCESS when packet successfully received * - FAILED when unable to receive */ status_t (*receive) (socket_t *this, packet_t **packet); - + /** * Send a packet. - * + * * Sends a packet to the net using source and destination addresses of * the packet. - * + * * @param packet packet_t to send - * @return + * @return * - SUCCESS when packet successfully sent * - FAILED when unable to send */ status_t (*send) (socket_t *this, packet_t *packet); - + /** * Enumerate all underlying socket file descriptors. - * + * * @return enumerator over (int fd, int family, int port) */ enumerator_t *(*create_enumerator) (socket_t *this); - + /** * Destroy socket. */ diff --git a/src/charon/plugins/attr/attr_plugin.c b/src/charon/plugins/attr/attr_plugin.c index 9d5532310..a3e83fe61 100644 --- a/src/charon/plugins/attr/attr_plugin.c +++ b/src/charon/plugins/attr/attr_plugin.c @@ -24,12 +24,12 @@ typedef struct private_attr_plugin_t private_attr_plugin_t; * private data of attr plugin */ struct private_attr_plugin_t { - + /** * implements plugin interface */ attr_plugin_t public; - + /** * CFG attributes provider */ @@ -52,12 +52,12 @@ static void destroy(private_attr_plugin_t *this) plugin_t *plugin_create() { private_attr_plugin_t *this = malloc_thing(private_attr_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->provider = attr_provider_create(); charon->attributes->add_provider(charon->attributes, &this->provider->provider); - + return &this->public.plugin; } diff --git a/src/charon/plugins/attr/attr_plugin.h b/src/charon/plugins/attr/attr_plugin.h index 9cbbd8bf5..9f31b60e1 100644 --- a/src/charon/plugins/attr/attr_plugin.h +++ b/src/charon/plugins/attr/attr_plugin.h @@ -32,7 +32,7 @@ typedef struct attr_plugin_t attr_plugin_t; * Plugin providing configuration attribute through strongswan.conf. */ struct attr_plugin_t { - + /** * implements plugin interface */ diff --git a/src/charon/plugins/attr/attr_provider.c b/src/charon/plugins/attr/attr_provider.c index 02fa11327..88c5ed4c0 100644 --- a/src/charon/plugins/attr/attr_provider.c +++ b/src/charon/plugins/attr/attr_provider.c @@ -28,12 +28,12 @@ typedef struct attribute_entry_t attribute_entry_t; * private data of attr_provider */ struct private_attr_provider_t { - + /** * public functions */ attr_provider_t public; - + /** * List of attributes, attribute_entry_t */ @@ -75,7 +75,7 @@ static enumerator_t* create_attribute_enumerator( static void destroy(private_attr_provider_t *this) { attribute_entry_t *entry; - + while (this->attributes->remove_last(this->attributes, (void**)&entry) == SUCCESS) { @@ -95,7 +95,7 @@ static void add_entry(private_attr_provider_t *this, char *key, int nr, attribute_entry_t *entry; host_t *host; char *str; - + str = lib->settings->get_str(lib->settings, "charon.%s%d", NULL, key, nr); if (str) { @@ -103,7 +103,7 @@ static void add_entry(private_attr_provider_t *this, char *key, int nr, if (host) { entry = malloc_thing(attribute_entry_t); - + if (host->get_family(host) == AF_INET6) { switch (type) @@ -133,22 +133,22 @@ attr_provider_t *attr_provider_create(database_t *db) { private_attr_provider_t *this; int i; - + this = malloc_thing(private_attr_provider_t); - + this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *, host_t *))return_null; this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))return_false; this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id))create_attribute_enumerator; this->public.destroy = (void(*)(attr_provider_t*))destroy; - + this->attributes = linked_list_create(); - + for (i = 1; i <= SERVER_MAX; i++) { add_entry(this, "dns", i, INTERNAL_IP4_DNS); add_entry(this, "nbns", i, INTERNAL_IP4_NBNS); } - + return &this->public; } diff --git a/src/charon/plugins/attr/attr_provider.h b/src/charon/plugins/attr/attr_provider.h index 03cbadb4e..e867f2b20 100644 --- a/src/charon/plugins/attr/attr_provider.h +++ b/src/charon/plugins/attr/attr_provider.h @@ -29,12 +29,12 @@ typedef struct attr_provider_t attr_provider_t; * Provide configuration attributes through static strongswan.conf definition. */ struct attr_provider_t { - + /** * Implements attribute provider interface */ attribute_provider_t provider; - + /** * Destroy a attr_provider instance. */ diff --git a/src/charon/plugins/eap_aka/eap_aka.c b/src/charon/plugins/eap_aka/eap_aka.c index ebef74404..0b85428f9 100644 --- a/src/charon/plugins/eap_aka/eap_aka.c +++ b/src/charon/plugins/eap_aka/eap_aka.c @@ -178,72 +178,72 @@ typedef struct private_eap_aka_t private_eap_aka_t; * Private data of an eap_aka_t object. */ struct private_eap_aka_t { - + /** * Public authenticator_t interface. */ eap_aka_t public; - + /** * ID of the server */ identification_t *server; - + /** * ID of the peer */ identification_t *peer; - + /** * SHA11 hasher */ hasher_t *sha1; - + /** * MAC function used in EAP-AKA */ signer_t *signer; - + /** * pseudo random function used in EAP-aka */ prf_t *prf; - + /** * Special keyed SHA1 hasher used in EAP-AKA, implemented as PRF */ prf_t *keyed_prf; - + /** * Key for EAP MAC */ chunk_t k_auth; - + /** * Key for EAP encryption */ chunk_t k_encr; - + /** * MSK */ chunk_t msk; - + /** * Extendend MSK */ chunk_t emsk; - + /** * Expected result from client XRES */ chunk_t xres; - + /** * Shared secret K from ipsec.conf (padded) */ chunk_t k; - + /** * random value RAND generated by server */ @@ -270,7 +270,7 @@ static chunk_t peer_sqn = chunk_from_buf(peer_sqn_buf); static void update_sqn(u_int8_t *sqn, time_t offset) { timeval_t time; - + time_monotonic(&time); /* set sqb_sqn to an integer containing seconds followed by most * significant useconds */ @@ -322,7 +322,7 @@ static void mpz_mul_poly(mpz_t r, mpz_t a, mpz_t b) { mpz_t bm, rm; int current = 0, shifted = 0, shift; - + mpz_init_set(bm, b); mpz_init_set_ui(rm, 0); /* scan through a, for each found bit: */ @@ -335,7 +335,7 @@ static void mpz_mul_poly(mpz_t r, mpz_t a, mpz_t b) mpz_xor(rm, rm, bm); current++; } - + mpz_swap(r, rm); mpz_clear(rm); mpz_clear(bm); @@ -361,13 +361,13 @@ static void mpz_mod_poly(mpz_t r, mpz_t a, mpz_t b) */ int a_bit, b_bit, diff; mpz_t bm, am; - + mpz_init_set(am, a); mpz_init(bm); - + a_bit = mpz_sizeinbase(a, 2); b_bit = mpz_sizeinbase(b, 2); - + /* don't do anything if b > a */ if (a_bit >= b_bit) { @@ -397,7 +397,7 @@ static void mpz_mod_poly(mpz_t r, mpz_t a, mpz_t b) * a = 00000010 * which is the polynomial modulo */ - + mpz_swap(r, am); mpz_clear(am); mpz_clear(bm); @@ -410,12 +410,12 @@ static void mpz_mod_poly(mpz_t r, mpz_t a, mpz_t b) static void step4(private_eap_aka_t *this, u_int8_t x[]) { mpz_t xm, am, bm, gm; - + mpz_init(xm); mpz_init(am); mpz_init(bm); mpz_init(gm); - + mpz_import(xm, HASH_SIZE_SHA1, 1, 1, 1, 0, x); mpz_import(am, sizeof(a), 1, 1, 1, 0, a); mpz_import(bm, sizeof(b), 1, 1, 1, 0, b); @@ -424,9 +424,9 @@ static void step4(private_eap_aka_t *this, u_int8_t x[]) mpz_mul_poly(xm, am, xm); mpz_add_poly(xm, bm, xm); mpz_mod_poly(xm, xm, gm); - + mpz_export(x, NULL, 1, HASH_SIZE_SHA1, 1, 0, xm); - + mpz_clear(xm); mpz_clear(am); mpz_clear(bm); @@ -441,7 +441,7 @@ static void step3(private_eap_aka_t *this, chunk_t k, chunk_t payload, u_int8_t h[]) { u_int8_t buf[64]; - + if (payload.len < sizeof(buf)) { /* pad c with zeros */ @@ -455,7 +455,7 @@ static void step3(private_eap_aka_t *this, /* not more than 512 bits can be G()-ed */ payload.len = sizeof(buf); } - + /* use the keyed hasher to build the hash */ this->keyed_prf->set_key(this->keyed_prf, k); this->keyed_prf->get_bytes(this->keyed_prf, payload, h); @@ -470,19 +470,19 @@ static void fx(private_eap_aka_t *this, chunk_t payload = chunk_alloca(PAYLOAD_LENGTH); u_int8_t h[HASH_SIZE_SHA1]; u_int8_t i; - + for (i = 0; i < 2; i++) { memset(payload.ptr, 0x5c, payload.len); payload.ptr[11] ^= f; memxor(payload.ptr + 12, fmk.ptr, fmk.len); memxor(payload.ptr + 24, rand.ptr, rand.len); - + payload.ptr[3] ^= i; payload.ptr[19] ^= i; payload.ptr[35] ^= i; payload.ptr[51] ^= i; - + step3(this, k, payload, h); step4(this, h); memcpy(out + i * 8, h, 8); @@ -502,14 +502,14 @@ static void f1x(private_eap_aka_t *this, */ chunk_t payload = chunk_alloca(PAYLOAD_LENGTH); u_int8_t h[HASH_SIZE_SHA1]; - + memset(payload.ptr, 0x5c, PAYLOAD_LENGTH); payload.ptr[11] ^= f; memxor(payload.ptr + 12, fmk.ptr, fmk.len); memxor(payload.ptr + 16, rand.ptr, rand.len); memxor(payload.ptr + 34, sqn.ptr, sqn.len); memxor(payload.ptr + 42, amf.ptr, amf.len); - + step3(this, k, payload, h); step4(this, h); memcpy(mac, h, MAC_LENGTH); @@ -518,17 +518,17 @@ static void f1x(private_eap_aka_t *this, /** * Calculation function of f5() and f5star() */ -static void f5x(private_eap_aka_t *this, +static void f5x(private_eap_aka_t *this, u_int8_t f, chunk_t k, chunk_t rand, u_int8_t ak[]) { chunk_t payload = chunk_alloca(PAYLOAD_LENGTH); u_int8_t h[HASH_SIZE_SHA1]; - + memset(payload.ptr, 0x5c, payload.len); payload.ptr[11] ^= f; memxor(payload.ptr + 12, fmk.ptr, fmk.len); memxor(payload.ptr + 16, rand.ptr, rand.len); - + step3(this, k, payload, h); step4(this, h); memcpy(ak, h, AK_LENGTH); @@ -605,12 +605,12 @@ static void f5star(private_eap_aka_t *this, chunk_t k, chunk_t rand, u_int8_t ak static bool derive_keys(private_eap_aka_t *this, identification_t *id) { chunk_t ck, ik, mk, identity, tmp; - + ck = chunk_alloca(CK_LENGTH); ik = chunk_alloca(IK_LENGTH); mk = chunk_alloca(MK_LENGTH); identity = id->get_encoding(id); - + /* MK = SHA1( Identity | IK | CK ) */ f3(this, this->k, this->rand, ck.ptr); f4(this, this->k, this->rand, ik.ptr); @@ -618,7 +618,7 @@ static bool derive_keys(private_eap_aka_t *this, identification_t *id) tmp = chunk_cata("ccc", identity, ik, ck); DBG3(DBG_IKE, "Identity|IK|CK %B", &tmp); this->sha1->get_hash(this->sha1, tmp, mk.ptr); - + /* K_encr | K_auth | MSK | EMSK = prf(0) | prf(0) * FIPS PRF has 320 bit block size, we need 160 byte for keys * => run prf four times */ @@ -694,9 +694,9 @@ static aka_attribute_t read_attribute(chunk_t *data, chunk_t *attr_data) { aka_attribute_t attribute; size_t length; - + DBG3(DBG_IKE, "reading attribute from %B", data); - + if (data->len < 2) { return AT_END; @@ -733,7 +733,7 @@ static eap_payload_t *build_aka_payload(private_eap_aka_t *this, eap_code_t code va_list args; aka_attribute_t attr; u_int8_t *mac_pos = NULL; - + /* write EAP header, skip length bytes */ *pos.ptr++ = code; *pos.ptr++ = identifier; @@ -745,18 +745,18 @@ static eap_payload_t *build_aka_payload(private_eap_aka_t *this, eap_code_t code *pos.ptr++ = 0; *pos.ptr++ = 0; pos.len -= 4; - + va_start(args, type); while ((attr = va_arg(args, aka_attribute_t)) != AT_END) { chunk_t data = va_arg(args, chunk_t); - + DBG3(DBG_IKE, "building %N %B", aka_attribute_names, attr, &data); - + /* write attribute header */ *pos.ptr++ = attr; pos.len--; - + switch (attr) { case AT_RES: @@ -804,11 +804,11 @@ static eap_payload_t *build_aka_payload(private_eap_aka_t *this, eap_code_t code } } va_end(args); - + /* calculate message length, write into header */ message.len = pos.ptr - message.ptr; *(u_int16_t*)(message.ptr + 2) = htons(message.len); - + /* create MAC if AT_MAC attribte was included */ if (mac_pos) { @@ -818,10 +818,10 @@ static eap_payload_t *build_aka_payload(private_eap_aka_t *this, eap_code_t code this->signer->get_signature(this->signer, message, mac_pos); DBG3(DBG_IKE, "is %b", mac_pos, AT_MAC_LENGTH); } - + /* payload constructor takes data with some bytes skipped */ payload = eap_payload_create_data(message); - + DBG3(DBG_IKE, "created EAP message %B", &message); return payload; } @@ -832,7 +832,7 @@ static eap_payload_t *build_aka_payload(private_eap_aka_t *this, eap_code_t code static u_char get_identifier() { u_char id; - + do { id = random(); } while (!id); @@ -847,12 +847,12 @@ static status_t server_initiate_challenge(private_eap_aka_t *this, chunk_t sqn, { rng_t *rng; chunk_t mac, ak, autn; - + mac = chunk_alloca(MAC_LENGTH); ak = chunk_alloca(AK_LENGTH); chunk_free(&this->rand); chunk_free(&this->xres); - + /* generate RAND: * we use a registered RNG, not f0() proposed in S.S0055 */ @@ -864,16 +864,16 @@ static status_t server_initiate_challenge(private_eap_aka_t *this, chunk_t sqn, } rng->allocate_bytes(rng, RAND_LENGTH, &this->rand); rng->destroy(rng); - + # ifdef TEST_VECTORS /* Test vector for RAND */ u_int8_t test_rand[] = { 0x4b,0x05,0x2b,0x20,0xe2,0xa0,0x6c,0x8f, 0xf7,0x00,0xda,0x51,0x2b,0x4e,0x11,0x1e, }; - memcpy(this->rand.ptr, test_rand, this->rand.len); + memcpy(this->rand.ptr, test_rand, this->rand.len); # endif /* TEST_VECTORS */ - + /* Get the shared key K: */ if (load_key(this->server, this->peer, &this->k) != SUCCESS) { @@ -881,7 +881,7 @@ static status_t server_initiate_challenge(private_eap_aka_t *this, chunk_t sqn, "with EAP-AKA", this->server, this->peer); return FAILED; } - + # ifdef TEST_VECTORS /* Test vector for K */ u_int8_t test_k[] = { @@ -890,26 +890,26 @@ static status_t server_initiate_challenge(private_eap_aka_t *this, chunk_t sqn, }; memcpy(this->k.ptr, test_k, this->k.len); # endif /* TEST_VECTORS */ - + /* generate MAC */ f1(this, this->k, this->rand, sqn, amf, mac.ptr); - + /* generate AK */ f5(this, this->k, this->rand, ak.ptr); - + /* precalculate XRES as expected from client */ this->xres = chunk_alloc(RES_LENGTH); f2(this, this->k, this->rand, this->xres.ptr); - + /* calculate AUTN = (SQN xor AK) || AMF || MAC */ autn = chunk_cata("ccc", sqn, amf, mac); memxor(autn.ptr, ak.ptr, ak.len); DBG3(DBG_IKE, "AUTN %B", &autn); - - + + /* derive K_encr, K_auth, MSK, EMSK */ derive_keys(this, this->peer); - + /* build payload */ *out = build_aka_payload(this, EAP_REQUEST, get_identifier(), AKA_CHALLENGE, AT_RAND, this->rand, AT_AUTN, autn, AT_MAC, @@ -923,17 +923,17 @@ static status_t server_initiate_challenge(private_eap_aka_t *this, chunk_t sqn, static status_t server_initiate(private_eap_aka_t *this, eap_payload_t **out) { chunk_t sqn = chunk_alloca(SQN_LENGTH); - + /* we use an offset of 3 minutes to tolerate clock inaccuracy * without the need to synchronize sequence numbers */ update_sqn(sqn.ptr, 180); - + # ifdef TEST_VECTORS /* Test vector for SQN */ u_int8_t test_sqn[] = {0x00,0x00,0x00,0x00,0x00,0x01}; - memcpy(sqn.ptr, test_sqn, sqn.len); + memcpy(sqn.ptr, test_sqn, sqn.len); # endif /* TEST_VECTORS */ - + return server_initiate_challenge(this, sqn, out); } @@ -942,11 +942,11 @@ static status_t server_process_synchronize(private_eap_aka_t *this, { chunk_t attr, auts = chunk_empty, pos, message, macs, xmacs, sqn, aks, amf; u_int i; - + message = in->get_data(in); pos = message; read_header(&pos); - + /* iterate over attributes */ while (TRUE) { @@ -971,19 +971,19 @@ static status_t server_process_synchronize(private_eap_aka_t *this, } break; } - + if (auts.len != AUTS_LENGTH) { DBG1(DBG_IKE, "synchronization request didn't contain useable AUTS"); return FAILED; } - + chunk_split(auts, "mm", SQN_LENGTH, &sqn, MAC_LENGTH, &macs); aks = chunk_alloca(AK_LENGTH); f5star(this, this->k, this->rand, aks.ptr); /* decrypt serial number by XORing AKS */ memxor(sqn.ptr, aks.ptr, aks.len); - + /* verify MACS */ xmacs = chunk_alloca(MAC_LENGTH); amf = chunk_alloca(AMF_LENGTH); @@ -996,7 +996,7 @@ static status_t server_process_synchronize(private_eap_aka_t *this, DBG3(DBG_IKE, "MACS %B XMACS %B", &macs, &xmacs); return FAILED; } - + /* retry the challenge with the received SQN + 1*/ for (i = SQN_LENGTH - 1; i >= 0; i--) { @@ -1014,11 +1014,11 @@ static status_t server_process_synchronize(private_eap_aka_t *this, static status_t server_process_challenge(private_eap_aka_t *this, eap_payload_t *in) { chunk_t attr, res = chunk_empty, at_mac = chunk_empty, pos, message; - + message = in->get_data(in); pos = message; read_header(&pos); - + /* iterate over attributes */ while (TRUE) { @@ -1055,7 +1055,7 @@ static status_t server_process_challenge(private_eap_aka_t *this, eap_payload_t } break; } - + /* verify EAP message MAC AT_MAC */ { this->signer->set_key(this->signer, this->k_auth); @@ -1067,7 +1067,7 @@ static status_t server_process_challenge(private_eap_aka_t *this, eap_payload_t return FAILED; } } - + /* compare received RES against stored precalculated XRES */ if (!chunk_equals(res, this->xres)) { @@ -1086,12 +1086,12 @@ static status_t server_process(private_eap_aka_t *this, { chunk_t message; aka_subtype_t type; - + message = in->get_data(in); type = read_header(&message); - + DBG3(DBG_IKE, "received EAP message %B", &message); - + switch (type) { case AKA_CHALLENGE: @@ -1128,19 +1128,19 @@ static status_t peer_process_challenge(private_eap_aka_t *this, chunk_t autn = chunk_empty, at_mac = chunk_empty; chunk_t ak, sqn, sqn_ak, mac, xmac, res, amf, message, pos; u_int8_t identifier; - + ak = chunk_alloca(AK_LENGTH); xmac = chunk_alloca(MAC_LENGTH); res = chunk_alloca(RES_LENGTH); chunk_free(&this->rand); - + message = in->get_data(in); pos = message; read_header(&pos); identifier = in->get_identifier(in); - + DBG3(DBG_IKE, "reading attributes from %B", &pos); - + /* iterate over attributes */ while (TRUE) { @@ -1178,7 +1178,7 @@ static status_t peer_process_challenge(private_eap_aka_t *this, } break; } - + if (this->rand.len != RAND_LENGTH || autn.len != AUTN_LENGTH) { /* required attributes wrong/not found, abort */ @@ -1188,11 +1188,11 @@ static status_t peer_process_challenge(private_eap_aka_t *this, aka_attribute_names, AT_CLIENT_ERROR_CODE, 0); return NEED_MORE; } - + DBG3(DBG_IKE, "using autn %B", &autn); /* split up AUTN = SQN xor AK | AMF | MAC */ chunk_split(autn, "mmm", SQN_LENGTH, &sqn_ak, AMF_LENGTH, &amf, MAC_LENGTH, &mac); - + /* Get the shared key K: */ chunk_free(&this->k); if (load_key(this->peer, this->server, &this->k) != SUCCESS) @@ -1213,19 +1213,19 @@ static status_t peer_process_challenge(private_eap_aka_t *this, }; memcpy(this->k.ptr, test_k, this->k.len); # endif /* TEST_VECTORS */ - + /* calculate anonymity key AK */ f5(this, this->k, this->rand, ak.ptr); DBG3(DBG_IKE, "using rand %B", &this->rand); DBG3(DBG_IKE, "using ak %B", &ak); /* XOR AK into SQN to decrypt it */ - + sqn = chunk_clonea(sqn_ak); - + DBG3(DBG_IKE, "using ak xor sqn %B", &sqn_ak); memxor(sqn.ptr, ak.ptr, sqn.len); DBG3(DBG_IKE, "using sqn %B", &sqn); - + /* calculate expected MAC and compare against received one */ f1(this, this->k, this->rand, sqn, amf, xmac.ptr); if (!chunk_equals(mac, xmac)) @@ -1243,13 +1243,13 @@ static status_t peer_process_challenge(private_eap_aka_t *this, { /* sequence number invalid. send AUTS */ chunk_t auts, macs, aks, amf; - + macs = chunk_alloca(MAC_LENGTH); aks = chunk_alloca(AK_LENGTH); amf = chunk_alloca(AMF_LENGTH); - + /* AMF is set to zero in AKA_SYNCHRONIZATION_FAILURE */ - memset(amf.ptr, 0, amf.len); + memset(amf.ptr, 0, amf.len); /* AKS = f5*(RAND) */ f5star(this, this->k, this->rand, aks.ptr); /* MACS = f1*(RAND) */ @@ -1257,7 +1257,7 @@ static status_t peer_process_challenge(private_eap_aka_t *this, /* AUTS = SQN xor AKS | MACS */ memxor(aks.ptr, peer_sqn.ptr, aks.len); auts = chunk_cata("cc", aks, macs); - + *out = build_aka_payload(this, EAP_RESPONSE, identifier, AKA_SYNCHRONIZATION_FAILURE, AT_AUTS, auts, AT_END); @@ -1270,7 +1270,7 @@ static status_t peer_process_challenge(private_eap_aka_t *this, /* derive K_encr, K_auth, MSK, EMSK */ derive_keys(this, this->peer); - + /* verify EAP message MAC AT_MAC */ DBG3(DBG_IKE, "verifying AT_MAC signature of %B", &message); DBG3(DBG_IKE, "using key %B", &this->k_auth); @@ -1284,13 +1284,13 @@ static status_t peer_process_challenge(private_eap_aka_t *this, AT_CLIENT_ERROR_CODE, 0); return NEED_MORE; } - + /* update stored SQN to the received one */ memcpy(peer_sqn.ptr, sqn.ptr, sqn.len); - + /* calculate RES */ f2(this, this->k, this->rand, res.ptr); - + /* build response */ *out = build_aka_payload(this, EAP_RESPONSE, identifier, AKA_CHALLENGE, AT_RES, res, AT_MAC, chunk_empty, AT_END); @@ -1305,14 +1305,14 @@ static status_t peer_process_notification(private_eap_aka_t *this, { chunk_t message, pos, attr; u_int8_t identifier; - + message = in->get_data(in); pos = message; read_header(&pos); identifier = in->get_identifier(in); - + DBG3(DBG_IKE, "reading attributes from %B", &pos); - + /* iterate over attributes */ while (TRUE) { @@ -1324,7 +1324,7 @@ static status_t peer_process_notification(private_eap_aka_t *this, case AT_NOTIFICATION: { u_int16_t code; - + if (attr.len != 2) { DBG1(DBG_IKE, "received invalid AKA notification, ignored"); @@ -1333,7 +1333,7 @@ static status_t peer_process_notification(private_eap_aka_t *this, code = ntohs(*(u_int16_t*)attr.ptr); switch (code) { - case 0: + case 0: DBG1(DBG_IKE, "received AKA notification 'general " "failure after authentication' (%d)", code); return FAILED; @@ -1387,13 +1387,13 @@ static status_t peer_process(private_eap_aka_t *this, aka_subtype_t type; chunk_t message; u_int8_t identifier; - + message = in->get_data(in); type = read_header(&message); identifier = in->get_identifier(in); - + DBG3(DBG_IKE, "received EAP message %B", &message); - + switch (type) { case AKA_CHALLENGE: @@ -1483,14 +1483,14 @@ static private_eap_aka_t *eap_aka_create_generic(identification_t *server, identification_t *peer) { private_eap_aka_t *this = malloc_thing(private_eap_aka_t); - + this->public.eap_method_interface.initiate = NULL; this->public.eap_method_interface.process = NULL; this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - + /* private data */ this->server = server->clone(server); this->peer = peer->clone(peer); @@ -1501,7 +1501,7 @@ static private_eap_aka_t *eap_aka_create_generic(identification_t *server, this->xres = chunk_empty; this->k = chunk_empty; this->rand = chunk_empty; - + this->sha1 = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); this->signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_SHA1_128); this->prf = lib->crypto->create_prf(lib->crypto, PRF_FIPS_SHA1_160); @@ -1526,7 +1526,7 @@ static private_eap_aka_t *eap_aka_create_generic(identification_t *server, eap_aka_t *eap_aka_create_server(identification_t *server, identification_t *peer) { private_eap_aka_t *this = eap_aka_create_generic(server, peer); - + if (this) { this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))server_initiate; @@ -1541,12 +1541,12 @@ eap_aka_t *eap_aka_create_server(identification_t *server, identification_t *pee eap_aka_t *eap_aka_create_peer(identification_t *server, identification_t *peer) { private_eap_aka_t *this = eap_aka_create_generic(server, peer); - + if (this) { this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))peer_initiate; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))peer_process; } - return (eap_aka_t*)this; + return (eap_aka_t*)this; } diff --git a/src/charon/plugins/eap_aka/eap_aka_plugin.c b/src/charon/plugins/eap_aka/eap_aka_plugin.c index e4a5326fe..20c249d6b 100644 --- a/src/charon/plugins/eap_aka/eap_aka_plugin.c +++ b/src/charon/plugins/eap_aka/eap_aka_plugin.c @@ -37,14 +37,14 @@ static void destroy(eap_aka_plugin_t *this) plugin_t *plugin_create() { eap_aka_plugin_t *this = malloc_thing(eap_aka_plugin_t); - + this->plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->eap->add_method(charon->eap, EAP_AKA, 0, EAP_SERVER, (eap_constructor_t)eap_aka_create_server); charon->eap->add_method(charon->eap, EAP_AKA, 0, EAP_PEER, (eap_constructor_t)eap_aka_create_peer); - + return &this->plugin; } diff --git a/src/charon/plugins/eap_gtc/eap_gtc.c b/src/charon/plugins/eap_gtc/eap_gtc.c index cb4ab2e59..f5e08bb6b 100644 --- a/src/charon/plugins/eap_gtc/eap_gtc.c +++ b/src/charon/plugins/eap_gtc/eap_gtc.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include "eap_gtc.h" #include <daemon.h> @@ -30,22 +30,22 @@ typedef struct private_eap_gtc_t private_eap_gtc_t; * Private data of an eap_gtc_t object. */ struct private_eap_gtc_t { - + /** * Public authenticator_t interface. */ eap_gtc_t public; - + /** * ID of the server */ identification_t *server; - + /** * ID of the peer */ identification_t *peer; - + /** * EAP message identififier */ @@ -86,7 +86,7 @@ static int auth_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, char *password) { struct pam_response *response; - + if (num_msg != 1) { return PAM_CONV_ERR; @@ -106,10 +106,10 @@ static bool authenticate(char *service, char *user, char *password) pam_handle_t *pamh = NULL; static struct pam_conv conv; int ret; - + conv.conv = (void*)auth_conv; conv.appdata_ptr = password; - + ret = pam_start(service, user, &conv, &pamh); if (ret != PAM_SUCCESS) { @@ -143,7 +143,7 @@ static status_t initiate_server(private_eap_gtc_t *this, eap_payload_t **out) { eap_gtc_header_t *req; size_t len; - + len = strlen(GTC_REQUEST_MSG); req = alloca(sizeof(eap_gtc_header_t) + len); req->length = htons(sizeof(eap_gtc_header_t) + len); @@ -151,7 +151,7 @@ static status_t initiate_server(private_eap_gtc_t *this, eap_payload_t **out) req->identifier = this->identifier; req->type = EAP_GTC; memcpy(req->data, GTC_REQUEST_MSG, len); - + *out = eap_payload_create_data(chunk_create((void*)req, sizeof(eap_gtc_header_t) + len)); return NEED_MORE; @@ -178,7 +178,7 @@ static status_t process_peer(private_eap_gtc_t *this, } key = shared->get_key(shared); len = key.len; - + /* TODO: According to the draft we should "SASLprep" password, RFC4013. */ res = alloca(sizeof(eap_gtc_header_t) + len); @@ -187,9 +187,9 @@ static status_t process_peer(private_eap_gtc_t *this, res->identifier = in->get_identifier(in); res->type = EAP_GTC; memcpy(res->data, key.ptr, len); - + shared->destroy(shared); - + *out = eap_payload_create_data(chunk_create((void*)res, sizeof(eap_gtc_header_t) + len)); return NEED_MORE; @@ -203,14 +203,14 @@ static status_t process_server(private_eap_gtc_t *this, { chunk_t data, encoding; char *user, *password, *service, *pos; - + data = chunk_skip(in->get_data(in), 5); if (this->identifier != in->get_identifier(in) || !data.len) { DBG1(DBG_IKE, "received invalid EAP-GTC message"); return FAILED; } - + encoding = this->peer->get_encoding(this->peer); /* if a RFC822_ADDR id is provided, we use the username part only */ pos = memchr(encoding.ptr, '@', encoding.len); @@ -221,14 +221,14 @@ static status_t process_server(private_eap_gtc_t *this, user = alloca(encoding.len + 1); memcpy(user, encoding.ptr, encoding.len); user[encoding.len] = '\0'; - + password = alloca(data.len + 1); memcpy(password, data.ptr, data.len); password[data.len] = '\0'; - + service = lib->settings->get_str(lib->settings, "charon.plugins.eap_gtc.pam_service", GTC_PAM_SERVICE); - + if (!authenticate(service, user, password)) { return FAILED; @@ -278,19 +278,19 @@ static private_eap_gtc_t *eap_gtc_create_generic(identification_t *server, identification_t *peer) { private_eap_gtc_t *this = malloc_thing(private_eap_gtc_t); - + this->public.eap_method_interface.initiate = NULL; this->public.eap_method_interface.process = NULL; this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - + /* private data */ this->peer = peer->clone(peer); this->server = server->clone(server); this->identifier = 0; - + return this; } @@ -300,7 +300,7 @@ static private_eap_gtc_t *eap_gtc_create_generic(identification_t *server, eap_gtc_t *eap_gtc_create_server(identification_t *server, identification_t *peer) { private_eap_gtc_t *this = eap_gtc_create_generic(server, peer); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_server; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_server; @@ -318,7 +318,7 @@ eap_gtc_t *eap_gtc_create_server(identification_t *server, identification_t *pee eap_gtc_t *eap_gtc_create_peer(identification_t *server, identification_t *peer) { private_eap_gtc_t *this = eap_gtc_create_generic(server, peer); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_peer; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_peer; diff --git a/src/charon/plugins/eap_gtc/eap_gtc_plugin.c b/src/charon/plugins/eap_gtc/eap_gtc_plugin.c index fda6c744a..8550c254c 100644 --- a/src/charon/plugins/eap_gtc/eap_gtc_plugin.c +++ b/src/charon/plugins/eap_gtc/eap_gtc_plugin.c @@ -40,17 +40,17 @@ static void destroy(eap_gtc_plugin_t *this) plugin_t *plugin_create() { eap_gtc_plugin_t *this = malloc_thing(eap_gtc_plugin_t); - + this->plugin.destroy = (void(*)(plugin_t*))destroy; - + /* required for PAM authentication */ charon->keep_cap(charon, CAP_AUDIT_WRITE); - + charon->eap->add_method(charon->eap, EAP_GTC, 0, EAP_SERVER, (eap_constructor_t)eap_gtc_create_server); charon->eap->add_method(charon->eap, EAP_GTC, 0, EAP_PEER, (eap_constructor_t)eap_gtc_create_peer); - + return &this->plugin; } diff --git a/src/charon/plugins/eap_identity/eap_identity.c b/src/charon/plugins/eap_identity/eap_identity.c index e43c50c50..ab082a955 100644 --- a/src/charon/plugins/eap_identity/eap_identity.c +++ b/src/charon/plugins/eap_identity/eap_identity.c @@ -24,17 +24,17 @@ typedef struct private_eap_identity_t private_eap_identity_t; * Private data of an eap_identity_t object. */ struct private_eap_identity_t { - + /** * Public authenticator_t interface. */ eap_identity_t public; - + /** * ID of the peer */ identification_t *peer; - + /** * received identity chunk */ @@ -68,17 +68,17 @@ static status_t process_peer(private_eap_identity_t *this, chunk_t id; eap_identity_header_t *hdr; size_t len; - + id = this->peer->get_encoding(this->peer); len = sizeof(eap_identity_header_t) + id.len; - + hdr = alloca(len); hdr->code = EAP_RESPONSE; hdr->identifier = in->get_identifier(in); hdr->length = htons(len); hdr->type = EAP_IDENTITY; memcpy(hdr->data, id.ptr, id.len); - + *out = eap_payload_create_data(chunk_create((u_char*)hdr, len)); return SUCCESS; } @@ -99,7 +99,7 @@ static status_t process_server(private_eap_identity_t *this, eap_payload_t *in, eap_payload_t **out) { chunk_t data; - + data = chunk_skip(in->get_data(in), 5); if (data.len) { @@ -114,12 +114,12 @@ static status_t process_server(private_eap_identity_t *this, static status_t initiate_server(private_eap_identity_t *this, eap_payload_t **out) { eap_identity_header_t hdr; - + hdr.code = EAP_REQUEST; hdr.identifier = 0; hdr.length = htons(sizeof(eap_identity_header_t)); hdr.type = EAP_IDENTITY; - + *out = eap_payload_create_data(chunk_create((u_char*)&hdr, sizeof(eap_identity_header_t))); return NEED_MORE; @@ -172,17 +172,17 @@ static private_eap_identity_t *eap_identity_create(identification_t *server, identification_t *peer) { private_eap_identity_t *this = malloc_thing(private_eap_identity_t); - + this->public.eap_method_interface.initiate = NULL; this->public.eap_method_interface.process = NULL; this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - + this->peer = peer->clone(peer); this->identity = chunk_empty; - + return this; } @@ -193,11 +193,11 @@ eap_identity_t *eap_identity_create_peer(identification_t *server, identification_t *peer) { private_eap_identity_t *this = eap_identity_create(server, peer); - + /* public functions */ this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_peer; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_peer; - + return &this->public; } @@ -208,11 +208,11 @@ eap_identity_t *eap_identity_create_server(identification_t *server, identification_t *peer) { private_eap_identity_t *this = eap_identity_create(server, peer); - + /* public functions */ this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_server; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_server; - + return &this->public; } diff --git a/src/charon/plugins/eap_identity/eap_identity_plugin.c b/src/charon/plugins/eap_identity/eap_identity_plugin.c index 809254ccb..a623e1951 100644 --- a/src/charon/plugins/eap_identity/eap_identity_plugin.c +++ b/src/charon/plugins/eap_identity/eap_identity_plugin.c @@ -37,14 +37,14 @@ static void destroy(eap_identity_plugin_t *this) plugin_t *plugin_create() { eap_identity_plugin_t *this = malloc_thing(eap_identity_plugin_t); - + this->plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->eap->add_method(charon->eap, EAP_IDENTITY, 0, EAP_SERVER, (eap_constructor_t)eap_identity_create_server); charon->eap->add_method(charon->eap, EAP_IDENTITY, 0, EAP_PEER, (eap_constructor_t)eap_identity_create_peer); - + return &this->plugin; } diff --git a/src/charon/plugins/eap_md5/eap_md5.c b/src/charon/plugins/eap_md5/eap_md5.c index 36d726947..27c20489d 100644 --- a/src/charon/plugins/eap_md5/eap_md5.c +++ b/src/charon/plugins/eap_md5/eap_md5.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include "eap_md5.h" #include <daemon.h> @@ -25,27 +25,27 @@ typedef struct private_eap_md5_t private_eap_md5_t; * Private data of an eap_md5_t object. */ struct private_eap_md5_t { - + /** * Public authenticator_t interface. */ eap_md5_t public; - + /** * ID of the server */ identification_t *server; - + /** * ID of the peer */ identification_t *peer; - + /** * challenge sent by the server */ chunk_t challenge; - + /** * EAP message identififier */ @@ -79,7 +79,7 @@ struct eap_md5_header_t { * Hash the challenge string, create response */ static status_t hash_challenge(private_eap_md5_t *this, chunk_t *response) -{ +{ shared_key_t *shared; chunk_t concat; hasher_t *hasher; @@ -92,7 +92,7 @@ static status_t hash_challenge(private_eap_md5_t *this, chunk_t *response) this->server, this->peer); return NOT_FOUND; } - concat = chunk_cata("ccc", chunk_from_thing(this->identifier), + concat = chunk_cata("ccc", chunk_from_thing(this->identifier), shared->get_key(shared), this->challenge); shared->destroy(shared); hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); @@ -122,7 +122,7 @@ static status_t initiate_server(private_eap_md5_t *this, eap_payload_t **out) { rng_t *rng; eap_md5_header_t *req; - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -130,7 +130,7 @@ static status_t initiate_server(private_eap_md5_t *this, eap_payload_t **out) } rng->allocate_bytes(rng, CHALLENGE_LEN, &this->challenge); rng->destroy(rng); - + req = alloca(PAYLOAD_LEN); req->length = htons(PAYLOAD_LEN); req->code = EAP_REQUEST; @@ -138,7 +138,7 @@ static status_t initiate_server(private_eap_md5_t *this, eap_payload_t **out) req->type = EAP_MD5; req->value_size = this->challenge.len; memcpy(req->value, this->challenge.ptr, this->challenge.len); - + *out = eap_payload_create_data(chunk_create((void*)req, PAYLOAD_LEN)); return NEED_MORE; } @@ -152,7 +152,7 @@ static status_t process_peer(private_eap_md5_t *this, chunk_t response; chunk_t data; eap_md5_header_t *req; - + this->identifier = in->get_identifier(in); data = in->get_data(in); this->challenge = chunk_clone(chunk_skip(data, 6)); @@ -173,7 +173,7 @@ static status_t process_peer(private_eap_md5_t *this, req->value_size = response.len; memcpy(req->value, response.ptr, response.len); chunk_free(&response); - + *out = eap_payload_create_data(chunk_create((void*)req, PAYLOAD_LEN)); return NEED_MORE; } @@ -186,7 +186,7 @@ static status_t process_server(private_eap_md5_t *this, { chunk_t response, expected; chunk_t data; - + if (this->identifier != in->get_identifier(in)) { DBG1(DBG_IKE, "received invalid EAP-MD5 message"); @@ -198,7 +198,7 @@ static status_t process_server(private_eap_md5_t *this, } data = in->get_data(in); response = chunk_skip(data, 6); - + if (response.len < expected.len || !memeq(response.ptr, expected.ptr, expected.len)) { @@ -253,20 +253,20 @@ static private_eap_md5_t *eap_md5_create_generic(identification_t *server, identification_t *peer) { private_eap_md5_t *this = malloc_thing(private_eap_md5_t); - + this->public.eap_method_interface.initiate = NULL; this->public.eap_method_interface.process = NULL; this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - + /* private data */ this->peer = peer->clone(peer); this->server = server->clone(server); this->challenge = chunk_empty; this->identifier = 0; - + return this; } @@ -276,7 +276,7 @@ static private_eap_md5_t *eap_md5_create_generic(identification_t *server, eap_md5_t *eap_md5_create_server(identification_t *server, identification_t *peer) { private_eap_md5_t *this = eap_md5_create_generic(server, peer); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_server; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_server; @@ -294,7 +294,7 @@ eap_md5_t *eap_md5_create_server(identification_t *server, identification_t *pee eap_md5_t *eap_md5_create_peer(identification_t *server, identification_t *peer) { private_eap_md5_t *this = eap_md5_create_generic(server, peer); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_peer; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_peer; diff --git a/src/charon/plugins/eap_md5/eap_md5_plugin.c b/src/charon/plugins/eap_md5/eap_md5_plugin.c index e30152fc5..629255ebf 100644 --- a/src/charon/plugins/eap_md5/eap_md5_plugin.c +++ b/src/charon/plugins/eap_md5/eap_md5_plugin.c @@ -37,14 +37,14 @@ static void destroy(eap_md5_plugin_t *this) plugin_t *plugin_create() { eap_md5_plugin_t *this = malloc_thing(eap_md5_plugin_t); - + this->plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->eap->add_method(charon->eap, EAP_MD5, 0, EAP_SERVER, (eap_constructor_t)eap_md5_create_server); charon->eap->add_method(charon->eap, EAP_MD5, 0, EAP_PEER, (eap_constructor_t)eap_md5_create_peer); - + return &this->plugin; } diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c b/src/charon/plugins/eap_mschapv2/eap_mschapv2.c index 0e3fac780..26c6ffcb2 100644 --- a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c +++ b/src/charon/plugins/eap_mschapv2/eap_mschapv2.c @@ -35,47 +35,47 @@ struct private_eap_mschapv2_t * Public authenticator_t interface. */ eap_mschapv2_t public; - + /** * ID of the server */ identification_t *server; - + /** * ID of the peer */ identification_t *peer; - + /** * challenge sent by the server */ chunk_t challenge; - + /** * generated NT-Response */ chunk_t nt_response; - + /** * generated Authenticator Response */ chunk_t auth_response; - + /** * generated MSK */ chunk_t msk; - + /** * EAP message identifier */ u_int8_t identifier; - + /** * MS-CHAPv2-ID (session ID, increases with each retry) */ u_int8_t mschapv2id; - + /** * Number of retries */ @@ -248,7 +248,7 @@ static chunk_t ExpandDESKey(chunk_t key) int i; u_char carry = 0; chunk_t expanded; - + /* expand the 7 octets to 8 octets */ expanded = chunk_alloc(8); for (i = 0; i < 7; i++) @@ -257,7 +257,7 @@ static chunk_t ExpandDESKey(chunk_t key) carry = key.ptr[i] & ~bitmask[i]; } expanded.ptr[7] = carry << 1; - + /* add parity bits to each octet */ for (i = 0; i < 8; i++) { @@ -269,7 +269,7 @@ static chunk_t ExpandDESKey(chunk_t key) } /** - * Calculate the NT password hash (i.e. hash the (unicode) password with MD4) + * Calculate the NT password hash (i.e. hash the (unicode) password with MD4) */ static status_t NtPasswordHash(chunk_t password, chunk_t *password_hash) { @@ -287,7 +287,7 @@ static status_t NtPasswordHash(chunk_t password, chunk_t *password_hash) /** * Calculate the challenge hash (i.e. hash [peer_challenge | server_challenge | - * username (without domain part)] with SHA1) + * username (without domain part)] with SHA1) */ static status_t ChallengeHash(chunk_t peer_challenge, chunk_t server_challenge, chunk_t username, chunk_t *challenge_hash) @@ -331,7 +331,7 @@ static status_t ChallengeResponse(chunk_t challenge_hash, chunk_t password_hash, memset(z_password_hash.ptr, 0, z_password_hash.len); memcpy(z_password_hash.ptr, password_hash.ptr, password_hash.len); chunk_split(z_password_hash, "mmm", 7, &keys[0], 7, &keys[1], 7, &keys[2]); - + *response = chunk_alloc(24); for (i = 0; i < 3; i++) { @@ -366,22 +366,22 @@ static status_t AuthenticatorResponse(chunk_t password_hash_hash, 0x6E }; static const chunk_t magic1 = chunk_from_buf(magic1_data); static const chunk_t magic2 = chunk_from_buf(magic2_data); - + chunk_t digest = chunk_empty, concat; hasher_t *hasher; - + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher == NULL) { DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, SHA1 not supported"); return FAILED; } - + concat = chunk_cata("ccc", password_hash_hash, nt_response, magic1); hasher->allocate_hash(hasher, concat, &digest); concat = chunk_cata("ccc", digest, challenge_hash, magic2); hasher->allocate_hash(hasher, concat, response); - + hasher->destroy(hasher); chunk_free(&digest); return SUCCESS; @@ -433,31 +433,31 @@ static status_t GenerateMSK(chunk_t password_hash_hash, static const chunk_t shapad1 = chunk_from_buf(shapad1_data); static const chunk_t shapad2 = chunk_from_buf(shapad2_data); static const chunk_t keypad = { shapad1_data, 16 }; - + chunk_t concat, master_key, master_receive_key, master_send_key; hasher_t *hasher; - + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher == NULL) { DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, SHA1 not supported"); return FAILED; } - + concat = chunk_cata("ccc", password_hash_hash, nt_response, magic1); hasher->allocate_hash(hasher, concat, &master_key); master_key.len = 16; - + concat = chunk_cata("cccc", master_key, shapad1, magic2, shapad2); hasher->allocate_hash(hasher, concat, &master_receive_key); master_receive_key.len = 16; - + concat = chunk_cata("cccc", master_key, shapad1, magic3, shapad2); hasher->allocate_hash(hasher, concat, &master_send_key); master_send_key.len = 16; - + *msk = chunk_cat("cccc", master_receive_key, master_send_key, keypad, keypad); - + hasher->destroy(hasher); chunk_free(&master_key); chunk_free(&master_receive_key); @@ -472,7 +472,7 @@ static status_t GenerateStuff(private_eap_mschapv2_t *this, status_t status = FAILED; chunk_t password_hash = chunk_empty, password_hash_hash = chunk_empty, challenge_hash = chunk_empty; - + if (NtPasswordHash(password, &password_hash) != SUCCESS) { goto error; @@ -486,7 +486,7 @@ static status_t GenerateStuff(private_eap_mschapv2_t *this, { goto error; } - + if (ChallengeResponse(challenge_hash, password_hash, &this->nt_response) != SUCCESS) { @@ -501,9 +501,9 @@ static status_t GenerateStuff(private_eap_mschapv2_t *this, { goto error; } - + status = SUCCESS; - + error: chunk_free(&password_hash); chunk_free(&password_hash_hash); @@ -532,7 +532,7 @@ static chunk_t ascii_to_unicode(chunk_t ascii) static char* sanitize(char *str) { char *pos = str; - + while (pos && *pos) { if (!isprint(*pos)) @@ -592,7 +592,7 @@ static status_t initiate_server(private_eap_mschapv2_t *this, eap_payload_t **ou eap_mschapv2_challenge_t *cha; const char *name = MSCHAPV2_HOST_NAME; u_int16_t len = CHALLENGE_PAYLOAD_LEN + sizeof(MSCHAPV2_HOST_NAME) - 1; - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -601,7 +601,7 @@ static status_t initiate_server(private_eap_mschapv2_t *this, eap_payload_t **ou } rng->allocate_bytes(rng, CHALLENGE_LEN, &this->challenge); rng->destroy(rng); - + eap = alloca(len); eap->code = EAP_REQUEST; eap->identifier = this->identifier; @@ -610,12 +610,12 @@ static status_t initiate_server(private_eap_mschapv2_t *this, eap_payload_t **ou eap->opcode = MSCHAPV2_CHALLENGE; eap->ms_chapv2_id = this->mschapv2id; set_ms_length(eap, len); - + cha = (eap_mschapv2_challenge_t*)eap->data; cha->value_size = CHALLENGE_LEN; memcpy(cha->challenge, this->challenge.ptr, this->challenge.len); memcpy(cha->name, name, sizeof(MSCHAPV2_HOST_NAME) - 1); - + *out = eap_payload_create_data(chunk_create((void*) eap, len)); return NEED_MORE; } @@ -634,29 +634,29 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, shared_key_t *shared; chunk_t data, peer_challenge, username, password; u_int16_t len = RESPONSE_PAYLOAD_LEN; - + data = in->get_data(in); eap = (eap_mschapv2_header_t*)data.ptr; - + /* the name MUST be at least one octet long */ if (data.len < CHALLENGE_PAYLOAD_LEN + 1) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short"); return FAILED; } - + cha = (eap_mschapv2_challenge_t*)eap->data; - + if (cha->value_size != CHALLENGE_LEN) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: " "invalid challenge size"); return FAILED; } - + this->mschapv2id = eap->ms_chapv2_id; this->challenge = chunk_clone(chunk_create(cha->challenge, CHALLENGE_LEN)); - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -666,7 +666,7 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, peer_challenge = chunk_alloca(CHALLENGE_LEN); rng->get_bytes(rng, CHALLENGE_LEN, peer_challenge.ptr); rng->destroy(rng); - + shared = charon->credentials->get_shared(charon->credentials, SHARED_EAP, this->peer, this->server); if (shared == NULL) @@ -675,13 +675,13 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, this->server, this->peer); return NOT_FOUND; } - + password = ascii_to_unicode(shared->get_key(shared)); shared->destroy(shared); - + username = extract_username(this->peer); len += username.len; - + if (GenerateStuff(this, this->challenge, peer_challenge, username, password) != SUCCESS) { DBG1(DBG_IKE, "EAP-MS-CHAPv2 generating NT-Response failed"); @@ -689,7 +689,7 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, return FAILED; } chunk_clear(&password); - + eap = alloca(len); eap->code = EAP_RESPONSE; eap->identifier = this->identifier; @@ -698,16 +698,16 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, eap->opcode = MSCHAPV2_RESPONSE; eap->ms_chapv2_id = this->mschapv2id; set_ms_length(eap, len); - + res = (eap_mschapv2_response_t*)eap->data; res->value_size = RESPONSE_LEN; memset(&res->response, 0, RESPONSE_LEN); memcpy(res->response.peer_challenge, peer_challenge.ptr, peer_challenge.len); memcpy(res->response.nt_response, this->nt_response.ptr, this->nt_response.len); - + username = this->peer->get_encoding(this->peer); memcpy(res->name, username.ptr, username.len); - + *out = eap_payload_create_data(chunk_create((void*) eap, len)); return NEED_MORE; } @@ -725,21 +725,21 @@ static status_t process_peer_success(private_eap_mschapv2_t *this, char *message, *token, *msg = NULL; int message_len; u_int16_t len = SHORT_HEADER_LEN; - + data = in->get_data(in); eap = (eap_mschapv2_header_t*)data.ptr; - + if (data.len < AUTH_RESPONSE_LEN) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short"); return FAILED; } - + message_len = data.len - HEADER_LEN; message = malloc(message_len + 1); memcpy(message, eap->data, message_len); message[message_len] = '\0'; - + /* S=<auth_string> M=<msg> */ enumerator = enumerator_create_token(message, " ", " "); while (enumerator->enumerate(enumerator, &token)) @@ -764,32 +764,32 @@ static status_t process_peer_success(private_eap_mschapv2_t *this, } } enumerator->destroy(enumerator); - - if (auth_string.ptr == NULL) + + if (auth_string.ptr == NULL) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: " "auth string missing"); goto error; } - + if (!chunk_equals(this->auth_response, auth_string)) { DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed"); goto error; } - + DBG1(DBG_IKE, "EAP-MS-CHAPv2 succeeded: '%s'", sanitize(msg)); - + eap = alloca(len); eap->code = EAP_RESPONSE; eap->identifier = this->identifier; eap->length = htons(len); eap->type = EAP_MSCHAPV2; eap->opcode = MSCHAPV2_SUCCESS; - + *out = eap_payload_create_data(chunk_create((void*) eap, len)); status = NEED_MORE; - + error: chunk_free(&auth_string); free(message); @@ -807,21 +807,21 @@ static status_t process_peer_failure(private_eap_mschapv2_t *this, char *message, *token, *msg = NULL; int message_len, error, retryable; chunk_t challenge = chunk_empty; - + data = in->get_data(in); eap = (eap_mschapv2_header_t*)data.ptr; - + if (data.len < 3) /* we want at least an error code: E=e */ { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short"); return FAILED; } - + message_len = data.len - HEADER_LEN; message = malloc(message_len + 1); memcpy(message, eap->data, message_len); message[message_len] = '\0'; - + /* E=eeeeeeeeee R=r C=cccccccccccccccccccccccccccccccc V=vvvvvvvvvv M=<msg> */ enumerator = enumerator_create_token(message, " ", " "); while (enumerator->enumerate(enumerator, &token)) @@ -862,28 +862,28 @@ static status_t process_peer_failure(private_eap_mschapv2_t *this, } } enumerator->destroy(enumerator); - + DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed with error %N: '%s'", mschapv2_error_names, error, sanitize(msg)); - + /** * at this point, if the error is retryable, we MAY retry the authentication * or MAY send a Change Password packet. - * + * * if the error is not retryable (or if we do neither of the above), we * SHOULD send a Failure Response packet. * windows clients don't do that, and since windows server 2008 r2 behaves * pretty odd if we do send a Failure Response, we just don't send one * either. windows 7 actually sends a delete notify (which, according to the - * logs, results in an error on windows server 2008 r2). - * + * logs, results in an error on windows server 2008 r2). + * * btw, windows server 2008 r2 does not send non-retryable errors for e.g. * a disabled account but returns the windows error code in a notify payload * of type 12345. */ - + status = FAILED; - + error: chunk_free(&challenge); free(message); @@ -899,7 +899,7 @@ static status_t process_peer(private_eap_mschapv2_t *this, eap_payload_t *in, { chunk_t data; eap_mschapv2_header_t *eap; - + this->identifier = in->get_identifier(in); data = in->get_data(in); if (data.len < SHORT_HEADER_LEN) @@ -907,9 +907,9 @@ static status_t process_peer(private_eap_mschapv2_t *this, eap_payload_t *in, DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message"); return FAILED; } - + eap = (eap_mschapv2_header_t*)data.ptr; - + switch (eap->opcode) { case MSCHAPV2_CHALLENGE: @@ -945,7 +945,7 @@ static status_t process_server_retry(private_eap_mschapv2_t *this, chunk_t hex; char msg[FAILURE_MESSAGE_LEN]; u_int16_t len = HEADER_LEN + FAILURE_MESSAGE_LEN - 1; /* no null byte */ - + if (++this->retries > MAX_RETRIES) { /* we MAY send a Failure Request with R=0, but windows 7 does not @@ -957,9 +957,9 @@ static status_t process_server_retry(private_eap_mschapv2_t *this, "maximum number of retries reached"); return FAILED; } - + DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed, retry (%d)", this->retries); - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -968,11 +968,11 @@ static status_t process_server_retry(private_eap_mschapv2_t *this, } rng->get_bytes(rng, CHALLENGE_LEN, this->challenge.ptr); rng->destroy(rng); - + chunk_free(&this->nt_response); chunk_free(&this->auth_response); chunk_free(&this->msk); - + eap = alloca(len); eap->code = EAP_REQUEST; eap->identifier = ++this->identifier; @@ -981,16 +981,16 @@ static status_t process_server_retry(private_eap_mschapv2_t *this, eap->opcode = MSCHAPV2_FAILURE; eap->ms_chapv2_id = this->mschapv2id++; /* increase for each retry */ set_ms_length(eap, len); - + hex = chunk_to_hex(this->challenge, NULL, TRUE); snprintf(msg, FAILURE_MESSAGE_LEN, "%s%s", FAILURE_MESSAGE, hex.ptr); chunk_free(&hex); memcpy(eap->data, msg, FAILURE_MESSAGE_LEN - 1); /* no null byte */ *out = eap_payload_create_data(chunk_create((void*) eap, len)); - + /* delay the response for some time to make brute-force attacks harder */ sleep(RETRY_DELAY); - + return NEED_MORE; } @@ -1007,25 +1007,25 @@ static status_t process_server_response(private_eap_mschapv2_t *this, shared_key_t *shared; int name_len; char buf[256]; - + data = in->get_data(in); eap = (eap_mschapv2_header_t*)data.ptr; - + if (data.len < RESPONSE_PAYLOAD_LEN) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short"); return FAILED; } - + res = (eap_mschapv2_response_t*)eap->data; peer_challenge = chunk_create(res->response.peer_challenge, CHALLENGE_LEN); - + name_len = min(data.len - RESPONSE_PAYLOAD_LEN, 255); snprintf(buf, sizeof(buf), "%.*s", name_len, res->name); userid = identification_create_from_string(buf); DBG2(DBG_IKE, "EAP-MS-CHAPv2 username: '%Y'", userid); username = extract_username(userid); - + shared = charon->credentials->get_shared(charon->credentials, SHARED_EAP, this->server, userid); if (shared == NULL) @@ -1041,27 +1041,27 @@ static status_t process_server_response(private_eap_mschapv2_t *this, userid->destroy(userid); return process_server_retry(this, out); } - + password = ascii_to_unicode(shared->get_key(shared)); shared->destroy(shared); - + if (GenerateStuff(this, this->challenge, peer_challenge, username, password) != SUCCESS) { - DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed"); + DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed"); userid->destroy(userid); chunk_clear(&password); return FAILED; } userid->destroy(userid); chunk_clear(&password); - + if (memeq(res->response.nt_response, this->nt_response.ptr, this->nt_response.len)) { chunk_t hex; char msg[AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE)]; u_int16_t len = HEADER_LEN + AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE); - + eap = alloca(len); eap->code = EAP_REQUEST; eap->identifier = ++this->identifier; @@ -1070,7 +1070,7 @@ static status_t process_server_response(private_eap_mschapv2_t *this, eap->opcode = MSCHAPV2_SUCCESS; eap->ms_chapv2_id = this->mschapv2id; set_ms_length(eap, len); - + hex = chunk_to_hex(this->auth_response, NULL, TRUE); snprintf(msg, AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE), "S=%s%s", hex.ptr, SUCCESS_MESSAGE); @@ -1091,23 +1091,23 @@ static status_t process_server(private_eap_mschapv2_t *this, eap_payload_t *in, { eap_mschapv2_header_t *eap; chunk_t data; - + if (this->identifier != in->get_identifier(in)) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: " "unexpected identifier"); return FAILED; } - + data = in->get_data(in); if (data.len < SHORT_HEADER_LEN) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short"); return FAILED; } - + eap = (eap_mschapv2_header_t*)data.ptr; - + switch (eap->opcode) { case MSCHAPV2_RESPONSE: @@ -1182,14 +1182,14 @@ static void destroy(private_eap_mschapv2_t *this) static private_eap_mschapv2_t *eap_mschapv2_create_generic(identification_t *server, identification_t *peer) { private_eap_mschapv2_t *this = malloc_thing(private_eap_mschapv2_t); - + this->public.eap_method_interface.initiate = NULL; this->public.eap_method_interface.process = NULL; this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - + /* private data */ this->peer = peer->clone(peer); this->server = server->clone(server); @@ -1200,7 +1200,7 @@ static private_eap_mschapv2_t *eap_mschapv2_create_generic(identification_t *ser this->identifier = 0; this->mschapv2id = 0; this->retries = 0; - + return this; } @@ -1210,7 +1210,7 @@ static private_eap_mschapv2_t *eap_mschapv2_create_generic(identification_t *ser eap_mschapv2_t *eap_mschapv2_create_server(identification_t *server, identification_t *peer) { private_eap_mschapv2_t *this = eap_mschapv2_create_generic(server, peer); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_server; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*, eap_payload_t**))process_server; @@ -1219,9 +1219,9 @@ eap_mschapv2_t *eap_mschapv2_create_server(identification_t *server, identificat { this->identifier = random(); } while (!this->identifier); - + this->mschapv2id = this->identifier; - + return &this->public; } @@ -1231,10 +1231,10 @@ eap_mschapv2_t *eap_mschapv2_create_server(identification_t *server, identificat eap_mschapv2_t *eap_mschapv2_create_peer(identification_t *server, identification_t *peer) { private_eap_mschapv2_t *this = eap_mschapv2_create_generic(server, peer); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_peer; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*, eap_payload_t**))process_peer; - + return &this->public; } diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c b/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c index d0995c477..404cecb20 100644 --- a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c +++ b/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c @@ -37,14 +37,14 @@ static void destroy(eap_mschapv2_plugin_t *this) plugin_t *plugin_create() { eap_mschapv2_plugin_t *this = malloc_thing(eap_mschapv2_plugin_t); - + this->plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->eap->add_method(charon->eap, EAP_MSCHAPV2, 0, EAP_SERVER, (eap_constructor_t)eap_mschapv2_create_server); charon->eap->add_method(charon->eap, EAP_MSCHAPV2, 0, EAP_PEER, (eap_constructor_t)eap_mschapv2_create_peer); - + return &this->plugin; } diff --git a/src/charon/plugins/eap_radius/eap_radius.c b/src/charon/plugins/eap_radius/eap_radius.c index deb3b648b..f21d6b859 100644 --- a/src/charon/plugins/eap_radius/eap_radius.c +++ b/src/charon/plugins/eap_radius/eap_radius.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include "eap_radius.h" #include "radius_message.h" @@ -26,47 +26,47 @@ typedef struct private_eap_radius_t private_eap_radius_t; * Private data of an eap_radius_t object. */ struct private_eap_radius_t { - + /** * Public authenticator_t interface. */ eap_radius_t public; - + /** * ID of the server */ identification_t *server; - + /** * ID of the peer */ identification_t *peer; - + /** * EAP method type we are proxying */ eap_type_t type; - + /** * EAP vendor, if any */ u_int32_t vendor; - + /** * EAP MSK, if method established one */ chunk_t msk; - + /** * RADIUS client instance */ radius_client_t *client; - + /** * TRUE to use EAP-Start, FALSE to send EAP-Identity Response directly */ bool eap_start; - + /** * Prefix to prepend to EAP identity */ @@ -93,11 +93,11 @@ static void add_eap_identity(private_eap_radius_t *this, } __attribute__((__packed__)) *hdr; chunk_t id, prefix; size_t len; - + id = this->peer->get_encoding(this->peer); prefix = chunk_create(this->id_prefix, strlen(this->id_prefix)); len = sizeof(*hdr) + prefix.len + id.len; - + hdr = alloca(len); hdr->code = EAP_RESPONSE; hdr->identifier = 0; @@ -105,7 +105,7 @@ static void add_eap_identity(private_eap_radius_t *this, hdr->type = EAP_IDENTITY; memcpy(hdr->data, prefix.ptr, prefix.len); memcpy(hdr->data + prefix.len, id.ptr, id.len); - + request->add(request, RAT_EAP_MESSAGE, chunk_create((u_char*)hdr, len)); } @@ -119,7 +119,7 @@ static bool radius2ike(private_eap_radius_t *this, eap_payload_t *payload; chunk_t data; int type; - + enumerator = msg->create_enumerator(msg); while (enumerator->enumerate(enumerator, &type, &data)) { @@ -144,12 +144,12 @@ static status_t initiate(private_eap_radius_t *this, eap_payload_t **out) radius_message_t *request, *response; status_t status = FAILED; chunk_t username; - + request = radius_message_create_request(); username = chunk_create(this->id_prefix, strlen(this->id_prefix)); username = chunk_cata("cc", username, this->peer->get_encoding(this->peer)); request->add(request, RAT_USER_NAME, username); - + if (this->eap_start) { request->add(request, RAT_EAP_MESSAGE, chunk_empty); @@ -158,7 +158,7 @@ static status_t initiate(private_eap_radius_t *this, eap_payload_t **out) { add_eap_identity(this, request); } - + response = this->client->request(this->client, request); if (response) { @@ -180,11 +180,11 @@ static status_t process(private_eap_radius_t *this, { radius_message_t *request, *response; status_t status = FAILED; - + request = radius_message_create_request(); request->add(request, RAT_USER_NAME, this->peer->get_encoding(this->peer)); request->add(request, RAT_EAP_MESSAGE, in->get_data(in)); - + response = this->client->request(this->client, request); if (response) { @@ -271,14 +271,14 @@ static void destroy(private_eap_radius_t *this) eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer) { private_eap_radius_t *this = malloc_thing(private_eap_radius_t); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process; this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - + this->client = radius_client_create(); if (!this->client) { @@ -291,7 +291,7 @@ eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer this->type = EAP_RADIUS; this->vendor = 0; this->msk = chunk_empty; - this->eap_start = lib->settings->get_bool(lib->settings, + this->eap_start = lib->settings->get_bool(lib->settings, "charon.plugins.eap_radius.eap_start", FALSE); this->id_prefix = lib->settings->get_str(lib->settings, "charon.plugins.eap_radius.id_prefix", ""); diff --git a/src/charon/plugins/eap_radius/eap_radius_plugin.c b/src/charon/plugins/eap_radius/eap_radius_plugin.c index 7c6a3c9ff..51e6a69c8 100644 --- a/src/charon/plugins/eap_radius/eap_radius_plugin.c +++ b/src/charon/plugins/eap_radius/eap_radius_plugin.c @@ -36,19 +36,19 @@ static void destroy(eap_radius_plugin_t *this) plugin_t *plugin_create() { eap_radius_plugin_t *this; - + if (!radius_client_init()) { DBG1(DBG_CFG, "RADIUS plugin initialization failed"); return NULL; } - + this = malloc_thing(eap_radius_plugin_t); this->plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->eap->add_method(charon->eap, EAP_RADIUS, 0, EAP_SERVER, (eap_constructor_t)eap_radius_create); - + return &this->plugin; } diff --git a/src/charon/plugins/eap_radius/radius_client.c b/src/charon/plugins/eap_radius/radius_client.c index de1bafc6d..1b35cd2d6 100644 --- a/src/charon/plugins/eap_radius/radius_client.c +++ b/src/charon/plugins/eap_radius/radius_client.c @@ -63,12 +63,12 @@ struct entry_t { * Private data of an radius_client_t object. */ struct private_radius_client_t { - + /** * Public radius_client_t interface. */ radius_client_t public; - + /** * RADIUS servers State attribute */ @@ -106,7 +106,7 @@ static chunk_t nas_identifier; void radius_client_cleanup() { entry_t *entry; - + mutex->destroy(mutex); condvar->destroy(condvar); while (sockets->remove_last(sockets, (void**)&entry) == SUCCESS) @@ -130,11 +130,11 @@ bool radius_client_init() entry_t *entry; host_t *host; char *server; - + nas_identifier.ptr = lib->settings->get_str(lib->settings, "charon.plugins.eap_radius.nas_identifier", "strongSwan"); nas_identifier.len = strlen(nas_identifier.ptr); - + secret.ptr = lib->settings->get_str(lib->settings, "charon.plugins.eap_radius.secret", NULL); if (!secret.ptr) @@ -159,7 +159,7 @@ bool radius_client_init() } count = lib->settings->get_int(lib->settings, "charon.plugins.eap_radius.sockets", 1); - + sockets = linked_list_create(); mutex = mutex_create(MUTEX_TYPE_DEFAULT); condvar = condvar_create(CONDVAR_TYPE_DEFAULT); @@ -214,7 +214,7 @@ bool radius_client_init() static entry_t* get_socket() { entry_t *entry; - + mutex->lock(mutex); while (sockets->remove_first(sockets, (void**)&entry) != SUCCESS) { @@ -243,7 +243,7 @@ static void save_state(private_radius_client_t *this, radius_message_t *msg) enumerator_t *enumerator; int type; chunk_t data; - + enumerator = msg->create_enumerator(msg); while (enumerator->enumerate(enumerator, &type, &data)) { @@ -270,9 +270,9 @@ static radius_message_t* request(private_radius_client_t *this, entry_t *socket; chunk_t data; int i; - + socket = get_socket(); - + /* set Message Identifier */ req->set_identifier(req, socket->identifier++); /* we add the "Virtual" NAS-Port-Type, as we SHOULD include one */ @@ -286,7 +286,7 @@ static radius_message_t* request(private_radius_client_t *this, } /* sign the request */ req->sign(req, socket->rng, socket->signer); - + data = req->get_encoding(req); /* timeout after 2, 3, 4, 5 seconds */ for (i = 2; i <= 5; i++) @@ -297,7 +297,7 @@ static radius_message_t* request(private_radius_client_t *this, char buf[1024]; fd_set fds; int res; - + if (send(socket->fd, data.ptr, data.len, 0) != data.len) { DBG1(DBG_CFG, "sending RADIUS message failed: %s", strerror(errno)); @@ -306,7 +306,7 @@ static radius_message_t* request(private_radius_client_t *this, } tv.tv_sec = i; tv.tv_usec = 0; - + while (TRUE) { FD_ZERO(&fds); @@ -334,7 +334,7 @@ static radius_message_t* request(private_radius_client_t *this, } response = radius_message_parse_response(chunk_create(buf, res)); if (response) - { + { if (response->verify(response, req->get_authenticator(req), secret, socket->hasher, socket->signer)) { @@ -366,7 +366,7 @@ static chunk_t decrypt_mppe_key(private_radius_client_t *this, u_int16_t salt, chunk_t A, R, P, seed; u_char *c, *p; hasher_t *hasher; - + /** * From RFC2548 (encryption): * b(1) = MD5(S + R + A) c(1) = p(1) xor b(1) C = c(1) @@ -374,42 +374,42 @@ static chunk_t decrypt_mppe_key(private_radius_client_t *this, u_int16_t salt, * . . . * b(i) = MD5(S + c(i-1)) c(i) = p(i) xor b(i) C = C + c(i) */ - + if (C.len % HASH_SIZE_MD5 || C.len < HASH_SIZE_MD5) { return chunk_empty; } - + hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); if (!hasher) { return chunk_empty; } - + A = chunk_create((u_char*)&salt, sizeof(salt)); R = chunk_create(request->get_authenticator(request), HASH_SIZE_MD5); P = chunk_alloca(C.len); p = P.ptr; c = C.ptr; - + seed = chunk_cata("cc", R, A); - + while (c < C.ptr + C.len) { /* b(i) = MD5(S + c(i-1)) */ hasher->get_hash(hasher, secret, NULL); hasher->get_hash(hasher, seed, p); - + /* p(i) = b(i) xor c(1) */ memxor(p, c, HASH_SIZE_MD5); - + /* prepare next round */ seed = chunk_create(c, HASH_SIZE_MD5); c += HASH_SIZE_MD5; p += HASH_SIZE_MD5; } hasher->destroy(hasher); - + /* remove truncation, first byte is key length */ if (*P.ptr >= P.len) { /* decryption failed? */ @@ -434,7 +434,7 @@ static chunk_t decrypt_msk(private_radius_client_t *this, enumerator_t *enumerator; chunk_t data, send = chunk_empty, recv = chunk_empty; int type; - + enumerator = response->create_enumerator(response); while (enumerator->enumerate(enumerator, &type, &data)) { @@ -482,13 +482,13 @@ static void destroy(private_radius_client_t *this) radius_client_t *radius_client_create() { private_radius_client_t *this = malloc_thing(private_radius_client_t); - + this->public.request = (radius_message_t*(*)(radius_client_t*, radius_message_t *msg))request; this->public.decrypt_msk = (chunk_t(*)(radius_client_t*, radius_message_t *, radius_message_t *))decrypt_msk; this->public.destroy = (void(*)(radius_client_t*))destroy; - + this->state = chunk_empty; - + return &this->public; } diff --git a/src/charon/plugins/eap_radius/radius_client.h b/src/charon/plugins/eap_radius/radius_client.h index 889861a16..77ba94807 100644 --- a/src/charon/plugins/eap_radius/radius_client.h +++ b/src/charon/plugins/eap_radius/radius_client.h @@ -33,11 +33,11 @@ typedef struct radius_client_t radius_client_t; * a socket during request() and releases it afterwards. */ struct radius_client_t { - + /** * Send a RADIUS request and wait for the response. * - * The client fills in RADIUS Message identifier, NAS-Identifier, + * The client fills in RADIUS Message identifier, NAS-Identifier, * NAS-Port-Type, builds a Request-Authenticator and calculates the * Message-Authenticator attribute. * The received response gets verified using the Response-Identifier @@ -47,7 +47,7 @@ struct radius_client_t { * @return response, NULL if timed out/verification failed */ radius_message_t* (*request)(radius_client_t *this, radius_message_t *msg); - + /** * Decrypt the MSK encoded in a messages MS-MPPE-Send/Recv-Key. * @@ -57,7 +57,7 @@ struct radius_client_t { */ chunk_t (*decrypt_msk)(radius_client_t *this, radius_message_t *response, radius_message_t *request); - + /** * Destroy the client, release the socket. */ diff --git a/src/charon/plugins/eap_radius/radius_message.c b/src/charon/plugins/eap_radius/radius_message.c index 59a639f31..8b7ef12d4 100644 --- a/src/charon/plugins/eap_radius/radius_message.c +++ b/src/charon/plugins/eap_radius/radius_message.c @@ -54,12 +54,12 @@ struct rattr_t { * Private data of an radius_message_t object. */ struct private_radius_message_t { - + /** * Public radius_message_t interface. */ radius_message_t public; - + /** * message data, allocated */ @@ -247,12 +247,12 @@ static bool attribute_enumerate(attribute_enumerator_t *this, static enumerator_t* create_enumerator(private_radius_message_t *this) { attribute_enumerator_t *e; - + if (ntohs(this->msg->length) < sizeof(rmsg_t) + sizeof(rattr_t)) { return enumerator_create_empty(); } - + e = malloc_thing(attribute_enumerator_t); e->public.enumerate = (void*)attribute_enumerate; e->public.destroy = (void*)free; @@ -268,7 +268,7 @@ static void add(private_radius_message_t *this, radius_attribute_type_t type, chunk_t data) { rattr_t *attribute; - + this->msg = realloc(this->msg, ntohs(this->msg->length) + sizeof(rattr_t) + data.len); attribute = ((void*)this->msg) + ntohs(this->msg->length); @@ -284,10 +284,10 @@ static void add(private_radius_message_t *this, radius_attribute_type_t type, static void sign(private_radius_message_t *this, rng_t *rng, signer_t *signer) { char buf[HASH_SIZE_MD5]; - + /* build Request-Authenticator */ rng->get_bytes(rng, HASH_SIZE_MD5, this->msg->authenticator); - + /* build Message-Authenticator attribute, using 16 null bytes */ memset(buf, 0, sizeof(buf)); add(this, RAT_MESSAGE_AUTHENTICATOR, chunk_create(buf, sizeof(buf))); @@ -307,12 +307,12 @@ static bool verify(private_radius_message_t *this, u_int8_t *req_auth, int type; chunk_t data, msg; bool has_eap = FALSE, has_auth = FALSE; - + /* replace Response by Request Authenticator for verification */ memcpy(res_auth, this->msg->authenticator, HASH_SIZE_MD5); memcpy(this->msg->authenticator, req_auth, HASH_SIZE_MD5); msg = chunk_create((u_char*)this->msg, ntohs(this->msg->length)); - + /* verify Response-Authenticator */ hasher->get_hash(hasher, msg, NULL); hasher->get_hash(hasher, secret, buf); @@ -321,7 +321,7 @@ static bool verify(private_radius_message_t *this, u_int8_t *req_auth, DBG1(DBG_CFG, "RADIUS Response-Authenticator verification failed"); return FALSE; } - + /* verify Message-Authenticator attribute */ enumerator = create_enumerator(this); while (enumerator->enumerate(enumerator, &type, &data)) @@ -359,7 +359,7 @@ static bool verify(private_radius_message_t *this, u_int8_t *req_auth, enumerator->destroy(enumerator); /* restore Response-Authenticator */ memcpy(this->msg->authenticator, res_auth, HASH_SIZE_MD5); - + if (has_eap && !has_auth) { /* Message-Authenticator is required if we have an EAP-Message */ DBG1(DBG_CFG, "RADIUS Message-Authenticator attribute missing"); @@ -424,7 +424,7 @@ static void destroy(private_radius_message_t *this) static private_radius_message_t *radius_message_create() { private_radius_message_t *this = malloc_thing(private_radius_message_t); - + this->public.create_enumerator = (enumerator_t*(*)(radius_message_t*))create_enumerator; this->public.add = (void(*)(radius_message_t*, radius_attribute_type_t,chunk_t))add; this->public.get_code = (radius_message_code_t(*)(radius_message_t*))get_code; @@ -435,7 +435,7 @@ static private_radius_message_t *radius_message_create() this->public.sign = (void(*)(radius_message_t*, rng_t *rng, signer_t *signer))sign; this->public.verify = (bool(*)(radius_message_t*, u_int8_t *req_auth, chunk_t secret, hasher_t *hasher, signer_t *signer))verify; this->public.destroy = (void(*)(radius_message_t*))destroy; - + return this; } @@ -445,12 +445,12 @@ static private_radius_message_t *radius_message_create() radius_message_t *radius_message_create_request() { private_radius_message_t *this = radius_message_create(); - + this->msg = malloc_thing(rmsg_t); this->msg->code = RMC_ACCESS_REQUEST; this->msg->identifier = 0; this->msg->length = htons(sizeof(rmsg_t)); - + return &this->public; } @@ -460,7 +460,7 @@ radius_message_t *radius_message_create_request() radius_message_t *radius_message_parse_response(chunk_t data) { private_radius_message_t *this = radius_message_create(); - + this->msg = malloc(data.len); memcpy(this->msg, data.ptr, data.len); if (data.len < sizeof(rmsg_t) || diff --git a/src/charon/plugins/eap_radius/radius_message.h b/src/charon/plugins/eap_radius/radius_message.h index d4eec8590..266839d3b 100644 --- a/src/charon/plugins/eap_radius/radius_message.h +++ b/src/charon/plugins/eap_radius/radius_message.h @@ -181,14 +181,14 @@ extern enum_name_t *radius_attribute_type_names; * A RADIUS message, contains attributes. */ struct radius_message_t { - + /** * Create an enumerator over contained RADIUS attributes. * * @return enumerator over (int type, chunk_t data) */ enumerator_t* (*create_enumerator)(radius_message_t *this); - + /** * Add a RADIUS attribute to the message. * @@ -197,42 +197,42 @@ struct radius_message_t { */ void (*add)(radius_message_t *this, radius_attribute_type_t type, chunk_t data); - + /** * Get the message type (code). * * @return message code */ radius_message_code_t (*get_code)(radius_message_t *this); - + /** * Get the message identifier. * * @return message identifier */ u_int8_t (*get_identifier)(radius_message_t *this); - + /** * Set the message identifier. * * @param identifier message identifier */ void (*set_identifier)(radius_message_t *this, u_int8_t identifier); - + /** * Get the 16 byte authenticator. * * @return pointer to the Authenticator field */ u_int8_t* (*get_authenticator)(radius_message_t *this); - + /** * Get the RADIUS message in its encoded form. * * @return chunk pointing to internal RADIUS message. */ chunk_t (*get_encoding)(radius_message_t *this); - + /** * Calculate and add the Message-Authenticator attribute to the message. * @@ -240,7 +240,7 @@ struct radius_message_t { * @param signer HMAC-MD5 signer with secret set */ void (*sign)(radius_message_t *this, rng_t *rng, signer_t *signer); - + /** * Verify the integrity of a received RADIUS response. * @@ -251,7 +251,7 @@ struct radius_message_t { */ bool (*verify)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret, hasher_t *hasher, signer_t *signer); - + /** * Destroy the message. */ diff --git a/src/charon/plugins/eap_sim/eap_sim.c b/src/charon/plugins/eap_sim/eap_sim.c index 2dd6e534b..f439bd248 100644 --- a/src/charon/plugins/eap_sim/eap_sim.c +++ b/src/charon/plugins/eap_sim/eap_sim.c @@ -121,82 +121,82 @@ typedef struct private_eap_sim_t private_eap_sim_t; * Private data of an eap_sim_t object. */ struct private_eap_sim_t { - + /** * Public authenticator_t interface. */ eap_sim_t public; - + /** * ID of ourself */ identification_t *peer; - + /** * hashing function */ hasher_t *hasher; - + /** * prf */ prf_t *prf; - + /** * MAC function */ signer_t *signer; - + /** * how many times we try to authenticate */ int tries; - + /** * unique EAP identifier */ u_int8_t identifier; - + /** * EAP message type this role sends */ u_int8_t type; - + /** * version this implementation uses */ chunk_t version; - + /** * version list received from server */ chunk_t version_list; - + /** * Nonce value used in AT_NONCE_MT */ chunk_t nonce; - + /** * concatenated SRES values */ chunk_t sreses; - + /** * k_encr key derived from MK */ chunk_t k_encr; - + /** * k_auth key derived from MK, used for AT_MAC verification */ chunk_t k_auth; - + /** * MSK, used for EAP-SIM based IKEv2 authentication */ chunk_t msk; - + /** * EMSK, extended MSK for further uses */ @@ -257,9 +257,9 @@ static sim_attribute_t read_attribute(chunk_t *message, chunk_t *data) { sim_attribute_t attribute; size_t length; - + DBG3(DBG_IKE, "reading attribute from %B", message); - + if (message->len < 2) { return AT_END; @@ -294,7 +294,7 @@ static eap_payload_t *build_payload(private_eap_sim_t *this, u_int8_t identifier sim_attribute_t attr; u_int8_t *mac_pos = NULL; chunk_t mac_data = chunk_empty; - + /* write EAP header, skip length bytes */ *pos.ptr++ = this->type; *pos.ptr++ = identifier; @@ -306,18 +306,18 @@ static eap_payload_t *build_payload(private_eap_sim_t *this, u_int8_t identifier *pos.ptr++ = 0; *pos.ptr++ = 0; pos.len -= 4; - + va_start(args, type); while ((attr = va_arg(args, sim_attribute_t)) != AT_END) { chunk_t data = va_arg(args, chunk_t); - + DBG3(DBG_IKE, "building %N %B", sim_attribute_names, attr, &data); - + /* write attribute header */ *pos.ptr++ = attr; pos.len--; - + switch (attr) { case AT_CLIENT_ERROR_CODE: @@ -387,11 +387,11 @@ static eap_payload_t *build_payload(private_eap_sim_t *this, u_int8_t identifier } } va_end(args); - + /* calculate message length, write into header */ message.len = pos.ptr - message.ptr; *(u_int16_t*)(message.ptr + 2) = htons(message.len); - + /* create MAC if AT_MAC attribte was included. Append supplied va_arg * chunk mac_data to "to-sign" chunk */ if (mac_pos) @@ -402,9 +402,9 @@ static eap_payload_t *build_payload(private_eap_sim_t *this, u_int8_t identifier DBG3(DBG_IKE, "AT_MAC signature of %B\n is %b", &mac_data, mac_pos, MAC_LEN); } - + payload = eap_payload_create_data(message); - + DBG3(DBG_IKE, "created EAP message %B", &message); return payload; } @@ -495,7 +495,7 @@ static status_t peer_process_start(private_eap_sim_t *this, eap_payload_t *in, break; } } - + /* build payload. If "include_id" is AT_END, AT_IDENTITY is ommited */ *out = build_payload(this, identifier, SIM_START, AT_SELECTED_VERSION, this->version, @@ -519,7 +519,7 @@ static void derive_keys(private_eap_sim_t *this, chunk_t kcs) mk = chunk_alloca(this->hasher->get_hash_size(this->hasher)); this->hasher->get_hash(this->hasher, tmp, mk.ptr); DBG3(DBG_IKE, "MK = SHA1(%B\n) = %B", &tmp, &mk); - + /* K_encr | K_auth | MSK | EMSK = prf() | prf() | prf() | prf() * FIPS PRF has 320 bit block size, we need 160 byte for keys * => run prf four times */ @@ -549,7 +549,7 @@ static bool get_card_triplet(private_eap_sim_t *this, sim_card_t *card = NULL, *current; id_match_t match, best = ID_MATCH_NONE; bool success = FALSE; - + /* find the best matching SIM */ enumerator = charon->sim->create_card_enumerator(charon->sim); while (enumerator->enumerate(enumerator, ¤t)) @@ -584,7 +584,7 @@ static status_t peer_process_challenge(private_eap_sim_t *this, sim_attribute_t attribute; u_int8_t identifier; chunk_t mac = chunk_empty, rands = chunk_empty; - + if (this->tries-- <= 0) { /* give up without notification. This hack is required as some buggy @@ -643,7 +643,7 @@ static status_t peer_process_challenge(private_eap_sim_t *this, break; } } - + /* excepting two or three RAND, each 16 bytes. We require two valid * and different RANDs */ if ((rands.len != 2 * RAND_LEN && rands.len != 3 * RAND_LEN) || @@ -663,12 +663,12 @@ static status_t peer_process_challenge(private_eap_sim_t *this, AT_END); return NEED_MORE; } - + /* get two or three KCs/SRESes from SIM using RANDs */ kcs = kc = chunk_alloca(rands.len / 2); sreses = sres = chunk_alloca(rands.len / 4); while (rands.len >= RAND_LEN) - { + { if (!get_card_triplet(this, rands.ptr, sres.ptr, kc.ptr)) { DBG1(DBG_IKE, "unable to get EAP-SIM triplet"); @@ -683,9 +683,9 @@ static status_t peer_process_challenge(private_eap_sim_t *this, sres = chunk_skip(sres, SRES_LEN); rands = chunk_skip(rands, RAND_LEN); } - + derive_keys(this, kcs); - + /* verify AT_MAC attribute, signature is over "EAP packet | NONCE_MT" */ this->signer->set_key(this->signer, this->k_auth); tmp = chunk_cata("cc", in->get_data(in), this->nonce); @@ -697,7 +697,7 @@ static status_t peer_process_challenge(private_eap_sim_t *this, AT_END); return NEED_MORE; } - + /* build response, AT_MAC is built over "EAP packet | n*SRES" */ *out = build_payload(this, identifier, SIM_CHALLENGE, AT_MAC, sreses, @@ -714,7 +714,7 @@ static status_t server_process_challenge(private_eap_sim_t *this, chunk_t message, data; sim_attribute_t attribute; chunk_t mac = chunk_empty, tmp; - + message = in->get_data(in); read_header(&message); @@ -761,7 +761,7 @@ static bool get_provider_triplet(private_eap_sim_t *this, enumerator_t *enumerator; sim_provider_t *provider; int tried = 0; - + enumerator = charon->sim->create_provider_enumerator(charon->sim); while (enumerator->enumerate(enumerator, &provider)) { @@ -789,7 +789,7 @@ static status_t server_process_start(private_eap_sim_t *this, bool supported = FALSE; chunk_t rands, rand, kcs, kc, sreses, sres; int i; - + message = in->get_data(in); read_header(&message); @@ -820,7 +820,7 @@ static status_t server_process_start(private_eap_sim_t *this, DBG1(DBG_IKE, "received incomplete EAP-SIM/Response/Start"); return FAILED; } - + /* read triplets from provider */ rand = rands = chunk_alloca(RAND_LEN * TRIPLET_COUNT); kc = kcs = chunk_alloca(KC_LEN * TRIPLET_COUNT); @@ -843,7 +843,7 @@ static status_t server_process_start(private_eap_sim_t *this, kc = chunk_skip(kc, KC_LEN); } derive_keys(this, kcs); - + /* build MAC over "EAP packet | NONCE_MT" */ *out = build_payload(this, this->identifier++, SIM_CHALLENGE, AT_RAND, rands, AT_MAC, this->nonce, AT_END); @@ -859,7 +859,7 @@ static status_t peer_process_notification(private_eap_sim_t *this, { chunk_t message, data; sim_attribute_t attribute; - + message = in->get_data(in); read_header(&message); @@ -910,7 +910,7 @@ static status_t server_process_client_error(private_eap_sim_t *this, { chunk_t message, data; sim_attribute_t attribute; - + message = in->get_data(in); read_header(&message); @@ -943,10 +943,10 @@ static status_t peer_process(private_eap_sim_t *this, { sim_subtype_t type; chunk_t message; - + message = in->get_data(in); type = read_header(&message); - + switch (type) { case SIM_START: @@ -972,10 +972,10 @@ static status_t server_process(private_eap_sim_t *this, { sim_subtype_t type; chunk_t message; - + message = in->get_data(in); type = read_header(&message); - + switch (type) { case SIM_START: @@ -1070,7 +1070,7 @@ eap_sim_t *eap_sim_create_generic(eap_role_t role, identification_t *server, { private_eap_sim_t *this = malloc_thing(private_eap_sim_t); rng_t *rng; - + this->nonce = chunk_empty; this->sreses = chunk_empty; this->peer = peer->clone(peer); @@ -1086,7 +1086,7 @@ eap_sim_t *eap_sim_create_generic(eap_role_t role, identification_t *server, do { this->identifier = random(); } while (!this->identifier); - + switch (role) { case EAP_SERVER: @@ -1116,7 +1116,7 @@ eap_sim_t *eap_sim_create_generic(eap_role_t role, identification_t *server, this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - + this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); this->prf = lib->crypto->create_prf(lib->crypto, PRF_FIPS_SHA1_160); this->signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_SHA1_128); @@ -1146,4 +1146,4 @@ eap_sim_t *eap_sim_create_peer(identification_t *server, { return eap_sim_create_generic(EAP_PEER, server, peer); } - + diff --git a/src/charon/plugins/eap_sim/eap_sim_plugin.c b/src/charon/plugins/eap_sim/eap_sim_plugin.c index cf18007c0..6a6878303 100644 --- a/src/charon/plugins/eap_sim/eap_sim_plugin.c +++ b/src/charon/plugins/eap_sim/eap_sim_plugin.c @@ -37,14 +37,14 @@ static void destroy(eap_sim_plugin_t *this) plugin_t *plugin_create() { eap_sim_plugin_t *this = malloc_thing(eap_sim_plugin_t); - + this->plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->eap->add_method(charon->eap, EAP_SIM, 0, EAP_SERVER, (eap_constructor_t)eap_sim_create_server); charon->eap->add_method(charon->eap, EAP_SIM, 0, EAP_PEER, (eap_constructor_t)eap_sim_create_peer); - + return &this->plugin; } diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_card.c b/src/charon/plugins/eap_sim_file/eap_sim_file_card.c index 7d441ffb2..2a854d367 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_card.c +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_card.c @@ -21,17 +21,17 @@ typedef struct private_eap_sim_file_card_t private_eap_sim_file_card_t; * Private data of an eap_sim_file_card_t object. */ struct private_eap_sim_file_card_t { - + /** * Public eap_sim_file_card_t interface. */ eap_sim_file_card_t public; - + /** * IMSI, is ID_ANY for file implementation */ identification_t *imsi; - + /** * source of triplets */ @@ -49,9 +49,9 @@ static bool get_triplet(private_eap_sim_file_card_t *this, enumerator_t *enumerator; identification_t *id; char *c_rand, *c_sres, *c_kc; - + DBG2(DBG_CFG, "looking for rand: %b", rand, RAND_LEN); - + enumerator = this->triplets->create_enumerator(this->triplets); while (enumerator->enumerate(enumerator, &id, &c_rand, &c_sres, &c_kc)) { @@ -92,15 +92,15 @@ static void destroy(private_eap_sim_file_card_t *this) eap_sim_file_card_t *eap_sim_file_card_create(eap_sim_file_triplets_t *triplets) { private_eap_sim_file_card_t *this = malloc_thing(private_eap_sim_file_card_t); - + this->public.card.get_triplet = (bool(*)(sim_card_t*, char *rand, char *sres, char *kc))get_triplet; this->public.card.get_imsi = (identification_t*(*)(sim_card_t*))get_imsi; this->public.destroy = (void(*)(eap_sim_file_card_t*))destroy; - + /* this SIM card implementation does not have an ID, serve ID_ANY */ this->imsi = identification_create_from_encoding(ID_ANY, chunk_empty); this->triplets = triplets; - + return &this->public; } diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_card.h b/src/charon/plugins/eap_sim_file/eap_sim_file_card.h index e7160a33b..405fbcea6 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_card.h +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_card.h @@ -36,7 +36,7 @@ struct eap_sim_file_card_t { * Implements sim_card_t interface */ sim_card_t card; - + /** * Destroy a eap_sim_file_card_t. */ diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.c b/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.c index eb6fb4c9c..eedaa3060 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.c +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.c @@ -28,22 +28,22 @@ typedef struct private_eap_sim_file_t private_eap_sim_file_t; * Private data of an eap_sim_file_t object. */ struct private_eap_sim_file_t { - + /** * Public eap_sim_file_plugin_t interface. */ eap_sim_file_plugin_t public; - + /** * SIM card */ eap_sim_file_card_t *card; - + /** * SIM provider */ eap_sim_file_provider_t *provider; - + /** * Triplet source */ @@ -69,16 +69,16 @@ static void destroy(private_eap_sim_file_t *this) plugin_t *plugin_create() { private_eap_sim_file_t *this = malloc_thing(private_eap_sim_file_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->triplets = eap_sim_file_triplets_create(TRIPLET_FILE); this->card = eap_sim_file_card_create(this->triplets); this->provider = eap_sim_file_provider_create(this->triplets); - + charon->sim->add_card(charon->sim, &this->card->card); charon->sim->add_provider(charon->sim, &this->provider->provider); - + return &this->public.plugin; } diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c b/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c index 89866ade6..dc55911b8 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c @@ -21,12 +21,12 @@ typedef struct private_eap_sim_file_provider_t private_eap_sim_file_provider_t; * Private data of an eap_sim_file_provider_t object. */ struct private_eap_sim_file_provider_t { - + /** * Public eap_sim_file_provider_t interface. */ eap_sim_file_provider_t public; - + /** * source of triplets */ @@ -43,7 +43,7 @@ static bool get_triplet(private_eap_sim_file_provider_t *this, enumerator_t *enumerator; identification_t *id; char *c_rand, *c_sres, *c_kc; - + enumerator = this->triplets->create_enumerator(this->triplets); while (enumerator->enumerate(enumerator, &id, &c_rand, &c_sres, &c_kc)) { @@ -75,12 +75,12 @@ eap_sim_file_provider_t *eap_sim_file_provider_create( eap_sim_file_triplets_t *triplets) { private_eap_sim_file_provider_t *this = malloc_thing(private_eap_sim_file_provider_t); - + this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *imsi, char rand[16], char sres[4], char kc[8]))get_triplet; this->public.destroy = (void(*)(eap_sim_file_provider_t*))destroy; - + this->triplets = triplets; - + return &this->public; } diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h b/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h index ec3bfb469..72f29d51f 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h @@ -36,7 +36,7 @@ struct eap_sim_file_provider_t { * Implements sim_provider_t interface. */ sim_provider_t provider; - + /** * Destroy a eap_sim_file_provider_t. */ diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c b/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c index e27ed6860..b4686bf8f 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c @@ -28,17 +28,17 @@ typedef struct private_eap_sim_file_triplets_t private_eap_sim_file_triplets_t; * Private data of an eap_sim_file_triplets_t object. */ struct private_eap_sim_file_triplets_t { - + /** * Public eap_sim_file_triplets_t interface. */ eap_sim_file_triplets_t public; - + /** * List of triplets, as triplet_t */ linked_list_t *triplets; - + /** * mutex to lock triplets list */ @@ -103,7 +103,7 @@ static bool enumerator_enumerate(triplet_enumerator_t *e, identification_t **ims char **rand, char **sres, char **kc) { triplet_t *triplet; - + if (e->inner->enumerate(e->inner, &triplet)) { e->current = triplet; @@ -123,14 +123,14 @@ static bool enumerator_enumerate(triplet_enumerator_t *e, identification_t **ims static enumerator_t* create_enumerator(private_eap_sim_file_triplets_t *this) { triplet_enumerator_t *enumerator = malloc_thing(triplet_enumerator_t); - + this->mutex->lock(this->mutex); enumerator->public.enumerate = (void*)enumerator_enumerate; enumerator->public.destroy = (void*)enumerator_destroy; enumerator->inner = this->triplets->create_enumerator(this->triplets); enumerator->current = NULL; enumerator->this = this; - + return &enumerator->public; } @@ -140,7 +140,7 @@ static enumerator_t* create_enumerator(private_eap_sim_file_triplets_t *this) static void parse_token(char *to, char *from, size_t len) { chunk_t chunk; - + chunk = chunk_create(from, min(strlen(from), len * 2)); chunk = chunk_from_hex(chunk, NULL); memset(to, 0, len); @@ -156,22 +156,22 @@ static void read_triplets(private_eap_sim_file_triplets_t *this, char *path) char line[512]; FILE *file; int i, nr = 0; - + file = fopen(path, "r"); if (file == NULL) { - DBG1(DBG_CFG, "opening triplet file %s failed: %s", + DBG1(DBG_CFG, "opening triplet file %s failed: %s", path, strerror(errno)); return; } - + /* read line by line */ while (fgets(line, sizeof(line), file)) { triplet_t *triplet; enumerator_t *enumerator; char *token; - + nr++; /* skip comments, empty lines */ switch (line[0]) @@ -186,7 +186,7 @@ static void read_triplets(private_eap_sim_file_triplets_t *this, char *path) } triplet = malloc_thing(triplet_t); memset(triplet, 0, sizeof(triplet_t)); - + i = 0; enumerator = enumerator_create_token(line, ",", " \n\r#"); while (enumerator->enumerate(enumerator, &token)) @@ -217,15 +217,15 @@ static void read_triplets(private_eap_sim_file_triplets_t *this, char *path) triplet_destroy(triplet); continue; } - + DBG2(DBG_CFG, "triplet: imsi %Y\nrand %b\nsres %b\nkc %b", triplet->imsi, triplet->rand, RAND_LEN, triplet->sres, SRES_LEN, triplet->kc, KC_LEN); - + this->triplets->insert_last(this->triplets, triplet); } fclose(file); - + DBG1(DBG_CFG, "read %d triplets from %s", this->triplets->get_count(this->triplets), path); } @@ -246,15 +246,15 @@ static void destroy(private_eap_sim_file_triplets_t *this) eap_sim_file_triplets_t *eap_sim_file_triplets_create(char *file) { private_eap_sim_file_triplets_t *this = malloc_thing(private_eap_sim_file_triplets_t); - + this->public.create_enumerator = (enumerator_t*(*)(eap_sim_file_triplets_t*))create_enumerator; this->public.destroy = (void(*)(eap_sim_file_triplets_t*))destroy; - + this->triplets = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - + read_triplets(this, file); - + return &this->public; } diff --git a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c b/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c index f0362c1a4..0ae0beaef 100644 --- a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c +++ b/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c @@ -78,7 +78,7 @@ /** the prefix of the name of KLIPS ipsec devices */ #define IPSEC_DEV_PREFIX "ipsec" /** this is the default number of ipsec devices */ -#define DEFAULT_IPSEC_DEV_COUNT 4 +#define DEFAULT_IPSEC_DEV_COUNT 4 /** TRUE if the given name matches an ipsec device */ #define IS_IPSEC_DEV(name) (strneq((name), IPSEC_DEV_PREFIX, sizeof(IPSEC_DEV_PREFIX) - 1)) @@ -108,62 +108,62 @@ struct private_kernel_klips_ipsec_t * Public part of the kernel_klips_t object. */ kernel_klips_ipsec_t public; - + /** * mutex to lock access to various lists */ mutex_t *mutex; - + /** * List of installed policies (policy_entry_t) */ linked_list_t *policies; - + /** * List of allocated SPIs without installed SA (sa_entry_t) */ linked_list_t *allocated_spis; - + /** * List of installed SAs (sa_entry_t) */ linked_list_t *installed_sas; - + /** * whether to install routes along policies */ bool install_routes; - + /** * List of ipsec devices (ipsec_dev_t) */ linked_list_t *ipsec_devices; - + /** * job receiving PF_KEY events */ callback_job_t *job; - + /** * mutex to lock access to the PF_KEY socket */ mutex_t *mutex_pfkey; - + /** * PF_KEY socket to communicate with the kernel */ int socket; - + /** * PF_KEY socket to receive acquire and expire events */ int socket_events; - + /** * sequence number for messages sent to the kernel */ int seq; - + }; @@ -175,10 +175,10 @@ typedef struct ipsec_dev_t ipsec_dev_t; struct ipsec_dev_t { /** name of the virtual ipsec interface */ char name[IFNAMSIZ]; - + /** name of the physical interface */ char phys_name[IFNAMSIZ]; - + /** by how many CHILD_SA's this ipsec device is used */ u_int refcount; }; @@ -229,14 +229,14 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) struct ipsectunnelconf *itc = (struct ipsectunnelconf*)&req.ifr_data; short phys_flags; int mtu; - + DBG2(DBG_KNL, "attaching virtual interface %s to %s", name, phys_name); - + if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) <= 0) { return FAILED; } - + strncpy(req.ifr_name, phys_name, IFNAMSIZ); if (ioctl(sock, SIOCGIFFLAGS, &req) < 0) { @@ -251,18 +251,18 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) close(sock); return FAILED; } - + if (req.ifr_flags & IFF_UP) { /* if it's already up, it is already attached, detach it first */ ioctl(sock, IPSEC_DEL_DEV, &req); } - + /* attach it */ strncpy(req.ifr_name, name, IFNAMSIZ); strncpy(itc->cf_name, phys_name, sizeof(itc->cf_name)); ioctl(sock, IPSEC_SET_DEV, &req); - + /* copy address from physical to virtual */ strncpy(req.ifr_name, phys_name, IFNAMSIZ); if (ioctl(sock, SIOCGIFADDR, &req) == 0) @@ -270,7 +270,7 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) strncpy(req.ifr_name, name, IFNAMSIZ); ioctl(sock, SIOCSIFADDR, &req); } - + /* copy net mask from physical to virtual */ strncpy(req.ifr_name, phys_name, IFNAMSIZ); if (ioctl(sock, SIOCGIFNETMASK, &req) == 0) @@ -278,7 +278,7 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) strncpy(req.ifr_name, name, IFNAMSIZ); ioctl(sock, SIOCSIFNETMASK, &req); } - + /* copy other flags and addresses */ strncpy(req.ifr_name, name, IFNAMSIZ); if (ioctl(sock, SIOCGIFFLAGS, &req) == 0) @@ -288,7 +288,7 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) req.ifr_flags |= IFF_POINTOPOINT; req.ifr_flags &= ~IFF_BROADCAST; ioctl(sock, SIOCSIFFLAGS, &req); - + strncpy(req.ifr_name, phys_name, IFNAMSIZ); if (ioctl(sock, SIOCGIFDSTADDR, &req) == 0) { @@ -301,7 +301,7 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) req.ifr_flags &= ~IFF_POINTOPOINT; req.ifr_flags |= IFF_BROADCAST; ioctl(sock, SIOCSIFFLAGS, &req); - + strncpy(req.ifr_name, phys_name, IFNAMSIZ); if (ioctl(sock, SIOCGIFBRDADDR, &req)==0) { @@ -324,7 +324,7 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) /* guess MTU as physical MTU - ESP overhead [- NAT-T overhead] * ESP overhead : 73 bytes * NAT-T overhead : 8 bytes ==> 81 bytes - * + * * assuming tunnel mode with AES encryption and integrity * outer IP header : 20 bytes * (NAT-T UDP header: 8 bytes) @@ -338,19 +338,19 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) ioctl(sock, SIOCGIFMTU, &req); mtu = req.ifr_mtu - 81; } - + /* set MTU */ strncpy(req.ifr_name, name, IFNAMSIZ); req.ifr_mtu = mtu; ioctl(sock, SIOCSIFMTU, &req); - + /* bring ipsec device UP */ if (ioctl(sock, SIOCGIFFLAGS, &req) == 0) { req.ifr_flags |= IFF_UP; ioctl(sock, SIOCSIFFLAGS, &req); } - + close(sock); return SUCCESS; } @@ -362,37 +362,37 @@ static status_t detach_ipsec_dev(char* name, char *phys_name) { int sock; struct ifreq req; - + DBG2(DBG_KNL, "detaching virtual interface %s from %s", name, strlen(phys_name) ? phys_name : "any physical interface"); - + if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) <= 0) { return FAILED; } - + strncpy(req.ifr_name, name, IFNAMSIZ); if (ioctl(sock, SIOCGIFFLAGS, &req) < 0) { close(sock); return FAILED; } - + /* shutting interface down */ if (req.ifr_flags & IFF_UP) { req.ifr_flags &= ~IFF_UP; ioctl(sock, SIOCSIFFLAGS, &req); } - + /* unset address */ memset(&req.ifr_addr, 0, sizeof(req.ifr_addr)); req.ifr_addr.sa_family = AF_INET; ioctl(sock, SIOCSIFADDR, &req); - + /* detach interface */ ioctl(sock, IPSEC_DEL_DEV, &req); - + close(sock); return SUCCESS; } @@ -415,10 +415,10 @@ typedef struct route_entry_t route_entry_t; struct route_entry_t { /** Name of the interface the route is bound to */ char *if_name; - + /** Source ip of the route */ host_t *src_ip; - + /** Gateway for this route */ host_t *gateway; @@ -447,13 +447,13 @@ typedef struct policy_entry_t policy_entry_t; * installed kernel policy. */ struct policy_entry_t { - + /** reqid of this policy, if setup as trap */ u_int32_t reqid; - + /** direction of this policy: in, out, forward */ u_int8_t direction; - + /** parameters of installed policy */ struct { /** subnet and port */ @@ -463,13 +463,13 @@ struct policy_entry_t { /** protocol */ u_int8_t proto; } src, dst; - + /** associated route installed for this policy */ route_entry_t *route; - + /** by how many CHILD_SA's this policy is actively used */ u_int activecount; - + /** by how many CHILD_SA's this policy is trapped */ u_int trapcount; }; @@ -499,22 +499,22 @@ static bool is_host_in_net(host_t *host, host_t *net, u_int8_t mask) static const u_char bitmask[] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe }; chunk_t host_chunk, net_chunk; int bytes = mask / 8, bits = mask % 8; - + host_chunk = host->get_address(host); net_chunk = net->get_address(net); - + if (host_chunk.len != net_chunk.len) { return FALSE; } - + if (memeq(host_chunk.ptr, net_chunk.ptr, bytes)) { return (bits == 0) || - (host_chunk.ptr[bytes] & bitmask[bits]) == + (host_chunk.ptr[bytes] & bitmask[bits]) == (net_chunk.ptr[bytes] & bitmask[bits]); } - + return FALSE; } @@ -530,15 +530,15 @@ static policy_entry_t *create_policy_entry(traffic_selector_t *src_ts, policy->route = NULL; policy->activecount = 0; policy->trapcount = 0; - + src_ts->to_subnet(src_ts, &policy->src.net, &policy->src.mask); dst_ts->to_subnet(dst_ts, &policy->dst.net, &policy->dst.mask); - + /* src or dest proto may be "any" (0), use more restrictive one */ policy->src.proto = max(src_ts->get_protocol(src_ts), dst_ts->get_protocol(dst_ts)); - policy->src.proto = policy->src.proto ? policy->src.proto : 0; + policy->src.proto = policy->src.proto ? policy->src.proto : 0; policy->dst.proto = policy->src.proto; - + return policy; } @@ -585,25 +585,25 @@ typedef struct sa_entry_t sa_entry_t; * - installed inbound SAs with enabled UDP encapsulation */ struct sa_entry_t { - + /** protocol of this SA */ protocol_id_t protocol; - + /** reqid of this SA */ u_int32_t reqid; - + /** SPI of this SA */ u_int32_t spi; - + /** src address of this SA */ host_t *src; - + /** dst address of this SA */ host_t *dst; - + /** TRUE if this SA uses UDP encapsulation */ bool encap; - + /** TRUE if this SA is inbound */ bool inbound; }; @@ -672,8 +672,8 @@ struct pfkey_msg_t * PF_KEY message base */ struct sadb_msg *msg; - - + + /** * PF_KEY message extensions */ @@ -761,7 +761,7 @@ struct kernel_algorithm_t { * Identifier specified in IKEv2 */ int ikev2; - + /** * Identifier as defined in pfkeyv2.h */ @@ -884,7 +884,7 @@ static void add_encap_ext(struct sadb_msg *msg, host_t *src, host_t *dst, { struct sadb_x_nat_t_type* nat_type; struct sadb_x_nat_t_port* nat_port; - + if (!ports_only) { nat_type = (struct sadb_x_nat_t_type*)PFKEY_EXT_ADD_NEXT(msg); @@ -893,13 +893,13 @@ static void add_encap_ext(struct sadb_msg *msg, host_t *src, host_t *dst, nat_type->sadb_x_nat_t_type_type = UDP_ENCAP_ESPINUDP; PFKEY_EXT_ADD(msg, nat_type); } - + nat_port = (struct sadb_x_nat_t_port*)PFKEY_EXT_ADD_NEXT(msg); nat_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT; nat_port->sadb_x_nat_t_port_len = PFKEY_LEN(sizeof(struct sadb_x_nat_t_port)); nat_port->sadb_x_nat_t_port_port = src->get_port(src); PFKEY_EXT_ADD(msg, nat_port); - + nat_port = (struct sadb_x_nat_t_port*)PFKEY_EXT_ADD_NEXT(msg); nat_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT; nat_port->sadb_x_nat_t_port_len = PFKEY_LEN(sizeof(struct sadb_x_nat_t_port)); @@ -917,19 +917,19 @@ static void build_addflow(struct sadb_msg *msg, u_int8_t satype, u_int32_t spi, struct sadb_sa *sa; struct sadb_protocol *proto; host_t *host; - + msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_X_ADDFLOW; msg->sadb_msg_satype = satype; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_spi = spi; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_flags = replace ? SADB_X_SAFLAGS_REPLACEFLOW : 0; PFKEY_EXT_ADD(msg, sa); - + if (!src) { add_anyaddr_ext(msg, src_net->get_family(src_net), SADB_EXT_ADDRESS_SRC); @@ -938,7 +938,7 @@ static void build_addflow(struct sadb_msg *msg, u_int8_t satype, u_int32_t spi, { add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC); } - + if (!dst) { add_anyaddr_ext(msg, dst_net->get_family(dst_net), SADB_EXT_ADDRESS_DST); @@ -947,18 +947,18 @@ static void build_addflow(struct sadb_msg *msg, u_int8_t satype, u_int32_t spi, { add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST); } - + add_addr_ext(msg, src_net, SADB_X_EXT_ADDRESS_SRC_FLOW); add_addr_ext(msg, dst_net, SADB_X_EXT_ADDRESS_DST_FLOW); - + host = mask2host(src_net->get_family(src_net), src_mask); add_addr_ext(msg, host, SADB_X_EXT_ADDRESS_SRC_MASK); host->destroy(host); - + host = mask2host(dst_net->get_family(dst_net), dst_mask); add_addr_ext(msg, host, SADB_X_EXT_ADDRESS_DST_MASK); host->destroy(host); - + proto = (struct sadb_protocol*)PFKEY_EXT_ADD_NEXT(msg); proto->sadb_protocol_exttype = SADB_X_EXT_PROTOCOL; proto->sadb_protocol_len = PFKEY_LEN(sizeof(struct sadb_protocol)); @@ -975,25 +975,25 @@ static void build_delflow(struct sadb_msg *msg, u_int8_t satype, { struct sadb_protocol *proto; host_t *host; - + msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_X_DELFLOW; msg->sadb_msg_satype = satype; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + add_addr_ext(msg, src_net, SADB_X_EXT_ADDRESS_SRC_FLOW); add_addr_ext(msg, dst_net, SADB_X_EXT_ADDRESS_DST_FLOW); - + host = mask2host(src_net->get_family(src_net), src_mask); add_addr_ext(msg, host, SADB_X_EXT_ADDRESS_SRC_MASK); host->destroy(host); - + host = mask2host(dst_net->get_family(dst_net), dst_mask); add_addr_ext(msg, host, SADB_X_EXT_ADDRESS_DST_MASK); host->destroy(host); - + proto = (struct sadb_protocol*)PFKEY_EXT_ADD_NEXT(msg); proto->sadb_protocol_exttype = SADB_X_EXT_PROTOCOL; proto->sadb_protocol_len = PFKEY_LEN(sizeof(struct sadb_protocol)); @@ -1008,15 +1008,15 @@ static status_t parse_pfkey_message(struct sadb_msg *msg, pfkey_msg_t *out) { struct sadb_ext* ext; size_t len; - + memset(out, 0, sizeof(pfkey_msg_t)); out->msg = msg; - + len = msg->sadb_msg_len; len -= PFKEY_LEN(sizeof(struct sadb_msg)); - + ext = (struct sadb_ext*)(((char*)msg) + sizeof(struct sadb_msg)); - + while (len >= PFKEY_LEN(sizeof(struct sadb_ext))) { if (ext->sadb_ext_len < PFKEY_LEN(sizeof(struct sadb_ext)) || @@ -1025,19 +1025,19 @@ static status_t parse_pfkey_message(struct sadb_msg *msg, pfkey_msg_t *out) DBG1(DBG_KNL, "length of PF_KEY extension (%d) is invalid", ext->sadb_ext_type); break; } - + if ((ext->sadb_ext_type > SADB_EXT_MAX) || (!ext->sadb_ext_type)) { DBG1(DBG_KNL, "type of PF_KEY extension (%d) is invalid", ext->sadb_ext_type); break; } - + if (out->ext[ext->sadb_ext_type]) { - DBG1(DBG_KNL, "duplicate PF_KEY extension of type (%d)", ext->sadb_ext_type); + DBG1(DBG_KNL, "duplicate PF_KEY extension of type (%d)", ext->sadb_ext_type); break; } - + out->ext[ext->sadb_ext_type] = ext; ext = PFKEY_EXT_NEXT_LEN(ext, len); } @@ -1047,7 +1047,7 @@ static status_t parse_pfkey_message(struct sadb_msg *msg, pfkey_msg_t *out) DBG1(DBG_KNL, "PF_KEY message length is invalid"); return FAILED; } - + return SUCCESS; } @@ -1060,7 +1060,7 @@ static status_t pfkey_send_socket(private_kernel_klips_ipsec_t *this, int socket unsigned char buf[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg; int in_len, len; - + this->mutex_pfkey->lock(this->mutex_pfkey); in->sadb_msg_seq = ++this->seq; @@ -1093,13 +1093,13 @@ static status_t pfkey_send_socket(private_kernel_klips_ipsec_t *this, int socket } break; } - + while (TRUE) - { + { msg = (struct sadb_msg*)buf; - + len = recv(socket, buf, sizeof(buf), 0); - + if (len < 0) { if (errno == EINTR) @@ -1149,13 +1149,13 @@ static status_t pfkey_send_socket(private_kernel_klips_ipsec_t *this, int socket } break; } - + *out_len = len; *out = (struct sadb_msg*)malloc(len); memcpy(*out, buf, len); - + this->mutex_pfkey->unlock(this->mutex_pfkey); - + return SUCCESS; } @@ -1175,7 +1175,7 @@ static status_t pfkey_send_ack(private_kernel_klips_ipsec_t *this, struct sadb_m { struct sadb_msg *out; size_t len; - + if (pfkey_send(this, in, &out, &len) != SUCCESS) { return FAILED; @@ -1200,12 +1200,12 @@ static status_t add_eroute(private_kernel_klips_ipsec_t *this, u_int8_t satype, { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg = (struct sadb_msg*)request; - + memset(&request, 0, sizeof(request)); - + build_addflow(msg, satype, spi, src, dst, src_net, src_mask, dst_net, dst_mask, protocol, replace); - + return pfkey_send_ack(this, msg); } @@ -1218,11 +1218,11 @@ static status_t del_eroute(private_kernel_klips_ipsec_t *this, u_int8_t satype, { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg = (struct sadb_msg*)request; - + memset(&request, 0, sizeof(request)); - + build_delflow(msg, satype, src_net, src_mask, dst_net, dst_mask, protocol); - + return pfkey_send_ack(this, msg); } @@ -1237,7 +1237,7 @@ static void process_acquire(private_kernel_klips_ipsec_t *this, struct sadb_msg* u_int8_t proto; policy_entry_t *policy; job_t *job; - + switch (msg->sadb_msg_satype) { case SADB_SATYPE_UNSPEC: @@ -1248,13 +1248,13 @@ static void process_acquire(private_kernel_klips_ipsec_t *this, struct sadb_msg* /* acquire for AH/ESP only */ return; } - + if (parse_pfkey_message(msg, &response) != SUCCESS) { DBG1(DBG_KNL, "parsing SADB_ACQUIRE from kernel failed"); return; } - + /* KLIPS provides us only with the source and destination address, * and the transport protocol of the packet that triggered the policy. * we use this information to find a matching policy in our cache. @@ -1269,7 +1269,7 @@ static void process_acquire(private_kernel_klips_ipsec_t *this, struct sadb_msg* DBG1(DBG_KNL, "received an SADB_ACQUIRE with invalid hosts"); return; } - + DBG2(DBG_KNL, "received an SADB_ACQUIRE for %H == %H : %d", src, dst, proto); this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -1286,17 +1286,17 @@ static void process_acquire(private_kernel_klips_ipsec_t *this, struct sadb_msg* DBG1(DBG_KNL, "received an SADB_ACQUIRE, but policy is not routed anymore"); return; } - + /* add a broad %hold eroute that replaces the %trap eroute */ add_eroute(this, SADB_X_SATYPE_INT, htonl(SPI_HOLD), NULL, NULL, policy->src.net, policy->src.mask, policy->dst.net, policy->dst.mask, policy->src.proto, TRUE); - + /* remove the narrow %hold eroute installed by KLIPS */ del_eroute(this, SADB_X_SATYPE_INT, src, 32, dst, 32, proto); - + this->mutex->unlock(this->mutex); - + DBG2(DBG_KNL, "received an SADB_ACQUIRE"); DBG1(DBG_KNL, "creating acquire job for CHILD_SA with reqid {%d}", reqid); job = (job_t*)acquire_job_create(reqid, NULL, NULL); @@ -1312,23 +1312,23 @@ static void process_mapping(private_kernel_klips_ipsec_t *this, struct sadb_msg* u_int32_t spi, reqid; host_t *old_src, *new_src; job_t *job; - + DBG2(DBG_KNL, "received an SADB_X_NAT_T_NEW_MAPPING"); - + if (parse_pfkey_message(msg, &response) != SUCCESS) { DBG1(DBG_KNL, "parsing SADB_X_NAT_T_NEW_MAPPING from kernel failed"); return; } - + spi = response.sa->sadb_sa_spi; - + if (proto_satype2ike(msg->sadb_msg_satype) == PROTO_ESP) { sa_entry_t *sa; sockaddr_t *addr = (sockaddr_t*)(response.src + 1); old_src = host_create_from_sockaddr(addr); - + this->mutex->lock(this->mutex); if (!old_src || this->installed_sas->find_first(this->installed_sas, (linked_list_match_t)sa_entry_match_encapbysrc, @@ -1340,7 +1340,7 @@ static void process_mapping(private_kernel_klips_ipsec_t *this, struct sadb_msg* } reqid = sa->reqid; this->mutex->unlock(this->mutex); - + addr = (sockaddr_t*)(response.dst + 1); switch (addr->sa_family) { @@ -1352,7 +1352,7 @@ static void process_mapping(private_kernel_klips_ipsec_t *this, struct sadb_msg* case AF_INET6: { struct sockaddr_in6 *sin6 = (struct sockaddr_in6*)addr; - sin6->sin6_port = htons(response.x_natt_dport->sadb_x_nat_t_port_port); + sin6->sin6_port = htons(response.x_natt_dport->sadb_x_nat_t_port_port); } default: break; @@ -1376,11 +1376,11 @@ static job_requeue_t receive_events(private_kernel_klips_ipsec_t *this) unsigned char buf[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg = (struct sadb_msg*)buf; int len, oldstate; - + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); len = recv(this->socket_events, buf, sizeof(buf), 0); pthread_setcancelstate(oldstate, NULL); - + if (len < 0) { switch (errno) @@ -1397,7 +1397,7 @@ static job_requeue_t receive_events(private_kernel_klips_ipsec_t *this) return JOB_REQUEUE_FAIR; } } - + if (len < sizeof(struct sadb_msg) || msg->sadb_msg_len < PFKEY_LEN(sizeof(struct sadb_msg))) { @@ -1413,7 +1413,7 @@ static job_requeue_t receive_events(private_kernel_klips_ipsec_t *this) DBG1(DBG_KNL, "buffer was too small to receive the complete PF_KEY message"); return JOB_REQUEUE_DIRECT; } - + switch (msg->sadb_msg_type) { case SADB_ACQUIRE: @@ -1433,7 +1433,7 @@ static job_requeue_t receive_events(private_kernel_klips_ipsec_t *this) default: break; } - + return JOB_REQUEUE_DIRECT; } @@ -1473,11 +1473,11 @@ static job_requeue_t sa_expires(sa_expire_t *expire) sa_entry_t *cached_sa; linked_list_t *list; job_t *job; - + /* for an expired SPI we first check whether the CHILD_SA got installed * in the meantime, for expired SAs we check whether they are still installed */ list = expire->type == EXPIRE_TYPE_SPI ? this->allocated_spis : this->installed_sas; - + this->mutex->lock(this->mutex); if (list->find_first(list, (linked_list_match_t)sa_entry_match_byid, (void**)&cached_sa, &protocol, &spi, &reqid) != SUCCESS) @@ -1494,10 +1494,10 @@ static job_requeue_t sa_expires(sa_expire_t *expire) sa_entry_destroy(cached_sa); } this->mutex->unlock(this->mutex); - + DBG2(DBG_KNL, "%N CHILD_SA with SPI %.8x and reqid {%d} expired", protocol_id_names, protocol, ntohl(spi), reqid); - + DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x and reqid {%d}", hard ? "delete" : "rekey", protocol_id_names, protocol, ntohl(spi), reqid); @@ -1514,7 +1514,7 @@ static job_requeue_t sa_expires(sa_expire_t *expire) } /** - * Schedule an expire job for an SA. Time is in seconds. + * Schedule an expire job for an SA. Time is in seconds. */ static void schedule_expire(private_kernel_klips_ipsec_t *this, protocol_id_t protocol, u_int32_t spi, @@ -1534,8 +1534,8 @@ static void schedule_expire(private_kernel_klips_ipsec_t *this, /** * Implementation of kernel_interface_t.get_spi. */ -static status_t get_spi(private_kernel_klips_ipsec_t *this, - host_t *src, host_t *dst, +static status_t get_spi(private_kernel_klips_ipsec_t *this, + host_t *src, host_t *dst, protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi) { @@ -1545,7 +1545,7 @@ static status_t get_spi(private_kernel_klips_ipsec_t *this, */ rng_t *rng; u_int32_t spi_gen; - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -1554,29 +1554,29 @@ static status_t get_spi(private_kernel_klips_ipsec_t *this, } rng->get_bytes(rng, sizeof(spi_gen), (void*)&spi_gen); rng->destroy(rng); - + /* charon's SPIs lie within the range from 0xc0000000 to 0xcFFFFFFF */ spi_gen = 0xc0000000 | (spi_gen & 0x0FFFFFFF); - + DBG2(DBG_KNL, "allocated SPI %.8x for %N SA between %#H..%#H", spi_gen, protocol_id_names, protocol, src, dst); - + *spi = htonl(spi_gen); - + this->mutex->lock(this->mutex); this->allocated_spis->insert_last(this->allocated_spis, create_sa_entry(protocol, *spi, reqid, NULL, NULL, FALSE, TRUE)); this->mutex->unlock(this->mutex); schedule_expire(this, protocol, *spi, reqid, EXPIRE_TYPE_SPI, SPI_TIMEOUT); - + return SUCCESS; } /** * Implementation of kernel_interface_t.get_cpi. */ -static status_t get_cpi(private_kernel_klips_ipsec_t *this, - host_t *src, host_t *dst, +static status_t get_cpi(private_kernel_klips_ipsec_t *this, + host_t *src, host_t *dst, u_int32_t reqid, u_int16_t *cpi) { return FAILED; @@ -1592,27 +1592,27 @@ static status_t add_ipip_sa(private_kernel_klips_ipsec_t *this, struct sadb_msg *msg, *out; struct sadb_sa *sa; size_t len; - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "adding pseudo IPIP SA with SPI %.8x and reqid {%d}", ntohl(spi), reqid); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_ADD; msg->sadb_msg_satype = SADB_X_SATYPE_IPIP; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = spi; sa->sadb_sa_state = SADB_SASTATE_MATURE; PFKEY_EXT_ADD(msg, sa); - + add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to add pseudo IPIP SA with SPI %.8x", ntohl(spi)); @@ -1625,7 +1625,7 @@ static status_t add_ipip_sa(private_kernel_klips_ipsec_t *this, free(out); return FAILED; } - + free(out); return SUCCESS; } @@ -1642,41 +1642,41 @@ static status_t group_ipip_sa(private_kernel_klips_ipsec_t *this, struct sadb_sa *sa; struct sadb_x_satype *satype; size_t len; - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "grouping SAs with SPI %.8x and reqid {%d}", ntohl(spi), reqid); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_X_GRPSA; msg->sadb_msg_satype = SADB_X_SATYPE_IPIP; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = spi; sa->sadb_sa_state = SADB_SASTATE_MATURE; PFKEY_EXT_ADD(msg, sa); - + add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST); - + satype = (struct sadb_x_satype*)PFKEY_EXT_ADD_NEXT(msg); satype->sadb_x_satype_exttype = SADB_X_EXT_SATYPE2; satype->sadb_x_satype_len = PFKEY_LEN(sizeof(struct sadb_x_satype)); satype->sadb_x_satype_satype = proto_ike2satype(protocol); PFKEY_EXT_ADD(msg, satype); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_X_EXT_SA2; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = spi; sa->sadb_sa_state = SADB_SASTATE_MATURE; PFKEY_EXT_ADD(msg, sa); - + add_addr_ext(msg, dst, SADB_X_EXT_ADDRESS_DST2); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to group SAs with SPI %.8x", ntohl(spi)); @@ -1689,7 +1689,7 @@ static status_t group_ipip_sa(private_kernel_klips_ipsec_t *this, free(out); return FAILED; } - + free(out); return SUCCESS; } @@ -1711,7 +1711,7 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, struct sadb_sa *sa; struct sadb_key *key; size_t len; - + if (inbound) { /* for inbound SAs we allocated an SPI via get_spi, so we first check @@ -1733,17 +1733,17 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, } this->mutex->unlock(this->mutex); } - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%d}", ntohl(spi), reqid); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_ADD; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); @@ -1753,10 +1753,10 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, sa->sadb_sa_auth = lookup_algorithm(integrity_algs, int_alg); sa->sadb_sa_encrypt = lookup_algorithm(encryption_algs, enc_alg); PFKEY_EXT_ADD(msg, sa); - + add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST); - + if (enc_alg != ENCR_UNDEFINED) { if (!sa->sadb_sa_encrypt) @@ -1767,16 +1767,16 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, } DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", encryption_algorithm_names, enc_alg, enc_key.len * 8); - + key = (struct sadb_key*)PFKEY_EXT_ADD_NEXT(msg); key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT; key->sadb_key_bits = enc_key.len * 8; key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + enc_key.len); memcpy(key + 1, enc_key.ptr, enc_key.len); - + PFKEY_EXT_ADD(msg, key); } - + if (int_alg != AUTH_UNDEFINED) { if (!sa->sadb_sa_auth) @@ -1787,26 +1787,26 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, } DBG2(DBG_KNL, " using integrity algorithm %N with key size %d", integrity_algorithm_names, int_alg, int_key.len * 8); - + key = (struct sadb_key*)PFKEY_EXT_ADD_NEXT(msg); key->sadb_key_exttype = SADB_EXT_KEY_AUTH; key->sadb_key_bits = int_key.len * 8; key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + int_key.len); memcpy(key + 1, int_key.ptr, int_key.len); - + PFKEY_EXT_ADD(msg, key); } - + if (ipcomp != IPCOMP_NONE) { /*TODO*/ } - + if (encap) { add_encap_ext(msg, src, dst, FALSE); } - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x", ntohl(spi)); @@ -1820,7 +1820,7 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, return FAILED; } free(out); - + /* for tunnel mode SAs we have to install an additional IPIP SA and * group the two SAs together */ if (mode == MODE_TUNNEL) @@ -1832,7 +1832,7 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, return FAILED; } } - + this->mutex->lock(this->mutex); /* we cache this SA for two reasons: * - in case an SADB_X_NAT_T_MAPPING_NEW event occurs (we need to find the reqid then) @@ -1840,7 +1840,7 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, this->installed_sas->insert_last(this->installed_sas, create_sa_entry(protocol, spi, reqid, src, dst, encap, inbound)); this->mutex->unlock(this->mutex); - + /* Although KLIPS supports SADB_EXT_LIFETIME_SOFT/HARD, we handle the lifetime * of SAs manually in the plugin. Refer to the comments in receive_events() * for details. */ @@ -1848,12 +1848,12 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, { schedule_expire(this, protocol, spi, reqid, EXPIRE_TYPE_SOFT, lifetime->time.rekey); } - + if (lifetime->time.life) { schedule_expire(this, protocol, spi, reqid, EXPIRE_TYPE_HARD, lifetime->time.life); } - + return SUCCESS; } @@ -1870,7 +1870,7 @@ static status_t update_sa(private_kernel_klips_ipsec_t *this, struct sadb_msg *msg, *out; struct sadb_sa *sa; size_t len; - + /* we can't update the SA if any of the ip addresses have changed. * that's because we can't use SADB_UPDATE and by deleting and readding the * SA the sequence numbers would get lost */ @@ -1881,7 +1881,7 @@ static status_t update_sa(private_kernel_klips_ipsec_t *this, " are not supported", ntohl(spi)); return NOT_SUPPORTED; } - + /* because KLIPS does not allow us to change the NAT-T type in an SADB_UPDATE, * we can't update the SA if the encap flag has changed since installing it */ if (encap != new_encap) @@ -1890,18 +1890,18 @@ static status_t update_sa(private_kernel_klips_ipsec_t *this, " encapsulation is not supported", ntohl(spi)); return NOT_SUPPORTED; } - + DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H", ntohl(spi), src, dst, new_src, new_dst); - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_UPDATE; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); @@ -1910,12 +1910,12 @@ static status_t update_sa(private_kernel_klips_ipsec_t *this, sa->sadb_sa_auth = SADB_AALG_SHA1HMAC; /* ignored */ sa->sadb_sa_state = SADB_SASTATE_MATURE; PFKEY_EXT_ADD(msg, sa); - + add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST); - + add_encap_ext(msg, new_src, new_dst, TRUE); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", ntohl(spi)); @@ -1929,7 +1929,7 @@ static status_t update_sa(private_kernel_klips_ipsec_t *this, return FAILED; } free(out); - + return SUCCESS; } @@ -1955,13 +1955,13 @@ static status_t del_sa(private_kernel_klips_ipsec_t *this, host_t *src, struct sadb_sa *sa; sa_entry_t *cached_sa; size_t len; - + memset(&request, 0, sizeof(request)); - + /* all grouped SAs are automatically deleted by KLIPS as soon as * one of them is deleted, therefore we delete only the main one */ DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x", ntohl(spi)); - + this->mutex->lock(this->mutex); /* this should not fail, but we don't care if it does, let the kernel decide * whether this SA exists or not */ @@ -1973,24 +1973,24 @@ static status_t del_sa(private_kernel_klips_ipsec_t *this, host_t *src, sa_entry_destroy(cached_sa); } this->mutex->unlock(this->mutex); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_DELETE; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = spi; PFKEY_EXT_ADD(msg, sa); - + /* the kernel wants an SADB_EXT_ADDRESS_SRC to be present even though * it is not used for anything. */ add_anyaddr_ext(msg, dst->get_family(dst), SADB_EXT_ADDRESS_SRC); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x", ntohl(spi)); @@ -2003,7 +2003,7 @@ static status_t del_sa(private_kernel_klips_ipsec_t *this, host_t *src, free(out); return FAILED; } - + DBG2(DBG_KNL, "deleted SAD entry with SPI %.8x", ntohl(spi)); free(out); return SUCCESS; @@ -2012,7 +2012,7 @@ static status_t del_sa(private_kernel_klips_ipsec_t *this, host_t *src, /** * Implementation of kernel_interface_t.add_policy. */ -static status_t add_policy(private_kernel_klips_ipsec_t *this, +static status_t add_policy(private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, @@ -2025,21 +2025,21 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, struct sadb_msg *msg, *out; policy_entry_t *policy, *found = NULL; u_int8_t satype; - size_t len; - + size_t len; + if (direction == POLICY_FWD) { /* no forward policies for KLIPS */ return SUCCESS; } - + /* tunnel mode policies direct the packets into the pseudo IPIP SA */ satype = (mode == MODE_TUNNEL) ? SADB_X_SATYPE_IPIP : proto_ike2satype(protocol); - + /* create a policy */ policy = create_policy_entry(src_ts, dst_ts, direction); - + /* find a matching policy */ this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -2057,21 +2057,21 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, /* apply the new one, if we have no such policy */ this->policies->insert_last(this->policies, policy); } - + if (routed) { /* we install this as a %trap eroute in the kernel, later to be * triggered by packets matching the policy (-> ACQUIRE). */ spi = htonl(SPI_TRAP); satype = SADB_X_SATYPE_INT; - + /* the reqid is always set to the latest child SA that trapped this * policy. we will need this reqid upon receiving an acquire. */ policy->reqid = reqid; - + /* increase the trap counter */ policy->trapcount++; - + if (policy->activecount) { /* we do not replace the current policy in the kernel while a @@ -2085,21 +2085,21 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, /* increase the reference counter */ policy->activecount++; } - + DBG2(DBG_KNL, "adding policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; - + /* FIXME: SADB_X_SAFLAGS_INFLOW may be required, if we add an inbound policy for an IPIP SA */ build_addflow(msg, satype, spi, routed ? NULL : src, routed ? NULL : dst, policy->src.net, policy->src.mask, policy->dst.net, policy->dst.mask, policy->src.proto, found != NULL); - + this->mutex->unlock(this->mutex); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to add policy %R === %R %N", src_ts, dst_ts, @@ -2115,9 +2115,9 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, return FAILED; } free(out); - + this->mutex->lock(this->mutex); - + /* we try to find the policy again and install the route if needed */ if (this->policies->find_last(this->policies, NULL, (void**)&policy) != SUCCESS) { @@ -2126,7 +2126,7 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, src_ts, dst_ts, policy_dir_names, direction); return SUCCESS; } - + /* KLIPS requires a special route that directs traffic that matches this * policy to one of the virtual ipsec interfaces. The virtual interface * has to be attached to the physical one the traffic runs over. @@ -2144,19 +2144,19 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, ipsec_dev_t *dev; route_entry_t *route = malloc_thing(route_entry_t); route->src_ip = NULL; - + if (mode != MODE_TRANSPORT && src->get_family(src) != AF_INET6 && this->install_routes) { charon->kernel_interface->get_address_by_ts(charon->kernel_interface, src_ts, &route->src_ip); } - + if (!route->src_ip) { route->src_ip = host_create_any(src->get_family(src)); } - + /* find the virtual interface */ iface = charon->kernel_interface->get_interface(charon->kernel_interface, src); @@ -2203,13 +2203,13 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, } free(iface); route->if_name = strdup(dev->name); - + /* get the nexthop to dst */ route->gateway = charon->kernel_interface->get_nexthop( charon->kernel_interface, dst); route->dst_net = chunk_clone(policy->dst.net->get_address(policy->dst.net)); route->prefixlen = policy->dst.mask; - + switch (charon->kernel_interface->add_route(charon->kernel_interface, route->dst_net, route->prefixlen, route->gateway, route->src_ip, route->if_name)) @@ -2227,10 +2227,10 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, policy->route = route; break; } - } - - this->mutex->unlock(this->mutex); - + } + + this->mutex->unlock(this->mutex); + return SUCCESS; } @@ -2238,7 +2238,7 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, * Implementation of kernel_interface_t.query_policy. */ static status_t query_policy(private_kernel_klips_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time) { @@ -2250,19 +2250,19 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, char *said = NULL, *pos; policy_entry_t *policy, *found = NULL; status_t status = FAILED; - + if (direction == POLICY_FWD) { /* we do not install forward policies */ return FAILED; } - + DBG2(DBG_KNL, "querying policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - + /* create a policy */ policy = create_policy_entry(src_ts, dst_ts, direction); - + /* find a matching policy */ this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -2276,7 +2276,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, } policy_entry_destroy(policy); policy = found; - + /* src and dst selectors in KLIPS are of the form NET_ADDR/NETBITS:PROTO */ snprintf(src, sizeof(src), "%H/%d:%d", policy->src.net, policy->src.mask, policy->src.proto); @@ -2284,9 +2284,9 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, snprintf(dst, sizeof(dst), "%H/%d:%d", policy->dst.net, policy->dst.mask, policy->dst.proto); dst[sizeof(dst) - 1] = '\0'; - + this->mutex->unlock(this->mutex); - + /* we try to find the matching eroute first */ file = fopen(path_eroute, "r"); if (file == NULL) @@ -2295,7 +2295,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, dst_ts, policy_dir_names, direction, strerror(errno), errno); return FAILED; } - + /* read line by line where each line looks like: * packets src -> dst => said */ while (fgets(line, sizeof(line), file)) @@ -2303,7 +2303,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, enumerator_t *enumerator; char *token; int i = 0; - + enumerator = enumerator_create_token(line, " \t", " \t\n"); while (enumerator->enumerate(enumerator, &token)) { @@ -2334,7 +2334,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, break; } enumerator->destroy(enumerator); - + if (i == 5) { /* eroute matched */ @@ -2342,19 +2342,19 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, } } fclose(file); - + if (said == NULL) { DBG1(DBG_KNL, "unable to query policy %R === %R %N: found no matching" " eroute", src_ts, dst_ts, policy_dir_names, direction); return FAILED; } - + /* compared with the one in the spi entry the SA ID from the eroute entry * has an additional ":PROTO" appended, which we need to cut off */ pos = strrchr(said, ':'); *pos = '\0'; - + /* now we try to find the matching spi entry */ file = fopen(path_spi, "r"); if (file == NULL) @@ -2363,7 +2363,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, dst_ts, policy_dir_names, direction, strerror(errno), errno); return FAILED; } - + while (fgets(line, sizeof(line), file)) { if (strneq(line, said, strlen(said))) @@ -2381,7 +2381,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, /* idle time not valid */ break; } - + *use_time = time_monotonic(NULL) - idle_time; status = SUCCESS; break; @@ -2389,7 +2389,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, } fclose(file); free(said); - + return status; } @@ -2397,7 +2397,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, * Implementation of kernel_interface_t.del_policy. */ static status_t del_policy(private_kernel_klips_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted) { @@ -2406,19 +2406,19 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, policy_entry_t *policy, *found = NULL; route_entry_t *route; size_t len; - + if (direction == POLICY_FWD) { /* no forward policies for KLIPS */ return SUCCESS; } - + DBG2(DBG_KNL, "deleting policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - + /* create a policy */ policy = create_policy_entry(src_ts, dst_ts, direction); - + /* find a matching policy */ this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -2431,10 +2431,10 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, return NOT_FOUND; } policy_entry_destroy(policy); - + /* decrease appropriate counter */ unrouted ? found->trapcount-- : found->activecount--; - + if (found->trapcount == 0) { /* if this policy is finally unrouted, we reset the reqid because it @@ -2442,7 +2442,7 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, * this policy. */ found->reqid = 0; } - + if (found->activecount > 0) { /* is still used by SAs, keep in kernel */ @@ -2462,22 +2462,22 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, this->mutex->unlock(this->mutex); return pfkey_send_ack(this, msg); } - + /* remove if last reference */ this->policies->remove(this->policies, found, NULL); policy = found; - + this->mutex->unlock(this->mutex); - + memset(&request, 0, sizeof(request)); - + build_delflow(msg, 0, policy->src.net, policy->src.mask, policy->dst.net, policy->dst.mask, policy->src.proto); - + route = policy->route; policy->route = NULL; policy_entry_destroy(policy); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to delete policy %R === %R %N", src_ts, dst_ts, @@ -2493,11 +2493,11 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, return FAILED; } free(out); - + if (route) { ipsec_dev_t *dev; - + if (charon->kernel_interface->del_route(charon->kernel_interface, route->dst_net, route->prefixlen, route->gateway, route->src_ip, route->if_name) != SUCCESS) @@ -2506,11 +2506,11 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, " policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); } - + /* we have to detach the ipsec interface from the physical one over which * this SA ran (if it is not used by any other) */ this->mutex->lock(this->mutex); - + if (find_ipsec_dev(this, route->if_name, &dev) == SUCCESS) { /* fine, we found a matching device object, let's check if we have @@ -2525,12 +2525,12 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, dev->phys_name[0] = '\0'; } } - + this->mutex->unlock(this->mutex); - + route_entry_destroy(route); } - + return SUCCESS; } @@ -2542,7 +2542,7 @@ static void init_ipsec_devices(private_kernel_klips_ipsec_t *this) int i, count = lib->settings->get_int(lib->settings, "charon.plugins.kernel_klips.ipsec_dev_count", DEFAULT_IPSEC_DEV_COUNT); - + for (i = 0; i < count; ++i) { ipsec_dev_t *dev = malloc_thing(ipsec_dev_t); @@ -2551,7 +2551,7 @@ static void init_ipsec_devices(private_kernel_klips_ipsec_t *this) dev->phys_name[0] = '\0'; dev->refcount = 0; this->ipsec_devices->insert_last(this->ipsec_devices, dev); - + /* detach any previously attached ipsec device */ detach_ipsec_dev(dev->name, dev->phys_name); } @@ -2565,15 +2565,15 @@ static status_t register_pfkey_socket(private_kernel_klips_ipsec_t *this, u_int8 unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; size_t len; - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_REGISTER; msg->sadb_msg_satype = satype; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + if (pfkey_send_socket(this, this->socket_events, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to register PF_KEY socket"); @@ -2613,7 +2613,7 @@ static void destroy(private_kernel_klips_ipsec_t *this) kernel_klips_ipsec_t *kernel_klips_ipsec_create() { private_kernel_klips_ipsec_t *this = malloc_thing(private_kernel_klips_ipsec_t); - + /* public functions */ this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi; this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi; @@ -2624,7 +2624,7 @@ kernel_klips_ipsec_t *kernel_klips_ipsec_create() this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy; this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy; this->public.interface.del_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy; - + this->public.interface.destroy = (void(*)(kernel_ipsec_t*)) destroy; /* private members */ @@ -2636,34 +2636,34 @@ kernel_klips_ipsec_t *kernel_klips_ipsec_create() this->mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT); this->install_routes = lib->settings->get_bool(lib->settings, "charon.install_routes", TRUE); this->seq = 0; - + /* initialize ipsec devices */ init_ipsec_devices(this); - + /* create a PF_KEY socket to communicate with the kernel */ this->socket = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); if (this->socket <= 0) { charon->kill(charon, "unable to create PF_KEY socket"); } - + /* create a PF_KEY socket for ACQUIRE & EXPIRE */ this->socket_events = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); if (this->socket_events <= 0) { charon->kill(charon, "unable to create PF_KEY event socket"); } - + /* register the event socket */ if (register_pfkey_socket(this, SADB_SATYPE_ESP) != SUCCESS || register_pfkey_socket(this, SADB_SATYPE_AH) != SUCCESS) { charon->kill(charon, "unable to register PF_KEY event socket"); } - + this->job = callback_job_create((callback_job_cb_t)receive_events, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public; } diff --git a/src/charon/plugins/kernel_klips/kernel_klips_plugin.c b/src/charon/plugins/kernel_klips/kernel_klips_plugin.c index d153ea8af..b0117c10c 100644 --- a/src/charon/plugins/kernel_klips/kernel_klips_plugin.c +++ b/src/charon/plugins/kernel_klips/kernel_klips_plugin.c @@ -47,10 +47,10 @@ static void destroy(private_kernel_klips_plugin_t *this) plugin_t *plugin_create() { private_kernel_klips_plugin_t *this = malloc_thing(private_kernel_klips_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->kernel_interface->add_ipsec_interface(charon->kernel_interface, (kernel_ipsec_constructor_t)kernel_klips_ipsec_create); - + return &this->public.plugin; } diff --git a/src/charon/plugins/kernel_klips/pfkeyv2.h b/src/charon/plugins/kernel_klips/pfkeyv2.h index 78d3dfa91..20d1c298d 100644 --- a/src/charon/plugins/kernel_klips/pfkeyv2.h +++ b/src/charon/plugins/kernel_klips/pfkeyv2.h @@ -169,7 +169,7 @@ struct sadb_x_satype { uint8_t sadb_x_satype_satype; uint8_t sadb_x_satype_reserved[3]; }; - + struct sadb_x_debug { uint16_t sadb_x_debug_len; uint16_t sadb_x_debug_exttype; @@ -200,7 +200,7 @@ struct sadb_x_nat_t_port { uint16_t sadb_x_nat_t_port_port; uint16_t sadb_x_nat_t_port_reserved; }; - + /* * A protocol structure for passing through the transport level * protocol. It contains more fields than are actually used/needed diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c index cdd2436c5..bce6016c5 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -75,8 +75,8 @@ #define XFRMNLGRP(x) (1<<(XFRMNLGRP_##x-1)) /** - * returns a pointer to the first rtattr following the nlmsghdr *nlh and the - * 'usual' netlink data x like 'struct xfrm_usersa_info' + * returns a pointer to the first rtattr following the nlmsghdr *nlh and the + * 'usual' netlink data x like 'struct xfrm_usersa_info' */ #define XFRM_RTA(nlh, x) ((struct rtattr*)(NLMSG_DATA(nlh) + NLMSG_ALIGN(sizeof(x)))) /** @@ -85,8 +85,8 @@ */ #define XFRM_RTA_NEXT(rta) ((struct rtattr*)(((char*)(rta)) + RTA_ALIGN((rta)->rta_len))) /** - * returns the total size of attached rta data - * (after 'usual' netlink data x like 'struct xfrm_usersa_info') + * returns the total size of attached rta data + * (after 'usual' netlink data x like 'struct xfrm_usersa_info') */ #define XFRM_PAYLOAD(nlh, x) NLMSG_PAYLOAD(nlh, sizeof(x)) @@ -100,7 +100,7 @@ struct kernel_algorithm_t { * Identifier specified in IKEv2 */ int ikev2; - + /** * Name of the algorithm in linux crypto API */ @@ -239,10 +239,10 @@ typedef struct route_entry_t route_entry_t; struct route_entry_t { /** Name of the interface the route is bound to */ char *if_name; - + /** Source ip of the route */ host_t *src_ip; - + /** gateway for this route */ host_t *gateway; @@ -271,16 +271,16 @@ typedef struct policy_entry_t policy_entry_t; * installed kernel policy. */ struct policy_entry_t { - + /** direction of this policy: in, out, forward */ u_int8_t direction; - + /** parameters of installed policy */ struct xfrm_selector sel; - + /** associated route installed for this policy */ route_entry_t *route; - + /** by how many CHILD_SA's this policy is used */ u_int refcount; }; @@ -313,32 +313,32 @@ struct private_kernel_netlink_ipsec_t { * Public part of the kernel_netlink_t object. */ kernel_netlink_ipsec_t public; - + /** * mutex to lock access to various lists */ mutex_t *mutex; - + /** * Hash table of installed policies (policy_entry_t) */ hashtable_t *policies; - + /** * job receiving netlink events */ callback_job_t *job; - + /** * Netlink xfrm socket (IPsec) */ netlink_socket_t *socket_xfrm; - + /** * netlink xfrm socket to receive acquire and expire events */ int socket_xfrm_events; - + /** * whether to install routes along policies */ @@ -401,7 +401,7 @@ static u_int8_t mode2kernel(ipsec_mode_t mode) static void host2xfrm(host_t *host, xfrm_address_t *xfrm) { chunk_t chunk = host->get_address(host); - memcpy(xfrm, chunk.ptr, min(chunk.len, sizeof(xfrm_address_t))); + memcpy(xfrm, chunk.ptr, min(chunk.len, sizeof(xfrm_address_t))); } /** @@ -410,7 +410,7 @@ static void host2xfrm(host_t *host, xfrm_address_t *xfrm) static host_t* xfrm2host(int family, xfrm_address_t *xfrm, u_int16_t port) { chunk_t chunk; - + switch (family) { case AF_INET: @@ -428,12 +428,12 @@ static host_t* xfrm2host(int family, xfrm_address_t *xfrm, u_int16_t port) /** * convert a traffic selector address range to subnet and its mask. */ -static void ts2subnet(traffic_selector_t* ts, +static void ts2subnet(traffic_selector_t* ts, xfrm_address_t *net, u_int8_t *mask) { host_t *net_host; chunk_t net_chunk; - + ts->to_subnet(ts, &net_host, mask); net_chunk = net_host->get_address(net_host); memcpy(net, net_chunk.ptr, net_chunk.len); @@ -443,7 +443,7 @@ static void ts2subnet(traffic_selector_t* ts, /** * convert a traffic selector port range to port/portmask */ -static void ts2ports(traffic_selector_t* ts, +static void ts2ports(traffic_selector_t* ts, u_int16_t *port, u_int16_t *mask) { /* linux does not seem to accept complex portmasks. Only @@ -451,10 +451,10 @@ static void ts2ports(traffic_selector_t* ts, * a port range, or to a specific, if we have one port only. */ u_int16_t from, to; - + from = ts->get_from_port(ts); to = ts->get_to_port(ts); - + if (from == to) { *port = htons(from); @@ -470,7 +470,7 @@ static void ts2ports(traffic_selector_t* ts, /** * convert a pair of traffic_selectors to a xfrm_selector */ -static struct xfrm_selector ts2selector(traffic_selector_t *src, +static struct xfrm_selector ts2selector(traffic_selector_t *src, traffic_selector_t *dst) { struct xfrm_selector sel; @@ -485,12 +485,12 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src, ts2ports(src, &sel.sport, &sel.sport_mask); sel.ifindex = 0; sel.user = 0; - + return sel; } /** - * convert a xfrm_selector to a src|dst traffic_selector + * convert a xfrm_selector to a src|dst traffic_selector */ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) { @@ -498,7 +498,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) u_int8_t prefixlen; u_int16_t port = 0; host_t *host = NULL; - + if (src) { addr = (u_char*)&sel->saddr; @@ -517,9 +517,9 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) port = htons(sel->dport); } } - + /* The Linux 2.6 kernel does not set the selector's family field, - * so as a kludge we additionally test the prefix length. + * so as a kludge we additionally test the prefix length. */ if (sel->family == AF_INET || sel->prefixlen_s == 32) { @@ -529,7 +529,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) { host = host_create_from_chunk(AF_INET6, chunk_create(addr, 16), 0); } - + if (host) { return traffic_selector_create_from_subnet(host, prefixlen, @@ -550,7 +550,7 @@ static void process_acquire(private_kernel_netlink_ipsec_t *this, struct nlmsghd struct rtattr *rta; size_t rtasize; job_t *job; - + acquire = (struct xfrm_user_acquire*)NLMSG_DATA(hdr); rta = XFRM_RTA(hdr, struct xfrm_user_acquire); rtasize = XFRM_PAYLOAD(hdr, struct xfrm_user_acquire); @@ -598,21 +598,21 @@ static void process_expire(private_kernel_netlink_ipsec_t *this, struct nlmsghdr protocol_id_t protocol; u_int32_t spi, reqid; struct xfrm_user_expire *expire; - + expire = (struct xfrm_user_expire*)NLMSG_DATA(hdr); protocol = proto_kernel2ike(expire->state.id.proto); spi = expire->state.id.spi; reqid = expire->state.reqid; - + DBG2(DBG_KNL, "received a XFRM_MSG_EXPIRE"); - + if (protocol != PROTO_ESP && protocol != PROTO_AH) { DBG2(DBG_KNL, "ignoring XFRM_MSG_EXPIRE for SA with SPI %.8x and reqid {%u} " "which is not a CHILD_SA", ntohl(spi), reqid); return; } - + DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x and reqid {%d}", expire->hard ? "delete" : "rekey", protocol_id_names, protocol, ntohl(spi), reqid); @@ -648,7 +648,7 @@ static void process_migrate(private_kernel_netlink_ipsec_t *this, struct nlmsghd rtasize = XFRM_PAYLOAD(hdr, struct xfrm_userpolicy_id); DBG2(DBG_KNL, "received a XFRM_MSG_MIGRATE"); - + src_ts = selector2ts(&policy_id->sel, TRUE); dst_ts = selector2ts(&policy_id->sel, FALSE); dir = (policy_dir_t)policy_id->dir; @@ -717,13 +717,13 @@ static void process_mapping(private_kernel_netlink_ipsec_t *this, u_int32_t spi, reqid; struct xfrm_user_mapping *mapping; host_t *host; - + mapping = (struct xfrm_user_mapping*)NLMSG_DATA(hdr); spi = mapping->id.spi; reqid = mapping->reqid; - + DBG2(DBG_KNL, "received a XFRM_MSG_MAPPING"); - + if (proto_kernel2ike(mapping->id.proto) == PROTO_ESP) { host = xfrm2host(mapping->id.family, &mapping->new_saddr, @@ -753,7 +753,7 @@ static job_requeue_t receive_events(private_kernel_netlink_ipsec_t *this) len = recvfrom(this->socket_xfrm_events, response, sizeof(response), 0, (struct sockaddr*)&addr, &addr_len); pthread_setcancelstate(oldstate, NULL); - + if (len < 0) { switch (errno) @@ -770,12 +770,12 @@ static job_requeue_t receive_events(private_kernel_netlink_ipsec_t *this) return JOB_REQUEUE_FAIR; } } - + if (addr.nl_pid != 0) { /* not from kernel. not interested, try another one */ return JOB_REQUEUE_DIRECT; } - + while (NLMSG_OK(hdr, len)) { switch (hdr->nlmsg_type) @@ -813,9 +813,9 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this, struct xfrm_userspi_info *userspi; u_int32_t received_spi = 0; size_t len; - + memset(&request, 0, sizeof(request)); - + hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST; hdr->nlmsg_type = XFRM_MSG_ALLOCSPI; @@ -830,7 +830,7 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this, userspi->info.family = src->get_family(src); userspi->min = min; userspi->max = max; - + if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS) { hdr = out; @@ -847,7 +847,7 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this, case NLMSG_ERROR: { struct nlmsgerr *err = NLMSG_DATA(hdr); - + DBG1(DBG_KNL, "allocating SPI failed: %s (%d)", strerror(-err->error), -err->error); break; @@ -862,12 +862,12 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this, } free(out); } - + if (received_spi == 0) { return FAILED; } - + *spi = received_spi; return SUCCESS; } @@ -875,47 +875,47 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this, /** * Implementation of kernel_interface_t.get_spi. */ -static status_t get_spi(private_kernel_netlink_ipsec_t *this, - host_t *src, host_t *dst, +static status_t get_spi(private_kernel_netlink_ipsec_t *this, + host_t *src, host_t *dst, protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi) { DBG2(DBG_KNL, "getting SPI for reqid {%u}", reqid); - + if (get_spi_internal(this, src, dst, proto_ike2kernel(protocol), 0xc0000000, 0xcFFFFFFF, reqid, spi) != SUCCESS) { DBG1(DBG_KNL, "unable to get SPI for reqid {%u}", reqid); return FAILED; } - + DBG2(DBG_KNL, "got SPI %.8x for reqid {%u}", ntohl(*spi), reqid); - + return SUCCESS; } /** * Implementation of kernel_interface_t.get_cpi. */ -static status_t get_cpi(private_kernel_netlink_ipsec_t *this, - host_t *src, host_t *dst, +static status_t get_cpi(private_kernel_netlink_ipsec_t *this, + host_t *src, host_t *dst, u_int32_t reqid, u_int16_t *cpi) { u_int32_t received_spi = 0; DBG2(DBG_KNL, "getting CPI for reqid {%u}", reqid); - + if (get_spi_internal(this, src, dst, IPPROTO_COMP, 0x100, 0xEFFF, reqid, &received_spi) != SUCCESS) { DBG1(DBG_KNL, "unable to get CPI for reqid {%u}", reqid); return FAILED; } - + *cpi = htons((u_int16_t)ntohl(received_spi)); - + DBG2(DBG_KNL, "got CPI %.4x for reqid {%u}", ntohs(*cpi), reqid); - + return SUCCESS; } @@ -935,8 +935,8 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, char *alg_name; struct nlmsghdr *hdr; struct xfrm_usersa_info *sa; - u_int16_t icv_size = 64; - + u_int16_t icv_size = 64; + /* if IPComp is used, we install an additional IPComp SA. if the cpi is 0 * we are in the recursive call below */ if (ipcomp != IPCOMP_NONE && cpi != 0) @@ -947,17 +947,17 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, mode, ipcomp, 0, FALSE, inbound); ipcomp = IPCOMP_NONE; } - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%u}", ntohl(spi), reqid); - + hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; hdr->nlmsg_type = inbound ? XFRM_MSG_UPDSA : XFRM_MSG_NEWSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info)); - + sa = (struct xfrm_usersa_info*)NLMSG_DATA(hdr); host2xfrm(src, &sa->saddr); host2xfrm(dst, &sa->id.daddr); @@ -980,9 +980,9 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, sa->lft.hard_add_expires_seconds = lifetime->time.life; sa->lft.soft_use_expires_seconds = 0; sa->lft.hard_use_expires_seconds = 0; - + struct rtattr *rthdr = XFRM_RTA(hdr, struct xfrm_usersa_info); - + switch (enc_alg) { case ENCR_UNDEFINED: @@ -1013,7 +1013,7 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, } DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", encryption_algorithm_names, enc_alg, enc_key.len * 8); - + rthdr->rta_type = XFRMA_ALG_AEAD; rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo_aead) + enc_key.len); hdr->nlmsg_len += rthdr->rta_len; @@ -1021,13 +1021,13 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, { return FAILED; } - + algo = (struct xfrm_algo_aead*)RTA_DATA(rthdr); algo->alg_key_len = enc_key.len * 8; algo->alg_icv_len = icv_size; strcpy(algo->alg_name, alg_name); memcpy(algo->alg_key, enc_key.ptr, enc_key.len); - + rthdr = XFRM_RTA_NEXT(rthdr); break; } @@ -1044,7 +1044,7 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, } DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", encryption_algorithm_names, enc_alg, enc_key.len * 8); - + rthdr->rta_type = XFRMA_ALG_CRYPT; rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo) + enc_key.len); hdr->nlmsg_len += rthdr->rta_len; @@ -1052,71 +1052,71 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, { return FAILED; } - + algo = (struct xfrm_algo*)RTA_DATA(rthdr); algo->alg_key_len = enc_key.len * 8; strcpy(algo->alg_name, alg_name); memcpy(algo->alg_key, enc_key.ptr, enc_key.len); - + rthdr = XFRM_RTA_NEXT(rthdr); } } - + if (int_alg != AUTH_UNDEFINED) { rthdr->rta_type = XFRMA_ALG_AUTH; alg_name = lookup_algorithm(integrity_algs, int_alg); if (alg_name == NULL) { - DBG1(DBG_KNL, "algorithm %N not supported by kernel!", + DBG1(DBG_KNL, "algorithm %N not supported by kernel!", integrity_algorithm_names, int_alg); return FAILED; } DBG2(DBG_KNL, " using integrity algorithm %N with key size %d", integrity_algorithm_names, int_alg, int_key.len * 8); - + rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo) + int_key.len); hdr->nlmsg_len += rthdr->rta_len; if (hdr->nlmsg_len > sizeof(request)) { return FAILED; } - + struct xfrm_algo* algo = (struct xfrm_algo*)RTA_DATA(rthdr); algo->alg_key_len = int_key.len * 8; strcpy(algo->alg_name, alg_name); memcpy(algo->alg_key, int_key.ptr, int_key.len); - + rthdr = XFRM_RTA_NEXT(rthdr); } - + if (ipcomp != IPCOMP_NONE) { rthdr->rta_type = XFRMA_ALG_COMP; alg_name = lookup_algorithm(compression_algs, ipcomp); if (alg_name == NULL) { - DBG1(DBG_KNL, "algorithm %N not supported by kernel!", + DBG1(DBG_KNL, "algorithm %N not supported by kernel!", ipcomp_transform_names, ipcomp); return FAILED; } DBG2(DBG_KNL, " using compression algorithm %N", ipcomp_transform_names, ipcomp); - + rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo)); hdr->nlmsg_len += rthdr->rta_len; if (hdr->nlmsg_len > sizeof(request)) { return FAILED; } - + struct xfrm_algo* algo = (struct xfrm_algo*)RTA_DATA(rthdr); algo->alg_key_len = 0; strcpy(algo->alg_name, alg_name); - + rthdr = XFRM_RTA_NEXT(rthdr); } - + if (encap) { rthdr->rta_type = XFRMA_ENCAP; @@ -1133,13 +1133,13 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, tmpl->encap_sport = htons(src->get_port(src)); tmpl->encap_dport = htons(dst->get_port(dst)); memset(&tmpl->encap_oa, 0, sizeof (xfrm_address_t)); - /* encap_oa could probably be derived from the - * traffic selectors [rfc4306, p39]. In the netlink kernel implementation - * pluto does the same as we do here but it uses encap_oa in the - * pfkey implementation. BUT as /usr/src/linux/net/key/af_key.c indicates + /* encap_oa could probably be derived from the + * traffic selectors [rfc4306, p39]. In the netlink kernel implementation + * pluto does the same as we do here but it uses encap_oa in the + * pfkey implementation. BUT as /usr/src/linux/net/key/af_key.c indicates * the kernel ignores it anyway * -> does that mean that NAT-T encap doesn't work in transport mode? - * No. The reason the kernel ignores NAT-OA is that it recomputes + * No. The reason the kernel ignores NAT-OA is that it recomputes * (or, rather, just ignores) the checksum. If packets pass * the IPsec checks it marks them "checksum ok" so OA isn't needed. */ rthdr = XFRM_RTA_NEXT(rthdr); @@ -1166,24 +1166,24 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this, size_t len; struct rtattr *rta; size_t rtasize; - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "querying replay state from SAD entry with SPI %.8x", ntohl(spi)); hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST; hdr->nlmsg_type = XFRM_MSG_GETAE; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_aevent_id)); - + aevent_id = (struct xfrm_aevent_id*)NLMSG_DATA(hdr); aevent_id->flags = XFRM_AE_RVAL; - + host2xfrm(dst, &aevent_id->sa_id.daddr); aevent_id->sa_id.spi = spi; aevent_id->sa_id.proto = proto_ike2kernel(protocol); aevent_id->sa_id.family = dst->get_family(dst); - + if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS) { hdr = out; @@ -1212,7 +1212,7 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this, break; } } - + if (out_aevent == NULL) { DBG1(DBG_KNL, "unable to query replay state from SAD entry with SPI %.8x", @@ -1220,7 +1220,7 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this, free(out); return FAILED; } - + rta = XFRM_RTA(out, struct xfrm_aevent_id); rtasize = XFRM_PAYLOAD(out, struct xfrm_aevent_id); while(RTA_OK(rta, rtasize)) @@ -1234,7 +1234,7 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this, } rta = RTA_NEXT(rta, rtasize); } - + DBG1(DBG_KNL, "unable to query replay state from SAD entry with SPI %.8x", ntohl(spi)); free(out); @@ -1253,7 +1253,7 @@ static status_t query_sa(private_kernel_netlink_ipsec_t *this, host_t *src, struct xfrm_usersa_id *sa_id; struct xfrm_usersa_info *sa = NULL; size_t len; - + memset(&request, 0, sizeof(request)); DBG2(DBG_KNL, "querying SAD entry with SPI %.8x", ntohl(spi)); @@ -1268,7 +1268,7 @@ static status_t query_sa(private_kernel_netlink_ipsec_t *this, host_t *src, sa_id->spi = spi; sa_id->proto = proto_ike2kernel(protocol); sa_id->family = dst->get_family(dst); - + if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS) { hdr = out; @@ -1297,7 +1297,7 @@ static status_t query_sa(private_kernel_netlink_ipsec_t *this, host_t *src, break; } } - + if (sa == NULL) { DBG2(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi)); @@ -1305,7 +1305,7 @@ static status_t query_sa(private_kernel_netlink_ipsec_t *this, host_t *src, return FAILED; } *bytes = sa->curlft.bytes; - + free(out); return SUCCESS; } @@ -1319,28 +1319,28 @@ static status_t del_sa(private_kernel_netlink_ipsec_t *this, host_t *src, netlink_buf_t request; struct nlmsghdr *hdr; struct xfrm_usersa_id *sa_id; - + /* if IPComp was used, we first delete the additional IPComp SA */ if (cpi) { del_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, 0); } - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x", ntohl(spi)); - + hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; hdr->nlmsg_type = XFRM_MSG_DELSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id)); - + sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr); host2xfrm(dst, &sa_id->daddr); sa_id->spi = spi; sa_id->proto = proto_ike2kernel(protocol); sa_id->family = dst->get_family(dst); - + if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) { DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x", ntohl(spi)); @@ -1370,30 +1370,30 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, struct xfrm_encap_tmpl* tmpl = NULL; bool got_replay_state = FALSE; struct xfrm_replay_state replay; - + /* if IPComp is used, we first update the IPComp SA */ if (cpi) { update_sa(this, htonl(ntohs(cpi)), IPPROTO_COMP, 0, src, dst, new_src, new_dst, FALSE, FALSE); } - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "querying SAD entry with SPI %.8x for update", ntohl(spi)); - + /* query the existing SA first */ hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST; hdr->nlmsg_type = XFRM_MSG_GETSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id)); - + sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr); host2xfrm(dst, &sa_id->daddr); sa_id->spi = spi; sa_id->proto = proto_ike2kernel(protocol); sa_id->family = dst->get_family(dst); - + if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS) { hdr = out; @@ -1428,13 +1428,13 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, free(out); return FAILED; } - + /* try to get the replay state */ if (get_replay_state(this, spi, protocol, dst, &replay) == SUCCESS) { got_replay_state = TRUE; } - + /* delete the old SA (without affecting the IPComp SA) */ if (del_sa(this, src, dst, spi, protocol, 0) != SUCCESS) { @@ -1442,18 +1442,18 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, free(out); return FAILED; } - + DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H", ntohl(spi), src, dst, new_src, new_dst); /* copy over the SA from out to request */ hdr = (struct nlmsghdr*)request; memcpy(hdr, out, min(out->nlmsg_len, sizeof(request))); - hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; + hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; hdr->nlmsg_type = XFRM_MSG_NEWSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info)); sa = NLMSG_DATA(hdr); sa->family = new_dst->get_family(new_dst); - + if (!src->ip_equals(src, new_src)) { host2xfrm(new_src, &sa->saddr); @@ -1462,7 +1462,7 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, { host2xfrm(new_dst, &sa->id.daddr); } - + rta = XFRM_RTA(out, struct xfrm_usersa_info); rtasize = XFRM_PAYLOAD(out, struct xfrm_usersa_info); pos = (u_char*)XFRM_RTA(hdr, struct xfrm_usersa_info); @@ -1476,47 +1476,47 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, tmpl = (struct xfrm_encap_tmpl*)RTA_DATA(rta); tmpl->encap_sport = ntohs(new_src->get_port(new_src)); tmpl->encap_dport = ntohs(new_dst->get_port(new_dst)); - } + } memcpy(pos, rta, rta->rta_len); pos += RTA_ALIGN(rta->rta_len); hdr->nlmsg_len += RTA_ALIGN(rta->rta_len); } rta = RTA_NEXT(rta, rtasize); } - + rta = (struct rtattr*)pos; if (tmpl == NULL && new_encap) { /* add tmpl if we are enabling it */ rta->rta_type = XFRMA_ENCAP; rta->rta_len = RTA_LENGTH(sizeof(struct xfrm_encap_tmpl)); - + hdr->nlmsg_len += rta->rta_len; if (hdr->nlmsg_len > sizeof(request)) { return FAILED; } - + tmpl = (struct xfrm_encap_tmpl*)RTA_DATA(rta); tmpl->encap_type = UDP_ENCAP_ESPINUDP; tmpl->encap_sport = ntohs(new_src->get_port(new_src)); tmpl->encap_dport = ntohs(new_dst->get_port(new_dst)); memset(&tmpl->encap_oa, 0, sizeof (xfrm_address_t)); - + rta = XFRM_RTA_NEXT(rta); } - + if (got_replay_state) { /* copy the replay data if available */ rta->rta_type = XFRMA_REPLAY_VAL; rta->rta_len = RTA_LENGTH(sizeof(struct xfrm_replay_state)); - + hdr->nlmsg_len += rta->rta_len; if (hdr->nlmsg_len > sizeof(request)) { return FAILED; } memcpy(RTA_DATA(rta), &replay, sizeof(replay)); - + rta = XFRM_RTA_NEXT(rta); } @@ -1527,14 +1527,14 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, return FAILED; } free(out); - + return SUCCESS; } /** * Implementation of kernel_interface_t.add_policy. */ -static status_t add_policy(private_kernel_netlink_ipsec_t *this, +static status_t add_policy(private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, @@ -1548,13 +1548,13 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, netlink_buf_t request; struct xfrm_userpolicy_info *policy_info; struct nlmsghdr *hdr; - + /* create a policy */ policy = malloc_thing(policy_entry_t); memset(policy, 0, sizeof(policy_entry_t)); policy->sel = ts2selector(src_ts, dst_ts); policy->direction = direction; - + /* find the policy, which matches EXACTLY */ this->mutex->lock(this->mutex); current = this->policies->get(this->policies, policy); @@ -1574,10 +1574,10 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, this->policies->put(this->policies, policy, policy); policy->refcount = 1; } - + DBG2(DBG_KNL, "adding policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - + memset(&request, 0, sizeof(request)); hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; @@ -1595,7 +1595,7 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, policy_info->action = XFRM_POLICY_ALLOW; policy_info->share = XFRM_SHARE_ANY; this->mutex->unlock(this->mutex); - + /* policies don't expire */ policy_info->lft.soft_byte_limit = XFRM_INF; policy_info->lft.soft_packet_limit = XFRM_INF; @@ -1605,19 +1605,19 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, policy_info->lft.hard_add_expires_seconds = 0; policy_info->lft.soft_use_expires_seconds = 0; policy_info->lft.hard_use_expires_seconds = 0; - + struct rtattr *rthdr = XFRM_RTA(hdr, struct xfrm_userpolicy_info); rthdr->rta_type = XFRMA_TMPL; rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_user_tmpl)); - + hdr->nlmsg_len += rthdr->rta_len; if (hdr->nlmsg_len > sizeof(request)) { return FAILED; } - + struct xfrm_user_tmpl *tmpl = (struct xfrm_user_tmpl*)RTA_DATA(rthdr); - + if (ipcomp != IPCOMP_NONE) { tmpl->reqid = reqid; @@ -1626,10 +1626,10 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, tmpl->mode = mode2kernel(mode); tmpl->optional = direction != POLICY_OUT; tmpl->family = src->get_family(src); - + host2xfrm(src, &tmpl->saddr); host2xfrm(dst, &tmpl->id.daddr); - + /* add an additional xfrm_user_tmpl */ rthdr->rta_len += RTA_LENGTH(sizeof(struct xfrm_user_tmpl)); hdr->nlmsg_len += RTA_LENGTH(sizeof(struct xfrm_user_tmpl)); @@ -1637,26 +1637,26 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, { return FAILED; } - + tmpl++; } - + tmpl->reqid = reqid; tmpl->id.proto = proto_ike2kernel(protocol); tmpl->aalgos = tmpl->ealgos = tmpl->calgos = ~0; tmpl->mode = mode2kernel(mode); tmpl->family = src->get_family(src); - + host2xfrm(src, &tmpl->saddr); host2xfrm(dst, &tmpl->id.daddr); - + if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) { DBG1(DBG_KNL, "unable to add policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); return FAILED; } - + /* install a route, if: * - we are NOT updating a policy * - this is a forward policy (to just get one for each child) @@ -1669,7 +1669,7 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, this->install_routes) { route_entry_t *route = malloc_thing(route_entry_t); - + if (charon->kernel_interface->get_address_by_ts(charon->kernel_interface, dst_ts, &route->src_ip) == SUCCESS) { @@ -1681,9 +1681,9 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, route->dst_net = chunk_alloc(policy->sel.family == AF_INET ? 4 : 16); memcpy(route->dst_net.ptr, &policy->sel.saddr, route->dst_net.len); route->prefixlen = policy->sel.prefixlen_s; - + if (route->if_name) - { + { switch (charon->kernel_interface->add_route( charon->kernel_interface, route->dst_net, route->prefixlen, route->gateway, @@ -1720,7 +1720,7 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, * Implementation of kernel_interface_t.query_policy. */ static status_t query_policy(private_kernel_netlink_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time) { @@ -1729,9 +1729,9 @@ static status_t query_policy(private_kernel_netlink_ipsec_t *this, struct xfrm_userpolicy_id *policy_id; struct xfrm_userpolicy_info *policy = NULL; size_t len; - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "querying policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); @@ -1743,7 +1743,7 @@ static status_t query_policy(private_kernel_netlink_ipsec_t *this, policy_id = (struct xfrm_userpolicy_id*)NLMSG_DATA(hdr); policy_id->sel = ts2selector(src_ts, dst_ts); policy_id->dir = direction; - + if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS) { hdr = out; @@ -1772,7 +1772,7 @@ static status_t query_policy(private_kernel_netlink_ipsec_t *this, break; } } - + if (policy == NULL) { DBG2(DBG_KNL, "unable to query policy %R === %R %N", src_ts, dst_ts, @@ -1780,7 +1780,7 @@ static status_t query_policy(private_kernel_netlink_ipsec_t *this, free(out); return FAILED; } - + if (policy->curlft.use_time) { /* we need the monotonic time, but the kernel returns system time. */ @@ -1790,7 +1790,7 @@ static status_t query_policy(private_kernel_netlink_ipsec_t *this, { *use_time = 0; } - + free(out); return SUCCESS; } @@ -1799,7 +1799,7 @@ static status_t query_policy(private_kernel_netlink_ipsec_t *this, * Implementation of kernel_interface_t.del_policy. */ static status_t del_policy(private_kernel_netlink_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted) { @@ -1808,15 +1808,15 @@ static status_t del_policy(private_kernel_netlink_ipsec_t *this, netlink_buf_t request; struct nlmsghdr *hdr; struct xfrm_userpolicy_id *policy_id; - + DBG2(DBG_KNL, "deleting policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - + /* create a policy */ memset(&policy, 0, sizeof(policy_entry_t)); policy.sel = ts2selector(src_ts, dst_ts); policy.direction = direction; - + /* find the policy */ this->mutex->lock(this->mutex); current = this->policies->get(this->policies, &policy); @@ -1840,9 +1840,9 @@ static status_t del_policy(private_kernel_netlink_ipsec_t *this, dst_ts, policy_dir_names, direction); return NOT_FOUND; } - + memset(&request, 0, sizeof(request)); - + hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; hdr->nlmsg_type = XFRM_MSG_DELPOLICY; @@ -1851,10 +1851,10 @@ static status_t del_policy(private_kernel_netlink_ipsec_t *this, policy_id = (struct xfrm_userpolicy_id*)NLMSG_DATA(hdr); policy_id->sel = to_delete->sel; policy_id->dir = direction; - + route = to_delete->route; free(to_delete); - + if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) { DBG1(DBG_KNL, "unable to delete policy %R === %R %N", src_ts, dst_ts, @@ -1871,7 +1871,7 @@ static status_t del_policy(private_kernel_netlink_ipsec_t *this, DBG1(DBG_KNL, "error uninstalling route installed with " "policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - } + } route_entry_destroy(route); } return SUCCESS; @@ -1884,7 +1884,7 @@ static void destroy(private_kernel_netlink_ipsec_t *this) { enumerator_t *enumerator; policy_entry_t *policy; - + this->job->cancel(this->job); close(this->socket_xfrm_events); this->socket_xfrm->destroy(this->socket_xfrm); @@ -1907,7 +1907,7 @@ static bool add_bypass_policies() int fd, family, port; enumerator_t *sockets; bool status = TRUE; - + /* we open an AF_KEY socket to autoload the af_key module. Otherwise * setsockopt(IPSEC_POLICY) won't work. */ fd = socket(AF_KEY, SOCK_RAW, PF_KEY_V2); @@ -1917,13 +1917,13 @@ static bool add_bypass_policies() return FALSE; } close(fd); - + sockets = charon->socket->create_enumerator(charon->socket); while (sockets->enumerate(sockets, &fd, &family, &port)) { struct sadb_x_policy policy; u_int sol, ipsec_policy; - + switch (family) { case AF_INET: @@ -1937,12 +1937,12 @@ static bool add_bypass_policies() default: continue; } - + memset(&policy, 0, sizeof(policy)); policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t); policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY; policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS; - + policy.sadb_x_policy_dir = IPSEC_DIR_OUTBOUND; if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0) { @@ -1954,7 +1954,7 @@ static bool add_bypass_policies() policy.sadb_x_policy_dir = IPSEC_DIR_INBOUND; if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0) { - DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s", + DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s", strerror(errno)); status = FALSE; break; @@ -1972,7 +1972,7 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() private_kernel_netlink_ipsec_t *this = malloc_thing(private_kernel_netlink_ipsec_t); struct sockaddr_nl addr; int fd; - + /* public functions */ this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi; this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi; @@ -1991,7 +1991,7 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); this->install_routes = lib->settings->get_bool(lib->settings, "charon.install_routes", TRUE); - + /* disable lifetimes for allocated SPIs in kernel */ fd = open("/proc/sys/net/core/xfrm_acq_expires", O_WRONLY); if (fd) @@ -1999,18 +1999,18 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() ignore_result(write(fd, "0", 1)); close(fd); } - + /* add bypass policies on the sockets used by charon */ if (!add_bypass_policies()) { charon->kill(charon, "unable to add bypass policies on sockets"); } - + this->socket_xfrm = netlink_socket_create(NETLINK_XFRM); - + memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; - + /* create and bind XFRM socket for ACQUIRE, EXPIRE, MIGRATE & MAPPING */ this->socket_xfrm_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM); if (this->socket_xfrm_events <= 0) @@ -2023,10 +2023,10 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() { charon->kill(charon, "unable to bind XFRM event socket"); } - + this->job = callback_job_create((callback_job_cb_t)receive_events, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public; } diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_net.c b/src/charon/plugins/kernel_netlink/kernel_netlink_net.c index 068860797..4b2a05f8f 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_net.c +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_net.c @@ -48,16 +48,16 @@ typedef struct addr_entry_t addr_entry_t; * IP address in an inface_entry_t */ struct addr_entry_t { - + /** The ip address */ host_t *ip; - + /** virtual IP managed by us */ bool virtual; - + /** scope of the address */ u_char scope; - + /** Number of times this IP is used, if virtual */ u_int refcount; }; @@ -77,16 +77,16 @@ typedef struct iface_entry_t iface_entry_t; * A network interface on this system, containing addr_entry_t's */ struct iface_entry_t { - + /** interface index */ int ifindex; - + /** name of the interface */ char ifname[IFNAMSIZ]; - + /** interface flags, as in netdevice(7) SIOCGIFFLAGS */ u_int flags; - + /** list of addresses as host_t */ linked_list_t *addrs; }; @@ -110,57 +110,57 @@ struct private_kernel_netlink_net_t { * Public part of the kernel_netlink_net_t object. */ kernel_netlink_net_t public; - + /** * mutex to lock access to various lists */ mutex_t *mutex; - + /** * condition variable to signal virtual IP add/removal */ condvar_t *condvar; - + /** * Cached list of interfaces and its addresses (iface_entry_t) */ linked_list_t *ifaces; - + /** * job receiving netlink events */ callback_job_t *job; - + /** * netlink rt socket (routing) */ netlink_socket_t *socket; - + /** * Netlink rt socket to receive address change events */ int socket_events; - + /** * time of the last roam_job */ timeval_t last_roam; - + /** * routing table to install routes */ int routing_table; - + /** * priority of used routing table */ int routing_table_prio; - + /** * whether to react to RTM_NEWROUTE or RTM_DELROUTE events */ bool process_route; - + /** * whether to actually install virtual IPs */ @@ -176,7 +176,7 @@ static int get_vip_refcount(private_kernel_netlink_net_t *this, host_t* ip) iface_entry_t *iface; addr_entry_t *addr; int refcount = 0; - + ifaces = this->ifaces->create_iterator(this->ifaces, TRUE); while (ifaces->iterate(ifaces, (void**)&iface)) { @@ -197,7 +197,7 @@ static int get_vip_refcount(private_kernel_netlink_net_t *this, host_t* ip) } } ifaces->destroy(ifaces); - + return refcount; } @@ -208,7 +208,7 @@ static int get_vip_refcount(private_kernel_netlink_net_t *this, host_t* ip) static void fire_roam_job(private_kernel_netlink_net_t *this, bool address) { timeval_t now; - + time_monotonic(&now); if (timercmp(&now, &this->last_roam, >)) { @@ -237,7 +237,7 @@ static void process_link(private_kernel_netlink_net_t *this, iface_entry_t *current, *entry = NULL; char *name = NULL; bool update = FALSE; - + while(RTA_OK(rta, rtasize)) { switch (rta->rta_type) @@ -252,7 +252,7 @@ static void process_link(private_kernel_netlink_net_t *this, { name = "(unknown)"; } - + this->mutex->lock(this->mutex); switch (hdr->nlmsg_type) { @@ -305,7 +305,7 @@ static void process_link(private_kernel_netlink_net_t *this, { if (current->ifindex == msg->ifi_index) { - /* we do not remove it, as an address may be added to a + /* we do not remove it, as an address may be added to a * "down" interface and we wan't to know that. */ current->flags = msg->ifi_flags; break; @@ -316,7 +316,7 @@ static void process_link(private_kernel_netlink_net_t *this, } } this->mutex->unlock(this->mutex); - + /* send an update to all IKE_SAs */ if (update && event) { @@ -339,7 +339,7 @@ static void process_addr(private_kernel_netlink_net_t *this, addr_entry_t *addr; chunk_t local = chunk_empty, address = chunk_empty; bool update = FALSE, found = FALSE, changed = FALSE; - + while(RTA_OK(rta, rtasize)) { switch (rta->rta_type) @@ -355,7 +355,7 @@ static void process_addr(private_kernel_netlink_net_t *this, } rta = RTA_NEXT(rta, rtasize); } - + /* For PPP interfaces, we need the IFA_LOCAL address, * IFA_ADDRESS is the peers address. But IFA_LOCAL is * not included in all cases (IPv6?), so fallback to IFA_ADDRESS. */ @@ -367,12 +367,12 @@ static void process_addr(private_kernel_netlink_net_t *this, { host = host_create_from_chunk(msg->ifa_family, address, 0); } - + if (host == NULL) { /* bad family? */ return; } - + this->mutex->lock(this->mutex); ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) @@ -403,7 +403,7 @@ static void process_addr(private_kernel_netlink_net_t *this, } } addrs->destroy(addrs); - + if (hdr->nlmsg_type == RTM_NEWADDR) { if (!found) @@ -415,7 +415,7 @@ static void process_addr(private_kernel_netlink_net_t *this, addr->virtual = FALSE; addr->refcount = 1; addr->scope = msg->ifa_scope; - + iface->addrs->insert_last(iface->addrs, addr); if (event) { @@ -433,7 +433,7 @@ static void process_addr(private_kernel_netlink_net_t *this, ifaces->destroy(ifaces); this->mutex->unlock(this->mutex); host->destroy(host); - + /* send an update to all IKE_SAs */ if (update && event && changed) { @@ -450,13 +450,13 @@ static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *h struct rtattr *rta = RTM_RTA(msg); size_t rtasize = RTM_PAYLOAD(hdr); host_t *host = NULL; - + /* ignore routes added by us */ if (msg->rtm_table && msg->rtm_table == this->routing_table) { return; } - + while (RTA_OK(rta, rtasize)) { switch (rta->rta_type) @@ -491,11 +491,11 @@ static job_requeue_t receive_events(private_kernel_netlink_net_t *this) socklen_t addr_len = sizeof(addr); int len, oldstate; - pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); len = recvfrom(this->socket_events, response, sizeof(response), 0, (struct sockaddr*)&addr, &addr_len); pthread_setcancelstate(oldstate, NULL); - + if (len < 0) { switch (errno) @@ -512,12 +512,12 @@ static job_requeue_t receive_events(private_kernel_netlink_net_t *this) return JOB_REQUEUE_FAIR; } } - + if (addr.nl_pid != 0) { /* not from kernel. not interested, try another one */ return JOB_REQUEUE_DIRECT; } - + while (NLMSG_OK(hdr, len)) { /* looks good so far, dispatch netlink message */ @@ -553,7 +553,7 @@ typedef struct { private_kernel_netlink_net_t* this; /** whether to enumerate down interfaces */ bool include_down_ifaces; - /** whether to enumerate virtual ip addresses */ + /** whether to enumerate virtual ip addresses */ bool include_virtual_ips; } address_enumerator_t; @@ -615,7 +615,7 @@ static enumerator_t *create_address_enumerator(private_kernel_netlink_net_t *thi data->this = this; data->include_down_ifaces = include_down_ifaces; data->include_virtual_ips = include_virtual_ips; - + this->mutex->lock(this->mutex); return enumerator_create_nested( enumerator_create_filter(this->ifaces->create_enumerator(this->ifaces), @@ -632,9 +632,9 @@ static char *get_interface_name(private_kernel_netlink_net_t *this, host_t* ip) iface_entry_t *iface; addr_entry_t *addr; char *name = NULL; - + DBG2(DBG_KNL, "getting interface name for %H", ip); - + this->mutex->lock(this->mutex); ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) @@ -656,7 +656,7 @@ static char *get_interface_name(private_kernel_netlink_net_t *this, host_t* ip) } ifaces->destroy(ifaces); this->mutex->unlock(this->mutex); - + if (name) { DBG2(DBG_KNL, "%H is on interface %s", ip, name); @@ -676,9 +676,9 @@ static int get_interface_index(private_kernel_netlink_net_t *this, char* name) enumerator_t *ifaces; iface_entry_t *iface; int ifindex = 0; - + DBG2(DBG_KNL, "getting iface index for %s", name); - + this->mutex->lock(this->mutex); ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) @@ -708,7 +708,7 @@ static bool is_interface_up(private_kernel_netlink_net_t *this, int index) iface_entry_t *iface; /* default to TRUE for interface we do not monitor (e.g. lo) */ bool up = TRUE; - + ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) { @@ -729,7 +729,7 @@ static bool addr_in_subnet(chunk_t addr, chunk_t net, int net_len) { static const u_char mask[] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe }; int byte = 0; - + if (net_len == 0) { /* any address matches a /0 network */ return TRUE; @@ -771,9 +771,9 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, size_t len; int best = -1; host_t *src = NULL, *gtw = NULL; - + DBG2(DBG_KNL, "getting address to reach %H", dest); - + memset(&request, 0, sizeof(request)); hdr = (struct nlmsghdr*)request; @@ -790,7 +790,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, } chunk = dest->get_address(dest); netlink_add_attribute(hdr, RTA_DST, chunk, sizeof(request)); - + if (this->socket->send(this->socket, hdr, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "getting address to %H failed", dest); @@ -811,7 +811,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, chunk_t rta_gtw, rta_src, rta_dst; u_int32_t rta_oif = 0; host_t *new_src, *new_gtw; - + rta_gtw = rta_src = rta_dst = chunk_empty; msg = (struct rtmsg*)(NLMSG_DATA(current)); rta = RTM_RTA(msg); @@ -855,7 +855,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, { /* route destination does not contain dest */ goto next; } - + if (nexthop) { /* nexthop lookup, return gateway */ @@ -907,7 +907,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, } free(out); this->mutex->unlock(this->mutex); - + if (nexthop) { if (gtw) @@ -947,23 +947,23 @@ static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type struct nlmsghdr *hdr; struct ifaddrmsg *msg; chunk_t chunk; - + memset(&request, 0, sizeof(request)); - + chunk = ip->get_address(ip); - + hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; - hdr->nlmsg_type = nlmsg_type; + hdr->nlmsg_type = nlmsg_type; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct ifaddrmsg)); - + msg = (struct ifaddrmsg*)NLMSG_DATA(hdr); msg->ifa_family = ip->get_family(ip); msg->ifa_flags = 0; msg->ifa_prefixlen = 8 * chunk.len; msg->ifa_scope = RT_SCOPE_UNIVERSE; msg->ifa_index = if_index; - + netlink_add_attribute(hdr, IFA_LOCAL, chunk, sizeof(request)); return this->socket->send_ack(this->socket, hdr); @@ -972,27 +972,27 @@ static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type /** * Implementation of kernel_net_t.add_ip. */ -static status_t add_ip(private_kernel_netlink_net_t *this, +static status_t add_ip(private_kernel_netlink_net_t *this, host_t *virtual_ip, host_t *iface_ip) { iface_entry_t *iface; addr_entry_t *addr; enumerator_t *addrs, *ifaces; int ifindex; - + if (!this->install_virtual_ip) { /* disabled by config */ return SUCCESS; } - + DBG2(DBG_KNL, "adding virtual IP %H", virtual_ip); - + this->mutex->lock(this->mutex); ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) { bool iface_found = FALSE; - + addrs = iface->addrs->create_enumerator(iface->addrs); while (addrs->enumerate(addrs, &addr)) { @@ -1012,7 +1012,7 @@ static status_t add_ip(private_kernel_netlink_net_t *this, } } addrs->destroy(addrs); - + if (iface_found) { ifindex = iface->ifindex; @@ -1022,7 +1022,7 @@ static status_t add_ip(private_kernel_netlink_net_t *this, addr->virtual = TRUE; addr->scope = RT_SCOPE_UNIVERSE; iface->addrs->insert_last(iface->addrs, addr); - + if (manage_ipaddr(this, RTM_NEWADDR, NLM_F_CREATE | NLM_F_EXCL, ifindex, virtual_ip) == SUCCESS) { @@ -1042,7 +1042,7 @@ static status_t add_ip(private_kernel_netlink_net_t *this, } ifaces->destroy(ifaces); this->mutex->unlock(this->mutex); - + DBG1(DBG_KNL, "interface address %H not found, unable to install" "virtual IP %H", iface_ip, virtual_ip); return FAILED; @@ -1058,14 +1058,14 @@ static status_t del_ip(private_kernel_netlink_net_t *this, host_t *virtual_ip) enumerator_t *addrs, *ifaces; status_t status; int ifindex; - + if (!this->install_virtual_ip) { /* disabled by config */ return SUCCESS; } - + DBG2(DBG_KNL, "deleting virtual IP %H", virtual_ip); - + this->mutex->lock(this->mutex); ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) @@ -1108,7 +1108,7 @@ static status_t del_ip(private_kernel_netlink_net_t *this, host_t *virtual_ip) } ifaces->destroy(ifaces); this->mutex->unlock(this->mutex); - + DBG2(DBG_KNL, "virtual IP %H not cached, unable to delete", virtual_ip); return FAILED; } @@ -1135,11 +1135,11 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, int nlmsg_ty chunk_t half_net; u_int8_t half_prefixlen; status_t status; - + half_net = chunk_alloca(dst_net.len); memset(half_net.ptr, 0, half_net.len); half_prefixlen = 1; - + status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen, gateway, src_ip, if_name); half_net.ptr[0] |= 0x80; @@ -1147,7 +1147,7 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, int nlmsg_ty gateway, src_ip, if_name); return status; } - + memset(&request, 0, sizeof(request)); hdr = (struct nlmsghdr*)request; @@ -1162,7 +1162,7 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, int nlmsg_ty msg->rtm_protocol = RTPROT_STATIC; msg->rtm_type = RTN_UNICAST; msg->rtm_scope = RT_SCOPE_UNIVERSE; - + netlink_add_attribute(hdr, RTA_DST, dst_net, sizeof(request)); chunk = src_ip->get_address(src_ip); netlink_add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request)); @@ -1185,7 +1185,7 @@ static status_t add_route(private_kernel_netlink_net_t *this, chunk_t dst_net, return manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL, dst_net, prefixlen, gateway, src_ip, if_name); } - + /** * Implementation of kernel_net_t.del_route. */ @@ -1208,9 +1208,9 @@ static status_t init_address_list(private_kernel_netlink_net_t *this) enumerator_t *ifaces, *addrs; iface_entry_t *iface; addr_entry_t *addr; - + DBG1(DBG_KNL, "listening on interfaces:"); - + memset(&request, 0, sizeof(request)); in = (struct nlmsghdr*)&request; @@ -1218,7 +1218,7 @@ static status_t init_address_list(private_kernel_netlink_net_t *this) in->nlmsg_flags = NLM_F_REQUEST | NLM_F_MATCH | NLM_F_ROOT; msg = (struct rtgenmsg*)NLMSG_DATA(in); msg->rtgen_family = AF_UNSPEC; - + /* get all links */ in->nlmsg_type = RTM_GETLINK; if (this->socket->send(this->socket, in, &out, &len) != SUCCESS) @@ -1242,7 +1242,7 @@ static status_t init_address_list(private_kernel_netlink_net_t *this) break; } free(out); - + /* get all interface addresses */ in->nlmsg_type = RTM_GETADDR; if (this->socket->send(this->socket, in, &out, &len) != SUCCESS) @@ -1266,7 +1266,7 @@ static status_t init_address_list(private_kernel_netlink_net_t *this) break; } free(out); - + this->mutex->lock(this->mutex); ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) @@ -1298,10 +1298,10 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type, struct rtmsg *msg; chunk_t chunk; - memset(&request, 0, sizeof(request)); + memset(&request, 0, sizeof(request)); hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; - hdr->nlmsg_type = nlmsg_type; + hdr->nlmsg_type = nlmsg_type; if (nlmsg_type == RTM_NEWRULE) { hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_EXCL; @@ -1348,7 +1348,7 @@ kernel_netlink_net_t *kernel_netlink_net_create() { private_kernel_netlink_net_t *this = malloc_thing(private_kernel_netlink_net_t); struct sockaddr_nl addr; - + /* public functions */ this->public.interface.get_interface = (char*(*)(kernel_net_t*,host_t*))get_interface_name; this->public.interface.create_address_enumerator = (enumerator_t*(*)(kernel_net_t*,bool,bool))create_address_enumerator; @@ -1373,34 +1373,34 @@ kernel_netlink_net_t *kernel_netlink_net_create() "charon.process_route", TRUE); this->install_virtual_ip = lib->settings->get_bool(lib->settings, "charon.install_virtual_ip", TRUE); - + this->socket = netlink_socket_create(NETLINK_ROUTE); - + memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; - + /* create and bind RT socket for events (address/interface/route changes) */ this->socket_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); if (this->socket_events <= 0) { charon->kill(charon, "unable to create RT event socket"); } - addr.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR | + addr.