diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2016-04-04 18:41:17 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2016-04-09 16:51:01 +0200 |
| commit | 2ba5dadb12dd95c9ba5ff99e619fb33388582661 (patch) | |
| tree | 2a1a93fafd2c8bccff3704af74fa968647fe1b5d /src/libcharon/plugins | |
| parent | 8a00a8452ddb36ec07038242c029a214b0417ae8 (diff) | |
| download | strongswan-2ba5dadb12dd95c9ba5ff99e619fb33388582661.tar.bz2 strongswan-2ba5dadb12dd95c9ba5ff99e619fb33388582661.tar.xz | |
peer-cfg: Use struct to pass data to constructor
Diffstat (limited to 'src/libcharon/plugins')
| -rw-r--r-- | src/libcharon/plugins/ha/ha_tunnel.c | 13 | ||||
| -rw-r--r-- | src/libcharon/plugins/load_tester/load_tester_config.c | 20 | ||||
| -rw-r--r-- | src/libcharon/plugins/maemo/maemo_service.c | 17 | ||||
| -rw-r--r-- | src/libcharon/plugins/medcli/medcli_config.c | 50 | ||||
| -rw-r--r-- | src/libcharon/plugins/medsrv/medsrv_config.c | 20 | ||||
| -rw-r--r-- | src/libcharon/plugins/sql/sql_config.c | 30 | ||||
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_config.c | 53 | ||||
| -rw-r--r-- | src/libcharon/plugins/uci/uci_config.c | 17 | ||||
| -rw-r--r-- | src/libcharon/plugins/vici/vici_config.c | 23 |
9 files changed, 148 insertions, 95 deletions
diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c index fc956ac94..a0e514614 100644 --- a/src/libcharon/plugins/ha/ha_tunnel.c +++ b/src/libcharon/plugins/ha/ha_tunnel.c @@ -183,6 +183,15 @@ static void setup_tunnel(private_ha_tunnel_t *this, auth_cfg_t *auth_cfg; child_cfg_t *child_cfg; traffic_selector_t *ts; + peer_cfg_create_t peer = { + .cert_policy = CERT_NEVER_SEND, + .unique = UNIQUE_KEEP, + .rekey_time = 86400, /* 24h */ + .jitter_time = 7200, /* 2h */ + .over_time = 3600, /* 1h */ + .no_mobike = TRUE, + .dpd = 30, + }; child_cfg_create_t child = { .lifetime = { .time = { @@ -211,9 +220,7 @@ static void setup_tunnel(private_ha_tunnel_t *this, remote, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE)); - peer_cfg = peer_cfg_create("ha", ike_cfg, CERT_NEVER_SEND, - UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, FALSE, - TRUE, 30, 0, FALSE, NULL, NULL); + peer_cfg = peer_cfg_create("ha", ike_cfg, &peer); auth_cfg = auth_cfg_create(); auth_cfg->add(auth_cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c index efef3fbde..28421c212 100644 --- a/src/libcharon/plugins/load_tester/load_tester_config.c +++ b/src/libcharon/plugins/load_tester/load_tester_config.c @@ -688,6 +688,16 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) peer_cfg_t *peer_cfg; char local[32], *remote; host_t *addr; + peer_cfg_create_t peer = { + .cert_policy = CERT_SEND_IF_ASKED, + .unique = UNIQUE_NO, + .keyingtries = 1, + .rekey_time = this->ike_rekey, + .over_time = this->ike_rekey, + .no_mobike = TRUE, + .dpd = this->dpd_delay, + .dpd_timeout = this->dpd_timeout, + }; child_cfg_create_t child = { .lifetime = { .time = { @@ -739,14 +749,8 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) FRAGMENTATION_NO, 0); } ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal)); - peer_cfg = peer_cfg_create("load-test", ike_cfg, - CERT_SEND_IF_ASKED, UNIQUE_NO, 1, /* keytries */ - this->ike_rekey, 0, /* rekey, reauth */ - 0, this->ike_rekey, /* jitter, overtime */ - FALSE, FALSE, TRUE, /* mobike, aggressive, pull */ - this->dpd_delay, /* dpd_delay */ - this->dpd_timeout, /* dpd_timeout */ - FALSE, NULL, NULL); + peer_cfg = peer_cfg_create("load-test", ike_cfg, &peer); + if (this->vip) { peer_cfg->add_virtual_ip(peer_cfg, this->vip->clone(this->vip)); diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c index db0ce2cf7..3e5861b87 100644 --- a/src/libcharon/plugins/maemo/maemo_service.c +++ b/src/libcharon/plugins/maemo/maemo_service.c @@ -236,6 +236,14 @@ static gboolean initiate_connection(private_maemo_service_t *this, traffic_selector_t *ts; auth_cfg_t *auth; certificate_t *cert; + peer_cfg_create_t peer = { + .cert_policy = CERT_SEND_IF_ASKED, + .unique = UNIQUE_REPLACE, + .keyingtries = 1, + .rekey_time = 36000, /* 10h */ + .jitter_time = 600, /* 10min */ + .over_time = 600, /* 10min */ + }; child_cfg_create_t child = { .lifetime = { .time = { @@ -332,14 +340,7 @@ static gboolean initiate_connection(private_maemo_service_t *this, ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE)); - peer_cfg = peer_cfg_create(this->current, ike_cfg, - CERT_SEND_IF_ASKED, - UNIQUE_REPLACE, 1, /* keyingtries */ - 36000, 0, /* rekey 10h, reauth none */ - 600, 600, /* jitter, over 10min */ - TRUE, FALSE, TRUE, /* mobike, aggressive, pull */ - 0, 0, /* DPD delay, timeout */ - FALSE, NULL, NULL); /* mediation */ + peer_cfg = peer_cfg_create(this->current, ike_cfg, &peer); peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0)); auth = auth_cfg_create(); diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c index d3476e90f..4452739c1 100644 --- a/src/libcharon/plugins/medcli/medcli_config.c +++ b/src/libcharon/plugins/medcli/medcli_config.c @@ -82,6 +82,16 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, child_cfg_t *child_cfg; chunk_t me, other; char *address, *local_net, *remote_net; + peer_cfg_create_t peer = { + .cert_policy = CERT_NEVER_SEND, + .unique = UNIQUE_REPLACE, + .keyingtries = 1, + .rekey_time = this->rekey * 60, + .jitter_time = this->rekey * 5, + .over_time = this->rekey * 3, + .dpd = this->dpd, + .mediation = TRUE, + }; child_cfg_create_t child = { .lifetime = { .time = { @@ -110,14 +120,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, address, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE)); - med_cfg = peer_cfg_create( - "mediation", ike_cfg, - CERT_NEVER_SEND, UNIQUE_REPLACE, - 1, this->rekey*60, 0, /* keytries, rekey, reauth */ - this->rekey*5, this->rekey*3, /* jitter, overtime */ - TRUE, FALSE, TRUE, /* mobike, aggressive, pull */ - this->dpd, 0, /* DPD delay, timeout */ - TRUE, NULL, NULL); /* mediation, med by, peer id */ + med_cfg = peer_cfg_create("mediation", ike_cfg, &peer); e->destroy(e); auth = auth_cfg_create(); @@ -147,15 +150,10 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, DESTROY_IF(e); return NULL; } - peer_cfg = peer_cfg_create( - name, this->ike->get_ref(this->ike), - CERT_NEVER_SEND, UNIQUE_REPLACE, - 1, this->rekey*60, 0, /* keytries, rekey, reauth */ - this->rekey*5, this->rekey*3, /* jitter, overtime */ - TRUE, FALSE, TRUE, /* mobike, aggressive, pull */ - this->dpd, 0, /* DPD delay, timeout */ - FALSE, med_cfg, /* mediation, med by */ - identification_create_from_encoding(ID_KEY_ID, other)); + peer.mediation = FALSE; + peer.mediated_by = med_cfg; + peer.peer_id = identification_create_from_encoding(ID_KEY_ID, other); + peer_cfg = peer_cfg_create(name, this->ike->get_ref(this->ike), &peer); auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); @@ -206,6 +204,15 