diff options
| author | Martin Willi <martin@revosec.ch> | 2012-01-09 16:32:41 +0000 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-03-20 17:31:34 +0100 |
| commit | 5ce59d4c06e000079779fc66cdf9d14995247f3d (patch) | |
| tree | a9100336978342f7a91848de7350d492ab70e60b /src/libcharon | |
| parent | a347c1ac437803c23aa8858089d99f4f604fcebc (diff) | |
| download | strongswan-5ce59d4c06e000079779fc66cdf9d14995247f3d.tar.bz2 strongswan-5ce59d4c06e000079779fc66cdf9d14995247f3d.tar.xz | |
Added an aggressive mode peer_cfg option
Diffstat (limited to 'src/libcharon')
| -rw-r--r-- | src/libcharon/config/peer_cfg.c | 19 | ||||
| -rw-r--r-- | src/libcharon/config/peer_cfg.h | 14 | ||||
| -rw-r--r-- | src/libcharon/plugins/android/android_service.c | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/ha/ha_tunnel.c | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/load_tester/load_tester_config.c | 3 | ||||
| -rw-r--r-- | src/libcharon/plugins/maemo/maemo_service.c | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/medcli/medcli_config.c | 6 | ||||
| -rw-r--r-- | src/libcharon/plugins/medsrv/medsrv_config.c | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/nm/nm_service.c | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/sql/sql_config.c | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_config.c | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/uci/uci_config.c | 2 |
12 files changed, 40 insertions, 18 deletions
diff --git a/src/libcharon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c index fb9d54bfe..b278dc337 100644 --- a/src/libcharon/config/peer_cfg.c +++ b/src/libcharon/config/peer_cfg.c @@ -106,6 +106,11 @@ struct private_peer_cfg_t { bool use_mobike; /** + * Use aggressive mode? + */ + bool aggressive; + + /** * Time before starting rekeying */ u_int32_t rekey_time; @@ -381,6 +386,12 @@ METHOD(peer_cfg_t, use_mobike, bool, return this->use_mobike; } +METHOD(peer_cfg_t, use_aggressive, bool, + private_peer_cfg_t *this) +{ + return this->aggressive; +} + METHOD(peer_cfg_t, get_dpd, u_int32_t, private_peer_cfg_t *this) { @@ -574,9 +585,9 @@ peer_cfg_t *peer_cfg_create(char *name, ike_version_t ike_version, unique_policy_t unique, u_int32_t keyingtries, u_int32_t rekey_time, u_int32_t reauth_time, u_int32_t jitter_time, u_int32_t over_time, - bool mobike, u_int32_t dpd, host_t *virtual_ip, - char *pool, bool mediation, peer_cfg_t *mediated_by, - identification_t *peer_id) + bool mobike, bool aggressive, u_int32_t dpd, + host_t *virtual_ip, char *pool, bool mediation, + peer_cfg_t *mediated_by, identification_t *peer_id) { private_peer_cfg_t *this; @@ -605,6 +616,7 @@ peer_cfg_t *peer_cfg_create(char *name, ike_version_t ike_version, .get_reauth_time = _get_reauth_time, .get_over_time = _get_over_time, .use_mobike = _use_mobike, + .use_aggressive = _use_aggressive, .get_dpd = _get_dpd, .get_virtual_ip = _get_virtual_ip, .get_pool = _get_pool, @@ -632,6 +644,7 @@ peer_cfg_t *peer_cfg_create(char *name, ike_version_t ike_version, .jitter_time = jitter_time, .over_time = over_time, .use_mobike = mobike, + .aggressive = aggressive, .dpd = dpd, .virtual_ip = virtual_ip, .pool = strdupnull(pool), diff --git a/src/libcharon/config/peer_cfg.h b/src/libcharon/config/peer_cfg.h index dcbe6aa9e..969ccabf2 100644 --- a/src/libcharon/config/peer_cfg.h +++ b/src/libcharon/config/peer_cfg.h @@ -257,6 +257,13 @@ struct peer_cfg_t { bool (*use_mobike) (peer_cfg_t *this); /** + * Use/Accept aggressive mode with IKEv1?. + * + * @return TRUE to use aggressive mode + */ + bool (*use_aggressive)(peer_cfg_t *this); + + /** * Get the DPD check interval. * * @return dpd_delay in seconds @@ -357,6 +364,7 @@ struct peer_cfg_t { * @param jitter_time timerange to randomly subtract from rekey/reauth time * @param over_time maximum overtime