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_ROUTE | RTMGRP_IPV4_ROUTE | RTMGRP_LINK; if (bind(this->socket_events, (struct sockaddr*)&addr, sizeof(addr))) { charon->kill(charon, "unable to bind RT event socket"); } - + this->job = callback_job_create((callback_job_cb_t)receive_events, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + if (init_address_list(this) != SUCCESS) { charon->kill(charon, "unable to get interface list"); } - + if (this->routing_table) { if (manage_rule(this, RTM_NEWRULE, this->routing_table, @@ -1409,6 +1409,6 @@ kernel_netlink_net_t *kernel_netlink_net_create() DBG1(DBG_KNL, "unable to create routing table rule"); } } - + return &this->public; } diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.c b/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.c index 77005e871..cdf20f14a 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.c +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.c @@ -49,11 +49,11 @@ static void destroy(private_kernel_netlink_plugin_t *this) plugin_t *plugin_create() { private_kernel_netlink_plugin_t *this = malloc_thing(private_kernel_netlink_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->kernel_interface->add_ipsec_interface(charon->kernel_interface, (kernel_ipsec_constructor_t)kernel_netlink_ipsec_create); charon->kernel_interface->add_net_interface(charon->kernel_interface, (kernel_net_constructor_t)kernel_netlink_net_create); - + return &this->public.plugin; } diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c index ec1187083..3d8ca8807 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c @@ -34,7 +34,7 @@ struct private_netlink_socket_t { * public part of the netlink_socket_t object. */ netlink_socket_t public; - + /** * mutex to lock access to netlink socket */ @@ -46,12 +46,12 @@ struct private_netlink_socket_t { int seq; /** - * netlink socket protocol + * netlink socket protocol */ int protocol; /** - * netlink socket + * netlink socket */ int socket; }; @@ -71,12 +71,12 @@ static status_t netlink_send(private_netlink_socket_t *this, struct nlmsghdr *in struct sockaddr_nl addr; chunk_t result = chunk_empty, tmp; struct nlmsghdr *msg, peek; - + this->mutex->lock(this->mutex); - + in->nlmsg_seq = ++this->seq; in->nlmsg_pid = getpid(); - + memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; addr.nl_pid = 0; @@ -91,11 +91,11 @@ static status_t netlink_send(private_netlink_socket_t *this, struct nlmsghdr *in while (TRUE) { - len = sendto(this->socket, in, in->nlmsg_len, 0, + len = sendto(this->socket, in, in->nlmsg_len, 0, (struct sockaddr*)&addr, sizeof(addr)); - + if (len != in->nlmsg_len) - { + { if (errno == EINTR) { /* interrupted, try again */ @@ -107,23 +107,23 @@ static status_t netlink_send(private_netlink_socket_t *this, struct nlmsghdr *in } break; } - + while (TRUE) - { + { char buf[4096]; tmp.len = sizeof(buf); tmp.ptr = buf; msg = (struct nlmsghdr*)tmp.ptr; - + memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; addr.nl_pid = getpid(); addr.nl_groups = 0; addr_len = sizeof(addr); - + len = recvfrom(this->socket, tmp.ptr, tmp.len, 0, (struct sockaddr*)&addr, &addr_len); - + if (len < 0) { if (errno == EINTR) @@ -155,17 +155,17 @@ static status_t netlink_send(private_netlink_socket_t *this, struct nlmsghdr *in free(result.ptr); return FAILED; } - + tmp.len = len; result.ptr = realloc(result.ptr, result.len + tmp.len); memcpy(result.ptr + result.len, tmp.ptr, tmp.len); result.len += tmp.len; - + /* NLM_F_MULTI flag does not seem to be set correctly, we use sequence * numbers to detect multi header messages */ len = recvfrom(this->socket, &peek, sizeof(peek), MSG_PEEK | MSG_DONTWAIT, (struct sockaddr*)&addr, &addr_len); - + if (len == sizeof(peek) && peek.nlmsg_seq == this->seq) { /* seems to be multipart */ @@ -173,12 +173,12 @@ static status_t netlink_send(private_netlink_socket_t *this, struct nlmsghdr *in } break; } - + *out_len = result.len; *out = (struct nlmsghdr*)result.ptr; - + this->mutex->unlock(this->mutex); - + return SUCCESS; } @@ -202,7 +202,7 @@ static status_t netlink_send_ack(private_netlink_socket_t *this, struct nlmsghdr case NLMSG_ERROR: { struct nlmsgerr* err = (struct nlmsgerr*)NLMSG_DATA(hdr); - + if (err->error) { if (-err->error == EEXIST) @@ -247,7 +247,7 @@ static void destroy(private_netlink_socket_t *this) netlink_socket_t *netlink_socket_create(int protocol) { private_netlink_socket_t *this = malloc_thing(private_netlink_socket_t); struct sockaddr_nl addr; - + /* public functions */ this->public.send = (status_t(*)(netlink_socket_t*,struct nlmsghdr*, struct nlmsghdr**, size_t*))netlink_send; this->public.send_ack = (status_t(*)(netlink_socket_t*,struct nlmsghdr*))netlink_send_ack; @@ -256,23 +256,23 @@ netlink_socket_t *netlink_socket_create(int protocol) { /* private members */ this->seq = 200; this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - + memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; - + this->protocol = protocol; this->socket = socket(AF_NETLINK, SOCK_RAW, protocol); if (this->socket <= 0) { charon->kill(charon, "unable to create netlink socket"); } - + addr.nl_groups = 0; if (bind(this->socket, (struct sockaddr*)&addr, sizeof(addr))) { charon->kill(charon, "unable to bind netlink socket"); } - + return &this->public; } @@ -283,13 +283,13 @@ void netlink_add_attribute(struct nlmsghdr *hdr, int rta_type, chunk_t data, size_t buflen) { struct rtattr *rta; - + if (NLMSG_ALIGN(hdr->nlmsg_len) + RTA_ALIGN(data.len) > buflen) { DBG1(DBG_KNL, "unable to add attribute, buffer too small"); return; } - + rta = (struct rtattr*)(((char*)hdr) + NLMSG_ALIGN(hdr->nlmsg_len)); rta->rta_type = rta_type; rta->rta_len = RTA_LENGTH(data.len); diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.h b/src/charon/plugins/kernel_netlink/kernel_netlink_shared.h index 5a70e4d9b..dfd27a21a 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.h +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_shared.h @@ -37,20 +37,20 @@ struct netlink_socket_t { /** * Send a netlink message and wait for a reply. - * + * * @param in netlink message to send * @param out received netlink message * @param out_len length of the received message */ status_t (*send)(netlink_socket_t *this, struct nlmsghdr *in, struct nlmsghdr **out, size_t *out_len); - + /** * Send a netlink message and wait for its acknowledge. - * + * * @param in netlink message to send */ status_t (*send_ack)(netlink_socket_t *this, struct nlmsghdr *in); - + /** * Destroy the socket. */ @@ -59,14 +59,14 @@ struct netlink_socket_t { /** * Create a netlink_socket_t object. - * + * * @param protocol protocol type (e.g. NETLINK_XFRM or NETLINK_ROUTE) */ netlink_socket_t *netlink_socket_create(int protocol); /** * Creates an rtattr and adds it to the given netlink message. - * + * * @param hdr netlink message * @param rta_type type of the rtattr * @param data data to add to the rtattr diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 002e1bee8..57e3a92e3 100644 --- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -151,42 +151,42 @@ struct private_kernel_pfkey_ipsec_t * Public part of the kernel_pfkey_t object. */ kernel_pfkey_ipsec_t public; - + /** * mutex to lock access to various lists */ mutex_t *mutex; - + /** * List of installed policies (policy_entry_t) */ linked_list_t *policies; - + /** * whether to install routes along policies */ bool install_routes; - + /** * job receiving PF_KEY events */ callback_job_t *job; - + /** * mutex to lock access to the PF_KEY socket */ mutex_t *mutex_pfkey; - + /** * PF_KEY socket to communicate with the kernel */ int socket; - + /** * PF_KEY socket to receive acquire and expire events */ int socket_events; - + /** * sequence number for messages sent to the kernel */ @@ -201,10 +201,10 @@ typedef struct route_entry_t route_entry_t; struct route_entry_t { /** Name of the interface the route is bound to */ char *if_name; - + /** Source ip of the route */ host_t *src_ip; - + /** gateway for this route */ host_t *gateway; @@ -233,16 +233,16 @@ typedef struct policy_entry_t policy_entry_t; * installed kernel policy. */ struct policy_entry_t { - + /** reqid of this policy */ u_int32_t reqid; - + /** index assigned by the kernel */ u_int32_t index; - + /** direction of this policy: in, out, forward */ u_int8_t direction; - + /** parameters of installed policy */ struct { /** subnet and port */ @@ -252,10 +252,10 @@ struct policy_entry_t { /** protocol */ u_int8_t proto; } src, dst; - + /** associated route installed for this policy */ route_entry_t *route; - + /** by how many CHILD_SA's this policy is used */ u_int refcount; }; @@ -272,15 +272,15 @@ static policy_entry_t *create_policy_entry(traffic_selector_t *src_ts, policy->direction = dir; policy->route = NULL; policy->refcount = 0; - + src_ts->to_subnet(src_ts, &policy->src.net, &policy->src.mask); dst_ts->to_subnet(dst_ts, &policy->dst.net, &policy->dst.mask); - + /* src or dest proto may be "any" (0), use more restrictive one */ policy->src.proto = max(src_ts->get_protocol(src_ts), dst_ts->get_protocol(dst_ts)); policy->src.proto = policy->src.proto ? policy->src.proto : IPSEC_PROTO_ANY; policy->dst.proto = policy->src.proto; - + return policy; } @@ -328,7 +328,7 @@ struct pfkey_msg_t * PF_KEY message base */ struct sadb_msg *msg; - + /** * PF_KEY message extensions */ @@ -518,7 +518,7 @@ struct kernel_algorithm_t { * Identifier specified in IKEv2 */ int ikev2; - + /** * Identifier as defined in pfkeyv2.h */ @@ -652,19 +652,19 @@ static void add_encap_ext(struct sadb_msg *msg, host_t *src, host_t *dst) { struct sadb_x_nat_t_type* nat_type; struct sadb_x_nat_t_port* nat_port; - + nat_type = (struct sadb_x_nat_t_type*)PFKEY_EXT_ADD_NEXT(msg); nat_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; nat_type->sadb_x_nat_t_type_len = PFKEY_LEN(sizeof(struct sadb_x_nat_t_type)); nat_type->sadb_x_nat_t_type_type = UDP_ENCAP_ESPINUDP; PFKEY_EXT_ADD(msg, nat_type); - + nat_port = (struct sadb_x_nat_t_port*)PFKEY_EXT_ADD_NEXT(msg); nat_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT; nat_port->sadb_x_nat_t_port_len = PFKEY_LEN(sizeof(struct sadb_x_nat_t_port)); nat_port->sadb_x_nat_t_port_port = htons(src->get_port(src)); PFKEY_EXT_ADD(msg, nat_port); - + nat_port = (struct sadb_x_nat_t_port*)PFKEY_EXT_ADD_NEXT(msg); nat_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT; nat_port->sadb_x_nat_t_port_len = PFKEY_LEN(sizeof(struct sadb_x_nat_t_port)); @@ -697,15 +697,15 @@ static status_t parse_pfkey_message(struct sadb_msg *msg, pfkey_msg_t *out) { struct sadb_ext* ext; size_t len; - + memset(out, 0, sizeof(pfkey_msg_t)); out->msg = msg; - + len = msg->sadb_msg_len; len -= PFKEY_LEN(sizeof(struct sadb_msg)); - + ext = (struct sadb_ext*)(((char*)msg) + sizeof(struct sadb_msg)); - + while (len >= PFKEY_LEN(sizeof(struct sadb_ext))) { DBG3(DBG_KNL, " %N", sadb_ext_type_names, ext->sadb_ext_type); @@ -716,20 +716,20 @@ static status_t parse_pfkey_message(struct sadb_msg *msg, pfkey_msg_t *out) sadb_ext_type_names, ext->sadb_ext_type); break; } - + if ((ext->sadb_ext_type > SADB_EXT_MAX) || (!ext->sadb_ext_type)) { DBG1(DBG_KNL, "type of PF_KEY extension (%d) is invalid", ext->sadb_ext_type); break; } - + if (out->ext[ext->sadb_ext_type]) { DBG1(DBG_KNL, "duplicate %N extension", sadb_ext_type_names, ext->sadb_ext_type); break; } - + out->ext[ext->sadb_ext_type] = ext; ext = PFKEY_EXT_NEXT_LEN(ext, len); } @@ -739,7 +739,7 @@ static status_t parse_pfkey_message(struct sadb_msg *msg, pfkey_msg_t *out) DBG1(DBG_KNL, "PF_KEY message length is invalid"); return FAILED; } - + return SUCCESS; } @@ -752,7 +752,7 @@ static status_t pfkey_send_socket(private_kernel_pfkey_ipsec_t *this, int socket unsigned char buf[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg; int in_len, len; - + this->mutex_pfkey->lock(this->mutex_pfkey); /* FIXME: our usage of sequence numbers is probably wrong. check RFC 2367, @@ -779,13 +779,13 @@ static status_t pfkey_send_socket(private_kernel_pfkey_ipsec_t *this, int socket } break; } - + while (TRUE) { msg = (struct sadb_msg*)buf; - + len = recv(socket, buf, sizeof(buf), 0); - + if (len < 0) { if (errno == EINTR) @@ -844,13 +844,13 @@ static status_t pfkey_send_socket(private_kernel_pfkey_ipsec_t *this, int socket } break; } - + *out_len = len; *out = (struct sadb_msg*)malloc(len); memcpy(*out, buf, len); - + this->mutex_pfkey->unlock(this->mutex_pfkey); - + return SUCCESS; } @@ -873,7 +873,7 @@ static void process_acquire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* traffic_selector_t *src_ts, *dst_ts; policy_entry_t *policy; job_t *job; - + switch (msg->sadb_msg_satype) { case SADB_SATYPE_UNSPEC: @@ -885,13 +885,13 @@ static void process_acquire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* return; } DBG2(DBG_KNL, "received an SADB_ACQUIRE"); - + if (parse_pfkey_message(msg, &response) != SUCCESS) { DBG1(DBG_KNL, "parsing SADB_ACQUIRE from kernel failed"); return; } - + index = response.x_policy->sadb_x_policy_id; this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -907,7 +907,7 @@ static void process_acquire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* src_ts = sadb_address2ts(response.src); dst_ts = sadb_address2ts(response.dst); this->mutex->unlock(this->mutex); - + DBG1(DBG_KNL, "creating acquire job for policy %R === %R with reqid {%u}", src_ts, dst_ts, reqid); job = (job_t*)acquire_job_create(reqid, src_ts, dst_ts); @@ -924,27 +924,27 @@ static void process_expire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* u_int32_t spi, reqid; bool hard; job_t *job; - + DBG2(DBG_KNL, "received an SADB_EXPIRE"); - + if (parse_pfkey_message(msg, &response) != SUCCESS) { DBG1(DBG_KNL, "parsing SADB_EXPIRE from kernel failed"); return; } - + protocol = proto_satype2ike(msg->sadb_msg_satype); spi = response.sa->sadb_sa_spi; reqid = response.x_sa2->sadb_x_sa2_reqid; hard = response.lft_hard != NULL; - + if (protocol != PROTO_ESP && protocol != PROTO_AH) { DBG2(DBG_KNL, "ignoring SADB_EXPIRE for SA with SPI %.8x and reqid {%u} " "which is not a CHILD_SA", ntohl(spi), reqid); return; } - + DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x and reqid {%u}", hard ? "delete" : "rekey", protocol_id_names, protocol, ntohl(spi), reqid); @@ -984,7 +984,7 @@ static void process_migrate(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* dir = kernel2dir(response.x_policy->sadb_x_policy_dir); DBG2(DBG_KNL, " policy %R === %R %N, id %u", src_ts, dst_ts, policy_dir_names, dir); - + /* SADB_X_EXT_KMADDRESS is not present in unpatched kernels < 2.6.28 */ if (response.x_kmaddress) { @@ -999,7 +999,7 @@ static void process_migrate(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* remote = host_create_from_sockaddr(remote_addr); DBG2(DBG_KNL, " kmaddress: %H...%H", local, remote); } - + if (src_ts && dst_ts && local && remote) { DBG1(DBG_KNL, "creating migrate job for policy %R === %R %N with reqid {%u}", @@ -1028,24 +1028,24 @@ static void process_mapping(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* u_int32_t spi, reqid; host_t *host; job_t *job; - + DBG2(DBG_KNL, "received an SADB_X_NAT_T_NEW_MAPPING"); - + if (parse_pfkey_message(msg, &response) != SUCCESS) { DBG1(DBG_KNL, "parsing SADB_X_NAT_T_NEW_MAPPING from kernel failed"); return; } - + if (!response.x_sa2) { DBG1(DBG_KNL, "received SADB_X_NAT_T_NEW_MAPPING is missing required information"); return; } - + spi = response.sa->sadb_sa_spi; reqid = response.x_sa2->sadb_x_sa2_reqid; - + if (proto_satype2ike(msg->sadb_msg_satype) == PROTO_ESP) { sockaddr_t *sa = (sockaddr_t*)(response.dst + 1); @@ -1084,11 +1084,11 @@ static job_requeue_t receive_events(private_kernel_pfkey_ipsec_t *this) unsigned char buf[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg = (struct sadb_msg*)buf; int len, oldstate; - + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); len = recvfrom(this->socket_events, buf, sizeof(buf), 0, NULL, 0); pthread_setcancelstate(oldstate, NULL); - + if (len < 0) { switch (errno) @@ -1105,7 +1105,7 @@ static job_requeue_t receive_events(private_kernel_pfkey_ipsec_t *this) return JOB_REQUEUE_FAIR; } } - + if (len < sizeof(struct sadb_msg) || msg->sadb_msg_len < PFKEY_LEN(sizeof(struct sadb_msg))) { @@ -1121,7 +1121,7 @@ static job_requeue_t receive_events(private_kernel_pfkey_ipsec_t *this) DBG1(DBG_KNL, "buffer was too small to receive the complete PF_KEY message"); return JOB_REQUEUE_DIRECT; } - + switch (msg->sadb_msg_type) { case SADB_ACQUIRE: @@ -1143,7 +1143,7 @@ static job_requeue_t receive_events(private_kernel_pfkey_ipsec_t *this) default: break; } - + return JOB_REQUEUE_DIRECT; } @@ -1162,31 +1162,31 @@ static status_t get_spi(private_kernel_pfkey_ipsec_t *this, pfkey_msg_t response; u_int32_t received_spi = 0; size_t len; - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_GETSPI; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa2 = (struct sadb_x_sa2*)PFKEY_EXT_ADD_NEXT(msg); sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2; sa2->sadb_x_sa2_len = PFKEY_LEN(sizeof(struct sadb_spirange)); sa2->sadb_x_sa2_reqid = reqid; PFKEY_EXT_ADD(msg, sa2); - + add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0); - + range = (struct sadb_spirange*)PFKEY_EXT_ADD_NEXT(msg); range->sadb_spirange_exttype = SADB_EXT_SPIRANGE; range->sadb_spirange_len = PFKEY_LEN(sizeof(struct sadb_spirange)); range->sadb_spirange_min = 0xc0000000; range->sadb_spirange_max = 0xcFFFFFFF; PFKEY_EXT_ADD(msg, range); - + if (pfkey_send(this, msg, &out, &len) == SUCCESS) { if (out->sadb_msg_errno) @@ -1200,12 +1200,12 @@ static status_t get_spi(private_kernel_pfkey_ipsec_t *this, } free(out); } - + if (received_spi == 0) { return FAILED; } - + *spi = received_spi; return SUCCESS; } @@ -1239,11 +1239,11 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, struct sadb_lifetime *lft; struct sadb_key *key; size_t len; - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%u}", ntohl(spi), reqid); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = inbound ? SADB_UPDATE : SADB_ADD; @@ -1273,17 +1273,17 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, sa->sadb_sa_auth = lookup_algorithm(integrity_algs, int_alg); sa->sadb_sa_encrypt = lookup_algorithm(encryption_algs, enc_alg); PFKEY_EXT_ADD(msg, sa); - + sa2 = (struct sadb_x_sa2*)PFKEY_EXT_ADD_NEXT(msg); sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2; sa2->sadb_x_sa2_len = PFKEY_LEN(sizeof(struct sadb_spirange)); sa2->sadb_x_sa2_mode = mode2kernel(mode); sa2->sadb_x_sa2_reqid = reqid; PFKEY_EXT_ADD(msg, sa2); - + add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0); - + lft = (struct sadb_lifetime*)PFKEY_EXT_ADD_NEXT(msg); lft->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; lft->sadb_lifetime_len = PFKEY_LEN(sizeof(struct sadb_lifetime)); @@ -1292,7 +1292,7 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, lft->sadb_lifetime_addtime = lifetime->time.rekey; lft->sadb_lifetime_usetime = 0; /* we only use addtime */ PFKEY_EXT_ADD(msg, lft); - + lft = (struct sadb_lifetime*)PFKEY_EXT_ADD_NEXT(msg); lft->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; lft->sadb_lifetime_len = PFKEY_LEN(sizeof(struct sadb_lifetime)); @@ -1301,7 +1301,7 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, lft->sadb_lifetime_addtime = lifetime->time.life; lft->sadb_lifetime_usetime = 0; /* we only use addtime */ PFKEY_EXT_ADD(msg, lft); - + if (enc_alg != ENCR_UNDEFINED) { if (!sa->sadb_sa_encrypt) @@ -1312,16 +1312,16 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, } DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", encryption_algorithm_names, enc_alg, enc_key.len * 8); - + key = (struct sadb_key*)PFKEY_EXT_ADD_NEXT(msg); key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT; key->sadb_key_bits = enc_key.len * 8; key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + enc_key.len); memcpy(key + 1, enc_key.ptr, enc_key.len); - + PFKEY_EXT_ADD(msg, key); } - + if (int_alg != AUTH_UNDEFINED) { if (!sa->sadb_sa_auth) @@ -1332,16 +1332,16 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, } DBG2(DBG_KNL, " using integrity algorithm %N with key size %d", integrity_algorithm_names, int_alg, int_key.len * 8); - + key = (struct sadb_key*)PFKEY_EXT_ADD_NEXT(msg); key->sadb_key_exttype = SADB_EXT_KEY_AUTH; key->sadb_key_bits = int_key.len * 8; key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + int_key.len); memcpy(key + 1, int_key.ptr, int_key.len); - + PFKEY_EXT_ADD(msg, key); } - + if (ipcomp != IPCOMP_NONE) { /*TODO*/ @@ -1353,7 +1353,7 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, add_encap_ext(msg, src, dst); } #endif /*HAVE_NATT*/ - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x", ntohl(spi)); @@ -1366,7 +1366,7 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, free(out); return FAILED; } - + free(out); return SUCCESS; } @@ -1385,7 +1385,7 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this, struct sadb_sa *sa; pfkey_msg_t response; size_t len; - + /* we can't update the SA if any of the ip addresses have changed. * that's because we can't use SADB_UPDATE and by deleting and readding the * SA the sequence numbers would get lost */ @@ -1396,28 +1396,28 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this, " are not supported", ntohl(spi)); return NOT_SUPPORTED; } - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "querying SAD entry with SPI %.8x", ntohl(spi)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_GET; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = spi; PFKEY_EXT_ADD(msg, sa); - + /* the kernel wants a SADB_EXT_ADDRESS_SRC to be present even though * it is not used for anything. */ add_anyaddr_ext(msg, dst->get_family(dst), SADB_EXT_ADDRESS_SRC); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", @@ -1438,18 +1438,18 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this, free(out); return FAILED; } - + DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H", ntohl(spi), src, dst, new_src, new_dst); - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_UPDATE; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + #ifdef __APPLE__ { struct sadb_sa_2 *sa_2; @@ -1466,32 +1466,32 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this, PFKEY_EXT_COPY(msg, response.sa); #endif PFKEY_EXT_COPY(msg, response.x_sa2); - + PFKEY_EXT_COPY(msg, response.src); PFKEY_EXT_COPY(msg, response.dst); - + PFKEY_EXT_COPY(msg, response.lft_soft); PFKEY_EXT_COPY(msg, response.lft_hard); - + if (response.key_encr) { PFKEY_EXT_COPY(msg, response.key_encr); } - + if (response.key_auth) { PFKEY_EXT_COPY(msg, response.key_auth); } - + #ifdef HAVE_NATT if (new_encap) { add_encap_ext(msg, new_src, new_dst); } #endif /*HAVE_NATT*/ - + free(out); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", ntohl(spi)); @@ -1505,7 +1505,7 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this, return FAILED; } free(out); - + return SUCCESS; } @@ -1521,29 +1521,29 @@ static status_t query_sa(private_kernel_pfkey_ipsec_t *this, host_t *src, struct sadb_sa *sa; pfkey_msg_t response; size_t len; - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "querying SAD entry with SPI %.8x", ntohl(spi)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_GET; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = spi; PFKEY_EXT_ADD(msg, sa); - + /* the Linux Kernel doesn't care for the src address, but other systems do * (e.g. FreeBSD) */ add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi)); @@ -1579,29 +1579,29 @@ static status_t del_sa(private_kernel_pfkey_ipsec_t *this, host_t *src, struct sadb_msg *msg, *out; struct sadb_sa *sa; size_t len; - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x", ntohl(spi)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_DELETE; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = spi; PFKEY_EXT_ADD(msg, sa); - + /* the Linux Kernel doesn't care for the src address, but other systems do * (e.g. FreeBSD) */ add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x", ntohl(spi)); @@ -1614,7 +1614,7 @@ static status_t del_sa(private_kernel_pfkey_ipsec_t *this, host_t *src, free(out); return FAILED; } - + DBG2(DBG_KNL, "deleted SAD entry with SPI %.8x", ntohl(spi)); free(out); return SUCCESS; @@ -1639,16 +1639,16 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, policy_entry_t *policy, *found = NULL; pfkey_msg_t response; size_t len; - + if (dir2kernel(direction) == IPSEC_DIR_INVALID) { /* FWD policies are not supported on all platforms */ return SUCCESS; } - + /* create a policy */ policy = create_policy_entry(src_ts, dst_ts, direction, reqid); - + /* find a matching policy */ this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -1668,18 +1668,18 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, this->policies->insert_last(this->policies, policy); policy->refcount = 1; } - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "adding policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = found ? SADB_X_SPDUPDATE : SADB_X_SPDADD; msg->sadb_msg_satype = 0; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + pol = (struct sadb_x_policy*)PFKEY_EXT_ADD_NEXT(msg); pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; pol->sadb_x_policy_len = PFKEY_LEN(sizeof(struct sadb_x_policy)); @@ -1693,7 +1693,7 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, pol->sadb_x_policy_priority -= policy->src.proto != IPSEC_PROTO_ANY ? 2 : 0; pol->sadb_x_policy_priority -= policy->src.net->get_port(policy->src.net) ? 1 : 0; #endif - + /* one or more sadb_x_ipsecrequest extensions are added to the sadb_x_policy extension */ req = (struct sadb_x_ipsecrequest*)(pol + 1); req->sadb_x_ipsecrequest_proto = proto_ike2ip(protocol); @@ -1713,15 +1713,15 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, memcpy((u_int8_t*)(req + 1) + sl, sa, sl); req->sadb_x_ipsecrequest_len += sl * 2; } - + pol->sadb_x_policy_len += PFKEY_LEN(req->sadb_x_ipsecrequest_len); PFKEY_EXT_ADD(msg, pol); - + add_addr_ext(msg, policy->src.net, SADB_EXT_ADDRESS_SRC, policy->src.proto, policy->src.mask); add_addr_ext(msg, policy->dst.net, SADB_EXT_ADDRESS_DST, policy->dst.proto, policy->dst.mask); - + #ifdef __FreeBSD__ { /* on FreeBSD a lifetime has to be defined to be able to later query * the current use time. */ @@ -1733,9 +1733,9 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, PFKEY_EXT_ADD(msg, lft); } #endif - + this->mutex->unlock(this->mutex); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to add policy %R === %R %N", src_ts, dst_ts, @@ -1757,9 +1757,9 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, free(out); return FAILED; } - + this->mutex->lock(this->mutex); - + /* we try to find the policy again and update the kernel index */ if (this->policies->find_last(this->policies, NULL, (void**)&policy) != SUCCESS) { @@ -1771,7 +1771,7 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, } policy->index = response.x_policy->sadb_x_policy_id; free(out); - + /* install a route, if: * - we are NOT updating a policy * - this is a forward policy (to just get one for each child) @@ -1784,7 +1784,7 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, this->install_routes) { route_entry_t *route = malloc_thing(route_entry_t); - + if (charon->kernel_interface->get_address_by_ts(charon->kernel_interface, dst_ts, &route->src_ip) == SUCCESS) { @@ -1795,7 +1795,7 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, charon->kernel_interface, dst); route->dst_net = chunk_clone(policy->src.net->get_address(policy->src.net)); route->prefixlen = policy->src.mask; - + switch (charon->kernel_interface->add_route(charon->kernel_interface, route->dst_net, route->prefixlen, route->gateway, route->src_ip, route->if_name)) @@ -1819,9 +1819,9 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, free(route); } } - + this->mutex->unlock(this->mutex); - + return SUCCESS; } @@ -1839,19 +1839,19 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this, policy_entry_t *policy, *found = NULL; pfkey_msg_t response; size_t len; - + if (dir2kernel(direction) == IPSEC_DIR_INVALID) { /* FWD policies are not supported on all platforms */ return NOT_FOUND; } - + DBG2(DBG_KNL, "querying policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); /* create a policy */ policy = create_policy_entry(src_ts, dst_ts, direction, 0); - + /* find a matching policy */ this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -1865,15 +1865,15 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this, } policy_entry_destroy(policy); policy = found; - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_X_SPDGET; msg->sadb_msg_satype = 0; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + pol = (struct sadb_x_policy*)PFKEY_EXT_ADD_NEXT(msg); pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; pol->sadb_x_policy_id = policy->index; @@ -1881,14 +1881,14 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this, pol->sadb_x_policy_dir = dir2kernel(direction); pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; PFKEY_EXT_ADD(msg, pol); - + add_addr_ext(msg, policy->src.net, SADB_EXT_ADDRESS_SRC, policy->src.proto, policy->src.mask); add_addr_ext(msg, policy->dst.net, SADB_EXT_ADDRESS_DST, policy->dst.proto, policy->dst.mask); - + this->mutex->unlock(this->mutex); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to query policy %R === %R %N", src_ts, dst_ts, @@ -1928,7 +1928,7 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this, *use_time = 0; } free(out); - + return SUCCESS; } @@ -1946,19 +1946,19 @@ static status_t del_policy(private_kernel_pfkey_ipsec_t *this, policy_entry_t *policy, *found = NULL; route_entry_t *route; size_t len; - + if (dir2kernel(direction) == IPSEC_DIR_INVALID) { /* FWD policies are not supported on all platforms */ return SUCCESS; } - + DBG2(DBG_KNL, "deleting policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - + /* create a policy */ policy = create_policy_entry(src_ts, dst_ts, direction, 0); - + /* find a matching policy */ this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -1986,31 +1986,31 @@ static status_t del_policy(private_kernel_pfkey_ipsec_t *this, return NOT_FOUND; } this->mutex->unlock(this->mutex); - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_X_SPDDELETE; msg->sadb_msg_satype = 0; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + pol = (struct sadb_x_policy*)PFKEY_EXT_ADD_NEXT(msg); pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; pol->sadb_x_policy_len = PFKEY_LEN(sizeof(struct sadb_x_policy)); pol->sadb_x_policy_dir = dir2kernel(direction); pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; PFKEY_EXT_ADD(msg, pol); - + add_addr_ext(msg, policy->src.net, SADB_EXT_ADDRESS_SRC, policy->src.proto, policy->src.mask); add_addr_ext(msg, policy->dst.net, SADB_EXT_ADDRESS_DST, policy->dst.proto, policy->dst.mask); - + route = policy->route; policy->route = NULL; policy_entry_destroy(policy); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to delete policy %R === %R %N", src_ts, dst_ts, @@ -2026,7 +2026,7 @@ static status_t del_policy(private_kernel_pfkey_ipsec_t *this, return FAILED; } free(out); - + if (route) { if (charon->kernel_interface->del_route(charon->kernel_interface, @@ -2039,7 +2039,7 @@ static status_t del_policy(private_kernel_pfkey_ipsec_t *this, } route_entry_destroy(route); } - + return SUCCESS; } @@ -2051,15 +2051,15 @@ static status_t register_pfkey_socket(private_kernel_pfkey_ipsec_t *this, u_int8 unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; size_t len; - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_REGISTER; msg->sadb_msg_satype = satype; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + if (pfkey_send_socket(this, this->socket_events, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to register PF_KEY socket"); @@ -2098,13 +2098,13 @@ static bool add_bypass_policies(private_kernel_pfkey_ipsec_t *this) int fd, family, port; enumerator_t *sockets; bool status = TRUE; - + sockets = charon->socket->create_enumerator(charon->socket); while (sockets->enumerate(sockets, &fd, &family, &port)) { struct sadb_x_policy policy; u_int sol, ipsec_policy; - + switch (family) { case AF_INET: @@ -2122,12 +2122,12 @@ static bool add_bypass_policies(private_kernel_pfkey_ipsec_t *this) default: continue; } - + memset(&policy, 0, sizeof(policy)); policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t); policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY; policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS; - + policy.sadb_x_policy_dir = IPSEC_DIR_OUTBOUND; if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0) { @@ -2155,7 +2155,7 @@ static bool add_bypass_policies(private_kernel_pfkey_ipsec_t *this) kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create() { private_kernel_pfkey_ipsec_t *this = malloc_thing(private_kernel_pfkey_ipsec_t); - + /* public functions */ this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi; this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi; @@ -2166,7 +2166,7 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create() this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy; this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy; this->public.interface.del_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy; - + this->public.interface.destroy = (void(*)(kernel_ipsec_t*)) destroy; /* private members */ @@ -2176,37 +2176,37 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create() this->install_routes = lib->settings->get_bool(lib->settings, "charon.install_routes", TRUE); this->seq = 0; - + /* create a PF_KEY socket to communicate with the kernel */ this->socket = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); if (this->socket <= 0) { charon->kill(charon, "unable to create PF_KEY socket"); } - + /* create a PF_KEY socket for ACQUIRE & EXPIRE */ this->socket_events = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); if (this->socket_events <= 0) { charon->kill(charon, "unable to create PF_KEY event socket"); } - + /* add bypass policies on the sockets used by charon */ if (!add_bypass_policies(this)) { charon->kill(charon, "unable to add bypass policies on sockets"); } - + /* register the event socket */ if (register_pfkey_socket(this, SADB_SATYPE_ESP) != SUCCESS || register_pfkey_socket(this, SADB_SATYPE_AH) != SUCCESS) { charon->kill(charon, "unable to register PF_KEY event socket"); } - + this->job = callback_job_create((callback_job_cb_t)receive_events, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public; } diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.c b/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.c index 09dc4780d..3380c328c 100644 --- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.c +++ b/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.c @@ -47,10 +47,10 @@ static void destroy(private_kernel_pfkey_plugin_t *this) plugin_t *plugin_create() { private_kernel_pfkey_plugin_t *this = malloc_thing(private_kernel_pfkey_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->kernel_interface->add_ipsec_interface(charon->kernel_interface, (kernel_ipsec_constructor_t)kernel_pfkey_ipsec_create); - + return &this->public.plugin; } diff --git a/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c index da97fcd83..768810411 100644 --- a/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c +++ b/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c @@ -47,13 +47,13 @@ typedef struct addr_entry_t addr_entry_t; * IP address in an inface_entry_t */ struct addr_entry_t { - + /** The ip address */ host_t *ip; - + /** virtual IP managed by us */ bool virtual; - + /** Number of times this IP is used, if virtual */ u_int refcount; }; @@ -73,16 +73,16 @@ typedef struct iface_entry_t iface_entry_t; * A network interface on this system, containing addr_entry_t's */ struct iface_entry_t { - + /** interface index */ int ifindex; - + /** name of the interface */ char ifname[IFNAMSIZ]; - + /** interface flags, as in netdevice(7) SIOCGIFFLAGS */ u_int flags; - + /** list of addresses as host_t */ linked_list_t *addrs; }; @@ -108,42 +108,42 @@ struct private_kernel_pfroute_net_t * Public part of the kernel_pfroute_t object. */ kernel_pfroute_net_t public; - + /** * mutex to lock access to various lists */ mutex_t *mutex; - + /** * Cached list of interfaces and their addresses (iface_entry_t) */ linked_list_t *ifaces; - + /** * job receiving PF_ROUTE events */ callback_job_t *job; - + /** * mutex to lock access to the PF_ROUTE socket */ mutex_t *mutex_pfroute; - + /** * PF_ROUTE socket to communicate with the kernel */ int socket; - + /** * PF_ROUTE socket to receive events */ int socket_events; - + /** * sequence number for messages sent to the kernel */ int seq; - + /** * time of last roam job */ @@ -157,7 +157,7 @@ struct private_kernel_pfroute_net_t static void fire_roam_job(private_kernel_pfroute_net_t *this, bool address) { timeval_t now; - + time_monotonic(&now); if (timercmp(&now, &this->last_roam, >)) { @@ -187,7 +187,7 @@ static void process_addr(private_kernel_pfroute_net_t *this, addr_entry_t *addr; bool found = FALSE, changed = FALSE, roam = FALSE; int i; - + for (i = 1; i < (1 << RTAX_MAX); i <<= 1) { if (ifa->ifam_addrs & i) @@ -200,12 +200,12 @@ static void process_addr(private_kernel_pfroute_net_t *this, sockaddr = (sockaddr_t*)((char*)sockaddr + sockaddr->sa_len); } } - + if (!host) { return; } - + this->mutex->lock(this->mutex); ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) @@ -236,7 +236,7 @@ static void process_addr(private_kernel_pfroute_net_t *this, } } addrs->destroy(addrs); - + if (!found && ifa->ifam_type == RTM_NEWADDR) { changed = TRUE; @@ -247,7 +247,7 @@ static void process_addr(private_kernel_pfroute_net_t *this, iface->addrs->insert_last(iface->addrs, addr); DBG1(DBG_KNL, "%H appeared on %s", host, iface->ifname); } - + if (changed && (iface->flags & IFF_UP)) { roam = TRUE; @@ -258,7 +258,7 @@ static void process_addr(private_kernel_pfroute_net_t *this, ifaces->destroy(ifaces); this->mutex->unlock(this->mutex); host->destroy(host); - + if (roam) { fire_roam_job(this, TRUE); @@ -275,12 +275,12 @@ static void process_link(private_kernel_pfroute_net_t *this, enumerator_t *enumerator; iface_entry_t *iface; bool roam = FALSE; - + if (msg->ifm_flags & IFF_LOOPBACK) { /* ignore loopback interfaces */ return; } - + this->mutex->lock(this->mutex); enumerator = this->ifaces->create_enumerator(this->ifaces); while (enumerator->enumerate(enumerator, &iface)) @@ -303,7 +303,7 @@ static void process_link(private_kernel_pfroute_net_t *this, } enumerator->destroy(enumerator); this->mutex->unlock(this->mutex); - + if (roam) { fire_roam_job(this, TRUE); @@ -327,11 +327,11 @@ static job_requeue_t receive_events(private_kernel_pfroute_net_t *this) unsigned char buf[PFROUTE_BUFFER_SIZE]; struct rt_msghdr *msg = (struct rt_msghdr*)buf; int len, oldstate; - + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); len = recvfrom(this->socket_events, buf, sizeof(buf), 0, NULL, 0); pthread_setcancelstate(oldstate, NULL); - + if (len < 0) { switch (errno) @@ -348,14 +348,14 @@ static job_requeue_t receive_events(private_kernel_pfroute_net_t *this) return JOB_REQUEUE_FAIR; } } - + if (len < sizeof(msg->rtm_msglen) || len < msg->rtm_msglen || msg->rtm_version != RTM_VERSION) { DBG2(DBG_KNL, "received corrupted PF_ROUTE message"); return JOB_REQUEUE_DIRECT; } - + switch (msg->rtm_type) { case RTM_NEWADDR: @@ -372,7 +372,7 @@ static job_requeue_t receive_events(private_kernel_pfroute_net_t *this) default: break; } - + return JOB_REQUEUE_DIRECT; } @@ -491,7 +491,7 @@ static char *get_interface_name(private_kernel_pfroute_net_t *this, host_t* ip) } ifaces->destroy(ifaces); this->mutex->unlock(this->mutex); - + if (name) { DBG2(DBG_KNL, "%H is on interface %s", ip, name); @@ -564,15 +564,15 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this) iface_entry_t *iface, *current; addr_entry_t *addr; enumerator_t *ifaces, *addrs; - + DBG1(DBG_KNL, "listening on interfaces:"); - + if (getifaddrs(&ifap) < 0) { DBG1(DBG_KNL, " failed to get interfaces!"); return FAILED; } - + for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) { if (ifa->ifa_addr == NULL) @@ -589,7 +589,7 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this) { /* ignore loopback interfaces */ continue; } - + iface = NULL; ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, ¤t)) @@ -601,7 +601,7 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this) } } ifaces->destroy(ifaces); - + if (!iface) { iface = malloc_thing(iface_entry_t); @@ -611,7 +611,7 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this) iface->addrs = linked_list_create(); this->ifaces->insert_last(this->ifaces, iface); } - + if (ifa->ifa_addr->sa_family != AF_LINK) { addr = malloc_thing(addr_entry_t); @@ -624,7 +624,7 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this) } } freeifaddrs(ifap); - + ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) { @@ -640,7 +640,7 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this) } } ifaces->destroy(ifaces); - + return SUCCESS; } @@ -664,7 +664,7 @@ static void destroy(private_kernel_pfroute_net_t *this) kernel_pfroute_net_t *kernel_pfroute_net_create() { private_kernel_pfroute_net_t *this = malloc_thing(private_kernel_pfroute_net_t); - + /* public functions */ this->public.interface.get_interface = (char*(*)(kernel_net_t*,host_t*))get_interface_name; this->public.interface.create_address_enumerator = (enumerator_t*(*)(kernel_net_t*,bool,bool))create_address_enumerator; @@ -674,38 +674,38 @@ kernel_pfroute_net_t *kernel_pfroute_net_create() this->public.interface.del_ip = (status_t(*)(kernel_net_t*,host_t*)) del_ip; this->public.interface.add_route = (status_t(*)(kernel_net_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) add_route; this->public.interface.del_route = (status_t(*)(kernel_net_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) del_route; - + this->public.interface.destroy = (void(*)(kernel_net_t*)) destroy; - + /* private members */ this->ifaces = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); this->mutex_pfroute = mutex_create(MUTEX_TYPE_DEFAULT); - + this->seq = 0; - + /* create a PF_ROUTE socket to communicate with the kernel */ this->socket = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC); if (this->socket <= 0) { charon->kill(charon, "unable to create PF_ROUTE socket"); } - + /* create a PF_ROUTE socket to receive events */ this->socket_events = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC); if (this->socket_events <= 0) { charon->kill(charon, "unable to create PF_ROUTE event socket"); } - + this->job = callback_job_create((callback_job_cb_t)receive_events, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + if (init_address_list(this) != SUCCESS) { charon->kill(charon, "unable to get interface list"); } - + return &this->public; } diff --git a/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.c b/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.c index 767049bb0..e73cbeafb 100644 --- a/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.c +++ b/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.c @@ -48,11 +48,11 @@ static void destroy(private_kernel_pfroute_plugin_t *this) plugin_t *plugin_create() { private_kernel_pfroute_plugin_t *this = malloc_thing(private_kernel_pfroute_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->kernel_interface->add_net_interface(charon->kernel_interface, (kernel_net_constructor_t)kernel_pfroute_net_create); - + return &this->public.plugin; } diff --git a/src/charon/plugins/load_tester/load_tester_config.c b/src/charon/plugins/load_tester/load_tester_config.c index aecaf624f..74a62f667 100644 --- a/src/charon/plugins/load_tester/load_tester_config.c +++ b/src/charon/plugins/load_tester/load_tester_config.c @@ -28,52 +28,52 @@ struct private_load_tester_config_t { * Public part */ load_tester_config_t public; - + /** * peer config */ peer_cfg_t *peer_cfg; - + /** * virtual IP, if any */ host_t *vip; - + /** * Remote address */ char *remote; - + /** * IP address pool */ char *pool; - + /** * IKE proposal */ proposal_t *proposal; - + /** * Authentication method(s) to use/expect from initiator */ char *initiator_auth; - + /** * Authentication method(s) use/expected from responder */ char *responder_auth; - + /** * IKE_SA rekeying delay */ u_int ike_rekey; - + /** * CHILD_SA rekeying delay */ u_int child_rekey; - + /** * incremental numbering of generated configs */ @@ -93,13 +93,13 @@ static void generate_auth_cfg(private_load_tester_config_t *this, char *str, eap_type_t type; char buf[128]; int rnd = 0; - + enumerator = enumerator_create_token(str, "|", " "); while (enumerator->enumerate(enumerator, &str)) { auth = auth_cfg_create(); rnd++; - + if (streq(str, "psk")) { /* PSK authentication, use FQDNs */ class = AUTH_CLASS_PSK; @@ -188,7 +188,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) .jitter = 0 } }; - + ike_cfg = ike_cfg_create(FALSE, FALSE, "0.0.0.0", this->remote); ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal)); peer_cfg = peer_cfg_create("load-test", 2, ike_cfg, @@ -208,7 +208,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) generate_auth_cfg(this, this->responder_auth, peer_cfg, TRUE, num); generate_auth_cfg(this, this->initiator_auth, peer_cfg, FALSE, num); } - + child_cfg = child_cfg_create("load-test", &lifetime, NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1"); @@ -225,7 +225,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) * Implementation of backend_t.create_peer_cfg_enumerator. */ static enumerator_t* create_peer_cfg_enumerator(private_load_tester_config_t *this, - identification_t *me, + identification_t *me, identification_t *other) { return enumerator_create_single(this->peer_cfg, NULL); @@ -273,12 +273,12 @@ static void destroy(private_load_tester_config_t *this) load_tester_config_t *load_tester_config_create() { private_load_tester_config_t *this = malloc_thing(private_load_tester_config_t); - + this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator; this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; this->public.destroy = (void(*)(load_tester_config_t*))destroy; - + this->vip = NULL; if (lib->settings->get_bool(lib->settings, "charon.plugins.load_tester.request_virtual_ip", FALSE)) @@ -287,9 +287,9 @@ load_tester_config_t *load_tester_config_create() } this->pool = lib->settings->get_str(lib->settings, "charon.plugins.load_tester.pool", NULL); - this->remote = lib->settings->get_str(lib->settings, + this->remote = lib->settings->get_str(lib->settings, "charon.plugins.load_tester.remote", "127.0.0.1"); - + this->proposal = proposal_create_from_string(PROTO_IKE, lib->settings->get_str(lib->settings, "charon.plugins.load_tester.proposal", "aes128-sha1-modp768")); @@ -302,15 +302,15 @@ load_tester_config_t *load_tester_config_create() "charon.plugins.load_tester.ike_rekey", 0); this->child_rekey = lib->settings->get_int(lib->settings, "charon.plugins.load_tester.child_rekey", 600); - + this->initiator_auth = lib->settings->get_str(lib->settings, "charon.plugins.load_tester.initiator_auth", "pubkey"); this->responder_auth = lib->settings->get_str(lib->settings, "charon.plugins.load_tester.responder_auth", "pubkey"); - + this->num = 1; this->peer_cfg = generate_config(this, 0); - + return &this->public; } diff --git a/src/charon/plugins/load_tester/load_tester_config.h b/src/charon/plugins/load_tester/load_tester_config.h index f09a3f832..c22387743 100644 --- a/src/charon/plugins/load_tester/load_tester_config.h +++ b/src/charon/plugins/load_tester/load_tester_config.h @@ -34,11 +34,11 @@ struct load_tester_config_t { * Implements backend_t interface */ backend_t backend; - + /** * Destroy the backend. */ - void (*destroy)(load_tester_config_t *this); + void (*destroy)(load_tester_config_t *this); }; /** diff --git a/src/charon/plugins/load_tester/load_tester_creds.c b/src/charon/plugins/load_tester/load_tester_creds.c index b32380d30..ec3606c0b 100644 --- a/src/charon/plugins/load_tester/load_tester_creds.c +++ b/src/charon/plugins/load_tester/load_tester_creds.c @@ -32,27 +32,27 @@ struct private_load_tester_creds_t { * Public part */ load_tester_creds_t public; - + /** * Private key to create signatures */ private_key_t *private; - + /** * CA certificate, to issue/verify peer certificates */ certificate_t *ca; - + /** * serial number to issue certificates */ u_int32_t serial; - + /** * Preshared key */ shared_key_t *shared; - + /** * Identification for shared key */ @@ -196,7 +196,7 @@ static enumerator_t* create_private_enumerator(private_load_tester_creds_t *this if (id) { chunk_t keyid; - + if (!this->private->get_fingerprint(this->private, KEY_ID_PUBKEY_SHA1, &keyid) || !chunk_equals(keyid, id->get_encoding(id))) @@ -219,7 +219,7 @@ static enumerator_t* create_cert_enumerator(private_load_tester_creds_t *this, u_int32_t serial; time_t now; chunk_t keyid; - + if (this->ca == NULL) { return NULL; @@ -278,7 +278,7 @@ static enumerator_t* create_cert_enumerator(private_load_tester_creds_t *this, /** * Implements credential_set_t.create_shared_enumerator */ -static enumerator_t* create_shared_enumerator(private_load_tester_creds_t *this, +static enumerator_t* create_shared_enumerator(private_load_tester_creds_t *this, shared_key_type_t type, identification_t *me, identification_t *other) { @@ -319,17 +319,17 @@ load_tester_creds_t *load_tester_creds_create() this->public.credential_set.create_cdp_enumerator = (enumerator_t*(*) (credential_set_t *,certificate_type_t, identification_t *))return_null; this->public.credential_set.cache_cert = (void (*)(credential_set_t *, certificate_t *))nop; this->public.destroy = (void(*) (load_tester_creds_t*))destroy; - + this->private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, BUILD_BLOB_ASN1_DER, chunk_create(private, sizeof(private)), BUILD_END); - + this->ca = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_BLOB_ASN1_DER, chunk_create(cert, sizeof(cert)), BUILD_X509_FLAG, X509_CA, BUILD_END); - - this->shared = shared_key_create(SHARED_IKE, + + this->shared = shared_key_create(SHARED_IKE, chunk_clone(chunk_create(psk, sizeof(psk)))); this->id = identification_create_from_string("CN=*, OU=load-test, O=strongSwan"); this->serial = 0; diff --git a/src/charon/plugins/load_tester/load_tester_creds.h b/src/charon/plugins/load_tester/load_tester_creds.h index 60cf67795..fb3541164 100644 --- a/src/charon/plugins/load_tester/load_tester_creds.h +++ b/src/charon/plugins/load_tester/load_tester_creds.h @@ -34,11 +34,11 @@ struct load_tester_creds_t { * Implements credential set interface. */ credential_set_t credential_set; - + /** * Destroy the backend. */ - void (*destroy)(load_tester_creds_t *this); + void (*destroy)(load_tester_creds_t *this); }; /** diff --git a/src/charon/plugins/load_tester/load_tester_diffie_hellman.c b/src/charon/plugins/load_tester/load_tester_diffie_hellman.c index 87d9ef42b..d5ec3599b 100644 --- a/src/charon/plugins/load_tester/load_tester_diffie_hellman.c +++ b/src/charon/plugins/load_tester/load_tester_diffie_hellman.c @@ -49,19 +49,19 @@ load_tester_diffie_hellman_t *load_tester_diffie_hellman_create( diffie_hellman_group_t group) { load_tester_diffie_hellman_t *this; - + if (group != MODP_NULL) { return NULL; } - + this = malloc_thing(load_tester_diffie_hellman_t); - + this->dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *))get_shared_secret; this->dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t ))nop; this->dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *))get_my_public_value; this->dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *))get_dh_group; this->dh.destroy = (void (*)(diffie_hellman_t *))free; - + return this; } diff --git a/src/charon/plugins/load_tester/load_tester_diffie_hellman.h b/src/charon/plugins/load_tester/load_tester_diffie_hellman.h index 045c4bb4a..1014429a9 100644 --- a/src/charon/plugins/load_tester/load_tester_diffie_hellman.h +++ b/src/charon/plugins/load_tester/load_tester_diffie_hellman.h @@ -29,7 +29,7 @@ typedef struct load_tester_diffie_hellman_t load_tester_diffie_hellman_t; * A NULL Diffie Hellman implementation to avoid calculation overhead in tests. */ struct load_tester_diffie_hellman_t { - + /** * Implements diffie_hellman_t interface. */ @@ -38,7 +38,7 @@ struct load_tester_diffie_hellman_t { /** * Creates a new gmp_diffie_hellman_t object. - * + * * @param group Diffie Hellman group, supports MODP_NULL only * @return gmp_diffie_hellman_t object */ diff --git a/src/charon/plugins/load_tester/load_tester_ipsec.c b/src/charon/plugins/load_tester/load_tester_ipsec.c index 76460c3e1..b6c9f6bbf 100644 --- a/src/charon/plugins/load_tester/load_tester_ipsec.c +++ b/src/charon/plugins/load_tester/load_tester_ipsec.c @@ -27,7 +27,7 @@ struct private_load_tester_ipsec_t { * Public interface. */ load_tester_ipsec_t public; - + /** * faked SPI counter */ @@ -37,8 +37,8 @@ struct private_load_tester_ipsec_t { /** * Implementation of kernel_interface_t.get_spi. */ -static status_t get_spi(private_load_tester_ipsec_t *this, - host_t *src, host_t *dst, +static status_t get_spi(private_load_tester_ipsec_t *this, + host_t *src, host_t *dst, protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi) { @@ -49,8 +49,8 @@ static status_t get_spi(private_load_tester_ipsec_t *this, /** * Implementation of kernel_interface_t.get_cpi. */ -static status_t get_cpi(private_load_tester_ipsec_t *this, - host_t *src, host_t *dst, +static status_t get_cpi(private_load_tester_ipsec_t *this, + host_t *src, host_t *dst, u_int32_t reqid, u_int16_t *cpi) { return FAILED; @@ -122,7 +122,7 @@ static status_t add_policy(private_load_tester_ipsec_t *this, * Implementation of kernel_interface_t.query_policy. */ static status_t query_policy(private_load_tester_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time) { @@ -134,7 +134,7 @@ static status_t query_policy(private_load_tester_ipsec_t *this, * Implementation of kernel_interface_t.del_policy. */ static status_t del_policy(private_load_tester_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted) { @@ -155,7 +155,7 @@ static void destroy(private_load_tester_ipsec_t *this) load_tester_ipsec_t *load_tester_ipsec_create() { private_load_tester_ipsec_t *this = malloc_thing(private_load_tester_ipsec_t); - + /* public functions */ this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi; this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi; @@ -167,9 +167,9 @@ load_tester_ipsec_t *load_tester_ipsec_create() this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy; this->public.interface.del_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy; this->public.interface.destroy = (void(*)(kernel_ipsec_t*)) destroy; - + this->spi = 0; - + return &this->public; } diff --git a/src/charon/plugins/load_tester/load_tester_listener.c b/src/charon/plugins/load_tester/load_tester_listener.c index fe9a90aed..0708b35b6 100644 --- a/src/charon/plugins/load_tester/load_tester_listener.c +++ b/src/charon/plugins/load_tester/load_tester_listener.c @@ -30,7 +30,7 @@ struct private_load_tester_listener_t { * Public part */ load_tester_listener_t public; - + /** * Delete IKE_SA after it has been established */ @@ -40,7 +40,7 @@ struct private_load_tester_listener_t { * Number of established SAs */ u_int established; - + /** * Shutdown the daemon if we have established this SA count */ @@ -56,13 +56,13 @@ static bool ike_state_change(private_load_tester_listener_t *this, if (state == IKE_ESTABLISHED) { ike_sa_id_t *id = ike_sa->get_id(ike_sa); - + if (this->delete_after_established) { charon->processor->queue_job(charon->processor, (job_t*)delete_ike_sa_job_create(id, TRUE)); } - + if (id->is_initiator(id)) { if (this->shutdown_on == ++this->established) @@ -86,17 +86,17 @@ static void destroy(private_load_tester_listener_t *this) load_tester_listener_t *load_tester_listener_create(u_int shutdown_on) { private_load_tester_listener_t *this = malloc_thing(private_load_tester_listener_t); - + memset(&this->public.listener, 0, sizeof(listener_t)); this->public.listener.ike_state_change = (void*)ike_state_change; this->public.destroy = (void(*) (load_tester_listener_t*))destroy; - + this->delete_after_established = lib->settings->get_bool(lib->settings, "charon.plugins.load_tester.delete_after_established", FALSE); - + this->shutdown_on = shutdown_on; this->established = 0; - + return &this->public; } diff --git a/src/charon/plugins/load_tester/load_tester_listener.h b/src/charon/plugins/load_tester/load_tester_listener.h index 6842b3532..b9599294c 100644 --- a/src/charon/plugins/load_tester/load_tester_listener.h +++ b/src/charon/plugins/load_tester/load_tester_listener.h @@ -34,11 +34,11 @@ struct load_tester_listener_t { * Implements listener set interface. */ listener_t listener; - + /** * Destroy the backend. */ - void (*destroy)(load_tester_listener_t *this); + void (*destroy)(load_tester_listener_t *this); }; /** diff --git a/src/charon/plugins/load_tester/load_tester_plugin.c b/src/charon/plugins/load_tester/load_tester_plugin.c index 93ed2e3c5..d857a4602 100644 --- a/src/charon/plugins/load_tester/load_tester_plugin.c +++ b/src/charon/plugins/load_tester/load_tester_plugin.c @@ -37,47 +37,47 @@ struct private_load_tester_plugin_t { * implements plugin interface */ load_tester_plugin_t public; - + /** * load_tester configuration backend */ load_tester_config_t *config; - + /** * load_tester credential set implementation */ load_tester_creds_t *creds; - + /** * event handler, listens on bus */ load_tester_listener_t *listener; - + /** * number of iterations per thread */ int iterations; - + /** * number desired initiator threads */ int initiators; - + /** * currenly running initiators */ int running; - + /** * delay between initiations, in ms */ int delay; - + /** * mutex to lock running field */ mutex_t *mutex; - + /** * condvar to wait for initiators */ @@ -90,7 +90,7 @@ struct private_load_tester_plugin_t { static job_requeue_t do_load_test(private_load_tester_plugin_t *this) { int i, s = 0, ms = 0; - + this->mutex->lock(this->mutex); if (!this->running) { @@ -102,13 +102,13 @@ static job_requeue_t do_load_test(private_load_tester_plugin_t *this) s = this->delay / 1000; ms = this->delay % 1000; } - + for (i = 0; this->iterations == 0 || i < this->iterations; i++) { peer_cfg_t *peer_cfg; child_cfg_t *child_cfg = NULL; enumerator_t *enumerator; - + peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, "load-test"); if (!peer_cfg) @@ -122,7 +122,7 @@ static job_requeue_t do_load_test(private_load_tester_plugin_t *this) break; } enumerator->destroy(enumerator); - + charon->controller->initiate(charon->controller, peer_cfg, child_cfg->get_ref(child_cfg), NULL, NULL); @@ -176,20 +176,20 @@ plugin_t *plugin_create() { private_load_tester_plugin_t *this; u_int i, shutdown_on = 0; - + if (!lib->settings->get_bool(lib->settings, "charon.plugins.load_tester.enable", FALSE)) { DBG1(DBG_CFG, "disabling load-tester plugin, not configured"); return NULL; } - + this = malloc_thing(private_load_tester_plugin_t); this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_dh(lib->crypto, MODP_NULL, + + lib->crypto->add_dh(lib->crypto, MODP_NULL, (dh_constructor_t)load_tester_diffie_hellman_create); - + this->delay = lib->settings->get_int(lib->settings, "charon.plugins.load_tester.delay", 0); this->iterations = lib->settings->get_int(lib->settings, @@ -201,7 +201,7 @@ plugin_t *plugin_create() { shutdown_on = this->iterations * this->initiators; } - + this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT); this->config = load_tester_config_create(); @@ -210,17 +210,17 @@ plugin_t *plugin_create() charon->backends->add_backend(charon->backends, &this->config->backend); charon->credentials->add_set(charon->credentials, &this->creds->credential_set); charon->bus->add_listener(charon->bus, &this->listener->listener); - + if (lib->settings->get_bool(lib->settings, "charon.plugins.load_tester.fake_kernel", FALSE)) { - charon->kernel_interface->add_ipsec_interface(charon->kernel_interface, + charon->kernel_interface->add_ipsec_interface(charon->kernel_interface, (kernel_ipsec_constructor_t)load_tester_ipsec_create); } this->running = 0; for (i = 0; i < this->initiators; i++) { - charon->processor->queue_job(charon->processor, + charon->processor->queue_job(charon->processor, (job_t*)callback_job_create((callback_job_cb_t)do_load_test, this, NULL, NULL)); } diff --git a/src/charon/plugins/load_tester/load_tester_plugin.h b/src/charon/plugins/load_tester/load_tester_plugin.h index 87e8914e0..e33f06ac7 100644 --- a/src/charon/plugins/load_tester/load_tester_plugin.h +++ b/src/charon/plugins/load_tester/load_tester_plugin.h @@ -31,7 +31,7 @@ typedef struct load_tester_plugin_t load_tester_plugin_t; /** * Load tester plugin to inspect system core under high load. * - * This plugin + * This plugin */ struct load_tester_plugin_t { diff --git a/src/charon/plugins/medcli/medcli_config.c b/src/charon/plugins/medcli/medcli_config.c index 9d3998757..505e744e1 100644 --- a/src/charon/plugins/medcli/medcli_config.c +++ b/src/charon/plugins/medcli/medcli_config.c @@ -32,22 +32,22 @@ struct private_medcli_config_t { * Public part */ medcli_config_t public; - + /** * database connection */ database_t *db; - + /** * rekey time */ int rekey; - + /** * dpd delay */ int dpd; - + /** * default ike config */ @@ -64,7 +64,7 @@ static traffic_selector_t *ts_from_string(char *str) int netbits = 32; host_t *net; char *pos; - + str = strdupa(str); pos = strchr(str, '/'); if (pos) @@ -107,9 +107,9 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam .jitter = this->rekey } }; - + /* query mediation server config: - * - build ike_cfg/peer_cfg for mediation connection on-the-fly + * - build ike_cfg/peer_cfg for mediation connection on-the-fly */ e = this->db->query(this->db, "SELECT Address, ClientConfig.KeyId, MediationServerConfig.KeyId " @@ -124,14 +124,14 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); med_cfg = peer_cfg_create( "mediation", 2, ike_cfg, - CERT_NEVER_SEND, UNIQUE_REPLACE, + CERT_NEVER_SEND, UNIQUE_REPLACE, 1, this->rekey*60, 0, /* keytries, rekey, reauth */ this->rekey*5, this->rekey*3, /* jitter, overtime */ TRUE, this->dpd, /* mobike, dpddelay */ NULL, NULL, /* vip, pool */ TRUE, NULL, NULL); /* mediation, med by, peer id */ e->destroy(e); - + auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); auth->add(auth, AUTH_RULE_IDENTITY, @@ -142,7 +142,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_encoding(ID_KEY_ID, other)); med_cfg->add_auth_cfg(med_cfg, auth, FALSE); - + /* query mediated config: * - use any-any ike_cfg * - build peer_cfg on-the-fly using med_cfg @@ -161,14 +161,14 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam } peer_cfg = peer_cfg_create( name, 2, this->ike->get_ref(this->ike), - CERT_NEVER_SEND, UNIQUE_REPLACE, + CERT_NEVER_SEND, UNIQUE_REPLACE, 1, this->rekey*60, 0, /* keytries, rekey, reauth */ this->rekey*5, this->rekey*3, /* jitter, overtime */ TRUE, this->dpd, /* mobike, dpddelay */ NULL, NULL, /* vip, pool */ FALSE, med_cfg, /* mediation, med by */ identification_create_from_encoding(ID_KEY_ID, other)); - + auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); auth->add(auth, AUTH_RULE_IDENTITY, @@ -179,7 +179,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_encoding(ID_KEY_ID, other)); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); - + child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); @@ -240,13 +240,13 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) } this->current = peer_cfg_create( name, 2, this->ike->get_ref(this->ike), - CERT_NEVER_SEND, UNIQUE_REPLACE, + CERT_NEVER_SEND, UNIQUE_REPLACE, 1, this->rekey*60, 0, /* keytries, rekey, reauth */ this->rekey*5, this->rekey*3, /* jitter, overtime */ TRUE, this->dpd, /* mobike, dpddelay */ NULL, NULL, /* vip, pool */ FALSE, NULL, NULL); /* mediation, med by, peer id */ - + auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); auth->add(auth, AUTH_RULE_IDENTITY, @@ -257,7 +257,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_encoding(ID_KEY_ID, other)); this->current->add_auth_cfg(this->current, auth, FALSE); - + child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); @@ -286,7 +286,7 @@ static enumerator_t* create_peer_cfg_enumerator(private_medcli_config_t *this, identification_t *other) { peer_enumerator_t *e = malloc_thing(peer_enumerator_t); - + e->current = NULL; e->ike = this->ike; e->rekey = this->rekey; @@ -300,12 +300,12 @@ static enumerator_t* create_peer_cfg_enumerator(private_medcli_config_t *this, "Connection.LocalSubnet, Connection.RemoteSubnet " "FROM ClientConfig JOIN Connection " "WHERE Active AND " - "(? OR ClientConfig.KeyId = ?) AND (? OR Connection.KeyId = ?)", - DB_INT, me == NULL || me->get_type(me) == ID_ANY, - DB_BLOB, me && me->get_type(me) == ID_KEY_ID ? + "(? OR ClientConfig.KeyId = ?) AND (? OR Connection.KeyId = ?)", + DB_INT, me == NULL || me->get_type(me) == ID_ANY, + DB_BLOB, me && me->get_type(me) == ID_KEY_ID ? me->get_encoding(me) : chunk_empty, - DB_INT, other == NULL || other->get_type(other) == ID_ANY, - DB_BLOB, other && other->get_type(other) == ID_KEY_ID ? + DB_INT, other == NULL || other->get_type(other) == ID_ANY, + DB_BLOB, other && other->get_type(other) == ID_KEY_ID ? other->get_encoding(other) : chunk_empty, DB_TEXT, DB_BLOB, DB_BLOB, DB_TEXT, DB_TEXT); if (!e->inner) @@ -323,7 +323,7 @@ static job_requeue_t initiate_config(peer_cfg_t *peer_cfg) { enumerator_t *enumerator; child_cfg_t *child_cfg = NULL;; - + enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg); enumerator->enumerate(enumerator, &child_cfg); if (child_cfg) @@ -348,7 +348,7 @@ static void schedule_autoinit(private_medcli_config_t *this) { enumerator_t *e; char *name; - + e = this->db->query(this->db, "SELECT Alias FROM Connection WHERE Active", DB_TEXT); if (e) @@ -356,7 +356,7 @@ static void schedule_autoinit(private_medcli_config_t *this) while (e->enumerate(e, &name)) { peer_cfg_t *peer_cfg; - + peer_cfg = get_peer_cfg_by_name(this, name); if (peer_cfg) { @@ -391,15 +391,15 @@ medcli_config_t *medcli_config_create(database_t *db) this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; this->public.destroy = (void(*)(medcli_config_t*))destroy; - + this->db = db; this->rekey = lib->settings->get_time(lib->settings, "medcli.rekey", 1200); this->dpd = lib->settings->get_time(lib->settings, "medcli.dpd", 300); this->ike = ike_cfg_create(FALSE, FALSE, "0.0.0.0", "0.0.0.0"); this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE)); - + schedule_autoinit(this); - + return &this->public; } diff --git a/src/charon/plugins/medcli/medcli_config.h b/src/charon/plugins/medcli/medcli_config.h index a37280bd0..36c20adf7 100644 --- a/src/charon/plugins/medcli/medcli_config.h +++ b/src/charon/plugins/medcli/medcli_config.h @@ -35,11 +35,11 @@ struct medcli_config_t { * Implements backend_t interface */ backend_t backend; - + /** * Destroy the backend. */ - void (*destroy)(medcli_config_t *this); + void (*destroy)(medcli_config_t *this); }; /** diff --git a/src/charon/plugins/medcli/medcli_creds.c b/src/charon/plugins/medcli/medcli_creds.c index d3c66ae35..777913628 100644 --- a/src/charon/plugins/medcli/medcli_creds.c +++ b/src/charon/plugins/medcli/medcli_creds.c @@ -30,7 +30,7 @@ struct private_medcli_creds_t { * Public part */ medcli_creds_t public; - + /** * underlying database handle */ @@ -90,21 +90,21 @@ static enumerator_t* create_private_enumerator(private_medcli_creds_t *this, key_type_t type, identification_t *id) { private_enumerator_t *e; - + if ((type != KEY_RSA && type != KEY_ANY) || id == NULL || id->get_type(id) != ID_KEY_ID) { DBG1(DBG_CFG, "%N - %Y", key_type_names, type, id); return NULL; } - + e = malloc_thing(private_enumerator_t); e->current = NULL; e->public.enumerate = (void*)private_enumerator_enumerate; e->public.destroy = (void*)private_enumerator_destroy; e->inner = this->db->query(this->db, "SELECT PrivateKey FROM ClientConfig WHERE KeyId = ?", - DB_BLOB, id->get_encoding(id), + DB_BLOB, id->get_encoding(id), DB_BLOB); if (!e->inner) { @@ -185,13 +185,13 @@ static enumerator_t* create_cert_enumerator(private_medcli_creds_t *this, identification_t *id, bool trusted) { cert_enumerator_t *e; - + if ((cert != CERT_TRUSTED_PUBKEY && cert != CERT_ANY) || id == NULL || id->get_type(id) != ID_KEY_ID) { return NULL; } - + e = malloc_thing(cert_enumerator_t); e->current = NULL; e->type = key; @@ -235,9 +235,9 @@ medcli_creds_t *medcli_creds_create(database_t *db) this->public.set.cache_cert = (void*)nop; this->public.destroy = (void (*)(medcli_creds_t*))destroy; - + this->db = db; - + return &this->public; } diff --git a/src/charon/plugins/medcli/medcli_creds.h b/src/charon/plugins/medcli/medcli_creds.h index 97bf1c226..4b5402653 100644 --- a/src/charon/plugins/medcli/medcli_creds.h +++ b/src/charon/plugins/medcli/medcli_creds.h @@ -35,11 +35,11 @@ struct medcli_creds_t { * Implements credential_set_t interface */ credential_set_t set; - + /** * Destroy the credentials databse. */ - void (*destroy)(medcli_creds_t *this); + void (*destroy)(medcli_creds_t *this); }; /** diff --git a/src/charon/plugins/medcli/medcli_listener.c b/src/charon/plugins/medcli/medcli_listener.c index 4d058c0cd..142f02e6c 100644 --- a/src/charon/plugins/medcli/medcli_listener.c +++ b/src/charon/plugins/medcli/medcli_listener.c @@ -39,7 +39,7 @@ struct private_medcli_listener_t { * Public part */ medcli_listener_t public; - + /** * underlying database handle */ @@ -117,17 +117,17 @@ static void destroy(private_medcli_listener_t *this) medcli_listener_t *medcli_listener_create(database_t *db) { private_medcli_listener_t *this = malloc_thing(private_medcli_listener_t); - + memset(&this->public.listener, 0, sizeof(listener_t)); - + this->public.listener.ike_state_change = (void*)ike_state_change; this->public.listener.child_state_change = (void*)child_state_change; this->public.destroy = (void (*)(medcli_listener_t*))destroy; - + this->db = db; db->execute(db, NULL, "UPDATE Connection SET Status = ?", DB_UINT, STATE_DOWN); - + return &this->public; } diff --git a/src/charon/plugins/medcli/medcli_listener.h b/src/charon/plugins/medcli/medcli_listener.h index c6881f88a..4768beccd 100644 --- a/src/charon/plugins/medcli/medcli_listener.h +++ b/src/charon/plugins/medcli/medcli_listener.h @@ -35,11 +35,11 @@ struct medcli_listener_t { * Implements bus_listener_t interface */ listener_t listener; - + /** * Destroy the credentials databse. */ - void (*destroy)(medcli_listener_t *this); + void (*destroy)(medcli_listener_t *this); }; /** diff --git a/src/charon/plugins/medcli/medcli_plugin.c b/src/charon/plugins/medcli/medcli_plugin.c index 908b144f0..148eded61 100644 --- a/src/charon/plugins/medcli/medcli_plugin.c +++ b/src/charon/plugins/medcli/medcli_plugin.c @@ -32,22 +32,22 @@ struct private_medcli_plugin_t { * implements plugin interface */ medcli_plugin_t public; - + /** * database connection instance */ database_t *db; - + /** * medcli credential set instance */ medcli_creds_t *creds; - + /** * medcli config database */ medcli_config_t *config; - + /** * Listener to update database connection state */ @@ -76,9 +76,9 @@ plugin_t *plugin_create() { char *uri; private_medcli_plugin_t *this = malloc_thing(private_medcli_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + uri = lib->settings->get_str(lib->settings, "medcli.database", NULL); if (!uri) @@ -87,7 +87,7 @@ plugin_t *plugin_create() free(this); return NULL; } - + this->db = lib->db->create(lib->db, uri); if (this->db == NULL) { @@ -95,15 +95,15 @@ plugin_t *plugin_create() free(this); return NULL; } - + this->creds = medcli_creds_create(this->db); this->config = medcli_config_create(this->db); this->listener = medcli_listener_create(this->db); - + charon->credentials->add_set(charon->credentials, &this->creds->set); charon->backends->add_backend(charon->backends, &this->config->backend); charon->bus->add_listener(charon->bus, &this->listener->listener); - + return &this->public.plugin; } diff --git a/src/charon/plugins/medsrv/medsrv_config.c b/src/charon/plugins/medsrv/medsrv_config.c index 1ab7f3864..3df720967 100644 --- a/src/charon/plugins/medsrv/medsrv_config.c +++ b/src/charon/plugins/medsrv/medsrv_config.c @@ -30,22 +30,22 @@ struct private_medsrv_config_t { * Public part */ medsrv_config_t public; - + /** * database connection */ database_t *db; - + /** * rekey time */ int rekey; - + /** * dpd delay */ int dpd; - + /** * default ike config */ @@ -77,7 +77,7 @@ static enumerator_t* create_peer_cfg_enumerator(private_medsrv_config_t *this, identification_t *other) { enumerator_t *e; - + if (!me || !other || other->get_type(other) != ID_KEY_ID) { return NULL; @@ -92,7 +92,7 @@ static enumerator_t* create_peer_cfg_enumerator(private_medsrv_config_t *this, peer_cfg_t *peer_cfg; auth_cfg_t *auth; char *name; - + if (e->enumerate(e, &name)) { peer_cfg = peer_cfg_create( @@ -104,7 +104,7 @@ static enumerator_t* create_peer_cfg_enumerator(private_medsrv_config_t *this, NULL, NULL, /* vip, pool */ TRUE, NULL, NULL); /* mediation, med by, peer id */ e->destroy(e); - + auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); auth->add(auth, AUTH_RULE_IDENTITY, me->clone(me)); @@ -113,7 +113,7 @@ static enumerator_t* create_peer_cfg_enumerator(private_medsrv_config_t *this, auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); auth->add(auth, AUTH_RULE_IDENTITY, other->clone(other)); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); - + return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy); } e->destroy(e); @@ -141,13 +141,13 @@ medsrv_config_t *medsrv_config_create(database_t *db) this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; this->public.destroy = (void(*)(medsrv_config_t*))destroy; - + this->db = db; this->rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200); this->dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300); this->ike = ike_cfg_create(FALSE, FALSE, "0.0.0.0", "0.0.0.0"); this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE)); - + return &this->public; } diff --git a/src/charon/plugins/medsrv/medsrv_config.h b/src/charon/plugins/medsrv/medsrv_config.h index 2ed63bca7..fc8b0e972 100644 --- a/src/charon/plugins/medsrv/medsrv_config.h +++ b/src/charon/plugins/medsrv/medsrv_config.h @@ -35,11 +35,11 @@ struct medsrv_config_t { * Implements backend_t interface */ backend_t backend; - + /** * Destroy the backend. */ - void (*destroy)(medsrv_config_t *this); + void (*destroy)(medsrv_config_t *this); }; /** diff --git a/src/charon/plugins/medsrv/medsrv_creds.c b/src/charon/plugins/medsrv/medsrv_creds.c index 7dac37f1f..2127f5660 100644 --- a/src/charon/plugins/medsrv/medsrv_creds.c +++ b/src/charon/plugins/medsrv/medsrv_creds.c @@ -30,7 +30,7 @@ struct private_medsrv_creds_t { * Public part */ medsrv_creds_t public; - + /** * underlying database handle */ @@ -109,13 +109,13 @@ static enumerator_t* create_cert_enumerator(private_medsrv_creds_t *this, identification_t *id, bool trusted) { cert_enumerator_t *e; - + if ((cert != CERT_TRUSTED_PUBKEY && cert != CERT_ANY) || id == NULL || id->get_type(id) != ID_KEY_ID) { return NULL; } - + e = malloc_thing(cert_enumerator_t); e->current = NULL; e->type = key; @@ -155,9 +155,9 @@ medsrv_creds_t *medsrv_creds_create(database_t *db) this->public.set.cache_cert = (void*)nop; this->public.destroy = (void (*)(medsrv_creds_t*))destroy; - + this->db = db; - + return &this->public; } diff --git a/src/charon/plugins/medsrv/medsrv_creds.h b/src/charon/plugins/medsrv/medsrv_creds.h index da23220c2..d08adf3bf 100644 --- a/src/charon/plugins/medsrv/medsrv_creds.h +++ b/src/charon/plugins/medsrv/medsrv_creds.h @@ -35,11 +35,11 @@ struct medsrv_creds_t { * Implements credential_set_t interface */ credential_set_t set; - + /** * Destroy the credentials databse. */ - void (*destroy)(medsrv_creds_t *this); + void (*destroy)(medsrv_creds_t *this); }; /** diff --git a/src/charon/plugins/medsrv/medsrv_plugin.c b/src/charon/plugins/medsrv/medsrv_plugin.c index 4340d7991..7c533f10e 100644 --- a/src/charon/plugins/medsrv/medsrv_plugin.c +++ b/src/charon/plugins/medsrv/medsrv_plugin.c @@ -31,17 +31,17 @@ struct private_medsrv_plugin_t { * implements plugin interface */ medsrv_plugin_t public; - + /** * database connection instance */ database_t *db; - + /** * medsrv credential set instance */ medsrv_creds_t *creds; - + /** * medsrv config database */ @@ -68,9 +68,9 @@ plugin_t *plugin_create() { char *uri; private_medsrv_plugin_t *this = malloc_thing(private_medsrv_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + uri = lib->settings->get_str(lib->settings, "medsrv.database", NULL); if (!uri) @@ -79,7 +79,7 @@ plugin_t *plugin_create() free(this); return NULL; } - + this->db = lib->db->create(lib->db, uri); if (this->db == NULL) { @@ -87,13 +87,13 @@ plugin_t *plugin_create() free(this); return NULL; } - + this->creds = medsrv_creds_create(this->db); this->config = medsrv_config_create(this->db); - + charon->credentials->add_set(charon->credentials, &this->creds->set); charon->backends->add_backend(charon->backends, &this->config->backend); - + return &this->public.plugin; } diff --git a/src/charon/plugins/nm/gnome/auth-dialog/main.c b/src/charon/plugins/nm/gnome/auth-dialog/main.c index 84b3387e1..4ff926b22 100644 --- a/src/charon/plugins/nm/gnome/auth-dialog/main.c +++ b/src/charon/plugins/nm/gnome/auth-dialog/main.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil - * Copyright (C) 2004 Dan Williams + * Copyright (C) 2004 Dan Williams * Red Hat, Inc. * * This program is free software; you can redistribute it and/or modify it @@ -49,7 +49,7 @@ static char *lookup_password(char *name, char *service) for (iter = list; iter; iter = iter->next) { GnomeKeyringNetworkPasswordData *data = iter->data; - + if (strcmp(data->object, "password") == 0 && data->password) { pass = g_strdup(data->password); @@ -97,7 +97,7 @@ static char* get_connection_type(char *uuid) } g_slist_foreach(list, (GFunc)g_free, NULL); g_slist_free(list); - + if (found) { key = g_strdup_printf ("%s/%s/%s", found, @@ -139,14 +139,14 @@ int main (int argc, char *argv[]) argc, argv, GNOME_PARAM_GOPTION_CONTEXT, context, GNOME_PARAM_NONE); - + if (uuid == NULL || name == NULL || service == NULL) { fprintf (stderr, "Have to supply UUID, name, and service\n"); g_object_unref (program); return 1; } - + if (strcmp(service, NM_DBUS_SERVICE_STRONGSWAN) != 0) { fprintf(stderr, "This dialog only works with the '%s' service\n", @@ -154,7 +154,7 @@ int main (int argc, char *argv[]) g_object_unref (program); return 1; } - + type = get_connection_type(uuid); if (!type) { @@ -221,7 +221,7 @@ int main (int argc, char *argv[]) else { dialog = gtk_message_dialog_new(NULL, 0, GTK_MESSAGE_ERROR, - GTK_BUTTONS_OK, + GTK_BUTTONS_OK, _("Configuration uses ssh-agent for authentication, " "but ssh-agent is not running!")); gtk_dialog_run (GTK_DIALOG (dialog)); diff --git a/src/charon/plugins/nm/gnome/properties/nm-strongswan.c b/src/charon/plugins/nm/gnome/properties/nm-strongswan.c index 18bf097ea..0c55d3abc 100644 --- a/src/charon/plugins/nm/gnome/properties/nm-strongswan.c +++ b/src/charon/plugins/nm/gnome/properties/nm-strongswan.c @@ -158,7 +158,7 @@ settings_changed_cb (GtkWidget *widget, gpointer user_data) { StrongswanPluginUiWidget *self = STRONGSWAN_PLUGIN_UI_WIDGET (user_data); StrongswanPluginUiWidgetPrivate *priv = STRONGSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); - + if (widget == glade_xml_get_widget (priv->xml, "method-combo")) { update_layout(glade_xml_get_widget (priv->xml, "method-combo"), priv); @@ -173,7 +173,7 @@ init_plugin_ui (StrongswanPluginUiWidget *self, NMConnection *connection, GError NMSettingVPN *settings; GtkWidget *widget; const char *value; - + settings = NM_SETTING_VPN(nm_connection_get_setting(connection, NM_TYPE_SETTING_VPN)); widget = glade_xml_get_widget (priv->xml, "address-entry"); value = nm_setting_vpn_get_data_item (settings, "address"); @@ -218,7 +218,7 @@ init_plugin_ui (StrongswanPluginUiWidget *self, NMConnection *connection, GError } update_layout (widget, priv); g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (settings_changed_cb), self); - + widget = glade_xml_get_widget (priv->xml, "usercert-label"); gtk_widget_set_no_show_all (widget, TRUE); widget = glade_xml_get_widget (priv->xml, "usercert-button"); @@ -227,7 +227,7 @@ init_plugin_ui (StrongswanPluginUiWidget *self, NMConnection *connection, GError if (value) gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value); g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (settings_changed_cb), self); - + widget = glade_xml_get_widget (priv->xml, "userkey-label"); gtk_widget_set_no_show_all (widget, TRUE); widget = glade_xml_get_widget (priv->xml, "userkey-button"); @@ -236,7 +236,7 @@ init_plugin_ui (StrongswanPluginUiWidget *self, NMConnection *connection, GError if (value) gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value); g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (settings_changed_cb), self); - + widget = glade_xml_get_widget (priv->xml, "virtual-check"); value = nm_setting_vpn_get_data_item (settings, "virtual"); if (value && strcmp(value, "yes") == 0) @@ -244,7 +244,7 @@ init_plugin_ui (StrongswanPluginUiWidget *self, NMConnection *connection, GError gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(widget), TRUE); } g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (settings_changed_cb), self); - + widget = glade_xml_get_widget (priv->xml, "encap-check"); value = nm_setting_vpn_get_data_item (settings, "encap"); if (value && strcmp(value, "yes") == 0) @@ -252,7 +252,7 @@ init_plugin_ui (StrongswanPluginUiWidget *self, NMConnection *connection, GError gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(widget), TRUE); } g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (settings_changed_cb), self); - + widget = glade_xml_get_widget (priv->xml, "ipcomp-check"); value = nm_setting_vpn_get_data_item (settings, "ipcomp"); if (value && strcmp(value, "yes") == 0) @@ -288,7 +288,7 @@ update_connection (NMVpnPluginUiWidgetInterface *iface, if (!check_validity (self, error)) return FALSE; settings = NM_SETTING_VPN (nm_setting_vpn_new ()); - + g_object_set (settings, NM_SETTING_VPN_SERVICE_TYPE, NM_DBUS_SERVICE_STRONGSWAN, NULL); @@ -303,7 +303,7 @@ update_connection (NMVpnPluginUiWidgetInterface *iface, if (str) { nm_setting_vpn_add_data_item (settings, "certificate", str); } - + widget = glade_xml_get_widget (priv->xml, "method-combo"); switch (gtk_combo_box_get_active (GTK_COMBO_BOX (widget))) { @@ -339,15 +339,15 @@ update_connection (NMVpnPluginUiWidgetInterface *iface, break; } nm_setting_vpn_add_data_item (settings, "method", str); - + widget = glade_xml_get_widget (priv->xml, "virtual-check"); active = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget)); nm_setting_vpn_add_data_item (settings, "virtual", active ? "yes" : "no"); - + widget = glade_xml_get_widget (priv->xml, "encap-check"); active = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget)); nm_setting_vpn_add_data_item (settings, "encap", active ? "yes" : "no"); - + widget = glade_xml_get_widget (priv->xml, "ipcomp-check"); active = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget)); nm_setting_vpn_add_data_item (settings, "ipcomp", active ? "yes" : "no"); diff --git a/src/charon/plugins/nm/gnome/properties/nm-strongswan.h b/src/charon/plugins/nm/gnome/properties/nm-strongswan.h index 2ebd4bed1..e2b66bb15 100644 --- a/src/charon/plugins/nm/gnome/properties/nm-strongswan.h +++ b/src/charon/plugins/nm/gnome/properties/nm-strongswan.h @@ -28,7 +28,7 @@ typedef enum STRONGSWAN_PLUGIN_UI_ERROR_MISSING_PROPERTY } StrongswanPluginUiError; -#define STRONGSWAN_TYPE_PLUGIN_UI_ERROR (strongswan_plugin_ui_error_get_type ()) +#define STRONGSWAN_TYPE_PLUGIN_UI_ERROR (strongswan_plugin_ui_error_get_type ()) GType strongswan_plugin_ui_error_get_type (void); #define STRONGSWAN_TYPE_PLUGIN_UI (strongswan_plugin_ui_get_type ()) diff --git a/src/charon/plugins/nm/nm_creds.c b/src/charon/plugins/nm/nm_creds.c index 9d1b0b895..1a35105cf 100644 --- a/src/charon/plugins/nm/nm_creds.c +++ b/src/charon/plugins/nm/nm_creds.c @@ -29,32 +29,32 @@ struct private_nm_creds_t { * public functions */ nm_creds_t public; - + /** * gateway certificate */ certificate_t *cert; - + /** * User name */ identification_t *user; - + /** * User password */ char *pass; - + /** * users certificate */ certificate_t *usercert; - + /** * users private key */ private_key_t *key; - + /** * read/write lock */ @@ -68,13 +68,13 @@ static enumerator_t *create_usercert_enumerator(private_nm_creds_t *this, certificate_type_t cert, key_type_t key) { public_key_t *public; - + if (cert != CERT_ANY && cert != this->usercert->get_type(this->usercert)) { return NULL; } if (key != KEY_ANY) - { + { public = this->usercert->get_public_key(this->usercert); if (!public) { @@ -121,7 +121,7 @@ static enumerator_t* create_cert_enumerator(private_nm_creds_t *this, if (key != KEY_ANY) { public_key_t *public; - + public = this->cert->get_public_key(this->cert); if (!public) { @@ -156,7 +156,7 @@ static enumerator_t* create_private_enumerator(private_nm_creds_t *this, if (id && id->get_type(id) != ID_ANY) { chunk_t keyid; - + if (id->get_type(id) != ID_KEY_ID || !this->key->get_fingerprint(this->key, KEY_ID_PUBKEY_SHA1, &keyid) || !chunk_equals(keyid, id->get_encoding(id))) @@ -208,7 +208,7 @@ static void shared_destroy(shared_enumerator_t *this) /** * Implements credential_set_t.create_cert_enumerator */ -static enumerator_t* create_shared_enumerator(private_nm_creds_t *this, +static enumerator_t* create_shared_enumerator(private_nm_creds_t *this, shared_key_type_t type, identification_t *me, identification_t *other) { @@ -226,7 +226,7 @@ static enumerator_t* create_shared_enumerator(private_nm_creds_t *this, { return NULL; } - + enumerator = malloc_thing(shared_enumerator_t); enumerator->public.enumerate = (void*)shared_enumerate; enumerator->public.destroy = (void*)shared_destroy; @@ -267,7 +267,7 @@ static void set_username_password(private_nm_creds_t *this, identification_t *id /** * Implementation of nm_creds_t.set_cert_and_key */ -static void set_cert_and_key(private_nm_creds_t *this, certificate_t *cert, +static void set_cert_and_key(private_nm_creds_t *this, certificate_t *cert, private_key_t *key) { this->lock->write_lock(this->lock); @@ -276,7 +276,7 @@ static void set_cert_and_key(private_nm_creds_t *this, certificate_t *cert, this->key = key; this->usercert = cert; this->lock->unlock(this->lock); -} +} /** * Implementation of nm_creds_t.clear @@ -311,7 +311,7 @@ static void destroy(private_nm_creds_t *this) nm_creds_t *nm_creds_create() { private_nm_creds_t *this = malloc_thing(private_nm_creds_t); - + this->public.set.create_private_enumerator = (void*)create_private_enumerator; this->public.set.create_cert_enumerator = (void*)create_cert_enumerator; this->public.set.create_shared_enumerator = (void*)create_shared_enumerator; @@ -322,15 +322,15 @@ nm_creds_t *nm_creds_create() this->public.set_cert_and_key = (void(*)(nm_creds_t*, certificate_t *cert, private_key_t *key))set_cert_and_key; this->public.clear = (void(*)(nm_creds_t*))clear; this->public.destroy = (void(*)(nm_creds_t*))destroy; - + this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); - + this->cert = NULL; this->user = NULL; this->pass = NULL; this->usercert = NULL; this->key = NULL; - + return &this->public; } diff --git a/src/charon/plugins/nm/nm_creds.h b/src/charon/plugins/nm/nm_creds.h index 421442c81..754fe53df 100644 --- a/src/charon/plugins/nm/nm_creds.h +++ b/src/charon/plugins/nm/nm_creds.h @@ -35,14 +35,14 @@ struct nm_creds_t { * Implements credential_set_t */ credential_set_t set; - + /** * Set the trusted gateway certificate to serve by this set. * * @param cert certificate to serve */ void (*set_certificate)(nm_creds_t *this, certificate_t *cert); - + /** * Set the username/password for authentication. * diff --git a/src/charon/plugins/nm/nm_handler.c b/src/charon/plugins/nm/nm_handler.c index 026c47af2..7b9c10b65 100644 --- a/src/charon/plugins/nm/nm_handler.c +++ b/src/charon/plugins/nm/nm_handler.c @@ -23,17 +23,17 @@ typedef struct private_nm_handler_t private_nm_handler_t; * Private data of an nm_handler_t object. */ struct private_nm_handler_t { - + /** * Public nm_handler_t interface. */ nm_handler_t public; - + /** * list of received DNS server attributes, pointer to 4 byte data */ linked_list_t *dns; - + /** * list of received NBNS server attributes, pointer to 4 byte data */ @@ -47,7 +47,7 @@ static bool handle(private_nm_handler_t *this, ike_sa_t *ike_sa, configuration_attribute_type_t type, chunk_t data) { linked_list_t *list; - + switch (type) { case INTERNAL_IP4_DNS: @@ -83,7 +83,7 @@ static enumerator_t* create_enumerator(private_nm_handler_t *this, configuration_attribute_type_t type) { linked_list_t *list; - + switch (type) { case INTERNAL_IP4_DNS: @@ -105,7 +105,7 @@ static enumerator_t* create_enumerator(private_nm_handler_t *this, static void reset(private_nm_handler_t *this) { void *data; - + while (this->dns->remove_last(this->dns, (void**)&data) == SUCCESS) { free(data); @@ -133,16 +133,16 @@ static void destroy(private_nm_handler_t *this) nm_handler_t *nm_handler_create() { private_nm_handler_t *this = malloc_thing(private_nm_handler_t); - + this->public.handler.handle = (bool(*)(attribute_handler_t*, ike_sa_t*, configuration_attribute_type_t, chunk_t))handle; this->public.handler.release = (void(*)(attribute_handler_t*, ike_sa_t*, configuration_attribute_type_t, chunk_t))nop; this->public.create_enumerator = (enumerator_t*(*)(nm_handler_t*, configuration_attribute_type_t type))create_enumerator; this->public.reset = (void(*)(nm_handler_t*))reset; this->public.destroy = (void(*)(nm_handler_t*))destroy; - + this->dns = linked_list_create(); this->nbns = linked_list_create(); - + return &this->public; } diff --git a/src/charon/plugins/nm/nm_handler.h b/src/charon/plugins/nm/nm_handler.h index d537bb8de..3904ce1f0 100644 --- a/src/charon/plugins/nm/nm_handler.h +++ b/src/charon/plugins/nm/nm_handler.h @@ -29,12 +29,12 @@ typedef struct nm_handler_t nm_handler_t; * Handles DNS/NBNS attributes to pass to NM. */ struct nm_handler_t { - + /** * Implements attribute handler interface */ attribute_handler_t handler; - + /** * Create an enumerator over received attributes of a given kind. * @@ -47,7 +47,7 @@ struct nm_handler_t { * Reset state, flush all received attributes. */ void (*reset)(nm_handler_t *this); - + /** * Destroy a nm_handler_t. */ diff --git a/src/charon/plugins/nm/nm_plugin.c b/src/charon/plugins/nm/nm_plugin.c index 1fb46f814..46cc9c39e 100644 --- a/src/charon/plugins/nm/nm_plugin.c +++ b/src/charon/plugins/nm/nm_plugin.c @@ -34,22 +34,22 @@ struct private_nm_plugin_t { * implements plugin interface */ nm_plugin_t public; - + /** * NetworkManager service (VPNPlugin) */ NMStrongswanPlugin *plugin; - + /** * Glib main loop for a thread, handles DBUS calls */ GMainLoop *loop; - + /** * credential set registered at the daemon */ nm_creds_t *creds; - + /** * attribute handler regeisterd at the daemon */ @@ -96,16 +96,16 @@ static void destroy(private_nm_plugin_t *this) plugin_t *plugin_create() { private_nm_plugin_t *this = malloc_thing(private_nm_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->loop = NULL; g_type_init (); if (!g_thread_supported()) { g_thread_init(NULL); } - + this->creds = nm_creds_create(); this->handler = nm_handler_create(); charon->credentials->add_set(charon->credentials, &this->creds->set); @@ -117,13 +117,13 @@ plugin_t *plugin_create() destroy(this); return NULL; } - + /* bypass file permissions to read from users ssh-agent */ charon->keep_cap(charon, CAP_DAC_OVERRIDE); - - charon->processor->queue_job(charon->processor, + + charon->processor->queue_job(charon->processor, (job_t*)callback_job_create((callback_job_cb_t)run, this, NULL, NULL)); - + return &this->public.plugin; } diff --git a/src/charon/plugins/nm/nm_service.c b/src/charon/plugins/nm/nm_service.c index 6aa5561f1..d896a432d 100644 --- a/src/charon/plugins/nm/nm_service.c +++ b/src/charon/plugins/nm/nm_service.c @@ -59,7 +59,7 @@ static GValue* handler_to_val(nm_handler_t *handler, GArray *array; enumerator_t *enumerator; chunk_t chunk; - + enumerator = handler->create_enumerator(handler, type); array = g_array_new (FALSE, TRUE, sizeof (guint32)); while (enumerator->enumerate(enumerator, &chunk)) @@ -70,7 +70,7 @@ static GValue* handler_to_val(nm_handler_t *handler, val = g_slice_new0 (GValue); g_value_init (val, DBUS_TYPE_G_UINT_ARRAY); g_value_set_boxed (val, array); - + return val; } @@ -84,37 +84,37 @@ static void signal_ipv4_config(NMVPNPlugin *plugin, GHashTable *config; host_t *me, *other; nm_handler_t *handler; - + config = g_hash_table_new(g_str_hash, g_str_equal); me = ike_sa->get_my_host(ike_sa); other = ike_sa->get_other_host(ike_sa); handler = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->handler; - + /* NM requires a tundev, but netkey does not use one. Passing an invalid * iface makes NM complain, but it accepts it without fiddling on eth0. */ val = g_slice_new0 (GValue); g_value_init (val, G_TYPE_STRING); g_value_set_string (val, "none"); g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val); - + val = g_slice_new0(GValue); g_value_init(val, G_TYPE_UINT); g_value_set_uint(val, *(u_int32_t*)me->get_address(me).ptr); g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS, val); - + val = g_slice_new0(GValue); g_value_init(val, G_TYPE_UINT); g_value_set_uint(val, me->get_address(me).len * 8); g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, val); - + val = handler_to_val(handler, INTERNAL_IP4_DNS); g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, val); - + val = handler_to_val(handler, INTERNAL_IP4_NBNS); g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_NBNS, val); - + handler->reset(handler); - + nm_vpn_plugin_set_ip4_config(plugin, config); } @@ -124,11 +124,11 @@ static void signal_ipv4_config(NMVPNPlugin *plugin, static void signal_failure(NMVPNPlugin *plugin, NMVPNPluginFailure failure) { nm_handler_t *handler = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->handler; - + handler->reset(handler); - + /* TODO: NM does not handle this failure!? */ - nm_vpn_plugin_failure(plugin, failure); + nm_vpn_plugin_failure(plugin, failure); nm_vpn_plugin_set_state(plugin, NM_VPN_SERVICE_STATE_STOPPED); } @@ -139,7 +139,7 @@ static bool ike_state_change(listener_t *listener, ike_sa_t *ike_sa, ike_sa_state_t state) { NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener; - + if (private->ike_sa == ike_sa && state == IKE_DESTROYING) { signal_failure(private->plugin, NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED); @@ -155,7 +155,7 @@ static bool child_state_change(listener_t *listener, ike_sa_t *ike_sa, child_sa_t *child_sa, child_sa_state_t state) { NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener; - + if (private->ike_sa == ike_sa && state == CHILD_DESTROYING) { signal_failure(private->plugin, NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED); @@ -171,7 +171,7 @@ static bool child_updown(listener_t *listener, ike_sa_t *ike_sa, child_sa_t *child_sa, bool up) { NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener; - + if (private->ike_sa == ike_sa) { if (up) @@ -195,7 +195,7 @@ static bool child_updown(listener_t *listener, ike_sa_t *ike_sa, static bool ike_rekey(listener_t *listener, ike_sa_t *old, ike_sa_t *new) { NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener; - + if (private->ike_sa == old) { /* follow a rekeyed IKE_SA */ private->ike_sa = new; @@ -232,7 +232,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, .jitter = 300 /* 5min */ } }; - + /** * Read parameters */ @@ -280,12 +280,12 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, auth_class = AUTH_CLASS_PUBKEY; } } - + /** * Register credentials */ priv->creds->clear(priv->creds); - + /* gateway/CA cert */ str = nm_setting_vpn_get_data_item(vpn, "certificate"); if (str) @@ -315,7 +315,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, gateway = gateway->clone(gateway); DBG1(DBG_CFG, "using gateway certificate, identity '%Y'", gateway); } - + if (auth_class == AUTH_CLASS_EAP) { /* username/password authentication ... */ @@ -327,7 +327,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, priv->creds->set_username_password(priv->creds, user, (char*)str); } } - + if (auth_class == AUTH_CLASS_PUBKEY) { /* ... or certificate/private key authenitcation */ @@ -336,7 +336,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, { public_key_t *public; private_key_t *private = NULL; - + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, str, BUILD_END); if (!cert) @@ -347,7 +347,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, gateway->destroy(gateway); return FALSE; } - /* try agent */ + /* try agent */ str = nm_setting_vpn_get_secret(vpn, "agent"); if (agent && str) { @@ -368,12 +368,12 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, "Connecting to SSH agent failed."); } } - /* ... or key file */ + /* ... or key file */ str = nm_setting_vpn_get_data_item(vpn, "userkey"); if (!agent && str) { chunk_t secret; - + secret.ptr = (char*)nm_setting_vpn_get_secret(vpn, "password"); if (secret.ptr) { @@ -403,7 +403,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, } } } - + if (!user) { g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, @@ -411,7 +411,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, gateway->destroy(gateway); return FALSE; } - + /** * Set up configurations */ @@ -432,7 +432,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); auth->add(auth, AUTH_RULE_IDENTITY, gateway); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); - + child_cfg = child_cfg_create(priv->name, &lifetime, NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */ ACTION_NONE, ACTION_NONE, ipcomp); @@ -444,7 +444,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, "255.255.255.255", 65535); child_cfg->add_traffic_selector(child_cfg, FALSE, ts); peer_cfg->add_child_cfg(peer_cfg, child_cfg); - + /** * Prepare IKE_SA */ @@ -458,7 +458,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, { peer_cfg->destroy(peer_cfg); } - + /** * Register listener, enable initiate-failure-detection hooks */ @@ -466,7 +466,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, priv->listener.ike_state_change = ike_state_change; priv->listener.child_state_change = child_state_change; charon->bus->add_listener(charon->bus, &priv->listener); - + /** * Initiate */ @@ -474,7 +474,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, { charon->bus->remove_listener(charon->bus, &priv->listener); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa); - + g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, "Initiating failed."); return FALSE; @@ -484,14 +484,14 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, } /** - * NeedSecrets called from NM via DBUS + * NeedSecrets called from NM via DBUS */ static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection, char **setting_name, GError **error) { NMSettingVPN *settings; const char *method, *path; - + settings = NM_SETTING_VPN(nm_connection_get_setting(connection, NM_TYPE_SETTING_VPN)); method = nm_setting_vpn_get_data_item(settings, "method"); @@ -518,7 +518,7 @@ static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection, { private_key_t *key; chunk_t secret; - + secret.ptr = (char*)nm_setting_vpn_get_secret(settings, "password"); if (secret.ptr) { @@ -541,7 +541,7 @@ static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection, } /** - * Disconnect called from NM via DBUS + * Disconnect called from NM via DBUS */ static gboolean disconnect(NMVPNPlugin *plugin, GError **err) { @@ -549,7 +549,7 @@ static gboolean disconnect(NMVPNPlugin *plugin, GError **err) enumerator_t *enumerator; ike_sa_t *ike_sa; u_int id; - + /* our ike_sa pointer might be invalid, lookup sa */ enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) @@ -564,7 +564,7 @@ static gboolean disconnect(NMVPNPlugin *plugin, GError **err) } } enumerator->destroy(enumerator); - + g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_GENERAL, "Connection not found."); return FALSE; @@ -576,7 +576,7 @@ static gboolean disconnect(NMVPNPlugin *plugin, GError **err) static void nm_strongswan_plugin_init(NMStrongswanPlugin *plugin) { NMStrongswanPluginPrivate *priv; - + priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin); priv->plugin = NM_VPN_PLUGIN(plugin); memset(&priv->listener.log, 0, sizeof(listener_t)); @@ -591,7 +591,7 @@ static void nm_strongswan_plugin_class_init( NMStrongswanPluginClass *strongswan_class) { NMVPNPluginClass *parent_class = NM_VPN_PLUGIN_CLASS(strongswan_class); - + g_type_class_add_private(G_OBJECT_CLASS(strongswan_class), sizeof(NMStrongswanPluginPrivate)); parent_class->connect = connect_; @@ -612,7 +612,7 @@ NMStrongswanPlugin *nm_strongswan_plugin_new(nm_creds_t *creds, if (plugin) { NMStrongswanPluginPrivate *priv; - + priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin); priv->creds = creds; priv->handler = handler; diff --git a/src/charon/plugins/resolv_conf/resolv_conf_handler.c b/src/charon/plugins/resolv_conf/resolv_conf_handler.c index 749cfbc5b..47e04416c 100644 --- a/src/charon/plugins/resolv_conf/resolv_conf_handler.c +++ b/src/charon/plugins/resolv_conf/resolv_conf_handler.c @@ -26,17 +26,17 @@ typedef struct private_resolv_conf_handler_t private_resolv_conf_handler_t; * Private data of an resolv_conf_handler_t object. */ struct private_resolv_conf_handler_t { - + /** * Public resolv_conf_handler_t interface. */ resolv_conf_handler_t public; - + /** * resolv.conf file to use */ char *file; - + /** * Mutex to access file exclusively */ @@ -55,7 +55,7 @@ static bool handle(private_resolv_conf_handler_t *this, ike_sa_t *ike_sa, int family; size_t len; bool handled = FALSE; - + switch (type) { case INTERNAL_IP4_DNS: @@ -67,9 +67,9 @@ static bool handle(private_resolv_conf_handler_t *this, ike_sa_t *ike_sa, default: return FALSE; } - + this->mutex->lock(this->mutex); - + in = fopen(this->file, "r"); /* allows us to stream from in to out */ unlink(this->file); @@ -82,7 +82,7 @@ static bool handle(private_resolv_conf_handler_t *this, ike_sa_t *ike_sa, DBG1(DBG_IKE, "installing DNS server %H to %s", addr, this->file); addr->destroy(addr); handled = TRUE; - + /* copy rest of the file */ if (in) { @@ -94,7 +94,7 @@ static bool handle(private_resolv_conf_handler_t *this, ike_sa_t *ike_sa, } fclose(out); } - + if (!handled) { DBG1(DBG_IKE, "adding DNS server failed", this->file); @@ -113,7 +113,7 @@ static void release(private_resolv_conf_handler_t *this, ike_sa_t *ike_sa, char line[1024], matcher[512], *pos; host_t *addr; int family; - + switch (type) { case INTERNAL_IP4_DNS: @@ -125,9 +125,9 @@ static void release(private_resolv_conf_handler_t *this, ike_sa_t *ike_sa, default: return; } - + this->mutex->lock(this->mutex); - + in = fopen(this->file, "r"); if (in) { @@ -140,7 +140,7 @@ static void release(private_resolv_conf_handler_t *this, ike_sa_t *ike_sa, snprintf(matcher, sizeof(matcher), "nameserver %H # by strongSwan, from %Y\n", addr, ike_sa->get_other_id(ike_sa)); - + /* copy all, but matching line */ while ((pos = fgets(line, sizeof(line), in))) { @@ -159,7 +159,7 @@ static void release(private_resolv_conf_handler_t *this, ike_sa_t *ike_sa, } fclose(in); } - + this->mutex->unlock(this->mutex); } @@ -178,15 +178,15 @@ static void destroy(private_resolv_conf_handler_t *this) resolv_conf_handler_t *resolv_conf_handler_create() { private_resolv_conf_handler_t *this = malloc_thing(private_resolv_conf_handler_t); - + this->public.handler.handle = (bool(*)(attribute_handler_t*, ike_sa_t*, configuration_attribute_type_t, chunk_t))handle; this->public.handler.release = (void(*)(attribute_handler_t*, ike_sa_t*, configuration_attribute_type_t, chunk_t))release; this->public.destroy = (void(*)(resolv_conf_handler_t*))destroy; - + this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); this->file = lib->settings->get_str(lib->settings, "charon.plugins.resolv-conf.file", RESOLV_CONF); - + return &this->public; } diff --git a/src/charon/plugins/resolv_conf/resolv_conf_handler.h b/src/charon/plugins/resolv_conf/resolv_conf_handler.h index 2635bb802..5aa17cada 100644 --- a/src/charon/plugins/resolv_conf/resolv_conf_handler.h +++ b/src/charon/plugins/resolv_conf/resolv_conf_handler.h @@ -29,12 +29,12 @@ typedef struct resolv_conf_handler_t resolv_conf_handler_t; * Handle DNS configuration attributes by mangling a resolv.conf file. */ struct resolv_conf_handler_t { - + /** * Implements the attribute_handler_t interface */ attribute_handler_t handler; - + /** * Destroy a resolv_conf_handler_t. */ diff --git a/src/charon/plugins/resolv_conf/resolv_conf_plugin.c b/src/charon/plugins/resolv_conf/resolv_conf_plugin.c index ff9d96eb3..418820115 100644 --- a/src/charon/plugins/resolv_conf/resolv_conf_plugin.c +++ b/src/charon/plugins/resolv_conf/resolv_conf_plugin.c @@ -29,7 +29,7 @@ struct private_resolv_conf_plugin_t { * implements plugin interface */ resolv_conf_plugin_t public; - + /** * The registerd DNS attribute handler */ @@ -53,12 +53,12 @@ static void destroy(private_resolv_conf_plugin_t *this) plugin_t *plugin_create() { private_resolv_conf_plugin_t *this = malloc_thing(private_resolv_conf_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->handler = resolv_conf_handler_create(); charon->attributes->add_handler(charon->attributes, &this->handler->handler); - + return &this->public.plugin; } diff --git a/src/charon/plugins/resolv_conf/resolv_conf_plugin.h b/src/charon/plugins/resolv_conf/resolv_conf_plugin.h index f5943d9a3..7cbeab86c 100644 --- a/src/charon/plugins/resolv_conf/resolv_conf_plugin.h +++ b/src/charon/plugins/resolv_conf/resolv_conf_plugin.h @@ -32,7 +32,7 @@ typedef struct resolv_conf_plugin_t resolv_conf_plugin_t; * Plugin that writes received DNS servers in a resolv.conf file. */ struct resolv_conf_plugin_t { - + /** * implements plugin interface */ diff --git a/src/charon/plugins/smp/smp.c b/src/charon/plugins/smp/smp.c index 562add06d..8a4c27ce0 100644 --- a/src/charon/plugins/smp/smp.c +++ b/src/charon/plugins/smp/smp.c @@ -44,12 +44,12 @@ struct private_smp_t { * Public part of smp_t object. */ smp_t public; - + /** * XML unix socket fd */ int socket; - + /** * job accepting stroke messages */ @@ -146,7 +146,7 @@ static void write_networks(xmlTextWriterPtr writer, char *element, { enumerator_t *enumerator; traffic_selector_t *ts; - + xmlTextWriterStartElement(writer, element); enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, (void**)&ts)) @@ -167,26 +167,26 @@ static void write_networks(xmlTextWriterPtr writer, char *element, static void write_childend(xmlTextWriterPtr writer, child_sa_t *child, bool local) { linked_list_t *list; - - xmlTextWriterWriteFormatElement(writer, "spi", "%lx", + + xmlTextWriterWriteFormatElement(writer, "spi", "%lx", htonl(child->get_spi(child, local))); list = child->get_traffic_selectors(child, local); write_networks(writer, "networks", list); } /** - * write a child_sa_t + * write a child_sa_t */ static void write_child(xmlTextWriterPtr writer, child_sa_t *child) { child_cfg_t *config; - + config = child->get_config(child); xmlTextWriterStartElement(writer, "childsa"); xmlTextWriterWriteFormatElement(writer, "reqid", "%d", child->get_reqid(child)); - xmlTextWriterWriteFormatElement(writer, "childconfig", "%s", + xmlTextWriterWriteFormatElement(writer, "childconfig", "%s", config->get_name(config)); xmlTextWriterStartElement(writer, "local"); write_childend(writer, child, TRUE); @@ -207,7 +207,7 @@ static void request_query_ikesa(xmlTextReaderPtr reader, xmlTextWriterPtr writer /* <ikesalist> */ xmlTextWriterStartElement(writer, "ikesalist"); - + enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) { @@ -215,18 +215,18 @@ static void request_query_ikesa(xmlTextReaderPtr reader, xmlTextWriterPtr writer host_t *local, *remote; iterator_t *children; child_sa_t *child_sa; - + id = ike_sa->get_id(ike_sa); - + xmlTextWriterStartElement(writer, "ikesa"); xmlTextWriterWriteFormatElement(writer, "id", "%d", ike_sa->get_unique_id(ike_sa)); - xmlTextWriterWriteFormatElement(writer, "status", "%N", + xmlTextWriterWriteFormatElement(writer, "status", "%N", ike_sa_state_lower_names, ike_sa->get_state(ike_sa)); xmlTextWriterWriteElement(writer, "role", id->is_initiator(id) ? "initiator" : "responder"); xmlTextWriterWriteElement(writer, "peerconfig", ike_sa->get_name(ike_sa)); - + /* <local> */ local = ike_sa->get_my_host(ike_sa); xmlTextWriterStartElement(writer, "local"); @@ -243,7 +243,7 @@ static void request_query_ikesa(xmlTextReaderPtr reader, xmlTextWriterPtr writer } xmlTextWriterEndElement(writer); /* </local> */ - + /* <remote> */ remote = ike_sa->get_other_host(ike_sa); xmlTextWriterStartElement(writer, "remote"); @@ -259,8 +259,8 @@ static void request_query_ikesa(xmlTextReaderPtr reader, xmlTextWriterPtr writer write_bool(writer, "nat", ike_sa->has_condition(ike_sa, COND_NAT_THERE)); } xmlTextWriterEndElement(writer); - /* </remote> */ - + /* </remote> */ + /* <childsalist> */ xmlTextWriterStartElement(writer, "childsalist"); children = ike_sa->create_child_sa_iterator(ike_sa); @@ -270,13 +270,13 @@ static void request_query_ikesa(xmlTextReaderPtr reader, xmlTextWriterPtr writer } children->destroy(children); /* </childsalist> */ - xmlTextWriterEndElement(writer); - + xmlTextWriterEndElement(writer); + /* </ikesa> */ xmlTextWriterEndElement(writer); } enumerator->destroy(enumerator); - + /* </ikesalist> */ xmlTextWriterEndElement(writer); } @@ -291,7 +291,7 @@ static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr write /* <configlist> */ xmlTextWriterStartElement(writer, "configlist"); - + enumerator = charon->backends->create_peer_cfg_enumerator(charon->backends, NULL, NULL, NULL, NULL); while (enumerator->enumerate(enumerator, &peer_cfg)) @@ -300,18 +300,18 @@ static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr write child_cfg_t *child_cfg; ike_cfg_t *ike_cfg; linked_list_t *list; - + if (peer_cfg->get_ike_version(peer_cfg) != 2) { /* only IKEv2 connections yet */ continue; } - + /* <peerconfig> */ xmlTextWriterStartElement(writer, "peerconfig"); xmlTextWriterWriteElement(writer, "name", peer_cfg->get_name(peer_cfg)); - + /* TODO: write auth_cfgs */ - + /* <ikeconfig> */ ike_cfg = peer_cfg->get_ike_cfg(peer_cfg); xmlTextWriterStartElement(writer, "ikeconfig"); @@ -319,14 +319,14 @@ static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr write xmlTextWriterWriteElement(writer, "remote", ike_cfg->get_other_addr(ike_cfg)); xmlTextWriterEndElement(writer); /* </ikeconfig> */ - + /* <childconfiglist> */ xmlTextWriterStartElement(writer, "childconfiglist"); children = peer_cfg->create_child_cfg_enumerator(peer_cfg); while (children->enumerate(children, &child_cfg)) { /* <childconfig> */ - xmlTextWriterStartElement(writer, "childconfig"); + xmlTextWriterStartElement(writer, "childconfig"); xmlTextWriterWriteElement(writer, "name", child_cfg->get_name(child_cfg)); list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); @@ -334,7 +334,7 @@ static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr write list->destroy_offset(list, offsetof(traffic_selector_t, destroy)); list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL); write_networks(writer, "remote", list); - list->destroy_offset(list, offsetof(traffic_selector_t, destroy)); + list->destroy_offset(list, offsetof(traffic_selector_t, destroy)); xmlTextWriterEndElement(writer); /* </childconfig> */ } @@ -342,7 +342,7 @@ static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr write /* </childconfiglist> */ xmlTextWriterEndElement(writer); /* </peerconfig> */ - xmlTextWriterEndElement(writer); + xmlTextWriterEndElement(writer); } enumerator->destroy(enumerator); /* </configlist> */ @@ -381,7 +381,7 @@ static void request_control_terminate(xmlTextReaderPtr reader, const char *str; u_int32_t id; status_t status; - + str = xmlTextReaderConstValue(reader); if (str == NULL) { @@ -393,7 +393,7 @@ static void request_control_terminate(xmlTextReaderPtr reader, { enumerator_t *enumerator; ike_sa_t *ike_sa; - + enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) { @@ -411,21 +411,21 @@ static void request_control_terminate(xmlTextReaderPtr reader, DBG1(DBG_CFG, "error parsing XML id string"); return; } - + DBG1(DBG_CFG, "terminating %s_SA %d", ike ? "IKE" : "CHILD", id); - + /* <log> */ xmlTextWriterStartElement(writer, "log"); if (ike) { status = charon->controller->terminate_ike( - charon->controller, id, + charon->controller, id, (controller_cb_t)xml_callback, writer); } else { status = charon->controller->terminate_child( - charon->controller, id, + charon->controller, id, (controller_cb_t)xml_callback, writer); } /* </log> */ @@ -448,7 +448,7 @@ static void request_control_initiate(xmlTextReaderPtr reader, peer_cfg_t *peer; child_cfg_t *child = NULL; enumerator_t *enumerator; - + str = xmlTextReaderConstValue(reader); if (str == NULL) { @@ -456,7 +456,7 @@ static void request_control_initiate(xmlTextReaderPtr reader, return; } DBG1(DBG_CFG, "initiating %s_SA %s", ike ? "IKE" : "CHILD", str); - + /* <log> */ xmlTextWriterStartElement(writer, "log"); peer = charon->backends->get_peer_cfg_by_name(charon->backends, (char*)str); @@ -571,7 +571,7 @@ static void request_control(xmlTextReaderPtr reader, xmlTextWriterPtr writer) static void request(xmlTextReaderPtr reader, char *id, int fd) { xmlTextWriterPtr writer; - + writer = xmlNewTextWriter(xmlOutputBufferCreateFd(fd, NULL)); if (writer == NULL) { @@ -627,7 +627,7 @@ static job_requeue_t process(int *fdp) size_t len; xmlTextReaderPtr reader; char *id = NULL, *type = NULL; - + pthread_cleanup_push((void*)closefdp, (void*)&fd); pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); len = read(fd, buffer, sizeof(buffer)); @@ -640,14 +640,14 @@ static job_requeue_t process(int *fdp) return JOB_REQUEUE_NONE; } DBG3(DBG_CFG, "got XML request: %b", buffer, len); - + reader = xmlReaderForMemory(buffer, len, NULL, NULL, 0); if (reader == NULL) { DBG1(DBG_CFG, "opening SMP XML reader failed"); return JOB_REQUEUE_FAIR;; } - + /* read message type and id */ while (xmlTextReaderRead(reader)) { @@ -659,7 +659,7 @@ static job_requeue_t process(int *fdp) break; } } - + /* process message */ if (id && type) { @@ -684,24 +684,24 @@ static job_requeue_t dispatch(private_smp_t *this) struct sockaddr_un strokeaddr; int oldstate, fd, *fdp, strokeaddrlen = sizeof(strokeaddr); callback_job_t *job; - + /* wait for connections, but allow thread to terminate */ pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); fd = accept(this->socket, (struct sockaddr *)&strokeaddr, &strokeaddrlen); pthread_setcancelstate(oldstate, NULL); - + if (fd < 0) { DBG1(DBG_CFG, "accepting SMP XML socket failed: %s", strerror(errno)); sleep(1); return JOB_REQUEUE_FAIR;; } - + fdp = malloc_thing(int); *fdp = fd; job = callback_job_create((callback_job_cb_t)process, fdp, free, this->job); charon->processor->queue_job(charon->processor, (job_t*)job); - + return JOB_REQUEUE_DIRECT; } @@ -725,7 +725,7 @@ plugin_t *plugin_create() mode_t old; this->public.plugin.destroy = (void (*)(plugin_t*))destroy; - + /* set up unix socket */ this->socket = socket(AF_UNIX, SOCK_STREAM, 0); if (this->socket == -1) @@ -734,7 +734,7 @@ plugin_t *plugin_create() free(this); return NULL; } - + unlink(unix_addr.sun_path); old = umask(~(S_IRWXU | S_IRWXG)); if (bind(this->socket, (struct sockaddr *)&unix_addr, sizeof(unix_addr)) < 0) @@ -749,7 +749,7 @@ plugin_t *plugin_create() { DBG1(DBG_CFG, "changing XML socket permissions failed: %s", strerror(errno)); } - + if (listen(this->socket, 5) < 0) { DBG1(DBG_CFG, "could not listen on XML socket: %s", strerror(errno)); @@ -760,7 +760,7 @@ plugin_t *plugin_create() this->job = callback_job_create((callback_job_cb_t)dispatch, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public.plugin; } diff --git a/src/charon/plugins/sql/pool.c b/src/charon/plugins/sql/pool.c index ef119c966..c029dea24 100644 --- a/src/charon/plugins/sql/pool.c +++ b/src/charon/plugins/sql/pool.c @@ -43,7 +43,7 @@ static u_int get_pool_size(chunk_t start, chunk_t end) if (start.len < sizeof(u_int) || end.len < sizeof(u_int)) { - return 0; + return 0; } start_ptr = (u_int*)(start.ptr + start.len - sizeof(u_int)); end_ptr = (u_int*)(end.ptr + end.len - sizeof(u_int)); @@ -103,7 +103,7 @@ static void status(void) { enumerator_t *pool, *lease; bool found = FALSE; - + pool = db->query(db, "SELECT id, name, start, end, timeout FROM pools", DB_INT, DB_TEXT, DB_BLOB, DB_BLOB, DB_UINT); if (pool) @@ -112,7 +112,7 @@ static void status(void) chunk_t start_chunk, end_chunk; host_t *start, *end; u_int id, timeout, online = 0, used = 0, size = 0; - + while (pool->enumerate(pool, &id, &name, &start_chunk, &end_chunk, &timeout)) { @@ -122,7 +122,7 @@ static void status(void) "end", "timeout", "size", "online", "usage"); found = TRUE; } - + start = host_create_from_chunk(AF_UNSPEC, start_chunk, 0); end = host_create_from_chunk(AF_UNSPEC, end_chunk, 0); size = get_pool_size(start_chunk, end_chunk); @@ -159,7 +159,7 @@ static void status(void) lease->destroy(lease); } printf("%5d (%2d%%) ", used, used*100/size); - + printf("\n"); DESTROY_IF(start); DESTROY_IF(end); @@ -180,7 +180,7 @@ static void add(char *name, host_t *start, host_t *end, int timeout) { chunk_t start_addr, end_addr, cur_addr; u_int id, count; - + start_addr = start->get_address(start); end_addr = end->get_address(end); cur_addr = chunk_clonea(start_addr); @@ -224,7 +224,7 @@ static void add(char *name, host_t *start, host_t *end, int timeout) db->execute(db, NULL, "END TRANSACTION"); } printf("done.\n", count); - + exit(0); } @@ -236,7 +236,7 @@ static void del(char *name) enumerator_t *query; u_int id; bool found = FALSE; - + query = db->query(db, "SELECT id FROM pools WHERE name = ?", DB_TEXT, name, DB_UINT); if (!query) @@ -277,9 +277,9 @@ static void resize(char *name, host_t *end) enumerator_t *query; chunk_t old_addr, new_addr, cur_addr; u_int id, count; - + new_addr = end->get_address(end); - + query = db->query(db, "SELECT id, end FROM pools WHERE name = ?", DB_TEXT, name, DB_UINT, DB_BLOB); if (!query || !query->enumerate(query, &id, &old_addr)) @@ -306,7 +306,7 @@ static void resize(char *name, host_t *end) fprintf(stderr, "pool '%s' not found.\n", name); exit(-1); } - + printf("allocating %d new addresses... ", count); fflush(stdout); if (db->get_driver(db) == DB_SQLITE) @@ -326,7 +326,7 @@ static void resize(char *name, host_t *end) db->execute(db, NULL, "END TRANSACTION"); } printf("done.\n", count); - + exit(0); } @@ -356,7 +356,7 @@ static enumerator_t *create_lease_query(char *filter) [FIL_STATE] = "status", NULL }; - + /* if the filter string contains a distinguished name as a ID, we replace * ", " by "/ " in order to not confuse the getsubopt parser */ pos = filter; @@ -368,7 +368,7 @@ static enumerator_t *create_lease_query(char *filter) } pos++; } - + while (filter && *filter != '\0') { switch (getsubopt(&filter, token, &value)) @@ -493,7 +493,7 @@ static void leases(char *filter, bool utc) host_t *address; identification_t *identity; bool found = FALSE; - + query = create_lease_query(filter); if (!query) { @@ -513,7 +513,7 @@ static void leases(char *filter, bool utc) } address = host_create_from_chunk(AF_UNSPEC, address_chunk, 0); identity = identification_create_from_encoding(identity_type, identity_chunk); - + printf("%-8s %-15H ", name, address); if (released == 0) { @@ -531,7 +531,7 @@ static void leases(char *filter, bool utc) { printf("%-7s ", "expired"); } - + printf(" %T ", &acquired, utc); if (released) { @@ -564,7 +564,7 @@ static void leases(char *filter, bool utc) static void purge(char *name) { int purged = 0; - + purged = db->execute(db, NULL, "DELETE FROM leases WHERE address IN (" " SELECT id FROM addresses WHERE pool IN (" @@ -595,7 +595,7 @@ static void cleanup(void) static void dbg_stderr(int level, char *fmt, ...) { va_list args; - + if (level <= 1) { va_start(args, fmt); @@ -639,7 +639,7 @@ int main(int argc, char *argv[]) { exit(SS_RC_INITIALIZATION_FAILED); } - + uri = lib->settings->get_str(lib->settings, "charon.plugins.sql.database", NULL); if (!uri) { @@ -653,14 +653,14 @@ int main(int argc, char *argv[]) exit(SS_RC_INITIALIZATION_FAILED); } atexit(cleanup); - + while (TRUE) { int c; - + struct option long_opts[] = { { "help", no_argument, NULL, 'h' }, - + { "utc", no_argument, NULL, 'u' }, { "status", no_argument, NULL, 'w' }, { "add", required_argument, NULL, 'a' }, @@ -668,14 +668,14 @@ int main(int argc, char *argv[]) { "resize", required_argument, NULL, 'r' }, { "leases", no_argument, NULL, 'l' }, { "purge", required_argument, NULL, 'p' }, - + { "start", required_argument, NULL, 's' }, { "end", required_argument, NULL, 'e' }, { "timeout", required_argument, NULL, 't' }, { "filter", required_argument, NULL, 'f' }, { 0,0,0,0 } }; - + c = getopt_long(argc, argv, "", long_opts, NULL); switch (c) { @@ -744,7 +744,7 @@ int main(int argc, char *argv[]) } break; } - + switch (operation) { case OP_USAGE: diff --git a/src/charon/plugins/sql/sql_attribute.c b/src/charon/plugins/sql/sql_attribute.c index 77601e612..9045f7739 100644 --- a/src/charon/plugins/sql/sql_attribute.c +++ b/src/charon/plugins/sql/sql_attribute.c @@ -30,12 +30,12 @@ struct private_sql_attribute_t { * public functions */ sql_attribute_t public; - + /** * database connection */ database_t *db; - + /** * wheter to record lease history in lease table */ @@ -49,13 +49,13 @@ static u_int get_identity(private_sql_attribute_t *this, identification_t *id) { enumerator_t *e; u_int row; - + /* look for peer identity in the identities table */ e = this->db->query(this->db, "SELECT id FROM identities WHERE type = ? AND data = ?", DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id), DB_UINT); - + if (e && e->enumerate(e, &row)) { e->destroy(e); @@ -111,7 +111,7 @@ static host_t* check_lease(private_sql_attribute_t *this, char *name, if (!e || !e->enumerate(e, &id, &address)) { DESTROY_IF(e); - break; + break; } address = chunk_clonea(address); e->destroy(e); @@ -172,11 +172,11 @@ static host_t* get_lease(private_sql_attribute_t *this, char *name, if (!e || !e->enumerate(e, &id, &address)) { DESTROY_IF(e); - break; + break; } address = chunk_clonea(address); e->destroy(e); - + if (timeout) { hits = this->db->execute(this->db, NULL, @@ -290,12 +290,12 @@ static bool release_address(private_sql_attribute_t *this, enumerator_t *enumerator; bool found = FALSE; time_t now = time(NULL); - + enumerator = enumerator_create_token(name, ",", " "); while (enumerator->enumerate(enumerator, &name)) { u_int pool, timeout; - + pool = get_pool(this, name, &timeout); if (pool) { @@ -337,16 +337,16 @@ sql_attribute_t *sql_attribute_create(database_t *db) { private_sql_attribute_t *this = malloc_thing(private_sql_attribute_t); time_t now = time(NULL); - + this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *, host_t *))acquire_address; this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))release_address; this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id))enumerator_create_empty; this->public.destroy = (void(*)(sql_attribute_t*))destroy; - + this->db = db; this->history = lib->settings->get_bool(lib->settings, "charon.plugins.sql.lease_history", TRUE); - + /* close any "online" leases in the case we crashed */ if (this->history) { diff --git a/src/charon/plugins/sql/sql_attribute.h b/src/charon/plugins/sql/sql_attribute.h index 23700dea9..6d4958d32 100644 --- a/src/charon/plugins/sql/sql_attribute.h +++ b/src/charon/plugins/sql/sql_attribute.h @@ -34,7 +34,7 @@ struct sql_attribute_t { * Implements attribute provider interface */ attribute_provider_t provider; - + /** * Destroy a sql_attribute instance. */ diff --git a/src/charon/plugins/sql/sql_config.c b/src/charon/plugins/sql/sql_config.c index 67b5c3b64..7c76c572d 100644 --- a/src/charon/plugins/sql/sql_config.c +++ b/src/charon/plugins/sql/sql_config.c @@ -30,7 +30,7 @@ struct private_sql_config_t { * Public part */ sql_config_t public; - + /** * database connection */ @@ -58,7 +58,7 @@ static traffic_selector_t *build_traffic_selector(private_sql_config_t *this, TS_LOCAL_DYNAMIC = 2, TS_REMOTE_DYNAMIC = 3, } kind; - + while (e->enumerate(e, &kind, &type, &protocol, &start_addr, &end_addr, &start_port, &end_port)) { @@ -99,7 +99,7 @@ static void add_traffic_selectors(private_sql_config_t *this, enumerator_t *e; traffic_selector_t *ts; bool local; - + e = this->db->query(this->db, "SELECT kind, type, protocol, " "start_addr, end_addr, start_port, end_port " @@ -126,8 +126,8 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e) int id, lifetime, rekeytime, jitter, hostaccess, mode, dpd, close, ipcomp; char *name, *updown; child_cfg_t *child_cfg; - - if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter, + + if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter, &updown, &hostaccess, &mode, &dpd, &close, &ipcomp)) { lifetime_cfg_t lft = { @@ -150,7 +150,7 @@ static void add_child_cfgs(private_sql_config_t *this, peer_cfg_t *peer, int id) { enumerator_t *e; child_cfg_t *child_cfg; - + e = this->db->query(this->db, "SELECT id, name, lifetime, rekeytime, jitter, " "updown, hostaccess, mode, dpd_action, close_action, ipcomp " @@ -177,11 +177,11 @@ static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e, { int certreq, force_encap; char *local, *remote; - + while (e->enumerate(e, &certreq, &force_encap, &local, &remote)) { ike_cfg_t *ike_cfg; - + ike_cfg = ike_cfg_create(certreq, force_encap, local, remote); /* TODO: read proposal from db */ ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); @@ -197,7 +197,7 @@ static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id) { enumerator_t *e; ike_cfg_t *ike_cfg = NULL; - + e = this->db->query(this->db, "SELECT certreq, force_encap, local, remote " "FROM ike_configs WHERE id = ?", @@ -218,7 +218,7 @@ static peer_cfg_t *get_peer_cfg_by_id(private_sql_config_t *this, int id) { enumerator_t *e; peer_cfg_t *peer_cfg = NULL; - + e = this->db->query(this->db, "SELECT c.id, name, ike_cfg, l.type, l.data, r.type, r.data, " "cert_policy, uniqueid, auth_method, eap_type, eap_vendor, " @@ -232,8 +232,8 @@ static peer_cfg_t *get_peer_cfg_by_id(private_sql_config_t *this, int id) "WHERE id = ?", DB_INT, id, DB_INT, DB_TEXT, DB_INT, DB_INT, DB_BLOB, DB_INT, DB_BLOB, - DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, - DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, + DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, + DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_TEXT, DB_TEXT, DB_INT, DB_INT, DB_INT, DB_BLOB); if (e) @@ -256,11 +256,11 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, mediation, mediated_by, p_type; chunk_t l_data, r_data, p_data; char *name, *virtual, *pool; - + while (e->enumerate(e, &id, &name, &ike_cfg, &l_type, &l_data, &r_type, &r_data, &cert_policy, &uniqueid, &auth_method, &eap_type, &eap_vendor, - &keyingtries, &rekeytime, &reauthtime, &jitter, &overtime, &mobike, + &keyingtries, &rekeytime, &reauthtime, &jitter, &overtime, &mobike, &dpd_delay, &virtual, &pool, &mediation, &mediated_by, &p_type, &p_data)) { @@ -269,7 +269,7 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, ike_cfg_t *ike; host_t *vip = NULL; auth_cfg_t *auth; - + local_id = identification_create_from_encoding(l_type, l_data); remote_id = identification_create_from_encoding(r_type, r_data); if ((me && !me->matches(me, local_id)) || @@ -331,7 +331,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_sql_config_t *this, char *name) { enumerator_t *e; peer_cfg_t *peer_cfg = NULL; - + e = this->db->query(this->db, "SELECT c.id, name, ike_cfg, l.type, l.data, r.type, r.data, " "cert_policy, uniqueid, auth_method, eap_type, eap_vendor, " @@ -404,14 +404,14 @@ static enumerator_t* create_ike_cfg_enumerator(private_sql_config_t *this, host_t *me, host_t *other) { ike_enumerator_t *e = malloc_thing(ike_enumerator_t); - + e->this = this; e->me = me; e->other = other; e->current = NULL; e->public.enumerate = (void*)ike_enumerator_enumerate; e->public.destroy = (void*)ike_enumerator_destroy; - + e->inner = this->db->query(this->db, "SELECT certreq, force_encap, local, remote " "FROM ike_configs", @@ -473,7 +473,7 @@ static enumerator_t* create_peer_cfg_enumerator(private_sql_config_t *this, identification_t *other) { peer_enumerator_t *e = malloc_thing(peer_enumerator_t); - + e->this = this; e->me = me; e->other = other; @@ -526,9 +526,9 @@ sql_config_t *sql_config_create(database_t *db) this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; this->public.destroy = (void(*)(sql_config_t*))destroy; - + this->db = db; - + return &this->public; } diff --git a/src/charon/plugins/sql/sql_config.h b/src/charon/plugins/sql/sql_config.h index abc6ef382..700d00a97 100644 --- a/src/charon/plugins/sql/sql_config.h +++ b/src/charon/plugins/sql/sql_config.h @@ -35,11 +35,11 @@ struct sql_config_t { * Implements backend_t interface */ backend_t backend; - + /** * Destry the backend. */ - void (*destroy)(sql_config_t *this); + void (*destroy)(sql_config_t *this); }; /** diff --git a/src/charon/plugins/sql/sql_cred.c b/src/charon/plugins/sql/sql_cred.c index f8b7a35c1..12f4ab045 100644 --- a/src/charon/plugins/sql/sql_cred.c +++ b/src/charon/plugins/sql/sql_cred.c @@ -30,7 +30,7 @@ struct private_sql_cred_t { * Public part */ sql_cred_t public; - + /** * database connection */ @@ -92,7 +92,7 @@ static enumerator_t* create_private_enumerator(private_sql_cred_t *this, identification_t *id) { private_enumerator_t *e; - + e = malloc_thing(private_enumerator_t); e->current = NULL; e->public.enumerate = (void*)private_enumerator_enumerate; @@ -178,7 +178,7 @@ static enumerator_t* create_cert_enumerator(private_sql_cred_t *this, identification_t *id, bool trusted) { cert_enumerator_t *e; - + e = malloc_thing(cert_enumerator_t); e->current = NULL; e->public.enumerate = (void*)cert_enumerator_enumerate; @@ -275,11 +275,11 @@ static void shared_enumerator_destroy(shared_enumerator_t *this) * Implementation of credential_set_t.create_shared_enumerator. */ static enumerator_t* create_shared_enumerator(private_sql_cred_t *this, - shared_key_type_t type, + shared_key_type_t type, identification_t *me, identification_t *other) { shared_enumerator_t *e; - + e = malloc_thing(shared_enumerator_t); e->me = me; e->other = other; @@ -306,12 +306,12 @@ static enumerator_t* create_shared_enumerator(private_sql_cred_t *this, DB_INT, me->get_type(me), DB_BLOB, me->get_encoding(me), DB_INT, other->get_type(other), DB_BLOB, other->get_encoding(other), DB_INT, type == SHARED_ANY, DB_INT, type, - DB_INT, DB_BLOB); + DB_INT, DB_BLOB); } else { identification_t *id = me ? me : other; - + e->inner = this->db->query(this->db, "SELECT s.type, s.data FROM shared_secrets AS s " "JOIN shared_secret_identity AS si ON s.id = si.shared_secret " @@ -350,16 +350,16 @@ static void destroy(private_sql_cred_t *this) sql_cred_t *sql_cred_create(database_t *db) { private_sql_cred_t *this = malloc_thing(private_sql_cred_t); - + this->public.set.create_private_enumerator = (void*)create_private_enumerator; this->public.set.create_cert_enumerator = (void*)create_cert_enumerator; this->public.set.create_shared_enumerator = (void*)create_shared_enumerator; this->public.set.create_cdp_enumerator = (void*)return_null; this->public.set.cache_cert = (void*)cache_cert; this->public.destroy = (void(*)(sql_cred_t*))destroy; - + this->db = db; - + return &this->public; } diff --git a/src/charon/plugins/sql/sql_cred.h b/src/charon/plugins/sql/sql_cred.h index 2a9a96df1..7f387398e 100644 --- a/src/charon/plugins/sql/sql_cred.h +++ b/src/charon/plugins/sql/sql_cred.h @@ -35,11 +35,11 @@ struct sql_cred_t { * Implements credential_set_t interface */ credential_set_t set; - + /** * Destry the backend. */ - void (*destroy)(sql_cred_t *this); + void (*destroy)(sql_cred_t *this); }; /** diff --git a/src/charon/plugins/sql/sql_logger.c b/src/charon/plugins/sql/sql_logger.c index 20d42662b..d350c4c3d 100644 --- a/src/charon/plugins/sql/sql_logger.c +++ b/src/charon/plugins/sql/sql_logger.c @@ -30,17 +30,17 @@ struct private_sql_logger_t { * Public part */ sql_logger_t public; - + /** * database connection */ database_t *db; - + /** * logging level */ int level; - + /** * avoid recursive logging */ @@ -67,7 +67,7 @@ static bool log_(private_sql_logger_t *this, debug_t group, level_t level, identification_t *local_id, *remote_id; u_int64_t ispi, rspi; ike_sa_id_t *id; - + id = ike_sa->get_id(ike_sa); ispi = id->get_initiator_spi(id); rspi = id->get_responder_spi(id); @@ -86,9 +86,9 @@ static bool log_(private_sql_logger_t *this, debug_t group, level_t level, remote_id = ike_sa->get_other_id(ike_sa); local_host = ike_sa->get_my_host(ike_sa); remote_host = ike_sa->get_other_host(ike_sa); - + vsnprintf(buffer, sizeof(buffer), format, args); - + this->db->execute(this->db, NULL, "REPLACE INTO ike_sas (" "local_spi, remote_spi, id, initiator, " "local_id_type, local_id_data, " @@ -129,17 +129,17 @@ static void destroy(private_sql_logger_t *this) sql_logger_t *sql_logger_create(database_t *db) { private_sql_logger_t *this = malloc_thing(private_sql_logger_t); - + memset(&this->public.listener, 0, sizeof(listener_t)); this->public.listener.log = (bool(*)(listener_t*,debug_t,level_t,int,ike_sa_t*,char*,va_list))log_; this->public.destroy = (void(*)(sql_logger_t*))destroy; - + this->db = db; this->recursive = FALSE; - + this->level = lib->settings->get_int(lib->settings, "charon.plugins.sql.loglevel", -1); - + return &this->public; } diff --git a/src/charon/plugins/sql/sql_logger.h b/src/charon/plugins/sql/sql_logger.h index 3636c2293..a933705da 100644 --- a/src/charon/plugins/sql/sql_logger.h +++ b/src/charon/plugins/sql/sql_logger.h @@ -35,11 +35,11 @@ struct sql_logger_t { * Implements bus_listener_t interface */ listener_t listener; - + /** * Destry the backend. */ - void (*destroy)(sql_logger_t *this); + void (*destroy)(sql_logger_t *this); }; /** diff --git a/src/charon/plugins/sql/sql_plugin.c b/src/charon/plugins/sql/sql_plugin.c index e5a4afd1d..65691cc00 100644 --- a/src/charon/plugins/sql/sql_plugin.c +++ b/src/charon/plugins/sql/sql_plugin.c @@ -32,27 +32,27 @@ struct private_sql_plugin_t { * implements plugin interface */ sql_plugin_t public; - + /** * database connection instance */ database_t *db; - + /** * configuration backend */ sql_config_t *config; - + /** * credential set */ sql_cred_t *cred; - + /** * CFG attributes */ sql_attribute_t *attribute; - + /** * bus listener/logger */ @@ -83,18 +83,18 @@ plugin_t *plugin_create() { char *uri; private_sql_plugin_t *this; - + uri = lib->settings->get_str(lib->settings, "charon.plugins.sql.database", NULL); if (!uri) { DBG1(DBG_CFG, "sql plugin: database URI not set"); return NULL; } - + this = malloc_thing(private_sql_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->db = lib->db->create(lib->db, uri); if (!this->db) { @@ -106,12 +106,12 @@ plugin_t *plugin_create() this->cred = sql_cred_create(this->db); this->attribute = sql_attribute_create(this->db); this->logger = sql_logger_create(this->db); - + charon->backends->add_backend(charon->backends, &this->config->backend); charon->credentials->add_set(charon->credentials, &this->cred->set); charon->attributes->add_provider(charon->attributes, &this->attribute->provider); charon->bus->add_listener(charon->bus, &this->logger->listener); - + return &this->public.plugin; } diff --git a/src/charon/plugins/stroke/stroke_attribute.c b/src/charon/plugins/stroke/stroke_attribute.c index d3211fd67..14464e0bd 100644 --- a/src/charon/plugins/stroke/stroke_attribute.c +++ b/src/charon/plugins/stroke/stroke_attribute.c @@ -33,12 +33,12 @@ struct private_stroke_attribute_t { * public functions */ stroke_attribute_t public; - + /** * list of pools, contains pool_t */ linked_list_t *pools; - + /** * mutex to lock access to pools */ @@ -85,7 +85,7 @@ static void pool_destroy(pool_t *this) { enumerator_t *enumerator; identification_t *id; - + enumerator = this->ids->create_enumerator(this->ids); while (enumerator->enumerate(enumerator, &id, NULL)) { @@ -107,7 +107,7 @@ static pool_t *find_pool(private_stroke_attribute_t *this, char *name) { enumerator_t *enumerator; pool_t *current, *found = NULL; - + enumerator = this->pools->create_enumerator(this->pools); while (enumerator->enumerate(enumerator, ¤t)) { @@ -129,13 +129,13 @@ host_t* offset2host(pool_t *pool, int offset) chunk_t addr; host_t *host; u_int32_t *pos; - + offset--; if (offset > pool->size) { return NULL; } - + addr = chunk_clone(pool->base->get_address(pool->base)); if (pool->base->get_family(pool->base) == AF_INET6) { @@ -158,7 +158,7 @@ int host2offset(pool_t *pool, host_t *addr) { chunk_t host, base; u_int32_t hosti, basei; - + if (addr->get_family(addr) != pool->base->get_family(pool->base)) { return -1; @@ -195,7 +195,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, uintptr_t offset = 0; enumerator_t *enumerator; identification_t *old_id; - + this->mutex->lock(this->mutex); pool = find_pool(this, name); while (pool) @@ -206,7 +206,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, this->mutex->unlock(this->mutex); return requested->clone(requested); } - + if (!requested->is_anyaddr(requested) && requested->get_family(requested) != pool->base->get_family(pool->base)) @@ -214,7 +214,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, DBG1(DBG_CFG, "IP pool address family mismatch"); break; } - + /* check for a valid offline lease, refresh */ offset = (uintptr_t)pool->offline->remove(pool->offline, id); if (offset) @@ -227,7 +227,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, break; } } - + /* check for a valid online lease, reassign */ offset = (uintptr_t)pool->online->get(pool->online, id); if (offset && offset == host2offset(pool, requested)) @@ -235,7 +235,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, DBG1(DBG_CFG, "reassigning online lease to '%Y'", id); break; } - + if (pool->unused < pool->size) { /* assigning offset, starting by 1. Handling 0 in hashtable @@ -270,7 +270,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, } } enumerator->destroy(enumerator); - + DBG1(DBG_CFG, "pool '%s' is full, unable to assign address", name); break; } @@ -291,7 +291,7 @@ static bool release_address(private_stroke_attribute_t *this, pool_t *pool; bool found = FALSE; uintptr_t offset; - + this->mutex->lock(this->mutex); pool = find_pool(this, name); if (pool) @@ -323,7 +323,7 @@ static void add_pool(private_stroke_attribute_t *this, stroke_msg_t *msg) if (msg->add_conn.other.sourceip_size) { pool_t *pool; - + pool = malloc_thing(pool_t); pool->base = NULL; pool->size = 0; @@ -335,17 +335,17 @@ static void add_pool(private_stroke_attribute_t *this, stroke_msg_t *msg) (hashtable_equals_t)id_equals, 16); pool->ids = hashtable_create((hashtable_hash_t)id_hash, (hashtable_equals_t)id_equals, 16); - + /* if %config, add an empty pool, otherwise */ if (msg->add_conn.other.sourceip) { u_int32_t bits; int family; - - DBG1(DBG_CFG, "adding virtual IP address pool '%s': %s/%d", - msg->add_conn.name, msg->add_conn.other.sourceip, + + DBG1(DBG_CFG, "adding virtual IP address pool '%s': %s/%d", + msg->add_conn.name, msg->add_conn.other.sourceip, msg->add_conn.other.sourceip_size); - + pool->base = host_create_from_string(msg->add_conn.other.sourceip, 0); if (!pool->base) { @@ -363,7 +363,7 @@ static void add_pool(private_stroke_attribute_t *this, stroke_msg_t *msg) (family == AF_INET ? 32 : 128) - bits); } pool->size = 1 << (bits); - + if (pool->size > 2) { /* do not use first and last addresses of a block */ pool->unused++; @@ -383,7 +383,7 @@ static void del_pool(private_stroke_attribute_t *this, stroke_msg_t *msg) { enumerator_t *enumerator; pool_t *pool; - + this->mutex->lock(this->mutex); enumerator = this->pools->create_enumerator(this->pools); while (enumerator->enumerate(enumerator, &pool)) @@ -407,7 +407,7 @@ static bool pool_filter(void *mutex, pool_t **poolp, char **name, void *d3, u_int *offline) { pool_t *pool = *poolp; - + *name = pool->name; *size = pool->size; *online = pool->online->get_count(pool->online); @@ -450,10 +450,10 @@ static bool lease_enumerate(lease_enumerator_t *this, identification_t **id_out, { identification_t *id; uintptr_t offset; - + DESTROY_IF(this->current); this->current = NULL; - + if (this->inner->enumerate(this->inner, &id, NULL)) { offset = (uintptr_t)this->pool->online->get(this->pool->online, id); @@ -494,7 +494,7 @@ static enumerator_t* create_lease_enumerator(private_stroke_attribute_t *this, char *pool) { lease_enumerator_t *enumerator; - + this->mutex->lock(this->mutex); enumerator = malloc_thing(lease_enumerator_t); enumerator->pool = find_pool(this, pool); @@ -528,7 +528,7 @@ static void destroy(private_stroke_attribute_t *this) stroke_attribute_t *stroke_attribute_create() { private_stroke_attribute_t *this = malloc_thing(private_stroke_attribute_t); - + this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *,host_t *))acquire_address; this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))release_address; this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id))enumerator_create_empty; @@ -537,10 +537,10 @@ stroke_attribute_t *stroke_attribute_create() this->public.create_pool_enumerator = (enumerator_t*(*)(stroke_attribute_t*))create_pool_enumerator; this->public.create_lease_enumerator = (enumerator_t*(*)(stroke_attribute_t*, char *pool))create_lease_enumerator; this->public.destroy = (void(*)(stroke_attribute_t*))destroy; - + this->pools = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_attribute.h b/src/charon/plugins/stroke/stroke_attribute.h index fc273d1cb..0bb8ae4bf 100644 --- a/src/charon/plugins/stroke/stroke_attribute.h +++ b/src/charon/plugins/stroke/stroke_attribute.h @@ -30,12 +30,12 @@ typedef struct stroke_attribute_t stroke_attribute_t; * Stroke IKEv2 cfg attribute provider */ struct stroke_attribute_t { - + /** * Implements attribute provider interface */ attribute_provider_t provider; - + /** * Add a virtual IP address. * @@ -43,24 +43,24 @@ struct stroke_attribute_t { * @param end end of stroke message that contains virtual IP. */ void (*add_pool)(stroke_attribute_t *this, stroke_msg_t *msg); - + /** * Remove a virtual IP address. * * @param msg stroke message */ void (*del_pool)(stroke_attribute_t *this, stroke_msg_t *msg); - + /** * Create an enumerator over installed pools. * - * Enumerator enumerates over + * Enumerator enumerates over * char *pool, u_int size, u_int offline, u_int online. * * @return enumerator */ enumerator_t* (*create_pool_enumerator)(stroke_attribute_t *this); - + /** * Create an enumerator over the leases of a pool. * diff --git a/src/charon/plugins/stroke/stroke_ca.c b/src/charon/plugins/stroke/stroke_ca.c index 2f87ba0aa..2c3e2936e 100644 --- a/src/charon/plugins/stroke/stroke_ca.c +++ b/src/charon/plugins/stroke/stroke_ca.c @@ -34,17 +34,17 @@ struct private_stroke_ca_t { * public functions */ stroke_ca_t public; - + /** * read-write lock to lists */ rwlock_t *lock; - + /** * list of starters CA sections and its certificates (ca_section_t) */ linked_list_t *sections; - + /** * stroke credentials, stores our CA certificates */ @@ -62,27 +62,27 @@ struct ca_section_t { * name of the CA section */ char *name; - + /** * reference to cert in trusted_credential_t */ certificate_t *cert; - + /** * CRL URIs */ linked_list_t *crl; - + /** * OCSP URIs */ linked_list_t *ocsp; - + /** * Hashes of certificates issued by this CA */ linked_list_t *hashes; - + /** * Base URI used for certificates from this CA */ @@ -90,12 +90,12 @@ struct ca_section_t { }; /** - * create a new CA section + * create a new CA section */ static ca_section_t *ca_section_create(char *name, certificate_t *cert) { ca_section_t *ca = malloc_thing(ca_section_t); - + ca->name = strdup(name); ca->crl = linked_list_create(); ca->ocsp = linked_list_create(); @@ -145,7 +145,7 @@ static enumerator_t *create_inner_cdp(ca_section_t *section, cdp_data_t *data) chunk_t keyid; enumerator_t *enumerator = NULL; linked_list_t *list; - + if (data->type == CERT_X509_OCSP_RESPONSE) { list = section->ocsp; @@ -154,7 +154,7 @@ static enumerator_t *create_inner_cdp(ca_section_t *section, cdp_data_t *data) { list = section->crl; } - + public = section->cert->get_public_key(section->cert); if (public) { @@ -182,25 +182,25 @@ static enumerator_t *create_inner_cdp_hashandurl(ca_section_t *section, cdp_data { enumerator_t *enumerator = NULL, *hash_enum; identification_t *current; - + if (!data->id || !section->certuribase) { return NULL; } - + hash_enum = section->hashes->create_enumerator(section->hashes); while (hash_enum->enumerate(hash_enum, ¤t)) - { + { if (current->matches(current, data->id)) { char *url, *hash; - + url = malloc(strlen(section->certuribase) + 40 + 1); strcpy(url, section->certuribase); hash = chunk_to_hex(current->get_encoding(current), NULL, FALSE).ptr; strncat(url, hash, 40); free(hash); - + enumerator = enumerator_create_single(url, free); break; } @@ -231,7 +231,7 @@ static enumerator_t *create_cdp_enumerator(private_stroke_ca_t *this, data->this = this; data->type = type; data->id = id; - + this->lock->read_lock(this->lock); return enumerator_create_nested(this->sections->create_enumerator(this->sections), (type == CERT_X509) ? (void*)create_inner_cdp_hashandurl : (void*)create_inner_cdp, @@ -244,12 +244,12 @@ static void add(private_stroke_ca_t *this, stroke_msg_t *msg) { certificate_t *cert; ca_section_t *ca; - + if (msg->add_ca.cacert == NULL) { DBG1(DBG_CFG, "missing cacert parameter"); return; - } + } cert = this->cred->load_ca(this->cred, msg->add_ca.cacert); if (cert) { @@ -288,7 +288,7 @@ static void del(private_stroke_ca_t *this, stroke_msg_t *msg) { enumerator_t *enumerator; ca_section_t *ca = NULL; - + this->lock->write_lock(this->lock); enumerator = this->sections->create_enumerator(this->sections); while (enumerator->enumerate(enumerator, &ca)) @@ -344,14 +344,14 @@ static void check_for_hash_and_url(private_stroke_ca_t *this, certificate_t* cer { ca_section_t *section; enumerator_t *enumerator; - + hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher == NULL) { DBG1(DBG_IKE, "unable to use hash-and-url: sha1 not supported"); return; } - + this->lock->write_lock(this->lock); enumerator = this->sections->create_enumerator(this->sections); while (enumerator->enumerate(enumerator, (void**)§ion)) @@ -369,7 +369,7 @@ static void check_for_hash_and_url(private_stroke_ca_t *this, certificate_t* cer } enumerator->destroy(enumerator); this->lock->unlock(this->lock); - + hasher->destroy(hasher); } @@ -381,7 +381,7 @@ static void list(private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out) bool first = TRUE; ca_section_t *section; enumerator_t *enumerator; - + this->lock->read_lock(this->lock); enumerator = this->sections->create_enumerator(this->sections); while (enumerator->enumerate(enumerator, (void**)§ion)) @@ -389,7 +389,7 @@ static void list(private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out) certificate_t *cert = section->cert; public_key_t *public = cert->get_public_key(cert); chunk_t chunk; - + if (first) { fprintf(out, "\n"); @@ -398,7 +398,7 @@ static void list(private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out) } fprintf(out, "\n"); fprintf(out, " authname: \"%Y\"\n", cert->get_subject(cert)); - + /* list authkey and keyid */ if (public) { @@ -439,7 +439,7 @@ static void destroy(private_stroke_ca_t *this) stroke_ca_t *stroke_ca_create(stroke_cred_t *cred) { private_stroke_ca_t *this = malloc_thing(private_stroke_ca_t); - + this->public.set.create_private_enumerator = (void*)return_null; this->public.set.create_cert_enumerator = (void*)return_null; this->public.set.create_shared_enumerator = (void*)return_null; @@ -450,11 +450,11 @@ stroke_ca_t *stroke_ca_create(stroke_cred_t *cred) this->public.list = (void(*)(stroke_ca_t*, stroke_msg_t *msg, FILE *out))list; this->public.check_for_hash_and_url = (void(*)(stroke_ca_t*, certificate_t*))check_for_hash_and_url; this->public.destroy = (void(*)(stroke_ca_t*))destroy; - + this->sections = linked_list_create(); this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); this->cred = cred; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_ca.h b/src/charon/plugins/stroke/stroke_ca.h index c882d7b4e..ae55fe8e7 100644 --- a/src/charon/plugins/stroke/stroke_ca.h +++ b/src/charon/plugins/stroke/stroke_ca.h @@ -37,35 +37,35 @@ struct stroke_ca_t { * Implements credential_set_t */ credential_set_t set; - + /** * Add a CA to the set using a stroke_msg_t. * * @param msg stroke message containing CA info */ void (*add)(stroke_ca_t *this, stroke_msg_t *msg); - + /** * Remove a CA from the set using a stroke_msg_t. * * @param msg stroke message containing CA info */ void (*del)(stroke_ca_t *this, stroke_msg_t *msg); - + /** * List CA sections to stroke console. * * @param msg stroke message */ void (*list)(stroke_ca_t *this, stroke_msg_t *msg, FILE *out); - + /** * Check if a certificate can be made available through hash and URL. - * + * * @param cert peer certificate */ void (*check_for_hash_and_url)(stroke_ca_t *this, certificate_t* cert); - + /** * Destroy a stroke_ca instance. */ diff --git a/src/charon/plugins/stroke/stroke_config.c b/src/charon/plugins/stroke/stroke_config.c index 4404f7078..2da1948db 100644 --- a/src/charon/plugins/stroke/stroke_config.c +++ b/src/charon/plugins/stroke/stroke_config.c @@ -30,22 +30,22 @@ struct private_stroke_config_t { * public functions */ stroke_config_t public; - + /** * list of peer_cfg_t */ linked_list_t *list; - + /** * mutex to lock config list */ mutex_t *mutex; - + /** * ca sections */ stroke_ca_t *ca; - + /** * credentials */ @@ -93,7 +93,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_stroke_config_t *this, char *nam enumerator_t *e1, *e2; peer_cfg_t *current, *found = NULL; child_cfg_t *child; - + this->mutex->lock(this->mutex); e1 = this->list->create_enumerator(this->list); while (e1->enumerate(e1, ¤t)) @@ -139,7 +139,7 @@ static void add_proposals(private_stroke_config_t *this, char *string, char *strict; proposal_t *proposal; protocol_id_t proto = PROTO_ESP; - + if (ike_cfg) { proto = PROTO_IKE; @@ -195,7 +195,7 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg ike_cfg_t *ike_cfg; char *interface; host_t *host; - + host = host_create_from_dns(msg->add_conn.other.address, 0, 0); if (host) { @@ -227,7 +227,7 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg { free(interface); } - + } } } @@ -275,7 +275,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, stroke_end_t *end, *other_end; auth_cfg_t *cfg; char eap_buf[32]; - + /* select strings */ if (local) { @@ -317,7 +317,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, ca = other_end->ca2; } } - + if (!auth) { if (primary) @@ -366,9 +366,9 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, return NULL; } } - + cfg = auth_cfg_create(); - + /* add identity and peer certifcate */ identity = identification_create_from_string(id); if (cert) @@ -394,7 +394,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, } } cfg->add(cfg, AUTH_RULE_IDENTITY, identity); - + /* CA constraint */ if (ca) { @@ -412,13 +412,13 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, "constraint", ca); } } - + /* AC groups */ if (end->groups) { enumerator_t *enumerator; char *group; - + enumerator = enumerator_create_token(end->groups, ",", " "); while (enumerator->enumerate(enumerator, &group)) { @@ -428,7 +428,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, } enumerator->destroy(enumerator); } - + /* authentication metod (class, actually) */ if (streq(auth, "pubkey") || streq(auth, "rsasig") || streq(auth, "rsa") || @@ -446,9 +446,9 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, enumerator_t *enumerator; char *str; int i = 0, type = 0, vendor; - + cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP); - + /* parse EAP string, format: eap[-type[-vendor]] */ enumerator = enumerator_create_token(auth, "-", " "); while (enumerator->enumerate(enumerator, &str)) @@ -488,7 +488,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, i++; } enumerator->destroy(enumerator); - + if (msg->add_conn.eap_identity) { if (streq(msg->add_conn.eap_identity, "%identity")) @@ -529,7 +529,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, u_int32_t rekey = 0, reauth = 0, over, jitter; peer_cfg_t *peer_cfg; auth_cfg_t *auth_cfg; - + #ifdef ME if (msg->add_conn.ikeme.mediation && msg->add_conn.ikeme.mediated_by) { @@ -537,13 +537,13 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, "at the same time, aborting"); return NULL; } - + if (msg->add_conn.ikeme.mediation) { /* force unique connections for mediation connections */ msg->add_conn.unique = 1; } - + if (msg->add_conn.ikeme.mediated_by) { mediated_by = charon->backends->get_peer_cfg_by_name(charon->backends, @@ -572,7 +572,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, } } #endif /* ME */ - + jitter = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100; over = msg->add_conn.rekey.margin; if (msg->add_conn.rekey.reauth) @@ -632,7 +632,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, { /* dpdaction=none disables DPD */ msg->add_conn.dpd.delay = 0; } - + /* other.sourceip is managed in stroke_attributes. If it is set, we define * the pool name as the connection name, which the attribute provider * uses to serve pool addresses. */ @@ -644,7 +644,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, vip, msg->add_conn.other.sourceip_size ? msg->add_conn.name : msg->add_conn.other.sourceip, msg->add_conn.ikeme.mediation, mediated_by, peer_id); - + /* build leftauth= */ auth_cfg = build_auth_cfg(this, msg, TRUE, TRUE); if (auth_cfg) @@ -684,7 +684,7 @@ static void add_ts(private_stroke_config_t *this, stroke_end_t *end, child_cfg_t *child_cfg, bool local) { traffic_selector_t *ts; - + if (end->tohost) { ts = traffic_selector_create_dynamic(end->protocol, @@ -694,7 +694,7 @@ static void add_ts(private_stroke_config_t *this, else { host_t *net; - + if (!end->subnets) { net = host_create_from_string(end->address, IKEV2_UDP_PORT); @@ -708,12 +708,12 @@ static void add_ts(private_stroke_config_t *this, else { char *del, *start, *bits; - + start = end->subnets; do { int intbits = 0; - + del = strchr(start, ','); if (del) { @@ -725,7 +725,7 @@ static void add_ts(private_stroke_config_t *this, *bits = '\0'; intbits = atoi(bits + 1); } - + net = host_create_from_string(start, IKEV2_UDP_PORT); if (net) { @@ -769,7 +769,7 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, .jitter = msg->add_conn.rekey.margin_packets * msg->add_conn.rekey.fuzz / 100 } }; - + switch (msg->add_conn.dpd.action) { /* map startes magic values to our action type */ case 2: /* =hold */ @@ -782,7 +782,7 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, dpd = ACTION_NONE; break; } - + child_cfg = child_cfg_create( msg->add_conn.name, &lifetime, msg->add_conn.me.updown, msg->add_conn.me.hostaccess, @@ -791,9 +791,9 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, msg->add_conn.install_policy); add_ts(this, &msg->add_conn.me, child_cfg, TRUE); add_ts(this, &msg->add_conn.other, child_cfg, FALSE); - + add_proposals(this, msg->add_conn.algorithms.esp, NULL, child_cfg); - + return child_cfg; } @@ -819,7 +819,7 @@ static void add(private_stroke_config_t *this, stroke_msg_t *msg) ike_cfg->destroy(ike_cfg); return; } - + enumerator = create_peer_cfg_enumerator(this, NULL, NULL); while (enumerator->enumerate(enumerator, &existing)) { @@ -837,7 +837,7 @@ static void add(private_stroke_config_t *this, stroke_msg_t *msg) } } enumerator->destroy(enumerator); - + child_cfg = build_child_cfg(this, msg); if (!child_cfg) { @@ -845,7 +845,7 @@ static void add(private_stroke_config_t *this, stroke_msg_t *msg) return; } peer_cfg->add_child_cfg(peer_cfg, child_cfg); - + if (use_existing) { peer_cfg->destroy(peer_cfg); @@ -869,13 +869,13 @@ static void del(private_stroke_config_t *this, stroke_msg_t *msg) peer_cfg_t *peer; child_cfg_t *child; bool deleted = FALSE; - + this->mutex->lock(this->mutex); enumerator = this->list->create_enumerator(this->list); while (enumerator->enumerate(enumerator, (void**)&peer)) { bool keep = FALSE; - + /* remove any child with such a name */ children = peer->create_child_cfg_enumerator(peer); while (children->enumerate(children, &child)) @@ -892,7 +892,7 @@ static void del(private_stroke_config_t *this, stroke_msg_t *msg) } } children->destroy(children); - + /* if peer config matches, or has no children anymore, remove it */ if (!keep || streq(peer->get_name(peer), msg->del_conn.name)) { @@ -903,7 +903,7 @@ static void del(private_stroke_config_t *this, stroke_msg_t *msg) } enumerator->destroy(enumerator); this->mutex->unlock(this->mutex); - + if (deleted) { DBG1(DBG_CFG, "deleted connection '%s'", msg->del_conn.name); @@ -930,19 +930,19 @@ static void destroy(private_stroke_config_t *this) stroke_config_t *stroke_config_create(stroke_ca_t *ca, stroke_cred_t *cred) { private_stroke_config_t *this = malloc_thing(private_stroke_config_t); - + this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator; this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; this->public.add = (void(*)(stroke_config_t*, stroke_msg_t *msg))add; this->public.del = (void(*)(stroke_config_t*, stroke_msg_t *msg))del; this->public.destroy = (void(*)(stroke_config_t*))destroy; - + this->list = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); this->ca = ca; this->cred = cred; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_config.h b/src/charon/plugins/stroke/stroke_config.h index 270795e4a..3ed2f994f 100644 --- a/src/charon/plugins/stroke/stroke_config.h +++ b/src/charon/plugins/stroke/stroke_config.h @@ -37,21 +37,21 @@ struct stroke_config_t { * Implements the backend_t interface */ backend_t backend; - + /** * Add a configuration to the backend. * * @param msg received stroke message containing config */ void (*add)(stroke_config_t *this, stroke_msg_t *msg); - + /** * Remove a configuration from the backend. * * @param msg received stroke message containing config name */ void (*del)(stroke_config_t *this, stroke_msg_t *msg); - + /** * Destroy a stroke_config instance. */ diff --git a/src/charon/plugins/stroke/stroke_control.c b/src/charon/plugins/stroke/stroke_control.c index c572117a2..a03aef697 100644 --- a/src/charon/plugins/stroke/stroke_control.c +++ b/src/charon/plugins/stroke/stroke_control.c @@ -43,7 +43,7 @@ struct stroke_log_info_t { * level to log up to */ level_t level; - + /** * where to write log */ @@ -75,7 +75,7 @@ static child_cfg_t* get_child_from_peer(peer_cfg_t *peer_cfg, char *name) { child_cfg_t *current, *found = NULL; enumerator_t *enumerator; - + enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg); while (enumerator->enumerate(enumerator, ¤t)) { @@ -98,7 +98,7 @@ static void initiate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *ou peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; stroke_log_info_t info; - + peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, msg->initiate.name); if (peer_cfg == NULL) @@ -113,7 +113,7 @@ static void initiate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *ou peer_cfg->destroy(peer_cfg); return; } - + child_cfg = get_child_from_peer(peer_cfg, msg->initiate.name); if (child_cfg == NULL) { @@ -121,7 +121,7 @@ static void initiate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *ou peer_cfg->destroy(peer_cfg); return; } - + if (msg->output_verbosity < 0) { charon->controller->initiate(charon->controller, peer_cfg, child_cfg, @@ -150,9 +150,9 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o linked_list_t *ike_list, *child_list; stroke_log_info_t info; uintptr_t del; - + string = msg->terminate.name; - + len = strlen(string); if (len < 1) { @@ -174,7 +174,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o child = FALSE; break; } - + if (name) { /* is a single name */ @@ -202,10 +202,10 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o } } } - + info.out = out; info.level = msg->output_verbosity; - + if (id) { if (child) @@ -220,7 +220,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o } return; } - + ike_list = linked_list_create(); child_list = linked_list_create(); enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); @@ -228,7 +228,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o { child_sa_t *child_sa; iterator_t *children; - + if (child) { children = ike_sa->create_child_sa_iterator(ike_sa); @@ -261,7 +261,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o } } enumerator->destroy(enumerator); - + enumerator = child_list->create_enumerator(child_list); while (enumerator->enumerate(enumerator, &del)) { @@ -269,7 +269,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o (controller_cb_t)stroke_log, &info); } enumerator->destroy(enumerator); - + enumerator = ike_list->create_enumerator(ike_list); while (enumerator->enumerate(enumerator, &del)) { @@ -277,7 +277,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o (controller_cb_t)stroke_log, &info); } enumerator->destroy(enumerator); - + if (child_list->get_count(child_list) == 0 && ike_list->get_count(ike_list) == 0) { @@ -298,7 +298,7 @@ static void terminate_srcip(private_stroke_control_t *this, ike_sa_t *ike_sa; host_t *start = NULL, *end = NULL, *vip; chunk_t chunk_start, chunk_end = chunk_empty, chunk_vip; - + if (msg->terminate_srcip.start) { start = host_create_from_string(msg->terminate_srcip.start, 0); @@ -320,7 +320,7 @@ static void terminate_srcip(private_stroke_control_t *this, } chunk_end = end->get_address(end); } - + enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) { @@ -369,10 +369,10 @@ static void purge_ike(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o linked_list_t *list; uintptr_t del; stroke_log_info_t info; - + info.out = out; info.level = msg->output_verbosity; - + list = linked_list_create(); enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) @@ -386,7 +386,7 @@ static void purge_ike(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o iterator->destroy(iterator); } enumerator->destroy(enumerator); - + enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &del)) { @@ -404,7 +404,7 @@ static void route(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) { peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; - + peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, msg->route.name); if (peer_cfg == NULL) @@ -417,7 +417,7 @@ static void route(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) peer_cfg->destroy(peer_cfg); return; } - + child_cfg = get_child_from_peer(peer_cfg, msg->route.name); if (child_cfg == NULL) { @@ -425,7 +425,7 @@ static void route(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) peer_cfg->destroy(peer_cfg); return; } - + if (charon->traps->install(charon->traps, peer_cfg, child_cfg)) { fprintf(out, "configuration '%s' routed\n", msg->route.name); @@ -446,7 +446,7 @@ static void unroute(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out child_sa_t *child_sa; enumerator_t *enumerator; u_int32_t id; - + enumerator = charon->traps->create_enumerator(charon->traps); while (enumerator->enumerate(enumerator, NULL, &child_sa)) { @@ -477,7 +477,7 @@ static void destroy(private_stroke_control_t *this) stroke_control_t *stroke_control_create() { private_stroke_control_t *this = malloc_thing(private_stroke_control_t); - + this->public.initiate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))initiate; this->public.terminate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate; this->public.terminate_srcip = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate_srcip; @@ -485,7 +485,7 @@ stroke_control_t *stroke_control_create() this->public.route = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))route; this->public.unroute = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))unroute; this->public.destroy = (void(*)(stroke_control_t*))destroy; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_control.h b/src/charon/plugins/stroke/stroke_control.h index 5a61a90a4..9b49bdc31 100644 --- a/src/charon/plugins/stroke/stroke_control.h +++ b/src/charon/plugins/stroke/stroke_control.h @@ -38,42 +38,42 @@ struct stroke_control_t { * @param msg stroke message */ void (*initiate)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Terminate a connection. * * @param msg stroke message */ void (*terminate)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Terminate a connection by peers virtual IP. * * @param msg stroke message */ void (*terminate_srcip)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Delete IKE_SAs without a CHILD_SA. * * @param msg stroke message */ void (*purge_ike)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Route a connection. * * @param msg stroke message */ void (*route)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Unroute a connection. * * @param msg stroke message */ void (*unroute)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Destroy a stroke_control instance. */ diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c index 57a02c7a1..9133a1380 100644 --- a/src/charon/plugins/stroke/stroke_cred.c +++ b/src/charon/plugins/stroke/stroke_cred.c @@ -55,7 +55,7 @@ struct private_stroke_cred_t { * public functions */ stroke_cred_t public; - + /** * list of trusted peer/signer/CA certificates (certificate_t) */ @@ -70,12 +70,12 @@ struct private_stroke_cred_t { * list of private keys (private_key_t) */ linked_list_t *private; - + /** * read-write lock to lists */ rwlock_t *lock; - + /** * cache CRLs to disk? */ @@ -107,7 +107,7 @@ static bool private_filter(id_data_t *data, { private_key_t *key; chunk_t keyid; - + key = *in; if (data->id == NULL) { @@ -134,7 +134,7 @@ static enumerator_t* create_private_enumerator(private_stroke_cred_t *this, data = malloc_thing(id_data_t); data->this = this; data->id = id; - + this->lock->read_lock(this->lock); return enumerator_create_filter(this->private->create_enumerator(this->private), (void*)private_filter, data, @@ -149,7 +149,7 @@ static bool certs_filter(id_data_t *data, certificate_t **in, certificate_t **ou public_key_t *public; certificate_t *cert = *in; chunk_t keyid; - + if (cert->get_type(cert) == CERT_X509_CRL || cert->get_type(cert) == CERT_X509_AC) { @@ -160,7 +160,7 @@ static bool certs_filter(id_data_t *data, certificate_t **in, certificate_t **ou *out = *in; return TRUE; } - + public = cert->get_public_key(cert); if (public) { @@ -182,7 +182,7 @@ static bool certs_filter(id_data_t *data, certificate_t **in, certificate_t **ou static bool crl_filter(id_data_t *data, certificate_t **in, certificate_t **out) { certificate_t *cert = *in; - + if (cert->get_type(cert) != CERT_X509_CRL) { return FALSE; @@ -202,7 +202,7 @@ static bool crl_filter(id_data_t *data, certificate_t **in, certificate_t **out) static bool ac_filter(id_data_t *data, certificate_t **in, certificate_t **out) { certificate_t *cert = *in; - + if (cert->get_type(cert) != CERT_X509_AC) { return FALSE; @@ -224,7 +224,7 @@ static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this, identification_t *id, bool trusted) { id_data_t *data; - + if (cert == CERT_X509_CRL || cert == CERT_X509_AC) { if (trusted) @@ -234,7 +234,7 @@ static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this, data = malloc_thing(id_data_t); data->this = this; data->id = id; - + this->lock->read_lock(this->lock); return enumerator_create_filter(this->certs->create_enumerator(this->certs), (cert == CERT_X509_CRL)? (void*)crl_filter : (void*)ac_filter, @@ -247,7 +247,7 @@ static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this, data = malloc_thing(id_data_t); data->this = this; data->id = id; - + this->lock->read_lock(this->lock); return enumerator_create_filter(this->certs->create_enumerator(this->certs), (void*)certs_filter, data, @@ -286,7 +286,7 @@ static bool shared_filter(shared_data_t *data, { return FALSE; } - + my_match = stroke->has_owner(stroke, data->me); other_match = stroke->has_owner(stroke, data->other); if (!my_match && !other_match) @@ -308,12 +308,12 @@ static bool shared_filter(shared_data_t *data, /** * Implements credential_set_t.create_shared_enumerator */ -static enumerator_t* create_shared_enumerator(private_stroke_cred_t *this, +static enumerator_t* create_shared_enumerator(private_stroke_cred_t *this, shared_key_type_t type, identification_t *me, identification_t *other) { shared_data_t *data = malloc_thing(shared_data_t); - + data->this = this; data->me = me; data->other = other; @@ -331,7 +331,7 @@ static certificate_t* add_cert(private_stroke_cred_t *this, certificate_t *cert) { certificate_t *current; enumerator_t *enumerator; - bool new = TRUE; + bool new = TRUE; this->lock->read_lock(this->lock); enumerator = this->certs->create_enumerator(this->certs); @@ -355,7 +355,7 @@ static certificate_t* add_cert(private_stroke_cred_t *this, certificate_t *cert) this->lock->unlock(this->lock); return cert; } - + /** * Implementation of stroke_cred_t.load_ca. */ @@ -363,7 +363,7 @@ static certificate_t* load_ca(private_stroke_cred_t *this, char *filename) { certificate_t *cert; char path[PATH_MAX]; - + if (*filename == '/') { snprintf(path, sizeof(path), "%s", filename); @@ -372,7 +372,7 @@ static certificate_t* load_ca(private_stroke_cred_t *this, char *filename) { snprintf(path, sizeof(path), "%s/%s", CA_CERTIFICATE_DIR, filename); } - + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, path, @@ -380,7 +380,7 @@ static certificate_t* load_ca(private_stroke_cred_t *this, char *filename) if (cert) { x509_t *x509 = (x509_t*)cert; - + if (!(x509->get_flags(x509) & X509_CA)) { DBG1(DBG_CFG, " ca certificate '%Y' misses ca basic constraint, " @@ -400,7 +400,7 @@ static bool add_crl(private_stroke_cred_t *this, crl_t* crl) { certificate_t *current, *cert = &crl->certificate; enumerator_t *enumerator; - bool new = TRUE, found = FALSE; + bool new = TRUE, found = FALSE; this->lock->write_lock(this->lock); enumerator = this->certs->create_enumerator(this->certs); @@ -411,7 +411,7 @@ static bool add_crl(private_stroke_cred_t *this, crl_t* crl) crl_t *crl_c = (crl_t*)current; chunk_t authkey = crl->get_authKeyIdentifier(crl); chunk_t authkey_c = crl_c->get_authKeyIdentifier(crl_c); - + /* if compare authorityKeyIdentifiers if available */ if (authkey.ptr && authkey_c.ptr && chunk_equals(authkey, authkey_c)) { @@ -421,7 +421,7 @@ static bool add_crl(private_stroke_cred_t *this, crl_t* crl) { identification_t *issuer = cert->get_issuer(cert); identification_t *issuer_c = current->get_issuer(current); - + /* otherwise compare issuer distinguished names */ if (issuer->equals(issuer, issuer_c)) { @@ -444,7 +444,7 @@ static bool add_crl(private_stroke_cred_t *this, crl_t* crl) } } enumerator->destroy(enumerator); - + if (new) { this->certs->insert_last(this->certs, cert); @@ -482,7 +482,7 @@ static certificate_t* load_peer(private_stroke_cred_t *this, char *filename) { snprintf(path, sizeof(path), "%s/%s", CERTIFICATE_DIR, filename); } - + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, path, @@ -508,7 +508,7 @@ static void load_certdir(private_stroke_cred_t *this, char *path, { struct stat st; char *file; - + enumerator_t *enumerator = enumerator_create_directory(path); if (!enumerator) @@ -538,7 +538,7 @@ static void load_certdir(private_stroke_cred_t *this, char *path, if (cert) { x509_t *x509 = (x509_t*)cert; - + if (!(x509->get_flags(x509) & X509_CA)) { DBG1(DBG_CFG, " ca certificate '%Y' misses " @@ -629,18 +629,18 @@ static void cache_cert(private_stroke_cred_t *this, certificate_t *cert) { /* CRLs get written to /etc/ipsec.d/crls/<authkeyId>.crl */ crl_t *crl = (crl_t*)cert; - + cert->get_ref(cert); if (add_crl(this, crl)) { char buf[BUF_LEN]; chunk_t chunk, hex; - + chunk = crl->get_authKeyIdentifier(crl); hex = chunk_to_hex(chunk, NULL, FALSE); snprintf(buf, sizeof(buf), "%s/%s.crl", CRL_DIR, hex); free(hex.ptr); - + chunk = cert->get_encoding(cert); chunk_write(chunk, buf, "crl", 022, TRUE); free(chunk.ptr); @@ -695,7 +695,7 @@ static err_t extract_secret(chunk_t *secret, chunk_t *line) } if (quotes) - { + { /* treat as an ASCII string */ *secret = chunk_clone(raw_secret); return NULL; @@ -736,7 +736,7 @@ typedef struct { chunk_t passphrase_cb(passphrase_cb_data_t *data, int try) { chunk_t secret = chunk_empty;; - + if (try > 5) { fprintf(data->prompt, "invalid passphrase, too many trials\n"); @@ -809,7 +809,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, private->destroy(private); } } - + while (fetchline(&src, &line)) { chunk_t ids, token; @@ -827,7 +827,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, glob_t buf; char **expanded, *dir, pattern[PATH_MAX]; u_char *pos; - + if (level > MAX_SECRETS_RECURSION) { DBG1(DBG_CFG, "maximum level of %d includes reached, ignored", @@ -854,7 +854,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, { /* use directory of current file if relative */ dir = strdup(file); dir = dirname(dir); - + if (line.len + 1 + strlen(dir) + 1 > sizeof(pattern)) { DBG1(DBG_CFG, "include pattern too long, ignored"); @@ -880,7 +880,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, globfree(&buf); continue; } - + if (line.len > 2 && strneq(": ", line.ptr, 2)) { /* no ids, skip the ':' */ @@ -932,7 +932,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, else { /* relative path name */ - snprintf(path, sizeof(path), "%s/%.*s", PRIVATE_KEY_DIR, + snprintf(path, sizeof(path), "%s/%.*s", PRIVATE_KEY_DIR, filename.len, filename.ptr); } @@ -951,7 +951,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, if (prompt) { passphrase_cb_data_t data; - + data.prompt = prompt; data.file = path; key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, @@ -984,9 +984,9 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, char smartcard[32], keyid[22], pin[32]; private_key_t *key; u_int slot; - + err_t ugh = extract_value(&sc, &line); - + if (ugh != NULL) { DBG1(DBG_CFG, "line %d: %s", line_nr, ugh); @@ -999,7 +999,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, } snprintf(smartcard, sizeof(smartcard), "%.*s", sc.len, sc.ptr); smartcard[sizeof(smartcard) - 1] = '\0'; - + /* parse slot and key id. only two formats are supported. * first try %smartcard<slot>:<keyid> */ if (sscanf(smartcard, "%%smartcard%u:%s", &slot, keyid) == 2) @@ -1017,7 +1017,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, " supported or invalid", line_nr); goto error; } - + if (!eat_whitespace(&line)) { DBG1(DBG_CFG, "line %d: expected PIN", line_nr); @@ -1031,12 +1031,12 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, } snprintf(pin, sizeof(pin), "%.*s", secret.len, secret.ptr); pin[sizeof(pin) - 1] = '\0'; - + /* we assume an RSA key */ key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, BUILD_SMARTCARD_KEYID, smartcard, BUILD_SMARTCARD_PIN, pin, BUILD_END); - + if (key) { DBG1(DBG_CFG, " loaded private key from %.*s", sc.len, sc.ptr); @@ -1063,7 +1063,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, DBG1(DBG_CFG, " loaded %N secret for %s", shared_key_type_names, type, ids.len > 0 ? (char*)ids.ptr : "%any"); DBG4(DBG_CFG, " secret: %#B", &secret); - + this->shared->insert_last(this->shared, shared_key); while (ids.len > 0) { @@ -1080,7 +1080,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, { continue; } - + /* NULL terminate the ID string */ *(id.ptr + id.len) = '\0'; peer_id = identification_create_from_string(id.ptr); @@ -1089,7 +1089,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, peer_id->destroy(peer_id); continue; } - + shared_key->add_owner(shared_key, peer_id); any = FALSE; } @@ -1201,7 +1201,7 @@ static void destroy(private_stroke_cred_t *this) stroke_cred_t *stroke_cred_create() { private_stroke_cred_t *this = malloc_thing(private_stroke_cred_t); - + this->public.set.create_private_enumerator = (void*)create_private_enumerator; this->public.set.create_cert_enumerator = (void*)create_cert_enumerator; this->public.set.create_shared_enumerator = (void*)create_shared_enumerator; @@ -1212,7 +1212,7 @@ stroke_cred_t *stroke_cred_create() this->public.load_peer = (certificate_t*(*)(stroke_cred_t*, char *filename))load_peer; this->public.cachecrl = (void(*)(stroke_cred_t*, bool enabled))cachecrl; this->public.destroy = (void(*)(stroke_cred_t*))destroy; - + this->certs = linked_list_create(); this->shared = linked_list_create(); this->private = linked_list_create(); @@ -1220,9 +1220,9 @@ stroke_cred_t *stroke_cred_create() load_certs(this); load_secrets(this, SECRETS_FILE, 0, NULL); - + this->cachecrl = FALSE; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_cred.h b/src/charon/plugins/stroke/stroke_cred.h index 3924ccbc1..ccee7d87c 100644 --- a/src/charon/plugins/stroke/stroke_cred.h +++ b/src/charon/plugins/stroke/stroke_cred.h @@ -38,7 +38,7 @@ struct stroke_cred_t { * Implements credential_set_t */ credential_set_t set; - + /** * Reread secrets from config files. * @@ -46,7 +46,7 @@ struct stroke_cred_t { * @param prompt I/O channel to prompt for private key passhprase */ void (*reread)(stroke_cred_t *this, stroke_msg_t *msg, FILE *prompt); - + /** * Load a CA certificate, and serve it through the credential_set. * @@ -54,7 +54,7 @@ struct stroke_cred_t { * @return reference to loaded certificate, or NULL */ certificate_t* (*load_ca)(stroke_cred_t *this, char *filename); - + /** * Load a peer certificate and serve it rhrough the credential_set. * @@ -62,14 +62,14 @@ struct stroke_cred_t { * @return reference to loaded certificate, or NULL */ certificate_t* (*load_peer)(stroke_cred_t *this, char *filename); - + /** * Enable/Disable CRL caching to disk. * * @param enabled TRUE to enable, FALSE to disable */ void (*cachecrl)(stroke_cred_t *this, bool enabled); - + /** * Destroy a stroke_cred instance. */ diff --git a/src/charon/plugins/stroke/stroke_list.c b/src/charon/plugins/stroke/stroke_list.c index d6754482f..ced627f50 100644 --- a/src/charon/plugins/stroke/stroke_list.c +++ b/src/charon/plugins/stroke/stroke_list.c @@ -40,12 +40,12 @@ struct private_stroke_list_t { * public functions */ stroke_list_t public; - + /** * timestamp of daemon start */ time_t uptime; - + /** * strokes attribute provider */ @@ -59,44 +59,44 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) { ike_sa_id_t *id = ike_sa->get_id(ike_sa); time_t now = time_monotonic(NULL); - + fprintf(out, "%12s[%d]: %N", ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa), ike_sa_state_names, ike_sa->get_state(ike_sa)); - + if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED) { time_t established; - + established = ike_sa->get_statistic(ike_sa, STAT_ESTABLISHED); fprintf(out, " %V ago", &now, &established); } - + fprintf(out, ", %H[%Y]...%H[%Y]\n", ike_sa->get_my_host(ike_sa), ike_sa->get_my_id(ike_sa), ike_sa->get_other_host(ike_sa), ike_sa->get_other_id(ike_sa)); - + if (all) { proposal_t *ike_proposal; - + ike_proposal = ike_sa->get_proposal(ike_sa); - + fprintf(out, "%12s[%d]: IKE SPIs: %.16llx_i%s %.16llx_r%s", ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa), id->get_initiator_spi(id), id->is_initiator(id) ? "*" : "", id->get_responder_spi(id), id->is_initiator(id) ? "" : "*"); - - + + if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED) { time_t rekey, reauth; peer_cfg_t *peer_cfg; - + rekey = ike_sa->get_statistic(ike_sa, STAT_REKEY); reauth = ike_sa->get_statistic(ike_sa, STAT_REAUTH); peer_cfg = ike_sa->get_peer_cfg(ike_sa); - + if (rekey) { fprintf(out, ", rekeying in %V", &rekey, &now); @@ -106,7 +106,7 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) bool first = TRUE; enumerator_t *enumerator; auth_cfg_t *auth; - + fprintf(out, ", "); enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, TRUE); while (enumerator->enumerate(enumerator, &auth)) @@ -128,11 +128,11 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) } } fprintf(out, "\n"); - + if (ike_proposal) { char buf[BUF_LEN]; - + snprintf(buf, BUF_LEN, "%P", ike_proposal); fprintf(out, "%12s[%d]: IKE proposal: %s\n", ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa), @@ -150,14 +150,14 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) u_int64_t bytes_in, bytes_out; proposal_t *proposal; child_cfg_t *config = child_sa->get_config(child_sa); - - - fprintf(out, "%12s{%d}: %N, %N%s", + + + fprintf(out, "%12s{%d}: %N, %N%s", child_sa->get_name(child_sa), child_sa->get_reqid(child_sa), child_sa_state_names, child_sa->get_state(child_sa), ipsec_mode_names, child_sa->get_mode(child_sa), config->use_proxy_mode(config) ? "_PROXY" : ""); - + if (child_sa->get_state(child_sa) == CHILD_INSTALLED) { fprintf(out, ", %N%s SPIs: %.8x_i %.8x_o", @@ -165,30 +165,30 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) child_sa->has_encap(child_sa) ? " in UDP" : "", ntohl(child_sa->get_spi(child_sa, TRUE)), ntohl(child_sa->get_spi(child_sa, FALSE))); - + if (child_sa->get_ipcomp(child_sa) != IPCOMP_NONE) { fprintf(out, ", IPCOMP CPIs: %.4x_i %.4x_o", ntohs(child_sa->get_cpi(child_sa, TRUE)), ntohs(child_sa->get_cpi(child_sa, FALSE))); } - + if (all) { - fprintf(out, "\n%12s{%d}: ", child_sa->get_name(child_sa), + fprintf(out, "\n%12s{%d}: ", child_sa->get_name(child_sa), child_sa->get_reqid(child_sa)); - + proposal = child_sa->get_proposal(child_sa); if (proposal) { u_int16_t encr_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED; u_int16_t encr_size = 0, int_size = 0; - + proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &encr_alg, &encr_size); proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &int_alg, &int_size); - + if (encr_alg != ENCR_UNDEFINED) { fprintf(out, "%N", encryption_algorithm_names, encr_alg); @@ -206,7 +206,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) } } } - + now = time_monotonic(NULL); child_sa->get_usestats(child_sa, TRUE, &use_in, &bytes_in); fprintf(out, ", %llu bytes_i", bytes_in); @@ -222,7 +222,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) fprintf(out, " (%ds ago)", now - use_out); } fprintf(out, ", rekeying "); - + rekey = child_sa->get_lifetime(child_sa, FALSE); if (rekey) { @@ -239,10 +239,10 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) { fprintf(out, "disabled"); } - + } } - + fprintf(out, "\n%12s{%d}: %#R=== %#R\n", child_sa->get_name(child_sa), child_sa->get_reqid(child_sa), child_sa->get_traffic_selectors(child_sa, TRUE), @@ -262,9 +262,9 @@ static void log_auth_cfgs(FILE *out, peer_cfg_t *peer_cfg, bool local) certificate_t *cert; cert_validation_t valid; char *name; - + name = peer_cfg->get_name(peer_cfg); - + enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, local); while (enumerator->enumerate(enumerator, &auth)) { @@ -329,7 +329,7 @@ static void log_auth_cfgs(FILE *out, peer_cfg_t *peer_cfg, bool local) fprintf(out, "%12s: ocsp: status must be GOOD%s\n", name, (valid == VALIDATION_SKIPPED) ? " or SKIPPED" : ""); } - + valid = (uintptr_t)auth->get(auth, AUTH_RULE_CRL_VALIDATION); if (valid != VALIDATION_FAILED) { @@ -362,7 +362,7 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo ike_sa_t *ike_sa; bool first, found = FALSE; char *name = msg->status.name; - + if (all) { peer_cfg_t *peer_cfg; @@ -371,10 +371,10 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo u_int32_t dpd; time_t since, now; u_int size, online, offline; - + now = time_monotonic(NULL); since = time(NULL) - (now - this->uptime); - + fprintf(out, "Status of IKEv2 charon daemon (strongSwan "VERSION"):\n"); fprintf(out, " uptime: %V, since %T\n", &now, &this->uptime, &since, FALSE); fprintf(out, " worker threads: %d idle of %d,", @@ -392,7 +392,7 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo } enumerator->destroy(enumerator); fprintf(out, "\n"); - + first = TRUE; enumerator = this->attribute->create_pool_enumerator(this->attribute); while (enumerator->enumerate(enumerator, &pool, &size, &online, &offline)) @@ -409,7 +409,7 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo fprintf(out, " %s: %u/%u/%u\n", pool, size, online, offline); } enumerator->destroy(enumerator); - + enumerator = charon->kernel_interface->create_address_enumerator( charon->kernel_interface, FALSE, FALSE); fprintf(out, "Listening IP addresses:\n"); @@ -418,7 +418,7 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo fprintf(out, " %H\n", host); } enumerator->destroy(enumerator); - + fprintf(out, "Connections:\n"); enumerator = charon->backends->create_peer_cfg_enumerator( charon->backends, NULL, NULL, NULL, NULL); @@ -429,33 +429,33 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo { continue; } - + ike_cfg = peer_cfg->get_ike_cfg(peer_cfg); fprintf(out, "%12s: %s...