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, chunk_t me, other; child_cfg_t *child_cfg; auth_cfg_t *auth; + peer_cfg_create_t peer = { + .cert_policy = CERT_NEVER_SEND, + .unique = UNIQUE_REPLACE, + .keyingtries = 1, + .rekey_time = this->rekey * 60, + .jitter_time = this->rekey * 5, + .over_time = this->rekey * 3, + .dpd = this->dpd, + }; child_cfg_create_t child = { .lifetime = { .time = { @@ -224,14 +231,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, this->current = NULL; return FALSE; } - this->current = peer_cfg_create( - name, this->ike->get_ref(this->ike), - CERT_NEVER_SEND, UNIQUE_REPLACE, - 1, this->rekey*60, 0, /* keytries, rekey, reauth */ - this->rekey*5, this->rekey*3, /* jitter, overtime */ - TRUE, FALSE, TRUE, /* mobike, aggressive, pull */ - this->dpd, 0, /* DPD delay, timeout */ - FALSE, NULL, NULL); /* mediation, med by, peer id */ + this->current = peer_cfg_create(name, this->ike->get_ref(this->ike), &peer); auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); diff --git a/src/libcharon/plugins/medsrv/medsrv_config.c b/src/libcharon/plugins/medsrv/medsrv_config.c index 02d805e06..be7f481b6 100644 --- a/src/libcharon/plugins/medsrv/medsrv_config.c +++ b/src/libcharon/plugins/medsrv/medsrv_config.c @@ -87,14 +87,18 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, if (e->enumerate(e, &name)) { - peer_cfg = peer_cfg_create( - name, this->ike->get_ref(this->ike), - CERT_NEVER_SEND, UNIQUE_REPLACE, - 1, this->rekey*60, 0, /* keytries, rekey, reauth */ - this->rekey*5, this->rekey*3, /* jitter, overtime */ - TRUE, FALSE, TRUE, /* mobike, aggressive, pull */ - this->dpd, 0, /* DPD delay, timeout */ - TRUE, NULL, NULL); /* mediation, med by, peer id */ + peer_cfg_create_t peer = { + .cert_policy = CERT_NEVER_SEND, + .unique = UNIQUE_REPLACE, + .keyingtries = 1, + .rekey_time = this->rekey * 60, + .jitter_time = this->rekey * 5, + .over_time = this->rekey * 3, + .dpd = this->dpd, + .mediation = TRUE, + }; + peer_cfg = peer_cfg_create(name, this->ike->get_ref(this->ike), + &peer); e->destroy(e); auth = auth_cfg_create(); diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index 25704b0de..bbc20dca7 100644 --- a/src/libcharon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -300,6 +300,7 @@ static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id) return ike_cfg; } +#ifdef ME /** * Query a peer config by its id */ @@ -332,6 +333,7 @@ static peer_cfg_t *get_peer_cfg_by_id(private_sql_config_t *this, int id) } return peer_cfg; } +#endif /* ME */ /** * Check if the two IDs match (the first one is optional) @@ -363,7 +365,7 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, &mediation, &mediated_by, &p_type, &p_data)) { identification_t *local_id, *remote_id, *peer_id = NULL; - peer_cfg_t *peer_cfg, *mediated_cfg; + peer_cfg_t *peer_cfg, *mediated_cfg = NULL; ike_cfg_t *ike; host_t *vip = NULL; auth_cfg_t *auth; @@ -377,22 +379,38 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, continue; } ike = get_ike_cfg_by_id(this, ike_cfg); + +#ifdef ME mediated_cfg = mediated_by ? get_peer_cfg_by_id(this, mediated_by) : NULL; if (p_type) { peer_id = identification_create_from_encoding(p_type, p_data); } +#endif if (virtual) { vip = host_create_from_string(virtual, 0); } if (ike) { - peer_cfg = peer_cfg_create( - name, ike, cert_policy, uniqueid, - keyingtries, rekeytime, reauthtime, jitter, overtime, - mobike, FALSE, TRUE, dpd_delay, 