before closing a rekeying/reauth SA * @param mobike use MOBIKE (RFC4555) if peer supports it + * @param aggressive use/accept aggressive mode with IKEv1 * @param dpd DPD check interval, 0 to disable * @param virtual_ip virtual IP for local host, or NULL * @param pool pool name to get configuration attributes from, or NULL @@ -370,8 +378,8 @@ peer_cfg_t *peer_cfg_create(char *name, ike_version_t ike_version, unique_policy_t unique, u_int32_t keyingtries, u_int32_t rekey_time, u_int32_t reauth_time, u_int32_t jitter_time, u_int32_t over_time, - bool mobike, u_int32_t dpd, host_t *virtual_ip, - char *pool, bool mediation, peer_cfg_t *mediated_by, - identification_t *peer_id); + bool mobike, bool aggressive, u_int32_t dpd, + host_t *virtual_ip, char *pool, bool mediation, + peer_cfg_t *mediated_by, identification_t *peer_id); #endif /** PEER_CFG_H_ @}*/ diff --git a/src/libcharon/plugins/android/android_service.c b/src/libcharon/plugins/android/android_service.c index 8aba925a2..62fd52b12 100644 --- a/src/libcharon/plugins/android/android_service.c +++ b/src/libcharon/plugins/android/android_service.c @@ -277,7 +277,7 @@ static job_requeue_t initiate(private_android_service_t *this) UNIQUE_REPLACE, 1, /* keyingtries */ 36000, 0, /* rekey 10h, reauth none */ 600, 600, /* jitter, over 10min */ - TRUE, 0, /* mobike, DPD */ + TRUE, FALSE, 0, /* mobike, aggressive, DPD */ host_create_from_string("0.0.0.0", 0) /* virt */, NULL, FALSE, NULL, NULL); /* pool, mediation */ diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c index 1f87c3d86..6f20620f2 100644 --- a/src/libcharon/plugins/ha/ha_tunnel.c +++ b/src/libcharon/plugins/ha/ha_tunnel.c @@ -207,7 +207,7 @@ static void setup_tunnel(private_ha_tunnel_t *this, remote, IKEV2_UDP_PORT); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); peer_cfg = peer_cfg_create("ha", IKEV2, ike_cfg, CERT_NEVER_SEND, - UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, 30, + UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, FALSE, 30, NULL, NULL, FALSE, NULL, NULL); auth_cfg = auth_cfg_create(); diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c index 301c9cc63..83853b8de 100644 --- a/src/libcharon/plugins/load_tester/load_tester_config.c +++ b/src/libcharon/plugins/load_tester/load_tester_config.c @@ -253,7 +253,8 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) CERT_SEND_IF_ASKED, UNIQUE_NO, 1, /* keytries */ this->ike_rekey, 0, /* rekey, reauth */ 0, this->ike_rekey, /* jitter, overtime */ - FALSE, this->dpd_delay, /* mobike, dpddelay */ + FALSE, FALSE, /* mobike, aggressive mode */ + this->dpd_delay, /* dpddelay */ this->vip ? this->vip->clone(this->vip) : NULL, this->pool, FALSE, NULL, NULL); if (num) diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c index 69eac084c..67d2b2984 100644 --- a/src/libcharon/plugins/maemo/maemo_service.c +++ b/src/libcharon/plugins/maemo/maemo_service.c @@ -332,7 +332,7 @@ static gboolean initiate_connection(private_maemo_service_t *this, UNIQUE_REPLACE, 1, /* keyingtries */ 36000, 0, /* rekey 10h, reauth none */ 600, 600, /* jitter, over 10min */ - TRUE, 0, /* mobike, DPD */ + TRUE, FALSE, 0, /* mobike, aggressive, DPD */ host_create_from_string("0.0.0.0", 0) /* virt */, NULL, FALSE, NULL, NULL); /* pool, mediation */ diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c index f768eeb4e..7fa0152bd 100644 --- a/src/libcharon/plugins/medcli/medcli_config.c +++ b/src/libcharon/plugins/medcli/medcli_config.c @@ -126,7 +126,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, CERT_NEVER_SEND, UNIQUE_REPLACE, 1, this->rekey*60, 0, /* keytries, rekey, reauth */ this->rekey*5, this->rekey*3, /* jitter, overtime */ - TRUE, this->dpd, /* mobike, dpddelay */ + TRUE, FALSE, this->dpd, /* mobike, aggressive, dpddelay */ NULL, NULL, /* vip, pool */ TRUE, NULL, NULL); /* mediation, med by, peer id */ e->destroy(e); @@ -163,7 +163,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, CERT_NEVER_SEND, UNIQUE_REPLACE, 1, this->rekey*60, 0, /* keytries, rekey, reauth */ this->rekey*5, this->rekey*3, /* jitter, overtime */ - TRUE, this->dpd, /* mobike, dpddelay */ + TRUE, FALSE, this->dpd, /* mobike, aggressive, dpddelay */ NULL, NULL, /* vip, pool */ FALSE, med_cfg, /* mediation, med by */ identification_create_from_encoding(ID_KEY_ID, other)); @@ -238,7 +238,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, CERT_NEVER_SEND, UNIQUE_REPLACE, 1, this->rekey*60, 0, /* keytries, rekey, reauth */ this->rekey*5, this->rekey*3, /* jitter, overtime */ - TRUE, this->dpd, /* mobike, dpddelay */ + TRUE, FALSE, this->dpd, /* mobike, aggr., dpddelay */ NULL, NULL, /* vip, pool */ FALSE, NULL, NULL); /* mediation, med by, peer id */ diff --git a/src/libcharon/plugins/medsrv/medsrv_config.c b/src/libcharon/plugins/medsrv/medsrv_config.c index fc3963a3d..366558ac2 100644 --- a/src/libcharon/plugins/medsrv/medsrv_config.c +++ b/src/libcharon/plugins/medsrv/medsrv_config.c @@ -92,7 +92,7 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, CERT_NEVER_SEND, UNIQUE_REPLACE, 1, this->rekey*60, 0, /* keytries, rekey, reauth */ this->rekey*5, this->rekey*3, /* jitter, overtime */ - TRUE, this->dpd, /* mobike, dpddelay */ + TRUE, FALSE, this->dpd, /* mobike, aggr., dpddelay */ NULL, NULL, /* vip, pool */ TRUE, NULL, NULL); /* mediation, med by, peer id */ e->destroy(e); diff --git a/src/libcharon/plugins/nm/nm_service.c b/src/libcharon/plugins/nm/nm_service.c index 788291531..d51b699ae 100644 --- a/src/libcharon/plugins/nm/nm_service.c +++ b/src/libcharon/plugins/nm/nm_service.c @@ -503,7 +503,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */ 36000, 0, /* rekey 10h, reauth none */ 600, 600, /* jitter, over 10min */ - TRUE, 0, /* mobike, DPD */ + TRUE, FALSE, 0, /* mobike, aggressive, DPD */ virtual ? host_create_from_string("0.0.0.0", 0) : NULL, NULL, FALSE, NULL, NULL); /* pool, mediation */ auth = auth_cfg_create(); diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index ef181f66c..b06bd3706 100644 --- a/src/libcharon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -370,7 +370,7 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, peer_cfg = peer_cfg_create( name, IKEV2, ike, cert_policy, uniqueid, keyingtries, rekeytime, reauthtime, jitter, overtime, - mobike, dpd_delay, vip, pool, + mobike, FALSE, dpd_delay, vip, pool, mediation, mediated_cfg, peer_id); auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, auth_method); diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index 08339a475..e39233b7e 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -689,7 +689,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, msg->add_conn.version, ike_cfg, msg->add_conn.me.sendcert, unique, msg->add_conn.rekey.tries, rekey, reauth, jitter, over, - msg->add_conn.mobike, msg->add_conn.dpd.delay, + msg->add_conn.mobike, FALSE, msg->add_conn.dpd.delay, vip, msg->add_conn.other.sourceip_mask ? msg->add_conn.name : msg->add_conn.other.sourceip, msg->add_conn.ikeme.mediation, mediated_by, peer_id); diff --git a/src/libcharon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c index 4e48b933a..b4e99c3f2 100644 --- a/src/libcharon/plugins/uci/uci_config.c +++ b/src/libcharon/plugins/uci/uci_config.c @@ -175,7 +175,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, name, IKEV2, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO, 1, create_rekey(ike_rekey), 0, /* keytries, rekey, reauth */ 1800, 900, /* jitter, overtime */ - TRUE, 60, /* mobike, dpddelay */ + TRUE, FALSE, 60, /* mobike, aggr., dpddelay */ NULL, NULL, /* vip, pool */ FALSE, NULL, NULL); /* mediation, med by, peer id */ auth = auth_cfg_create(); |