%s", peer_cfg->get_name(peer_cfg), ike_cfg->get_my_addr(ike_cfg), ike_cfg->get_other_addr(ike_cfg)); - + dpd = peer_cfg->get_dpd(peer_cfg); if (dpd) { fprintf(out, ", dpddelay=%us", dpd); } fprintf(out, "\n"); - + log_auth_cfgs(out, peer_cfg, TRUE); log_auth_cfgs(out, peer_cfg, FALSE); - + children = peer_cfg->create_child_cfg_enumerator(peer_cfg); while (children->enumerate(children, &child_cfg)) { linked_list_t *my_ts, *other_ts; - + my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL); fprintf(out, "%12s: child: %#R=== %#R", child_cfg->get_name(child_cfg), my_ts, other_ts); my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy)); other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy)); - + if (dpd) { fprintf(out, ", dpdaction=%N", action_names, @@ -468,7 +468,7 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo enumerator->destroy(enumerator); } - first = TRUE; + first = TRUE; enumerator = charon->traps->create_enumerator(charon->traps); while (enumerator->enumerate(enumerator, NULL, &child_sa)) { @@ -480,14 +480,14 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo log_child_sa(out, child_sa, all); } enumerator->destroy(enumerator); - + fprintf(out, "Security Associations:\n"); enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) { bool ike_printed = FALSE; iterator_t *children = ike_sa->create_child_sa_iterator(ike_sa); - + if (name == NULL || streq(name, ike_sa->get_name(ike_sa))) { log_ike_sa(out, ike_sa, all); @@ -506,12 +506,12 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo ike_printed = TRUE; } log_child_sa(out, child_sa, all); - } + } } children->destroy(children); } enumerator->destroy(enumerator); - + if (!found) { if (name) @@ -536,14 +536,14 @@ static linked_list_t* create_unique_cert_list(certificate_type_t type) charon->credentials, type, KEY_ANY, NULL, FALSE); certificate_t *cert; - + while (enumerator->enumerate(enumerator, (void**)&cert)) { iterator_t *iterator = list->create_iterator(list, TRUE); identification_t *issuer = cert->get_issuer(cert); bool previous_same, same = FALSE, last = TRUE; certificate_t *list_cert; - + while (iterator->iterate(iterator, (void**)&list_cert)) { /* exit if we have a duplicate? */ @@ -581,7 +581,7 @@ static void list_public_key(public_key_t *public, FILE *out) private_key_t *private = NULL; chunk_t keyid; identification_t *id; - + if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &keyid)) { id = identification_create_from_encoding(ID_KEY_ID, keyid); @@ -610,14 +610,14 @@ static void list_public_key(public_key_t *public, FILE *out) static void stroke_list_pubkeys(linked_list_t *list, bool utc, FILE *out) { bool first = TRUE; - + enumerator_t *enumerator = list->create_enumerator(list); certificate_t *cert; - + while (enumerator->enumerate(enumerator, (void**)&cert)) { public_key_t *public = cert->get_public_key(cert); - + if (public) { if (first) @@ -627,7 +627,7 @@ static void stroke_list_pubkeys(linked_list_t *list, bool utc, FILE *out) first = FALSE; } fprintf(out, "\n"); - + list_public_key(public, out); public->destroy(public); } @@ -638,7 +638,7 @@ static void stroke_list_pubkeys(linked_list_t *list, bool utc, FILE *out) /** * list all X.509 certificates matching the flags */ -static void stroke_list_certs(linked_list_t *list, char *label, +static void stroke_list_certs(linked_list_t *list, char *label, x509_flag_t flags, bool utc, FILE *out) { bool first = TRUE; @@ -650,7 +650,7 @@ static void stroke_list_certs(linked_list_t *list, char *label, { x509_t *x509 = (x509_t*)cert; x509_flag_t x509_flags = x509->get_flags(x509); - + /* list only if flag is set, or flags == 0 (ignoring self-signed) */ if ((x509_flags & flags) || (flags == (x509_flags & ~X509_SELF_SIGNED))) { @@ -660,7 +660,7 @@ static void stroke_list_certs(linked_list_t *list, char *label, chunk_t serial, authkey; time_t notBefore, notAfter; public_key_t *public; - + if (first) { fprintf(out, "\n"); @@ -668,7 +668,7 @@ static void stroke_list_certs(linked_list_t *list, char *label, first = FALSE; } fprintf(out, "\n"); - + /* list subjectAltNames */ enumerator = x509->create_subjectAltName_enumerator(x509); while (enumerator->enumerate(enumerator, (void**)&altName)) @@ -689,12 +689,12 @@ static void stroke_list_certs(linked_list_t *list, char *label, fprintf(out, "\n"); } enumerator->destroy(enumerator); - + fprintf(out, " subject: \"%Y\"\n", cert->get_subject(cert)); fprintf(out, " issuer: \"%Y\"\n", cert->get_issuer(cert)); serial = x509->get_serial(x509); fprintf(out, " serial: %#B\n", &serial); - + /* list validity */ cert->get_validity(cert, &now, ¬Before, ¬After); fprintf(out, " validity: not before %T, ", ¬Before, utc); @@ -720,14 +720,14 @@ static void stroke_list_certs(linked_list_t *list, char *label, } fprintf(out, " \n"); } - + public = cert->get_public_key(cert); if (public) { list_public_key(public, out); public->destroy(public); } - + /* list optional authorityKeyIdentifier */ authkey = x509->get_authKeyIdentifier(x509); if (authkey.ptr) @@ -754,7 +754,7 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out) ac_t *ac = (ac_t*)cert; identification_t *id; chunk_t chunk; - + if (first) { fprintf(out, "\n"); @@ -762,7 +762,7 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out) first = FALSE; } fprintf(out, "\n"); - + id = cert->get_subject(cert); if (id) { @@ -799,7 +799,7 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out) } fprintf(out, " \n"); } - + /* list optional authorityKeyIdentifier */ chunk = ac->get_authKeyIdentifier(ac); if (chunk.ptr) @@ -819,12 +819,12 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out) time_t thisUpdate, nextUpdate, now = time(NULL); enumerator_t *enumerator = list->create_enumerator(list); certificate_t *cert; - + while (enumerator->enumerate(enumerator, (void**)&cert)) { crl_t *crl = (crl_t*)cert; chunk_t chunk; - + if (first) { fprintf(out, "\n"); @@ -832,21 +832,21 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out) first = FALSE; } fprintf(out, "\n"); - + fprintf(out, " issuer: \"%Y\"\n", cert->get_issuer(cert)); - + /* list optional crlNumber */ chunk = crl->get_serial(crl); if (chunk.ptr) { fprintf(out, " serial: %#B\n", &chunk); } - + /* count the number of revoked certificates */ { int count = 0; enumerator_t *enumerator = crl->create_enumerator(crl); - + while (enumerator->enumerate(enumerator, NULL, NULL, NULL)) { count++; @@ -855,7 +855,7 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out) (count == 1)? "" : "s"); enumerator->destroy(enumerator); } - + /* list validity */ cert->get_validity(cert, &now, &thisUpdate, &nextUpdate); fprintf(out, " updates: this %T\n", &thisUpdate, utc); @@ -873,7 +873,7 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out) } fprintf(out, " \n"); } - + /* list optional authorityKeyIdentifier */ chunk = crl->get_authKeyIdentifier(crl); if (chunk.ptr) @@ -892,7 +892,7 @@ static void stroke_list_ocsp(linked_list_t* list, bool utc, FILE *out) bool first = TRUE; enumerator_t *enumerator = list->create_enumerator(list); certificate_t *cert; - + while (enumerator->enumerate(enumerator, (void**)&cert)) { if (first) @@ -919,7 +919,7 @@ static void list_algs(FILE *out) hash_algorithm_t hash; pseudo_random_function_t prf; diffie_hellman_group_t group; - + fprintf(out, "\n"); fprintf(out, "List of registered IKEv2 Algorithms:\n"); fprintf(out, "\n encryption: "); @@ -972,7 +972,7 @@ static void list(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) linked_list_t *pubkey_list = create_unique_cert_list(CERT_TRUSTED_PUBKEY); stroke_list_pubkeys(pubkey_list, msg->list.utc, out); - pubkey_list->destroy_offset(pubkey_list, offsetof(certificate_t, destroy)); + pubkey_list->destroy_offset(pubkey_list, offsetof(certificate_t, destroy)); } if (msg->list.flags & (LIST_CERTS | LIST_CACERTS | LIST_OCSPCERTS | LIST_AACERTS)) { @@ -1003,22 +1003,22 @@ static void list(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) linked_list_t *ac_list = create_unique_cert_list(CERT_X509_AC); stroke_list_acerts(ac_list, msg->list.utc, out); - ac_list->destroy_offset(ac_list, offsetof(certificate_t, destroy)); + ac_list->destroy_offset(ac_list, offsetof(certificate_t, destroy)); } if (msg->list.flags & LIST_CRLS) { linked_list_t *crl_list = create_unique_cert_list(CERT_X509_CRL); stroke_list_crls(crl_list, msg->list.utc, out); - crl_list->destroy_offset(crl_list, offsetof(certificate_t, destroy)); + crl_list->destroy_offset(crl_list, offsetof(certificate_t, destroy)); } if (msg->list.flags & LIST_OCSP) { linked_list_t *ocsp_list = create_unique_cert_list(CERT_X509_OCSP_RESPONSE); stroke_list_ocsp(ocsp_list, msg->list.utc, out); - - ocsp_list->destroy_offset(ocsp_list, offsetof(certificate_t, destroy)); + + ocsp_list->destroy_offset(ocsp_list, offsetof(certificate_t, destroy)); } if (msg->list.flags & LIST_ALGS) { @@ -1038,7 +1038,7 @@ static void pool_leases(private_stroke_list_t *this, FILE *out, char *pool, host_t *lease; bool on; int found = 0; - + fprintf(out, "Leases in pool '%s', usage: %lu/%lu, %lu online\n", pool, online + offline, size, online); enumerator = this->attribute->create_lease_enumerator(this->attribute, pool); @@ -1068,12 +1068,12 @@ static void leases(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) host_t *address = NULL; char *pool; int found = 0; - + if (msg->leases.address) { address = host_create_from_string(msg->leases.address, 0); } - + enumerator = this->attribute->create_pool_enumerator(this->attribute); while (enumerator->enumerate(enumerator, &pool, &size, &online, &offline)) { @@ -1112,15 +1112,15 @@ static void destroy(private_stroke_list_t *this) stroke_list_t *stroke_list_create(stroke_attribute_t *attribute) { private_stroke_list_t *this = malloc_thing(private_stroke_list_t); - + this->public.list = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out))list; this->public.status = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out,bool))status; this->public.leases = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out))leases; this->public.destroy = (void(*)(stroke_list_t*))destroy; - + this->uptime = time_monotonic(NULL); this->attribute = attribute; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_list.h b/src/charon/plugins/stroke/stroke_list.h index 2430abfbb..b5bedc6c2 100644 --- a/src/charon/plugins/stroke/stroke_list.h +++ b/src/charon/plugins/stroke/stroke_list.h @@ -40,7 +40,7 @@ struct stroke_list_t { * @param out stroke console stream */ void (*list)(stroke_list_t *this, stroke_msg_t *msg, FILE *out); - + /** * Log status information to stroke console. * @@ -49,7 +49,7 @@ struct stroke_list_t { * @param all TRUE for "statusall" */ void (*status)(stroke_list_t *this, stroke_msg_t *msg, FILE *out, bool all); - + /** * Log pool leases to stroke console. * @@ -57,7 +57,7 @@ struct stroke_list_t { * @param out stroke console stream */ void (*leases)(stroke_list_t *this, stroke_msg_t *msg, FILE *out); - + /** * Destroy a stroke_list instance. */ diff --git a/src/charon/plugins/stroke/stroke_plugin.c b/src/charon/plugins/stroke/stroke_plugin.c index 22c1125a1..61ae10953 100644 --- a/src/charon/plugins/stroke/stroke_plugin.c +++ b/src/charon/plugins/stroke/stroke_plugin.c @@ -29,7 +29,7 @@ struct private_stroke_plugin_t { * public functions */ stroke_plugin_t public; - + /** * stroke socket, receives strokes */ @@ -51,9 +51,9 @@ static void destroy(private_stroke_plugin_t *this) plugin_t *plugin_create() { private_stroke_plugin_t *this = malloc_thing(private_stroke_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->socket = stroke_socket_create(); if (this->socket == NULL) { diff --git a/src/charon/plugins/stroke/stroke_plugin.h b/src/charon/plugins/stroke/stroke_plugin.h index 6e9d556ad..3a1e81df6 100644 --- a/src/charon/plugins/stroke/stroke_plugin.h +++ b/src/charon/plugins/stroke/stroke_plugin.h @@ -20,7 +20,7 @@ * @defgroup stroke_plugin stroke_plugin * @{ @ingroup stroke */ - + #ifndef STROKE_PLUGIN_H_ #define STROKE_PLUGIN_H_ diff --git a/src/charon/plugins/stroke/stroke_shared_key.c b/src/charon/plugins/stroke/stroke_shared_key.c index 8f53f509d..4f716e83a 100644 --- a/src/charon/plugins/stroke/stroke_shared_key.c +++ b/src/charon/plugins/stroke/stroke_shared_key.c @@ -28,7 +28,7 @@ struct private_stroke_shared_key_t { * implements shared_key_t */ stroke_shared_key_t public; - + /** * type of this key */ @@ -43,7 +43,7 @@ struct private_stroke_shared_key_t { * list of key owners, as identification_t */ linked_list_t *owners; - + /** * reference counter */ @@ -73,8 +73,8 @@ static private_stroke_shared_key_t* get_ref(private_stroke_shared_key_t *this) static chunk_t get_key(private_stroke_shared_key_t *this) { return this->key; -} - +} + /** * Implementation of stroke_shared_key_t.has_owner. */ @@ -83,7 +83,7 @@ static id_match_t has_owner(private_stroke_shared_key_t *this, identification_t enumerator_t *enumerator; id_match_t match, best = ID_MATCH_NONE; identification_t *current; - + enumerator = this->owners->create_enumerator(this->owners); while (enumerator->enumerate(enumerator, ¤t)) { @@ -135,6 +135,6 @@ stroke_shared_key_t *stroke_shared_key_create(shared_key_type_t type, chunk_t ke this->type = type; this->key = key; this->ref = 1; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_shared_key.h b/src/charon/plugins/stroke/stroke_shared_key.h index 224062100..05ad55083 100644 --- a/src/charon/plugins/stroke/stroke_shared_key.h +++ b/src/charon/plugins/stroke/stroke_shared_key.h @@ -35,21 +35,21 @@ struct stroke_shared_key_t { * Implements the shared_key_t interface. */ shared_key_t shared; - + /** * Add an owner to the key. * * @param owner owner to add */ void (*add_owner)(stroke_shared_key_t *this, identification_t *owner); - + /** * Check if a key has a specific owner. * * @param owner owner to check * @return best match found */ - id_match_t (*has_owner)(stroke_shared_key_t *this, identification_t *owner); + id_match_t (*has_owner)(stroke_shared_key_t *this, identification_t *owner); }; /** diff --git a/src/charon/plugins/stroke/stroke_socket.c b/src/charon/plugins/stroke/stroke_socket.c index f420266cd..7ae00d118 100644 --- a/src/charon/plugins/stroke/stroke_socket.c +++ b/src/charon/plugins/stroke/stroke_socket.c @@ -48,42 +48,42 @@ struct private_stroke_socket_t { * public functions */ stroke_socket_t public; - + /** * Unix socket to listen for strokes */ int socket; - + /** * job accepting stroke messages */ callback_job_t *job; - + /** * configuration backend */ stroke_config_t *config; - + /** * attribute provider */ stroke_attribute_t *attribute; - + /** * controller to control daemon */ stroke_control_t *control; - + /** * credential set */ stroke_cred_t *cred; - + /** * CA sections */ stroke_ca_t *ca; - + /** * Status information logging */ @@ -99,7 +99,7 @@ struct stroke_job_context_t { * file descriptor to read from */ int fd; - + /** * global stroke interface */ @@ -152,7 +152,7 @@ static void pop_end(stroke_msg_t *msg, const char* label, stroke_end_t *end) pop_string(msg, &end->ca2); pop_string(msg, &end->groups); pop_string(msg, &end->updown); - + DBG2(DBG_CFG, " %s=%s", label, end->address); DBG2(DBG_CFG, " %ssubnet=%s", label, end->subnets); DBG2(DBG_CFG, " %ssourceip=%s", label, end->sourceip); @@ -202,7 +202,7 @@ static void stroke_del_conn(private_stroke_socket_t *this, stroke_msg_t *msg) { pop_string(msg, &msg->del_conn.name); DBG1(DBG_CFG, "received stroke: delete connection '%s'", msg->del_conn.name); - + this->config->del(this->config, msg); this->attribute->del_pool(this->attribute, msg); } @@ -214,7 +214,7 @@ static void stroke_initiate(private_stroke_socket_t *this, stroke_msg_t *msg, FI { pop_string(msg, &msg->initiate.name); DBG1(DBG_CFG, "received stroke: initiate '%s'", msg->initiate.name); - + this->control->initiate(this->control, msg, out); } @@ -227,7 +227,7 @@ static void stroke_terminate(private_stroke_socket_t *this, stroke_msg_t *msg, F DBG1(DBG_CFG, "received stroke: terminate '%s'", msg->terminate.name); this->control->terminate(this->control, msg, out); -} +} /** * terminate a connection by peers virtual IP @@ -250,7 +250,7 @@ static void stroke_route(private_stroke_socket_t *this, stroke_msg_t *msg, FILE { pop_string(msg, &msg->route.name); DBG1(DBG_CFG, "received stroke: route '%s'", msg->route.name); - + this->control->route(this->control, msg, out); } @@ -261,7 +261,7 @@ static void stroke_unroute(private_stroke_socket_t *this, stroke_msg_t *msg, FIL { pop_string(msg, &msg->terminate.name); DBG1(DBG_CFG, "received stroke: unroute '%s'", msg->route.name); - + this->control->unroute(this->control, msg, out); } @@ -287,7 +287,7 @@ static void stroke_add_ca(private_stroke_socket_t *this, DBG2(DBG_CFG, " ocspuri=%s", msg->add_ca.ocspuri); DBG2(DBG_CFG, " ocspuri2=%s", msg->add_ca.ocspuri2); DBG2(DBG_CFG, " certuribase=%s", msg->add_ca.certuribase); - + this->ca->add(this->ca, msg); } @@ -299,7 +299,7 @@ static void stroke_del_ca(private_stroke_socket_t *this, { pop_string(msg, &msg->del_ca.name); DBG1(DBG_CFG, "received stroke: delete ca '%s'", msg->del_ca.name); - + this->ca->del(this->ca, msg); } @@ -311,7 +311,7 @@ static void stroke_status(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out, bool all) { pop_string(msg, &(msg->status.name)); - + this->list->status(this->list, msg, out, all); } @@ -361,7 +361,7 @@ static void stroke_leases(private_stroke_socket_t *this, { pop_string(msg, &msg->leases.pool); pop_string(msg, &msg->leases.address); - + this->list->leases(this->list, msg, out); } @@ -390,11 +390,11 @@ static void stroke_loglevel(private_stroke_socket_t *this, sys_logger_t *sys_logger; file_logger_t *file_logger; debug_t group; - + pop_string(msg, &(msg->loglevel.type)); DBG1(DBG_CFG, "received stroke: loglevel %d for %s", msg->loglevel.level, msg->loglevel.type); - + group = get_group_from_name(msg->loglevel.type); if (group < 0) { @@ -448,7 +448,7 @@ static job_requeue_t process(stroke_job_context_t *ctx) FILE *out; private_stroke_socket_t *this = ctx->this; int strokefd = ctx->fd; - + /* peek the length */ bytes_read = recv(strokefd, &msg_length, sizeof(msg_length), MSG_PEEK); if (bytes_read != sizeof(msg_length)) @@ -457,7 +457,7 @@ static job_requeue_t process(stroke_job_context_t *ctx) strerror(errno)); return JOB_REQUEUE_NONE; } - + /* read message */ msg = alloca(msg_length); bytes_read = recv(strokefd, msg, msg_length, 0); @@ -466,16 +466,16 @@ static job_requeue_t process(stroke_job_context_t *ctx) DBG1(DBG_CFG, "reading stroke message failed: %s", strerror(errno)); return JOB_REQUEUE_NONE; } - + out = fdopen(strokefd, "w+"); if (out == NULL) { DBG1(DBG_CFG, "opening stroke output channel failed: %s", strerror(errno)); return JOB_REQUEUE_NONE; } - + DBG3(DBG_CFG, "stroke message %b", (void*)msg, msg_length); - + switch (msg->type) { case STR_INITIATE: @@ -550,24 +550,24 @@ static job_requeue_t receive(private_stroke_socket_t *this) int oldstate; callback_job_t *job; stroke_job_context_t *ctx; - + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); strokefd = accept(this->socket, (struct sockaddr *)&strokeaddr, &strokeaddrlen); pthread_setcancelstate(oldstate, NULL); - + if (strokefd < 0) { DBG1(DBG_CFG, "accepting stroke connection failed: %s", strerror(errno)); return JOB_REQUEUE_FAIR; } - + ctx = malloc_thing(stroke_job_context_t); ctx->fd = strokefd; ctx->this = this; job = callback_job_create((callback_job_cb_t)process, ctx, (void*)stroke_job_context_destroy, this->job); charon->processor->queue_job(charon->processor, (job_t*)job); - + return JOB_REQUEUE_FAIR; } @@ -582,7 +582,7 @@ static bool open_socket(private_stroke_socket_t *this) socket_addr.sun_family = AF_UNIX; strcpy(socket_addr.sun_path, STROKE_SOCKET); - + /* set up unix socket */ this->socket = socket(AF_UNIX, SOCK_STREAM, 0); if (this->socket == -1) @@ -590,7 +590,7 @@ static bool open_socket(private_stroke_socket_t *this) DBG1(DBG_CFG, "could not create stroke socket"); return FALSE; } - + unlink(socket_addr.sun_path); old = umask(~(S_IRWXU | S_IRWXG)); if (bind(this->socket, (struct sockaddr *)&socket_addr, sizeof(socket_addr)) < 0) @@ -605,7 +605,7 @@ static bool open_socket(private_stroke_socket_t *this) DBG1(DBG_CFG, "changing stroke socket permissions failed: %s", strerror(errno)); } - + if (listen(this->socket, 10) < 0) { DBG1(DBG_CFG, "could not listen on stroke socket: %s", strerror(errno)); @@ -641,31 +641,31 @@ static void destroy(private_stroke_socket_t *this) stroke_socket_t *stroke_socket_create() { private_stroke_socket_t *this = malloc_thing(private_stroke_socket_t); - + this->public.destroy = (void(*)(stroke_socket_t*))destroy; - + if (!open_socket(this)) { free(this); return NULL; } - + this->cred = stroke_cred_create(); this->attribute = stroke_attribute_create(); this->ca = stroke_ca_create(this->cred); this->config = stroke_config_create(this->ca, this->cred); this->control = stroke_control_create(); this->list = stroke_list_create(this->attribute); - + charon->credentials->add_set(charon->credentials, &this->ca->set); charon->credentials->add_set(charon->credentials, &this->cred->set); charon->backends->add_backend(charon->backends, &this->config->backend); charon->attributes->add_provider(charon->attributes, &this->attribute->provider); - + this->job = callback_job_create((callback_job_cb_t)receive, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_socket.h b/src/charon/plugins/stroke/stroke_socket.h index 6073f5133..ae5481677 100644 --- a/src/charon/plugins/stroke/stroke_socket.h +++ b/src/charon/plugins/stroke/stroke_socket.h @@ -27,7 +27,7 @@ typedef struct stroke_socket_t stroke_socket_t; * Stroke socket, opens UNIX communication socket, reads and dispatches. */ struct stroke_socket_t { - + /** * Destroy a stroke_socket instance. */ diff --git a/src/charon/plugins/uci/uci_config.c b/src/charon/plugins/uci/uci_config.c index e81e49af7..d53d05750 100644 --- a/src/charon/plugins/uci/uci_config.c +++ b/src/charon/plugins/uci/uci_config.c @@ -34,7 +34,7 @@ struct private_uci_config_t { * Public part */ uci_config_t public; - + /** * UCI parser context */ @@ -59,7 +59,7 @@ typedef struct { static proposal_t *create_proposal(char *string, protocol_id_t proto) { proposal_t *proposal = NULL; - + if (string) { proposal = proposal_create_from_string(proto, string); @@ -68,12 +68,12 @@ static proposal_t *create_proposal(char *string, protocol_id_t proto) { /* UCI default is aes/sha1 only */ if (proto == PROTO_IKE) { - proposal = proposal_create_from_string(proto, + proposal = proposal_create_from_string(proto, "aes128-aes192-aes256-sha1-modp1536-modp2048"); } else { - proposal = proposal_create_from_string(proto, + proposal = proposal_create_from_string(proto, "aes128-aes192-aes256-sha1"); } } @@ -90,7 +90,7 @@ static traffic_selector_t *create_ts(char *string) int netbits = 32; host_t *net; char *pos; - + string = strdupa(string); pos = strchr(string, '/'); if (pos) @@ -120,7 +120,7 @@ static traffic_selector_t *create_ts(char *string) static u_int create_rekey(char *string) { u_int rekey = 0; - + if (string) { rekey = atoi(string); @@ -151,7 +151,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) .jitter = 300 } }; - + /* defaults */ name = "unnamed"; local_id = NULL; @@ -164,7 +164,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) esp_proposal = NULL; ike_rekey = NULL; esp_rekey = NULL; - + if (this->inner->enumerate(this->inner, &name, &local_id, &remote_id, &local_addr, &remote_addr, &local_net, &remote_net, &ike_proposal, &esp_proposal, &ike_rekey, &esp_rekey)) @@ -184,7 +184,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_string(local_id)); this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, TRUE); - + auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); if (remote_id) @@ -193,7 +193,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) identification_create_from_string(remote_id)); } this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, FALSE); - + child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP)); @@ -220,15 +220,15 @@ static void peer_enumerator_destroy(peer_enumerator_t *this) * Implementation of backend_t.create_peer_cfg_enumerator. */ static enumerator_t* create_peer_cfg_enumerator(private_uci_config_t *this, - identification_t *me, + identification_t *me, identification_t *other) { peer_enumerator_t *e = malloc_thing(peer_enumerator_t); - + e->public.enumerate = (void*)peer_enumerator_enumerate; e->public.destroy = (void*)peer_enumerator_destroy; e->peer_cfg = NULL; - e->inner = this->parser->create_section_enumerator(this->parser, + e->inner = this->parser->create_section_enumerator(this->parser, "local_id", "remote_id", "local_addr", "remote_addr", "local_net", "remote_net", "ike_proposal", "esp_proposal", "ike_rekey", "esp_rekey", NULL); @@ -258,12 +258,12 @@ typedef struct { static bool ike_enumerator_enumerate(ike_enumerator_t *this, ike_cfg_t **cfg) { char *local_addr, *remote_addr, *ike_proposal; - + /* defaults */ local_addr = "0.0.0.0"; remote_addr = "0.0.0.0"; ike_proposal = NULL; - + if (this->inner->enumerate(this->inner, NULL, &local_addr, &remote_addr, &ike_proposal)) { @@ -295,11 +295,11 @@ static enumerator_t* create_ike_cfg_enumerator(private_uci_config_t *this, host_t *me, host_t *other) { ike_enumerator_t *e = malloc_thing(ike_enumerator_t); - + e->public.enumerate = (void*)ike_enumerator_enumerate; e->public.destroy = (void*)ike_enumerator_destroy; e->ike_cfg = NULL; - e->inner = this->parser->create_section_enumerator(this->parser, + e->inner = this->parser->create_section_enumerator(this->parser, "local_addr", "remote_addr", "ike_proposal", NULL); if (!e->inner) { @@ -316,7 +316,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_uci_config_t *this, char *name) { enumerator_t *enumerator; peer_cfg_t *current, *found = NULL; - + enumerator = create_peer_cfg_enumerator(this, NULL, NULL); if (enumerator) { diff --git a/src/charon/plugins/uci/uci_config.h b/src/charon/plugins/uci/uci_config.h index eac05b1df..130f15d85 100644 --- a/src/charon/plugins/uci/uci_config.h +++ b/src/charon/plugins/uci/uci_config.h @@ -37,11 +37,11 @@ struct uci_config_t { * Implements backend_t interface */ backend_t backend; - + /** * Destroy the backend. */ - void (*destroy)(uci_config_t *this); + void (*destroy)(uci_config_t *this); }; /** diff --git a/src/charon/plugins/uci/uci_control.c b/src/charon/plugins/uci/uci_control.c index f74224fa7..9bfc4ecee 100644 --- a/src/charon/plugins/uci/uci_control.c +++ b/src/charon/plugins/uci/uci_control.c @@ -37,14 +37,14 @@ typedef struct private_uci_control_t private_uci_control_t; * private data of uci_control_t */ struct private_uci_control_t { - + /** * Public part */ uci_control_t public; - + /** - * Job + * Job */ callback_job_t *job; }; @@ -56,7 +56,7 @@ static void write_fifo(private_uci_control_t *this, char *format, ...) { va_list args; FILE *out; - + out = fopen(FIFO_FILE, "w"); if (out) { @@ -83,7 +83,7 @@ static void status(private_uci_control_t *this, char *name) peer_cfg_t *peer_cfg; char buf[2048]; FILE *out = NULL; - + configs = charon->backends->create_peer_cfg_enumerator(charon->backends, NULL, NULL, NULL, NULL); while (configs->enumerate(configs, &peer_cfg)) @@ -109,7 +109,7 @@ static void status(private_uci_control_t *this, char *name) } fprintf(out, "%-8s %-20D %-16H ", ike_sa->get_name(ike_sa), ike_sa->get_other_id(ike_sa), ike_sa->get_other_host(ike_sa)); - + children = ike_sa->create_child_sa_iterator(ike_sa); while (children->iterate(children, (void**)&child_sa)) { @@ -141,7 +141,7 @@ static void initiate(private_uci_control_t *this, char *name) peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; enumerator_t *enumerator; - + peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, name); if (peer_cfg) { @@ -173,7 +173,7 @@ static void terminate(private_uci_control_t *this, char *name) enumerator_t *enumerator; ike_sa_t *ike_sa; u_int id; - + enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) { @@ -197,7 +197,7 @@ static void terminate(private_uci_control_t *this, char *name) static void process(private_uci_control_t *this, char *message) { enumerator_t* enumerator; - + enumerator = enumerator_create_token(message, " \n", ""); if (enumerator->enumerate(enumerator, &message)) { @@ -217,7 +217,7 @@ static void process(private_uci_control_t *this, char *message) { initiate(this, message); } - else if (streq(message, "down") && + else if (streq(message, "down") && enumerator->enumerate(enumerator, &message)) { terminate(this, message); @@ -239,7 +239,7 @@ static job_requeue_t receive(private_uci_control_t *this) char message[128]; int oldstate, len; FILE *in; - + memset(message, 0, sizeof(message)); pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); in = fopen(FIFO_FILE, "r"); @@ -280,9 +280,9 @@ static void destroy(private_uci_control_t *this) uci_control_t *uci_control_create() { private_uci_control_t *this = malloc_thing(private_uci_control_t); - + this->public.destroy = (void(*)(uci_control_t*))destroy; - + unlink(FIFO_FILE); if (mkfifo(FIFO_FILE, S_IRUSR|S_IWUSR) != 0) { diff --git a/src/charon/plugins/uci/uci_control.h b/src/charon/plugins/uci/uci_control.h index 527ed82e7..794220aa1 100644 --- a/src/charon/plugins/uci/uci_control.h +++ b/src/charon/plugins/uci/uci_control.h @@ -27,7 +27,7 @@ typedef struct uci_control_t uci_control_t; * UCI control interface, uses a simple FIFO file */ struct uci_control_t { - + /** * Destroy the controller */ diff --git a/src/charon/plugins/uci/uci_creds.c b/src/charon/plugins/uci/uci_creds.c index 05bc6e109..4d664feb2 100644 --- a/src/charon/plugins/uci/uci_creds.c +++ b/src/charon/plugins/uci/uci_creds.c @@ -31,7 +31,7 @@ struct private_uci_creds_t { * Public part */ uci_creds_t public; - + /** * UCI parser context */ @@ -66,7 +66,7 @@ static bool shared_enumerator_enumerate(shared_enumerator_t *this, local_id = "%any"; remote_id = "%any"; psk = NULL; - + if (!this->inner->enumerate(this->inner, NULL, &local_id, &remote_id, &psk)) { @@ -122,23 +122,23 @@ static void shared_enumerator_destroy(shared_enumerator_t *this) */ static enumerator_t* create_shared_enumerator(private_uci_creds_t *this, shared_key_type_t type, - identification_t *me, + identification_t *me, identification_t *other) { shared_enumerator_t *e; - + if (type != SHARED_IKE) { return NULL; } - + e = malloc_thing(shared_enumerator_t); e->current = NULL; e->public.enumerate = (void*)shared_enumerator_enumerate; e->public.destroy = (void*)shared_enumerator_destroy; e->me = me; e->other = other; - e->inner = this->parser->create_section_enumerator(this->parser, + e->inner = this->parser->create_section_enumerator(this->parser, "local_id", "remote_id", "psk", NULL); if (!e->inner) { @@ -166,7 +166,7 @@ uci_creds_t *uci_creds_create(uci_parser_t *parser) this->public.credential_set.create_cdp_enumerator = (enumerator_t*(*) (credential_set_t *,certificate_type_t, identification_t *))return_null; this->public.credential_set.cache_cert = (void (*)(credential_set_t *, certificate_t *))nop; this->public.destroy = (void(*) (uci_creds_t*))destroy; - + this->parser = parser; return &this->public; diff --git a/src/charon/plugins/uci/uci_creds.h b/src/charon/plugins/uci/uci_creds.h index de50984a9..a283ed9f5 100644 --- a/src/charon/plugins/uci/uci_creds.h +++ b/src/charon/plugins/uci/uci_creds.h @@ -37,11 +37,11 @@ struct uci_creds_t { * Implements credential set interface. */ credential_set_t credential_set; - + /** * Destroy the backend. */ - void (*destroy)(uci_creds_t *this); + void (*destroy)(uci_creds_t *this); }; /** diff --git a/src/charon/plugins/uci/uci_parser.c b/src/charon/plugins/uci/uci_parser.c index f994e36f7..76019a3b4 100644 --- a/src/charon/plugins/uci/uci_parser.c +++ b/src/charon/plugins/uci/uci_parser.c @@ -32,7 +32,7 @@ struct private_uci_parser_t { * Public part */ uci_parser_t public; - + /** * UCI package name this parser reads */ @@ -66,12 +66,12 @@ static bool section_enumerator_enumerate(section_enumerator_t *this, ...) char **value; va_list args; int i; - + if (&this->current->list == this->list) { return FALSE; } - + va_start(args, this); value = va_arg(args, char**); @@ -87,7 +87,7 @@ static bool section_enumerator_enumerate(section_enumerator_t *this, ...) *value = uci_to_section(this->current)->type; } } - + /* followed by keyword parameters */ for (i = 0; this->keywords[i]; i++) { @@ -99,7 +99,7 @@ static bool section_enumerator_enumerate(section_enumerator_t *this, ...) } } va_end(args); - + this->current = list_to_element(this->current->list.next); return TRUE; } @@ -121,7 +121,7 @@ static enumerator_t* create_section_enumerator(private_uci_parser_t *this, ...) section_enumerator_t *e; va_list args; int i; - + /* allocate enumerator large enought to hold keyword pointers */ i = 1; va_start(args, this); @@ -133,16 +133,16 @@ static enumerator_t* create_section_enumerator(private_uci_parser_t *this, ...) e = malloc(sizeof(section_enumerator_t) + sizeof(char*) * i); i = 0; va_start(args, this); - do + do { e->keywords[i] = va_arg(args, char*); } while (e->keywords[i++]); va_end(args); - + e->public.enumerate = (void*)section_enumerator_enumerate; e->public.destroy = (void*)section_enumerator_destroy; - + /* load uci context */ e->ctx = uci_alloc_context(); if (uci_load(e->ctx, this->package, &e->package) != UCI_OK) @@ -178,9 +178,9 @@ uci_parser_t *uci_parser_create(char *package) this->public.create_section_enumerator = (enumerator_t*(*)(uci_parser_t*, ...))create_section_enumerator; this->public.destroy = (void(*)(uci_parser_t*))destroy; - + this->package = strdup(package); - + return &this->public; } diff --git a/src/charon/plugins/uci/uci_parser.h b/src/charon/plugins/uci/uci_parser.h index ef3d7b0f5..7217e507a 100644 --- a/src/charon/plugins/uci/uci_parser.h +++ b/src/charon/plugins/uci/uci_parser.h @@ -41,11 +41,11 @@ struct uci_parser_t { * @return enumerator over sections */ enumerator_t* (*create_section_enumerator)(uci_parser_t *this, ...); - + /** * Destroy the parser. */ - void (*destroy)(uci_parser_t *this); + void (*destroy)(uci_parser_t *this); }; /** diff --git a/src/charon/plugins/uci/uci_plugin.c b/src/charon/plugins/uci/uci_plugin.c index 3ab4c92f8..2a79b9109 100644 --- a/src/charon/plugins/uci/uci_plugin.c +++ b/src/charon/plugins/uci/uci_plugin.c @@ -36,17 +36,17 @@ struct private_uci_plugin_t { * implements plugin interface */ uci_plugin_t public; - + /** * UCI configuration backend */ uci_config_t *config; - + /** * UCI credential set implementation */ uci_creds_t *creds; - + /** * UCI parser wrapper */ @@ -78,16 +78,16 @@ static void destroy(private_uci_plugin_t *this) plugin_t *plugin_create() { private_uci_plugin_t *this = malloc_thing(private_uci_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->parser = uci_parser_create(UCI_PACKAGE); this->config = uci_config_create(this->parser); this->creds = uci_creds_create(this->parser); this->control = uci_control_create(); charon->backends->add_backend(charon->backends, &this->config->backend); charon->credentials->add_set(charon->credentials, &this->creds->credential_set); - + return &this->public.plugin; } diff --git a/src/charon/plugins/unit_tester/tests.h b/src/charon/plugins/unit_tester/tests.h index b99940c1a..96313d390 100644 --- a/src/charon/plugins/unit_tester/tests.h +++ b/src/charon/plugins/unit_tester/tests.h @@ -14,7 +14,7 @@ */ /** - * @defgroup tests tests + * @defgroup tests tests * @{ @ingroup unit_tester */ diff --git a/src/charon/plugins/unit_tester/tests/test_agent.c b/src/charon/plugins/unit_tester/tests/test_agent.c index fd76b9cf5..21cb8b777 100644 --- a/src/charon/plugins/unit_tester/tests/test_agent.c +++ b/src/charon/plugins/unit_tester/tests/test_agent.c @@ -25,14 +25,14 @@ bool test_agent() chunk_t sig, data = chunk_from_buf(buf); private_key_t *private; public_key_t *public; - + path = getenv("SSH_AUTH_SOCK"); if (!path) { DBG1(DBG_CFG, "ssh-agent not found."); return FALSE; } - + private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, BUILD_AGENT_SOCKET, path, BUILD_END); if (!private) @@ -58,10 +58,10 @@ bool test_agent() { return FALSE; } - + private->destroy(private); public->destroy(public); - + return TRUE; } diff --git a/src/charon/plugins/unit_tester/tests/test_auth_info.c b/src/charon/plugins/unit_tester/tests/test_auth_info.c index 37bdd1087..6de34b2a1 100644 --- a/src/charon/plugins/unit_tester/tests/test_auth_info.c +++ b/src/charon/plugins/unit_tester/tests/test_auth_info.c @@ -83,7 +83,7 @@ bool test_auth_cfg() int round = 0; void *value; auth_rule_t type; - + c1 = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_BLOB_ASN1_DER, certchunk, BUILD_END); @@ -91,7 +91,7 @@ bool test_auth_cfg() { return FALSE; } - + auth->add(auth, AUTH_RULE_SUBJECT_CERT, c1->get_ref(c1)); c2 = auth->get(auth, AUTH_RULE_SUBJECT_CERT); if (!c2) @@ -102,7 +102,7 @@ bool test_auth_cfg() { return FALSE; } - + enumerator = auth->create_enumerator(auth); while (enumerator->enumerate(enumerator, &type, &value)) { @@ -114,11 +114,11 @@ bool test_auth_cfg() return FALSE; } enumerator->destroy(enumerator); - + auth2 = auth_cfg_create(); auth2->add(auth2, AUTH_RULE_CA_CERT, c1->get_ref(c1)); auth2->merge(auth2, auth, FALSE); - + round = 0; enumerator = auth2->create_enumerator(auth2); while (enumerator->enumerate(enumerator, &type, &value)) diff --git a/src/charon/plugins/unit_tester/tests/test_cert.c b/src/charon/plugins/unit_tester/tests/test_cert.c index 95ab289df..3b00421f8 100644 --- a/src/charon/plugins/unit_tester/tests/test_cert.c +++ b/src/charon/plugins/unit_tester/tests/test_cert.c @@ -28,10 +28,10 @@ bool test_cert_x509() identification_t *issuer, *subject; u_int32_t serial = htonl(0); chunk_t encoding; - + issuer = identification_create_from_string("CN=CA, OU=Test, O=strongSwan"); subject = identification_create_from_string("CN=Peer, OU=Test, O=strongSwan"); - + ca_key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, BUILD_KEY_SIZE, 1024, BUILD_END); peer_key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, @@ -50,7 +50,7 @@ bool test_cert_x509() { return FALSE; } - + encoding = ca_cert->get_encoding(ca_cert); parsed = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_BLOB_ASN1_DER, encoding, @@ -65,7 +65,7 @@ bool test_cert_x509() return FALSE; } parsed->destroy(parsed); - + serial = htonl(ntohl(serial) + 1); public = peer_key->get_public_key(peer_key); peer_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, @@ -80,7 +80,7 @@ bool test_cert_x509() { return FALSE; } - + encoding = peer_cert->get_encoding(peer_cert); parsed = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_BLOB_ASN1_DER, encoding, @@ -95,7 +95,7 @@ bool test_cert_x509() return FALSE; } parsed->destroy(parsed); - + ca_cert->destroy(ca_cert); ca_key->destroy(ca_key); peer_cert->destroy(peer_cert); diff --git a/src/charon/plugins/unit_tester/tests/test_chunk.c b/src/charon/plugins/unit_tester/tests/test_chunk.c index 5356c1d96..2e0905b2c 100644 --- a/src/charon/plugins/unit_tester/tests/test_chunk.c +++ b/src/charon/plugins/unit_tester/tests/test_chunk.c @@ -31,12 +31,12 @@ bool test_chunk_base64() * BASE64("fooba") = "Zm9vYmE=" * BASE64("foobar") = "Zm9vYmFy" */ - + typedef struct { char *in; char *out; } testdata_t; - + testdata_t test[] = { {"", ""}, {"f", "Zg=="}, @@ -47,31 +47,31 @@ bool test_chunk_base64() {"foobar", "Zm9vYmFy"}, }; int i; - + for (i = 0; i < countof(test); i++) { chunk_t out; - + out = chunk_to_base64(chunk_create(test[i].in, strlen(test[i].in)), NULL); - + if (!streq(out.ptr, test[i].out)) { - DBG1(DBG_CFG, "base64 conversion error - should %s, is %s", + DBG1(DBG_CFG, "base64 conversion error - should %s, is %s", test[i].out, out.ptr); return FALSE; } free(out.ptr); } - + for (i = 0; i < countof(test); i++) { chunk_t out; - + out = chunk_from_base64(chunk_create(test[i].out, strlen(test[i].out)), NULL); - + if (!strneq(out.ptr, test[i].in, out.len)) { - DBG1(DBG_CFG, "base64 conversion error - should %s, is %#B", + DBG1(DBG_CFG, "base64 conversion error - should %s, is %#B", test[i].in, &out); return FALSE; } diff --git a/src/charon/plugins/unit_tester/tests/test_curl.c b/src/charon/plugins/unit_tester/tests/test_curl.c index c011617a7..21656a94e 100644 --- a/src/charon/plugins/unit_tester/tests/test_curl.c +++ b/src/charon/plugins/unit_tester/tests/test_curl.c @@ -25,14 +25,14 @@ bool test_curl_get() { chunk_t chunk; - + if (lib->fetcher->fetch(lib->fetcher, "http://www.strongswan.org", &chunk, FETCH_END) != SUCCESS) { return FALSE; } free(chunk.ptr); - + if (lib->fetcher->fetch(lib->fetcher, "http://www.google.com", &chunk, FETCH_END) != SUCCESS) { diff --git a/src/charon/plugins/unit_tester/tests/test_enumerator.c b/src/charon/plugins/unit_tester/tests/test_enumerator.c index 6898084fc..edbf0f5bb 100644 --- a/src/charon/plugins/unit_tester/tests/test_enumerator.c +++ b/src/charon/plugins/unit_tester/tests/test_enumerator.c @@ -23,7 +23,7 @@ bool test_list_remove() { void *a = (void*)1, *b = (void*)2; linked_list_t *list; - + list = linked_list_create(); list->insert_last(list, a); if (list->remove(list, a, NULL) != 1) @@ -67,15 +67,15 @@ bool test_enumerate() void *a = (void*)4, *b = (void*)3, *c = (void*)2, *d = (void*)5, *e = (void*)1; linked_list_t *list; enumerator_t *enumerator; - + list = linked_list_create(); - + list->insert_last(list, a); list->insert_first(list, b); list->insert_first(list, c); list->insert_last(list, d); list->insert_first(list, e); - + round = 1; enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &x)) @@ -87,7 +87,7 @@ bool test_enumerate() round++; } enumerator->destroy(enumerator); - + list->destroy(list); return TRUE; } @@ -122,7 +122,7 @@ bool test_enumerate_nested() void *a = (void*)1, *b = (void*)2, *c = (void*)3, *d = (void*)4, *e = (void*)5; linked_list_t *list, *l1, *l2, *l3; enumerator_t *enumerator; - + bad_data = FALSE; list = linked_list_create(); l1 = linked_list_create(); @@ -131,13 +131,13 @@ bool test_enumerate_nested() list->insert_last(list, l1); list->insert_last(list, l2); list->insert_last(list, l3); - + l1->insert_last(l1, a); l1->insert_last(l1, b); l3->insert_last(l3, c); l3->insert_last(l3, d); l3->insert_last(l3, e); - + round = 1; enumerator = enumerator_create_nested(list->create_enumerator(list), (void*)create_inner, (void*)101, destroy_data); @@ -150,7 +150,7 @@ bool test_enumerate_nested() round++; } enumerator->destroy(enumerator); - + list->destroy(list); l1->destroy(l1); l2->destroy(l2); @@ -185,16 +185,16 @@ bool test_enumerate_filtered() void *a = (void*)1, *b = (void*)2, *c = (void*)3, *d = (void*)4, *e = (void*)5; linked_list_t *list; enumerator_t *enumerator; - + bad_data = FALSE; list = linked_list_create(); - + list->insert_last(list, a); list->insert_last(list, b); list->insert_last(list, c); list->insert_last(list, d); list->insert_last(list, e); - + round = 1; enumerator = enumerator_create_filter(list->create_enumerator(list), (void*)filter, (void*)101, destroy_data); @@ -208,7 +208,7 @@ bool test_enumerate_filtered() round++; } enumerator->destroy(enumerator); - + list->destroy(list); return !bad_data; } @@ -216,7 +216,7 @@ bool test_enumerate_filtered() /******************************************************************************* * token parser test ******************************************************************************/ - + bool test_enumerate_token() { enumerator_t *enumerator; @@ -240,7 +240,7 @@ bool test_enumerate_token() {"a.b,c", ",.", ""}, {" a b c ", " ", " "}, }; - + for (num = 0; num < countof(tests1); num++) { i = 0; @@ -270,7 +270,7 @@ bool test_enumerate_token() } enumerator->destroy(enumerator); } - + for (num = 0; num < countof(tests2); num++) { i = 0; @@ -300,7 +300,7 @@ bool test_enumerate_token() } enumerator->destroy(enumerator); } - + return TRUE; } diff --git a/src/charon/plugins/unit_tester/tests/test_id.c b/src/charon/plugins/unit_tester/tests/test_id.c index a1ef76be8..868a2ca8b 100644 --- a/src/charon/plugins/unit_tester/tests/test_id.c +++ b/src/charon/plugins/unit_tester/tests/test_id.c @@ -25,9 +25,9 @@ bool test_id_parts() id_part_t part; chunk_t data; int i = 0; - + id = identification_create_from_string("C=CH, O=strongSwan, CN=tester"); - + enumerator = id->create_part_enumerator(id); while (enumerator->enumerate(enumerator, &part, &data)) { @@ -75,7 +75,7 @@ static bool test_id_wildcards_has(char *string) { identification_t *id; bool contains; - + id = identification_create_from_string(string); contains = id->contains_wildcards(id); id->destroy(id); @@ -115,7 +115,7 @@ static bool test_id_equals_one(identification_t *a, char *b_str) { identification_t *b; bool equals; - + b = identification_create_from_string(b_str); equals = a->equals(a, b); b->destroy(b); @@ -127,10 +127,10 @@ bool test_id_equals() identification_t *a; chunk_t encoding, fuzzed; int i; - + a = identification_create_from_string( "C=CH, E=martin@strongswan.org, CN=martin"); - + if (!test_id_equals_one(a, "C=CH, E=martin@strongswan.org, CN=martin")) { return FALSE; @@ -153,7 +153,7 @@ bool test_id_equals() } encoding = chunk_clone(a->get_encoding(a)); a->destroy(a); - + /* simple fuzzing, increment each byte of encoding */ for (i = 0; i < encoding.len; i++) { @@ -171,7 +171,7 @@ bool test_id_equals() a->destroy(a); free(fuzzed.ptr); } - + /* and decrement each byte of encoding */ for (i = 0; i < encoding.len; i++) { @@ -201,7 +201,7 @@ static id_match_t test_id_matches_one(identification_t *a, char *b_str) { identification_t *b; id_match_t match; - + b = identification_create_from_string(b_str); match = a->matches(a, b); b->destroy(b); @@ -211,10 +211,10 @@ static id_match_t test_id_matches_one(identification_t *a, char *b_str) bool test_id_matches() { identification_t *a; - + a = identification_create_from_string( "C=CH, E=martin@strongswan.org, CN=martin"); - + if (test_id_matches_one(a, "C=CH, E=martin@strongswan.org, CN=martin") != ID_MATCH_PERFECT) { diff --git a/src/charon/plugins/unit_tester/tests/test_med_db.c b/src/charon/plugins/unit_tester/tests/test_med_db.c index da517958e..c5c15d1c2 100644 --- a/src/charon/plugins/unit_tester/tests/test_med_db.c +++ b/src/charon/plugins/unit_tester/tests/test_med_db.c @@ -36,7 +36,7 @@ bool test_med_db() public_key_t *public; auth_cfg_t *auth; bool good = FALSE; - + id = identification_create_from_encoding(ID_KEY_ID, keyid); enumerator = charon->credentials->create_public_enumerator( charon->credentials, KEY_ANY, id, NULL); diff --git a/src/charon/plugins/unit_tester/tests/test_mutex.c b/src/charon/plugins/unit_tester/tests/test_mutex.c index cb315276b..cfe00cc7c 100644 --- a/src/charon/plugins/unit_tester/tests/test_mutex.c +++ b/src/charon/plugins/unit_tester/tests/test_mutex.c @@ -46,7 +46,7 @@ static void* run(void* null) if (locked > 1) { failed = TRUE; - } + } locked--; mutex->unlock(mutex); mutex->unlock(mutex); @@ -64,9 +64,9 @@ bool test_mutex() { int i; pthread_t threads[THREADS]; - + mutex = mutex_create(MUTEX_TYPE_RECURSIVE); - + for (i = 0; i < 10; i++) { mutex->lock(mutex); @@ -80,9 +80,9 @@ bool test_mutex() { mutex->unlock(mutex); } - + pthread_barrier_init(&barrier, NULL, THREADS); - + for (i = 0; i < THREADS; i++) { pthread_create(&threads[i], NULL, run, NULL); @@ -92,9 +92,9 @@ bool test_mutex() pthread_join(threads[i], NULL); } pthread_barrier_destroy(&barrier); - + mutex->destroy(mutex); - + return !failed; } diff --git a/src/charon/plugins/unit_tester/tests/test_mysql.c b/src/charon/plugins/unit_tester/tests/test_mysql.c index ff3d38ad8..cd63a5f78 100644 --- a/src/charon/plugins/unit_tester/tests/test_mysql.c +++ b/src/charon/plugins/unit_tester/tests/test_mysql.c @@ -31,7 +31,7 @@ bool test_mysql() char *qtxt; bool good = FALSE; enumerator_t *enumerator; - + db = lib->db->create(lib->db, "mysql://testuser:testpass@localhost/test"); if (!db) { diff --git a/src/charon/plugins/unit_tester/tests/test_pool.c b/src/charon/plugins/unit_tester/tests/test_pool.c index f32cd5820..f9a776a82 100644 --- a/src/charon/plugins/unit_tester/tests/test_pool.c +++ b/src/charon/plugins/unit_tester/tests/test_pool.c @@ -27,33 +27,33 @@ static void* testing(void *thread) int i; host_t *addr[ALLOCS]; identification_t *id[ALLOCS]; - + /* prepare identities */ for (i = 0; i < ALLOCS; i++) { char buf[256]; - + snprintf(buf, sizeof(buf), "%d-%d@strongswan.org", (uintptr_t)thread, i); id[i] = identification_create_from_string(buf); } - + /* allocate addresses */ for (i = 0; i < ALLOCS; i++) { - addr[i] = charon->attributes->acquire_address(charon->attributes, + addr[i] = charon->attributes->acquire_address(charon->attributes, "test", id[i], NULL); if (!addr[i]) { return (void*)FALSE; } } - + /* release addresses */ for (i = 0; i < ALLOCS; i++) { charon->attributes->release_address(charon->attributes, "test", addr[i], id[i]); } - + /* cleanup */ for (i = 0; i < ALLOCS; i++) { @@ -72,7 +72,7 @@ bool test_pool() uintptr_t i; void *res; pthread_t thread[THREADS]; - + for (i = 0; i < THREADS; i++) { if (pthread_create(&thread[i], NULL, (void*)testing, (void*)i) < 0) diff --git a/src/charon/plugins/unit_tester/tests/test_rsa_gen.c b/src/charon/plugins/unit_tester/tests/test_rsa_gen.c index 1b7af63ee..a449112ec 100644 --- a/src/charon/plugins/unit_tester/tests/test_rsa_gen.c +++ b/src/charon/plugins/unit_tester/tests/test_rsa_gen.c @@ -26,7 +26,7 @@ bool test_rsa_gen() private_key_t *private; public_key_t *public; u_int key_size; - + for (key_size = 512; key_size <= 2048; key_size *= 2) { private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, @@ -113,7 +113,7 @@ bool test_rsa_load_any() { chunk_t chunk = chunk_from_buf(public_any); public_key_t *public; - + public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, BUILD_BLOB_ASN1_DER, chunk, BUILD_END); diff --git a/src/charon/plugins/unit_tester/tests/test_sqlite.c b/src/charon/plugins/unit_tester/tests/test_sqlite.c index d152fc594..4dcc5bad1 100644 --- a/src/charon/plugins/unit_tester/tests/test_sqlite.c +++ b/src/charon/plugins/unit_tester/tests/test_sqlite.c @@ -36,7 +36,7 @@ bool test_sqlite() char *qtxt; bool good = FALSE; enumerator_t *enumerator; - + db = lib->db->create(lib->db, "sqlite://" DBFILE); if (!db) { diff --git a/src/charon/plugins/unit_tester/unit_tester.c b/src/charon/plugins/unit_tester/unit_tester.c index c9651e601..3c39688c6 100644 --- a/src/charon/plugins/unit_tester/unit_tester.c +++ b/src/charon/plugins/unit_tester/unit_tester.c @@ -33,17 +33,17 @@ struct private_unit_tester_t { }; struct unit_test_t { - + /** * name of the test */ char *name; - + /** * test function */ bool (*test)(void); - + /** * run the test? */ @@ -62,10 +62,10 @@ static unit_test_t tests[] = { static void run_tests(private_unit_tester_t *this) { int i, run = 0, failed = 0, success = 0, skipped = 0; - + DBG1(DBG_CFG, "running unit tests, %d tests registered", sizeof(tests)/sizeof(unit_test_t)); - + for (i = 0; i < sizeof(tests)/sizeof(unit_test_t); i++) { if (tests[i].enabled) @@ -106,11 +106,11 @@ static void destroy(private_unit_tester_t *this) plugin_t *plugin_create() { private_unit_tester_t *this = malloc_thing(private_unit_tester_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + run_tests(this); - + return &this->public.plugin; } diff --git a/src/charon/plugins/unit_tester/unit_tester.h b/src/charon/plugins/unit_tester/unit_tester.h index 33b13313d..79d5bc021 100644 --- a/src/charon/plugins/unit_tester/unit_tester.h +++ b/src/charon/plugins/unit_tester/unit_tester.h @@ -28,7 +28,7 @@ typedef struct unit_tester_t unit_tester_t; /** * Unit testing plugin. * - * The unit testing plugin runs tests on plugin initialization. Tests are + * The unit testing plugin runs tests on plugin initialization. Tests are * defined in tests.h using the DEFINE_TEST macro. Implementation of the * tests is done in the tests folder. Each test has uses a function which * returns TRUE for success or FALSE for failure. diff --git a/src/charon/plugins/updown/updown_listener.c b/src/charon/plugins/updown/updown_listener.c index a6be35690..10a94726a 100644 --- a/src/charon/plugins/updown/updown_listener.c +++ b/src/charon/plugins/updown/updown_listener.c @@ -27,12 +27,12 @@ typedef struct private_updown_listener_t private_updown_listener_t; * Private data of an updown_listener_t object. */ struct private_updown_listener_t { - + /** * Public updown_listener_t interface. */ updown_listener_t public; - + /** * List of cached interface names */ @@ -58,10 +58,10 @@ static void cache_iface(private_updown_listener_t *this, u_int32_t reqid, char *iface) { cache_entry_t *entry = malloc_thing(cache_entry_t); - + entry->reqid = reqid; entry->iface = strdup(iface); - + this->iface_cache->insert_first(this->iface_cache, entry); } @@ -73,7 +73,7 @@ static char* uncache_iface(private_updown_listener_t *this, u_int32_t reqid) enumerator_t *enumerator; cache_entry_t *entry; char *iface = NULL; - + enumerator = this->iface_cache->create_enumerator(this->iface_cache); while (enumerator->enumerate(enumerator, &entry)) { @@ -100,18 +100,18 @@ static void updown(private_updown_listener_t *this, ike_sa_t *ike_sa, child_cfg_t *config; host_t *vip, *me, *other; char *script; - + config = child_sa->get_config(child_sa); vip = ike_sa->get_virtual_ip(ike_sa, TRUE); script = config->get_updown(config); me = ike_sa->get_my_host(ike_sa); other = ike_sa->get_other_host(ike_sa); - + if (script == NULL) { return; } - + enumerator = child_sa->create_policy_enumerator(child_sa); while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) { @@ -160,7 +160,7 @@ static void updown(private_updown_listener_t *this, ike_sa_t *ike_sa, virtual_ip = NULL; } } - + if (up) { iface = charon->kernel_interface->get_interface( @@ -174,7 +174,7 @@ static void updown(private_updown_listener_t *this, ike_sa_t *ike_sa, { iface = uncache_iface(this, child_sa->get_reqid(child_sa)); } - + /* build the command with all env variables. * TODO: PLUTO_PEER_CA and PLUTO_NEXT_HOP are currently missing */ @@ -225,7 +225,7 @@ static void updown(private_updown_listener_t *this, ike_sa_t *ike_sa, free(other_client); free(virtual_ip); free(iface); - + DBG3(DBG_CHD, "running updown script: %s", command); shell = popen(command, "r"); @@ -234,11 +234,11 @@ static void updown(private_updown_listener_t *this, ike_sa_t *ike_sa, DBG1(DBG_CHD, "could not execute updown script '%s'", script); return; } - + while (TRUE) { char resp[128]; - + if (fgets(resp, sizeof(resp), shell) == NULL) { if (ferror(shell)) @@ -273,11 +273,11 @@ static bool child_state_change(private_updown_listener_t *this, ike_sa_t *ike_sa child_sa_t *child_sa, child_sa_state_t state) { child_sa_state_t old; - + if (ike_sa) { old = child_sa->get_state(child_sa); - + if ((old == CHILD_INSTALLED && state != CHILD_REKEYING ) || (old == CHILD_DELETING && state == CHILD_DESTROYING)) { @@ -306,13 +306,13 @@ static void destroy(private_updown_listener_t *this) updown_listener_t *updown_listener_create() { private_updown_listener_t *this = malloc_thing(private_updown_listener_t); - + memset(&this->public.listener, 0, sizeof(listener_t)); this->public.listener.child_state_change = (void*)child_state_change; this->public.destroy = (void(*)(updown_listener_t*))destroy; - + this->iface_cache = linked_list_create(); - + return &this->public; } diff --git a/src/charon/plugins/updown/updown_listener.h b/src/charon/plugins/updown/updown_listener.h index cc59f61c6..7b978b0cc 100644 --- a/src/charon/plugins/updown/updown_listener.h +++ b/src/charon/plugins/updown/updown_listener.h @@ -29,12 +29,12 @@ typedef struct updown_listener_t updown_listener_t; * Listener which invokes the scripts on CHILD_SA up/down. */ struct updown_listener_t { - + /** * Implements listener_t. */ listener_t listener; - + /** * Destroy a updown_listener_t. */ diff --git a/src/charon/plugins/updown/updown_plugin.c b/src/charon/plugins/updown/updown_plugin.c index 4f0483fac..6cb0efdcd 100644 --- a/src/charon/plugins/updown/updown_plugin.c +++ b/src/charon/plugins/updown/updown_plugin.c @@ -29,7 +29,7 @@ struct private_updown_plugin_t { * implements plugin interface */ updown_plugin_t public; - + /** * Listener interface, listens to CHILD_SA state changes */ @@ -52,12 +52,12 @@ static void destroy(private_updown_plugin_t *this) plugin_t *plugin_create() { private_updown_plugin_t *this = malloc_thing(private_updown_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->listener = updown_listener_create(); charon->bus->add_listener(charon->bus, &this->listener->listener); - + return &this->public.plugin; } diff --git a/src/charon/processing/jobs/acquire_job.c b/src/charon/processing/jobs/acquire_job.c index 90b221b84..45ace9312 100644 --- a/src/charon/processing/jobs/acquire_job.c +++ b/src/charon/processing/jobs/acquire_job.c @@ -28,17 +28,17 @@ struct private_acquire_job_t { * Public acquire_job_t interface. */ acquire_job_t public; - + /** * reqid of the child to rekey */ u_int32_t reqid; - + /** * acquired source traffic selector */ traffic_selector_t *src_ts; - + /** * acquired destination traffic selector */ @@ -73,14 +73,14 @@ acquire_job_t *acquire_job_create(u_int32_t reqid, traffic_selector_t *dst_ts) { private_acquire_job_t *this = malloc_thing(private_acquire_job_t); - + this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*)(job_t*)) destroy; - + this->reqid = reqid; this->src_ts = src_ts; this->dst_ts = dst_ts; - + return &this->public; } diff --git a/src/charon/processing/jobs/acquire_job.h b/src/charon/processing/jobs/acquire_job.h index a78e5274d..766e4db90 100644 --- a/src/charon/processing/jobs/acquire_job.h +++ b/src/charon/processing/jobs/acquire_job.h @@ -29,7 +29,7 @@ typedef struct acquire_job_t acquire_job_t; /** * Class representing an ACQUIRE Job. - * + * * This job initiates a CHILD SA on kernel request. */ struct acquire_job_t { diff --git a/src/charon/processing/jobs/callback_job.c b/src/charon/processing/jobs/callback_job.c index f4beb5abd..ee71fc557 100644 --- a/src/charon/processing/jobs/callback_job.c +++ b/src/charon/processing/jobs/callback_job.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include "callback_job.h" #include <pthread.h> @@ -30,7 +30,7 @@ struct private_callback_job_t { * Public callback_job_t interface. */ callback_job_t public; - + /** * Callback to call on execution */ @@ -40,27 +40,27 @@ struct private_callback_job_t { * parameter to supply to callback */ void *data; - + /** * cleanup function for data */ callback_job_cleanup_t cleanup; - + /** * thread ID of the job, if running */ pthread_t thread; - + /** * mutex to access jobs interna */ mutex_t *mutex; - + /** * list of asociated child jobs */ linked_list_t *children; - + /** * parent of this job, or NULL */ @@ -90,7 +90,7 @@ static void unregister(private_callback_job_t *this) { iterator_t *iterator; private_callback_job_t *child; - + this->parent->mutex->lock(this->parent->mutex); iterator = this->parent->children->create_iterator(this->parent->children, TRUE); while (iterator->iterate(iterator, (void**)&child)) @@ -112,14 +112,14 @@ static void unregister(private_callback_job_t *this) static void cancel(private_callback_job_t *this) { pthread_t thread; - + this->mutex->lock(this->mutex); thread = this->thread; - + /* terminate its children */ this->children->invoke_offset(this->children, offsetof(callback_job_t, cancel)); this->mutex->unlock(this->mutex); - + /* terminate thread */ if (thread) { @@ -138,7 +138,7 @@ static void execute(private_callback_job_t *this) this->mutex->lock(this->mutex); this->thread = pthread_self(); this->mutex->unlock(this->mutex); - + pthread_cleanup_push((void*)destroy, this); while (TRUE) { @@ -175,7 +175,7 @@ callback_job_t *callback_job_create(callback_job_cb_t cb, void *data, callback_job_t *parent) { private_callback_job_t *this = malloc_thing(private_callback_job_t); - + /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*) (job_t *)) destroy; @@ -189,7 +189,7 @@ callback_job_t *callback_job_create(callback_job_cb_t cb, void *data, this->thread = 0; this->children = linked_list_create(); this->parent = (private_callback_job_t*)parent; - + /* register us at parent */ if (parent) { @@ -197,7 +197,7 @@ callback_job_t *callback_job_create(callback_job_cb_t cb, void *data, this->parent->children->insert_last(this->parent->children, this); this->parent->mutex->unlock(this->parent->mutex); } - + return &this->public; } diff --git a/src/charon/processing/jobs/callback_job.h b/src/charon/processing/jobs/callback_job.h index 2bb209cb7..5435bc09c 100644 --- a/src/charon/processing/jobs/callback_job.h +++ b/src/charon/processing/jobs/callback_job.h @@ -41,12 +41,12 @@ enum job_requeue_t { * Do not requeue job, destroy it */ JOB_REQUEUE_NONE, - + /** * Reque the job fairly, meaning it has to requeue as any other job */ JOB_REQUEUE_FAIR, - + /** * Reexecute the job directly, without the need of requeueing it */ @@ -88,7 +88,7 @@ struct callback_job_t { * The job_t interface. */ job_t job_interface; - + /** * Cancel the jobs thread and wait for its termination. */ @@ -103,7 +103,7 @@ struct callback_job_t { * If parent is not NULL, the specified job gets an association. Whenever * the parent gets cancelled (or runs out), all of its children are cancelled, * too. - * + * * @param cb callback to call from the processor * @param data user data to supply to callback * @param cleanup destructor for data on destruction, or NULL diff --git a/src/charon/processing/jobs/delete_child_sa_job.c b/src/charon/processing/jobs/delete_child_sa_job.c index 206f07617..ca55721f2 100644 --- a/src/charon/processing/jobs/delete_child_sa_job.c +++ b/src/charon/processing/jobs/delete_child_sa_job.c @@ -29,17 +29,17 @@ struct private_delete_child_sa_job_t { * Public delete_child_sa_job_t interface. */ delete_child_sa_job_t public; - + /** * reqid of the CHILD_SA */ u_int32_t reqid; - + /** * protocol of the CHILD_SA (ESP/AH) */ protocol_id_t protocol; - + /** * inbound SPI of the CHILD_SA */ @@ -60,7 +60,7 @@ static void destroy(private_delete_child_sa_job_t *this) static void execute(private_delete_child_sa_job_t *this) { ike_sa_t *ike_sa; - + ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, this->reqid, TRUE); if (ike_sa == NULL) @@ -71,7 +71,7 @@ static void execute(private_delete_child_sa_job_t *this) else { ike_sa->delete_child_sa(ike_sa, this->protocol, this->spi); - + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); } destroy(this); @@ -80,21 +80,21 @@ static void execute(private_delete_child_sa_job_t *this) /* * Described in header */ -delete_child_sa_job_t *delete_child_sa_job_create(u_int32_t reqid, - protocol_id_t protocol, +delete_child_sa_job_t *delete_child_sa_job_create(u_int32_t reqid, + protocol_id_t protocol, u_int32_t spi) { private_delete_child_sa_job_t *this = malloc_thing(private_delete_child_sa_job_t); - + /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*)(job_t*)) destroy; - + /* private variables */ this->reqid = reqid; this->protocol = protocol; this->spi = spi; - + return &this->public; } diff --git a/src/charon/processing/jobs/delete_child_sa_job.h b/src/charon/processing/jobs/delete_child_sa_job.h index 9bf6ee423..662a7b7c7 100644 --- a/src/charon/processing/jobs/delete_child_sa_job.h +++ b/src/charon/processing/jobs/delete_child_sa_job.h @@ -31,7 +31,7 @@ typedef struct delete_child_sa_job_t delete_child_sa_job_t; /** * Class representing an DELETE_CHILD_SA Job. - * + * * This job initiates the delete of a CHILD SA. */ struct delete_child_sa_job_t { @@ -52,8 +52,8 @@ struct delete_child_sa_job_t { * @param spi security parameter index of the CHILD_SA * @return delete_child_sa_job_t object */ -delete_child_sa_job_t *delete_child_sa_job_create(u_int32_t reqid, - protocol_id_t protocol, +delete_child_sa_job_t *delete_child_sa_job_create(u_int32_t reqid, + protocol_id_t protocol, u_int32_t spi); #endif /** DELETE_CHILD_SA_JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/delete_ike_sa_job.c b/src/charon/processing/jobs/delete_ike_sa_job.c index 6d4639fad..dffd08ba3 100644 --- a/src/charon/processing/jobs/delete_ike_sa_job.c +++ b/src/charon/processing/jobs/delete_ike_sa_job.c @@ -28,12 +28,12 @@ struct private_delete_ike_sa_job_t { * public delete_ike_sa_job_t interface */ delete_ike_sa_job_t public; - + /** * ID of the ike_sa to delete */ ike_sa_id_t *ike_sa_id; - + /** * Should the IKE_SA be deleted if it is in ESTABLISHED state? */ @@ -56,7 +56,7 @@ static void destroy(private_delete_ike_sa_job_t *this) static void execute(private_delete_ike_sa_job_t *this) { ike_sa_t *ike_sa; - + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->ike_sa_id); if (ike_sa) @@ -99,18 +99,18 @@ static void execute(private_delete_ike_sa_job_t *this) /* * Described in header */ -delete_ike_sa_job_t *delete_ike_sa_job_create(ike_sa_id_t *ike_sa_id, +delete_ike_sa_job_t *delete_ike_sa_job_create(ike_sa_id_t *ike_sa_id, bool delete_if_established) { private_delete_ike_sa_job_t *this = malloc_thing(private_delete_ike_sa_job_t); - + /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*)(job_t *)) destroy;; - + /* private variables */ this->ike_sa_id = ike_sa_id->clone(ike_sa_id); this->delete_if_established = delete_if_established; - + return &(this->public); } diff --git a/src/charon/processing/jobs/delete_ike_sa_job.h b/src/charon/processing/jobs/delete_ike_sa_job.h index 8209977f9..f641deea3 100644 --- a/src/charon/processing/jobs/delete_ike_sa_job.h +++ b/src/charon/processing/jobs/delete_ike_sa_job.h @@ -18,7 +18,7 @@ * @defgroup delete_child_sa_job delete_child_sa_job * @{ @ingroup jobs */ - + #ifndef DELETE_IKE_SA_JOB_H_ #define DELETE_IKE_SA_JOB_H_ @@ -32,12 +32,12 @@ typedef struct delete_ike_sa_job_t delete_ike_sa_job_t; /** * Class representing an DELETE_IKE_SA Job. * - * This job is responsible for deleting established or half open IKE_SAs. + * This job is responsible for deleting established or half open IKE_SAs. * A half open IKE_SA is every IKE_SA which hasn't reache the SA_ESTABLISHED * state. */ struct delete_ike_sa_job_t { - + /** * The job_t interface. */ @@ -46,7 +46,7 @@ struct delete_ike_sa_job_t { /** * Creates a job of type DELETE_IKE_SA. - * + * * @param ike_sa_id id of the IKE_SA to delete * @param delete_if_established should the IKE_SA be deleted if it is established? * @return created delete_ike_sa_job_t object diff --git a/src/charon/processing/jobs/initiate_mediation_job.c b/src/charon/processing/jobs/initiate_mediation_job.c index 157d84341..d3828e190 100644 --- a/src/charon/processing/jobs/initiate_mediation_job.c +++ b/src/charon/processing/jobs/initiate_mediation_job.c @@ -29,12 +29,12 @@ struct private_initiate_mediation_job_t { * public initiate_mediation_job_t interface */ initiate_mediation_job_t public; - + /** * ID of the IKE_SA of the mediated connection. */ ike_sa_id_t *mediated_sa_id; - + /** * ID of the IKE_SA of the mediation connection. */ @@ -68,26 +68,26 @@ static bool initiate_callback(private_initiate_mediation_job_t *this, /** * Implementation of job_t.execute. - */ + */ static void initiate(private_initiate_mediation_job_t *this) { ike_sa_t *mediated_sa, *mediation_sa; peer_cfg_t *mediated_cfg, *mediation_cfg; enumerator_t *enumerator; auth_cfg_t *auth_cfg; - + mediated_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->mediated_sa_id); if (mediated_sa) { mediated_cfg = mediated_sa->get_peer_cfg(mediated_sa); - mediated_cfg->get_ref(mediated_cfg); - + mediated_cfg->get_ref(mediated_cfg); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, mediated_sa); - + mediation_cfg = mediated_cfg->get_mediated_by(mediated_cfg); mediation_cfg->get_ref(mediation_cfg); - + enumerator = mediation_cfg->create_auth_cfg_enumerator(mediation_cfg, TRUE); if (!enumerator->enumerate(enumerator, &auth_cfg) || @@ -99,7 +99,7 @@ static void initiate(private_initiate_mediation_job_t *this) destroy(this); return; } - + if (charon->connect_manager->check_and_register(charon->connect_manager, auth_cfg->get(auth_cfg, AUTH_RULE_IDENTITY), mediated_cfg->get_peer_id(mediated_cfg), @@ -107,7 +107,7 @@ static void initiate(private_initiate_mediation_job_t *this) { mediated_cfg->destroy(mediated_cfg); mediation_cfg->destroy(mediation_cfg); - + mediated_sa = charon->ike_sa_manager->checkout( charon->ike_sa_manager, this->mediated_sa_id); if (mediated_sa) @@ -121,7 +121,7 @@ static void initiate(private_initiate_mediation_job_t *this) return; } /* we need an additional reference because initiate consumes one */ - mediation_cfg->get_ref(mediation_cfg); + mediation_cfg->get_ref(mediation_cfg); if (charon->controller->initiate(charon->controller, mediation_cfg, NULL, (controller_cb_t)initiate_callback, this) != SUCCESS) @@ -143,7 +143,7 @@ static void initiate(private_initiate_mediation_job_t *this) mediation_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->mediation_sa_id); - + if (mediation_sa) { if (mediation_sa->initiate_mediation(mediation_sa, @@ -163,10 +163,10 @@ static void initiate(private_initiate_mediation_job_t *this) destroy(this); return; } - + charon->ike_sa_manager->checkin(charon->ike_sa_manager, mediation_sa); } - + mediated_cfg->destroy(mediated_cfg); } destroy(this); @@ -174,12 +174,12 @@ static void initiate(private_initiate_mediation_job_t *this) /** * Implementation of job_t.execute. - */ + */ static void reinitiate(private_initiate_mediation_job_t *this) { ike_sa_t *mediated_sa, *mediation_sa; peer_cfg_t *mediated_cfg; - + mediated_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->mediated_sa_id); if (mediated_sa) @@ -187,7 +187,7 @@ static void reinitiate(private_initiate_mediation_job_t *this) mediated_cfg = mediated_sa->get_peer_cfg(mediated_sa); mediated_cfg->get_ref(mediated_cfg); charon->ike_sa_manager->checkin(charon->ike_sa_manager, mediated_sa); - + mediation_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->mediation_sa_id); if (mediation_sa) @@ -211,7 +211,7 @@ static void reinitiate(private_initiate_mediation_job_t *this) } charon->ike_sa_manager->checkin(charon->ike_sa_manager, mediation_sa); } - + mediated_cfg->destroy(mediated_cfg); } destroy(this); @@ -223,10 +223,10 @@ static void reinitiate(private_initiate_mediation_job_t *this) static private_initiate_mediation_job_t *initiate_mediation_job_create_empty() { private_initiate_mediation_job_t *this = malloc_thing(private_initiate_mediation_job_t); - + /* interface functions */ this->public.job_interface.destroy = (void (*) (job_t *)) destroy; - + /* private variables */ this->mediation_sa_id = NULL; this->mediated_sa_id = NULL; @@ -240,9 +240,9 @@ static private_initiate_mediation_job_t *initiate_mediation_job_create_empty() initiate_mediation_job_t *initiate_mediation_job_create(ike_sa_id_t *ike_sa_id) { private_initiate_mediation_job_t *this = initiate_mediation_job_create_empty(); - + this->public.job_interface.execute = (void (*) (job_t *)) initiate; - + this->mediated_sa_id = ike_sa_id->clone(ike_sa_id); return &this->public; @@ -255,11 +255,11 @@ initiate_mediation_job_t *reinitiate_mediation_job_create(ike_sa_id_t *mediation ike_sa_id_t *mediated_sa_id) { private_initiate_mediation_job_t *this = initiate_mediation_job_create_empty(); - + this->public.job_interface.execute = (void (*) (job_t *)) reinitiate; - + this->mediation_sa_id = mediation_sa_id->clone(mediation_sa_id); this->mediated_sa_id = mediated_sa_id->clone(mediated_sa_id); - - return &this->public; + + return &this->public; } diff --git a/src/charon/processing/jobs/initiate_mediation_job.h b/src/charon/processing/jobs/initiate_mediation_job.h index 084e1b9fd..f23317941 100644 --- a/src/charon/processing/jobs/initiate_mediation_job.h +++ b/src/charon/processing/jobs/initiate_mediation_job.h @@ -28,7 +28,7 @@ typedef struct initiate_mediation_job_t initiate_mediation_job_t; /** * Class representing a INITIATE_MEDIATION Job. - * + * * This job will initiate a mediation on behalf of a mediated connection. * If required the mediation connection is established. */ @@ -41,7 +41,7 @@ struct initiate_mediation_job_t { /** * Creates a job of type INITIATE_MEDIATION. - * + * * @param ike_sa_id identification of the ike_sa as ike_sa_id_t object (gets cloned) * @return job object */ @@ -50,7 +50,7 @@ initiate_mediation_job_t *initiate_mediation_job_create(ike_sa_id_t *ike_sa_id); /** * Creates a special job of type INITIATE_MEDIATION that reinitiates a * specific connection. - * + * * @param mediation_sa_id identification of the mediation sa (gets cloned) * @param mediated_sa_id identification of the mediated sa (gets cloned) * @return job object diff --git a/src/charon/processing/jobs/job.h b/src/charon/processing/jobs/job.h index acc88b124..0f1c16ebe 100644 --- a/src/charon/processing/jobs/job.h +++ b/src/charon/processing/jobs/job.h @@ -33,7 +33,7 @@ struct job_t { /** * Execute a job. - * + * * The processing facility executes a job using this method. Jobs are * one-shot, they destroy themself after execution, so don't use a job * once it has been executed. diff --git a/src/charon/processing/jobs/mediation_job.c b/src/charon/processing/jobs/mediation_job.c index cf522faff..b5b8af3b3 100644 --- a/src/charon/processing/jobs/mediation_job.c +++ b/src/charon/processing/jobs/mediation_job.c @@ -29,37 +29,37 @@ struct private_mediation_job_t { * public mediation_job_t interface */ mediation_job_t public; - + /** * ID of target peer. */ identification_t *target; - + /** * ID of the source peer. */ identification_t *source; - + /** * ME_CONNECTID */ chunk_t connect_id; - + /** * ME_CONNECTKEY */ chunk_t connect_key; - + /** * Submitted endpoints */ linked_list_t *endpoints; - + /** * Is this a callback job? */ bool callback; - + /** * Is this a response? */ @@ -81,13 +81,13 @@ static void destroy(private_mediation_job_t *this) /** * Implementation of job_t.execute. - */ + */ static void execute(private_mediation_job_t *this) { ike_sa_id_t *target_sa_id; - + target_sa_id = charon->mediation_manager->check(charon->mediation_manager, this->target); - + if (target_sa_id) { ike_sa_t *target_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, @@ -120,7 +120,7 @@ static void execute(private_mediation_job_t *this) return; } } - + charon->ike_sa_manager->checkin(charon->ike_sa_manager, target_sa); } else @@ -143,11 +143,11 @@ static void execute(private_mediation_job_t *this) static private_mediation_job_t *mediation_job_create_empty() { private_mediation_job_t *this = malloc_thing(private_mediation_job_t); - + /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*) (job_t *)) destroy; - + /* private variables */ this->target = NULL; this->source = NULL; @@ -156,7 +156,7 @@ static private_mediation_job_t *mediation_job_create_empty() this->connect_key = chunk_empty; this->endpoints = NULL; this->response = FALSE; - + return this; } @@ -175,7 +175,7 @@ mediation_job_t *mediation_job_create(identification_t *peer_id, this->connect_key = chunk_clone(connect_key); this->endpoints = endpoints->clone_offset(endpoints, offsetof(endpoint_notify_t, clone)); this->response = response; - + return &this->public; } @@ -186,10 +186,10 @@ mediation_job_t *mediation_callback_job_create(identification_t *requester, identification_t *peer_id) { private_mediation_job_t *this = mediation_job_create_empty(); - + this->target = requester->clone(requester); this->source = peer_id->clone(peer_id); this->callback = TRUE; - + return &this->public; } diff --git a/src/charon/processing/jobs/mediation_job.h b/src/charon/processing/jobs/mediation_job.h index 583ea8230..0574c65eb 100644 --- a/src/charon/processing/jobs/mediation_job.h +++ b/src/charon/processing/jobs/mediation_job.h @@ -30,7 +30,7 @@ typedef struct mediation_job_t mediation_job_t; /** * Class representing a MEDIATION Job. - * + * * This job handles the mediation on the mediation server. */ struct mediation_job_t { @@ -42,9 +42,9 @@ struct mediation_job_t { /** * Creates a job of type MEDIATION. - * + * * Parameters get cloned. - * + * * @param peer_id ID of the requested peer * @param requester ID of the requesting peer * @param connect_id content of ME_CONNECTID (could be NULL) @@ -61,9 +61,9 @@ mediation_job_t *mediation_job_create(identification_t *peer_id, /** * Creates a special job of type MEDIATION that is used to send a callback * notification to a peer. - * + * * Parameters get cloned. - * + * * @param requester ID of the waiting peer * @param peer_id ID of the requested peer * @return job object diff --git a/src/charon/processing/jobs/migrate_job.c b/src/charon/processing/jobs/migrate_job.c index a57d0478b..53a6575a3 100644 --- a/src/charon/processing/jobs/migrate_job.c +++ b/src/charon/processing/jobs/migrate_job.c @@ -30,7 +30,7 @@ struct private_migrate_job_t { * Public migrate_job_t interface. */ migrate_job_t public; - + /** * reqid of the CHILD_SA if it already exists */ @@ -75,7 +75,7 @@ static void destroy(private_migrate_job_t *this) static void execute(private_migrate_job_t *this) { ike_sa_t *ike_sa = NULL; - + if (this->reqid) { ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, @@ -134,17 +134,17 @@ migrate_job_t *migrate_job_create(u_int32_t reqid, host_t *local, host_t *remote) { private_migrate_job_t *this = malloc_thing(private_migrate_job_t); - + /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*)(job_t*)) destroy; - + /* private variables */ this->reqid = reqid; this->src_ts = (dir == POLICY_OUT) ? src_ts : dst_ts; this->dst_ts = (dir == POLICY_OUT) ? dst_ts : src_ts; this->local = local; this->remote = remote; - + return &this->public; } diff --git a/src/charon/processing/jobs/migrate_job.h b/src/charon/processing/jobs/migrate_job.h index 672a09b0a..e63318d17 100644 --- a/src/charon/processing/jobs/migrate_job.h +++ b/src/charon/processing/jobs/migrate_job.h @@ -31,8 +31,8 @@ typedef struct migrate_job_t migrate_job_t; /** * Class representing a MIGRATE Job. - * - * This job sets a routed CHILD_SA for an existing IPsec policy. + * + * This job sets a routed CHILD_SA for an existing IPsec policy. */ struct migrate_job_t { /** diff --git a/src/charon/processing/jobs/process_message_job.c b/src/charon/processing/jobs/process_message_job.c index 2703e5775..a47d48e38 100644 --- a/src/charon/processing/jobs/process_message_job.c +++ b/src/charon/processing/jobs/process_message_job.c @@ -28,7 +28,7 @@ struct private_process_message_job_t { * public process_message_job_t interface */ process_message_job_t public; - + /** * Message associated with this job */ @@ -50,7 +50,7 @@ static void destroy(private_process_message_job_t *this) static void execute(private_process_message_job_t *this) { ike_sa_t *ike_sa; - + #ifdef ME /* if this is an unencrypted INFORMATIONAL exchange it is likely a * connectivity check. */ @@ -67,7 +67,7 @@ static void execute(private_process_message_job_t *this) return; } #endif /* ME */ - + ike_sa = charon->ike_sa_manager->checkout_by_message(charon->ike_sa_manager, this->message); if (ike_sa) @@ -98,9 +98,9 @@ process_message_job_t *process_message_job_create(message_t *message) /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void(*)(job_t*))destroy; - + /* private variables */ this->message = message; - + return &(this->public); } diff --git a/src/charon/processing/jobs/process_message_job.h b/src/charon/processing/jobs/process_message_job.h index b01d388f9..5e3f44d1f 100644 --- a/src/charon/processing/jobs/process_message_job.h +++ b/src/charon/processing/jobs/process_message_job.h @@ -40,7 +40,7 @@ struct process_message_job_t { /** * Creates a job of type PROCESS_MESSAGE. - * + * * @param message message to process * @return created process_message_job_t object */ diff --git a/src/charon/processing/jobs/rekey_child_sa_job.c b/src/charon/processing/jobs/rekey_child_sa_job.c index 17fcf641b..b797d181e 100644 --- a/src/charon/processing/jobs/rekey_child_sa_job.c +++ b/src/charon/processing/jobs/rekey_child_sa_job.c @@ -28,17 +28,17 @@ struct private_rekey_child_sa_job_t { * Public rekey_child_sa_job_t interface. */ rekey_child_sa_job_t public; - + /** * reqid of the child to rekey */ u_int32_t reqid; - + /** * protocol of the CHILD_SA (ESP/AH) */ protocol_id_t protocol; - + /** * inbound SPI of the CHILD_SA */ @@ -59,7 +59,7 @@ static void destroy(private_rekey_child_sa_job_t *this) static void execute(private_rekey_child_sa_job_t *this) { ike_sa_t *ike_sa; - + ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, this->reqid, TRUE); if (ike_sa == NULL) @@ -69,7 +69,7 @@ static void execute(private_rekey_child_sa_job_t *this) } else { - ike_sa->rekey_child_sa(ike_sa, this->protocol, this->spi); + ike_sa->rekey_child_sa(ike_sa, this->protocol, this->spi); charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); } destroy(this); @@ -78,20 +78,20 @@ static void execute(private_rekey_child_sa_job_t *this) /* * Described in header */ -rekey_child_sa_job_t *rekey_child_sa_job_create(u_int32_t reqid, - protocol_id_t protocol, +rekey_child_sa_job_t *rekey_child_sa_job_create(u_int32_t reqid, + protocol_id_t protocol, u_int32_t spi) { private_rekey_child_sa_job_t *this = malloc_thing(private_rekey_child_sa_job_t); - + /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*)(job_t*)) destroy; - + /* private variables */ this->reqid = reqid; this->protocol = protocol; this->spi = spi; - + return &this->public; } diff --git a/src/charon/processing/jobs/rekey_child_sa_job.h b/src/charon/processing/jobs/rekey_child_sa_job.h index 2e2eef361..62887d6b9 100644 --- a/src/charon/processing/jobs/rekey_child_sa_job.h +++ b/src/charon/processing/jobs/rekey_child_sa_job.h @@ -51,7 +51,7 @@ struct rekey_child_sa_job_t { * @param spi security parameter index of the CHILD_SA * @return rekey_child_sa_job_t object */ -rekey_child_sa_job_t *rekey_child_sa_job_create(u_int32_t reqid, +rekey_child_sa_job_t *rekey_child_sa_job_create(u_int32_t reqid, protocol_id_t protocol, u_int32_t spi); #endif /** REKEY_CHILD_SA_JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/rekey_ike_sa_job.c b/src/charon/processing/jobs/rekey_ike_sa_job.c index 1ceb1e144..5ec0b1b88 100644 --- a/src/charon/processing/jobs/rekey_ike_sa_job.c +++ b/src/charon/processing/jobs/rekey_ike_sa_job.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include "rekey_ike_sa_job.h" #include <daemon.h> @@ -27,12 +27,12 @@ struct private_rekey_ike_sa_job_t { * Public rekey_ike_sa_job_t interface. */ rekey_ike_sa_job_t public; - + /** * ID of the IKE_SA to rekey */ ike_sa_id_t *ike_sa_id; - + /** * force reauthentication of the peer (full IKE_SA setup) */ @@ -55,7 +55,7 @@ static void execute(private_rekey_ike_sa_job_t *this) { ike_sa_t *ike_sa; status_t status = SUCCESS; - + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->ike_sa_id); if (ike_sa == NULL) @@ -72,7 +72,7 @@ static void execute(private_rekey_ike_sa_job_t *this) { status = ike_sa->rekey(ike_sa); } - + if (status == DESTROY_ME) { charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa); @@ -91,14 +91,14 @@ static void execute(private_rekey_ike_sa_job_t *this) rekey_ike_sa_job_t *rekey_ike_sa_job_create(ike_sa_id_t *ike_sa_id, bool reauth) { private_rekey_ike_sa_job_t *this = malloc_thing(private_rekey_ike_sa_job_t); - + /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*)(job_t*)) destroy; - + /* private variables */ this->ike_sa_id = ike_sa_id->clone(ike_sa_id); this->reauth = reauth; - + return &(this->public); } diff --git a/src/charon/processing/jobs/rekey_ike_sa_job.h b/src/charon/processing/jobs/rekey_ike_sa_job.h index 0d830e134..a5c1028aa 100644 --- a/src/charon/processing/jobs/rekey_ike_sa_job.h +++ b/src/charon/processing/jobs/rekey_ike_sa_job.h @@ -29,7 +29,7 @@ typedef struct rekey_ike_sa_job_t rekey_ike_sa_job_t; /** * Class representing an REKEY_IKE_SA Job. - * + * * This job initiates the rekeying of an IKE_SA. */ struct rekey_ike_sa_job_t { diff --git a/src/charon/processing/jobs/retransmit_job.c b/src/charon/processing/jobs/retransmit_job.c index 122cad853..fc787f208 100644 --- a/src/charon/processing/jobs/retransmit_job.c +++ b/src/charon/processing/jobs/retransmit_job.c @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include "retransmit_job.h" #include <daemon.h> @@ -28,7 +28,7 @@ struct private_retransmit_job_t { * Public retransmit_job_t interface. */ retransmit_job_t public; - + /** * Message ID of the request to resend. */ @@ -55,7 +55,7 @@ static void destroy(private_retransmit_job_t *this) static void execute(private_retransmit_job_t *this) { ike_sa_t *ike_sa; - + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->ike_sa_id); if (ike_sa) @@ -80,7 +80,7 @@ static void execute(private_retransmit_job_t *this) retransmit_job_t *retransmit_job_create(u_int32_t message_id,ike_sa_id_t *ike_sa_id) { private_retransmit_job_t *this = malloc_thing(private_retransmit_job_t); - + /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*) (job_t *)) destroy; @@ -88,6 +88,6 @@ retransmit_job_t *retransmit_job_create(u_int32_t message_id,ike_sa_id_t *ike_sa /* private variables */ this->message_id = message_id; this->ike_sa_id = ike_sa_id->clone(ike_sa_id); - + return &this->public; } diff --git a/src/charon/processing/jobs/retransmit_job.h b/src/charon/processing/jobs/retransmit_job.h index 4c9bea1c8..c8c13479b 100644 --- a/src/charon/processing/jobs/retransmit_job.h +++ b/src/charon/processing/jobs/retransmit_job.h @@ -44,7 +44,7 @@ struct retransmit_job_t { /** * Creates a job of type retransmit. - * + * * @param message_id message_id of the request to resend * @param ike_sa_id identification of the ike_sa as ike_sa_id_t * @return retransmit_job_t object diff --git a/src/charon/processing/jobs/roam_job.c b/src/charon/processing/jobs/roam_job.c index c01f83248..adc884a8a 100644 --- a/src/charon/processing/jobs/roam_job.c +++ b/src/charon/processing/jobs/roam_job.c @@ -31,7 +31,7 @@ struct private_roam_job_t { * public roam_job_t interface */ roam_job_t public; - + /** * has the address list changed, or the routing only? */ @@ -47,16 +47,16 @@ static void destroy(private_roam_job_t *this) } /** - * Implementation of job_t.execute. - */ + * Implementation of job_t.execute. + */ static void execute(private_roam_job_t *this) { ike_sa_t *ike_sa; linked_list_t *list; ike_sa_id_t *id; enumerator_t *enumerator; - - /* enumerator over all IKE_SAs gives us no way to checkin_and_destroy + + /* enumerator over all IKE_SAs gives us no way to checkin_and_destroy * after a DESTROY_ME, so we check out each available IKE_SA by hand. */ list = linked_list_create(); enumerator = charon->ike_sa_manager->create_enumerator(charon->ike_sa_manager); @@ -66,7 +66,7 @@ static void execute(private_roam_job_t *this) list->insert_last(list, id->clone(id)); } enumerator->destroy(enumerator); - + while (list->remove_last(list, (void**)&id) == SUCCESS) { ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, id); @@ -95,10 +95,10 @@ static void execute(private_roam_job_t *this) roam_job_t *roam_job_create(bool address) { private_roam_job_t *this = malloc_thing(private_roam_job_t); - + this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*) (job_t *)) destroy; - + this->address = address; return &this->public; diff --git a/src/charon/processing/jobs/roam_job.h b/src/charon/processing/jobs/roam_job.h index 7bb1227f5..55bdf2b28 100644 --- a/src/charon/processing/jobs/roam_job.h +++ b/src/charon/processing/jobs/roam_job.h @@ -29,7 +29,7 @@ typedef struct roam_job_t roam_job_t; /** * A job to inform IKE_SAs about changed local address setup. - * + * * If a local address appears or disappears, the kernel fires this job to * update all IKE_SAs. */ @@ -43,7 +43,7 @@ struct roam_job_t { /** * Creates a job to inform IKE_SAs about an updated address list. - * + * * @param address TRUE if address list changed, FALSE if routing changed * @return initiate_ike_sa_job_t object */ diff --git a/src/charon/processing/jobs/send_dpd_job.c b/src/charon/processing/jobs/send_dpd_job.c index c6e81a56f..1c2da52b8 100644 --- a/src/charon/processing/jobs/send_dpd_job.c +++ b/src/charon/processing/jobs/send_dpd_job.c @@ -31,7 +31,7 @@ struct private_send_dpd_job_t { * public send_dpd_job_t interface */ send_dpd_job_t public; - + /** * ID of the IKE_SA which the message belongs to. */ @@ -48,12 +48,12 @@ static void destroy(private_send_dpd_job_t *this) } /** - * Implementation of job_t.execute. - */ + * Implementation of job_t.execute. + */ static void execute(private_send_dpd_job_t *this) { ike_sa_t *ike_sa; - + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->ike_sa_id); if (ike_sa) @@ -76,11 +76,11 @@ static void execute(private_send_dpd_job_t *this) send_dpd_job_t *send_dpd_job_create(ike_sa_id_t *ike_sa_id) { private_send_dpd_job_t *this = malloc_thing(private_send_dpd_job_t); - + /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*) (job_t *)) destroy; - + /* private variables */ this->ike_sa_id = ike_sa_id->clone(ike_sa_id); diff --git a/src/charon/processing/jobs/send_dpd_job.h b/src/charon/processing/jobs/send_dpd_job.h index 91556a9d1..8078a38bc 100644 --- a/src/charon/processing/jobs/send_dpd_job.h +++ b/src/charon/processing/jobs/send_dpd_job.h @@ -29,7 +29,7 @@ typedef struct send_dpd_job_t send_dpd_job_t; /** * Class representing a SEND_DPD Job. - * + * * Job to periodically send a Dead Peer Detection (DPD) request, * ie. an IKE request with no payloads other than the encrypted payload * required by the syntax. @@ -43,7 +43,7 @@ struct send_dpd_job_t { /** * Creates a job of type SEND_DPD. - * + * * @param ike_sa_id identification of the ike_sa as ike_sa_id_t object (gets cloned) * @return initiate_ike_sa_job_t object */ diff --git a/src/charon/processing/jobs/send_keepalive_job.c b/src/charon/processing/jobs/send_keepalive_job.c index 5d3cfb530..3d02cea2e 100644 --- a/src/charon/processing/jobs/send_keepalive_job.c +++ b/src/charon/processing/jobs/send_keepalive_job.c @@ -31,7 +31,7 @@ struct private_send_keepalive_job_t { * public send_keepalive_job_t interface */ send_keepalive_job_t public; - + /** * ID of the IKE_SA which the message belongs to. */ @@ -49,11 +49,11 @@ static void destroy(private_send_keepalive_job_t *this) /** * Implementation of job_t.execute. - */ + */ static void execute(private_send_keepalive_job_t *this) { ike_sa_t *ike_sa; - + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->ike_sa_id); if (ike_sa) @@ -70,11 +70,11 @@ static void execute(private_send_keepalive_job_t *this) send_keepalive_job_t *send_keepalive_job_create(ike_sa_id_t *ike_sa_id) { private_send_keepalive_job_t *this = malloc_thing(private_send_keepalive_job_t); - + /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*) (job_t *)) destroy; - + /* private variables */ this->ike_sa_id = ike_sa_id->clone(ike_sa_id); diff --git a/src/charon/processing/jobs/send_keepalive_job.h b/src/charon/processing/jobs/send_keepalive_job.h index f92e6217a..cda83cd7e 100644 --- a/src/charon/processing/jobs/send_keepalive_job.h +++ b/src/charon/processing/jobs/send_keepalive_job.h @@ -29,7 +29,7 @@ typedef struct send_keepalive_job_t send_keepalive_job_t; /** * Class representing a SEND_KEEPALIVE Job. - * + * * This job will send a NAT keepalive packet if the IKE SA is still alive, * and reinsert itself into the event queue. */ @@ -42,7 +42,7 @@ struct send_keepalive_job_t { /** * Creates a job of type SEND_KEEPALIVE. - * + * * @param ike_sa_id identification of the ike_sa as ike_sa_id_t object (gets cloned) * @return initiate_ike_sa_job_t object */ diff --git a/src/charon/processing/jobs/update_sa_job.c b/src/charon/processing/jobs/update_sa_job.c index 5e6c83942..17dce2548 100644 --- a/src/charon/processing/jobs/update_sa_job.c +++ b/src/charon/processing/jobs/update_sa_job.c @@ -31,12 +31,12 @@ struct private_update_sa_job_t { * public update_sa_job_t interface */ update_sa_job_t public; - + /** * reqid of the CHILD_SA */ u_int32_t reqid; - + /** * New SA address and port */ @@ -53,12 +53,12 @@ static void destroy(private_update_sa_job_t *this) } /** - * Implementation of job_t.execute. - */ + * Implementation of job_t.execute. + */ static void execute(private_update_sa_job_t *this) { ike_sa_t *ike_sa; - + ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, this->reqid, TRUE); if (ike_sa == NULL) @@ -84,10 +84,10 @@ static void execute(private_update_sa_job_t *this) update_sa_job_t *update_sa_job_create(u_int32_t reqid, host_t *new) { private_update_sa_job_t *this = malloc_thing(private_update_sa_job_t); - + this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*) (job_t *)) destroy; - + this->reqid = reqid; this->new = new; diff --git a/src/charon/processing/jobs/update_sa_job.h b/src/charon/processing/jobs/update_sa_job.h index 93262d46f..11d1ac9b6 100644 --- a/src/charon/processing/jobs/update_sa_job.h +++ b/src/charon/processing/jobs/update_sa_job.h @@ -40,7 +40,7 @@ struct update_sa_job_t { /** * Creates a job to update IKE and CHILD_SA addresses. - * + * * @param reqid reqid of the CHILD_SA * @param new new address and port * @return update_sa_job_t object diff --git a/src/charon/processing/processor.c b/src/charon/processing/processor.c index 4a3943323..a364017c2 100644 --- a/src/charon/processing/processor.c +++ b/src/charon/processing/processor.c @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include <stdlib.h> #include <pthread.h> #include <string.h> @@ -41,12 +41,12 @@ struct private_processor_t { * Number of running threads */ u_int total_threads; - + /** * Desired number of threads */ u_int desired_threads; - + /** * Number of threads waiting for work */ @@ -56,7 +56,7 @@ struct private_processor_t { * The jobs are stored in a linked list */ linked_list_t *list; - + /** * access to linked_list is locked through this mutex */ @@ -66,7 +66,7 @@ struct private_processor_t { * Condvar to wait for new jobs */ condvar_t *job_added; - + /** * Condvar to wait for terminated threads */ @@ -81,7 +81,7 @@ static void process_jobs(private_processor_t *this); static void restart(private_processor_t *this) { pthread_t thread; - + /* respawn thread if required */ if (this->desired_threads == 0 || pthread_create(&thread, NULL, (void*)process_jobs, this) != 0) @@ -99,16 +99,16 @@ static void restart(private_processor_t *this) static void process_jobs(private_processor_t *this) { int oldstate; - + pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &oldstate); - + DBG2(DBG_JOB, "started worker thread, thread_ID: %06u", (int)pthread_self()); - + this->mutex->lock(this->mutex); while (this->desired_threads >= this->total_threads) { job_t *job; - + if (this->list->get_count(this->list) == 0) { this->idle_threads++; @@ -136,7 +136,7 @@ static u_int get_total_threads(private_processor_t *this) { u_int count; this->mutex->lock(this->mutex); - count = this->total_threads; + count = this->total_threads; this->mutex->unlock(this->mutex); return count; } @@ -175,7 +175,7 @@ static void queue_job(private_processor_t *this, job_t *job) this->job_added->signal(this->job_added); this->mutex->unlock(this->mutex); } - + /** * Implementation of processor_t.set_threads. */ @@ -186,7 +186,7 @@ static void set_threads(private_processor_t *this, u_int count) { /* increase thread count */ int i; pthread_t current; - + this->desired_threads = count; DBG1(DBG_JOB, "spawning %d worker threads", count - this->total_threads); for (i = this->total_threads; i < count; i++) @@ -231,14 +231,14 @@ static void destroy(private_processor_t *this) processor_t *processor_create(size_t pool_size) { private_processor_t *this = malloc_thing(private_processor_t); - + this->public.get_total_threads = (u_int(*)(processor_t*))get_total_threads; this->public.get_idle_threads = (u_int(*)(processor_t*))get_idle_threads; this->public.get_job_load = (u_int(*)(processor_t*))get_job_load; this->public.queue_job = (void(*)(processor_t*, job_t*))queue_job; this->public.set_threads = (void(*)(processor_t*, u_int))set_threads; this->public.destroy = (void(*)(processor_t*))destroy; - + this->list = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); this->job_added = condvar_create(CONDVAR_TYPE_DEFAULT); @@ -246,7 +246,7 @@ processor_t *processor_create(size_t pool_size) this->total_threads = 0; this->desired_threads = 0; this->idle_threads = 0; - + return &this->public; } diff --git a/src/charon/processing/processor.h b/src/charon/processing/processor.h index e56e69382..58222ab81 100644 --- a/src/charon/processing/processor.h +++ b/src/charon/processing/processor.h @@ -33,21 +33,21 @@ typedef struct processor_t processor_t; * The processor uses threads to process queued jobs. */ struct processor_t { - + /** * Get the total number of threads used by the processor. - * + * * @return size of thread pool */ u_int (*get_total_threads) (processor_t *this); - + /** * Get the number of threads currently waiting. - * + * * @return number of idle threads */ u_int (*get_idle_threads) (processor_t *this); - + /** * Get the number of queued jobs. * @@ -63,7 +63,7 @@ struct processor_t { * @param job job to add to the queue */ void (*queue_job) (processor_t *this, job_t *job); - + /** * Set the number of threads to use in the processor. * @@ -75,7 +75,7 @@ struct processor_t { * @param count number of threads to allocate */ void (*set_threads)(processor_t *this, u_int count); - + /** * Destroy a processor object. */ diff --git a/src/charon/processing/scheduler.c b/src/charon/processing/scheduler.c index f53ccb99a..d09b384c3 100644 --- a/src/charon/processing/scheduler.c +++ b/src/charon/processing/scheduler.c @@ -38,7 +38,7 @@ struct event_t { * Time to fire the event. */ timeval_t time; - + /** * Every event has its assigned job. */ @@ -60,37 +60,37 @@ typedef struct private_scheduler_t private_scheduler_t; * Private data of a scheduler_t object. */ struct private_scheduler_t { - + /** * Public part of a scheduler_t object. */ scheduler_t public; - + /** * Job which queues scheduled jobs to the processor. */ callback_job_t *job; - + /** * The heap in which the events are stored. */ event_t **heap; - + /** * The size of the heap. */ u_int heap_size; - + /** * The number of scheduled events. */ u_int event_count; - + /** * Exclusive access to list */ mutex_t *mutex; - + /** * Condvar to wait for next job. */ @@ -140,12 +140,12 @@ static event_t *remove_event(private_scheduler_t *this) { return NULL; } - + /* store the value to return */ event = this->heap[1]; /* move the bottom event to the top */ top = this->heap[1] = this->heap[this->event_count]; - + if (--this->event_count > 1) { /* seep down the top event */ @@ -153,7 +153,7 @@ static event_t *remove_event(private_scheduler_t *this) while ((position << 1) <= this->event_count) { u_int child = position << 1; - + if ((child + 1) <= this->event_count && timeval_cmp(&this->heap[child + 1]->time, &this->heap[child]->time) < 0) @@ -161,14 +161,14 @@ static event_t *remove_event(private_scheduler_t *this) /* the "right" child is smaller */ child++; } - + if (timeval_cmp(&top->time, &this->heap[child]->time) <= 0) { /* the top event fires before the smaller of the two children, * stop */ break; } - + /* swap with the smaller child */ this->heap[position] = this->heap[child]; position = child; @@ -187,11 +187,11 @@ static job_requeue_t schedule(private_scheduler_t * this) event_t *event; int oldstate; bool timed = FALSE; - + this->mutex->lock(this->mutex); - + time_monotonic(&now); - + if ((event = peek_event(this)) != NULL) { if (timeval_cmp(&now, &event->time) >= 0) @@ -217,7 +217,7 @@ static job_requeue_t schedule(private_scheduler_t * this) } pthread_cleanup_push((void*)this->mutex->unlock, this->mutex); pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); - + if (timed) { this->condvar->timed_wait_abs(this->condvar, this->mutex, event->time); @@ -251,13 +251,13 @@ static void schedule_job_tv(private_scheduler_t *this, job_t *job, timeval_t tv) { event_t *event; u_int position; - + event = malloc_thing(event_t); event->job = job; event->time = tv; - + this->mutex->lock(this->mutex); - + this->event_count++; if (this->event_count > this->heap_size) { @@ -268,7 +268,7 @@ static void schedule_job_tv(private_scheduler_t *this, job_t *job, timeval_t tv) } /* "put" the event to the bottom */ position = this->event_count; - + /* then bubble it up */ while (position > 1 && timeval_cmp(&this->heap[position >> 1]->time, &event->time) > 0) @@ -278,7 +278,7 @@ static void schedule_job_tv(private_scheduler_t *this, job_t *job, timeval_t tv) position >>= 1; } this->heap[position] = event; - + this->condvar->signal(this->condvar); this->mutex->unlock(this->mutex); } @@ -289,10 +289,10 @@ static void schedule_job_tv(private_scheduler_t *this, job_t *job, timeval_t tv) static void schedule_job(private_scheduler_t *this, job_t *job, u_int32_t s) { timeval_t tv; - + time_monotonic(&tv); tv.tv_sec += s; - + schedule_job_tv(this, job, tv); } @@ -302,13 +302,13 @@ static void schedule_job(private_scheduler_t *this, job_t *job, u_int32_t s) static void schedule_job_ms(private_scheduler_t *this, job_t *job, u_int32_t ms) { timeval_t tv, add; - + time_monotonic(&tv); add.tv_sec = ms / 1000; add.tv_usec = (ms % 1000) * 1000; - + timeradd(&tv, &add, &tv); - + schedule_job_tv(this, job, tv); } @@ -335,24 +335,24 @@ static void destroy(private_scheduler_t *this) scheduler_t * scheduler_create() { private_scheduler_t *this = malloc_thing(private_scheduler_t); - + this->public.get_job_load = (u_int (*) (scheduler_t *this)) get_job_load; this->public.schedule_job = (void (*) (scheduler_t *this, job_t *job, u_int32_t s)) schedule_job; this->public.schedule_job_ms = (void (*) (scheduler_t *this, job_t *job, u_int32_t ms)) schedule_job_ms; this->public.schedule_job_tv = (void (*) (scheduler_t *this, job_t *job, timeval_t tv)) schedule_job_tv; this->public.destroy = (void(*)(scheduler_t*)) destroy; - + /* Note: the root of the heap is at index 1 */ this->event_count = 0; this->heap_size = HEAP_SIZE_DEFAULT; this->heap = (event_t**)calloc(this->heap_size + 1, sizeof(event_t*)); - + this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT); - + this->job = callback_job_create((callback_job_cb_t)schedule, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public; } diff --git a/src/charon/processing/scheduler.h b/src/charon/processing/scheduler.h index 2bb85e4e6..5f5d2a563 100644 --- a/src/charon/processing/scheduler.h +++ b/src/charon/processing/scheduler.h @@ -79,7 +79,7 @@ typedef struct scheduler_t scheduler_t; * children has a smaller key or it is again a leaf node. */ struct scheduler_t { - + /** * Adds a event to the queue, using a relative time offset in s. * @@ -87,7 +87,7 @@ struct scheduler_t { * @param time relative time to schedule job, in s */ void (*schedule_job) (scheduler_t *this, job_t *job, u_int32_t s); - + /** * Adds a event to the queue, using a relative time offset in ms. * @@ -95,7 +95,7 @@ struct scheduler_t { * @param time relative time to schedule job, in ms */ void (*schedule_job_ms) (scheduler_t *this, job_t *job, u_int32_t ms); - + /** * Adds a event to the queue, using an absolut time. * @@ -106,14 +106,14 @@ struct scheduler_t { * @param time absolut time to schedule job */ void (*schedule_job_tv) (scheduler_t *this, job_t *job, timeval_t tv); - + /** * Returns number of jobs scheduled. * * @return number of scheduled jobs */ u_int (*get_job_load) (scheduler_t *this); - + /** * Destroys a scheduler object. */ diff --git a/src/charon/sa/authenticators/authenticator.c b/src/charon/sa/authenticators/authenticator.c index ea8a16279..13586a23e 100644 --- a/src/charon/sa/authenticators/authenticator.c +++ b/src/charon/sa/authenticators/authenticator.c @@ -75,7 +75,7 @@ authenticator_t *authenticator_create_verifier( chunk_t received_init, chunk_t sent_init) { auth_payload_t *auth_payload; - + auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION); if (auth_payload == NULL) { diff --git a/src/charon/sa/authenticators/authenticator.h b/src/charon/sa/authenticators/authenticator.h index c60881629..299b9e6e7 100644 --- a/src/charon/sa/authenticators/authenticator.h +++ b/src/charon/sa/authenticators/authenticator.h @@ -36,34 +36,34 @@ typedef struct authenticator_t authenticator_t; */ enum auth_method_t { /** - * Computed as specified in section 2.15 of RFC using + * Computed as specified in section 2.15 of RFC using * an RSA private key over a PKCS#1 padded hash. */ AUTH_RSA = 1, - + /** - * Computed as specified in section 2.15 of RFC using the - * shared key associated with the identity in the ID payload + * Computed as specified in section 2.15 of RFC using the + * shared key associated with the identity in the ID payload * and the negotiated prf function */ AUTH_PSK = 2, - + /** - * Computed as specified in section 2.15 of RFC using a + * Computed as specified in section 2.15 of RFC using a * DSS private key over a SHA-1 hash. */ AUTH_DSS = 3, - + /** * ECDSA with SHA-256 on the P-256 curve as specified in RFC 4754 */ AUTH_ECDSA_256 = 9, - + /** * ECDSA with SHA-384 on the P-384 curve as specified in RFC 4754 */ AUTH_ECDSA_384 = 10, - + /** * ECDSA with SHA-512 on the P-521 curve as specified in RFC 4754 */ @@ -115,7 +115,7 @@ struct authenticator_t { * - NEED_MORE if another exchange required */ status_t (*process)(authenticator_t *this, message_t *message); - + /** * Attach authentication data to an outgoing message. * @@ -126,7 +126,7 @@ struct authenticator_t { * - NEED_MORE if another exchange required */ status_t (*build)(authenticator_t *this, message_t *message); - + /** * Destroy authenticator instance. */ @@ -151,7 +151,7 @@ authenticator_t *authenticator_create_builder( /** * Create an authenticator to verify signatures. - * + * * @param ike_sa associated ike_sa * @param message message containing authentication data * @param received_nonce nonce received in IKE_SA_INIT diff --git a/src/charon/sa/authenticators/eap/eap_manager.c b/src/charon/sa/authenticators/eap/eap_manager.c index 24a4fd6ed..eb4cb0c2d 100644 --- a/src/charon/sa/authenticators/eap/eap_manager.c +++ b/src/charon/sa/authenticators/eap/eap_manager.c @@ -25,22 +25,22 @@ typedef struct eap_entry_t eap_entry_t; * EAP constructor entry */ struct eap_entry_t { - + /** * EAP method type, vendor specific if vendor is set */ eap_type_t type; - + /** * vendor ID, 0 for default EAP methods */ u_int32_t vendor; - + /** * Role of the method returned by the constructor, EAP_SERVER or EAP_PEER */ eap_role_t role; - + /** * constructor function to create instance */ @@ -56,12 +56,12 @@ struct private_eap_manager_t { * public functions */ eap_manager_t public; - + /** * list of eap_entry_t's */ linked_list_t *methods; - + /** * rwlock to lock methods */ @@ -76,7 +76,7 @@ static void add_method(private_eap_manager_t *this, eap_type_t type, eap_constructor_t constructor) { eap_entry_t *entry = malloc_thing(eap_entry_t); - + entry->type = type; entry->vendor = vendor; entry->role = role; @@ -94,7 +94,7 @@ static void remove_method(private_eap_manager_t *this, eap_constructor_t constru { enumerator_t *enumerator; eap_entry_t *entry; - + this->lock->write_lock(this->lock); enumerator = this->methods->create_enumerator(this->methods); while (enumerator->enumerate(enumerator, &entry)) @@ -120,7 +120,7 @@ static eap_method_t* create_instance(private_eap_manager_t *this, enumerator_t *enumerator; eap_entry_t *entry; eap_method_t *method = NULL; - + this->lock->read_lock(this->lock); enumerator = this->methods->create_enumerator(this->methods); while (enumerator->enumerate(enumerator, &entry)) @@ -156,15 +156,15 @@ static void destroy(private_eap_manager_t *this) eap_manager_t *eap_manager_create() { private_eap_manager_t *this = malloc_thing(private_eap_manager_t); - + this->public.add_method = (void(*)(eap_manager_t*, eap_type_t type, u_int32_t vendor, eap_role_t role, eap_constructor_t constructor))add_method; this->public.remove_method = (void(*)(eap_manager_t*, eap_constructor_t constructor))remove_method; this->public.create_instance = (eap_method_t*(*)(eap_manager_t*, eap_type_t type, u_int32_t vendor, eap_role_t role, identification_t*,identification_t*))create_instance; this->public.destroy = (void(*)(eap_manager_t*))destroy; - + this->methods = linked_list_create(); this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); - + return &this->public; } diff --git a/src/charon/sa/authenticators/eap/eap_manager.h b/src/charon/sa/authenticators/eap/eap_manager.h index 667c54a8e..271bfc2bf 100644 --- a/src/charon/sa/authenticators/eap/eap_manager.h +++ b/src/charon/sa/authenticators/eap/eap_manager.h @@ -45,14 +45,14 @@ struct eap_manager_t { */ void (*add_method)(eap_manager_t *this, eap_type_t type, u_int32_t vendor, eap_role_t role, eap_constructor_t constructor); - + /** * Unregister a EAP method implementation using it's constructor. * * @param constructor constructor function to remove, as added in add_method */ void (*remove_method)(eap_manager_t *this, eap_constructor_t constructor); - + /** * Create a new EAP method instance. * @@ -67,7 +67,7 @@ struct eap_manager_t { u_int32_t vendor, eap_role_t role, identification_t *server, identification_t *peer); - + /** * Destroy a eap_manager instance. */ diff --git a/src/charon/sa/authenticators/eap/eap_method.c b/src/charon/sa/authenticators/eap/eap_method.c index 1d1900301..791ab2dd9 100644 --- a/src/charon/sa/authenticators/eap/eap_method.c +++ b/src/charon/sa/authenticators/eap/eap_method.c @@ -53,7 +53,7 @@ eap_type_t eap_type_from_string(char *name) {"mschapv2", EAP_MSCHAPV2}, {"radius", EAP_RADIUS}, }; - + for (i = 0; i < countof(types); i++) { if (strcaseeq(name, types[i].name)) diff --git a/src/charon/sa/authenticators/eap/eap_method.h b/src/charon/sa/authenticators/eap/eap_method.h index 578b89e96..61e8e2caa 100644 --- a/src/charon/sa/authenticators/eap/eap_method.h +++ b/src/charon/sa/authenticators/eap/eap_method.h @@ -107,7 +107,7 @@ extern enum_name_t *eap_code_names; * EAP-Identity exchange always uses identifier 0. */ struct eap_method_t { - + /** * Initiate the EAP exchange. * @@ -121,7 +121,7 @@ struct eap_method_t { * - FAILED, if unable to create eap request payload */ status_t (*initiate) (eap_method_t *this, eap_payload_t **out); - + /** * Process a received EAP message. * @@ -136,7 +136,7 @@ struct eap_method_t { */ status_t (*process) (eap_method_t *this, eap_payload_t *in, eap_payload_t **out); - + /** * Get the EAP type implemented in this method. * @@ -144,17 +144,17 @@ struct eap_method_t { * @return type of the EAP method */ eap_type_t (*get_type) (eap_method_t *this, u_int32_t *vendor); - + /** * Check if this EAP method authenticates the server. * - * Some EAP methods provide mutual authentication and + * Some EAP methods provide mutual authentication and * allow authentication using only EAP, if the peer supports it. * * @return TRUE if methods provides mutual authentication */ bool (*is_mutual) (eap_method_t *this); - + /** * Get the MSK established by this EAP method. * @@ -167,7 +167,7 @@ struct eap_method_t { * - FAILED, if MSK not established (yet) */ status_t (*get_msk) (eap_method_t *this, chunk_t *msk); - + /** * Destroys a eap_method_t object. */ diff --git a/src/charon/sa/authenticators/eap/sim_manager.c b/src/charon/sa/authenticators/eap/sim_manager.c index 51cd4fb3f..b5edb75e2 100644 --- a/src/charon/sa/authenticators/eap/sim_manager.c +++ b/src/charon/sa/authenticators/eap/sim_manager.c @@ -23,17 +23,17 @@ typedef struct private_sim_manager_t private_sim_manager_t; * Private data of an sim_manager_t object. */ struct private_sim_manager_t { - + /** * Public sim_manager_t interface. */ sim_manager_t public; - + /** * list of added cards */ linked_list_t *cards; - + /** * list of added provider */ @@ -106,7 +106,7 @@ static void destroy(private_sim_manager_t *this) sim_manager_t *sim_manager_create() { private_sim_manager_t *this = malloc_thing(private_sim_manager_t); - + this->public.add_card = (void(*)(sim_manager_t*, sim_card_t *card))add_card; this->public.remove_card = (void(*)(sim_manager_t*, sim_card_t *card))remove_card; this->public.create_card_enumerator = (enumerator_t*(*)(sim_manager_t*))create_card_enumerator; @@ -114,10 +114,10 @@ sim_manager_t *sim_manager_create() this->public.remove_provider = (void(*)(sim_manager_t*, sim_provider_t *provider))remove_provider; this->public.create_provider_enumerator = (enumerator_t*(*)(sim_manager_t*))create_provider_enumerator; this->public.destroy = (void(*)(sim_manager_t*))destroy; - + this->cards = linked_list_create(); this->provider = linked_list_create(); - + return &this->public; } diff --git a/src/charon/sa/authenticators/eap/sim_manager.h b/src/charon/sa/authenticators/eap/sim_manager.h index 3c6d66dfe..260e73038 100644 --- a/src/charon/sa/authenticators/eap/sim_manager.h +++ b/src/charon/sa/authenticators/eap/sim_manager.h @@ -42,7 +42,7 @@ struct sim_card_t { * @return identity */ identification_t* (*get_imsi)(sim_card_t *this); - + /** * Calculate SRES/KC from a RAND. * @@ -59,7 +59,7 @@ struct sim_card_t { * Interface for a triplet provider (used as EAP server). */ struct sim_provider_t { - + /** * Get a single triplet to authenticate a EAP client. * @@ -77,49 +77,49 @@ struct sim_provider_t { * The EAP-SIM manager handles multiple SIM cards and providers. */ struct sim_manager_t { - + /** * Register a SIM card (client) at the manager. * * @param card sim card to register */ void (*add_card)(sim_manager_t *this, sim_card_t *card); - + /** * Unregister a previously registered card from the manager. * * @param card sim card to unregister */ void (*remove_card)(sim_manager_t *this, sim_card_t *card); - + /** * Create an enumerator over all registered cards. * * @return enumerator over sim_card_t's */ enumerator_t* (*create_card_enumerator)(sim_manager_t *this); - + /** * Register a triplet provider (server) at the manager. * * @param card sim card to register */ void (*add_provider)(sim_manager_t *this, sim_provider_t *provider); - + /** * Unregister a previously registered provider from the manager. * * @param card sim card to unregister */ void (*remove_provider)(sim_manager_t *this, sim_provider_t *provider); - + /** * Create an enumerator over all registered provider. * * @return enumerator over sim_provider_t's */ enumerator_t* (*create_provider_enumerator)(sim_manager_t *this); - + /** * Destroy a manager instance. */ diff --git a/src/charon/sa/authenticators/eap_authenticator.c b/src/charon/sa/authenticators/eap_authenticator.c index 2abdf7a02..30803dff0 100644 --- a/src/charon/sa/authenticators/eap_authenticator.c +++ b/src/charon/sa/authenticators/eap_authenticator.c @@ -26,62 +26,62 @@ typedef struct private_eap_authenticator_t private_eap_authenticator_t; * Private data of an eap_authenticator_t object. */ struct private_eap_authenticator_t { - + /** * Public authenticator_t interface. */ eap_authenticator_t public; - + /** * Assigned IKE_SA */ ike_sa_t *ike_sa; - + /** * others nonce to include in AUTH calculation */ chunk_t received_nonce; - + /** * our nonce to include in AUTH calculation */ chunk_t sent_nonce; - + /** * others IKE_SA_INIT message data to include in AUTH calculation */ chunk_t received_init; - + /** * our IKE_SA_INIT message data to include in AUTH calculation */ chunk_t sent_init; - + /** * Current EAP method processing */ eap_method_t *method; - + /** * MSK used to build and verify auth payload */ chunk_t msk; - + /** * EAP authentication method completed successfully */ bool eap_complete; - + /** * authentication payload verified successfully */ bool auth_complete; - + /** * generated EAP payload */ eap_payload_t *eap_payload; - + /** * EAP identity of peer */ @@ -95,7 +95,7 @@ static eap_method_t *load_method(private_eap_authenticator_t *this, eap_type_t type, u_int32_t vendor, eap_role_t role) { identification_t *server, *peer; - + if (role == EAP_SERVER) { server = this->ike_sa->get_my_id(this->ike_sa); @@ -125,9 +125,9 @@ static eap_payload_t* server_initiate_eap(private_eap_authenticator_t *this, identification_t *id; u_int32_t vendor; eap_payload_t *out; - + auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); - + /* initiate EAP-Identity exchange if required */ if (!this->eap_identity && do_identity) { @@ -157,7 +157,7 @@ static eap_payload_t* server_initiate_eap(private_eap_authenticator_t *this, if (vendor) { DBG1(DBG_IKE, "initiating EAP vendor type %d-%d", type, vendor); - + } else { @@ -186,14 +186,14 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this, u_int32_t vendor, received_vendor; eap_payload_t *out; auth_cfg_t *cfg; - + if (in->get_code(in) != EAP_RESPONSE) { DBG1(DBG_IKE, "received %N, sending %N", eap_code_names, in->get_code(in), eap_code_names, EAP_FAILURE); return eap_payload_create_code(EAP_FAILURE, in->get_identifier(in)); } - + type = this->method->get_type(this->method, &vendor); received_type = in->get_type(in, &received_vendor); if (type != received_type || vendor != received_vendor) @@ -210,7 +210,7 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this, } return eap_payload_create_code(EAP_FAILURE, in->get_identifier(in)); } - + switch (this->method->process(this->method, in, &out)) { case NEED_MORE: @@ -220,7 +220,7 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this, { chunk_t data; char buf[256]; - + if (this->method->get_msk(this->method, &data) == SUCCESS) { snprintf(buf, sizeof(buf), "%.