0, - mediation, mediated_cfg, peer_id); + peer_cfg_create_t peer = { + .cert_policy = cert_policy, + .unique = uniqueid, + .keyingtries = keyingtries, + .rekey_time = rekeytime, + .reauth_time = reauthtime, + .jitter_time = jitter, + .over_time = overtime, + .no_mobike = !mobike, + .dpd = dpd_delay, +#ifdef ME + .mediation = mediation, + .mediated_by = mediated_cfg, + .peer_id = peer_id, +#endif /* ME */ + }; + + peer_cfg = peer_cfg_create(name, ike, &peer); if (vip) { peer_cfg->add_virtual_ip(peer_cfg, vip); diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index 9789163b7..f2d110434 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -616,12 +616,17 @@ static mem_pool_t *create_pool_range(char *str) static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, stroke_msg_t *msg, ike_cfg_t *ike_cfg) { - identification_t *peer_id = NULL; - peer_cfg_t *mediated_by = NULL; - unique_policy_t unique; - uint32_t rekey = 0, reauth = 0, over, jitter; peer_cfg_t *peer_cfg; auth_cfg_t *auth_cfg; + peer_cfg_create_t peer = { + .cert_policy = msg->add_conn.me.sendcert, + .keyingtries = msg->add_conn.rekey.tries, + .no_mobike = !msg->add_conn.mobike, + .aggressive = msg->add_conn.aggressive, + .push_mode = msg->add_conn.pushmode, + .dpd = msg->add_conn.dpd.delay, + .dpd_timeout = msg->add_conn.dpd.timeout, + }; #ifdef ME if (msg->add_conn.ikeme.mediation && msg->add_conn.ikeme.mediated_by) @@ -633,14 +638,17 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, if (msg->add_conn.ikeme.mediation) { + peer.mediation = TRUE; /* force unique connections for mediation connections */ msg->add_conn.unique = 1; } if (msg->add_conn.ikeme.mediated_by) { - mediated_by = charon->backends->get_peer_cfg_by_name(charon->backends, - msg->add_conn.ikeme.mediated_by); + peer_cfg_t *mediated_by; + + mediated_by = charon->backends->get_peer_cfg_by_name( + charon->backends, msg->add_conn.ikeme.mediated_by); if (!mediated_by) { DBG1(DBG_CFG, "mediation connection '%s' not found, aborting", @@ -655,58 +663,55 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, mediated_by->destroy(mediated_by); return NULL; } + peer.mediated_by = mediated_by; if (msg->add_conn.ikeme.peerid) { - peer_id = identification_create_from_string(msg->add_conn.ikeme.peerid); + peer.peer_id = identification_create_from_string( + msg->add_conn.ikeme.peerid); } else if (msg->add_conn.other.id) { - peer_id = identification_create_from_string(msg->add_conn.other.id); + peer.peer_id = identification_create_from_string( + msg->add_conn.other.id); } } #endif /* ME */ - jitter = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100; - over = msg->add_conn.rekey.margin; + peer.jitter_time = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100; + peer.over_time = msg->add_conn.rekey.margin; if (msg->add_conn.rekey.reauth) { - reauth = msg->add_conn.rekey.ike_lifetime - over; + peer.reauth_time = msg->add_conn.rekey.ike_lifetime - peer.over_time; } else { - rekey = msg->add_conn.rekey.ike_lifetime - over; + peer.rekey_time = msg->add_conn.rekey.ike_lifetime - peer.over_time; } switch (msg->add_conn.unique) { case 1: /* yes */ case 2: /* replace */ - unique = UNIQUE_REPLACE; + peer.unique = UNIQUE_REPLACE; break; case 3: /* keep */ - unique = UNIQUE_KEEP; + peer.unique = UNIQUE_KEEP; break; case 4: /* never */ - unique = UNIQUE_NEVER; + peer.unique = UNIQUE_NEVER; break; default: /* no */ - unique = UNIQUE_NO; + peer.unique = UNIQUE_NO; break; } if (msg->add_conn.dpd.action == 0) { /* dpdaction=none disables DPD */ - msg->add_conn.dpd.delay = 0; + peer.dpd = 0; } /* other.sourceip is managed in stroke_attributes. If it is set, we define * the pool name as the connection name, which the attribute provider * uses to serve pool addresses. */ - peer_cfg = peer_cfg_create(msg->add_conn.name, ike_cfg, - msg->add_conn.me.sendcert, unique, - msg->add_conn.rekey.tries, rekey, reauth, jitter, over, - msg->add_conn.mobike, msg->add_conn.aggressive, - msg->add_conn.pushmode == 0, - msg->add_conn.dpd.delay, msg->add_conn.dpd.timeout, - msg->add_conn.ikeme.mediation, mediated_by, peer_id); + peer_cfg = peer_cfg_create(msg->add_conn.name, ike_cfg, &peer); if (msg->add_conn.other.sourceip) { diff --git a/src/libcharon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c index 8d76bb454..e0578fe9b 100644 --- a/src/libcharon/plugins/uci/uci_config.c +++ b/src/libcharon/plugins/uci/uci_config.c @@ -126,6 +126,14 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, child_cfg_t *child_cfg; ike_cfg_t *ike_cfg; auth_cfg_t *auth; + peer_cfg_create_t peer = { + .cert_policy = CERT_SEND_IF_ASKED, + .unique = UNIQUE_NO, + .keyingtries = 1, + .jitter_time = 1800, + .over_time = 900, + .dpd = 60, + }; child_cfg_create_t child = { .lifetime = { .time = { @@ -160,13 +168,8 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, remote_addr, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0); ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE)); - this->peer_cfg = peer_cfg_create( - name, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO, - 1, create_rekey(ike_rekey), 0, /* keytries, rekey, reauth */ - 1800, 900, /* jitter, overtime */ - TRUE, FALSE, TRUE, /* mobike, aggressive, pull */ - 60, 0, /* DPD delay, timeout */ - FALSE, NULL, NULL); /* mediation, med by, peer id */ + peer.rekey_time = create_rekey(ike_rekey); + this->peer_cfg = peer_cfg_create(name, ike_cfg, &peer); auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); auth->add(auth, AUTH_RULE_IDENTITY, diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index f1c2fa860..e3fd9e9e3 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -1979,6 +1979,7 @@ CALLBACK(config_sn, bool, .rand_time = LFT_UNDEFINED, }; enumerator_t *enumerator; + peer_cfg_create_t cfg; peer_cfg_t *peer_cfg; ike_cfg_t *ike_cfg; child_cfg_t *child_cfg; @@ -2075,12 +2076,22 @@ CALLBACK(config_sn, bool, peer.local_addrs, peer.local_port, peer.remote_addrs, peer.remote_port, peer.fragmentation, 0); - peer_cfg = peer_cfg_create(name, ike_cfg, peer.send_cert, peer.unique, - peer.keyingtries, peer.rekey_time, peer.reauth_time, - peer.rand_time, peer.over_time, peer.mobike, - peer.aggressive, peer.pull, - peer.dpd_delay, peer.dpd_timeout, - FALSE, NULL, NULL); + + cfg = (peer_cfg_create_t){ + .cert_policy = peer.send_cert, + .unique = peer.unique, + .keyingtries = peer.keyingtries, + .rekey_time = peer.rekey_time, + .reauth_time = peer.reauth_time, + .jitter_time = peer.rand_time, + .over_time = peer.over_time, + .no_mobike = !peer.mobike, + .aggressive = peer.aggressive, + .push_mode = !peer.pull, + .dpd = peer.dpd_delay, + .dpd_timeout = peer.dpd_timeout, + }; + peer_cfg = peer_cfg_create(name, ike_cfg, &cfg); while (peer.local->remove_first(peer.local, (void**)&auth) == SUCCESS) |