*s", data.len, data.ptr); @@ -262,7 +262,7 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this, if (vendor) { DBG1(DBG_IKE, "EAP vendor specific method %d-%d failed for " - "peer %Y", type, vendor, + "peer %Y", type, vendor, this->ike_sa->get_other_id(this->ike_sa)); } else @@ -286,9 +286,9 @@ static eap_payload_t* client_process_eap(private_eap_authenticator_t *this, auth_cfg_t *auth; eap_payload_t *out; identification_t *id; - + type = in->get_type(in, &vendor); - + if (!vendor && type == EAP_IDENTITY) { DESTROY_IF(this->eap_identity); @@ -301,7 +301,7 @@ static eap_payload_t* client_process_eap(private_eap_authenticator_t *this, DBG1(DBG_IKE, "server requested %N, sending '%Y'", eap_type_names, type, id); this->eap_identity = id->clone(id); - + this->method = load_method(this, type, vendor, EAP_PEER); if (this->method) { @@ -337,14 +337,14 @@ static eap_payload_t* client_process_eap(private_eap_authenticator_t *this, return eap_payload_create_nak(in->get_identifier(in)); } } - + type = this->method->get_type(this->method, &vendor); - + if (this->method->process(this->method, in, &out) == NEED_MORE) { /* client methods should never return SUCCESS */ return out; } - + if (vendor) { DBG1(DBG_IKE, "vendor specific EAP method %d-%d failed", type, vendor); @@ -367,7 +367,7 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message, identification_t *other_id; auth_cfg_t *auth; keymat_t *keymat; - + auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION); if (!auth_payload) @@ -388,7 +388,7 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message, return FALSE; } chunk_free(&auth_data); - + DBG1(DBG_IKE, "authentication of '%Y' with %N successful", other_id, auth_class_names, AUTH_CLASS_EAP); this->auth_complete = TRUE; @@ -407,13 +407,13 @@ static void build_auth(private_eap_authenticator_t *this, message_t *message, identification_t *my_id; chunk_t auth_data; keymat_t *keymat; - + my_id = this->ike_sa->get_my_id(this->ike_sa); keymat = this->ike_sa->get_keymat(this->ike_sa); - + DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N", my_id, auth_class_names, AUTH_CLASS_EAP); - + auth_data = keymat->get_psk_sig(keymat, FALSE, init, nonce, this->msk, my_id); auth_payload = auth_payload_create(); auth_payload->set_auth_method(auth_payload, AUTH_PSK); @@ -429,7 +429,7 @@ static status_t process_server(private_eap_authenticator_t *this, message_t *message) { eap_payload_t *eap_payload; - + if (this->eap_complete) { if (!verify_auth(this, message, this->sent_nonce, this->received_init)) @@ -438,7 +438,7 @@ static status_t process_server(private_eap_authenticator_t *this, } return NEED_MORE; } - + if (!this->method) { this->eap_payload = server_initiate_eap(this, TRUE); @@ -465,7 +465,7 @@ static status_t build_server(private_eap_authenticator_t *this, if (this->eap_payload) { eap_code_t code; - + code = this->eap_payload->get_code(this->eap_payload); message->add_payload(message, (payload_t*)this->eap_payload); this->eap_payload = NULL; @@ -490,7 +490,7 @@ static status_t process_client(private_eap_authenticator_t *this, message_t *message) { eap_payload_t *eap_payload; - + if (this->eap_complete) { if (!verify_auth(this, message, this->sent_nonce, this->received_init)) @@ -499,7 +499,7 @@ static status_t process_client(private_eap_authenticator_t *this, } return SUCCESS; } - + eap_payload = (eap_payload_t*)message->get_payload(message, EXTENSIBLE_AUTHENTICATION); if (eap_payload) @@ -520,7 +520,7 @@ static status_t process_client(private_eap_authenticator_t *this, eap_type_t type; u_int32_t vendor; auth_cfg_t *cfg; - + if (this->method->get_msk(this->method, &this->msk) == SUCCESS) { this->msk = chunk_clone(this->msk); @@ -561,7 +561,7 @@ static status_t process_client(private_eap_authenticator_t *this, /** * Implementation of authenticator_t.build for a client */ -static status_t build_client(private_eap_authenticator_t *this, +static status_t build_client(private_eap_authenticator_t *this, message_t *message) { if (this->eap_payload) @@ -598,11 +598,11 @@ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa, chunk_t received_init, chunk_t sent_init) { private_eap_authenticator_t *this = malloc_thing(private_eap_authenticator_t); - + this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *message))build_client; this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))process_client; this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; - + this->ike_sa = ike_sa; this->received_init = received_init; this->received_nonce = received_nonce; @@ -614,7 +614,7 @@ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa, this->eap_complete = FALSE; this->auth_complete = FALSE; this->eap_identity = NULL; - + return &this->public; } @@ -626,11 +626,11 @@ eap_authenticator_t *eap_authenticator_create_verifier(ike_sa_t *ike_sa, chunk_t received_init, chunk_t sent_init) { private_eap_authenticator_t *this = malloc_thing(private_eap_authenticator_t); - + this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *messageh))build_server; this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))process_server; this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; - + this->ike_sa = ike_sa; this->received_init = received_init; this->received_nonce = received_nonce; @@ -642,7 +642,7 @@ eap_authenticator_t *eap_authenticator_create_verifier(ike_sa_t *ike_sa, this->eap_complete = FALSE; this->auth_complete = FALSE; this->eap_identity = NULL; - + return &this->public; } diff --git a/src/charon/sa/authenticators/eap_authenticator.h b/src/charon/sa/authenticators/eap_authenticator.h index b90a6f4df..41eb6a8c9 100644 --- a/src/charon/sa/authenticators/eap_authenticator.h +++ b/src/charon/sa/authenticators/eap_authenticator.h @@ -83,7 +83,7 @@ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa, /** * Create an authenticator to authenticate EAP clients. - * + * * @param ike_sa associated ike_sa * @param received_nonce nonce received in IKE_SA_INIT * @param sent_nonce nonce sent in IKE_SA_INIT diff --git a/src/charon/sa/authenticators/psk_authenticator.c b/src/charon/sa/authenticators/psk_authenticator.c index 742b67789..83a4b2272 100644 --- a/src/charon/sa/authenticators/psk_authenticator.c +++ b/src/charon/sa/authenticators/psk_authenticator.c @@ -35,12 +35,12 @@ struct private_psk_authenticator_t { * Assigned IKE_SA */ ike_sa_t *ike_sa; - + /** * nonce to include in AUTH calculation */ chunk_t nonce; - + /** * IKE_SA_INIT message data to include in AUTH calculation */ @@ -57,7 +57,7 @@ static status_t build(private_psk_authenticator_t *this, message_t *message) shared_key_t *key; chunk_t auth_data; keymat_t *keymat; - + keymat = this->ike_sa->get_keymat(this->ike_sa); my_id = this->ike_sa->get_my_id(this->ike_sa); other_id = this->ike_sa->get_other_id(this->ike_sa); @@ -79,7 +79,7 @@ static status_t build(private_psk_authenticator_t *this, message_t *message) auth_payload->set_data(auth_payload, auth_data); chunk_free(&auth_data); message->add_payload(message, (payload_t*)auth_payload); - + return SUCCESS; } @@ -97,7 +97,7 @@ static status_t process(private_psk_authenticator_t *this, message_t *message) bool authenticated = FALSE; int keys_found = 0; keymat_t *keymat; - + auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION); if (!auth_payload) { @@ -112,7 +112,7 @@ static status_t process(private_psk_authenticator_t *this, message_t *message) while (!authenticated && enumerator->enumerate(enumerator, &key, NULL, NULL)) { keys_found++; - + auth_data = keymat->get_psk_sig(keymat, TRUE, this->ike_sa_init, this->nonce, key->get_key(key), other_id); if (auth_data.len && chunk_equals(auth_data, recv_auth_data)) @@ -124,7 +124,7 @@ static status_t process(private_psk_authenticator_t *this, message_t *message) chunk_free(&auth_data); } enumerator->destroy(enumerator); - + if (!authenticated) { if (keys_found == 0) @@ -136,7 +136,7 @@ static status_t process(private_psk_authenticator_t *this, message_t *message) keys_found, keys_found == 1 ? "" : "s", my_id, other_id); return FAILED; } - + auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); return SUCCESS; @@ -166,15 +166,15 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, chunk_t received_nonce, chunk_t sent_init) { private_psk_authenticator_t *this = malloc_thing(private_psk_authenticator_t); - + this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *message))build; this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))return_failed; this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; - + this->ike_sa = ike_sa; this->ike_sa_init = sent_init; this->nonce = received_nonce; - + return &this->public; } @@ -185,15 +185,15 @@ psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa, chunk_t sent_nonce, chunk_t received_init) { private_psk_authenticator_t *this = malloc_thing(private_psk_authenticator_t); - + this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *messageh))return_failed; this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))process; this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; - + this->ike_sa = ike_sa; this->ike_sa_init = received_init; this->nonce = sent_nonce; - + return &this->public; } diff --git a/src/charon/sa/authenticators/psk_authenticator.h b/src/charon/sa/authenticators/psk_authenticator.h index 5bb743d93..0fab11095 100644 --- a/src/charon/sa/authenticators/psk_authenticator.h +++ b/src/charon/sa/authenticators/psk_authenticator.h @@ -49,7 +49,7 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, /** * Create an authenticator to verify PSK signatures. - * + * * @param ike_sa associated ike_sa * @param sent_nonce nonce sent in IKE_SA_INIT * @param received_init received IKE_SA_INIT message data diff --git a/src/charon/sa/authenticators/pubkey_authenticator.c b/src/charon/sa/authenticators/pubkey_authenticator.c index 44cabfb94..7e558db61 100644 --- a/src/charon/sa/authenticators/pubkey_authenticator.c +++ b/src/charon/sa/authenticators/pubkey_authenticator.c @@ -26,22 +26,22 @@ typedef struct private_pubkey_authenticator_t private_pubkey_authenticator_t; * Private data of an pubkey_authenticator_t object. */ struct private_pubkey_authenticator_t { - + /** * Public authenticator_t interface. */ pubkey_authenticator_t public; - + /** * Assigned IKE_SA */ ike_sa_t *ike_sa; - + /** * nonce to include in AUTH calculation */ chunk_t nonce; - + /** * IKE_SA_INIT message data to include in AUTH calculation */ @@ -72,11 +72,11 @@ static status_t build(private_pubkey_authenticator_t *this, message_t *message) DBG1(DBG_IKE, "no private key found for '%Y'", id); return NOT_FOUND; } - + switch (private->get_type(private)) { case KEY_RSA: - /* we currently use always SHA1 for signatures, + /* we currently use always SHA1 for signatures, * TODO: support other hashes depending on configuration/auth */ scheme = SIGN_RSA_EMSA_PKCS1_SHA1; auth_method = AUTH_RSA; @@ -86,7 +86,7 @@ static status_t build(private_pubkey_authenticator_t *this, message_t *message) switch (private->get_keysize(private)) { case 32: - scheme = SIGN_ECDSA_256; + scheme = SIGN_ECDSA_256; auth_method = AUTH_ECDSA_256; break; case 48: @@ -121,11 +121,11 @@ static status_t build(private_pubkey_authenticator_t *this, message_t *message) status = SUCCESS; } DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N %s", id, - auth_method_names, auth_method, + auth_method_names, auth_method, (status == SUCCESS)? "successful":"failed"); chunk_free(&octets); private->destroy(private); - + return status; } @@ -145,7 +145,7 @@ static status_t process(private_pubkey_authenticator_t *this, message_t *message signature_scheme_t scheme; status_t status = NOT_FOUND; keymat_t *keymat; - + auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION); if (!auth_payload) { @@ -231,15 +231,15 @@ pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa, chunk_t received_nonce, chunk_t sent_init) { private_pubkey_authenticator_t *this = malloc_thing(private_pubkey_authenticator_t); - + this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *message))build; this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))return_failed; this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; - + this->ike_sa = ike_sa; this->ike_sa_init = sent_init; this->nonce = received_nonce; - + return &this->public; } @@ -250,14 +250,14 @@ pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa, chunk_t sent_nonce, chunk_t received_init) { private_pubkey_authenticator_t *this = malloc_thing(private_pubkey_authenticator_t); - + this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *message))return_failed; this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))process; this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; - + this->ike_sa = ike_sa; this->ike_sa_init = received_init; this->nonce = sent_nonce; - + return &this->public; } diff --git a/src/charon/sa/authenticators/pubkey_authenticator.h b/src/charon/sa/authenticators/pubkey_authenticator.h index e67f020ff..be369cb89 100644 --- a/src/charon/sa/authenticators/pubkey_authenticator.h +++ b/src/charon/sa/authenticators/pubkey_authenticator.h @@ -50,7 +50,7 @@ pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa, /** * Create an authenticator to verify public key signatures. - * + * * @param ike_sa associated ike_sa * @param sent_nonce nonce sent in IKE_SA_INIT * @param received_init received IKE_SA_INIT message data diff --git a/src/charon/sa/child_sa.c b/src/charon/sa/child_sa.c index a3dfeffa5..1ea1befa2 100644 --- a/src/charon/sa/child_sa.c +++ b/src/charon/sa/child_sa.c @@ -46,67 +46,67 @@ struct private_child_sa_t { * Public interface of child_sa_t. */ child_sa_t public; - + /** * address of us */ host_t *my_addr; - + /** * address of remote */ host_t *other_addr; - + /** * our actually used SPI, 0 if unused */ u_int32_t my_spi; - + /** * others used SPI, 0 if unused */ u_int32_t other_spi; - + /** * our Compression Parameter Index (CPI) used, 0 if unused */ u_int16_t my_cpi; - + /** * others Compression Parameter Index (CPI) used, 0 if unused */ u_int16_t other_cpi; - + /** * List for local traffic selectors */ linked_list_t *my_ts; - + /** * List for remote traffic selectors */ linked_list_t *other_ts; - + /** * Protocol used to protect this SA, ESP|AH */ protocol_id_t protocol; - + /** * reqid used for this child_sa */ u_int32_t reqid; - + /** * absolute time when rekeying is scheduled */ time_t rekey_time; - + /** * absolute time when the SA expires */ time_t expire_time; - + /** * state of the CHILD_SA */ @@ -116,22 +116,22 @@ struct private_child_sa_t { * Specifies if UDP encapsulation is enabled (NAT traversal) */ bool encap; - + /** * Specifies the IPComp transform used (IPCOMP_NONE if disabled) */ ipcomp_transform_t ipcomp; - + /** * mode this SA uses, tunnel/transport */ ipsec_mode_t mode; - + /** * selected proposal */ proposal_t *proposal; - + /** * config used to create this child */ @@ -320,7 +320,7 @@ static bool policy_enumerate(policy_enumerator_t *this, traffic_selector_t **my_out, traffic_selector_t **other_out) { traffic_selector_t *other_ts; - + while (this->ts || this->mine->enumerate(this->mine, &this->ts)) { if (!this->other->enumerate(this->other, &other_ts)) @@ -363,14 +363,14 @@ static void policy_destroy(policy_enumerator_t *this) static enumerator_t* create_policy_enumerator(private_child_sa_t *this) { policy_enumerator_t *e = malloc_thing(policy_enumerator_t); - + e->public.enumerate = (void*)policy_enumerate; e->public.destroy = (void*)policy_destroy; e->mine = this->my_ts->create_enumerator(this->my_ts); e->other = this->other_ts->create_enumerator(this->other_ts); e->list = this->other_ts; e->ts = NULL; - + return &e->public; } @@ -384,7 +384,7 @@ static status_t update_usebytes(private_child_sa_t *this, bool inbound) { status_t status = FAILED; u_int64_t bytes; - + if (inbound) { if (this->my_spi) @@ -434,12 +434,12 @@ static void update_usetime(private_child_sa_t *this, bool inbound) enumerator_t *enumerator; traffic_selector_t *my_ts, *other_ts; u_int32_t last_use = 0; - + enumerator = create_policy_enumerator(this); while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) { u_int32_t in, out, fwd; - + if (inbound) { if (charon->kernel_interface->query_policy(charon->kernel_interface, @@ -552,7 +552,7 @@ static status_t install(private_child_sa_t *this, chunk_t encr, chunk_t integ, host_t *src, *dst; status_t status; bool update = FALSE; - + /* now we have to decide which spi to use. Use self allocated, if "in", * or the one in the proposal, if not "in" (others). Additionally, * source and dest host switch depending on the role */ @@ -574,20 +574,20 @@ static status_t install(private_child_sa_t *this, chunk_t encr, chunk_t integ, this->other_spi = spi; this->other_cpi = cpi; } - + DBG2(DBG_CHD, "adding %s %N SA", inbound ? "inbound" : "outbound", protocol_id_names, this->protocol); - + /* send SA down to the kernel */ DBG2(DBG_CHD, " SPI 0x%.8x, src %H dst %H", ntohl(spi), src, dst); - + this->proposal->get_algorithm(this->proposal, ENCRYPTION_ALGORITHM, &enc_alg, &size); this->proposal->get_algorithm(this->proposal, INTEGRITY_ALGORITHM, &int_alg, &size); - + lifetime = this->config->get_lifetime(this->config); - + now = time_monotonic(NULL); if (lifetime->time.rekey) { @@ -597,19 +597,19 @@ static status_t install(private_child_sa_t *this, chunk_t encr, chunk_t integ, { this->expire_time = now + lifetime->time.life; } - + if (!lifetime->time.jitter && !inbound) { /* avoid triggering multiple rekey events */ lifetime->time.rekey = 0; } - + status = charon->kernel_interface->add_sa(charon->kernel_interface, src, dst, spi, this->protocol, this->reqid, lifetime, enc_alg, encr, int_alg, integ, this->mode, this->ipcomp, cpi, this->encap, update); - + free(lifetime); - + return status; } @@ -623,7 +623,7 @@ static status_t add_policies(private_child_sa_t *this, traffic_selector_t *my_ts, *other_ts; status_t status = SUCCESS; bool routed = (this->state == CHILD_CREATED); - + /* apply traffic selectors */ enumerator = my_ts_list->create_enumerator(my_ts_list); while (enumerator->enumerate(enumerator, &my_ts)) @@ -637,7 +637,7 @@ static status_t add_policies(private_child_sa_t *this, this->other_ts->insert_last(this->other_ts, other_ts->clone(other_ts)); } enumerator->destroy(enumerator); - + if (this->config->install_policy(this->config)) { /* enumerate pairs of traffic selectors */ @@ -649,7 +649,7 @@ static status_t add_policies(private_child_sa_t *this, this->my_addr, this->other_addr, my_ts, other_ts, POLICY_OUT, this->other_spi, this->protocol, this->reqid, this->mode, this->ipcomp, this->other_cpi, routed); - + status |= charon->kernel_interface->add_policy(charon->kernel_interface, this->other_addr, this->my_addr, other_ts, my_ts, POLICY_IN, this->my_spi, this->protocol, this->reqid, this->mode, @@ -661,7 +661,7 @@ static status_t add_policies(private_child_sa_t *this, this->my_spi, this->protocol, this->reqid, this->mode, this->ipcomp, this->my_cpi, routed); } - + if (status != SUCCESS) { break; @@ -669,7 +669,7 @@ static status_t add_policies(private_child_sa_t *this, } enumerator->destroy(enumerator); } - + if (status == SUCCESS && this->state == CHILD_CREATED) { /* switch to routed state if no SAD entry set up */ set_state(this, CHILD_ROUTED); @@ -685,19 +685,19 @@ static status_t update(private_child_sa_t *this, host_t *me, host_t *other, { child_sa_state_t old; bool transport_proxy_mode; - + /* anything changed at all? */ if (me->equals(me, this->my_addr) && other->equals(other, this->other_addr) && this->encap == encap) { return SUCCESS; } - + old = this->state; set_state(this, CHILD_UPDATING); transport_proxy_mode = this->config->use_proxy_mode(this->config) && this->mode == MODE_TRANSPORT; - + if (!transport_proxy_mode) { /* update our (initator) SA */ @@ -712,7 +712,7 @@ static status_t update(private_child_sa_t *this, host_t *me, host_t *other, return NOT_SUPPORTED; } } - + /* update his (responder) SA */ if (this->other_spi) { @@ -726,7 +726,7 @@ static status_t update(private_child_sa_t *this, host_t *me, host_t *other, } } } - + if (this->config->install_policy(this->config)) { /* update policies */ @@ -735,7 +735,7 @@ static status_t update(private_child_sa_t *this, host_t *me, host_t *other, { enumerator_t *enumerator; traffic_selector_t *my_ts, *other_ts; - + /* always use high priorities, as hosts getting updated are INSTALLED */ enumerator = create_policy_enumerator(this); while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) @@ -750,7 +750,7 @@ static status_t update(private_child_sa_t *this, host_t *me, host_t *other, charon->kernel_interface->del_policy(charon->kernel_interface, other_ts, my_ts, POLICY_FWD, FALSE); } - + /* check whether we have to update a "dynamic" traffic selector */ if (!me->ip_equals(me, this->my_addr) && my_ts->is_host(my_ts, this->my_addr)) @@ -762,7 +762,7 @@ static status_t update(private_child_sa_t *this, host_t *me, host_t *other, { other_ts->set_address(other_ts, other); } - + /* we reinstall the virtual IP to handle interface roaming * correctly */ if (vip) @@ -770,7 +770,7 @@ static status_t update(private_child_sa_t *this, host_t *me, host_t *other, charon->kernel_interface->del_ip(charon->kernel_interface, vip); charon->kernel_interface->add_ip(charon->kernel_interface, vip, me); } - + /* reinstall updated policies */ charon->kernel_interface->add_policy(charon->kernel_interface, me, other, my_ts, other_ts, POLICY_OUT, this->other_spi, @@ -821,9 +821,9 @@ static void destroy(private_child_sa_t *this) enumerator_t *enumerator; traffic_selector_t *my_ts, *other_ts; bool unrouted = (this->state == CHILD_ROUTED); - + set_state(this, CHILD_DESTROYING); - + /* delete SAs in the kernel, if they are set up */ if (this->my_spi) { @@ -843,7 +843,7 @@ static void destroy(private_child_sa_t *this) this->my_addr, this->other_addr, this->other_spi, this->protocol, this->other_cpi); } - + if (this->config->install_policy(this->config)) { /* delete all policies in the kernel */ @@ -862,7 +862,7 @@ static void destroy(private_child_sa_t *this) } enumerator->destroy(enumerator); } - + this->my_ts->destroy_offset(this->my_ts, offsetof(traffic_selector_t, destroy)); this->other_ts->destroy_offset(this->other_ts, offsetof(traffic_selector_t, destroy)); this->my_addr->destroy(this->my_addr); @@ -908,7 +908,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, this->public.get_traffic_selectors = (linked_list_t*(*)(child_sa_t*,bool))get_traffic_selectors; this->public.create_policy_enumerator = (enumerator_t*(*)(child_sa_t*))create_policy_enumerator; this->public.destroy = (void(*)(child_sa_t*))destroy; - + /* private data */ this->my_addr = me->clone(me); this->other_addr = other->clone(other); @@ -934,7 +934,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, this->expire_time = 0; this->config = config; config->get_ref(config); - + /* MIPv6 proxy transport mode sets SA endpoints to TS hosts */ if (config->get_mode(config) == MODE_TRANSPORT && config->use_proxy_mode(config)) @@ -946,9 +946,9 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, enumerator_t *enumerator; linked_list_t *my_ts_list, *other_ts_list; traffic_selector_t *my_ts, *other_ts; - + this->mode = MODE_TRANSPORT; - + my_ts_list = config->get_traffic_selectors(config, TRUE, NULL, me); enumerator = my_ts_list->create_enumerator(my_ts_list); if (enumerator->enumerate(enumerator, &my_ts)) @@ -969,7 +969,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, } enumerator->destroy(enumerator); my_ts_list->destroy_offset(my_ts_list, offsetof(traffic_selector_t, destroy)); - + other_ts_list = config->get_traffic_selectors(config, FALSE, NULL, other); enumerator = other_ts_list->create_enumerator(other_ts_list); if (enumerator->enumerate(enumerator, &other_ts)) @@ -991,6 +991,6 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, enumerator->destroy(enumerator); other_ts_list->destroy_offset(other_ts_list, offsetof(traffic_selector_t, destroy)); } - + return &this->public; } diff --git a/src/charon/sa/child_sa.h b/src/charon/sa/child_sa.h index 3931d5186..a45b4c3e4 100644 --- a/src/charon/sa/child_sa.h +++ b/src/charon/sa/child_sa.h @@ -36,42 +36,42 @@ typedef struct child_sa_t child_sa_t; * States of a CHILD_SA */ enum child_sa_state_t { - + /** * Just created, uninstalled CHILD_SA */ CHILD_CREATED, - + /** * Installed SPD, but no SAD entries */ CHILD_ROUTED, - + /** * Installing an in-use CHILD_SA */ CHILD_INSTALLING, - + /** * Installed an in-use CHILD_SA */ CHILD_INSTALLED, - + /** * While updating hosts, in update_hosts() */ CHILD_UPDATING, - + /** * CHILD_SA which is rekeying */ CHILD_REKEYING, - + /** * CHILD_SA in progress of delete */ CHILD_DELETING, - + /** * CHILD_SA object gets destroyed */ @@ -102,14 +102,14 @@ extern enum_name_t *child_sa_state_names; * Once SAs are set up, policies can be added using add_policies. */ struct child_sa_t { - + /** * Get the name of the config this CHILD_SA uses. * * @return name */ char* (*get_name) (child_sa_t *this); - + /** * Get the reqid of the CHILD SA. * @@ -119,28 +119,28 @@ struct child_sa_t { * @return reqid of the CHILD SA */ u_int32_t (*get_reqid)(child_sa_t *this); - + /** * Get the config used to set up this child sa. * * @return child_cfg */ child_cfg_t* (*get_config) (child_sa_t *this); - + /** * Get the state of the CHILD_SA. * * @return CHILD_SA state */ child_sa_state_t (*get_state) (child_sa_t *this); - + /** * Set the state of the CHILD_SA. * * @param state state to set on CHILD_SA */ void (*set_state) (child_sa_t *this, child_sa_state_t state); - + /** * Get the SPI of this CHILD_SA. * @@ -152,7 +152,7 @@ struct child_sa_t { * @return SPI of the CHILD SA */ u_int32_t (*get_spi) (child_sa_t *this, bool inbound); - + /** * Get the CPI of this CHILD_SA. * @@ -171,63 +171,63 @@ struct child_sa_t { * @return AH | ESP */ protocol_id_t (*get_protocol) (child_sa_t *this); - + /** * Set the negotiated protocol to use for this CHILD_SA. * * @param protocol AH | ESP */ void (*set_protocol)(child_sa_t *this, protocol_id_t protocol); - + /** * Get the IPsec mode of this CHILD_SA. * * @return TUNNEL | TRANSPORT | BEET */ ipsec_mode_t (*get_mode)(child_sa_t *this); - + /** * Set the negotiated IPsec mode to use. * * @param mode TUNNEL | TRANPORT | BEET */ void (*set_mode)(child_sa_t *this, ipsec_mode_t mode); - + /** * Get the used IPComp algorithm. * * @return IPComp compression algorithm. */ ipcomp_transform_t (*get_ipcomp)(child_sa_t *this); - + /** * Set the IPComp algorithm to use. * * @param ipcomp the IPComp transform to use */ void (*set_ipcomp)(child_sa_t *this, ipcomp_transform_t ipcomp); - + /** * Get the selected proposal. * * @return selected proposal */ proposal_t* (*get_proposal)(child_sa_t *this); - + /** * Set the negotiated proposal. * * @param proposal selected proposal */ void (*set_proposal)(child_sa_t *this, proposal_t *proposal); - + /** * Check if this CHILD_SA uses UDP encapsulation. * * @return TRUE if SA encapsulates ESP packets */ bool (*has_encap)(child_sa_t *this); - + /** * Get the absolute time when the CHILD_SA expires or gets rekeyed. * @@ -235,7 +235,7 @@ struct child_sa_t { * @return absolute time */ time_t (*get_lifetime)(child_sa_t *this, bool hard); - + /** * Get last use time and the number of bytes processed. * @@ -245,7 +245,7 @@ struct child_sa_t { */ void (*get_usestats)(child_sa_t *this, bool inbound, time_t *time, u_int64_t *bytes); - + /** * Get the traffic selectors list added for one side. * @@ -253,14 +253,14 @@ struct child_sa_t { * @return list of traffic selectors */ linked_list_t* (*get_traffic_selectors) (child_sa_t *this, bool local); - + /** * Create an enumerator over installed policies. * * @return enumerator over pairs of traffic selectors. */ enumerator_t* (*create_policy_enumerator)(child_sa_t *this); - + /** * Allocate an SPI to include in a proposal. * @@ -269,14 +269,14 @@ struct child_sa_t { * @return SPI, 0 on failure */ u_int32_t (*alloc_spi)(child_sa_t *this, protocol_id_t protocol); - + /** * Allocate a CPI to use for IPComp. * * @return CPI, 0 on failure */ u_int16_t (*alloc_cpi)(child_sa_t *this); - + /** * Install an IPsec SA for one direction. * diff --git a/src/charon/sa/connect_manager.c b/src/charon/sa/connect_manager.c index f26cf9405..75a3242fc 100644 --- a/src/charon/sa/connect_manager.c +++ b/src/charon/sa/connect_manager.c @@ -53,22 +53,22 @@ struct private_connect_manager_t { * Public interface of connect_manager_t. */ connect_manager_t public; - + /** * Lock for exclusivly accessing the manager. */ mutex_t *mutex; - + /** * Hasher to generate signatures */ hasher_t *hasher; - + /** * Linked list with initiated mediated connections */ linked_list_t *initiated; - + /** * Linked list with checklists (hash table with connect ID as key would be better). */ @@ -93,22 +93,22 @@ typedef struct endpoint_pair_t endpoint_pair_t; struct endpoint_pair_t { /** pair id */ u_int32_t id; - + /** priority */ u_int64_t priority; - + /** local endpoint */ host_t *local; - + /** remote endpoint */ host_t *remote; - + /** state */ check_state_t state; - + /** number of retransmissions */ u_int32_t retransmitted; - + /** the generated packet */ packet_t *packet; }; @@ -131,22 +131,22 @@ static endpoint_pair_t *endpoint_pair_create(endpoint_notify_t *initiator, endpoint_notify_t *responder, bool initiator_is_local) { endpoint_pair_t *this = malloc_thing(endpoint_pair_t); - + this->id = 0; - + u_int32_t pi = initiator->get_priority(initiator); u_int32_t pr = responder->get_priority(responder); this->priority = pow(2, 32) * min(pi, pr) + 2 * max(pi, pr) + (pi > pr ? 1 : 0); - + this->local = initiator_is_local ? initiator->get_base(initiator) : responder->get_base(responder); this->local = this->local->clone(this->local); this->remote = initiator_is_local ? responder->get_host(responder) : initiator->get_host(initiator); this->remote = this->remote->clone(this->remote); - + this->state = CHECK_WAITING; this->retransmitted = 0; this->packet = NULL; - + return this; } @@ -157,50 +157,50 @@ typedef struct check_list_t check_list_t; * An entry in the linked list. */ struct check_list_t { - + struct { /** initiator's id */ identification_t *id; - + /** initiator's key */ chunk_t key; - + /** initiator's endpoints */ linked_list_t *endpoints; } initiator; - + struct { /** responder's id */ identification_t *id; - + /** responder's key */ chunk_t key; - + /** responder's endpoints */ linked_list_t *endpoints; } responder; - + /** connect id */ chunk_t connect_id; - + /** list of endpoint pairs */ linked_list_t *pairs; - + /** pairs queued for triggered checks */ linked_list_t *triggered; - + /** state */ check_state_t state; - + /** TRUE if this is the initiator */ bool is_initiator; - + /** TRUE if the initiator is finishing the checks */ bool is_finishing; - + /** the current sender job */ job_t *sender; - + }; /** @@ -210,18 +210,18 @@ static void check_list_destroy(check_list_t *this) { DESTROY_IF(this->initiator.id); DESTROY_IF(this->responder.id); - + chunk_free(&this->connect_id); chunk_free(&this->initiator.key); chunk_free(&this->responder.key); - + DESTROY_OFFSET_IF(this->initiator.endpoints, offsetof(endpoint_notify_t, destroy)); DESTROY_OFFSET_IF(this->responder.endpoints, offsetof(endpoint_notify_t, destroy)); - + DESTROY_FUNCTION_IF(this->pairs, (void*)endpoint_pair_destroy); /* this list contains some of the same elements as contained in this->pairs */ - DESTROY_IF(this->triggered); - + DESTROY_IF(this->triggered); + free(this); } @@ -233,23 +233,23 @@ static check_list_t *check_list_create(identification_t *initiator, identificati bool is_initiator) { check_list_t *this = malloc_thing(check_list_t); - + this->connect_id = chunk_clone(connect_id); - + this->initiator.id = initiator->clone(initiator); this->initiator.key = chunk_clone(initiator_key); this->initiator.endpoints = initiator_endpoints->clone_offset(initiator_endpoints, offsetof(endpoint_notify_t, clone)); - + this->responder.id = responder->clone(responder); this->responder.key = chunk_empty; this->responder.endpoints = NULL; - + this->pairs = linked_list_create(); this->triggered = linked_list_create(); this->state = CHECK_NONE; this->is_initiator = is_initiator; this->is_finishing = FALSE; - + return this; } @@ -261,10 +261,10 @@ typedef struct initiated_t initiated_t; struct initiated_t { /** my id */ identification_t *id; - + /** peer id */ identification_t *peer_id; - + /** list of mediated sas */ linked_list_t *mediated; }; @@ -286,11 +286,11 @@ static void initiated_destroy(initiated_t *this) static initiated_t *initiated_create(identification_t *id, identification_t *peer_id) { initiated_t *this = malloc_thing(initiated_t); - + this->id = id->clone(id); this->peer_id = peer_id->clone(peer_id); this->mediated = linked_list_create(); - + return this; } @@ -303,22 +303,22 @@ typedef struct check_t check_t; struct check_t { /** message id */ u_int32_t mid; - + /** source of the connectivity check */ host_t *src; - + /** destination of the connectivity check */ host_t *dst; - + /** connect id */ chunk_t connect_id; - + /** endpoint */ endpoint_notify_t *endpoint; - + /** raw endpoint payload (to verify the signature) */ chunk_t endpoint_raw; - + /** connect auth */ chunk_t auth; }; @@ -343,16 +343,16 @@ static void check_destroy(check_t *this) static check_t *check_create() { check_t *this = malloc_thing(check_t); - + this->connect_id = chunk_empty; this->auth = chunk_empty; this->endpoint_raw = chunk_empty; this->src = NULL; this->dst = NULL; this->endpoint = NULL; - + this->mid = 0; - + return this; } @@ -364,10 +364,10 @@ typedef struct callback_data_t callback_data_t; struct callback_data_t { /** connect manager */ private_connect_manager_t *connect_manager; - + /** connect id */ chunk_t connect_id; - + /** message (pair) id */ u_int32_t mid; }; @@ -387,7 +387,7 @@ static void callback_data_destroy(callback_data_t *this) static callback_data_t *callback_data_create(private_connect_manager_t *connect_manager, chunk_t connect_id) { - callback_data_t *this = malloc_thing(callback_data_t); + callback_data_t *this = malloc_thing(callback_data_t); this->connect_manager = connect_manager; this->connect_id = chunk_clone(connect_id); this->mid = 0; @@ -413,7 +413,7 @@ typedef struct initiate_data_t initiate_data_t; struct initiate_data_t { /** checklist */ check_list_t *checklist; - + /** waiting mediated connections */ initiated_t *initiated; }; @@ -434,7 +434,7 @@ static void initiate_data_destroy(initiate_data_t *this) static initiate_data_t *initiate_data_create(check_list_t *checklist, initiated_t *initiated) { initiate_data_t *this = malloc_thing(initiate_data_t); - + this->checklist = checklist; this->initiated = initiated; @@ -465,7 +465,7 @@ static void remove_initiated(private_connect_manager_t *this, initiated_t *initi { iterator_t *iterator; initiated_t *current; - + iterator = this->initiated->create_iterator(this->initiated, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { @@ -501,7 +501,7 @@ static void remove_checklist(private_connect_manager_t *this, check_list_t *chec { iterator_t *iterator; check_list_t *current; - + iterator = this->checklists->create_iterator(this->checklists, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { @@ -537,7 +537,7 @@ static void insert_pair_by_priority(linked_list_t *pairs, endpoint_pair_t *pair) iterator_t *iterator; endpoint_pair_t *current; bool inserted = FALSE; - + iterator = pairs->create_iterator(pairs, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { @@ -549,7 +549,7 @@ static void insert_pair_by_priority(linked_list_t *pairs, endpoint_pair_t *pair) } } iterator->destroy(iterator); - + if (!inserted) { pairs->insert_last(pairs, pair); @@ -592,7 +592,7 @@ static bool match_succeeded_pair(endpoint_pair_t *current) } /** - * Returns the best pair of state CHECK_SUCCEEDED from a checklist. + * Returns the best pair of state CHECK_SUCCEEDED from a checklist. */ static status_t get_best_valid_pair(check_list_t *checklist, endpoint_pair_t **pair) { @@ -607,19 +607,19 @@ static bool match_waiting_pair(endpoint_pair_t *current) } /** - * Returns and *removes* the first triggered pair in state CHECK_WAITING. + * Returns and *removes* the first triggered pair in state CHECK_WAITING. */ static status_t get_triggered_pair(check_list_t *checklist, endpoint_pair_t **pair) { iterator_t *iterator; endpoint_pair_t *current; status_t status = NOT_FOUND; - + iterator = checklist->triggered->create_iterator(checklist->triggered, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { iterator->remove(iterator); - + if (current->state == CHECK_WAITING) { if (pair) @@ -631,7 +631,7 @@ static status_t get_triggered_pair(check_list_t *checklist, endpoint_pair_t **pa } } iterator->destroy(iterator); - + return status; } @@ -642,7 +642,7 @@ static void print_checklist(check_list_t *checklist) { iterator_t *iterator; endpoint_pair_t *current; - + DBG1(DBG_IKE, "pairs on checklist %#B:", &checklist->connect_id); iterator = checklist->pairs->create_iterator(checklist->pairs, TRUE); while (iterator->iterate(iterator, (void**)¤t)) @@ -662,20 +662,20 @@ static void prune_pairs(linked_list_t *pairs) iterator_t *iterator, *search; endpoint_pair_t *current, *other; u_int32_t id = 0; - + iterator = pairs->create_iterator(pairs, TRUE); search = pairs->create_iterator(pairs, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { current->id = ++id; - + while (search->iterate(search, (void**)&other)) { if (current == other) { continue; } - + if (current->local->equals(current->local, other->local) && current->remote->equals(current->remote, other->remote)) { @@ -703,7 +703,7 @@ static void build_pairs(check_list_t *checklist) /* FIXME: limit endpoints and pairs */ iterator_t *iterator_i, *iterator_r; endpoint_notify_t *initiator, *responder; - + iterator_i = checklist->initiator.endpoints->create_iterator(checklist->initiator.endpoints, TRUE); while (iterator_i->iterate(iterator_i, (void**)&initiator)) { @@ -714,14 +714,14 @@ static void build_pairs(check_list_t *checklist) { continue; } - + insert_pair_by_priority(checklist->pairs, endpoint_pair_create(initiator, responder, checklist->is_initiator)); } iterator_r->destroy(iterator_r); } iterator_i->destroy(iterator_i); - + print_checklist(checklist); prune_pairs(checklist->pairs); @@ -744,9 +744,9 @@ static status_t process_payloads(message_t *message, check_t *check) "connectivity check", payload_type_names, payload->get_type(payload)); continue; } - + notify_payload_t *notify = (notify_payload_t*)payload; - + switch (notify->get_notify_type(notify)) { case ME_ENDPOINT: @@ -756,7 +756,7 @@ static status_t process_payloads(message_t *message, check_t *check) DBG1(DBG_IKE, "connectivity check contains multiple ME_ENDPOINT notifies"); break; } - + endpoint_notify_t *endpoint = endpoint_notify_create_from_payload(notify); if (!endpoint) { @@ -795,38 +795,38 @@ static status_t process_payloads(message_t *message, check_t *check) } } enumerator->destroy(enumerator); - + if (!check->connect_id.ptr || !check->endpoint || !check->auth.ptr) { DBG1(DBG_IKE, "at least one payload was missing from the connectivity check"); return FAILED; } - + return SUCCESS; } /** * Builds the signature for a connectivity check */ -static chunk_t build_signature(private_connect_manager_t *this, +static chunk_t build_signature(private_connect_manager_t *this, check_list_t *checklist, check_t *check, bool outbound) { u_int32_t mid; chunk_t mid_chunk, key_chunk, sig_chunk; chunk_t sig_hash; - + mid = htonl(check->mid); mid_chunk = chunk_from_thing(mid); - + key_chunk = (checklist->is_initiator && outbound) || (!checklist->is_initiator && !outbound) ? checklist->initiator.key : checklist->responder.key; - + /* signature = SHA1( MID | ME_CONNECTID | ME_ENDPOINT | ME_CONNECTKEY ) */ sig_chunk = chunk_cat("cccc", mid_chunk, check->connect_id, check->endpoint_raw, key_chunk); this->hasher->allocate_hash(this->hasher, sig_chunk, &sig_hash); DBG3(DBG_IKE, "sig_chunk %#B", &sig_chunk); DBG3(DBG_IKE, "sig_hash %#B", &sig_hash); - + chunk_free(&sig_chunk); return sig_hash; } @@ -837,7 +837,7 @@ static void finish_checks(private_connect_manager_t *this, check_list_t *checkli /** * After one of the initiator's pairs has succeeded we finish the checks without - * waiting for all the timeouts + * waiting for all the timeouts */ static job_requeue_t initiator_finish(callback_data_t *data) { @@ -853,11 +853,11 @@ static job_requeue_t initiator_finish(callback_data_t *data) this->mutex->unlock(this->mutex); return JOB_REQUEUE_NONE; } - + finish_checks(this, checklist); - + this->mutex->unlock(this->mutex); - + return JOB_REQUEUE_NONE; } @@ -891,7 +891,7 @@ static void update_checklist_state(private_connect_manager_t *this, check_list_t } } iterator->destroy(iterator); - + if (checklist->is_initiator && succeeded && !checklist->is_finishing) { /* instead of waiting until all checks have finished (i.e. all @@ -899,13 +899,13 @@ static void update_checklist_state(private_connect_manager_t *this, check_list_t * right after the first check has succeeded. to allow a probably * better pair to succeed, we still wait a certain time */ DBG2(DBG_IKE, "fast finishing checks for checklist '%#B'", &checklist->connect_id); - + callback_data_t *data = callback_data_create(this, checklist->connect_id); job_t *job = (job_t*)callback_job_create((callback_job_cb_t)initiator_finish, data, (callback_job_cleanup_t)callback_data_destroy, NULL); charon->scheduler->schedule_job_ms(charon->scheduler, job, ME_WAIT_TO_FINISH); checklist->is_finishing = TRUE; } - + if (in_progress) { checklist->state = CHECK_IN_PROGRESS; @@ -926,7 +926,7 @@ static void update_checklist_state(private_connect_manager_t *this, check_list_t static job_requeue_t retransmit(callback_data_t *data) { private_connect_manager_t *this = data->connect_manager; - + this->mutex->lock(this->mutex); check_list_t *checklist; @@ -937,7 +937,7 @@ static job_requeue_t retransmit(callback_data_t *data) this->mutex->unlock(this->mutex); return JOB_REQUEUE_NONE; } - + endpoint_pair_t *pair; if (get_pair_by_id(checklist, data->mid, &pair) != SUCCESS) { @@ -945,14 +945,14 @@ static job_requeue_t retransmit(callback_data_t *data) data->mid); goto retransmit_end; } - + if (pair->state != CHECK_IN_PROGRESS) { DBG2(DBG_IKE, "pair with id '%d' is in wrong state [%d], don't retransmit the connectivity check", data->mid, pair->state); goto retransmit_end; } - + if (++pair->retransmitted > ME_MAX_RETRANS) { DBG2(DBG_IKE, "pair with id '%d' failed after %d retransmissions", @@ -960,14 +960,14 @@ static job_requeue_t retransmit(callback_data_t *data) pair->state = CHECK_FAILED; goto retransmit_end; } - + charon->sender->send(charon->sender, pair->packet->clone(pair->packet)); - + queue_retransmission(this, checklist, pair); retransmit_end: update_checklist_state(this, checklist); - + switch(checklist->state) { case CHECK_SUCCEEDED: @@ -977,9 +977,9 @@ retransmit_end: default: break; } - + this->mutex->unlock(this->mutex); - + /* we reschedule it manually */ return JOB_REQUEUE_NONE; } @@ -991,7 +991,7 @@ static void queue_retransmission(private_connect_manager_t *this, check_list_t * { callback_data_t *data = retransmit_data_create(this, checklist->connect_id, pair->id); job_t *job = (job_t*)callback_job_create((callback_job_cb_t)retransmit, data, (callback_job_cleanup_t)callback_data_destroy, NULL); - + u_int32_t retransmission = pair->retransmitted + 1; u_int32_t rto = ME_INTERVAL; if (retransmission > ME_BOOST) @@ -999,7 +999,7 @@ static void queue_retransmission(private_connect_manager_t *this, check_list_t * rto = (u_int32_t)(ME_INTERVAL * pow(ME_RETRANS_BASE, retransmission - ME_BOOST)); } DBG2(DBG_IKE, "scheduling retransmission %d of pair '%d' in %dms", retransmission, pair->id, rto); - + charon->scheduler->schedule_job_ms(charon->scheduler, (job_t*)job, rto); } @@ -1015,28 +1015,28 @@ static void send_check(private_connect_manager_t *this, check_list_t *checklist, message->set_request(message, request); message->set_destination(message, check->dst->clone(check->dst)); message->set_source(message, check->src->clone(check->src)); - + ike_sa_id_t *ike_sa_id = ike_sa_id_create(0, 0, request); message->set_ike_sa_id(message, ike_sa_id); ike_sa_id->destroy(ike_sa_id); message->add_notify(message, FALSE, ME_CONNECTID, check->connect_id); DBG2(DBG_IKE, "send ME_CONNECTID %#B", &check->connect_id); - + notify_payload_t *endpoint = check->endpoint->build_notify(check->endpoint); check->endpoint_raw = chunk_clone(endpoint->get_notification_data(endpoint)); message->add_payload(message, (payload_t*)endpoint); DBG2(DBG_IKE, "send ME_ENDPOINT notify"); - + check->auth = build_signature(this, checklist, check, TRUE); message->add_notify(message, FALSE, ME_CONNECTAUTH, check->auth); DBG2(DBG_IKE, "send ME_CONNECTAUTH %#B", &check->auth); - + packet_t *packet; if (message->generate(message, NULL, NULL, &packet) == SUCCESS) { charon->sender->send(charon->sender, packet->clone(packet)); - + if (request) { DESTROY_IF(pair->packet); @@ -1055,13 +1055,13 @@ static void send_check(private_connect_manager_t *this, check_list_t *checklist, /** * Queues a triggered check */ -static void queue_triggered_check(private_connect_manager_t *this, +static void queue_triggered_check(private_connect_manager_t *this, check_list_t *checklist, endpoint_pair_t *pair) { DBG2(DBG_IKE, "queueing triggered check for pair '%d'", pair->id); pair->state = CHECK_WAITING; checklist->triggered->insert_last(checklist->triggered, pair); - + if (!checklist->sender) { /* if the sender is not running we restart it */ @@ -1077,7 +1077,7 @@ static job_requeue_t sender(callback_data_t *data) private_connect_manager_t *this = data->connect_manager; this->mutex->lock(this->mutex); - + check_list_t *checklist; if (get_checklist_by_id(this, data->connect_id, &checklist) != SUCCESS) { @@ -1086,15 +1086,15 @@ static job_requeue_t sender(callback_data_t *data) this->mutex->unlock(this->mutex); return JOB_REQUEUE_NONE; } - + /* reset the sender */ checklist->sender = NULL; - + endpoint_pair_t *pair; if (get_triggered_pair(checklist, &pair) != SUCCESS) { DBG1(DBG_IKE, "no triggered check queued, sending an ordinary check"); - + if (checklist->pairs->find_first(checklist->pairs, (linked_list_match_t)match_waiting_pair, (void**)&pair) != SUCCESS) { @@ -1114,18 +1114,18 @@ static job_requeue_t sender(callback_data_t *data) check->dst = pair->remote->clone(pair->remote); check->connect_id = chunk_clone(checklist->connect_id); check->endpoint = endpoint_notify_create(); - + pair->state = CHECK_IN_PROGRESS; - + send_check(this, checklist, check, pair, TRUE); - + check_destroy(check); - + /* schedule this job again */ schedule_checks(this, checklist, ME_INTERVAL); - + this->mutex->unlock(this->mutex); - + /* we reschedule it manually */ return JOB_REQUEUE_NONE; } @@ -1147,7 +1147,7 @@ static job_requeue_t initiate_mediated(initiate_data_t *data) { check_list_t *checklist = data->checklist; initiated_t *initiated = data->initiated; - + endpoint_pair_t *pair; if (get_best_valid_pair(checklist, &pair) == SUCCESS) { @@ -1169,7 +1169,7 @@ static job_requeue_t initiate_mediated(initiate_data_t *data) { /* this should (can?) not happen */ } - + return JOB_REQUEUE_NONE; } @@ -1186,7 +1186,7 @@ static void finish_checks(private_connect_manager_t *this, check_list_t *checkli { remove_checklist(this, checklist); remove_initiated(this, initiated); - + initiate_data_t *data = initiate_data_create(checklist, initiated); job_t *job = (job_t*)callback_job_create((callback_job_cb_t)initiate_mediated, data, (callback_job_cleanup_t)initiate_data_destroy, NULL); charon->processor->queue_job(charon->processor, job); @@ -1216,10 +1216,10 @@ static void process_response(private_connect_manager_t *this, check_t *check, pair->local, pair->remote); pair->state = CHECK_SUCCEEDED; } - + linked_list_t *local_endpoints = checklist->is_initiator ? checklist->initiator.endpoints : checklist->responder.endpoints; - + endpoint_notify_t *local_endpoint; if (endpoints_contain(local_endpoints, check->endpoint->get_host(check->endpoint), &local_endpoint) != SUCCESS) @@ -1229,9 +1229,9 @@ static void process_response(private_connect_manager_t *this, check_t *check, local_endpoint->set_priority(local_endpoint, check->endpoint->get_priority(check->endpoint)); local_endpoints->insert_last(local_endpoints, local_endpoint); } - + update_checklist_state(this, checklist); - + switch(checklist->state) { case CHECK_SUCCEEDED: @@ -1253,17 +1253,17 @@ static void process_request(private_connect_manager_t *this, check_t *check, { linked_list_t *remote_endpoints = checklist->is_initiator ? checklist->responder.endpoints : checklist->initiator.endpoints; - + endpoint_notify_t *peer_reflexive, *remote_endpoint; peer_reflexive = endpoint_notify_create_from_host(PEER_REFLEXIVE, check->src, NULL); peer_reflexive->set_priority(peer_reflexive, check->endpoint->get_priority(check->endpoint)); - + if (endpoints_contain(remote_endpoints, check->src, &remote_endpoint) != SUCCESS) { remote_endpoint = peer_reflexive->clone(peer_reflexive); remote_endpoints->insert_last(remote_endpoints, remote_endpoint); } - + endpoint_pair_t *pair; if (get_pair_by_hosts(checklist->pairs, check->dst, check->src, &pair) == SUCCESS) { @@ -1286,31 +1286,31 @@ static void process_request(private_connect_manager_t *this, check_t *check, else { endpoint_notify_t *local_endpoint = endpoint_notify_create_from_host(HOST, check->dst, NULL); - + endpoint_notify_t *initiator = checklist->is_initiator ? local_endpoint : remote_endpoint; endpoint_notify_t *responder = checklist->is_initiator ? remote_endpoint : local_endpoint; - + pair = endpoint_pair_create(initiator, responder, checklist->is_initiator); pair->id = checklist->pairs->get_count(checklist->pairs) + 1; - + insert_pair_by_priority(checklist->pairs, pair); - + queue_triggered_check(this, checklist, pair); - + local_endpoint->destroy(local_endpoint); } - - + + check_t *response = check_create(); - + response->mid = check->mid; response->src = check->dst->clone(check->dst); response->dst = check->src->clone(check->src); response->connect_id = chunk_clone(check->connect_id); response->endpoint = peer_reflexive; - + send_check(this, checklist, response, pair, FALSE); - + check_destroy(response); } @@ -1327,14 +1327,14 @@ static void process_check(private_connect_manager_t *this, message_t *message) message->get_message_id(message)); return; } - + check_t *check = check_create(); check->mid = message->get_message_id(message); check->src = message->get_source(message); check->src = check->src->clone(check->src); check->dst = message->get_destination(message); check->dst = check->dst->clone(check->dst); - + if (process_payloads(message, check) != SUCCESS) { DBG1(DBG_IKE, "invalid connectivity check %s received", @@ -1342,9 +1342,9 @@ static void process_check(private_connect_manager_t *this, message_t *message) check_destroy(check); return; } - + this->mutex->lock(this->mutex); - + check_list_t *checklist; if (get_checklist_by_id(this, check->connect_id, &checklist) != SUCCESS) { @@ -1354,8 +1354,8 @@ static void process_check(private_connect_manager_t *this, message_t *message) this->mutex->unlock(this->mutex); return; } - - chunk_t sig = build_signature(this, checklist, check, FALSE); + + chunk_t sig = build_signature(this, checklist, check, FALSE); if (!chunk_equals(sig, check->auth)) { DBG1(DBG_IKE, "connectivity check verification failed"); @@ -1365,7 +1365,7 @@ static void process_check(private_connect_manager_t *this, message_t *message) return; } chunk_free(&sig); - + if (message->get_request(message)) { process_request(this, check, checklist); @@ -1374,9 +1374,9 @@ static void process_check(private_connect_manager_t *this, message_t *message) { process_response(this, check, checklist); } - + this->mutex->unlock(this->mutex); - + check_destroy(check); } @@ -1399,8 +1399,8 @@ static bool check_and_register(private_connect_manager_t *this, this->initiated->insert_last(this->initiated, initiated); already_there = FALSE; } - - if (initiated->mediated->find_first(initiated->mediated, + + if (initiated->mediated->find_first(initiated->mediated, (linked_list_match_t)mediated_sa->equals, NULL, mediated_sa) != SUCCESS) { initiated->mediated->insert_last(initiated->mediated, mediated_sa->clone(mediated_sa)); @@ -1427,7 +1427,7 @@ static void check_and_initiate(private_connect_manager_t *this, ike_sa_id_t *med this->mutex->unlock(this->mutex); return; } - + ike_sa_id_t *waiting_sa; iterator_t *iterator = initiated->mediated->create_iterator(initiated->mediated, TRUE); while (iterator->iterate(iterator, (void**)&waiting_sa)) @@ -1448,9 +1448,9 @@ static status_t set_initiator_data(private_connect_manager_t *this, chunk_t connect_id, chunk_t key, linked_list_t *endpoints, bool is_initiator) { check_list_t *checklist; - - this->mutex->lock(this->mutex); - + + this->mutex->lock(this->mutex); + if (get_checklist_by_id(this, connect_id, NULL) == SUCCESS) { DBG1(DBG_IKE, "checklist with id '%#B' already exists, aborting", @@ -1458,12 +1458,12 @@ static status_t set_initiator_data(private_connect_manager_t *this, this->mutex->unlock(this->mutex); return FAILED; } - + checklist = check_list_create(initiator, responder, connect_id, key, endpoints, is_initiator); this->checklists->insert_last(this->checklists, checklist); - + this->mutex->unlock(this->mutex); - + return SUCCESS; } @@ -1476,7 +1476,7 @@ static status_t set_responder_data(private_connect_manager_t *this, check_list_t *checklist; this->mutex->lock(this->mutex); - + if (get_checklist_by_id(this, connect_id, &checklist) != SUCCESS) { DBG1(DBG_IKE, "checklist with id '%#B' not found", @@ -1484,18 +1484,18 @@ static status_t set_responder_data(private_connect_manager_t *this, this->mutex->unlock(this->mutex); return NOT_FOUND; } - + checklist->responder.key = chunk_clone(key); checklist->responder.endpoints = endpoints->clone_offset(endpoints, offsetof(endpoint_notify_t, clone)); checklist->state = CHECK_WAITING; - + build_pairs(checklist); - + /* send the first check immediately */ schedule_checks(this, checklist, 0); - + this->mutex->unlock(this->mutex); - + return SUCCESS; } @@ -1507,7 +1507,7 @@ static status_t stop_checks(private_connect_manager_t *this, chunk_t connect_id) check_list_t *checklist; this->mutex->lock(this->mutex); - + if (get_checklist_by_id(this, connect_id, &checklist) != SUCCESS) { DBG1(DBG_IKE, "checklist with id '%#B' not found", @@ -1515,14 +1515,14 @@ static status_t stop_checks(private_connect_manager_t *this, chunk_t connect_id) this->mutex->unlock(this->mutex); return NOT_FOUND; } - + DBG1(DBG_IKE, "removing checklist with id '%#B'", &connect_id); - + remove_checklist(this, checklist); check_list_destroy(checklist); - + this->mutex->unlock(this->mutex); - + return SUCCESS; } @@ -1532,12 +1532,12 @@ static status_t stop_checks(private_connect_manager_t *this, chunk_t connect_id) static void destroy(private_connect_manager_t *this) { this->mutex->lock(this->mutex); - + this->hasher->destroy(this->hasher); this->checklists->destroy_function(this->checklists, (void*)check_list_destroy); this->initiated->destroy_function(this->initiated, (void*)initiated_destroy); - - this->mutex->unlock(this->mutex); + + this->mutex->unlock(this->mutex); this->mutex->destroy(this->mutex); free(this); } @@ -1556,7 +1556,7 @@ connect_manager_t *connect_manager_create() this->public.set_responder_data = (status_t(*)(connect_manager_t*,chunk_t,chunk_t,linked_list_t*))set_responder_data; this->public.process_check = (void(*)(connect_manager_t*,message_t*))process_check; this->public.stop_checks = (status_t(*)(connect_manager_t*,chunk_t))stop_checks; - + this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (this->hasher == NULL) { @@ -1564,11 +1564,11 @@ connect_manager_t *connect_manager_create() free(this); return NULL; } - + this->checklists = linked_list_create(); this->initiated = linked_list_create(); - + this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - + return (connect_manager_t*)this; } diff --git a/src/charon/sa/connect_manager.h b/src/charon/sa/connect_manager.h index b5abc853c..d21b5af28 100644 --- a/src/charon/sa/connect_manager.h +++ b/src/charon/sa/connect_manager.h @@ -32,34 +32,34 @@ typedef struct connect_manager_t connect_manager_t; * connection with another peer. */ struct connect_manager_t { - + /** * Checks if a there is already a mediated connection registered * between two peers. - * + * * @param id my id * @param peer_id the other peer's id * @param mediated_sa the IKE_SA ID of the mediated connection - * @returns + * @returns * - TRUE, if there was already a mediated connection registered * - FALSE, otherwise */ bool (*check_and_register) (connect_manager_t *this, identification_t *id, identification_t *peer_id, ike_sa_id_t *mediated_sa); - + /** * Checks if there are waiting connections with a specific peer. * If so, reinitiate them. - * + * * @param id my id * @param peer_id the other peer's id */ void (*check_and_initiate) (connect_manager_t *this, ike_sa_id_t *mediation_sa, identification_t *id, identification_t *peer_id); - + /** * Creates a checklist and sets the initiator's data. - * + * * @param initiator ID of the initiator * @param responder ID of the responder * @param connect_id the connect ID provided by the initiator @@ -72,39 +72,39 @@ struct connect_manager_t { status_t (*set_initiator_data) (connect_manager_t *this, identification_t *initiator, identification_t *responder, chunk_t connect_id, chunk_t key, linked_list_t *endpoints, bool is_initiator); - + /** * Updates a checklist and sets the responder's data. The checklist's * state is advanced to WAITING which means that checks will be sent. - * + * * @param connect_id the connect ID * @param chunk_t the responder's key - * @param endpoints the responder's endpoints - * @returns + * @param endpoints the responder's endpoints + * @returns * - NOT_FOUND, if the checklist has not been found * - SUCCESS, otherwise */ status_t (*set_responder_data) (connect_manager_t *this, chunk_t connect_id, chunk_t key, linked_list_t *endpoints); - + /** * Stops checks for a checklist. Used after the responder received an IKE_SA_INIT * request which contains a ME_CONNECTID payload. - * + * * @param connect_id the connect ID * @returns * - NOT_FOUND, if the checklist has not been found * - SUCCESS, otherwise */ status_t (*stop_checks) (connect_manager_t *this, chunk_t connect_id); - + /** * Processes a connectivity check - * + * * @param message the received message */ void (*process_check) (connect_manager_t *this, message_t *message); - + /** * Destroys the manager with all data. */ @@ -113,7 +113,7 @@ struct connect_manager_t { /** * Create a manager. - * + * * @returns connect_manager_t object */ connect_manager_t *connect_manager_create(void); diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c index e54a331d2..157031dbe 100644 --- a/src/charon/sa/ike_sa.c +++ b/src/charon/sa/ike_sa.c @@ -71,169 +71,169 @@ typedef struct attribute_entry_t attribute_entry_t; * Private data of an ike_sa_t object. */ struct private_ike_sa_t { - + /** * Public members */ ike_sa_t public; - + /** * Identifier for the current IKE_SA. */ ike_sa_id_t *ike_sa_id; - + /** * unique numerical ID for this IKE_SA. */ u_int32_t unique_id; - + /** * Current state of the IKE_SA */ ike_sa_state_t state; - + /** * IKE configuration used to set up this IKE_SA */ ike_cfg_t *ike_cfg; - + /** * Peer and authentication information to establish IKE_SA. */ peer_cfg_t *peer_cfg; - + /** * currently used authentication ruleset, local (as auth_cfg_t) */ auth_cfg_t *my_auth; - + /** * currently used authentication constraints, remote (as auth_cfg_t) */ auth_cfg_t *other_auth; - + /** * Selected IKE proposal */ proposal_t *proposal; - + /** * Juggles tasks to process messages */ task_manager_t *task_manager; - + /** * Address of local host */ host_t *my_host; - + /** * Address of remote host */ host_t *other_host; - + #ifdef ME /** * Are we mediation server */ bool is_mediation_server; - + /** * Server reflexive host */ host_t *server_reflexive_host; - + /** * Connect ID */ chunk_t connect_id; #endif /* ME */ - + /** * Identification used for us */ identification_t *my_id; - + /** * Identification used for other */ identification_t *other_id; - + /** * EAP Identity exchange in EAP-Identity method */ identification_t *eap_identity;; - + /** * set of extensions the peer supports */ ike_extension_t extensions; - + /** * set of condition flags currently enabled for this IKE_SA */ ike_condition_t conditions; - + /** * Linked List containing the child sa's of the current IKE_SA. */ linked_list_t *child_sas; - + /** * keymat of this IKE_SA */ keymat_t *keymat; - + /** * Virtual IP on local host, if any */ host_t *my_virtual_ip; - + /** * Virtual IP on remote host, if any */ host_t *other_virtual_ip; - + /** * List of configuration attributes (attribute_entry_t) */ linked_list_t *attributes; - + /** * list of peers additional addresses, transmitted via MOBIKE */ linked_list_t *additional_addresses; - + /** * previously value of received DESTINATION_IP hash */ chunk_t nat_detection_dest; - + /** * number pending UPDATE_SA_ADDRESS (MOBIKE) */ u_int32_t pending_updates; - + /** * NAT keep alive interval */ u_int32_t keepalive_interval; - + /** * Timestamps for this IKE_SA */ u_int32_t stats[STAT_MAX]; - + /** * how many times we have retried so far (keyingtries) */ u_int32_t keyingtry; - + /** * local host address to be used for IKE, set via MIGRATE kernel message */ host_t *local_host; - + /** * remote host address to be used for IKE, set via MIGRATE kernel message */ @@ -260,7 +260,7 @@ static time_t get_use_time(private_ike_sa_t* this, bool inbound) enumerator_t *enumerator; child_sa_t *child_sa; time_t use_time, current; - + if (inbound) { use_time = this->stats[STAT_INBOUND]; @@ -276,7 +276,7 @@ static time_t get_use_time(private_ike_sa_t* this, bool inbound) use_time = max(use_time, current); } enumerator->destroy(enumerator); - + return use_time; } @@ -362,7 +362,7 @@ static void set_peer_cfg(private_ike_sa_t *this, peer_cfg_t *peer_cfg) DESTROY_IF(this->peer_cfg); peer_cfg->get_ref(peer_cfg); this->peer_cfg = peer_cfg; - + if (this->ike_cfg == NULL) { this->ike_cfg = peer_cfg->get_ike_cfg(peer_cfg); @@ -421,22 +421,22 @@ static void send_keepalive(private_ike_sa_t *this) { send_keepalive_job_t *job; time_t last_out, now, diff; - + if (!(this->conditions & COND_NAT_HERE) || this->keepalive_interval == 0) { /* disable keep alives if we are not NATed anymore */ return; } - + last_out = get_use_time(this, FALSE); now = time_monotonic(NULL); - + diff = now - last_out; - + if (diff >= this->keepalive_interval) { packet_t *packet; chunk_t data; - + packet = packet_create(); packet->set_source(packet, this->my_host->clone(this->my_host)); packet->set_destination(packet, this->other_host->clone(this->other_host)); @@ -551,15 +551,15 @@ static status_t send_dpd(private_ike_sa_t *this) { job_t *job; time_t diff, delay; - + delay = this->peer_cfg->get_dpd(this->peer_cfg); - + if (delay == 0) { /* DPD disabled */ return SUCCESS; } - + if (this->task_manager->busy(this->task_manager)) { /* an exchange is in the air, no need to start a DPD check */ @@ -577,7 +577,7 @@ static status_t send_dpd(private_ike_sa_t *this) /* to long ago, initiate dead peer detection */ task_t *task; ike_mobike_t *mobike; - + if (supports_extension(this, EXT_MOBIKE) && has_condition(this, COND_NAT_HERE)) { @@ -592,7 +592,7 @@ static status_t send_dpd(private_ike_sa_t *this) } diff = 0; DBG1(DBG_IKE, "sending DPD request"); - + this->task_manager->queue_task(this->task_manager, task); this->task_manager->initiate(this->task_manager); } @@ -620,7 +620,7 @@ static void set_state(private_ike_sa_t *this, ike_sa_state_t state) get_name(this), this->unique_id, ike_sa_state_names, this->state, ike_sa_state_names, state); - + switch (state) { case IKE_ESTABLISHED: @@ -630,10 +630,10 @@ static void set_state(private_ike_sa_t *this, ike_sa_state_t state) { job_t *job; u_int32_t t; - + /* calculate rekey, reauth and lifetime */ this->stats[STAT_ESTABLISHED] = time_monotonic(NULL); - + /* schedule rekeying if we have a time which is smaller than * an already scheduled rekeying */ t = this->peer_cfg->get_rekey_time(this->peer_cfg); @@ -676,7 +676,7 @@ static void set_state(private_ike_sa_t *this, ike_sa_state_t state) charon->scheduler->schedule_job(charon->scheduler, job, t); DBG1(DBG_IKE, "maximum IKE_SA lifetime %ds", t); } - + /* start DPD checks */ send_dpd(this); } @@ -707,9 +707,9 @@ static void reset(private_ike_sa_t *this) { this->ike_sa_id->set_responder_spi(this->ike_sa_id, 0); } - + set_state(this, IKE_CREATED); - + this->task_manager->reset(this->task_manager, 0, 0); } @@ -776,7 +776,7 @@ static void add_additional_address(private_ike_sa_t *this, host_t *host) { this->additional_addresses->insert_last(this->additional_addresses, host); } - + /** * Implementation of ike_sa_t.create_additional_address_iterator. */ @@ -827,7 +827,7 @@ static u_int32_t get_pending_updates(private_ike_sa_t *this) static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other) { bool update = FALSE; - + if (me == NULL) { me = this->my_host; @@ -836,7 +836,7 @@ static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other) { other = this->other_host; } - + /* apply hosts on first received message */ if (this->my_host->is_anyaddr(this->my_host) || this->other_host->is_anyaddr(this->other_host)) @@ -853,7 +853,7 @@ static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other) set_my_host(this, me->clone(me)); update = TRUE; } - + if (!other->equals(other, this->other_host)) { /* update others adress if we are NOT NATed, @@ -866,13 +866,13 @@ static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other) } } } - + /* update all associated CHILD_SAs, if required */ if (update) { iterator_t *iterator; child_sa_t *child_sa; - + iterator = this->child_sas->create_iterator(this->child_sas, TRUE); while (iterator->iterate(iterator, (void**)&child_sa)) { @@ -910,7 +910,7 @@ static void send_notify_response(private_ike_sa_t *this, message_t *request, { message_t *response; packet_t *packet; - + response = message_create(); response->set_exchange_type(response, request->get_exchange_type(request)); response->set_request(response, FALSE); @@ -1052,7 +1052,7 @@ static status_t initiate_mediated(private_ike_sa_t *this, host_t *me, static void resolve_hosts(private_ike_sa_t *this) { host_t *host; - + if (this->remote_host) { host = this->remote_host->clone(this->remote_host); @@ -1067,7 +1067,7 @@ static void resolve_hosts(private_ike_sa_t *this) { set_other_host(this, host); } - + if (this->local_host) { host = this->local_host->clone(this->local_host); @@ -1078,7 +1078,7 @@ static void resolve_hosts(private_ike_sa_t *this) host = host_create_from_dns(this->ike_cfg->get_my_addr(this->ike_cfg), this->my_host->get_family(this->my_host), IKEV2_UDP_PORT); - + if (host && host->is_anyaddr(host) && !this->other_host->is_anyaddr(this->other_host)) { @@ -1111,11 +1111,11 @@ static status_t initiate(private_ike_sa_t *this, traffic_selector_t *tsi, traffic_selector_t *tsr) { task_t *task; - + if (this->state == IKE_CREATED) { resolve_hosts(this); - + if (this->other_host->is_anyaddr(this->other_host) #ifdef ME && !this->peer_cfg->get_mediated_by(this->peer_cfg) @@ -1126,9 +1126,9 @@ static status_t initiate(private_ike_sa_t *this, DBG1(DBG_IKE, "unable to initiate to %%any"); return DESTROY_ME; } - + set_condition(this, COND_ORIGINAL_INITIATOR, TRUE); - + task = (task_t*)ike_init_create(&this->public, TRUE, NULL); this->task_manager->queue_task(this->task_manager, task); task = (task_t*)ike_natd_create(&this->public, TRUE); @@ -1190,7 +1190,7 @@ static status_t initiate(private_ike_sa_t *this, } #endif /* ME */ } - + return this->task_manager->initiate(this->task_manager); } @@ -1201,20 +1201,20 @@ static status_t process_message(private_ike_sa_t *this, message_t *message) { status_t status; bool is_request; - + if (this->state == IKE_PASSIVE) { /* do not handle messages in passive state */ return FAILED; } - + is_request = message->get_request(message); - + status = message->parse_body(message, this->keymat->get_crypter(this->keymat, TRUE), this->keymat->get_signer(this->keymat, TRUE)); if (status != SUCCESS) { - + if (is_request) { switch (status) @@ -1258,7 +1258,7 @@ static status_t process_message(private_ike_sa_t *this, message_t *message) exchange_type_names, message->get_exchange_type(message), message->get_request(message) ? "request" : "response", message->get_message_id(message)); - + if (this->state == IKE_CREATED) { /* invalid initiation attempt, close SA */ return DESTROY_ME; @@ -1268,10 +1268,10 @@ static status_t process_message(private_ike_sa_t *this, message_t *message) else { host_t *me, *other; - + me = message->get_destination(message); other = message->get_source(message); - + /* if this IKE_SA is virgin, we check for a config */ if (this->ike_cfg == NULL) { @@ -1380,7 +1380,7 @@ static child_sa_t* get_child_sa(private_ike_sa_t *this, protocol_id_t protocol, { iterator_t *iterator; child_sa_t *current, *found = NULL; - + iterator = this->child_sas->create_iterator(this->child_sas, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { @@ -1409,7 +1409,7 @@ static status_t rekey_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi) { child_rekey_t *child_rekey; - + child_rekey = child_rekey_create(&this->public, protocol, spi); this->task_manager->queue_task(this->task_manager, &child_rekey->task); return this->task_manager->initiate(this->task_manager); @@ -1422,7 +1422,7 @@ static status_t delete_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi) { child_delete_t *child_delete; - + child_delete = child_delete_create(&this->public, protocol, spi); this->task_manager->queue_task(this->task_manager, &child_delete->task); return this->task_manager->initiate(this->task_manager); @@ -1437,7 +1437,7 @@ static status_t destroy_child_sa(private_ike_sa_t *this, protocol_id_t protocol, iterator_t *iterator; child_sa_t *child_sa; status_t status = NOT_FOUND; - + iterator = this->child_sas->create_iterator(this->child_sas, TRUE); while (iterator->iterate(iterator, (void**)&child_sa)) { @@ -1487,9 +1487,9 @@ static status_t delete_(private_ike_sa_t *this) static status_t rekey(private_ike_sa_t *this) { ike_rekey_t *ike_rekey; - + ike_rekey = ike_rekey_create(&this->public, TRUE); - + this->task_manager->queue_task(this->task_manager, &ike_rekey->task); return this->task_manager->initiate(this->task_manager); } @@ -1516,7 +1516,7 @@ static status_t reauth(private_ike_sa_t *this) ) { time_t now = time_monotonic(NULL); - + DBG1(DBG_IKE, "IKE_SA will timeout in %V", &now, &this->stats[STAT_DELETE]); return FAILED; @@ -1545,7 +1545,7 @@ static status_t reestablish(private_ike_sa_t *this) child_cfg_t *child_cfg; bool required = FALSE; status_t status = FAILED; - + /* check if we have children to keep up at all */ iterator = create_child_sa_iterator(this); while (iterator->iterate(iterator, (void**)&child_sa)) @@ -1580,7 +1580,7 @@ static status_t reestablish(private_ike_sa_t *this) { return FAILED; } - + /* check if we are able to reestablish this IKE_SA */ if (!has_condition(this, COND_ORIGINAL_INITIATOR) && (this->other_virtual_ip != NULL || @@ -1593,7 +1593,7 @@ static status_t reestablish(private_ike_sa_t *this) DBG1(DBG_IKE, "unable to reestablish IKE_SA due asymetric setup"); return FAILED; } - + new = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, TRUE); new->set_peer_cfg(new, this->peer_cfg); host = this->other_host; @@ -1606,7 +1606,7 @@ static status_t reestablish(private_ike_sa_t *this) { new->set_virtual_ip(new, TRUE, host); } - + #ifdef ME if (this->peer_cfg->is_mediation(this->peer_cfg)) { @@ -1649,7 +1649,7 @@ static status_t reestablish(private_ike_sa_t *this) } iterator->destroy(iterator); } - + if (status == DESTROY_ME) { charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, new); @@ -1745,7 +1745,7 @@ static status_t roam(private_ike_sa_t *this, bool address) { host_t *src; ike_mobike_t *mobike; - + switch (this->state) { case IKE_CREATED: @@ -1768,7 +1768,7 @@ static status_t roam(private_ike_sa_t *this, bool address) } return SUCCESS; } - + /* keep existing path if possible */ src = charon->kernel_interface->get_source_addr(charon->kernel_interface, this->other_host, this->my_host); @@ -1783,14 +1783,14 @@ static status_t roam(private_ike_sa_t *this, bool address) return SUCCESS; } src->destroy(src); - + } else { /* check if we find a route at all */ enumerator_t *enumerator; host_t *addr; - + src = charon->kernel_interface->get_source_addr(charon->kernel_interface, this->other_host, NULL); if (!src) @@ -1819,7 +1819,7 @@ static status_t roam(private_ike_sa_t *this, bool address) src->destroy(src); } set_condition(this, COND_STALE, FALSE); - + /* update addresses with mobike, if supported ... */ if (supports_extension(this, EXT_MOBIKE)) { @@ -1842,7 +1842,7 @@ static void add_configuration_attribute(private_ike_sa_t *this, { attribute_entry_t *entry; attribute_handler_t *handler; - + handler = charon->attributes->handle(charon->attributes, &this->public, type, data); if (handler) @@ -1851,7 +1851,7 @@ static void add_configuration_attribute(private_ike_sa_t *this, entry->handler = handler; entry->type = type; entry->data = chunk_clone(data); - + this->attributes->insert_last(this->attributes, entry); } } @@ -1863,7 +1863,7 @@ static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other) { child_sa_t *child_sa; attribute_entry_t *entry; - + /* apply hosts and ids */ this->my_host->destroy(this->my_host); this->other_host->destroy(this->other_host); @@ -1873,7 +1873,7 @@ static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other) this->other_host = other->other_host->clone(other->other_host); this->my_id = other->my_id->clone(other->my_id); this->other_id = other->other_id->clone(other->other_id); - + /* apply virtual assigned IPs... */ if (other->my_virtual_ip) { @@ -1885,7 +1885,7 @@ static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other) this->other_virtual_ip = other->other_virtual_ip; other->other_virtual_ip = NULL; } - + /* ... and configuration attributes */ while (other->attributes->remove_last(other->attributes, (void**)&entry) == SUCCESS) @@ -1899,7 +1899,7 @@ static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other) { send_keepalive(this); } - + #ifdef ME if (other->is_mediation_server) { @@ -1918,15 +1918,15 @@ static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other) { this->child_sas->insert_first(this->child_sas, (void*)child_sa); } - + /* move pending tasks to the new IKE_SA */ this->task_manager->adopt_tasks(this->task_manager, other->task_manager); - + /* reauthentication timeout survives a rekeying */ if (other->stats[STAT_REAUTH]) { time_t reauth, delete, now = time_monotonic(NULL); - + this->stats[STAT_REAUTH] = other->stats[STAT_REAUTH]; reauth = this->stats[STAT_REAUTH] - now; delete = reauth + this->peer_cfg->get_over_time(this->peer_cfg); @@ -1948,11 +1948,11 @@ static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other) static void destroy(private_ike_sa_t *this) { attribute_entry_t *entry; - + charon->bus->set_sa(charon->bus, &this->public); - + set_state(this, IKE_DESTROYING); - + /* remove attributes first, as we pass the IKE_SA to the handler */ while (this->attributes->remove_last(this->attributes, (void**)&entry) == SUCCESS) @@ -1963,15 +1963,15 @@ static void destroy(private_ike_sa_t *this) free(entry); } this->attributes->destroy(this->attributes); - + this->child_sas->destroy_offset(this->child_sas, offsetof(child_sa_t, destroy)); - + /* unset SA after here to avoid usage by the listeners */ charon->bus->set_sa(charon->bus, NULL); - + this->task_manager->destroy(this->task_manager); this->keymat->destroy(this->keymat); - + if (this->my_virtual_ip) { charon->kernel_interface->del_ip(charon->kernel_interface, @@ -2000,7 +2000,7 @@ static void destroy(private_ike_sa_t *this) chunk_free(&this->connect_id); #endif /* ME */ free(this->nat_detection_dest.ptr); - + DESTROY_IF(this->my_host); DESTROY_IF(this->other_host); DESTROY_IF(this->my_id); @@ -2008,13 +2008,13 @@ static void destroy(private_ike_sa_t *this) DESTROY_IF(this->local_host); DESTROY_IF(this->remote_host); DESTROY_IF(this->eap_identity); - + DESTROY_IF(this->ike_cfg); DESTROY_IF(this->peer_cfg); DESTROY_IF(this->proposal); this->my_auth->destroy(this->my_auth); this->other_auth->destroy(this->other_auth); - + this->ike_sa_id->destroy(this->ike_sa_id); free(this); } @@ -2026,7 +2026,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) { private_ike_sa_t *this = malloc_thing(private_ike_sa_t); static u_int32_t unique_id = 0; - + /* Public functions */ this->public.get_state = (ike_sa_state_t (*)(ike_sa_t*)) get_state; this->public.set_state = (void (*)(ike_sa_t*,ike_sa_state_t)) set_state; @@ -2099,7 +2099,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->public.callback = (status_t (*)(ike_sa_t*,identification_t*)) callback; this->public.respond = (status_t (*)(ike_sa_t*,identification_t*,chunk_t)) respond; #endif /* ME */ - + /* initialize private fields */ this->ike_sa_id = ike_sa_id->clone(ike_sa_id); this->child_sas = linked_list_create(); @@ -2138,6 +2138,6 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->server_reflexive_host = NULL; this->connect_id = chunk_empty; #endif /* ME */ - + return &this->public; } diff --git a/src/charon/sa/ike_sa.h b/src/charon/sa/ike_sa.h index 1f216fd71..525e80b0a 100644 --- a/src/charon/sa/ike_sa.h +++ b/src/charon/sa/ike_sa.h @@ -66,7 +66,7 @@ typedef struct ike_sa_t ike_sa_t; * Extensions (or optional features) the peer supports */ enum ike_extension_t { - + /** * peer supports NAT traversal as specified in RFC4306 */ @@ -76,12 +76,12 @@ enum ike_extension_t { * peer supports MOBIKE (RFC4555) */ EXT_MOBIKE = (1<<1), - + /** * peer supports HTTP cert lookups as specified in RFC4306 */ EXT_HASH_AND_URL = (1<<2), - + /** * peer supports multiple authentication exchanges, RFC4739 */ @@ -92,42 +92,42 @@ enum ike_extension_t { * Conditions of an IKE_SA, change during its lifetime */ enum ike_condition_t { - + /** * Connection is natted (or faked) somewhere */ COND_NAT_ANY = (1<<0), - + /** * we are behind NAT */ COND_NAT_HERE = (1<<1), - + /** * other is behind NAT */ COND_NAT_THERE = (1<<2), - + /** * Faking NAT to enforce UDP encapsulation */ COND_NAT_FAKE = (1<<3), - + /** * peer has been authenticated using EAP at least once */ COND_EAP_AUTHENTICATED = (1<<4), - + /** * received a certificate request from the peer */ COND_CERTREQ_SEEN = (1<<5), - + /** * Local peer is the "original" IKE initiator. Unaffected from rekeying. */ COND_ORIGINAL_INITIATOR = (1<<6), - + /** * IKE_SA is stale, the peer is currently unreachable (MOBIKE) */ @@ -150,7 +150,7 @@ enum statistic_t { STAT_INBOUND, /** Timestamp of last outbound IKE packet */ STAT_OUTBOUND, - + STAT_MAX }; @@ -192,37 +192,37 @@ enum statistic_t { @endverbatim */ enum ike_sa_state_t { - + /** * IKE_SA just got created, but is not initiating nor responding yet. */ IKE_CREATED, - + /** * IKE_SA gets initiated actively or passively */ IKE_CONNECTING, - + /** * IKE_SA is fully established */ IKE_ESTABLISHED, - + /** * IKE_SA is managed externally and does not process messages */ IKE_PASSIVE, - + /** * IKE_SA rekeying in progress */ IKE_REKEYING, - + /** * IKE_SA is in progress of deletion */ IKE_DELETING, - + /** * IKE_SA object gets destroyed */ @@ -252,35 +252,35 @@ struct ike_sa_t { * @return ike_sa's ike_sa_id_t */ ike_sa_id_t* (*get_id) (ike_sa_t *this); - + /** * Get the numerical ID uniquely defining this IKE_SA. * * @return unique ID */ u_int32_t (*get_unique_id) (ike_sa_t *this); - + /** * Get the state of the IKE_SA. * * @return state of the IKE_SA */ ike_sa_state_t (*get_state) (ike_sa_t *this); - + /** * Set the state of the IKE_SA. * * @param state state to set for the IKE_SA */ void (*set_state) (ike_sa_t *this, ike_sa_state_t ike_sa); - + /** * Get the name of the connection this IKE_SA uses. * * @return name */ char* (*get_name) (ike_sa_t *this); - + /** * Get statistic values from the IKE_SA. * @@ -288,35 +288,35 @@ struct ike_sa_t { * @return value as integer */ u_int32_t (*get_statistic)(ike_sa_t *this, statistic_t kind); - + /** * Get the own host address. * * @return host address */ host_t* (*get_my_host) (ike_sa_t *this); - + /** * Set the own host address. * * @param me host address */ void (*set_my_host) (ike_sa_t *this, host_t *me); - + /** * Get the other peers host address. * * @return host address */ host_t* (*get_other_host) (ike_sa_t *this); - + /** * Set the others host address. * * @param other host address */ void (*set_other_host) (ike_sa_t *this, host_t *other); - + /** * Update the IKE_SAs host. * @@ -326,35 +326,35 @@ struct ike_sa_t { * @param other new remote host address, or NULL */ void (*update_hosts)(ike_sa_t *this, host_t *me, host_t *other); - + /** * Get the own identification. * * @return identification */ identification_t* (*get_my_id) (ike_sa_t *this); - + /** * Set the own identification. * * @param me identification */ void (*set_my_id) (ike_sa_t *this, identification_t *me); - + /** * Get the other peer's identification. * * @return identification */ identification_t* (*get_other_id) (ike_sa_t *this); - + /** * Set the other peer's identification. * * @param other identification */ void (*set_other_id) (ike_sa_t *this, identification_t *other); - + /** * Get the peers EAP identity. * @@ -363,21 +363,21 @@ struct ike_sa_t { * @return identification, NULL if none set */ identification_t* (*get_eap_identity) (ike_sa_t *this); - + /** * Set the peer's EAP identity. * * @param id identification */ void (*set_eap_identity) (ike_sa_t *this, identification_t *id); - + /** * Get the config used to setup this IKE_SA. * * @return ike_config */ ike_cfg_t* (*get_ike_cfg) (ike_sa_t *this); - + /** * Set the config to setup this IKE_SA. * @@ -391,14 +391,14 @@ struct ike_sa_t { * @return peer_config */ peer_cfg_t* (*get_peer_cfg) (ike_sa_t *this); - + /** * Set the peer config to use with this IKE_SA. * * @param config peer_config to use */ void (*set_peer_cfg) (ike_sa_t *this, peer_cfg_t *config); - + /** * Get the authentication config with rules of the current auth round. * @@ -406,21 +406,21 @@ struct ike_sa_t { * @return current cfg */ auth_cfg_t* (*get_auth_cfg)(ike_sa_t *this, bool local); - + /** * Get the selected proposal of this IKE_SA. * * @return selected proposal */ proposal_t* (*get_proposal)(ike_sa_t *this); - + /** * Set the proposal selected for this IKE_SA. * * @param selected proposal */ void (*set_proposal)(ike_sa_t *this, proposal_t *proposal); - + /** * Set the message id of the IKE_SA. * @@ -431,7 +431,7 @@ struct ike_sa_t { * @param mid message id to set */ void (*set_message_id)(ike_sa_t *this, bool initiate, u_int32_t mid); - + /** * Add an additional address for the peer. * @@ -443,14 +443,14 @@ struct ike_sa_t { * @param host host to add to list */ void (*add_additional_address)(ike_sa_t *this, host_t *host); - + /** * Create an iterator over all additional addresses of the peer. * * @return iterator over addresses */ iterator_t* (*create_additional_address_iterator)(ike_sa_t *this); - + /** * Check if mappings have changed on a NAT for our source address. * @@ -458,7 +458,7 @@ struct ike_sa_t { * @return TRUE if mappings have changed */ bool (*has_mapping_changed)(ike_sa_t *this, chunk_t hash); - + /** * Enable an extension the peer supports. * @@ -468,7 +468,7 @@ struct ike_sa_t { * @param extension extension to enable */ void (*enable_extension)(ike_sa_t *this, ike_extension_t extension); - + /** * Check if the peer supports an extension. * @@ -476,7 +476,7 @@ struct ike_sa_t { * @return TRUE if peer supports it, FALSE otherwise */ bool (*supports_extension)(ike_sa_t *this, ike_extension_t extension); - + /** * Enable/disable a condition flag for this IKE_SA. * @@ -492,48 +492,48 @@ struct ike_sa_t { * @return TRUE if condition flag set, FALSE otherwise */ bool (*has_condition) (ike_sa_t *this, ike_condition_t condition); - + /** * Get the number of queued MOBIKE address updates. * * @return number of pending updates */ u_int32_t (*get_pending_updates)(ike_sa_t *this); - + /** * Set the number of queued MOBIKE address updates. * * @param updates number of pending updates */ void (*set_pending_updates)(ike_sa_t *this, u_int32_t updates); - + #ifdef ME /** * Activate mediation server functionality for this IKE_SA. */ void (*act_as_mediation_server) (ike_sa_t *this); - + /** * Get the server reflexive host. * * @return server reflexive host */ host_t* (*get_server_reflexive_host) (ike_sa_t *this); - + /** * Set the server reflexive host. * * @param host server reflexive host */ void (*set_server_reflexive_host) (ike_sa_t *this, host_t *host); - + /** * Get the connect ID. * * @return connect ID */ chunk_t (*get_connect_id) (ike_sa_t *this); - + /** * Initiate the mediation of a mediated connection (i.e. initiate a * ME_CONNECT exchange to a mediation server). @@ -544,7 +544,7 @@ struct ike_sa_t { * - DESTROY_ME if initialization failed */ status_t (*initiate_mediation) (ike_sa_t *this, peer_cfg_t *mediated_cfg); - + /** * Initiate the mediated connection * @@ -557,7 +557,7 @@ struct ike_sa_t { */ status_t (*initiate_mediated) (ike_sa_t *this, host_t *me, host_t *other, chunk_t connect_id); - + /** * Relay data from one peer to another (i.e. initiate a ME_CONNECT exchange * to a peer). @@ -576,7 +576,7 @@ struct ike_sa_t { status_t (*relay) (ike_sa_t *this, identification_t *requester, chunk_t connect_id, chunk_t connect_key, linked_list_t *endpoints, bool response); - + /** * Send a callback to a peer. * @@ -588,7 +588,7 @@ struct ike_sa_t { * - DESTROY_ME if response failed */ status_t (*callback) (ike_sa_t *this, identification_t *peer_id); - + /** * Respond to a ME_CONNECT request. * @@ -603,7 +603,7 @@ struct ike_sa_t { status_t (*respond) (ike_sa_t *this, identification_t *peer_id, chunk_t connect_id); #endif /* ME */ - + /** * Initiate a new connection. * @@ -622,7 +622,7 @@ struct ike_sa_t { status_t (*initiate) (ike_sa_t *this, child_cfg_t *child_cfg, u_int32_t reqid, traffic_selector_t *tsi, traffic_selector_t *tsr); - + /** * Initiates the deletion of an IKE_SA. * @@ -637,7 +637,7 @@ struct ike_sa_t { * deleted (but destroyed). */ status_t (*delete) (ike_sa_t *this); - + /** * Update IKE_SAs after network interfaces have changed. * @@ -651,7 +651,7 @@ struct ike_sa_t { * @return SUCCESS, FAILED, DESTROY_ME */ status_t (*roam)(ike_sa_t *this, bool address); - + /** * Processes a incoming IKEv2-Message. * @@ -666,7 +666,7 @@ struct ike_sa_t { * - DESTROY_ME if this IKE_SA MUST be deleted */ status_t (*process_message) (ike_sa_t *this, message_t *message); - + /** * Generate a IKE message to send it to the peer. * @@ -682,7 +682,7 @@ struct ike_sa_t { */ status_t (*generate_message) (ike_sa_t *this, message_t *message, packet_t **packet); - + /** * Retransmits a request. * @@ -692,7 +692,7 @@ struct ike_sa_t { * - NOT_FOUND if request doesn't have to be retransmited */ status_t (*retransmit) (ike_sa_t *this, u_int32_t message_id); - + /** * Sends a DPD request to the peer. * @@ -705,7 +705,7 @@ struct ike_sa_t { * - DESTROY_ME, if peer did not respond */ status_t (*send_dpd) (ike_sa_t *this); - + /** * Sends a keep alive packet. * @@ -715,21 +715,21 @@ struct ike_sa_t { * was sent. */ void (*send_keepalive) (ike_sa_t *this); - + /** * Get the keying material of this IKE_SA. * * @return per IKE_SA keymat instance */ keymat_t* (*get_keymat)(ike_sa_t *this); - + /** * Associates a child SA to this IKE SA * * @param child_sa child_sa to add */ void (*add_child_sa) (ike_sa_t *this, child_sa_t *child_sa); - + /** * Get a CHILD_SA identified by protocol and SPI. * @@ -740,14 +740,14 @@ struct ike_sa_t { */ child_sa_t* (*get_child_sa) (ike_sa_t *this, protocol_id_t protocol, u_int32_t spi, bool inbound); - + /** * Create an iterator over all CHILD_SAs. * * @return iterator */ iterator_t* (*create_child_sa_iterator) (ike_sa_t *this); - + /** * Rekey the CHILD SA with the specified reqid. * @@ -816,14 +816,14 @@ struct ike_sa_t { * @return DESTROY_ME to destroy the IKE_SA */ status_t (*reestablish) (ike_sa_t *this); - + /** * Set the lifetime limit received from a AUTH_LIFETIME notify. * * @param lifetime lifetime in seconds */ void (*set_auth_lifetime)(ike_sa_t *this, u_int32_t lifetime); - + /** * Set the virtual IP to use for this IKE_SA and its children. * @@ -834,7 +834,7 @@ struct ike_sa_t { * @param ip IP to set as virtual IP */ void (*set_virtual_ip) (ike_sa_t *this, bool local, host_t *ip); - + /** * Get the virtual IP configured. * @@ -842,7 +842,7 @@ struct ike_sa_t { * @return host_t *virtual IP */ host_t* (*get_virtual_ip) (ike_sa_t *this, bool local); - + /** * Register a configuration attribute to the IKE_SA. * @@ -856,7 +856,7 @@ struct ike_sa_t { */ void (*add_configuration_attribute)(ike_sa_t *this, configuration_attribute_type_t type, chunk_t data); - + /** * Set local and remote host addresses to be used for IKE. * @@ -867,7 +867,7 @@ struct ike_sa_t { * @param remote remote kmaddress */ void (*set_kmaddress) (ike_sa_t *this, host_t *local, host_t *remote); - + /** * Inherit all attributes of other to this after rekeying. * @@ -879,12 +879,12 @@ struct ike_sa_t { * @return DESTROY_ME if initiation of inherited task failed */ status_t (*inherit) (ike_sa_t *this, ike_sa_t *other); - + /** * Reset the IKE_SA, useable when initiating fails */ void (*reset) (ike_sa_t *this); - + /** * Destroys a ike_sa_t object. */ diff --git a/src/charon/sa/ike_sa_id.h b/src/charon/sa/ike_sa_id.h index 377e64e8a..0e7d7ea45 100644 --- a/src/charon/sa/ike_sa_id.h +++ b/src/charon/sa/ike_sa_id.h @@ -67,7 +67,7 @@ struct ike_sa_id_t { /** * Check if two ike_sa_id_t objects are equal. - * + * * Two ike_sa_id_t objects are equal if both SPI values and the role matches. * * @param other ike_sa_id_t object to check if equal @@ -78,7 +78,7 @@ struct ike_sa_id_t { /** * Replace all values of a given ike_sa_id_t object with values. * from another ike_sa_id_t object. - * + * * After calling this function, both objects are equal. * * @param other ike_sa_id_t object from which values will be taken @@ -94,7 +94,7 @@ struct ike_sa_id_t { /** * Switche the original initiator flag. - * + * * @return TRUE if we are the original initator after switch, FALSE otherwise */ bool (*switch_initiator) (ike_sa_id_t *this); diff --git a/src/charon/sa/ike_sa_manager.c b/src/charon/sa/ike_sa_manager.c index ec1a7f741..0ad39f3e5 100644 --- a/src/charon/sa/ike_sa_manager.c +++ b/src/charon/sa/ike_sa_manager.c @@ -41,67 +41,67 @@ typedef struct entry_t entry_t; * An entry in the linked list, contains IKE_SA, locking and lookup data. */ struct entry_t { - + /** * Number of threads waiting for this ike_sa_t object. */ int waiting_threads; - + /** * Condvar where threads can wait until ike_sa_t object is free for use again. */ condvar_t *condvar; - + /** * Is this ike_sa currently checked out? */ bool checked_out; - + /** * Does this SA drives out new threads? */ bool driveout_new_threads; - + /** * Does this SA drives out waiting threads? */ bool driveout_waiting_threads; - + /** * Identification of an IKE_SA (SPIs). */ ike_sa_id_t *ike_sa_id; - + /** * The contained ike_sa_t object. */ ike_sa_t *ike_sa; - + /** * hash of the IKE_SA_INIT message, used to detect retransmissions */ chunk_t init_hash; - + /** * remote host address, required for DoS detection */ host_t *other; - + /** * As responder: Is this SA half-open? */ bool half_open; - + /** * own identity, required for duplicate checking */ identification_t *my_id; - + /** * remote identity, required for duplicate checking */ identification_t *other_id; - + /** * message ID currently processing, if any */ @@ -131,10 +131,10 @@ static status_t entry_destroy(entry_t *this) static entry_t *entry_create() { entry_t *this = malloc_thing(entry_t); - + this->waiting_threads = 0; this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT); - + /* we set checkout flag when we really give it out */ this->checked_out = FALSE; this->driveout_new_threads = FALSE; @@ -147,7 +147,7 @@ static entry_t *entry_create() this->other_id = NULL; this->ike_sa_id = NULL; this->ike_sa = NULL; - + return this; } @@ -171,7 +171,7 @@ static bool entry_match_by_id(entry_t *entry, ike_sa_id_t *id) if (id->equals(id, entry->ike_sa_id)) { return TRUE; - } + } if ((id->get_responder_spi(id) == 0 || entry->ike_sa_id->get_responder_spi(entry->ike_sa_id) == 0) && id->is_initiator(id) == entry->ike_sa_id->is_initiator(entry->ike_sa_id) && @@ -208,7 +208,7 @@ typedef struct half_open_t half_open_t; struct half_open_t { /** chunk of remote host address */ chunk_t other; - + /** the number of half-open IKE_SAs with that host */ u_int count; }; @@ -235,10 +235,10 @@ typedef struct connected_peers_t connected_peers_t; struct connected_peers_t { /** own identity */ identification_t *my_id; - + /** remote identity */ identification_t *other_id; - + /** list of ike_sa_id_t objects of IKE_SAs between the two identities */ linked_list_t *sas; }; @@ -269,7 +269,7 @@ typedef struct segment_t segment_t; struct segment_t { /** mutex to access a segment exclusively */ mutex_t *mutex; - + /** the number of entries in this segment */ u_int count; }; @@ -282,7 +282,7 @@ typedef struct shareable_segment_t shareable_segment_t; struct shareable_segment_t { /** rwlock to access a segment non-/exclusively */ rwlock_t *lock; - + /** the number of entries in this segment - in case of the "half-open table" * it's the sum of all half_open_t.count in a segment. */ u_int count; @@ -298,67 +298,67 @@ struct private_ike_sa_manager_t { * Public interface of ike_sa_manager_t. */ ike_sa_manager_t public; - + /** * Hash table with entries for the ike_sa_t objects. */ linked_list_t **ike_sa_table; - + /** * The size of the hash table. */ u_int table_size; - + /** * Mask to map the hashes to table rows. */ u_int table_mask; - + /** * Segments of the hash table. */ segment_t *segments; - + /** * The number of segments. */ u_int segment_count; - + /** * Mask to map a table row to a segment. */ u_int segment_mask; - + /** * Hash table with half_open_t objects. */ linked_list_t **half_open_table; - + /** * Segments of the "half-open" hash table. */ shareable_segment_t *half_open_segments; - + /** * Hash table with connected_peers_t objects. */ linked_list_t **connected_peers_table; - + /** * Segments of the "connected peers" hash table. */ shareable_segment_t *connected_peers_segments; - + /** * RNG to get random SPIs for our side */ rng_t *rng; - + /** * SHA1 hasher for IKE_SA_INIT retransmit detection */ hasher_t *hasher; - + /** * reuse existing IKE_SAs in checkout_by_config */ @@ -372,7 +372,7 @@ struct private_ike_sa_manager_t { static void lock_single_segment(private_ike_sa_manager_t *this, u_int index) { mutex_t *lock = this->segments[index & this->segment_mask].mutex; - + lock->lock(lock); } @@ -383,7 +383,7 @@ static void lock_single_segment(private_ike_sa_manager_t *this, u_int index) static void unlock_single_segment(private_ike_sa_manager_t *this, u_int index) { mutex_t *lock = this->segments[index & this->segment_mask].mutex; - + lock->unlock(lock); } @@ -393,7 +393,7 @@ static void unlock_single_segment(private_ike_sa_manager_t *this, u_int index) static void lock_all_segments(private_ike_sa_manager_t *this) { u_int i; - + for (i = 0; i < this->segment_count; ++i) { this->segments[i].mutex->lock(this->segments[i].mutex); @@ -406,7 +406,7 @@ static void lock_all_segments(private_ike_sa_manager_t *this) static void unlock_all_segments(private_ike_sa_manager_t *this) { u_int i; - + for (i = 0; i < this->segment_count; ++i) { this->segments[i].mutex->unlock(this->segments[i].mutex); @@ -424,27 +424,27 @@ struct private_enumerator_t { * implements enumerator interface */ enumerator_t enumerator; - + /** * associated ike_sa_manager_t */ private_ike_sa_manager_t *manager; - + /** * current segment index */ u_int segment; - + /** * currently enumerating entry */ entry_t *entry; - + /** * current table row index */ u_int row; - + /** * enumerator for the current table row */ @@ -468,7 +468,7 @@ static bool enumerate(private_enumerator_t *this, entry_t **entry, u_int *segmen if (this->current) { entry_t *item; - + if (this->current->enumerate(this->current, &item)) { *entry = this->entry = item; @@ -482,7 +482,7 @@ static bool enumerate(private_enumerator_t *this, entry_t **entry, u_int *segmen else { linked_list_t *list; - + lock_single_segment(this->manager, this->segment); if ((list = this->manager->ike_sa_table[this->row]) != NULL && list->get_count(list)) @@ -523,7 +523,7 @@ static void enumerator_destroy(private_enumerator_t *this) static enumerator_t* create_table_enumerator(private_ike_sa_manager_t *this) { private_enumerator_t *enumerator = malloc_thing(private_enumerator_t); - + enumerator->enumerator.enumerate = (void*)enumerate; enumerator->enumerator.destroy = (void*)enumerator_destroy; enumerator->manager = this; @@ -531,7 +531,7 @@ static enumerator_t* create_table_enumerator(private_ike_sa_manager_t *this) enumerator->entry = NULL; enumerator->row = 0; enumerator->current = NULL; - + return &enumerator->enumerator; } @@ -544,7 +544,7 @@ static u_int put_entry(private_ike_sa_manager_t *this, entry_t *entry) linked_list_t *list; u_int row = ike_sa_id_hash(entry->ike_sa_id) & this->table_mask; u_int segment = row & this->segment_mask; - + lock_single_segment(this, segment); if ((list = this->ike_sa_table[row]) == NULL) { @@ -564,7 +564,7 @@ static void remove_entry(private_ike_sa_manager_t *this, entry_t *entry) linked_list_t *list; u_int row = ike_sa_id_hash(entry->ike_sa_id) & this->table_mask; u_int segment = row & this->segment_mask; - + if ((list = this->ike_sa_table[row]) != NULL) { entry_t *current; @@ -609,7 +609,7 @@ static status_t get_entry_by_match_function(private_ike_sa_manager_t *this, linked_list_t *list; u_int row = ike_sa_id_hash(ike_sa_id) & this->table_mask; u_int seg = row & this->segment_mask; - + lock_single_segment(this, seg); if ((list = this->ike_sa_table[row]) != NULL) { @@ -632,7 +632,7 @@ static status_t get_entry_by_match_function(private_ike_sa_manager_t *this, static status_t get_entry_by_id(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id, entry_t **entry, u_int *segment) { - return get_entry_by_match_function(this, ike_sa_id, entry, segment, + return get_entry_by_match_function(this, ike_sa_id, entry, segment, (linked_list_match_t)entry_match_by_id, ike_sa_id, NULL); } @@ -670,7 +670,7 @@ static bool wait_for_entry(private_ike_sa_manager_t *this, entry_t *entry, /* we are not allowed to get this */ return FALSE; } - while (entry->checked_out && !entry->driveout_waiting_threads) + while (entry->checked_out && !entry->driveout_waiting_threads) { /* so wait until we can get it for us. * we register us as waiting. */ @@ -698,7 +698,7 @@ static void put_half_open(private_ike_sa_manager_t *this, entry_t *entry) chunk_t addr = entry->other->get_address(entry->other); u_int row = chunk_hash(addr) & this->table_mask; u_int segment = row & this->segment_mask; - + rwlock_t *lock = this->half_open_segments[segment].lock; lock->write_lock(lock); if ((list = this->half_open_table[row]) == NULL) @@ -716,7 +716,7 @@ static void put_half_open(private_ike_sa_manager_t *this, entry_t *entry) this->half_open_segments[segment].count++; } } - + if (!half_open) { half_open = malloc_thing(half_open_t); @@ -737,7 +737,7 @@ static void remove_half_open(private_ike_sa_manager_t *this, entry_t *entry) chunk_t addr = entry->other->get_address(entry->other); u_int row = chunk_hash(addr) & this->table_mask; u_int segment = row & this->segment_mask; - + rwlock_t *lock = this->half_open_segments[segment].lock; lock->write_lock(lock); if ((list = this->half_open_table[row]) != NULL) @@ -773,7 +773,7 @@ static void put_connected_peers(private_ike_sa_manager_t *this, entry_t *entry) other_id = entry->other_id->get_encoding(entry->other_id); u_int row = chunk_hash_inc(other_id, chunk_hash(my_id)) & this->table_mask; u_int segment = row & this->segment_mask; - + rwlock_t *lock = this->connected_peers_segments[segment].lock; lock->write_lock(lock); if ((list = this->connected_peers_table[row]) == NULL) @@ -796,7 +796,7 @@ static void put_connected_peers(private_ike_sa_manager_t *this, entry_t *entry) } } } - + if (!connected_peers) { connected_peers = malloc_thing(connected_peers_t); @@ -821,7 +821,7 @@ static void remove_connected_peers(private_ike_sa_manager_t *this, entry_t *entr other_id = entry->other_id->get_encoding(entry->other_id); u_int row = chunk_hash_inc(other_id, chunk_hash(my_id)) & this->table_mask; u_int segment = row & this->segment_mask; - + rwlock_t *lock = this->connected_peers_segments[segment].lock; lock->write_lock(lock); if ((list = this->connected_peers_table[row]) != NULL) @@ -864,7 +864,7 @@ static void remove_connected_peers(private_ike_sa_manager_t *this, entry_t *entr static u_int64_t get_next_spi(private_ike_sa_manager_t *this) { u_int64_t spi; - + this->rng->get_bytes(this->rng, sizeof(spi), (u_int8_t*)&spi); return spi; } @@ -877,9 +877,9 @@ static ike_sa_t* checkout(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id ike_sa_t *ike_sa = NULL; entry_t *entry; u_int segment; - + DBG2(DBG_MGR, "checkout IKE_SA"); - + if (get_entry_by_id(this, ike_sa_id, &entry, &segment) == SUCCESS) { if (wait_for_entry(this, entry, segment)) @@ -903,7 +903,7 @@ static ike_sa_t *checkout_new(private_ike_sa_manager_t* this, bool initiator) ike_sa_t *ike_sa; entry_t *entry; u_int segment; - + if (initiator) { ike_sa_id = ike_sa_id_create(get_next_spi(this), 0, TRUE); @@ -913,15 +913,15 @@ static ike_sa_t *checkout_new(private_ike_sa_manager_t* this, bool initiator) ike_sa_id = ike_sa_id_create(0, get_next_spi(this), FALSE); } ike_sa = ike_sa_create(ike_sa_id); - + DBG2(DBG_MGR, "created IKE_SA"); - + if (!initiator) { ike_sa_id->destroy(ike_sa_id); return ike_sa; } - + entry = entry_create(); entry->ike_sa_id = ike_sa_id; entry->ike_sa = ike_sa; @@ -944,19 +944,19 @@ static ike_sa_t* checkout_by_message(private_ike_sa_manager_t* this, id = id->clone(id); id->switch_initiator(id); - + DBG2(DBG_MGR, "checkout IKE_SA by message"); - + if (message->get_request(message) && message->get_exchange_type(message) == IKE_SA_INIT) { /* IKE_SA_INIT request. Check for an IKE_SA with such a message hash. */ chunk_t data, hash; - + data = message->get_packet_data(message); this->hasher->allocate_hash(this->hasher, data, &hash); chunk_free(&data); - + if (get_entry_by_hash(this, id, hash, &entry, &segment) == SUCCESS) { if (entry->message_id == 0) @@ -976,7 +976,7 @@ static ike_sa_t* checkout_by_message(private_ike_sa_manager_t* this, } unlock_single_segment(this, segment); } - + if (ike_sa == NULL) { if (id->get_responder_spi(id) == 0 && @@ -987,15 +987,15 @@ static ike_sa_t* checkout_by_message(private_ike_sa_manager_t* this, entry = entry_create(); entry->ike_sa = ike_sa_create(id); entry->ike_sa_id = id->clone(id); - + segment = put_entry(this, entry); entry->checked_out = TRUE; unlock_single_segment(this, segment); - - entry->message_id = message->get_message_id(message); + + entry->message_id = message->get_message_id(message); entry->init_hash = hash; ike_sa = entry->ike_sa; - + DBG2(DBG_MGR, "created IKE_SA"); } else @@ -1012,7 +1012,7 @@ static ike_sa_t* checkout_by_message(private_ike_sa_manager_t* this, charon->bus->set_sa(charon->bus, ike_sa); return ike_sa; } - + if (get_entry_by_id(this, id, &entry, &segment) == SUCCESS) { /* only check out if we are not processing this request */ @@ -1053,14 +1053,14 @@ static ike_sa_t* checkout_by_config(private_ike_sa_manager_t *this, peer_cfg_t *current_peer; ike_cfg_t *current_ike; u_int segment; - + if (!this->reuse_ikesa) { /* IKE_SA reuse disable by config */ - ike_sa = checkout_new(this, TRUE); + ike_sa = checkout_new(this, TRUE); charon->bus->set_sa(charon->bus, ike_sa); return ike_sa; } - + enumerator = create_table_enumerator(this); while (enumerator->enumerate(enumerator, &entry, &segment)) { @@ -1072,7 +1072,7 @@ static ike_sa_t* checkout_by_config(private_ike_sa_manager_t *this, { /* skip IKE_SAs which are not usable */ continue; } - + current_peer = entry->ike_sa->get_peer_cfg(entry->ike_sa); if (current_peer && current_peer->equals(current_peer, peer_cfg)) { @@ -1088,10 +1088,10 @@ static ike_sa_t* checkout_by_config(private_ike_sa_manager_t *this, } } enumerator->destroy(enumerator); - + if (!ike_sa) { /* no IKE_SA using such a config, hand out a new */ - ike_sa = checkout_new(this, TRUE); + ike_sa = checkout_new(this, TRUE); } charon->bus->set_sa(charon->bus, ike_sa); return ike_sa; @@ -1109,7 +1109,7 @@ static ike_sa_t* checkout_by_id(private_ike_sa_manager_t *this, u_int32_t id, ike_sa_t *ike_sa = NULL; child_sa_t *child_sa; u_int segment; - + enumerator = create_table_enumerator(this); while (enumerator->enumerate(enumerator, &entry, &segment)) { @@ -1125,7 +1125,7 @@ static ike_sa_t* checkout_by_id(private_ike_sa_manager_t *this, u_int32_t id, { ike_sa = entry->ike_sa; break; - } + } } children->destroy(children); } @@ -1145,7 +1145,7 @@ static ike_sa_t* checkout_by_id(private_ike_sa_manager_t *this, u_int32_t id, } } enumerator->destroy(enumerator); - + charon->bus->set_sa(charon->bus, ike_sa); return ike_sa; } @@ -1162,7 +1162,7 @@ static ike_sa_t* checkout_by_name(private_ike_sa_manager_t *this, char *name, ike_sa_t *ike_sa = NULL; child_sa_t *child_sa; u_int segment; - + enumerator = create_table_enumerator(this); while (enumerator->enumerate(enumerator, &entry, &segment)) { @@ -1178,7 +1178,7 @@ static ike_sa_t* checkout_by_name(private_ike_sa_manager_t *this, char *name, { ike_sa = entry->ike_sa; break; - } + } } children->destroy(children); } @@ -1198,13 +1198,13 @@ static ike_sa_t* checkout_by_name(private_ike_sa_manager_t *this, char *name, } } enumerator->destroy(enumerator); - + charon->bus->set_sa(charon->bus, ike_sa); return ike_sa; } /** - * enumerator filter function + * enumerator filter function */ static bool enumerator_filter(private_ike_sa_manager_t *this, entry_t **in, ike_sa_t **out, u_int *segment) @@ -1243,14 +1243,14 @@ static void checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) host_t *other; identification_t *my_id, *other_id; u_int segment; - + ike_sa_id = ike_sa->get_id(ike_sa); my_id = ike_sa->get_my_id(ike_sa); other_id = ike_sa->get_other_id(ike_sa); other = ike_sa->get_other_host(ike_sa); - + DBG2(DBG_MGR, "checkin IKE_SA"); - + /* look for the entry */ if (get_entry_by_sa(this, ike_sa_id, ike_sa, &entry, &segment) == SUCCESS) { @@ -1293,7 +1293,7 @@ static void checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) entry->ike_sa = ike_sa; segment = put_entry(this, entry); } - + /* apply identities for duplicate test (only as responder) */ if (!entry->ike_sa_id->is_initiator(entry->ike_sa_id) && ike_sa->get_state(ike_sa) == IKE_ESTABLISHED && @@ -1303,9 +1303,9 @@ static void checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) entry->other_id = other_id->clone(other_id); put_connected_peers(this, entry); } - + unlock_single_segment(this, segment); - + charon->bus->set_sa(charon->bus, NULL); } @@ -1322,11 +1322,11 @@ static void checkin_and_destroy(private_ike_sa_manager_t *this, ike_sa_t *ike_sa entry_t *entry; ike_sa_id_t *ike_sa_id; u_int segment; - + ike_sa_id = ike_sa->get_id(ike_sa); - + DBG2(DBG_MGR, "checkin and destroy IKE_SA"); - + if (get_entry_by_sa(this, ike_sa_id, ike_sa, &entry, &segment) == SUCCESS) { /* drive out waiting threads, as we are in hurry */ @@ -1343,7 +1343,7 @@ static void checkin_and_destroy(private_ike_sa_manager_t *this, ike_sa_t *ike_sa } remove_entry(this, entry); unlock_single_segment(this, segment); - + if (entry->half_open) { remove_half_open(this, entry); @@ -1353,9 +1353,9 @@ static void checkin_and_destroy(private_ike_sa_manager_t *this, ike_sa_t *ike_sa { remove_connected_peers(this, entry); } - + entry_destroy(entry); - + DBG2(DBG_MGR, "check-in and destroy of IKE_SA successful"); } else @@ -1366,7 +1366,7 @@ static void checkin_and_destroy(private_ike_sa_manager_t *this, ike_sa_t *ike_sa charon->bus->set_sa(charon->bus, NULL); } - + /** * Implementation of ike_sa_manager_t.check_uniqueness. */ @@ -1381,27 +1381,27 @@ static bool check_uniqueness(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) identification_t *me, *other; u_int row, segment; rwlock_t *lock; - + peer_cfg = ike_sa->get_peer_cfg(ike_sa); policy = peer_cfg->get_unique_policy(peer_cfg); if (policy == UNIQUE_NO) { return FALSE; } - + me = ike_sa->get_my_id(ike_sa); other = ike_sa->get_other_id(ike_sa); - + row = chunk_hash_inc(other->get_encoding(other), chunk_hash(me->get_encoding(me))) & this->table_mask; segment = row & this->segment_mask; - + lock = this->connected_peers_segments[segment & this->segment_mask].lock; lock->read_lock(lock); if ((list = this->connected_peers_table[row]) != NULL) { connected_peers_t *current; - + if (list->find_first(list, (linked_list_match_t)connected_peers_match, (void**)¤t, me, other) == SUCCESS) { @@ -1411,18 +1411,18 @@ static bool check_uniqueness(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) } } lock->unlock(lock); - + if (!duplicate_ids) { return FALSE; } - + enumerator = duplicate_ids->create_enumerator(duplicate_ids); while (enumerator->enumerate(enumerator, &duplicate_id)) { status_t status = SUCCESS; ike_sa_t *duplicate; - + duplicate = checkout(this, duplicate_id); if (!duplicate) { @@ -1485,13 +1485,13 @@ static int get_half_open_count(private_ike_sa_manager_t *this, host_t *ip) chunk_t addr = ip->get_address(ip); u_int row = chunk_hash(addr) & this->table_mask; u_int segment = row & this->segment_mask; - + rwlock_t *lock = this->half_open_segments[segment & this->segment_mask].lock; lock->read_lock(lock); if ((list = this->half_open_table[row]) != NULL) { half_open_t *current; - + if (list->find_first(list, (linked_list_match_t)half_open_match, (void**)¤t, &addr) == SUCCESS) { @@ -1503,7 +1503,7 @@ static int get_half_open_count(private_ike_sa_manager_t *this, host_t *ip) else { u_int segment; - + for (segment = 0; segment < this->segment_count; ++segment) { rwlock_t *lock; @@ -1513,7 +1513,7 @@ static int get_half_open_count(private_ike_sa_manager_t *this, host_t *ip) lock->unlock(lock); } } - + return count; } @@ -1526,7 +1526,7 @@ static void flush(private_ike_sa_manager_t *this) enumerator_t *enumerator; entry_t *entry; u_int segment; - + lock_all_segments(this); DBG2(DBG_MGR, "going to destroy IKE_SA manager and all managed IKE_SA's"); /* Step 1: drive out all waiting threads */ @@ -1536,7 +1536,7 @@ static void flush(private_ike_sa_manager_t *this) { /* do not accept new threads, drive out waiting threads */ entry->driveout_new_threads = TRUE; - entry->driveout_waiting_threads = TRUE; + entry->driveout_waiting_threads = TRUE; } enumerator->destroy(enumerator); DBG2(DBG_MGR, "wait for all threads to leave IKE_SA's"); @@ -1573,7 +1573,7 @@ static void flush(private_ike_sa_manager_t *this) entry->ike_sa->delete(entry->ike_sa); } enumerator->destroy(enumerator); - + DBG2(DBG_MGR, "destroy all entries"); /* Step 4: destroy all entries */ enumerator = create_table_enumerator(this); @@ -1633,7 +1633,7 @@ static void destroy(private_ike_sa_manager_t *this) free(this->segments); free(this->half_open_segments); free(this->connected_peers_segments); - + this->rng->destroy(this->rng); this->hasher->destroy(this->hasher); free(this); @@ -1648,7 +1648,7 @@ static void destroy(private_ike_sa_manager_t *this) static u_int get_nearest_powerof2(u_int n) { u_int i; - + --n; for (i = 1; i < sizeof(u_int) * 8; i <<= 1) { @@ -1679,7 +1679,7 @@ ike_sa_manager_t *ike_sa_manager_create() this->public.checkin = (void(*)(ike_sa_manager_t*,ike_sa_t*))checkin; this->public.checkin_and_destroy = (void(*)(ike_sa_manager_t*,ike_sa_t*))checkin_and_destroy; this->public.get_half_open_count = (int(*)(ike_sa_manager_t*,host_t*))get_half_open_count; - + /* initialize private variables */ this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_PREFERRED); if (this->hasher == NULL) @@ -1700,21 +1700,21 @@ ike_sa_manager_t *ike_sa_manager_create() "charon.ikesa_table_size", DEFAULT_HASHTABLE_SIZE)); this->table_size = max(1, min(this->table_size, MAX_HASHTABLE_SIZE)); this->table_mask = this->table_size - 1; - + this->segment_count = get_nearest_powerof2(lib->settings->get_int(lib->settings, "charon.ikesa_table_segments", DEFAULT_SEGMENT_COUNT)); this->segment_count = max(1, min(this->segment_count, this->table_size)); this->segment_mask = this->segment_count - 1; - + this->ike_sa_table = calloc(this->table_size, sizeof(linked_list_t*)); - + this->segments = (segment_t*)calloc(this->segment_count, sizeof(segment_t)); for (i = 0; i < this->segment_count; ++i) { this->segments[i].mutex = mutex_create(MUTEX_TYPE_RECURSIVE); this->segments[i].count = 0; } - + /* we use the same table parameters for the table to track half-open SAs */ this->half_open_table = calloc(this->table_size, sizeof(linked_list_t*)); this->half_open_segments = calloc(this->segment_count, sizeof(shareable_segment_t)); @@ -1723,7 +1723,7 @@ ike_sa_manager_t *ike_sa_manager_create() this->half_open_segments[i].lock = rwlock_create(RWLOCK_TYPE_DEFAULT); this->half_open_segments[i].count = 0; } - + /* also for the hash table used for duplicate tests */ this->connected_peers_table = calloc(this->table_size, sizeof(linked_list_t*)); this->connected_peers_segments = calloc(this->segment_count, sizeof(shareable_segment_t)); @@ -1732,7 +1732,7 @@ ike_sa_manager_t *ike_sa_manager_create() this->connected_peers_segments[i].lock = rwlock_create(RWLOCK_TYPE_DEFAULT); this->connected_peers_segments[i].count = 0; } - + this->reuse_ikesa = lib->settings->get_bool(lib->settings, "charon.reuse_ikesa", TRUE); return &this->public; diff --git a/src/charon/sa/ike_sa_manager.h b/src/charon/sa/ike_sa_manager.h index 6da768080..c141052e7 100644 --- a/src/charon/sa/ike_sa_manager.h +++ b/src/charon/sa/ike_sa_manager.h @@ -38,20 +38,20 @@ typedef struct ike_sa_manager_t ike_sa_manager_t; * by the owning thread. */ struct ike_sa_manager_t { - + /** * Checkout an existing IKE_SA. - * + * * @param ike_sa_id the SA identifier, will be updated - * @returns + * @returns * - checked out IKE_SA if found * - NULL, if specified IKE_SA is not found. */ ike_sa_t* (*checkout) (ike_sa_manager_t* this, ike_sa_id_t *sa_id); - + /** * Create and check out a new IKE_SA. - * + * * @note If initiator equals FALSE, the returned IKE_SA is not registered * in the manager. * @@ -59,30 +59,30 @@ struct ike_sa_manager_t { * @returns created and checked out IKE_SA */ ike_sa_t* (*checkout_new) (ike_sa_manager_t* this, bool initiator); - + /** * Checkout an IKE_SA by a message. - * + * * In some situations, it is necessary that the manager knows the * message to use for the checkout. This has the following reasons: - * + * * 1. If the targeted IKE_SA is already processing a message, we do not * check it out if the message ID is the same. - * 2. If it is an IKE_SA_INIT request, we have to check if it is a + * 2. If it is an IKE_SA_INIT request, we have to check if it is a * retransmission. If so, we have to drop the message, we would * create another unneeded IKE_SA for each retransmitted packet. * * A call to checkout_by_message() returns a (maybe new created) IKE_SA. * If processing the message does not make sense (for the reasons above), * NULL is returned. - * + * * @param ike_sa_id the SA identifier, will be updated - * @returns + * @returns * - checked out/created IKE_SA * - NULL to not process message further */ ike_sa_t* (*checkout_by_message) (ike_sa_manager_t* this, message_t *message); - + /** * Checkout an IKE_SA for initiation by a peer_config. * @@ -98,26 +98,26 @@ struct ike_sa_manager_t { */ ike_sa_t* (*checkout_by_config) (ike_sa_manager_t* this, peer_cfg_t *peer_cfg); - + /** * Check for duplicates of the given IKE_SA. - * + * * Measures are taken according to the uniqueness policy of the IKE_SA. * The return value indicates whether duplicates have been found and if * further measures should be taken (e.g. cancelling an IKE_AUTH exchange). * check_uniqueness() must be called before the IKE_SA is complete, * deadlocks occur otherwise. - * + * * @param ike_sa ike_sa to check * @return TRUE, if the given IKE_SA has duplicates and * should be deleted */ bool (*check_uniqueness)(ike_sa_manager_t *this, ike_sa_t *ike_sa); - + /** * Check out an IKE_SA a unique ID. * - * Every IKE_SA and every CHILD_SA is uniquely identified by an ID. + * Every IKE_SA and every CHILD_SA is uniquely identified by an ID. * These checkout function uses, depending * on the child parameter, the unique ID of the IKE_SA or the reqid * of one of a IKE_SAs CHILD_SA. @@ -130,7 +130,7 @@ struct ike_sa_manager_t { */ ike_sa_t* (*checkout_by_id) (ike_sa_manager_t* this, u_int32_t id, bool child); - + /** * Check out an IKE_SA by the policy/connection name. * @@ -145,7 +145,7 @@ struct ike_sa_manager_t { */ ike_sa_t* (*checkout_by_name) (ike_sa_manager_t* this, char *name, bool child); - + /** * Create an enumerator over all stored IKE_SAs. * @@ -155,7 +155,7 @@ struct ike_sa_manager_t { * @return enumerator over all IKE_SAs. */ enumerator_t *(*create_enumerator) (ike_sa_manager_t* this); - + /** * Checkin the SA after usage. * @@ -165,7 +165,7 @@ struct ike_sa_manager_t { * @param ike_sa checked out SA */ void (*checkin) (ike_sa_manager_t* this, ike_sa_t *ike_sa); - + /** * Destroy a checked out SA. * @@ -179,7 +179,7 @@ struct ike_sa_manager_t { * @param ike_sa SA to delete */ void (*checkin_and_destroy) (ike_sa_manager_t* this, ike_sa_t *ike_sa); - + /** * Get the number of IKE_SAs which are in the connecting state. * @@ -189,19 +189,19 @@ struct ike_sa_manager_t { * If a host is supplied, only the number of half open IKE_SAs initiated * from this IP are counted. * Only SAs for which we are the responder are counted. - * + * * @param ip NULL for all, IP for half open IKE_SAs with IP * @return number of half open IKE_SAs */ int (*get_half_open_count) (ike_sa_manager_t *this, host_t *ip); - + /** * Delete all existing IKE_SAs and destroy them immediately. - * + * * Threads will be driven out, so all SAs can be deleted cleanly. */ void (*flush)(ike_sa_manager_t *this); - + /** * Destroys the manager with all associated SAs. * @@ -212,7 +212,7 @@ struct ike_sa_manager_t { /** * Create the IKE_SA manager. - * + * * @returns ike_sa_manager_t object, NULL if initialization fails */ ike_sa_manager_t *ike_sa_manager_create(void); diff --git a/src/charon/sa/keymat.c b/src/charon/sa/keymat.c index 46fb79587..e7224fe52 100644 --- a/src/charon/sa/keymat.c +++ b/src/charon/sa/keymat.c @@ -24,52 +24,52 @@ typedef struct private_keymat_t private_keymat_t; * Private data of an keymat_t object. */ struct private_keymat_t { - + /** * Public keymat_t interface. */ keymat_t public; - + /** * IKE_SA Role, initiator or responder */ bool initiator; - + /** * inbound signer (verify) */ signer_t *signer_in; - + /** * outbound signer (sign) */ signer_t *signer_out; - + /** * inbound crypter (decrypt) */ crypter_t *crypter_in; - + /** * outbound crypter (encrypt) */ crypter_t *crypter_out; - + /** * General purpose PRF */ prf_t *prf; - + /** * Negotiated PRF algorithm */ pseudo_random_function_t prf_alg; - + /** * Key to derive key material from for CHILD_SAs, rekeying */ chunk_t skd; - + /** * Key to build outging authentication data (SKp) */ @@ -158,15 +158,15 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal, prf_plus_t *prf_plus; u_int16_t alg, key_size; prf_t *rekey_prf = NULL; - + spi_i = chunk_alloca(sizeof(u_int64_t)); spi_r = chunk_alloca(sizeof(u_int64_t)); - + if (dh->get_shared_secret(dh, &secret) != SUCCESS) { return FALSE; } - + /* Create SAs general purpose PRF first, we may use it here */ if (!proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &alg, NULL)) { @@ -206,8 +206,8 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal, *((u_int64_t*)spi_i.ptr) = id->get_initiator_spi(id); *((u_int64_t*)spi_r.ptr) = id->get_responder_spi(id); prf_plus_seed = chunk_cat("ccc", full_nonce, spi_i, spi_r); - - /* KEYMAT = prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr) + + /* KEYMAT = prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr) * * if we are rekeying, SKEYSEED is built on another way */ @@ -221,7 +221,7 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal, } else { - /* SKEYSEED = prf(SK_d (old), [g^ir (new)] | Ni | Nr) + /* SKEYSEED = prf(SK_d (old), [g^ir (new)] | Ni | Nr) * use OLD SAs PRF functions for both prf_plus and prf */ rekey_prf = lib->crypto->create_prf(lib->crypto, rekey_function); if (!rekey_prf) @@ -240,20 +240,20 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal, prf_plus = prf_plus_create(rekey_prf, prf_plus_seed); } DBG4(DBG_IKE, "SKEYSEED %B", &skeyseed); - + chunk_clear(&skeyseed); chunk_clear(&secret); chunk_free(&full_nonce); chunk_free(&fixed_nonce); chunk_clear(&prf_plus_seed); - + /* KEYMAT = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr */ - + /* SK_d is used for generating CHILD_SA key mat => store for later use */ key_size = this->prf->get_key_size(this->prf); prf_plus->allocate_bytes(prf_plus, key_size, &this->skd); DBG4(DBG_IKE, "Sk_d secret %B", &this->skd); - + /* SK_ai/SK_ar used for integrity protection => signer_in/signer_out */ if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL)) { @@ -275,17 +275,17 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal, return FALSE; } key_size = signer_i->get_key_size(signer_i); - + prf_plus->allocate_bytes(prf_plus, key_size, &key); DBG4(DBG_IKE, "Sk_ai secret %B", &key); signer_i->set_key(signer_i, key); chunk_clear(&key); - + prf_plus->allocate_bytes(prf_plus, key_size, &key); DBG4(DBG_IKE, "Sk_ar secret %B", &key); signer_r->set_key(signer_r, key); chunk_clear(&key); - + if (this->initiator) { this->signer_in = signer_r; @@ -296,7 +296,7 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal, this->signer_in = signer_i; this->signer_out = signer_r; } - + /* SK_ei/SK_er used for encryption => crypter_in/crypter_out */ if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &key_size)) { @@ -318,17 +318,17 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal, return FALSE; } key_size = crypter_i->get_key_size(crypter_i); - + prf_plus->allocate_bytes(prf_plus, key_size, &key); DBG4(DBG_IKE, "Sk_ei secret %B", &key); crypter_i->set_key(crypter_i, key); chunk_clear(&key); - + prf_plus->allocate_bytes(prf_plus, key_size, &key); DBG4(DBG_IKE, "Sk_er secret %B", &key); crypter_r->set_key(crypter_r, key); chunk_clear(&key); - + if (this->initiator) { this->crypter_in = crypter_r; @@ -339,8 +339,8 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal, this->crypter_in = crypter_i; this->crypter_out = crypter_r; } - - /* SK_pi/SK_pr used for authentication => stored for later */ + + /* SK_pi/SK_pr used for authentication => stored for later */ key_size = this->prf->get_key_size(this->prf); prf_plus->allocate_bytes(prf_plus, key_size, &key); DBG4(DBG_IKE, "Sk_pi secret %B", &key); @@ -362,11 +362,11 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal, { this->skp_build = key; } - + /* all done, prf_plus not needed anymore */ prf_plus->destroy(prf_plus); DESTROY_IF(rekey_prf); - + return TRUE; } @@ -382,7 +382,7 @@ static bool derive_child_keys(private_keymat_t *this, u_int16_t enc_alg, int_alg, enc_size = 0, int_size = 0; chunk_t seed, secret = chunk_empty; prf_plus_t *prf_plus; - + if (dh) { if (dh->get_shared_secret(dh, &secret) != SUCCESS) @@ -393,13 +393,13 @@ static bool derive_child_keys(private_keymat_t *this, } seed = chunk_cata("mcc", secret, nonce_i, nonce_r); DBG4(DBG_CHD, "seed %B", &seed); - + if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &enc_alg, &enc_size)) { - DBG2(DBG_CHD, " using %N for encryption", + DBG2(DBG_CHD, " using %N for encryption", encryption_algorithm_names, enc_alg); - + if (!enc_size) { enc_size = lookup_keylen(keylen_enc, enc_alg); @@ -412,7 +412,7 @@ static bool derive_child_keys(private_keymat_t *this, } /* to bytes */ enc_size /= 8; - + /* CCM/GCM/CTR needs additional bytes */ switch (enc_alg) { @@ -434,13 +434,13 @@ static bool derive_child_keys(private_keymat_t *this, break; } } - + if (proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &int_alg, &int_size)) { DBG2(DBG_CHD, " using %N for integrity", integrity_algorithm_names, int_alg); - + if (!int_size) { int_size = lookup_keylen(keylen_int, int_alg); @@ -454,17 +454,17 @@ static bool derive_child_keys(private_keymat_t *this, /* to bytes */ int_size /= 8; } - + this->prf->set_key(this->prf, this->skd); prf_plus = prf_plus_create(this->prf, seed); - + prf_plus->allocate_bytes(prf_plus, enc_size, encr_i); prf_plus->allocate_bytes(prf_plus, int_size, integ_i); prf_plus->allocate_bytes(prf_plus, enc_size, encr_r); prf_plus->allocate_bytes(prf_plus, int_size, integ_r); - + prf_plus->destroy(prf_plus); - + if (enc_size) { DBG4(DBG_CHD, "encryption initiator key %B", encr_i); @@ -512,19 +512,19 @@ static chunk_t get_auth_octets(private_keymat_t *this, bool verify, { chunk_t chunk, idx, octets; chunk_t skp; - + skp = verify ? this->skp_verify : this->skp_build; - + chunk = chunk_alloca(4); memset(chunk.ptr, 0, chunk.len); chunk.ptr[0] = id->get_type(id); idx = chunk_cata("cc", chunk, id->get_encoding(id)); - + DBG3(DBG_IKE, "IDx' %B", &idx); DBG3(DBG_IKE, "SK_p %B", &skp); this->prf->set_key(this->prf, skp); this->prf->allocate_bytes(this->prf, idx, &chunk); - + octets = chunk_cat("ccm", ike_sa_init, nonce, chunk); DBG3(DBG_IKE, "octets = message + nonce + prf(Sk_px, IDx') %B", &octets); return octets; @@ -539,12 +539,12 @@ static chunk_t get_auth_octets(private_keymat_t *this, bool verify, /** * Implementation of keymat_t.get_psk_sig */ -static chunk_t get_psk_sig(private_keymat_t *this, bool verify, +static chunk_t get_psk_sig(private_keymat_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce, chunk_t secret, identification_t *id) { chunk_t key_pad, key, sig, octets; - + if (!secret.len) { /* EAP uses SK_p if no MSK has been established */ secret = verify ? this->skp_verify : this->skp_build; @@ -561,7 +561,7 @@ static chunk_t get_psk_sig(private_keymat_t *this, bool verify, DBG3(DBG_IKE, "AUTH = prf(prf(secret, keypad), octets) %B", &sig); chunk_free(&octets); chunk_free(&key); - + return sig; } @@ -587,7 +587,7 @@ static void destroy(private_keymat_t *this) keymat_t *keymat_create(bool initiator) { private_keymat_t *this = malloc_thing(private_keymat_t); - + this->public.create_dh = (diffie_hellman_t*(*)(keymat_t*, diffie_hellman_group_t group))create_dh; this->public.derive_ike_keys = (bool(*)(keymat_t*, proposal_t *proposal, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id, pseudo_random_function_t,chunk_t))derive_ike_keys; this->public.derive_child_keys = (bool(*)(keymat_t*, proposal_t *proposal, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i, chunk_t *encr_r, chunk_t *integ_r))derive_child_keys; @@ -597,9 +597,9 @@ keymat_t *keymat_create(bool initiator) this->public.get_auth_octets = (chunk_t(*)(keymat_t *, bool verify, chunk_t ike_sa_init, chunk_t nonce, identification_t *id))get_auth_octets; this->public.get_psk_sig = (chunk_t(*)(keymat_t*, bool verify, chunk_t ike_sa_init, chunk_t nonce, chunk_t secret, identification_t *id))get_psk_sig; this->public.destroy = (void(*)(keymat_t*))destroy; - + this->initiator = initiator; - + this->signer_in = NULL; this->signer_out = NULL; this->crypter_in = NULL; @@ -609,7 +609,7 @@ keymat_t *keymat_create(bool initiator) this->skd = chunk_empty; this->skp_verify = chunk_empty; this->skp_build = chunk_empty; - + return &this->public; } diff --git a/src/charon/sa/keymat.h b/src/charon/sa/keymat.h index 43b9dd113..cc0a3e1e6 100644 --- a/src/charon/sa/keymat.h +++ b/src/charon/sa/keymat.h @@ -35,7 +35,7 @@ typedef struct keymat_t keymat_t; * Derivation an management of sensitive keying material. */ struct keymat_t { - + /** * Create a diffie hellman object for key agreement. * @@ -47,7 +47,7 @@ struct keymat_t { * @return DH object, NULL if group not supported */ diffie_hellman_t* (*create_dh)(keymat_t *this, diffie_hellman_group_t group); - + /** * Derive keys for the IKE_SA. * @@ -86,7 +86,7 @@ struct keymat_t { * @param integ_r chunk to write responders integrity key to * @return TRUE on success */ - bool (*derive_child_keys)(keymat_t *this, + bool (*derive_child_keys)(keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i, @@ -98,7 +98,7 @@ struct keymat_t { * @return PRF function to derive keymat */ pseudo_random_function_t (*get_skd)(keymat_t *this, chunk_t *skd); - + /** * Get a signer to sign/verify IKE messages. * @@ -106,7 +106,7 @@ struct keymat_t { * @return signer */ signer_t* (*get_signer)(keymat_t *this, bool in); - + /* * Get a crypter to en-/decrypt IKE messages. * @@ -114,7 +114,7 @@ struct keymat_t { * @return crypter */ crypter_t* (*get_crypter)(keymat_t *this, bool in); - + /** * Generate octets to use for authentication procedure (RFC4306 2.15). * diff --git a/src/charon/sa/mediation_manager.c b/src/charon/sa/mediation_manager.c index a69c00173..b91a66163 100644 --- a/src/charon/sa/mediation_manager.c +++ b/src/charon/sa/mediation_manager.c @@ -31,8 +31,8 @@ struct peer_t { identification_t *id; /** sa id of the peer, NULL if offline */ - ike_sa_id_t *ike_sa_id; - + ike_sa_id_t *ike_sa_id; + /** list of peer ids that reuested this peer */ linked_list_t *requested_by; }; @@ -54,12 +54,12 @@ static void peer_destroy(peer_t *this) static peer_t *peer_create(identification_t *id, ike_sa_id_t* ike_sa_id) { peer_t *this = malloc_thing(peer_t); - + /* clone everything */ this->id = id->clone(id); this->ike_sa_id = ike_sa_id ? ike_sa_id->clone(ike_sa_id) : NULL; this->requested_by = linked_list_create(); - + return this; } @@ -74,7 +74,7 @@ struct private_mediation_manager_t { * Public interface of mediation_manager_t. */ mediation_manager_t public; - + /** * Lock for exclusivly accessing the manager. */ @@ -93,7 +93,7 @@ static void register_peer(peer_t *peer, identification_t *peer_id) { iterator_t *iterator; identification_t *current; - + iterator = peer->requested_by->create_iterator(peer->requested_by, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { @@ -104,7 +104,7 @@ static void register_peer(peer_t *peer, identification_t *peer_id) } } iterator->destroy(iterator); - + peer->requested_by->insert_last(peer->requested_by, peer_id->clone(peer_id)); } @@ -117,7 +117,7 @@ static status_t get_peer_by_id(private_mediation_manager_t *this, iterator_t *iterator; peer_t *current; status_t status = NOT_FOUND; - + iterator = this->peers->create_iterator(this->peers, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { @@ -161,7 +161,7 @@ static void unregister_peer(private_mediation_manager_t *this, identification_t } } iterator_r->destroy(iterator_r); - + if (!peer->ike_sa_id && !peer->requested_by->get_count(peer->requested_by)) { iterator->remove(iterator); @@ -181,16 +181,16 @@ static void remove_sa(private_mediation_manager_t *this, ike_sa_id_t *ike_sa_id) peer_t *peer; this->mutex->lock(this->mutex); - + iterator = this->peers->create_iterator(this->peers, TRUE); while (iterator->iterate(iterator, (void**)&peer)) { if (ike_sa_id->equals(ike_sa_id, peer->ike_sa_id)) { iterator->remove(iterator); - + unregister_peer(this, peer->id); - + peer_destroy(peer); break; } @@ -222,7 +222,7 @@ static void update_sa_id(private_mediation_manager_t *this, identification_t *pe } } iterator->destroy(iterator); - + if (!found) { DBG2(DBG_IKE, "adding peer '%Y'", peer_id); @@ -230,9 +230,9 @@ static void update_sa_id(private_mediation_manager_t *this, identification_t *pe this->peers->insert_last(this->peers, peer); } - DBG2(DBG_IKE, "changing registered IKE_SA ID of peer '%Y'", peer_id); + DBG2(DBG_IKE, "changing registered IKE_SA ID of peer '%Y'", peer_id); peer->ike_sa_id = ike_sa_id ? ike_sa_id->clone(ike_sa_id) : NULL; - + /* send callbacks to registered peers */ identification_t *requester; while(peer->requested_by->remove_last(peer->requested_by, (void**)&requester) == SUCCESS) @@ -241,7 +241,7 @@ static void update_sa_id(private_mediation_manager_t *this, identification_t *pe charon->processor->queue_job(charon->processor, job); requester->destroy(requester); } - + this->mutex->unlock(this->mutex); } @@ -286,7 +286,7 @@ static ike_sa_id_t *check_and_register(private_mediation_manager_t *this, peer = peer_create(peer_id, NULL); this->peers->insert_last(this->peers, peer); } - + if (!peer->ike_sa_id) { /* the peer is not online */ @@ -309,9 +309,9 @@ static ike_sa_id_t *check_and_register(private_mediation_manager_t *this, static void destroy(private_mediation_manager_t *this) { this->mutex->lock(this->mutex); - + this->peers->destroy_function(this->peers, (void*)peer_destroy); - + this->mutex->unlock(this->mutex); this->mutex->destroy(this->mutex); free(this); @@ -329,9 +329,9 @@ mediation_manager_t *mediation_manager_create() this->public.update_sa_id = (void(*)(mediation_manager_t*,identification_t*,ike_sa_id_t*))update_sa_id; this->public.check = (ike_sa_id_t*(*)(mediation_manager_t*,identification_t*))check; this->public.check_and_register = (ike_sa_id_t*(*)(mediation_manager_t*,identification_t*,identification_t*))check_and_register; - + this->peers = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - + return (mediation_manager_t*)this; } diff --git a/src/charon/sa/mediation_manager.h b/src/charon/sa/mediation_manager.h index 29e16d84f..60d2ccf76 100644 --- a/src/charon/sa/mediation_manager.h +++ b/src/charon/sa/mediation_manager.h @@ -31,48 +31,48 @@ typedef struct mediation_manager_t mediation_manager_t; * peers and registered requests for offline peers on the mediation server. */ struct mediation_manager_t { - + /** * Remove the IKE_SA of a peer. - * + * * @param ike_sa_id the IKE_SA ID of the peer's SA */ void (*remove) (mediation_manager_t* this, ike_sa_id_t *ike_sa_id); - + /** * Update the ike_sa_id that is assigned to a peer's ID. If the peer - * is new, it gets a new record assigned. - * + * is new, it gets a new record assigned. + * * @param peer_id the peer's ID * @param ike_sa_id the IKE_SA ID of the peer's SA */ void (*update_sa_id) (mediation_manager_t* this, identification_t *peer_id, ike_sa_id_t *ike_sa_id); - + /** * Checks if a specific peer is online. - * + * * @param peer_id the peer's ID - * @returns + * @returns * - IKE_SA ID of the peer's SA. * - NULL, if the peer is not online. */ ike_sa_id_t* (*check) (mediation_manager_t* this, identification_t *peer_id); - + /** * Checks if a specific peer is online and registers the requesting * peer if it is not. - * + * * @param peer_id the peer's ID * @param requester the requesters ID - * @returns + * @returns * - IKE_SA ID of the peer's SA. * - NULL, if the peer is not online. */ ike_sa_id_t* (*check_and_register) (mediation_manager_t* this, identification_t *peer_id, identification_t *requester); - + /** * Destroys the manager with all data. */ @@ -81,7 +81,7 @@ struct mediation_manager_t { /** * Create a manager. - * + * * @returns mediation_manager_t object */ mediation_manager_t *mediation_manager_create(void); diff --git a/src/charon/sa/task_manager.c b/src/charon/sa/task_manager.c index b3d678bf3..0504cde45 100644 --- a/src/charon/sa/task_manager.c +++ b/src/charon/sa/task_manager.c @@ -46,12 +46,12 @@ typedef struct exchange_t exchange_t; * An exchange in the air, used do detect and handle retransmission */ struct exchange_t { - + /** * Message ID used for this transaction */ u_int32_t mid; - + /** * generated packet for retransmission */ @@ -64,17 +64,17 @@ typedef struct private_task_manager_t private_task_manager_t; * private data of the task manager */ struct private_task_manager_t { - + /** * public functions */ task_manager_t public; - + /** * associated IKE_SA we are serving */ ike_sa_t *ike_sa; - + /** * Exchange we are currently handling as responder */ @@ -83,14 +83,14 @@ struct private_task_manager_t { * Message ID of the exchange */ u_int32_t mid; - + /** * packet for retransmission */ packet_t *packet; - + } responding; - + /** * Exchange we are currently handling as initiator */ @@ -99,7 +99,7 @@ struct private_task_manager_t { * Message ID of the exchange */ u_int32_t mid; - + /** * how many times we have retransmitted so far */ @@ -109,29 +109,29 @@ struct private_task_manager_t { * packet for retransmission */ packet_t *packet; - + /** * type of the initated exchange */ exchange_type_t type; - + } initiating; - + /** * List of queued tasks not yet in action */ linked_list_t *queued_tasks; - + /** * List of active tasks, initiated by ourselve */ linked_list_t *active_tasks; - + /** * List of tasks initiated by peer */ linked_list_t *passive_tasks; - + /** * the task manager has been reset */ @@ -162,7 +162,7 @@ static bool activate_task(private_task_manager_t *this, task_type_t type) iterator_t *iterator; task_t *task; bool found = FALSE; - + iterator = this->queued_tasks->create_iterator(this->queued_tasks, TRUE); while (iterator->iterate(iterator, (void**)&task)) { @@ -192,7 +192,7 @@ static status_t retransmit(private_task_manager_t *this, u_int32_t message_id) packet_t *packet; task_t *task; ike_mobike_t *mobike = NULL; - + /* check if we are retransmitting a MOBIKE routability check */ iterator = this->active_tasks->create_iterator(this->active_tasks, TRUE); while (iterator->iterate(iterator, (void*)&task)) @@ -226,7 +226,7 @@ static status_t retransmit(private_task_manager_t *this, u_int32_t message_id) } return DESTROY_ME; } - + if (this->initiating.retransmitted) { DBG1(DBG_IKE, "retransmit %d of request with message ID %d", @@ -247,7 +247,7 @@ static status_t retransmit(private_task_manager_t *this, u_int32_t message_id) charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); return DESTROY_ME; } - + if (this->initiating.retransmitted) { DBG1(DBG_IKE, "path probing attempt %d", @@ -256,9 +256,9 @@ static status_t retransmit(private_task_manager_t *this, u_int32_t message_id) packet = this->initiating.packet->clone(this->initiating.packet); mobike->transmit(mobike, packet); } - + charon->sender->send(charon->sender, packet); - + this->initiating.retransmitted++; job = (job_t*)retransmit_job_create(this->initiating.mid, this->ike_sa->get_id(this->ike_sa)); @@ -279,14 +279,14 @@ static status_t build_request(private_task_manager_t *this) host_t *me, *other; status_t status; exchange_type_t exchange = 0; - + if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED) { DBG2(DBG_IKE, "delaying task initiation, exchange in progress"); /* do not initiate if we already have a message in the air */ return SUCCESS; } - + if (this->active_tasks->get_count(this->active_tasks) == 0) { DBG2(DBG_IKE, "activating new tasks"); @@ -402,17 +402,17 @@ static status_t build_request(private_task_manager_t *this) } iterator->destroy(iterator); } - + if (exchange == 0) { DBG2(DBG_IKE, "nothing to initiate"); /* nothing to do yet... */ return SUCCESS; } - + me = this->ike_sa->get_my_host(this->ike_sa); other = this->ike_sa->get_other_host(this->ike_sa); - + message = message_create(); message->set_message_id(message, this->initiating.mid); message->set_source(message, me->clone(me)); @@ -420,7 +420,7 @@ static status_t build_request(private_task_manager_t *this) message->set_exchange_type(message, exchange); this->initiating.type = exchange; this->initiating.retransmitted = 0; - + iterator = this->active_tasks->create_iterator(this->active_tasks, TRUE); while (iterator->iterate(iterator, (void*)&task)) { @@ -450,10 +450,10 @@ static status_t build_request(private_task_manager_t *this) } } iterator->destroy(iterator); - + /* update exchange type if a task changed it */ this->initiating.type = message->get_exchange_type(message); - + status = this->ike_sa->generate_message(this->ike_sa, message, &this->initiating.packet); if (status != SUCCESS) @@ -465,10 +465,10 @@ static status_t build_request(private_task_manager_t *this) charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); return DESTROY_ME; } - + charon->bus->message(charon->bus, message, FALSE); message->destroy(message); - + return retransmit(this, this->initiating.mid); } @@ -480,7 +480,7 @@ static status_t process_response(private_task_manager_t *this, { iterator_t *iterator; task_t *task; - + if (message->get_exchange_type(message) != this->initiating.type) { DBG1(DBG_IKE, "received %N response, but expected %N", @@ -489,7 +489,7 @@ static status_t process_response(private_task_manager_t *this, charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); return DESTROY_ME; } - + /* catch if we get resetted while processing */ this->reset = FALSE; iterator = this->active_tasks->create_iterator(this->active_tasks, TRUE); @@ -524,12 +524,12 @@ static status_t process_response(private_task_manager_t *this, } } iterator->destroy(iterator); - + this->initiating.mid++; this->initiating.type = EXCHANGE_TYPE_UNDEFINED; this->initiating.packet->destroy(this->initiating.packet); this->initiating.packet = NULL; - + return build_request(this); } @@ -541,9 +541,9 @@ static void handle_collisions(private_task_manager_t *this, task_t *task) iterator_t *iterator; task_t *active; task_type_t type; - + type = task->get_type(task); - + /* do we have to check */ if (type == IKE_REKEY || type == CHILD_REKEY || type == CHILD_DELETE || type == IKE_DELETE || type == IKE_REAUTH) @@ -594,10 +594,10 @@ static status_t build_response(private_task_manager_t *this, message_t *request) host_t *me, *other; bool delete = FALSE; status_t status; - + me = request->get_destination(request); other = request->get_source(request); - + message = message_create(); message->set_exchange_type(message, request->get_exchange_type(request)); /* send response along the path the request came in */ @@ -605,7 +605,7 @@ static status_t build_response(private_task_manager_t *this, message_t *request) message->set_destination(message, other->clone(other)); message->set_message_id(message, this->responding.mid); message->set_request(message, FALSE); - + iterator = this->passive_tasks->create_iterator(this->passive_tasks, TRUE); while (iterator->iterate(iterator, (void*)&task)) { @@ -633,14 +633,14 @@ static status_t build_response(private_task_manager_t *this, message_t *request) } } iterator->destroy(iterator); - + /* remove resonder SPI if IKE_SA_INIT failed */ if (delete && request->get_exchange_type(request) == IKE_SA_INIT) { ike_sa_id_t *id = this->ike_sa->get_id(this->ike_sa); id->set_responder_spi(id, 0); } - + /* message complete, send it */ DESTROY_IF(this->responding.packet); this->responding.packet = NULL; @@ -653,7 +653,7 @@ static status_t build_response(private_task_manager_t *this, message_t *request) charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); return DESTROY_ME; } - + charon->sender->send(charon->sender, this->responding.packet->clone(this->responding.packet)); if (delete) @@ -675,7 +675,7 @@ static status_t process_request(private_task_manager_t *this, payload_t *payload; notify_payload_t *notify; delete_payload_t *delete; - + if (this->passive_tasks->get_count(this->passive_tasks) == 0) { /* create tasks depending on request type, if not already some queued */ switch (message->get_exchange_type(message)) @@ -737,7 +737,7 @@ static status_t process_request(private_task_manager_t *this, } } enumerator->destroy(enumerator); - + if (ts_found) { if (notify_found) @@ -816,7 +816,7 @@ static status_t process_request(private_task_manager_t *this, } } enumerator->destroy(enumerator); - + if (task == NULL) { task = (task_t*)ike_dpd_create(FALSE); @@ -835,7 +835,7 @@ static status_t process_request(private_task_manager_t *this, break; } } - + /* let the tasks process the message */ iterator = this->passive_tasks->create_iterator(this->passive_tasks, TRUE); while (iterator->iterate(iterator, (void*)&task)) @@ -863,7 +863,7 @@ static status_t process_request(private_task_manager_t *this, } } iterator->destroy(iterator); - + return build_response(this, message); } @@ -873,7 +873,7 @@ static status_t process_request(private_task_manager_t *this, static status_t process_message(private_task_manager_t *this, message_t *msg) { u_int32_t mid = msg->get_message_id(msg); - + if (msg->get_request(msg)) { if (mid == this->responding.mid) @@ -890,7 +890,7 @@ static status_t process_message(private_task_manager_t *this, message_t *msg) { packet_t *clone; host_t *me, *other; - + DBG1(DBG_IKE, "received retransmit of request with ID %d, " "retransmitting response", mid); clone = this->responding.packet->clone(this->responding.packet); @@ -935,7 +935,7 @@ static void queue_task(private_task_manager_t *this, task_t *task) { /* there is no need to queue more than one mobike task */ iterator_t *iterator; task_t *current; - + iterator = this->queued_tasks->create_iterator(this->queued_tasks, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { @@ -958,7 +958,7 @@ static void queue_task(private_task_manager_t *this, task_t *task) static void adopt_tasks(private_task_manager_t *this, private_task_manager_t *other) { task_t *task; - + /* move queued tasks from other to this */ while (other->queued_tasks->remove_last(other->queued_tasks, (void**)&task) == SUCCESS) @@ -984,7 +984,7 @@ static void reset(private_task_manager_t *this, u_int32_t initiate, u_int32_t respond) { task_t *task; - + /* reset message counters and retransmit packets */ DESTROY_IF(this->responding.packet); DESTROY_IF(this->initiating.packet); @@ -999,7 +999,7 @@ static void reset(private_task_manager_t *this, this->responding.mid = respond; } this->initiating.type = EXCHANGE_TYPE_UNDEFINED; - + /* reset active tasks */ while (this->active_tasks->remove_last(this->active_tasks, (void**)&task) == SUCCESS) @@ -1007,7 +1007,7 @@ static void reset(private_task_manager_t *this, task->migrate(task, this->ike_sa); this->queued_tasks->insert_first(this->queued_tasks, task); } - + this->reset = TRUE; } @@ -1017,11 +1017,11 @@ static void reset(private_task_manager_t *this, static void destroy(private_task_manager_t *this) { flush(this); - + this->active_tasks->destroy(this->active_tasks); this->queued_tasks->destroy(this->queued_tasks); this->passive_tasks->destroy(this->passive_tasks); - + DESTROY_IF(this->responding.packet); DESTROY_IF(this->initiating.packet); free(this); @@ -1033,7 +1033,7 @@ static void destroy(private_task_manager_t *this) task_manager_t *task_manager_create(ike_sa_t *ike_sa) { private_task_manager_t *this = malloc_thing(private_task_manager_t); - + this->public.process_message = (status_t(*)(task_manager_t*,message_t*))process_message; this->public.queue_task = (void(*)(task_manager_t*,task_t*))queue_task; this->public.initiate = (status_t(*)(task_manager_t*))build_request; @@ -1042,7 +1042,7 @@ task_manager_t *task_manager_create(ike_sa_t *ike_sa) this->public.adopt_tasks = (void(*)(task_manager_t*,task_manager_t*))adopt_tasks; this->public.busy = (bool(*)(task_manager_t*))busy; this->public.destroy = (void(*)(task_manager_t*))destroy; - + this->ike_sa = ike_sa; this->responding.packet = NULL; this->initiating.packet = NULL; @@ -1053,6 +1053,6 @@ task_manager_t *task_manager_create(ike_sa_t *ike_sa) this->active_tasks = linked_list_create(); this->passive_tasks = linked_list_create(); this->reset = FALSE; - + return &this->public; } diff --git a/src/charon/sa/task_manager.h b/src/charon/sa/task_manager.h index 9c3b2cc87..11c85a837 100644 --- a/src/charon/sa/task_manager.h +++ b/src/charon/sa/task_manager.h @@ -69,7 +69,7 @@ typedef struct task_manager_t task_manager_t; * For the initial IKE_SA setup, several tasks are queued: One for the * unauthenticated IKE_SA setup, one for authentication, one for CHILD_SA setup * and maybe one for virtual IP assignement. - * The task manager is also responsible for retransmission. It uses a backoff + * The task manager is also responsible for retransmission. It uses a backoff * algorithm. The timeout is calculated using * RETRANSMIT_TIMEOUT * (RETRANSMIT_BASE ** try). * When try reaches RETRANSMIT_TRIES, retransmission is given up. @@ -84,7 +84,7 @@ typedef struct task_manager_t task_manager_t; 4s * (1.8 ** 3) = 23s 47s 4s * (1.8 ** 4) = 42s 89s 4s * (1.8 ** 5) = 76s 165s - + @endverbatim * The peer is considered dead after 2min 45s when no reply comes in. */ @@ -92,7 +92,7 @@ struct task_manager_t { /** * Process an incoming message. - * + * * @param message message to add payloads to * @return * - DESTROY_ME if IKE_SA must be closed @@ -118,24 +118,24 @@ struct task_manager_t { * A return value of INVALID_STATE means that the message was already * acknowledged and has not to be retransmitted. A return value of SUCCESS * means retransmission was required and the message has been resent. - * + * * @param message_id ID of the message to retransmit * @return * - INVALID_STATE if retransmission not required * - SUCCESS if retransmission sent */ status_t (*retransmit) (task_manager_t *this, u_int32_t message_id); - + /** * Migrate all tasks from other to this. * * To rekey or reestablish an IKE_SA completely, all queued or active * tasks should get migrated to the new IKE_SA. - * + * * @param other manager which gives away its tasks */ void (*adopt_tasks) (task_manager_t *this, task_manager_t *other); - + /** * Reset message ID counters of the task manager. * @@ -149,14 +149,14 @@ struct task_manager_t { * @param respond message ID to respond to exchanges (expect) */ void (*reset) (task_manager_t *this, u_int32_t initiate, u_int32_t respond); - + /** * Check if we are currently waiting for a reply. * * @return TRUE if we are waiting, FALSE otherwise */ bool (*busy) (task_manager_t *this); - + /** * Destroy the task_manager_t. */ diff --git a/src/charon/sa/tasks/child_create.c b/src/charon/sa/tasks/child_create.c index 558938f2e..def190d23 100644 --- a/src/charon/sa/tasks/child_create.c +++ b/src/charon/sa/tasks/child_create.c @@ -33,132 +33,132 @@ typedef struct private_child_create_t private_child_create_t; * Private members of a child_create_t task. */ struct private_child_create_t { - + /** * Public methods and task_t interface. */ child_create_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * nonce chosen by us */ chunk_t my_nonce; - + /** * nonce chosen by peer */ chunk_t other_nonce; - + /** * config to create the CHILD_SA from */ child_cfg_t *config; - + /** * list of proposal candidates */ linked_list_t *proposals; - + /** * selected proposal to use for CHILD_SA */ proposal_t *proposal; - + /** * traffic selectors for initiators side */ linked_list_t *tsi; - + /** * traffic selectors for responders side */ linked_list_t *tsr; - + /** * source of triggering packet */ traffic_selector_t *packet_tsi; - + /** * destination of triggering packet */ traffic_selector_t *packet_tsr; - + /** * optional diffie hellman exchange */ diffie_hellman_t *dh; - + /** * group used for DH exchange */ diffie_hellman_group_t dh_group; - + /** * IKE_SAs keymat */ keymat_t *keymat; - + /** * mode the new CHILD_SA uses (transport/tunnel/beet) */ ipsec_mode_t mode; - + /** * IPComp transform to use */ ipcomp_transform_t ipcomp; - + /** * IPComp transform proposed or accepted by the other peer */ ipcomp_transform_t ipcomp_received; - + /** * Own allocated SPI */ u_int32_t my_spi; - + /** * SPI received in proposal */ u_int32_t other_spi; - + /** * Own allocated Compression Parameter Index (CPI) */ u_int16_t my_cpi; - + /** * Other Compression Parameter Index (CPI), received via IPCOMP_SUPPORTED */ u_int16_t other_cpi; - + /** * reqid to use if we are rekeying */ u_int32_t reqid; - + /** * CHILD_SA which gets established */ child_sa_t *child_sa; - + /** * successfully established the CHILD? */ bool established; - + /** * whether the CHILD_SA rekeys an existing one */ @@ -171,7 +171,7 @@ struct private_child_create_t { static status_t get_nonce(message_t *message, chunk_t *nonce) { nonce_payload_t *payload; - + payload = (nonce_payload_t*)message->get_payload(message, NONCE); if (payload == NULL) { @@ -187,7 +187,7 @@ static status_t get_nonce(message_t *message, chunk_t *nonce) static status_t generate_nonce(chunk_t *nonce) { rng_t *rng; - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -207,7 +207,7 @@ static bool ts_list_is_host(linked_list_t *list, host_t *host) traffic_selector_t *ts; bool is_host = TRUE; iterator_t *iterator = list->create_iterator(list, TRUE); - + while (is_host && iterator->iterate(iterator, (void**)&ts)) { is_host = is_host && ts->is_host(ts, host); @@ -223,8 +223,8 @@ static bool allocate_spi(private_child_create_t *this) { enumerator_t *enumerator; proposal_t *proposal; - - /* TODO: allocate additional SPI for AH if we have such proposals */ + + /* TODO: allocate additional SPI for AH if we have such proposals */ this->my_spi = this->child_sa->alloc_spi(this->child_sa, PROTO_ESP); if (this->my_spi) { @@ -260,7 +260,7 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) chunk_t integ_i = chunk_empty, integ_r = chunk_empty; linked_list_t *my_ts, *other_ts; host_t *me, *other, *other_vip, *my_vip; - + if (this->proposals == NULL) { DBG1(DBG_IKE, "SA payload missing in message"); @@ -271,12 +271,12 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) DBG1(DBG_IKE, "TS payloads missing in message"); return NOT_FOUND; } - + me = this->ike_sa->get_my_host(this->ike_sa); other = this->ike_sa->get_other_host(this->ike_sa); my_vip = this->ike_sa->get_virtual_ip(this->ike_sa, TRUE); other_vip = this->ike_sa->get_virtual_ip(this->ike_sa, FALSE); - + this->proposal = this->config->select_proposal(this->config, this->proposals, no_dh); if (this->proposal == NULL) @@ -285,18 +285,18 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) return FAILED; } this->other_spi = this->proposal->get_spi(this->proposal); - + if (!this->initiator && !allocate_spi(this)) { /* responder has no SPI allocated yet */ DBG1(DBG_IKE, "allocating SPI failed"); return FAILED; } this->child_sa->set_proposal(this->child_sa, this->proposal); - + if (!this->proposal->has_dh_group(this->proposal, this->dh_group)) { u_int16_t group; - + if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP, &group, NULL)) { @@ -312,7 +312,7 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) return FAILED; } } - + if (my_vip == NULL) { my_vip = me; @@ -321,7 +321,7 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) { other_vip = other; } - + if (this->initiator) { nonce_i = this->my_nonce; @@ -338,9 +338,9 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) } my_ts = this->config->get_traffic_selectors(this->config, TRUE, my_ts, my_vip); - other_ts = this->config->get_traffic_selectors(this->config, FALSE, other_ts, + other_ts = this->config->get_traffic_selectors(this->config, FALSE, other_ts, other_vip); - + if (my_ts->get_count(my_ts) == 0 || other_ts->get_count(other_ts) == 0) { my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy)); @@ -348,7 +348,7 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) DBG1(DBG_IKE, "no acceptable traffic selectors found"); return NOT_FOUND; } - + this->tsr->destroy_offset(this->tsr, offsetof(traffic_selector_t, destroy)); this->tsi->destroy_offset(this->tsi, offsetof(traffic_selector_t, destroy)); if (this->initiator) @@ -361,7 +361,7 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) this->tsr = my_ts; this->tsi = other_ts; } - + if (!this->initiator) { /* check if requested mode is acceptable, downgrade if required */ @@ -394,13 +394,13 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) break; } } - + this->child_sa->set_state(this->child_sa, CHILD_INSTALLING); this->child_sa->set_ipcomp(this->child_sa, this->ipcomp); this->child_sa->set_mode(this->child_sa, this->mode); this->child_sa->set_protocol(this->child_sa, this->proposal->get_protocol(this->proposal)); - + if (this->my_cpi == 0 || this->other_cpi == 0 || this->ipcomp == IPCOMP_NONE) { this->my_cpi = this->other_cpi = 0; @@ -429,7 +429,7 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) chunk_clear(&integ_r); chunk_clear(&encr_i); chunk_clear(&encr_r); - + if (status_i != SUCCESS || status_o != SUCCESS) { DBG1(DBG_IKE, "unable to install %s%s%sIPsec SA (SAD) in kernel", @@ -438,17 +438,17 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) (status_o != SUCCESS) ? "outbound " : ""); return FAILED; } - + status = this->child_sa->add_policies(this->child_sa, my_ts, other_ts); if (status != SUCCESS) - { + { DBG1(DBG_IKE, "unable to install IPsec policies (SPD) in kernel"); return NOT_FOUND; } - + charon->bus->child_keys(charon->bus, this->child_sa, this->dh, nonce_i, nonce_r); - + /* add to IKE_SA, and remove from task */ this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); this->ike_sa->add_child_sa(this->ike_sa, this->child_sa); @@ -476,7 +476,7 @@ static void build_payloads(private_child_create_t *this, message_t *message) sa_payload = sa_payload_create_from_proposal(this->proposal); } message->add_payload(message, (payload_t*)sa_payload); - + /* add nonce payload if not in IKE_AUTH */ if (message->get_exchange_type(message) == CREATE_CHILD_SA) { @@ -484,14 +484,14 @@ static void build_payloads(private_child_create_t *this, message_t *message) nonce_payload->set_nonce(nonce_payload, this->my_nonce); message->add_payload(message, (payload_t*)nonce_payload); } - + /* diffie hellman exchange, if PFS enabled */ if (this->dh) { ke_payload = ke_payload_create_from_diffie_hellman(this->dh); message->add_payload(message, (payload_t*)ke_payload); } - + /* add TSi/TSr payloads */ ts_payload = ts_payload_create_from_traffic_selectors(TRUE, this->tsi); message->add_payload(message, (payload_t*)ts_payload); @@ -524,12 +524,12 @@ static void add_ipcomp_notify(private_child_create_t *this, "IPComp disabled"); return; } - + this->my_cpi = this->child_sa->alloc_cpi(this->child_sa); if (this->my_cpi) { this->ipcomp = ipcomp; - message->add_notify(message, FALSE, IPCOMP_SUPPORTED, + message->add_notify(message, FALSE, IPCOMP_SUPPORTED, chunk_cata("cc", chunk_from_thing(this->my_cpi), chunk_from_thing(ipcomp))); } @@ -557,7 +557,7 @@ static void handle_notify(private_child_create_t *this, notify_payload_t *notify ipcomp_transform_t ipcomp; u_int16_t cpi; chunk_t data; - + data = notify->get_notification_data(notify); cpi = *(u_int16_t*)data.ptr; ipcomp = (ipcomp_transform_t)(*(data.ptr + 2)); @@ -591,7 +591,7 @@ static void process_payloads(private_child_create_t *this, message_t *message) sa_payload_t *sa_payload; ke_payload_t *ke_payload; ts_payload_t *ts_payload; - + /* defaults to TUNNEL mode */ this->mode = MODE_TUNNEL; @@ -620,7 +620,7 @@ static void process_payloads(private_child_create_t *this, message_t *message) case TRAFFIC_SELECTOR_INITIATOR: ts_payload = (ts_payload_t*)payload; this->tsi = ts_payload->get_traffic_selectors(ts_payload); - break; + break; case TRAFFIC_SELECTOR_RESPONDER: ts_payload = (ts_payload_t*)payload; this->tsr = ts_payload->get_traffic_selectors(ts_payload); @@ -642,7 +642,7 @@ static status_t build_i(private_child_create_t *this, message_t *message) { host_t *me, *other, *vip; peer_cfg_t *peer_cfg; - + switch (message->get_exchange_type(message)) { case IKE_SA_INIT: @@ -668,7 +668,7 @@ static status_t build_i(private_child_create_t *this, message_t *message) default: break; } - + if (this->reqid) { DBG0(DBG_IKE, "establishing CHILD_SA %s{%d}", @@ -679,7 +679,7 @@ static status_t build_i(private_child_create_t *this, message_t *message) DBG0(DBG_IKE, "establishing CHILD_SA %s", this->config->get_name(this->config)); } - + /* reuse virtual IP if we already have one */ me = this->ike_sa->get_virtual_ip(this->ike_sa, TRUE); if (me == NULL) @@ -691,7 +691,7 @@ static status_t build_i(private_child_create_t *this, message_t *message) { other = this->ike_sa->get_other_host(this->ike_sa); } - + /* check if we want a virtual IP, but don't have one */ peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); vip = peer_cfg->get_virtual_ip(peer_cfg); @@ -708,9 +708,9 @@ static status_t build_i(private_child_create_t *this, message_t *message) this->tsi = this->config->get_traffic_selectors(this->config, TRUE, NULL, me); } - this->tsr = this->config->get_traffic_selectors(this->config, FALSE, + this->tsr = this->config->get_traffic_selectors(this->config, FALSE, NULL, other); - + if (this->packet_tsi) { this->tsi->insert_first(this->tsi, @@ -724,37 +724,37 @@ static status_t build_i(private_child_create_t *this, message_t *message) this->proposals = this->config->get_proposals(this->config, this->dh_group == MODP_NONE); this->mode = this->config->get_mode(this->config); - + this->child_sa = child_sa_create(this->ike_sa->get_my_host(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa), this->config, this->reqid, this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY)); - + if (!allocate_spi(this)) { DBG1(DBG_IKE, "unable to allocate SPIs from kernel"); return FAILED; } - + if (this->dh_group != MODP_NONE) { this->dh = this->keymat->create_dh(this->keymat, this->dh_group); } - + if (this->config->use_ipcomp(this->config)) { /* IPCOMP_DEFLATE is the only transform we support at the moment */ add_ipcomp_notify(this, message, IPCOMP_DEFLATE); } - + build_payloads(this, message); - + this->tsi->destroy_offset(this->tsi, offsetof(traffic_selector_t, destroy)); this->tsr->destroy_offset(this->tsr, offsetof(traffic_selector_t, destroy)); this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy)); this->tsi = NULL; this->tsr = NULL; this->proposals = NULL; - + return NEED_MORE; } @@ -779,9 +779,9 @@ static status_t process_r(private_child_create_t *this, message_t *message) default: break; } - + process_payloads(this, message); - + return NEED_MORE; } @@ -813,7 +813,7 @@ static status_t build_r(private_child_create_t *this, message_t *message) payload_t *payload; enumerator_t *enumerator; bool no_dh = TRUE; - + switch (message->get_exchange_type(message)) { case IKE_SA_INIT: @@ -835,19 +835,19 @@ static status_t build_r(private_child_create_t *this, message_t *message) default: break; } - + if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING) { DBG1(DBG_IKE, "unable to create CHILD_SA while rekeying IKE_SA"); message->add_notify(message, TRUE, NO_ADDITIONAL_SAS, chunk_empty); return SUCCESS; } - + peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); if (peer_cfg && this->tsi && this->tsr) { host_t *me, *other; - + me = this->ike_sa->get_virtual_ip(this->ike_sa, TRUE); if (me == NULL) { @@ -861,7 +861,7 @@ static status_t build_r(private_child_create_t *this, message_t *message) this->config = peer_cfg->select_child_cfg(peer_cfg, this->tsr, this->tsi, me, other); } - + if (this->config == NULL) { DBG1(DBG_IKE, "traffic selectors %#R=== %#R inacceptable", @@ -870,7 +870,7 @@ static status_t build_r(private_child_create_t *this, message_t *message) handle_child_sa_failure(this, message); return SUCCESS; } - + /* check if ike_config_t included non-critical error notifies */ enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) @@ -878,7 +878,7 @@ static status_t build_r(private_child_create_t *this, message_t *message) if (payload->get_type(payload) == NOTIFY) { notify_payload_t *notify = (notify_payload_t*)payload; - + switch (notify->get_notify_type(notify)) { case INTERNAL_ADDRESS_FAILURE: @@ -896,11 +896,11 @@ static status_t build_r(private_child_create_t *this, message_t *message) } } enumerator->destroy(enumerator); - + this->child_sa = child_sa_create(this->ike_sa->get_my_host(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa), this->config, this->reqid, this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY)); - + if (this->ipcomp_received != IPCOMP_NONE) { if (this->config->use_ipcomp(this->config)) @@ -913,7 +913,7 @@ static status_t build_r(private_child_create_t *this, message_t *message) notify_type_names, IPCOMP_SUPPORTED); } } - + switch (select_and_install(this, no_dh)) { case SUCCESS: @@ -936,9 +936,9 @@ static status_t build_r(private_child_create_t *this, message_t *message) handle_child_sa_failure(this, message); return SUCCESS; } - + build_payloads(this, message); - + DBG0(DBG_IKE, "CHILD_SA %s{%d} established " "with SPIs %.8x_i %.8x_o and TS %#R=== %#R", this->child_sa->get_name(this->child_sa), @@ -947,7 +947,7 @@ static status_t build_r(private_child_create_t *this, message_t *message) ntohl(this->child_sa->get_spi(this->child_sa, FALSE)), this->child_sa->get_traffic_selectors(this->child_sa, TRUE), this->child_sa->get_traffic_selectors(this->child_sa, FALSE)); - + if (!this->rekey) { /* invoke the child_up() hook if we are not rekeying */ charon->bus->child_updown(charon->bus, this->child_sa, TRUE); @@ -989,7 +989,7 @@ static status_t process_i(private_child_create_t *this, message_t *message) { notify_payload_t *notify = (notify_payload_t*)payload; notify_type_t type = notify->get_notify_type(notify); - + switch (type) { /* handle notify errors related to CHILD_SA only */ @@ -1012,14 +1012,14 @@ static status_t process_i(private_child_create_t *this, message_t *message) { chunk_t data; diffie_hellman_group_t bad_group; - + bad_group = this->dh_group; data = notify->get_notification_data(notify); this->dh_group = ntohs(*((u_int16_t*)data.ptr)); DBG1(DBG_IKE, "peer didn't accept DH group %N, " "it requested %N", diffie_hellman_group_names, bad_group, diffie_hellman_group_names, this->dh_group); - + this->public.task.migrate(&this->public.task, this->ike_sa); enumerator->destroy(enumerator); return NEED_MORE; @@ -1030,9 +1030,9 @@ static status_t process_i(private_child_create_t *this, message_t *message) } } enumerator->destroy(enumerator); - + process_payloads(this, message); - + if (this->ipcomp == IPCOMP_NONE && this->ipcomp_received != IPCOMP_NONE) { DBG1(DBG_IKE, "received an IPCOMP_SUPPORTED notify without requesting" @@ -1053,7 +1053,7 @@ static status_t process_i(private_child_create_t *this, message_t *message) handle_child_sa_failure(this, message); return SUCCESS; } - + if (select_and_install(this, no_dh) == SUCCESS) { DBG0(DBG_IKE, "CHILD_SA %s{%d} established " @@ -1064,7 +1064,7 @@ static status_t process_i(private_child_create_t *this, message_t *message) ntohl(this->child_sa->get_spi(this->child_sa, FALSE)), this->child_sa->get_traffic_selectors(this->child_sa, TRUE), this->child_sa->get_traffic_selectors(this->child_sa, FALSE)); - + if (!this->rekey) { /* invoke the child_up() hook if we are not rekeying */ charon->bus->child_updown(charon->bus, this->child_sa, TRUE); @@ -1105,7 +1105,7 @@ static child_sa_t* get_child(private_child_create_t *this) * Implementation of child_create_t.get_lower_nonce */ static chunk_t get_lower_nonce(private_child_create_t *this) -{ +{ if (memcmp(this->my_nonce.ptr, this->other_nonce.ptr, min(this->my_nonce.len, this->other_nonce.len)) < 0) { @@ -1139,7 +1139,7 @@ static void migrate(private_child_create_t *this, ike_sa_t *ike_sa) { this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy)); } - + this->ike_sa = ike_sa; this->keymat = ike_sa->get_keymat(ike_sa); this->proposal = NULL; @@ -1183,7 +1183,7 @@ static void destroy(private_child_create_t *this) { this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy)); } - + DESTROY_IF(this->config); free(this); } @@ -1216,7 +1216,7 @@ child_create_t *child_create_create(ike_sa_t *ike_sa, this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; this->initiator = FALSE; } - + this->ike_sa = ike_sa; this->config = config; this->my_nonce = chunk_empty; @@ -1241,6 +1241,6 @@ child_create_t *child_create_create(ike_sa_t *ike_sa, this->reqid = 0; this->established = FALSE; this->rekey = rekey; - + return &this->public; } diff --git a/src/charon/sa/tasks/child_create.h b/src/charon/sa/tasks/child_create.h index 41f4fe2c8..5dedeb8b1 100644 --- a/src/charon/sa/tasks/child_create.h +++ b/src/charon/sa/tasks/child_create.h @@ -31,7 +31,7 @@ typedef struct child_create_t child_create_t; /** * Task of type CHILD_CREATE, established a new CHILD_SA. * - * This task may be included in the IKE_AUTH message or in a separate + * This task may be included in the IKE_AUTH message or in a separate * CREATE_CHILD_SA exchange. */ struct child_create_t { @@ -40,24 +40,24 @@ struct child_create_t { * Implements the task_t interface */ task_t task; - + /** * Use a specific reqid for the CHILD_SA. * * When this task is used for rekeying, the same reqid is used - * for the new CHILD_SA. + * for the new CHILD_SA. * * @param reqid reqid to use */ void (*use_reqid) (child_create_t *this, u_int32_t reqid); - + /** * Get the lower of the two nonces, used for rekey collisions. * * @return lower nonce */ chunk_t (*get_lower_nonce) (child_create_t *this); - + /** * Get the CHILD_SA established/establishing by this task. * diff --git a/src/charon/sa/tasks/child_delete.c b/src/charon/sa/tasks/child_delete.c index 849767854..d7c6b0541 100644 --- a/src/charon/sa/tasks/child_delete.c +++ b/src/charon/sa/tasks/child_delete.c @@ -25,42 +25,42 @@ typedef struct private_child_delete_t private_child_delete_t; * Private members of a child_delete_t task. */ struct private_child_delete_t { - + /** * Public methods and task_t interface. */ child_delete_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * Protocol of CHILD_SA to delete */ protocol_id_t protocol; - + /** * Inbound SPI of CHILD_SA to delete */ u_int32_t spi; - + /** * whether to enforce delete action policy */ bool check_delete_action; - + /** * is this delete exchange following a rekey? */ bool rekeyed; - + /** * CHILD_SAs which get deleted */ @@ -75,10 +75,10 @@ static void build_payloads(private_child_delete_t *this, message_t *message) delete_payload_t *ah = NULL, *esp = NULL; iterator_t *iterator; child_sa_t *child_sa; - + iterator = this->child_sas->create_iterator(this->child_sas, TRUE); while (iterator->iterate(iterator, (void**)&child_sa)) - { + { protocol_id_t protocol = child_sa->get_protocol(child_sa); u_int32_t spi = child_sa->get_spi(child_sa, TRUE); @@ -91,7 +91,7 @@ static void build_payloads(private_child_delete_t *this, message_t *message) message->add_payload(message, (payload_t*)esp); } esp->add_spi(esp, spi); - DBG1(DBG_IKE, "sending DELETE for %N CHILD_SA with SPI %.8x", + DBG1(DBG_IKE, "sending DELETE for %N CHILD_SA with SPI %.8x", protocol_id_names, protocol, ntohl(spi)); break; case PROTO_AH: @@ -101,7 +101,7 @@ static void build_payloads(private_child_delete_t *this, message_t *message) message->add_payload(message, (payload_t*)ah); } ah->add_spi(ah, spi); - DBG1(DBG_IKE, "sending DELETE for %N CHILD_SA with SPI %.8x", + DBG1(DBG_IKE, "sending DELETE for %N CHILD_SA with SPI %.8x", protocol_id_names, protocol, ntohl(spi)); break; default: @@ -124,7 +124,7 @@ static void process_payloads(private_child_delete_t *this, message_t *message) u_int32_t *spi; protocol_id_t protocol; child_sa_t *child_sa; - + payloads = message->create_payload_enumerator(message); while (payloads->enumerate(payloads, &payload)) { @@ -147,9 +147,9 @@ static void process_payloads(private_child_delete_t *this, message_t *message) "but no such SA", protocol_id_names, protocol, ntohl(*spi)); continue; } - DBG1(DBG_IKE, "received DELETE for %N CHILD_SA with SPI %.8x", + DBG1(DBG_IKE, "received DELETE for %N CHILD_SA with SPI %.8x", protocol_id_names, protocol, ntohl(*spi)); - + switch (child_sa->get_state(child_sa)) { case CHILD_REKEYING: @@ -172,7 +172,7 @@ static void process_payloads(private_child_delete_t *this, message_t *message) default: break; } - + this->child_sas->insert_last(this->child_sas, child_sa); } spis->destroy(spis); @@ -192,7 +192,7 @@ static status_t destroy_and_reestablish(private_child_delete_t *this) protocol_id_t protocol; u_int32_t spi; status_t status = SUCCESS; - + iterator = this->child_sas->create_iterator(this->child_sas, TRUE); while (iterator->iterate(iterator, (void**)&child_sa)) { @@ -215,7 +215,7 @@ static status_t destroy_and_reestablish(private_child_delete_t *this) status = this->ike_sa->initiate(this->ike_sa, child_cfg, 0, NULL, NULL); break; - case ACTION_ROUTE: + case ACTION_ROUTE: charon->traps->install(charon->traps, this->ike_sa->get_peer_cfg(this->ike_sa), child_cfg); break; @@ -241,13 +241,13 @@ static void log_children(private_child_delete_t *this) iterator_t *iterator; child_sa_t *child_sa; u_int64_t bytes_in, bytes_out; - + iterator = this->child_sas->create_iterator(this->child_sas, TRUE); while (iterator->iterate(iterator, (void**)&child_sa)) { child_sa->get_usestats(child_sa, TRUE, NULL, &bytes_in); child_sa->get_usestats(child_sa, FALSE, NULL, &bytes_out); - + DBG0(DBG_IKE, "closing CHILD_SA %s{%d} " "with SPIs %.8x_i (%llu bytes) %.8x_o (%llu bytes) and TS %#R=== %#R", child_sa->get_name(child_sa), child_sa->get_reqid(child_sa), @@ -265,7 +265,7 @@ static void log_children(private_child_delete_t *this) static status_t build_i(private_child_delete_t *this, message_t *message) { child_sa_t *child_sa; - + child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol, this->spi, TRUE); if (!child_sa) @@ -297,7 +297,7 @@ static status_t process_i(private_child_delete_t *this, message_t *message) /* flush the list before adding new SAs */ this->child_sas->destroy(this->child_sas); this->child_sas = linked_list_create(); - + process_payloads(this, message); DBG1(DBG_IKE, "CHILD_SA closed"); return destroy_and_reestablish(this); @@ -321,7 +321,7 @@ static status_t build_r(private_child_delete_t *this, message_t *message) /* if we are rekeying, we send an empty informational */ if (this->ike_sa->get_state(this->ike_sa) != IKE_REKEYING) { - build_payloads(this, message); + build_payloads(this, message); } DBG1(DBG_IKE, "CHILD_SA closed"); return destroy_and_reestablish(this); @@ -352,7 +352,7 @@ static void migrate(private_child_delete_t *this, ike_sa_t *ike_sa) { this->check_delete_action = FALSE; this->ike_sa = ike_sa; - + this->child_sas->destroy(this->child_sas); this->child_sas = linked_list_create(); } @@ -378,14 +378,14 @@ child_delete_t *child_delete_create(ike_sa_t *ike_sa, protocol_id_t protocol, this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + this->ike_sa = ike_sa; this->check_delete_action = FALSE; this->child_sas = linked_list_create(); this->protocol = protocol; this->spi = spi; this->rekeyed = FALSE; - + if (protocol != PROTO_NONE) { this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; diff --git a/src/charon/sa/tasks/child_delete.h b/src/charon/sa/tasks/child_delete.h index 27d847035..365807c68 100644 --- a/src/charon/sa/tasks/child_delete.h +++ b/src/charon/sa/tasks/child_delete.h @@ -37,7 +37,7 @@ struct child_delete_t { * Implements the task_t interface */ task_t task; - + /** * Get the CHILD_SA to delete by this task. * diff --git a/src/charon/sa/tasks/child_rekey.c b/src/charon/sa/tasks/child_rekey.c index 06027d112..9db7ff4f7 100644 --- a/src/charon/sa/tasks/child_rekey.c +++ b/src/charon/sa/tasks/child_rekey.c @@ -30,47 +30,47 @@ typedef struct private_child_rekey_t private_child_rekey_t; * Private members of a child_rekey_t task. */ struct private_child_rekey_t { - + /** * Public methods and task_t interface. */ child_rekey_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * Protocol of CHILD_SA to rekey */ protocol_id_t protocol; - + /** * Inbound SPI of CHILD_SA to rekey */ u_int32_t spi; - + /** * the CHILD_CREATE task which is reused to simplify rekeying */ child_create_t *child_create; - + /** * the CHILD_DELETE task to delete rekeyed CHILD_SA */ child_delete_t *child_delete; - + /** * CHILD_SA which gets rekeyed */ child_sa_t *child_sa; - + /** * colliding task, may be delete or rekey */ @@ -84,7 +84,7 @@ static status_t build_i_delete(private_child_rekey_t *this, message_t *message) { /* update exchange type to INFORMATIONAL for the delete */ message->set_exchange_type(message, INFORMATIONAL); - + return this->child_delete->task.build(&this->child_delete->task, message); } @@ -104,13 +104,13 @@ static void find_child(private_child_rekey_t *this, message_t *message) notify_payload_t *notify; protocol_id_t protocol; u_int32_t spi; - + notify = message->get_notify(message, REKEY_SA); if (notify) { protocol = notify->get_protocol_id(notify); spi = notify->get_spi(notify); - + if (protocol == PROTO_ESP || protocol == PROTO_AH) { this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, @@ -127,7 +127,7 @@ static status_t build_i(private_child_rekey_t *this, message_t *message) notify_payload_t *notify; u_int32_t reqid; child_cfg_t *config; - + this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol, this->spi, TRUE); if (!this->child_sa) @@ -144,22 +144,22 @@ static status_t build_i(private_child_rekey_t *this, message_t *message) this->spi = this->child_sa->get_spi(this->child_sa, TRUE); } config = this->child_sa->get_config(this->child_sa); - + /* we just need the rekey notify ... */ notify = notify_payload_create_from_protocol_and_type(this->protocol, REKEY_SA); notify->set_spi(notify, this->spi); message->add_payload(message, (payload_t*)notify); - + /* ... our CHILD_CREATE task does the hard work for us. */ reqid = this->child_sa->get_reqid(this->child_sa); this->child_create = child_create_create(this->ike_sa, config, TRUE, NULL, NULL); this->child_create->use_reqid(this->child_create, reqid); this->child_create->task.build(&this->child_create->task, message); - + this->child_sa->set_state(this->child_sa, CHILD_REKEYING); - + return NEED_MORE; } @@ -170,9 +170,9 @@ static status_t process_r(private_child_rekey_t *this, message_t *message) { /* let the CHILD_CREATE task process the message */ this->child_create->task.process(&this->child_create->task, message); - + find_child(this, message); - + return NEED_MORE; } @@ -190,21 +190,21 @@ static status_t build_r(private_child_rekey_t *this, message_t *message) message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty); return SUCCESS; } - + /* let the CHILD_CREATE task build the response */ reqid = this->child_sa->get_reqid(this->child_sa); this->child_create->use_reqid(this->child_create, reqid); this->child_create->task.build(&this->child_create->task, message); - + if (message->get_payload(message, SECURITY_ASSOCIATION) == NULL) { /* rekeying failed, reuse old child */ this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); return SUCCESS; } - + this->child_sa->set_state(this->child_sa, CHILD_REKEYING); - + /* invoke rekey hook */ charon->bus->child_rekey(charon->bus, this->child_sa, this->child_create->get_child(this->child_create)); @@ -219,7 +219,7 @@ static status_t process_i(private_child_rekey_t *this, message_t *message) protocol_id_t protocol; u_int32_t spi; child_sa_t *to_delete; - + if (message->get_notify(message, NO_ADDITIONAL_SAS)) { DBG1(DBG_IKE, "peer seems to not support CHILD_SA rekeying, " @@ -230,7 +230,7 @@ static status_t process_i(private_child_rekey_t *this, message_t *message) this->ike_sa->get_id(this->ike_sa), TRUE)); return SUCCESS; } - + if (this->child_create->task.process(&this->child_create->task, message) == NEED_MORE) { @@ -242,12 +242,12 @@ static status_t process_i(private_child_rekey_t *this, message_t *message) { /* establishing new child failed, reuse old. but not when we * recieved a delete in the meantime */ - if (!(this->collision && + if (!(this->collision && this->collision->get_type(this->collision) == CHILD_DELETE)) { job_t *job; u_int32_t retry = RETRY_INTERVAL - (random() % RETRY_JITTER); - + job = (job_t*)rekey_child_sa_job_create( this->child_sa->get_reqid(this->child_sa), this->child_sa->get_protocol(this->child_sa), @@ -259,22 +259,22 @@ static status_t process_i(private_child_rekey_t *this, message_t *message) } return SUCCESS; } - + to_delete = this->child_sa; - + /* check for rekey collisions */ if (this->collision && this->collision->get_type(this->collision) == CHILD_REKEY) { chunk_t this_nonce, other_nonce; private_child_rekey_t *other = (private_child_rekey_t*)this->collision; - + this_nonce = this->child_create->get_lower_nonce(this->child_create); other_nonce = other->child_create->get_lower_nonce(other->child_create); - + /* if we have the lower nonce, delete rekeyed SA. If not, delete * the redundant. */ - if (memcmp(this_nonce.ptr, other_nonce.ptr, + if (memcmp(this_nonce.ptr, other_nonce.ptr, min(this_nonce.len, other_nonce.len)) < 0) { DBG1(DBG_IKE, "CHILD_SA rekey collision won, deleting rekeyed child"); @@ -290,21 +290,21 @@ static status_t process_i(private_child_rekey_t *this, message_t *message) } } } - + if (to_delete != this->child_create->get_child(this->child_create)) { /* invoke rekey hook if rekeying successful */ charon->bus->child_rekey(charon->bus, this->child_sa, this->child_create->get_child(this->child_create)); } - + spi = to_delete->get_spi(to_delete, TRUE); protocol = to_delete->get_protocol(to_delete); - + /* rekeying done, delete the obsolete CHILD_SA using a subtask */ this->child_delete = child_delete_create(this->ike_sa, protocol, spi); this->public.task.build = (status_t(*)(task_t*,message_t*))build_i_delete; this->public.task.process = (status_t(*)(task_t*,message_t*))process_i_delete; - + return NEED_MORE; } @@ -321,7 +321,7 @@ static task_type_t get_type(private_child_rekey_t *this) */ static void collide(private_child_rekey_t *this, task_t *other) { - /* the task manager only detects exchange collision, but not if + /* the task manager only detects exchange collision, but not if * the collision is for the same child. we check it here. */ if (other->get_type(other) == CHILD_REKEY) { @@ -338,7 +338,7 @@ static void collide(private_child_rekey_t *this, task_t *other) child_delete_t *del = (child_delete_t*)other; if (del == NULL || del->get_child(del) != this->child_sa) { - /* not the same child => no collision */ + /* not the same child => no collision */ other->destroy(other); return; } @@ -357,7 +357,7 @@ static void collide(private_child_rekey_t *this, task_t *other) * Implementation of task_t.migrate */ static void migrate(private_child_rekey_t *this, ike_sa_t *ike_sa) -{ +{ if (this->child_create) { this->child_create->task.migrate(&this->child_create->task, ike_sa); @@ -367,7 +367,7 @@ static void migrate(private_child_rekey_t *this, ike_sa_t *ike_sa) this->child_delete->task.migrate(&this->child_delete->task, ike_sa); } DESTROY_IF(this->collision); - + this->ike_sa = ike_sa; this->collision = NULL; } @@ -396,7 +396,7 @@ child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol, u_int32_t spi) { private_child_rekey_t *this = malloc_thing(private_child_rekey_t); - + this->public.collide = (void (*)(child_rekey_t*,task_t*))collide; this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; @@ -415,13 +415,13 @@ child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol, this->initiator = FALSE; this->child_create = child_create_create(ike_sa, NULL, TRUE, NULL, NULL); } - + this->ike_sa = ike_sa; this->child_sa = NULL; this->protocol = protocol; this->spi = spi; this->collision = NULL; this->child_delete = NULL; - + return &this->public; } diff --git a/src/charon/sa/tasks/child_rekey.h b/src/charon/sa/tasks/child_rekey.h index 5aae2fb39..0a624796d 100644 --- a/src/charon/sa/tasks/child_rekey.h +++ b/src/charon/sa/tasks/child_rekey.h @@ -37,7 +37,7 @@ struct child_rekey_t { * Implements the task_t interface */ task_t task; - + /** * Register a rekeying task which collides with this one * diff --git a/src/charon/sa/tasks/ike_auth.c b/src/charon/sa/tasks/ike_auth.c index d0b2a7e91..9f8fc89a2 100644 --- a/src/charon/sa/tasks/ike_auth.c +++ b/src/charon/sa/tasks/ike_auth.c @@ -31,82 +31,82 @@ typedef struct private_ike_auth_t private_ike_auth_t; * Private members of a ike_auth_t task. */ struct private_ike_auth_t { - + /** * Public methods and task_t interface. */ ike_auth_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * Nonce chosen by us in ike_init */ chunk_t my_nonce; - + /** * Nonce chosen by peer in ike_init */ chunk_t other_nonce; - + /** * IKE_SA_INIT message sent by us */ packet_t *my_packet; - + /** * IKE_SA_INIT message sent by peer */ packet_t *other_packet; - + /** * completed authentication configs initiated by us (auth_cfg_t) */ linked_list_t *my_cfgs; - + /** * completed authentication configs initiated by other (auth_cfg_t) */ linked_list_t *other_cfgs;; - + /** * currently active authenticator, to authenticate us */ authenticator_t *my_auth; - + /** * currently active authenticator, to authenticate peer */ authenticator_t *other_auth; - + /** * peer_cfg candidates, ordered by priority */ linked_list_t *candidates; - + /** * selected peer config (might change when using multiple authentications) */ peer_cfg_t *peer_cfg; - + /** * have we planned an(other) authentication exchange? */ bool do_another_auth; - + /** * has the peer announced another authentication exchange? */ bool expect_another_auth; - + /** * should we send a AUTHENTICATION_FAILED notify? */ @@ -129,7 +129,7 @@ static status_t collect_my_init_data(private_ike_auth_t *this, message_t *message) { nonce_payload_t *nonce; - + /* get the nonce that was generated in ike_init */ nonce = (nonce_payload_t*)message->get_payload(message, NONCE); if (nonce == NULL) @@ -137,14 +137,14 @@ static status_t collect_my_init_data(private_ike_auth_t *this, return FAILED; } this->my_nonce = nonce->get_nonce(nonce); - + /* pre-generate the message, keep a copy */ if (this->ike_sa->generate_message(this->ike_sa, message, &this->my_packet) != SUCCESS) { return FAILED; } - return NEED_MORE; + return NEED_MORE; } /** @@ -155,7 +155,7 @@ static status_t collect_other_init_data(private_ike_auth_t *this, { /* we collect the needed information in the IKE_SA_INIT exchange */ nonce_payload_t *nonce; - + /* get the nonce that was generated in ike_init */ nonce = (nonce_payload_t*)message->get_payload(message, NONCE); if (nonce == NULL) @@ -163,10 +163,10 @@ static status_t collect_other_init_data(private_ike_auth_t *this, return FAILED; } this->other_nonce = nonce->get_nonce(nonce); - + /* keep a copy of the received packet */ this->other_packet = message->get_packet(message); - return NEED_MORE; + return NEED_MORE; } /** @@ -176,13 +176,13 @@ static auth_cfg_t *get_auth_cfg(private_ike_auth_t *this, bool local) { enumerator_t *e1, *e2; auth_cfg_t *c1, *c2, *next = NULL; - + /* find an available config not already done */ e1 = this->peer_cfg->create_auth_cfg_enumerator(this->peer_cfg, local); while (e1->enumerate(e1, &c1)) { bool found = FALSE; - + if (local) { e2 = this->my_cfgs->create_enumerator(this->my_cfgs); @@ -218,12 +218,12 @@ static bool do_another_auth(private_ike_auth_t *this) bool do_another = FALSE; enumerator_t *done, *todo; auth_cfg_t *done_cfg, *todo_cfg; - + if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MULTIPLE_AUTH)) { return FALSE; } - + done = this->my_cfgs->create_enumerator(this->my_cfgs); todo = this->peer_cfg->create_auth_cfg_enumerator(this->peer_cfg, TRUE); while (todo->enumerate(todo, &todo_cfg)) @@ -252,12 +252,12 @@ static bool load_cfg_candidates(private_ike_auth_t *this) peer_cfg_t *peer_cfg; host_t *me, *other; identification_t *my_id, *other_id; - + me = this->ike_sa->get_my_host(this->ike_sa); other = this->ike_sa->get_other_host(this->ike_sa); my_id = this->ike_sa->get_my_id(this->ike_sa); other_id = this->ike_sa->get_other_id(this->ike_sa); - + enumerator = charon->backends->create_peer_cfg_enumerator(charon->backends, me, other, my_id, other_id); while (enumerator->enumerate(enumerator, &peer_cfg)) @@ -296,10 +296,10 @@ static bool update_cfg_candidates(private_ike_auth_t *this, bool strict) bool complies = TRUE; enumerator_t *e1, *e2, *tmp; auth_cfg_t *c1, *c2; - + e1 = this->other_cfgs->create_enumerator(this->other_cfgs); e2 = this->peer_cfg->create_auth_cfg_enumerator(this->peer_cfg, FALSE); - + if (strict) { /* swap lists in strict mode: all configured rounds must be * fulfilled. If !strict, we check only the rounds done so far. */ @@ -342,7 +342,7 @@ static bool update_cfg_candidates(private_ike_auth_t *this, bool strict) } } while (this->peer_cfg); - + return this->peer_cfg != NULL; } @@ -352,39 +352,39 @@ static bool update_cfg_candidates(private_ike_auth_t *this, bool strict) static status_t build_i(private_ike_auth_t *this, message_t *message) { auth_cfg_t *cfg; - + if (message->get_exchange_type(message) == IKE_SA_INIT) { return collect_my_init_data(this, message); } - + if (this->peer_cfg == NULL) { this->peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); this->peer_cfg->get_ref(this->peer_cfg); } - + if (message->get_message_id(message) == 1 && this->ike_sa->supports_extension(this->ike_sa, EXT_MULTIPLE_AUTH)) { /* in the first IKE_AUTH, indicate support for multiple authentication */ message->add_notify(message, FALSE, MULTIPLE_AUTH_SUPPORTED, chunk_empty); } - + if (!this->do_another_auth && !this->my_auth) { /* we have done our rounds */ return NEED_MORE; } - + /* check if an authenticator is in progress */ if (this->my_auth == NULL) { identification_t *id; id_payload_t *id_payload; - + /* clean up authentication config from a previous round */ cfg = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE); cfg->purge(cfg, TRUE); - + /* add (optional) IDr */ cfg = get_auth_cfg(this, FALSE); if (cfg) @@ -410,7 +410,7 @@ static status_t build_i(private_ike_auth_t *this, message_t *message) this->ike_sa->set_my_id(this->ike_sa, id->clone(id)); id_payload = id_payload_create_from_identification(ID_INITIATOR, id); message->add_payload(message, (payload_t*)id_payload); - + /* build authentication data */ this->my_auth = authenticator_create_builder(this->ike_sa, cfg, this->other_nonce, this->my_nonce, @@ -436,7 +436,7 @@ static status_t build_i(private_ike_auth_t *this, message_t *message) default: return FAILED; } - + /* check for additional authentication rounds */ if (do_another_auth(this)) { @@ -460,12 +460,12 @@ static status_t process_r(private_ike_auth_t *this, message_t *message) auth_cfg_t *cfg, *cand; id_payload_t *id_payload; identification_t *id; - + if (message->get_exchange_type(message) == IKE_SA_INIT) { return collect_other_init_data(this, message); } - + if (this->my_auth == NULL && this->do_another_auth) { /* handle (optional) IDr payload, apply proposed identity */ @@ -480,7 +480,7 @@ static status_t process_r(private_ike_auth_t *this, message_t *message) } this->ike_sa->set_my_id(this->ike_sa, id); } - + if (!this->expect_another_auth) { return NEED_MORE; @@ -489,7 +489,7 @@ static status_t process_r(private_ike_auth_t *this, message_t *message) { this->ike_sa->enable_extension(this->ike_sa, EXT_MULTIPLE_AUTH); } - + if (this->other_auth == NULL) { /* handle IDi payload */ @@ -503,7 +503,7 @@ static status_t process_r(private_ike_auth_t *this, message_t *message) this->ike_sa->set_other_id(this->ike_sa, id); cfg = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); cfg->add(cfg, AUTH_RULE_IDENTITY, id->clone(id)); - + if (this->peer_cfg == NULL) { if (!load_cfg_candidates(this)) @@ -530,7 +530,7 @@ static status_t process_r(private_ike_auth_t *this, message_t *message) } cfg->merge(cfg, cand, TRUE); } - + /* verify authentication data */ this->other_auth = authenticator_create_verifier(this->ike_sa, message, this->other_nonce, this->my_nonce, @@ -558,12 +558,12 @@ static status_t process_r(private_ike_auth_t *this, message_t *message) this->authentication_failed = TRUE; return NEED_MORE; } - + /* store authentication information */ cfg = auth_cfg_create(); cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE); this->other_cfgs->insert_last(this->other_cfgs, cfg); - + /* another auth round done, invoke authorize hook */ if (!charon->bus->authorize(charon->bus, this->other_cfgs, FALSE)) { @@ -572,13 +572,13 @@ static status_t process_r(private_ike_auth_t *this, message_t *message) this->authentication_failed = TRUE; return NEED_MORE; } - + if (!update_cfg_candidates(this, FALSE)) { this->authentication_failed = TRUE; return NEED_MORE; } - + if (message->get_notify(message, ANOTHER_AUTH_FOLLOWS) == NULL) { this->expect_another_auth = FALSE; @@ -597,7 +597,7 @@ static status_t process_r(private_ike_auth_t *this, message_t *message) static status_t build_r(private_ike_auth_t *this, message_t *message) { auth_cfg_t *cfg; - + if (message->get_exchange_type(message) == IKE_SA_INIT) { if (multiple_auth_enabled()) @@ -607,23 +607,23 @@ static status_t build_r(private_ike_auth_t *this, message_t *message) } return collect_my_init_data(this, message); } - + if (this->authentication_failed || this->peer_cfg == NULL) { message->add_notify(message, TRUE, AUTHENTICATION_FAILED, chunk_empty); return FAILED; } - + if (this->my_auth == NULL && this->do_another_auth) { identification_t *id, *id_cfg; id_payload_t *id_payload; - + /* add IDr */ cfg = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE); cfg->purge(cfg, TRUE); cfg->merge(cfg, get_auth_cfg(this, TRUE), TRUE); - + id_cfg = cfg->get(cfg, AUTH_RULE_IDENTITY); id = this->ike_sa->get_my_id(this->ike_sa); if (id->get_type(id) == ID_ANY) @@ -648,10 +648,10 @@ static status_t build_r(private_ike_auth_t *this, message_t *message) return FAILED; } } - + id_payload = id_payload_create_from_identification(ID_RESPONDER, id); message->add_payload(message, (payload_t*)id_payload); - + /* build authentication data */ this->my_auth = authenticator_create_builder(this->ike_sa, cfg, this->other_nonce, this->my_nonce, @@ -663,7 +663,7 @@ static status_t build_r(private_ike_auth_t *this, message_t *message) return FAILED; } } - + if (this->other_auth) { switch (this->other_auth->build(this->other_auth, message)) @@ -703,7 +703,7 @@ static status_t build_r(private_ike_auth_t *this, message_t *message) return FAILED; } } - + /* check for additional authentication rounds */ if (do_another_auth(this)) { @@ -735,7 +735,7 @@ static status_t build_r(private_ike_auth_t *this, message_t *message) this->ike_sa->get_name(this->ike_sa), this->ike_sa->get_unique_id(this->ike_sa), this->ike_sa->get_my_host(this->ike_sa), - this->ike_sa->get_my_id(this->ike_sa), + this->ike_sa->get_my_id(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa), this->ike_sa->get_other_id(this->ike_sa)); charon->bus->ike_updown(charon->bus, this->ike_sa, TRUE); @@ -752,7 +752,7 @@ static status_t process_i(private_ike_auth_t *this, message_t *message) enumerator_t *enumerator; payload_t *payload; auth_cfg_t *cfg; - + if (message->get_exchange_type(message) == IKE_SA_INIT) { if (message->get_notify(message, MULTIPLE_AUTH_SUPPORTED) && @@ -762,7 +762,7 @@ static status_t process_i(private_ike_auth_t *this, message_t *message) } return collect_other_init_data(this, message); } - + enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { @@ -770,7 +770,7 @@ static status_t process_i(private_ike_auth_t *this, message_t *message) { notify_payload_t *notify = (notify_payload_t*)payload; notify_type_t type = notify->get_notify_type(notify); - + switch (type) { case NO_PROPOSAL_CHOSEN: @@ -801,7 +801,7 @@ static status_t process_i(private_ike_auth_t *this, message_t *message) DBG1(DBG_IKE, "received %N notify error", notify_type_names, type); enumerator->destroy(enumerator); - return FAILED; + return FAILED; } DBG2(DBG_IKE, "received %N notify", notify_type_names, type); @@ -811,7 +811,7 @@ static status_t process_i(private_ike_auth_t *this, message_t *message) } } enumerator->destroy(enumerator); - + if (this->my_auth) { switch (this->my_auth->process(this->my_auth, message)) @@ -831,21 +831,21 @@ static status_t process_i(private_ike_auth_t *this, message_t *message) return FAILED; } } - + if (this->expect_another_auth) { if (this->other_auth == NULL) { id_payload_t *id_payload; identification_t *id; - + /* responder is not allowed to do EAP */ if (!message->get_payload(message, AUTHENTICATION)) { DBG1(DBG_IKE, "AUTH payload missing"); return FAILED; } - + /* handle IDr payload */ id_payload = (id_payload_t*)message->get_payload(message, ID_RESPONDER); @@ -858,7 +858,7 @@ static status_t process_i(private_ike_auth_t *this, message_t *message) this->ike_sa->set_other_id(this->ike_sa, id); cfg = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); cfg->add(cfg, AUTH_RULE_IDENTITY, id->clone(id)); - + /* verify authentication data */ this->other_auth = authenticator_create_verifier(this->ike_sa, message, this->other_nonce, this->my_nonce, @@ -884,7 +884,7 @@ static status_t process_i(private_ike_auth_t *this, message_t *message) this->other_cfgs->insert_last(this->other_cfgs, cfg); this->other_auth->destroy(this->other_auth); this->other_auth = NULL; - + /* another auth round done, invoke authorize hook */ if (!charon->bus->authorize(charon->bus, this->other_cfgs, FALSE)) { @@ -893,7 +893,7 @@ static status_t process_i(private_ike_auth_t *this, message_t *message) return FAILED; } } - + if (message->get_notify(message, ANOTHER_AUTH_FOLLOWS) == NULL) { this->expect_another_auth = FALSE; @@ -914,7 +914,7 @@ static status_t process_i(private_ike_auth_t *this, message_t *message) this->ike_sa->get_name(this->ike_sa), this->ike_sa->get_unique_id(this->ike_sa), this->ike_sa->get_my_host(this->ike_sa), - this->ike_sa->get_my_id(this->ike_sa), + this->ike_sa->get_my_id(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa), this->ike_sa->get_other_id(this->ike_sa)); charon->bus->ike_updown(charon->bus, this->ike_sa, TRUE); @@ -946,7 +946,7 @@ static void migrate(private_ike_auth_t *this, ike_sa_t *ike_sa) this->my_cfgs->destroy_offset(this->my_cfgs, offsetof(auth_cfg_t, destroy)); this->other_cfgs->destroy_offset(this->other_cfgs, offsetof(auth_cfg_t, destroy)); this->candidates->destroy_offset(this->candidates, offsetof(peer_cfg_t, destroy)); - + this->my_packet = NULL; this->other_packet = NULL; this->ike_sa = ike_sa; @@ -985,11 +985,11 @@ static void destroy(private_ike_auth_t *this) ike_auth_t *ike_auth_create(ike_sa_t *ike_sa, bool initiator) { private_ike_auth_t *this = malloc_thing(private_ike_auth_t); - + this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + if (initiator) { this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; @@ -1000,7 +1000,7 @@ ike_auth_t *ike_auth_create(ike_sa_t *ike_sa, bool initiator) this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; } - + this->ike_sa = ike_sa; this->initiator = initiator; this->my_nonce = chunk_empty; @@ -1016,7 +1016,7 @@ ike_auth_t *ike_auth_create(ike_sa_t *ike_sa, bool initiator) this->do_another_auth = TRUE; this->expect_another_auth = TRUE; this->authentication_failed = FALSE; - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_auth_lifetime.c b/src/charon/sa/tasks/ike_auth_lifetime.c index 819ac47bf..75ff35168 100644 --- a/src/charon/sa/tasks/ike_auth_lifetime.c +++ b/src/charon/sa/tasks/ike_auth_lifetime.c @@ -27,12 +27,12 @@ typedef struct private_ike_auth_lifetime_t private_ike_auth_lifetime_t; * Private members of a ike_auth_lifetime_t task. */ struct private_ike_auth_lifetime_t { - + /** * Public methods and task_t interface. */ ike_auth_lifetime_t public; - + /** * Assigned IKE_SA. */ @@ -46,7 +46,7 @@ static void add_auth_lifetime(private_ike_auth_lifetime_t *this, message_t *mess { chunk_t chunk; u_int32_t lifetime; - + lifetime = this->ike_sa->get_statistic(this->ike_sa, STAT_REAUTH); if (lifetime) { @@ -65,7 +65,7 @@ static void process_payloads(private_ike_auth_lifetime_t *this, message_t *messa notify_payload_t *notify; chunk_t data; u_int32_t lifetime; - + notify = message->get_notify(message, AUTH_LIFETIME); if (notify) { @@ -163,7 +163,7 @@ ike_auth_lifetime_t *ike_auth_lifetime_create(ike_sa_t *ike_sa, bool initiator) this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + if (initiator) { this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; @@ -174,9 +174,9 @@ ike_auth_lifetime_t *ike_auth_lifetime_create(ike_sa_t *ike_sa, bool initiator) this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; } - + this->ike_sa = ike_sa; - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_auth_lifetime.h b/src/charon/sa/tasks/ike_auth_lifetime.h index 812caaf43..4c65c8d3c 100644 --- a/src/charon/sa/tasks/ike_auth_lifetime.h +++ b/src/charon/sa/tasks/ike_auth_lifetime.h @@ -30,7 +30,7 @@ typedef struct ike_auth_lifetime_t ike_auth_lifetime_t; /** * Task of type IKE_AUTH_LIFETIME, implements RFC4478. * - * This task exchanges lifetimes for IKE_AUTH to force a client to + * This task exchanges lifetimes for IKE_AUTH to force a client to * reauthenticate before the responders lifetime reaches the limit. */ struct ike_auth_lifetime_t { diff --git a/src/charon/sa/tasks/ike_cert_post.c b/src/charon/sa/tasks/ike_cert_post.c index 9967a969f..e6ecce0b5 100644 --- a/src/charon/sa/tasks/ike_cert_post.c +++ b/src/charon/sa/tasks/ike_cert_post.c @@ -30,17 +30,17 @@ typedef struct private_ike_cert_post_t private_ike_cert_post_t; * Private members of a ike_cert_post_t task. */ struct private_ike_cert_post_t { - + /** * Public methods and task_t interface. */ ike_cert_post_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ @@ -58,23 +58,23 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this, chunk_t hash, encoded ; enumerator_t *enumerator; char *url; - + if (!this->ike_sa->supports_extension(this->ike_sa, EXT_HASH_AND_URL)) { return cert_payload_create_from_cert(cert); } - + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (!hasher) { DBG1(DBG_IKE, "unable to use hash-and-url: sha1 not supported"); return cert_payload_create_from_cert(cert); } - + encoded = cert->get_encoding(cert); hasher->allocate_hash(hasher, encoded, &hash); id = identification_create_from_encoding(ID_KEY_ID, hash); - + enumerator = charon->credentials->create_cdp_enumerator( charon->credentials, CERT_X509, id); if (!enumerator->enumerate(enumerator, &url)) @@ -82,7 +82,7 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this, url = NULL; } enumerator->destroy(enumerator); - + id->destroy(id); chunk_free(&hash); chunk_free(&encoded); @@ -101,14 +101,14 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message) { peer_cfg_t *peer_cfg; auth_payload_t *payload; - + payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION); peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); if (!peer_cfg || !payload || payload->get_auth_method(payload) == AUTH_PSK) { /* no CERT payload for EAP/PSK */ return; } - + switch (peer_cfg->get_cert_policy(peer_cfg)) { case CERT_NEVER_SEND: @@ -126,9 +126,9 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message) certificate_t *cert; auth_rule_t type; auth_cfg_t *auth; - + auth = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE); - + /* get subject cert first, then issuing certificates */ cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT); if (!cert) @@ -143,7 +143,7 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message) DBG1(DBG_IKE, "sending end entity cert \"%Y\"", cert->get_subject(cert)); message->add_payload(message, (payload_t*)payload); - + enumerator = auth->create_enumerator(auth); while (enumerator->enumerate(enumerator, &type, &cert)) { @@ -159,7 +159,7 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message) } } enumerator->destroy(enumerator); - } + } } } @@ -169,7 +169,7 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message) static status_t build_i(private_ike_cert_post_t *this, message_t *message) { build_certs(this, message); - + return NEED_MORE; } @@ -177,7 +177,7 @@ static status_t build_i(private_ike_cert_post_t *this, message_t *message) * Implementation of task_t.process for responder */ static status_t process_r(private_ike_cert_post_t *this, message_t *message) -{ +{ return NEED_MORE; } @@ -187,7 +187,7 @@ static status_t process_r(private_ike_cert_post_t *this, message_t *message) static status_t build_r(private_ike_cert_post_t *this, message_t *message) { build_certs(this, message); - + if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED) { /* stay alive, we might have additional rounds with certs */ return NEED_MORE; @@ -241,7 +241,7 @@ ike_cert_post_t *ike_cert_post_create(ike_sa_t *ike_sa, bool initiator) this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + if (initiator) { this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; @@ -252,10 +252,10 @@ ike_cert_post_t *ike_cert_post_create(ike_sa_t *ike_sa, bool initiator) this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; } - + this->ike_sa = ike_sa; this->initiator = initiator; - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_cert_pre.c b/src/charon/sa/tasks/ike_cert_pre.c index d7f5f55d1..0805d0290 100644 --- a/src/charon/sa/tasks/ike_cert_pre.c +++ b/src/charon/sa/tasks/ike_cert_pre.c @@ -29,27 +29,27 @@ typedef struct private_ike_cert_pre_t private_ike_cert_pre_t; * Private members of a ike_cert_pre_t task. */ struct private_ike_cert_pre_t { - + /** * Public methods and task_t interface. */ ike_cert_pre_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * Do we accept HTTP certificate lookup requests */ bool do_http_lookup; - + /** * wheter this is the final authentication round */ @@ -57,16 +57,16 @@ struct private_ike_cert_pre_t { }; /** - * read certificate requests + * read certificate requests */ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message) { enumerator_t *enumerator; payload_t *payload; auth_cfg_t *auth; - + auth = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE); - + enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { @@ -77,9 +77,9 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message) certreq_payload_t *certreq = (certreq_payload_t*)payload; enumerator_t *enumerator; chunk_t keyid; - + this->ike_sa->set_condition(this->ike_sa, COND_CERTREQ_SEEN, TRUE); - + if (certreq->get_cert_type(certreq) != CERT_X509) { DBG1(DBG_IKE, "cert payload %N not supported - ignored", @@ -91,9 +91,9 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message) { identification_t *id; certificate_t *cert; - + id = identification_create_from_encoding(ID_KEY_ID, keyid); - cert = charon->credentials->get_cert(charon->credentials, + cert = charon->credentials->get_cert(charon->credentials, CERT_X509, KEY_ANY, id, TRUE); if (cert) { @@ -114,7 +114,7 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message) case NOTIFY: { notify_payload_t *notify = (notify_payload_t*)payload; - + /* we only handle one type of notify here */ if (notify->get_notify_type(notify) == HTTP_CERT_LOOKUP_SUPPORTED) { @@ -134,11 +134,11 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message) * tries to extract a certificate from the cert payload or the credential * manager (based on the hash of a "Hash and URL" encoded cert). * Note: the returned certificate (if any) has to be destroyed - */ + */ static certificate_t *try_get_cert(cert_payload_t *cert_payload) { certificate_t *cert = NULL; - + switch (cert_payload->get_cert_encoding(cert_payload)) { case ENC_X509_SIGNATURE: @@ -156,7 +156,7 @@ static certificate_t *try_get_cert(cert_payload_t *cert_payload) break; } id = identification_create_from_encoding(ID_KEY_ID, hash); - cert = charon->credentials->get_cert(charon->credentials, + cert = charon->credentials->get_cert(charon->credentials, CERT_X509, KEY_ANY, id, FALSE); id->destroy(id); break; @@ -178,9 +178,9 @@ static void process_certs(private_ike_cert_pre_t *this, message_t *message) payload_t *payload; auth_cfg_t *auth; bool first = TRUE; - + auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); - + enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { @@ -190,10 +190,10 @@ static void process_certs(private_ike_cert_pre_t *this, message_t *message) cert_encoding_t encoding; certificate_t *cert; char *url; - + cert_payload = (cert_payload_t*)payload; encoding = cert_payload->get_cert_encoding(cert_payload); - + switch (encoding) { case ENC_X509_HASH_AND_URL: @@ -285,7 +285,7 @@ static void add_certreq(certreq_payload_t **req, certificate_t *cert) public_key_t *public; chunk_t keyid; x509_t *x509 = (x509_t*)cert; - + if (!(x509->get_flags(x509) & X509_CA)) { /* no CA cert, skip */ break; @@ -321,7 +321,7 @@ static void add_certreqs(certreq_payload_t **req, auth_cfg_t *auth) enumerator_t *enumerator; auth_rule_t type; void *value; - + enumerator = auth->create_enumerator(auth); while (enumerator->enumerate(enumerator, &type, &value)) { @@ -348,13 +348,13 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message) certificate_t *cert; auth_cfg_t *auth; certreq_payload_t *req = NULL; - + ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); if (!ike_cfg->send_certreq(ike_cfg)) { return; } - + /* check if we require a specific CA for that peer */ peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); if (peer_cfg) @@ -366,7 +366,7 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message) } enumerator->destroy(enumerator); } - + if (!req) { /* otherwise add all trusted CA certificates */ @@ -378,11 +378,11 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message) } enumerator->destroy(enumerator); } - + if (req) { message->add_payload(message, (payload_t*)req); - + if (lib->settings->get_bool(lib->settings, "charon.hash_and_url", FALSE)) { message->add_notify(message, FALSE, HTTP_CERT_LOOKUP_SUPPORTED, @@ -413,7 +413,7 @@ static bool final_auth(message_t *message) * Implementation of task_t.process for initiator */ static status_t build_i(private_ike_cert_pre_t *this, message_t *message) -{ +{ if (message->get_message_id(message) == 1) { /* initiator sends CERTREQs in first IKE_AUTH */ build_certreqs(this, message); @@ -461,7 +461,7 @@ static status_t process_i(private_ike_cert_pre_t *this, message_t *message) process_certreqs(this, message); } process_certs(this, message); - + if (final_auth(message)) { return SUCCESS; @@ -503,7 +503,7 @@ ike_cert_pre_t *ike_cert_pre_create(ike_sa_t *ike_sa, bool initiator) this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + if (initiator) { this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; @@ -514,11 +514,11 @@ ike_cert_pre_t *ike_cert_pre_create(ike_sa_t *ike_sa, bool initiator) this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; } - + this->ike_sa = ike_sa; this->initiator = initiator; this->do_http_lookup = FALSE; this->final = FALSE; - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_config.c b/src/charon/sa/tasks/ike_config.c index 1f75521b6..bb5779e50 100644 --- a/src/charon/sa/tasks/ike_config.c +++ b/src/charon/sa/tasks/ike_config.c @@ -28,22 +28,22 @@ typedef struct private_ike_config_t private_ike_config_t; * Private members of a ike_config_t task. */ struct private_ike_config_t { - + /** * Public methods and task_t interface. */ ike_config_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * virtual ip */ @@ -57,9 +57,9 @@ static void build_vip(private_ike_config_t *this, host_t *vip, cp_payload_t *cp) { configuration_attribute_t *ca; chunk_t chunk, prefix; - + ca = configuration_attribute_create(); - + if (vip->get_family(vip) == AF_INET) { ca->set_type(ca, INTERNAL_IP4_ADDRESS); @@ -100,7 +100,7 @@ static void process_attribute(private_ike_config_t *this, host_t *ip; chunk_t addr; int family = AF_INET6; - + switch (ca->get_type(ca)) { case INTERNAL_IP4_ADDRESS: @@ -118,7 +118,7 @@ static void process_attribute(private_ike_config_t *this, /* skip prefix byte in IPv6 payload*/ if (family == AF_INET6) { - addr.len--; + addr.len--; } ip = host_create_from_chunk(family, addr, 0); } @@ -150,7 +150,7 @@ static void process_payloads(private_ike_config_t *this, message_t *message) enumerator_t *enumerator; iterator_t *attributes; payload_t *payload; - + enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { @@ -172,7 +172,7 @@ static void process_payloads(private_ike_config_t *this, message_t *message) break; } default: - DBG1(DBG_IKE, "ignoring %N config payload", + DBG1(DBG_IKE, "ignoring %N config payload", config_type_names, cp->get_config_type(cp)); break; } @@ -190,7 +190,7 @@ static status_t build_i(private_ike_config_t *this, message_t *message) { /* in first IKE_AUTH only */ peer_cfg_t *config; host_t *vip; - + /* reuse virtual IP if we already have one */ vip = this->ike_sa->get_virtual_ip(this->ike_sa, TRUE); if (!vip) @@ -202,12 +202,12 @@ static status_t build_i(private_ike_config_t *this, message_t *message) { configuration_attribute_t *ca; cp_payload_t *cp; - + cp = cp_payload_create(); cp->set_config_type(cp, CFG_REQUEST); - + build_vip(this, vip, cp); - + /* we currently always add a DNS request if we request an IP */ ca = configuration_attribute_create(); if (vip->get_family(vip) == AF_INET) @@ -245,7 +245,7 @@ static status_t build_r(private_ike_config_t *this, message_t *message) if (this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED) { /* in last IKE_AUTH exchange */ peer_cfg_t *config = this->ike_sa->get_peer_cfg(this->ike_sa); - + if (config && this->virtual_ip) { enumerator_t *enumerator; @@ -254,11 +254,11 @@ static status_t build_r(private_ike_config_t *this, message_t *message) chunk_t value; cp_payload_t *cp; host_t *vip = NULL; - + DBG1(DBG_IKE, "peer requested virtual IP %H", this->virtual_ip); if (config->get_pool(config)) { - vip = charon->attributes->acquire_address(charon->attributes, + vip = charon->attributes->acquire_address(charon->attributes, config->get_pool(config), this->ike_sa->get_other_id(this->ike_sa), this->virtual_ip); @@ -273,13 +273,13 @@ static status_t build_r(private_ike_config_t *this, message_t *message) } DBG1(DBG_IKE, "assigning virtual IP %H to peer", vip); this->ike_sa->set_virtual_ip(this->ike_sa, FALSE, vip); - + cp = cp_payload_create(); cp->set_config_type(cp, CFG_REPLY); - + build_vip(this, vip, cp); vip->destroy(vip); - + /* if we add an IP, we also look for other attributes */ enumerator = charon->attributes->create_attribute_enumerator( charon->attributes, this->ike_sa->get_other_id(this->ike_sa)); @@ -291,7 +291,7 @@ static status_t build_r(private_ike_config_t *this, message_t *message) cp->add_configuration_attribute(cp, ca); } enumerator->destroy(enumerator); - + message->add_payload(message, (payload_t*)cp); } return SUCCESS; @@ -306,9 +306,9 @@ static status_t process_i(private_ike_config_t *this, message_t *message) { if (this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED) { /* in last IKE_AUTH exchange */ - + process_payloads(this, message); - + if (this->virtual_ip) { this->ike_sa->set_virtual_ip(this->ike_sa, TRUE, this->virtual_ip); @@ -332,7 +332,7 @@ static task_type_t get_type(private_ike_config_t *this) static void migrate(private_ike_config_t *this, ike_sa_t *ike_sa) { DESTROY_IF(this->virtual_ip); - + this->ike_sa = ike_sa; this->virtual_ip = NULL; } @@ -352,15 +352,15 @@ static void destroy(private_ike_config_t *this) ike_config_t *ike_config_create(ike_sa_t *ike_sa, bool initiator) { private_ike_config_t *this = malloc_thing(private_ike_config_t); - + this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + this->initiator = initiator; this->ike_sa = ike_sa; this->virtual_ip = NULL; - + if (initiator) { this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; @@ -371,7 +371,7 @@ ike_config_t *ike_config_create(ike_sa_t *ike_sa, bool initiator) this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; } - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_delete.c b/src/charon/sa/tasks/ike_delete.c index cde117934..130948836 100644 --- a/src/charon/sa/tasks/ike_delete.c +++ b/src/charon/sa/tasks/ike_delete.c @@ -25,27 +25,27 @@ typedef struct private_ike_delete_t private_ike_delete_t; * Private members of a ike_delete_t task. */ struct private_ike_delete_t { - + /** * Public methods and task_t interface. */ ike_delete_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * are we deleting a rekeyed SA? */ bool rekeyed; - + /** * are we responding to a delete, but have initated our own? */ @@ -69,7 +69,7 @@ static status_t build_i(private_ike_delete_t *this, message_t *message) delete_payload = delete_payload_create(PROTO_IKE); message->add_payload(message, (payload_t*)delete_payload); - + if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING) { this->rekeyed = TRUE; @@ -189,7 +189,7 @@ ike_delete_t *ike_delete_create(ike_sa_t *ike_sa, bool initiator) this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + if (initiator) { this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; @@ -200,11 +200,11 @@ ike_delete_t *ike_delete_create(ike_sa_t *ike_sa, bool initiator) this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; } - + this->ike_sa = ike_sa; this->initiator = initiator; this->rekeyed = FALSE; this->simultaneous = FALSE; - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_dpd.c b/src/charon/sa/tasks/ike_dpd.c index 3aa714049..4c6ba7662 100644 --- a/src/charon/sa/tasks/ike_dpd.c +++ b/src/charon/sa/tasks/ike_dpd.c @@ -24,7 +24,7 @@ typedef struct private_ike_dpd_t private_ike_dpd_t; * Private members of a ike_dpd_t task. */ struct private_ike_dpd_t { - + /** * Public methods and task_t interface. */ @@ -83,7 +83,7 @@ ike_dpd_t *ike_dpd_create(bool initiator) this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + if (initiator) { this->public.task.build = (status_t(*)(task_t*,message_t*))return_need_more; @@ -94,6 +94,6 @@ ike_dpd_t *ike_dpd_create(bool initiator) this->public.task.build = (status_t(*)(task_t*,message_t*))return_success; this->public.task.process = (status_t(*)(task_t*,message_t*))return_need_more; } - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_init.c b/src/charon/sa/tasks/ike_init.c index a64ec3d53..7968c265d 100644 --- a/src/charon/sa/tasks/ike_init.c +++ b/src/charon/sa/tasks/ike_init.c @@ -35,67 +35,67 @@ typedef struct private_ike_init_t private_ike_init_t; * Private members of a ike_init_t task. */ struct private_ike_init_t { - + /** * Public methods and task_t interface. */ ike_init_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * IKE config to establish */ ike_cfg_t *config; - + /** * diffie hellman group to use */ diffie_hellman_group_t dh_group; - + /** * diffie hellman key exchange */ diffie_hellman_t *dh; - + /** * Keymat derivation (from IKE_SA) */ keymat_t *keymat; - + /** * nonce chosen by us */ chunk_t my_nonce; - + /** * nonce chosen by peer */ chunk_t other_nonce; - + /** * Negotiated proposal used for IKE_SA */ proposal_t *proposal; - + /** * Old IKE_SA which gets rekeyed */ ike_sa_t *old_sa; - + /** * cookie received from responder */ chunk_t cookie; - + /** * retries done so far after failure (cookie or bad dh group) */ @@ -114,9 +114,9 @@ static void build_payloads(private_ike_init_t *this, message_t *message) ike_sa_id_t *id; proposal_t *proposal; iterator_t *iterator; - + id = this->ike_sa->get_id(this->ike_sa); - + this->config = this->ike_sa->get_ike_cfg(this->ike_sa); if (this->initiator) @@ -132,7 +132,7 @@ static void build_payloads(private_ike_init_t *this, message_t *message) } iterator->destroy(iterator); } - + sa_payload = sa_payload_create_from_proposal_list(proposal_list); proposal_list->destroy_offset(proposal_list, offsetof(proposal_t, destroy)); } @@ -146,11 +146,11 @@ static void build_payloads(private_ike_init_t *this, message_t *message) sa_payload = sa_payload_create_from_proposal(this->proposal); } message->add_payload(message, (payload_t*)sa_payload); - + nonce_payload = nonce_payload_create(); nonce_payload->set_nonce(nonce_payload, this->my_nonce); ke_payload = ke_payload_create_from_diffie_hellman(this->dh); - + if (this->old_sa) { /* payload order differs if we are rekeying */ message->add_payload(message, (payload_t*)nonce_payload); @@ -170,7 +170,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message) { enumerator_t *enumerator; payload_t *payload; - + enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { @@ -180,7 +180,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message) { sa_payload_t *sa_payload = (sa_payload_t*)payload; linked_list_t *proposal_list; - + proposal_list = sa_payload->get_proposals(sa_payload); this->proposal = this->config->select_proposal(this->config, proposal_list); @@ -191,7 +191,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message) case KEY_EXCHANGE: { ke_payload_t *ke_payload = (ke_payload_t*)payload; - + this->dh_group = ke_payload->get_dh_group_number(ke_payload); if (!this->initiator) { @@ -232,20 +232,20 @@ static void process_payloads(private_ike_init_t *this, message_t *message) static status_t build_i(private_ike_init_t *this, message_t *message) { rng_t *rng; - + this->config = this->ike_sa->get_ike_cfg(this->ike_sa); DBG0(DBG_IKE, "initiating IKE_SA %s[%d] to %H", this->ike_sa->get_name(this->ike_sa), this->ike_sa->get_unique_id(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa)); this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING); - + if (this->retry++ >= MAX_RETRIES) { DBG1(DBG_IKE, "giving up after %d retries", MAX_RETRIES); return FAILED; } - + /* if the DH group is set via use_dh_group(), we already have a DH object */ if (!this->dh) { @@ -258,7 +258,7 @@ static status_t build_i(private_ike_init_t *this, message_t *message) return FAILED; } } - + /* generate nonce only when we are trying the first time */ if (this->my_nonce.ptr == NULL) { @@ -271,12 +271,12 @@ static status_t build_i(private_ike_init_t *this, message_t *message) rng->allocate_bytes(rng, NONCE_SIZE, &this->my_nonce); rng->destroy(rng); } - + if (this->cookie.ptr) { message->add_notify(message, FALSE, COOKIE, this->cookie); } - + build_payloads(this, message); #ifdef ME @@ -288,7 +288,7 @@ static status_t build_i(private_ike_init_t *this, message_t *message) } } #endif /* ME */ - + return NEED_MORE; } @@ -298,7 +298,7 @@ static status_t build_i(private_ike_init_t *this, message_t *message) static status_t process_r(private_ike_init_t *this, message_t *message) { rng_t *rng; - + this->config = this->ike_sa->get_ike_cfg(this->ike_sa); DBG0(DBG_IKE, "%H is initiating an IKE_SA", message->get_source(message)); this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING); @@ -311,7 +311,7 @@ static status_t process_r(private_ike_init_t *this, message_t *message) } rng->allocate_bytes(rng, NONCE_SIZE, &this->my_nonce); rng->destroy(rng); - + #ifdef ME { notify_payload_t *notify = message->get_notify(message, ME_CONNECTID); @@ -324,9 +324,9 @@ static status_t process_r(private_ike_init_t *this, message_t *message) } } #endif /* ME */ - + process_payloads(this, message); - + return NEED_MORE; } @@ -340,7 +340,7 @@ static bool derive_keys(private_ike_init_t *this, pseudo_random_function_t prf_alg = PRF_UNDEFINED; chunk_t skd = chunk_empty; ike_sa_id_t *id; - + id = this->ike_sa->get_id(this->ike_sa); if (this->old_sa) { @@ -380,12 +380,12 @@ static status_t build_r(private_ike_init_t *this, message_t *message) return FAILED; } this->ike_sa->set_proposal(this->ike_sa, this->proposal); - + if (this->dh == NULL || !this->proposal->has_dh_group(this->proposal, this->dh_group)) { u_int16_t group; - + if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP, &group, NULL)) { @@ -403,7 +403,7 @@ static status_t build_r(private_ike_init_t *this, message_t *message) } return FAILED; } - + if (!derive_keys(this, this->other_nonce, this->my_nonce)) { DBG1(DBG_IKE, "key derivation failed"); @@ -421,7 +421,7 @@ static status_t process_i(private_ike_init_t *this, message_t *message) { enumerator_t *enumerator; payload_t *payload; - + /* check for erronous notifies */ enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) @@ -430,26 +430,26 @@ static status_t process_i(private_ike_init_t *this, message_t *message) { notify_payload_t *notify = (notify_payload_t*)payload; notify_type_t type = notify->get_notify_type(notify); - + switch (type) { case INVALID_KE_PAYLOAD: { chunk_t data; diffie_hellman_group_t bad_group; - + bad_group = this->dh_group; data = notify->get_notification_data(notify); this->dh_group = ntohs(*((u_int16_t*)data.ptr)); DBG1(DBG_IKE, "peer didn't accept DH group %N, " "it requested %N", diffie_hellman_group_names, bad_group, diffie_hellman_group_names, this->dh_group); - + if (this->old_sa == NULL) { /* reset the IKE_SA if we are not rekeying */ this->ike_sa->reset(this->ike_sa); } - + enumerator->destroy(enumerator); return NEED_MORE; } @@ -486,7 +486,7 @@ static status_t process_i(private_ike_init_t *this, message_t *message) } } enumerator->destroy(enumerator); - + process_payloads(this, message); /* check if we have everything */ @@ -497,14 +497,14 @@ static status_t process_i(private_ike_init_t *this, message_t *message) return FAILED; } this->ike_sa->set_proposal(this->ike_sa, this->proposal); - + if (this->dh == NULL || !this->proposal->has_dh_group(this->proposal, this->dh_group)) { DBG1(DBG_IKE, "peer DH group selection invalid"); return FAILED; } - + if (!derive_keys(this, this->my_nonce, this->other_nonce)) { DBG1(DBG_IKE, "key derivation failed"); @@ -544,7 +544,7 @@ static void migrate(private_ike_init_t *this, ike_sa_t *ike_sa) { DESTROY_IF(this->proposal); chunk_free(&this->other_nonce); - + this->ike_sa = ike_sa; this->proposal = NULL; DESTROY_IF(this->dh); @@ -585,7 +585,7 @@ ike_init_t *ike_init_create(ike_sa_t *ike_sa, bool initiator, ike_sa_t *old_sa) this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; } - + this->ike_sa = ike_sa; this->initiator = initiator; this->dh_group = MODP_NONE; @@ -598,6 +598,6 @@ ike_init_t *ike_init_create(ike_sa_t *ike_sa, bool initiator, ike_sa_t *old_sa) this->config = NULL; this->old_sa = old_sa; this->retry = 0; - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_init.h b/src/charon/sa/tasks/ike_init.h index 8d3810ef2..7bd784cff 100644 --- a/src/charon/sa/tasks/ike_init.h +++ b/src/charon/sa/tasks/ike_init.h @@ -38,7 +38,7 @@ struct ike_init_t { * Implements the task_t interface */ task_t task; - + /** * Get the lower of the two nonces, used for rekey collisions. * diff --git a/src/charon/sa/tasks/ike_me.c b/src/charon/sa/tasks/ike_me.c index d359aa339..0eb602b10 100644 --- a/src/charon/sa/tasks/ike_me.c +++ b/src/charon/sa/tasks/ike_me.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include "ike_me.h" #include <string.h> @@ -33,71 +33,71 @@ typedef struct private_ike_me_t private_ike_me_t; * Private members of a ike_me_t task. */ struct private_ike_me_t { - + /** * Public methods and task_t interface. */ ike_me_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * Is this a mediation connection? */ bool mediation; - + /** * Is this the response from another peer? */ bool response; - + /** * Gathered endpoints */ linked_list_t *local_endpoints; - + /** * Parsed endpoints */ linked_list_t *remote_endpoints; - + /** * Did the peer request a callback? */ bool callback; - + /** * Did the connect fail? */ bool failed; - + /** * Was there anything wrong with the payloads? */ bool invalid_syntax; - + /** * The requested peer */ - identification_t *peer_id; + identification_t *peer_id; /** * Received ID used for connectivity checks */ chunk_t connect_id; - + /** * Received key used for connectivity checks */ chunk_t connect_key; - + /** * Peer config of the mediated connection */ @@ -112,7 +112,7 @@ static void add_endpoints_to_message(message_t *message, linked_list_t *endpoint { iterator_t *iterator; endpoint_notify_t *endpoint; - + iterator = endpoints->create_iterator(endpoints, TRUE); while (iterator->iterate(iterator, (void**)&endpoint)) { @@ -129,25 +129,25 @@ static void gather_and_add_endpoints(private_ike_me_t *this, message_t *message) enumerator_t *enumerator; host_t *addr, *host; u_int16_t port; - + /* get the port that is used to communicate with the ms */ host = this->ike_sa->get_my_host(this->ike_sa); port = host->get_port(host); - + enumerator = charon->kernel_interface->create_address_enumerator( charon->kernel_interface, FALSE, FALSE); while (enumerator->enumerate(enumerator, (void**)&addr)) { host = addr->clone(addr); host->set_port(host, port); - + this->local_endpoints->insert_last(this->local_endpoints, endpoint_notify_create_from_host(HOST, host, NULL)); - + host->destroy(host); } enumerator->destroy(enumerator); - + host = this->ike_sa->get_server_reflexive_host(this->ike_sa); if (host) { @@ -155,7 +155,7 @@ static void gather_and_add_endpoints(private_ike_me_t *this, message_t *message) endpoint_notify_create_from_host(SERVER_REFLEXIVE, host, this->ike_sa->get_my_host(this->ike_sa))); } - + add_endpoints_to_message(message, this->local_endpoints); } @@ -166,7 +166,7 @@ static void process_payloads(private_ike_me_t *this, message_t *message) { enumerator_t *enumerator; payload_t *payload; - + enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { @@ -174,9 +174,9 @@ static void process_payloads(private_ike_me_t *this, message_t *message) { continue; } - + notify_payload_t *notify = (notify_payload_t*)payload; - + switch (notify->get_notify_type(notify)) { case ME_CONNECT_FAILED: @@ -201,7 +201,7 @@ static void process_payloads(private_ike_me_t *this, message_t *message) } DBG1(DBG_IKE, "received %N ME_ENDPOINT %#H", me_endpoint_type_names, endpoint->get_type(endpoint), endpoint->get_host(endpoint)); - + this->remote_endpoints->insert_last(this->remote_endpoints, endpoint); break; } @@ -273,14 +273,14 @@ static status_t build_i(private_ike_me_t *this, message_t *message) { id_payload_t *id_payload; rng_t *rng; - + id_payload = id_payload_create_from_identification(ID_PEER, this->peer_id); message->add_payload(message, (payload_t*)id_payload); - + rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); if (!rng) { - DBG1(DBG_IKE, "unable to generate connect ID for ME_CONNECT"); + DBG1(DBG_IKE, "unable to generate connect ID for ME_CONNECT"); return FAILED; } if (!this->response) @@ -291,10 +291,10 @@ static status_t build_i(private_ike_me_t *this, message_t *message) } rng->allocate_bytes(rng, ME_CONNECTKEY_LEN, &this->connect_key); rng->destroy(rng); - + message->add_notify(message, FALSE, ME_CONNECTID, this->connect_id); message->add_notify(message, FALSE, ME_CONNECTKEY, this->connect_key); - + if (this->response) { message->add_notify(message, FALSE, ME_RESPONSE, chunk_empty); @@ -304,9 +304,9 @@ static status_t build_i(private_ike_me_t *this, message_t *message) /* FIXME: should we make that configurable? */ message->add_notify(message, FALSE, ME_CALLBACK, chunk_empty); } - + gather_and_add_endpoints(this, message); - + break; } default: @@ -332,36 +332,36 @@ static status_t process_r(private_ike_me_t *this, message_t *message) break; } this->peer_id = id_payload->get_identification(id_payload); - + process_payloads(this, message); - + if (this->callback) { DBG1(DBG_IKE, "received ME_CALLBACK for '%Y'", this->peer_id); break; - } - + } + if (!this->connect_id.ptr) { DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTID notify, aborting"); this->invalid_syntax = TRUE; break; } - + if (!this->connect_key.ptr) { DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTKEY notify, aborting"); this->invalid_syntax = TRUE; break; } - + if (!this->remote_endpoints->get_count(this->remote_endpoints)) { DBG1(DBG_IKE, "received ME_CONNECT without any ME_ENDPOINT payloads, aborting"); this->invalid_syntax = TRUE; break; } - + DBG1(DBG_IKE, "received ME_CONNECT"); break; } @@ -385,7 +385,7 @@ static status_t build_r(private_ike_me_t *this, message_t *message) message->add_notify(message, TRUE, INVALID_SYNTAX, chunk_empty); break; } - + if (this->callback) { charon->connect_manager->check_and_initiate(charon->connect_manager, @@ -393,7 +393,7 @@ static status_t build_r(private_ike_me_t *this, message_t *message) this->ike_sa->get_my_id(this->ike_sa), this->peer_id); return SUCCESS; } - + if (this->response) { /* FIXME: handle result of set_responder_data @@ -434,13 +434,13 @@ static status_t process_i(private_ike_me_t *this, message_t *message) case IKE_SA_INIT: { process_payloads(this, message); - + if (!this->mediation) { DBG1(DBG_IKE, "server did not return a ME_MEDIATION, aborting"); return FAILED; } - + return NEED_MORE; } case IKE_AUTH: @@ -449,24 +449,24 @@ static status_t process_i(private_ike_me_t *this, message_t *message) /* FIXME: we should update the server reflexive endpoint somehow, * if mobike notices a change */ endpoint_notify_t *reflexive; - if (this->remote_endpoints->get_first(this->remote_endpoints, + if (this->remote_endpoints->get_first(this->remote_endpoints, (void**)&reflexive) == SUCCESS && reflexive->get_type(reflexive) == SERVER_REFLEXIVE) - { /* FIXME: should we accept this endpoint even if we did not send + { /* FIXME: should we accept this endpoint even if we did not send * a request? */ host_t *endpoint = reflexive->get_host(reflexive); - + this->ike_sa->set_server_reflexive_host(this->ike_sa, endpoint->clone(endpoint)); } /* FIXME: what if it failed? e.g. AUTH failure */ DBG1(DBG_IKE, "established mediation connection successfully"); - + break; } case ME_CONNECT: { process_payloads(this, message); - + if (this->failed) { DBG1(DBG_IKE, "peer '%Y' is not online", this->peer_id); @@ -512,7 +512,7 @@ static status_t build_i_ms(private_ike_me_t *this, message_t *message) { id_payload_t *id_payload = id_payload_create_from_identification(ID_PEER, this->peer_id); message->add_payload(message, (payload_t*)id_payload); - + if (this->callback) { message->add_notify(message, FALSE, ME_CALLBACK, chunk_empty); @@ -522,10 +522,10 @@ static status_t build_i_ms(private_ike_me_t *this, message_t *message) if (this->response) { message->add_notify(message, FALSE, ME_RESPONSE, chunk_empty); - } + } message->add_notify(message, FALSE, ME_CONNECTID, this->connect_id); message->add_notify(message, FALSE, ME_CONNECTKEY, this->connect_key); - + add_endpoints_to_message(message, this->remote_endpoints); } break; @@ -533,7 +533,7 @@ static status_t build_i_ms(private_ike_me_t *this, message_t *message) default: break; } - + return NEED_MORE; } @@ -574,25 +574,25 @@ static status_t process_r_ms(private_ike_me_t *this, message_t *message) this->invalid_syntax = TRUE; break; } - + this->peer_id = id_payload->get_identification(id_payload); - + process_payloads(this, message); - + if (!this->connect_id.ptr) { DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTID notify, aborting"); this->invalid_syntax = TRUE; break; } - + if (!this->connect_key.ptr) { DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTKEY notify, aborting"); this->invalid_syntax = TRUE; break; } - + if (!this->remote_endpoints->get_count(this->remote_endpoints)) { DBG1(DBG_IKE, "received ME_CONNECT without any ME_ENDPOINT payloads, aborting"); @@ -604,7 +604,7 @@ static status_t process_r_ms(private_ike_me_t *this, message_t *message) default: break; } - + return NEED_MORE; } @@ -627,30 +627,30 @@ static status_t build_r_ms(private_ike_me_t *this, message_t *message) endpoint->get_type(endpoint) == SERVER_REFLEXIVE) { host_t *host = this->ike_sa->get_other_host(this->ike_sa); - + DBG2(DBG_IKE, "received request for a server reflexive endpoint " "sending: %#H", host); - - endpoint = endpoint_notify_create_from_host(SERVER_REFLEXIVE, host, NULL); + + endpoint = endpoint_notify_create_from_host(SERVER_REFLEXIVE, host, NULL); message->add_payload(message, (payload_t*)endpoint->build_notify(endpoint)); endpoint->destroy(endpoint); } - + /* FIXME: we actually must delete any existing IKE_SAs with the same remote id */ this->ike_sa->act_as_mediation_server(this->ike_sa); - + DBG1(DBG_IKE, "established mediation connection successfully"); - + break; } case ME_CONNECT: - { + { if (this->invalid_syntax) { message->add_notify(message, TRUE, INVALID_SYNTAX, chunk_empty); break; } - + ike_sa_id_t *peer_sa; if (this->callback) { @@ -662,19 +662,19 @@ static status_t build_r_ms(private_ike_me_t *this, message_t *message) peer_sa = charon->mediation_manager->check(charon->mediation_manager, this->peer_id); } - + if (!peer_sa) { /* the peer is not online */ message->add_notify(message, TRUE, ME_CONNECT_FAILED, chunk_empty); break; } - + job_t *job = (job_t*)mediation_job_create(this->peer_id, this->ike_sa->get_other_id(this->ike_sa), this->connect_id, this->connect_key, this->remote_endpoints, this->response); charon->processor->queue_job(charon->processor, job); - + break; } default: @@ -706,7 +706,7 @@ static void me_connect(private_ike_me_t *this, identification_t *peer_id) /** * Implementation of ike_me.respond */ -static void me_respond(private_ike_me_t *this, identification_t *peer_id, +static void me_respond(private_ike_me_t *this, identification_t *peer_id, chunk_t connect_id) { this->peer_id = peer_id->clone(peer_id); @@ -732,10 +732,10 @@ static void relay(private_ike_me_t *this, identification_t *requester, chunk_t c this->peer_id = requester->clone(requester); this->connect_id = chunk_clone(connect_id); this->connect_key = chunk_clone(connect_key); - + this->remote_endpoints->destroy_offset(this->remote_endpoints, offsetof(endpoint_notify_t, destroy)); this->remote_endpoints = endpoints->clone_offset(endpoints, offsetof(endpoint_notify_t, clone)); - + this->response = response; } @@ -761,13 +761,13 @@ static void migrate(private_ike_me_t *this, ike_sa_t *ike_sa) static void destroy(private_ike_me_t *this) { DESTROY_IF(this->peer_id); - + chunk_free(&this->connect_id); chunk_free(&this->connect_key); - + this->local_endpoints->destroy_offset(this->local_endpoints, offsetof(endpoint_notify_t, destroy)); this->remote_endpoints->destroy_offset(this->remote_endpoints, offsetof(endpoint_notify_t, destroy)); - + DESTROY_IF(this->mediated_cfg); free(this); } @@ -782,7 +782,7 @@ ike_me_t *ike_me_create(ike_sa_t *ike_sa, bool initiator) this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + if (ike_sa->has_condition(ike_sa, COND_ORIGINAL_INITIATOR)) { if (initiator) @@ -810,15 +810,15 @@ ike_me_t *ike_me_create(ike_sa_t *ike_sa, bool initiator) this->public.task.process = (status_t(*)(task_t*,message_t*))process_r_ms; } } - + this->public.connect = (void(*)(ike_me_t*,identification_t*))me_connect; this->public.respond = (void(*)(ike_me_t*,identification_t*,chunk_t))me_respond; this->public.callback = (void(*)(ike_me_t*,identification_t*))me_callback; this->public.relay = (void(*)(ike_me_t*,identification_t*,chunk_t,chunk_t,linked_list_t*,bool))relay; - + this->ike_sa = ike_sa; this->initiator = initiator; - + this->peer_id = NULL; this->connect_id = chunk_empty; this->connect_key = chunk_empty; @@ -829,8 +829,8 @@ ike_me_t *ike_me_create(ike_sa_t *ike_sa, bool initiator) this->callback = FALSE; this->failed = FALSE; this->invalid_syntax = FALSE; - + this->mediated_cfg = NULL; - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_me.h b/src/charon/sa/tasks/ike_me.h index 4b35c313c..43ba655c7 100644 --- a/src/charon/sa/tasks/ike_me.h +++ b/src/charon/sa/tasks/ike_me.h @@ -34,7 +34,7 @@ typedef struct ike_me_t ike_me_t; * connection, allows to initiate mediated connections using ME_CONNECT * exchanges and to request reflexive addresses from the mediation server using * ME_ENDPOINT notifies. - * + * * @note This task has to be activated before the IKE_AUTH task, because that * task generates the IKE_SA_INIT message so that no more payloads can be added * to it afterwards. @@ -45,7 +45,7 @@ struct ike_me_t { * Implements the task_t interface */ task_t task; - + /** * Initiates a connection with another peer (i.e. sends a ME_CONNECT * to the mediation server) @@ -53,28 +53,28 @@ struct ike_me_t { * @param peer_id ID of the other peer (gets cloned) */ void (*connect)(ike_me_t *this, identification_t *peer_id); - + /** * Responds to a ME_CONNECT from another peer (i.e. sends a ME_CONNECT * to the mediation server) - * + * * @param peer_id ID of the other peer (gets cloned) * @param connect_id the connect ID as provided by the initiator (gets cloned) */ void (*respond)(ike_me_t *this, identification_t *peer_id, chunk_t connect_id); - + /** * Sends a ME_CALLBACK to a peer that previously requested another peer. - * + * * @param peer_id ID of the other peer (gets cloned) */ void (*callback)(ike_me_t *this, identification_t *peer_id); - + /** * Relays data to another peer (i.e. sends a ME_CONNECT to the peer) - * + * * Data gets cloned. - * + * * @param requester ID of the requesting peer * @param connect_id content of the ME_CONNECTID notify * @param connect_key content of the ME_CONNECTKEY notify diff --git a/src/charon/sa/tasks/ike_mobike.c b/src/charon/sa/tasks/ike_mobike.c index 9a1afe744..f93d48f68 100644 --- a/src/charon/sa/tasks/ike_mobike.c +++ b/src/charon/sa/tasks/ike_mobike.c @@ -30,42 +30,42 @@ typedef struct private_ike_mobike_t private_ike_mobike_t; * Private members of a ike_mobike_t task. */ struct private_ike_mobike_t { - + /** * Public methods and task_t interface. */ ike_mobike_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * cookie2 value to verify new addresses */ chunk_t cookie2; - + /** * NAT discovery reusing the IKE_NATD task */ ike_natd_t *natd; - + /** * use task to update addresses */ bool update; - + /** * do routability check */ bool check; - + /** * include address list update */ @@ -79,7 +79,7 @@ static void flush_additional_addresses(private_ike_mobike_t *this) { iterator_t *iterator; host_t *host; - + iterator = this->ike_sa->create_additional_address_iterator(this->ike_sa); while (iterator->iterate(iterator, (void**)&host)) { @@ -98,7 +98,7 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message) enumerator_t *enumerator; payload_t *payload; bool first = TRUE; - + enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { @@ -106,7 +106,7 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message) notify_payload_t *notify; chunk_t data; host_t *host; - + if (payload->get_type(payload) != NOTIFY) { continue; @@ -117,9 +117,9 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message) case MOBIKE_SUPPORTED: { peer_cfg_t *peer_cfg; - + peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); - if (!this->initiator && + if (!this->initiator && peer_cfg && !peer_cfg->use_mobike(peer_cfg)) { DBG1(DBG_IKE, "peer supports MOBIKE, but disabled in config"); @@ -191,7 +191,7 @@ static void build_address_list(private_ike_mobike_t *this, message_t *message) host_t *host, *me; notify_type_t type; int added = 0; - + me = this->ike_sa->get_my_host(this->ike_sa); enumerator = charon->kernel_interface->create_address_enumerator( charon->kernel_interface, FALSE, FALSE); @@ -227,7 +227,7 @@ static void build_address_list(private_ike_mobike_t *this, message_t *message) } /** - * build a cookie and add it to the message + * build a cookie and add it to the message */ static void build_cookie(private_ike_mobike_t *this, message_t *message) { @@ -250,12 +250,12 @@ static void update_children(private_ike_mobike_t *this) { iterator_t *iterator; child_sa_t *child_sa; - + iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa); while (iterator->iterate(iterator, (void**)&child_sa)) { if (child_sa->update(child_sa, - this->ike_sa->get_my_host(this->ike_sa), + this->ike_sa->get_my_host(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa), this->ike_sa->get_virtual_ip(this->ike_sa, TRUE), this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY)) == NOT_SUPPORTED) @@ -276,7 +276,7 @@ static void transmit(private_ike_mobike_t *this, packet_t *packet) host_t *me, *other, *me_old, *other_old; iterator_t *iterator; packet_t *copy; - + if (!this->check) { return; @@ -284,7 +284,7 @@ static void transmit(private_ike_mobike_t *this, packet_t *packet) me_old = this->ike_sa->get_my_host(this->ike_sa); other_old = this->ike_sa->get_other_host(this->ike_sa); - + me = charon->kernel_interface->get_source_addr( charon->kernel_interface, other_old, NULL); if (me) @@ -293,7 +293,7 @@ static void transmit(private_ike_mobike_t *this, packet_t *packet) me_old->get_port(me_old) : IKEV2_NATT_PORT); packet->set_source(packet, me); } - + iterator = this->ike_sa->create_additional_address_iterator(this->ike_sa); while (iterator->iterate(iterator, (void**)&other)) { @@ -338,8 +338,8 @@ static status_t build_i(private_ike_mobike_t *this, message_t *message) else if (message->get_exchange_type(message) == INFORMATIONAL) { host_t *old, *new; - - /* we check if the existing address is still valid */ + + /* we check if the existing address is still valid */ old = message->get_source(message); new = charon->kernel_interface->get_source_addr(charon->kernel_interface, message->get_destination(message), old); @@ -388,13 +388,13 @@ static status_t process_r(private_ike_mobike_t *this, message_t *message) if (this->update) { host_t *me, *other; - + me = message->get_destination(message); other = message->get_source(message); this->ike_sa->set_my_host(this->ike_sa, me->clone(me)); this->ike_sa->set_other_host(this->ike_sa, other->clone(other)); } - + if (this->natd) { this->natd->task.process(&this->natd->task, message); @@ -461,7 +461,7 @@ static status_t process_i(private_ike_mobike_t *this, message_t *message) if (this->cookie2.ptr) { /* check cookie if we included one */ chunk_t cookie2; - + cookie2 = this->cookie2; this->cookie2 = chunk_empty; process_payloads(this, message); @@ -496,17 +496,17 @@ static status_t process_i(private_ike_mobike_t *this, message_t *message) if (this->check) { host_t *me_new, *me_old, *other_new, *other_old; - + me_new = message->get_destination(message); other_new = message->get_source(message); me_old = this->ike_sa->get_my_host(this->ike_sa); other_old = this->ike_sa->get_other_host(this->ike_sa); - + if (!me_new->equals(me_new, me_old)) { this->update = TRUE; this->ike_sa->set_my_host(this->ike_sa, me_new->clone(me_new)); - } + } if (!other_new->equals(other_new, other_old)) { this->update = TRUE; @@ -538,7 +538,7 @@ static void roam(private_ike_mobike_t *this, bool address) { this->check = TRUE; this->address = address; - this->ike_sa->set_pending_updates(this->ike_sa, + this->ike_sa->set_pending_updates(this->ike_sa, this->ike_sa->get_pending_updates(this->ike_sa) + 1); } @@ -552,7 +552,7 @@ static void dpd(private_ike_mobike_t *this) this->natd = ike_natd_create(this->ike_sa, this->initiator); } this->address = FALSE; - this->ike_sa->set_pending_updates(this->ike_sa, + this->ike_sa->set_pending_updates(this->ike_sa, this->ike_sa->get_pending_updates(this->ike_sa) + 1); } @@ -612,7 +612,7 @@ ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator) this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + if (initiator) { this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; @@ -623,7 +623,7 @@ ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator) this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; } - + this->ike_sa = ike_sa; this->initiator = initiator; this->update = FALSE; @@ -631,7 +631,7 @@ ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator) this->address = TRUE; this->cookie2 = chunk_empty; this->natd = NULL; - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_mobike.h b/src/charon/sa/tasks/ike_mobike.h index 919b5ddd3..7d6dd5840 100644 --- a/src/charon/sa/tasks/ike_mobike.h +++ b/src/charon/sa/tasks/ike_mobike.h @@ -35,7 +35,7 @@ typedef struct ike_mobike_t ike_mobike_t; * and IPsec tunnel addresses. * This tasks handles the MOBIKE_SUPPORTED notify exchange to detect MOBIKE * support, allows the exchange of ADDITIONAL_*_ADDRESS to exchange additional - * endpoints and handles the UPDATE_SA_ADDRESS notify to finally update + * endpoints and handles the UPDATE_SA_ADDRESS notify to finally update * endpoints. */ struct ike_mobike_t { @@ -44,36 +44,36 @@ struct ike_mobike_t { * Implements the task_t interface */ task_t task; - + /** * Use the task to roam to other addresses. * * @param address TRUE to include address list update */ void (*roam)(ike_mobike_t *this, bool address); - + /** * Use the task for a DPD check which detects changes in NAT mappings. */ void (*dpd)(ike_mobike_t *this); - + /** * Transmision hook, called by task manager. * - * The task manager calls this hook whenever it transmits a packet. It + * The task manager calls this hook whenever it transmits a packet. It * allows the mobike task to send the packet on multiple paths to do path * probing. * * @param packet the packet to transmit */ void (*transmit)(ike_mobike_t *this, packet_t *packet); - + /** * Check if this task is probing for routability. * * @return TRUE if task is probing */ - bool (*is_probing)(ike_mobike_t *this); + bool (*is_probing)(ike_mobike_t *this); }; /** diff --git a/src/charon/sa/tasks/ike_natd.c b/src/charon/sa/tasks/ike_natd.c index f3a70c742..9121fe2ea 100644 --- a/src/charon/sa/tasks/ike_natd.c +++ b/src/charon/sa/tasks/ike_natd.c @@ -30,47 +30,47 @@ typedef struct private_ike_natd_t private_ike_natd_t; * Private members of a ike_natd_t task. */ struct private_ike_natd_t { - + /** * Public methods and task_t interface. */ ike_natd_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * Hasher used to build NAT detection hashes */ hasher_t *hasher; - + /** * Did we process any NAT detection notifys for a source address? */ bool src_seen; - + /** * Did we process any NAT detection notifys for a destination address? */ bool dst_seen; - + /** * Have we found a matching source address NAT hash? */ bool src_matched; - + /** * Have we found a matching destination address NAT hash? */ bool dst_matched; - + /** * whether NAT mappings for our NATed address has changed */ @@ -88,7 +88,7 @@ static chunk_t generate_natd_hash(private_ike_natd_t *this, chunk_t natd_hash; u_int64_t spi_i, spi_r; u_int16_t port; - + /* prepare all required chunks */ spi_i = ike_sa_id->get_initiator_spi(ike_sa_id); spi_r = ike_sa_id->get_responder_spi(ike_sa_id); @@ -100,13 +100,13 @@ static chunk_t generate_natd_hash(private_ike_natd_t *this, port_chunk.ptr = (void*)&port; port_chunk.len = sizeof(port); addr_chunk = host->get_address(host); - + /* natd_hash = SHA1( spi_i | spi_r | address | port ) */ natd_chunk = chunk_cat("cccc", spi_i_chunk, spi_r_chunk, addr_chunk, port_chunk); this->hasher->allocate_hash(this->hasher, natd_chunk, &natd_hash); DBG3(DBG_IKE, "natd_chunk %B", &natd_chunk); DBG3(DBG_IKE, "natd_hash %B", &natd_hash); - + chunk_free(&natd_chunk); return natd_hash; } @@ -118,7 +118,7 @@ static chunk_t generate_natd_hash_faked(private_ike_natd_t *this) { rng_t *rng; chunk_t chunk; - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -140,7 +140,7 @@ static notify_payload_t *build_natd_payload(private_ike_natd_t *this, notify_payload_t *notify; ike_sa_id_t *ike_sa_id; ike_cfg_t *config; - + ike_sa_id = this->ike_sa->get_id(this->ike_sa); config = this->ike_sa->get_ike_cfg(this->ike_sa); if (config->force_encap(config) && type == NAT_DETECTION_SOURCE_IP) @@ -155,7 +155,7 @@ static notify_payload_t *build_natd_payload(private_ike_natd_t *this, notify->set_notify_type(notify, type); notify->set_notification_data(notify, hash); chunk_free(&hash); - + return notify; } @@ -171,17 +171,17 @@ static void process_payloads(private_ike_natd_t *this, message_t *message) ike_sa_id_t *ike_sa_id; host_t *me, *other; ike_cfg_t *config; - + /* Precompute NAT-D hashes for incoming NAT notify comparison */ ike_sa_id = message->get_ike_sa_id(message); me = message->get_destination(message); other = message->get_source(message); dst_hash = generate_natd_hash(this, ike_sa_id, me); src_hash = generate_natd_hash(this, ike_sa_id, other); - + DBG3(DBG_IKE, "precalculated src_hash %B", &src_hash); DBG3(DBG_IKE, "precalculated dst_hash %B", &dst_hash); - + enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { @@ -234,10 +234,10 @@ static void process_payloads(private_ike_natd_t *this, message_t *message) } } enumerator->destroy(enumerator); - + chunk_free(&src_hash); chunk_free(&dst_hash); - + if (this->src_seen && this->dst_seen) { this->ike_sa->enable_extension(this->ike_sa, EXT_NATT); @@ -261,7 +261,7 @@ static void process_payloads(private_ike_natd_t *this, message_t *message) static status_t process_i(private_ike_natd_t *this, message_t *message) { process_payloads(this, message); - + if (message->get_exchange_type(message) == IKE_SA_INIT) { peer_cfg_t *peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); @@ -275,7 +275,7 @@ static status_t process_i(private_ike_natd_t *this, message_t *message) return SUCCESS; } #endif /* ME */ - + if (this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY) || #ifdef ME /* if we are on a mediation connection we switch to port 4500 even @@ -288,7 +288,7 @@ static status_t process_i(private_ike_natd_t *this, message_t *message) this->ike_sa->supports_extension(this->ike_sa, EXT_NATT))) { host_t *me, *other; - + /* do not switch if we have a custom port from mobike/NAT */ me = this->ike_sa->get_my_host(this->ike_sa); if (me->get_port(me) == IKEV2_UDP_PORT) @@ -302,7 +302,7 @@ static status_t process_i(private_ike_natd_t *this, message_t *message) } } } - + return SUCCESS; } @@ -314,18 +314,18 @@ static status_t build_i(private_ike_natd_t *this, message_t *message) notify_payload_t *notify; enumerator_t *enumerator; host_t *host; - + if (this->hasher == NULL) { DBG1(DBG_IKE, "unable to build NATD payloads, SHA1 not supported"); return NEED_MORE; } - + /* destination is always set */ host = message->get_destination(message); notify = build_natd_payload(this, NAT_DETECTION_DESTINATION_IP, host); message->add_payload(message, (payload_t*)notify); - + /* source may be any, we have 3 possibilities to get our source address: * 1. It is defined in the config => use the one of the IKE_SA * 2. We do a routing lookup in the kernel interface @@ -374,7 +374,7 @@ static status_t build_r(private_ike_natd_t *this, message_t *message) { notify_payload_t *notify; host_t *me, *other; - + /* only add notifies on successfull responses. */ if (message->get_exchange_type(message) == IKE_SA_INIT && message->get_payload(message, SECURITY_ASSOCIATION) == NULL) @@ -389,12 +389,12 @@ static status_t build_r(private_ike_natd_t *this, message_t *message) DBG1(DBG_IKE, "unable to build NATD payloads, SHA1 not supported"); return SUCCESS; } - + /* initiator seems to support NAT detection, add response */ me = message->get_source(message); notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, me); message->add_payload(message, (payload_t*)notify); - + other = message->get_destination(message); notify = build_natd_payload(this, NAT_DETECTION_DESTINATION_IP, other); message->add_payload(message, (payload_t*)notify); @@ -408,7 +408,7 @@ static status_t build_r(private_ike_natd_t *this, message_t *message) static status_t process_r(private_ike_natd_t *this, message_t *message) { process_payloads(this, message); - + return NEED_MORE; } @@ -460,7 +460,7 @@ ike_natd_t *ike_natd_create(ike_sa_t *ike_sa, bool initiator) this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + if (initiator) { this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; @@ -471,9 +471,9 @@ ike_natd_t *ike_natd_create(ike_sa_t *ike_sa, bool initiator) this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; } - + this->public.has_mapping_changed = (bool(*)(ike_natd_t*))has_mapping_changed; - + this->ike_sa = ike_sa; this->initiator = initiator; this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); @@ -482,6 +482,6 @@ ike_natd_t *ike_natd_create(ike_sa_t *ike_sa, bool initiator) this->src_matched = FALSE; this->dst_matched = FALSE; this->mapping_changed = FALSE; - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_natd.h b/src/charon/sa/tasks/ike_natd.h index 698394842..97b652ead 100644 --- a/src/charon/sa/tasks/ike_natd.h +++ b/src/charon/sa/tasks/ike_natd.h @@ -36,7 +36,7 @@ struct ike_natd_t { * Implements the task_t interface */ task_t task; - + /** * Check if the NAT mapping has changed for our address. * diff --git a/src/charon/sa/tasks/ike_reauth.c b/src/charon/sa/tasks/ike_reauth.c index 3d8b7e256..ac89c358b 100644 --- a/src/charon/sa/tasks/ike_reauth.c +++ b/src/charon/sa/tasks/ike_reauth.c @@ -25,17 +25,17 @@ typedef struct private_ike_reauth_t private_ike_reauth_t; * Private members of a ike_reauth_t task. */ struct private_ike_reauth_t { - + /** * Public methods and task_t interface. */ ike_reauth_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * reused ike_delete task */ @@ -60,12 +60,12 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message) iterator_t *iterator; child_sa_t *child_sa; peer_cfg_t *peer_cfg; - + /* process delete response first */ this->ike_delete->task.process(&this->ike_delete->task, message); peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); - + /* reauthenticate only if we have children */ iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa); if (iterator->get_count(iterator) == 0 @@ -79,9 +79,9 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message) iterator->destroy(iterator); return FAILED; } - + new = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, TRUE); - + new->set_peer_cfg(new, peer_cfg); host = this->ike_sa->get_other_host(this->ike_sa); new->set_other_host(new, host->clone(host)); @@ -93,7 +93,7 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message) { new->set_virtual_ip(new, TRUE, host); } - + #ifdef ME /* we initiate the new IKE_SA of the mediation connection without CHILD_SA */ if (peer_cfg->is_mediation(peer_cfg)) @@ -109,7 +109,7 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message) } } #endif /* ME */ - + while (iterator->iterate(iterator, (void**)&child_sa)) { switch (child_sa->get_state(child_sa)) @@ -144,7 +144,7 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message) charon->ike_sa_manager->checkin(charon->ike_sa_manager, new); /* set threads active IKE_SA after checkin */ charon->bus->set_sa(charon->bus, this->ike_sa); - + /* we always return failed to delete the obsolete IKE_SA */ return FAILED; } @@ -187,10 +187,10 @@ ike_reauth_t *ike_reauth_create(ike_sa_t *ike_sa) this->public.task.destroy = (void(*)(task_t*))destroy; this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; this->public.task.process = (status_t(*)(task_t*,message_t*))process_i; - + this->ike_sa = ike_sa; this->ike_delete = ike_delete_create(ike_sa, TRUE); - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_rekey.c b/src/charon/sa/tasks/ike_rekey.c index e9f5d5f87..2b5892af7 100644 --- a/src/charon/sa/tasks/ike_rekey.c +++ b/src/charon/sa/tasks/ike_rekey.c @@ -30,37 +30,37 @@ typedef struct private_ike_rekey_t private_ike_rekey_t; * Private members of a ike_rekey_t task. */ struct private_ike_rekey_t { - + /** * Public methods and task_t interface. */ ike_rekey_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * New IKE_SA which replaces the current one */ ike_sa_t *new_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * the IKE_INIT task which is reused to simplify rekeying */ ike_init_t *ike_init; - + /** * IKE_DELETE task to delete the old IKE_SA after rekeying was successful */ ike_delete_t *ike_delete; - + /** * colliding task detected by the task manager */ @@ -74,7 +74,7 @@ static status_t build_i_delete(private_ike_rekey_t *this, message_t *message) { /* update exchange type to INFORMATIONAL for the delete */ message->set_exchange_type(message, INFORMATIONAL); - + return this->ike_delete->task.build(&this->ike_delete->task, message); } @@ -93,13 +93,13 @@ static status_t build_i(private_ike_rekey_t *this, message_t *message) { peer_cfg_t *peer_cfg; host_t *other_host; - + /* create new SA only on first try */ if (this->new_sa == NULL) { this->new_sa = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, TRUE); - + peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); other_host = this->ike_sa->get_other_host(this->ike_sa); this->new_sa->set_peer_cfg(this->new_sa, peer_cfg); @@ -120,7 +120,7 @@ static status_t process_r(private_ike_rekey_t *this, message_t *message) peer_cfg_t *peer_cfg; iterator_t *iterator; child_sa_t *child_sa; - + if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING) { DBG1(DBG_IKE, "peer initiated rekeying, but we are deleting"); @@ -144,15 +144,15 @@ static status_t process_r(private_ike_rekey_t *this, message_t *message) } } iterator->destroy(iterator); - + this->new_sa = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, FALSE); - + peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); this->new_sa->set_peer_cfg(this->new_sa, peer_cfg); this->ike_init = ike_init_create(this->new_sa, FALSE, this->ike_sa); this->ike_init->task.process(&this->ike_init->task, message); - + return NEED_MORE; } @@ -167,12 +167,12 @@ static status_t build_r(private_ike_rekey_t *this, message_t *message) message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty); return SUCCESS; } - + if (this->ike_init->task.build(&this->ike_init->task, message) == FAILED) { return SUCCESS; } - + this->ike_sa->set_state(this->ike_sa, IKE_REKEYING); this->new_sa->set_state(this->new_sa, IKE_ESTABLISHED); DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]", @@ -182,7 +182,7 @@ static status_t build_r(private_ike_rekey_t *this, message_t *message) this->ike_sa->get_my_id(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa), this->ike_sa->get_other_id(this->ike_sa)); - + return SUCCESS; } @@ -201,7 +201,7 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message) this->ike_sa->get_id(this->ike_sa), TRUE)); return SUCCESS; } - + switch (this->ike_init->task.process(&this->ike_init->task, message)) { case FAILED: @@ -227,7 +227,7 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message) default: break; } - + this->new_sa->set_state(this->new_sa, IKE_ESTABLISHED); DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]", this->new_sa->get_name(this->new_sa), @@ -236,7 +236,7 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message) this->ike_sa->get_my_id(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa), this->ike_sa->get_other_id(this->ike_sa)); - + /* check for collisions */ if (this->collision && this->collision->get_type(this->collision) == IKE_REKEY) @@ -244,13 +244,13 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message) chunk_t this_nonce, other_nonce; host_t *host; private_ike_rekey_t *other = (private_ike_rekey_t*)this->collision; - + this_nonce = this->ike_init->get_lower_nonce(this->ike_init); other_nonce = other->ike_init->get_lower_nonce(other->ike_init); - + /* if we have the lower nonce, delete rekeyed SA. If not, delete * the redundant. */ - if (memcmp(this_nonce.ptr, other_nonce.ptr, + if (memcmp(this_nonce.ptr, other_nonce.ptr, min(this_nonce.len, other_nonce.len)) < 0) { /* peer should delete this SA. Add a timeout just in case. */ @@ -290,12 +290,12 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message) /* set threads active IKE_SA after checkin */ charon->bus->set_sa(charon->bus, this->ike_sa); } - + /* rekeying successful, delete the IKE_SA using a subtask */ this->ike_delete = ike_delete_create(this->ike_sa, TRUE); this->public.task.build = (status_t(*)(task_t*,message_t*))build_i_delete; this->public.task.process = (status_t(*)(task_t*,message_t*))process_i_delete; - + return NEED_MORE; } @@ -334,7 +334,7 @@ static void migrate(private_ike_rekey_t *this, ike_sa_t *ike_sa) charon->bus->set_sa(charon->bus, this->ike_sa); } DESTROY_IF(this->collision); - + this->collision = NULL; this->ike_sa = ike_sa; this->new_sa = NULL; @@ -397,13 +397,13 @@ ike_rekey_t *ike_rekey_create(ike_sa_t *ike_sa, bool initiator) this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; } - + this->ike_sa = ike_sa; this->new_sa = NULL; this->ike_init = NULL; this->ike_delete = NULL; this->initiator = initiator; this->collision = NULL; - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_rekey.h b/src/charon/sa/tasks/ike_rekey.h index 6748279ab..b9c02220d 100644 --- a/src/charon/sa/tasks/ike_rekey.h +++ b/src/charon/sa/tasks/ike_rekey.h @@ -36,7 +36,7 @@ struct ike_rekey_t { * Implements the task_t interface */ task_t task; - + /** * Register a rekeying task which collides with this one. * diff --git a/src/charon/sa/tasks/task.h b/src/charon/sa/tasks/task.h index 0e0af072f..b53b2cc1f 100644 --- a/src/charon/sa/tasks/task.h +++ b/src/charon/sa/tasks/task.h @@ -123,7 +123,7 @@ struct task_t { * Get the type of the task implementation. */ task_type_t (*get_type) (task_t *this); - + /** * Migrate a task to a new IKE_SA. * @@ -138,7 +138,7 @@ struct task_t { * @param ike_sa new IKE_SA this task works for */ void (*migrate) (task_t *this, ike_sa_t *ike_sa); - + /** * Destroys a task_t object. */ diff --git a/src/charon/sa/trap_manager.c b/src/charon/sa/trap_manager.c index 570335eb4..c9090250d 100644 --- a/src/charon/sa/trap_manager.c +++ b/src/charon/sa/trap_manager.c @@ -27,12 +27,12 @@ typedef struct trap_listener_t trap_listener_t; * listener to track acquires */ struct trap_listener_t { - + /** * Implements listener interface */ listener_t listener; - + /** * points to trap_manager */ @@ -43,22 +43,22 @@ struct trap_listener_t { * Private data of an trap_manager_t object. */ struct private_trap_manager_t { - + /** * Public trap_manager_t interface. */ trap_manager_t public; - + /** * Installed traps, as entry_t */ linked_list_t *traps; - + /** * read write lock for traps list */ rwlock_t *lock; - + /** * listener to track acquiring IKE_SAs */ @@ -102,7 +102,7 @@ static u_int32_t install(private_trap_manager_t *this, peer_cfg_t *peer, bool found = FALSE; status_t status; u_int32_t reqid; - + /* check if not already done */ this->lock->read_lock(this->lock); enumerator = this->traps->create_enumerator(this->traps); @@ -123,10 +123,10 @@ static u_int32_t install(private_trap_manager_t *this, peer_cfg_t *peer, child->get_name(child)); return 0; } - + /* try to resolve addresses */ ike_cfg = peer->get_ike_cfg(peer); - other = host_create_from_dns(ike_cfg->get_other_addr(ike_cfg), + other = host_create_from_dns(ike_cfg->get_other_addr(ike_cfg), 0, IKEV2_UDP_PORT); if (!other) { @@ -148,14 +148,14 @@ static u_int32_t install(private_trap_manager_t *this, peer_cfg_t *peer, } me->set_port(me, IKEV2_UDP_PORT); } - + /* create and route CHILD_SA */ child_sa = child_sa_create(me, other, child, 0, FALSE); my_ts = child->get_traffic_selectors(child, TRUE, NULL, me); other_ts = child->get_traffic_selectors(child, FALSE, NULL, other); me->destroy(me); other->destroy(other); - + /* while we don't know the finally negotiated protocol (ESP|AH), we * could iterate all proposals for a best guest (TODO). But as we * support ESP only for now, we set here. */ @@ -170,17 +170,17 @@ static u_int32_t install(private_trap_manager_t *this, peer_cfg_t *peer, DBG1(DBG_CFG, "installing trap failed"); return 0; } - + reqid = child_sa->get_reqid(child_sa); entry = malloc_thing(entry_t); entry->child_sa = child_sa; entry->peer_cfg = peer->get_ref(peer); entry->pending = NULL; - + this->lock->write_lock(this->lock); this->traps->insert_last(this->traps, entry); this->lock->unlock(this->lock); - + return reqid; } @@ -191,7 +191,7 @@ static bool uninstall(private_trap_manager_t *this, u_int32_t reqid) { enumerator_t *enumerator; entry_t *entry, *found = NULL; - + this->lock->write_lock(this->lock); enumerator = this->traps->create_enumerator(this->traps); while (enumerator->enumerate(enumerator, &entry)) @@ -205,13 +205,13 @@ static bool uninstall(private_trap_manager_t *this, u_int32_t reqid) } enumerator->destroy(enumerator); this->lock->unlock(this->lock); - + if (!found) { DBG1(DBG_CFG, "trap %d not found to uninstall", reqid); return FALSE; } - + destroy_entry(found); return TRUE; } @@ -255,7 +255,7 @@ static void acquire(private_trap_manager_t *this, u_int32_t reqid, peer_cfg_t *peer; child_cfg_t *child; ike_sa_t *ike_sa; - + this->lock->read_lock(this->lock); enumerator = this->traps->create_enumerator(this->traps); while (enumerator->enumerate(enumerator, &entry)) @@ -267,7 +267,7 @@ static void acquire(private_trap_manager_t *this, u_int32_t reqid, } } enumerator->destroy(enumerator); - + if (!found) { DBG1(DBG_CFG, "trap not found, unable to acquire reqid %d",reqid); @@ -311,7 +311,7 @@ static bool ike_state_change(trap_listener_t *listener, ike_sa_t *ike_sa, private_trap_manager_t *this; enumerator_t *enumerator; entry_t *entry; - + switch (state) { case IKE_ESTABLISHED: @@ -320,7 +320,7 @@ static bool ike_state_change(trap_listener_t *listener, ike_sa_t *ike_sa, default: return TRUE; } - + this = listener->traps; this->lock->read_lock(this->lock); enumerator = this->traps->create_enumerator(this->traps); @@ -354,22 +354,22 @@ static void destroy(private_trap_manager_t *this) trap_manager_t *trap_manager_create() { private_trap_manager_t *this = malloc_thing(private_trap_manager_t); - + this->public.install = (u_int(*)(trap_manager_t*, peer_cfg_t *peer, child_cfg_t *child))install; this->public.uninstall = (bool(*)(trap_manager_t*, u_int32_t id))uninstall; this->public.create_enumerator = (enumerator_t*(*)(trap_manager_t*))create_enumerator; this->public.acquire = (void(*)(trap_manager_t*, u_int32_t reqid, traffic_selector_t *src, traffic_selector_t *dst))acquire; this->public.destroy = (void(*)(trap_manager_t*))destroy; - + this->traps = linked_list_create(); this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); - + /* register listener for IKE state changes */ this->listener.traps = this; memset(&this->listener.listener, 0, sizeof(listener_t)); this->listener.listener.ike_state_change = (void*)ike_state_change; charon->bus->add_listener(charon->bus, &this->listener.listener); - + return &this->public; } diff --git a/src/charon/sa/trap_manager.h b/src/charon/sa/trap_manager.h index cb6907cdc..9a39229e6 100644 --- a/src/charon/sa/trap_manager.h +++ b/src/charon/sa/trap_manager.h @@ -31,7 +31,7 @@ typedef struct trap_manager_t trap_manager_t; * Manage policies to create SAs from traffic. */ struct trap_manager_t { - + /** * Install a policy as a trap. * @@ -41,7 +41,7 @@ struct trap_manager_t { */ u_int32_t (*install)(trap_manager_t *this, peer_cfg_t *peer, child_cfg_t *child); - + /** * Uninstall a trap policy. * @@ -49,14 +49,14 @@ struct trap_manager_t { * @return TRUE if uninstalled successfully */ bool (*uninstall)(trap_manager_t *this, u_int32_t reqid); - + /** * Create an enumerator over all installed traps. * * @return enumerator over (peer_cfg_t, child_sa_t) */ enumerator_t* (*create_enumerator)(trap_manager_t *this); - + /** * Acquire an SA triggered by an installed trap. * @@ -66,7 +66,7 @@ struct trap_manager_t { */ void (*acquire)(trap_manager_t *this, u_int32_t reqid, traffic_selector_t *src, traffic_selector_t *dst); - + /** * Destroy a trap_manager_t. */ |