diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-12-24 12:59:30 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2013-01-12 11:54:32 +0100 |
| commit | 365d9a6f67739bdc4c43130eec362ad97414762c (patch) | |
| tree | 9faac7cbec5fe27d69f3665a7637de4444c87a1e /src/libcharon | |
| parent | 97973f860924e4472be9c842c34843cd95680642 (diff) | |
| download | strongswan-365d9a6f67739bdc4c43130eec362ad97414762c.tar.bz2 strongswan-365d9a6f67739bdc4c43130eec362ad97414762c.tar.xz | |
Added an option that allows to force IKEv1 fragmentation
Diffstat (limited to 'src/libcharon')
| -rw-r--r-- | src/libcharon/config/ike_cfg.c | 6 | ||||
| -rw-r--r-- | src/libcharon/config/ike_cfg.h | 18 | ||||
| -rw-r--r-- | src/libcharon/plugins/android/android_service.c | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/ha/ha_tunnel.c | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/load_tester/load_tester_config.c | 6 | ||||
| -rw-r--r-- | src/libcharon/plugins/maemo/maemo_service.c | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/medcli/medcli_config.c | 5 | ||||
| -rw-r--r-- | src/libcharon/plugins/medsrv/medsrv_config.c | 3 | ||||
| -rw-r--r-- | src/libcharon/plugins/sql/sql_config.c | 3 | ||||
| -rw-r--r-- | src/libcharon/plugins/uci/uci_config.c | 6 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev1/task_manager_v1.c | 7 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev1/tasks/isakmp_vendor.c | 2 |
12 files changed, 43 insertions, 19 deletions
diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c index e87b47e69..5e5fbba42 100644 --- a/src/libcharon/config/ike_cfg.c +++ b/src/libcharon/config/ike_cfg.c @@ -92,7 +92,7 @@ struct private_ike_cfg_t { /** * use IKEv1 fragmentation */ - bool fragmentation; + fragmentation_t fragmentation; /** * List of proposals to use @@ -118,7 +118,7 @@ METHOD(ike_cfg_t, force_encap_, bool, return this->force_encap; } -METHOD(ike_cfg_t, fragmentation, bool, +METHOD(ike_cfg_t, fragmentation, fragmentation_t, private_ike_cfg_t *this) { return this->fragmentation; @@ -312,7 +312,7 @@ METHOD(ike_cfg_t, destroy, void, ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap, char *me, bool my_allow_any, u_int16_t my_port, char *other, bool other_allow_any, u_int16_t other_port, - bool fragmentation) + fragmentation_t fragmentation) { private_ike_cfg_t *this; diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h index 0c4484252..5a7fae1e9 100644 --- a/src/libcharon/config/ike_cfg.h +++ b/src/libcharon/config/ike_cfg.h @@ -1,4 +1,5 @@ /* + * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -23,6 +24,7 @@ #define IKE_CFG_H_ typedef enum ike_version_t ike_version_t; +typedef enum fragmentation_t fragmentation_t; typedef struct ike_cfg_t ike_cfg_t; #include <library.h> @@ -45,6 +47,18 @@ enum ike_version_t { }; /** + * Proprietary IKEv1 fragmentation + */ +enum fragmentation_t { + /** disable fragmentation */ + FRAGMENTATION_NO, + /** enable fragmentation if supported by peer */ + FRAGMENTATION_YES, + /** force use of fragmentation (even for the first message) */ + FRAGMENTATION_FORCE, +}; + +/** * enum strings fro ike_version_t */ extern enum_name_t *ike_version_names; @@ -143,7 +157,7 @@ struct ike_cfg_t { * * @return TRUE to use fragmentation */ - bool (*fragmentation) (ike_cfg_t *this); + fragmentation_t (*fragmentation) (ike_cfg_t *this); /** * Get the DH group to use for IKE_SA setup. @@ -196,6 +210,6 @@ struct ike_cfg_t { ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap, char *me, bool my_allow_any, u_int16_t my_port, char *other, bool other_allow_any, u_int16_t other_port, - bool fragmentation); + fragmentation_t fragmentation); #endif /** IKE_CFG_H_ @}*/ diff --git a/src/libcharon/plugins/android/android_service.c b/src/libcharon/plugins/android/android_service.c index 0188b0c2b..6af35e5df 100644 --- a/src/libcharon/plugins/android/android_service.c +++ b/src/libcharon/plugins/android/android_service.c @@ -266,7 +266,7 @@ static job_requeue_t initiate(private_android_service_t *this) ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "0.0.0.0", FALSE, charon->socket->get_port(charon->socket, FALSE), - hostname, FALSE, IKEV2_UDP_PORT, FALSE); + hostname, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); peer_cfg = peer_cfg_create("android", ike_cfg, CERT_SEND_IF_ASKED, diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c index e7db1ff0f..130c86e48 100644 --- a/src/libcharon/plugins/ha/ha_tunnel.c +++ b/src/libcharon/plugins/ha/ha_tunnel.c @@ -205,7 +205,7 @@ static void setup_tunnel(private_ha_tunnel_t *this, /* create config and backend */ ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE, local, FALSE, charon->socket->get_port(charon->socket, FALSE), - remote, FALSE, IKEV2_UDP_PORT, FALSE); + remote, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); peer_cfg = peer_cfg_create("ha", ike_cfg, CERT_NEVER_SEND, UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, FALSE, 30, diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c index a9d399b9d..c6288c5d9 100644 --- a/src/libcharon/plugins/load_tester/load_tester_config.c +++ b/src/libcharon/plugins/load_tester/load_tester_config.c @@ -490,14 +490,16 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) { ike_cfg = ike_cfg_create(this->version, TRUE, FALSE, local, FALSE, this->port + num - 1, - remote, FALSE, IKEV2_NATT_PORT, FALSE); + remote, FALSE, IKEV2_NATT_PORT, + FRAGMENTATION_NO); } else { ike_cfg = ike_cfg_create(this->version, TRUE, FALSE, local, FALSE, charon->socket->get_port(charon->socket, FALSE), - remote, FALSE, IKEV2_UDP_PORT, FALSE); + remote, FALSE, IKEV2_UDP_PORT, + FRAGMENTATION_NO); } ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal)); peer_cfg = peer_cfg_create("load-test", ike_cfg, diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c index 759bd9646..806e4cd65 100644 --- a/src/libcharon/plugins/maemo/maemo_service.c +++ b/src/libcharon/plugins/maemo/maemo_service.c @@ -325,7 +325,7 @@ static gboolean initiate_connection(private_maemo_service_t *this, ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "0.0.0.0", FALSE, charon->socket->get_port(charon->socket, FALSE), - hostname, FALSE, IKEV2_UDP_PORT, FALSE); + hostname, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); peer_cfg = peer_cfg_create(this->current, ike_cfg, diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c index 12ffc1ae4..4be3dea02 100644 --- a/src/libcharon/plugins/medcli/medcli_config.c +++ b/src/libcharon/plugins/medcli/medcli_config.c @@ -105,7 +105,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE, "0.0.0.0", FALSE, charon->socket->get_port(charon->socket, FALSE), - address, FALSE, IKEV2_UDP_PORT, FALSE); + address, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); med_cfg = peer_cfg_create( "mediation", ike_cfg, @@ -380,7 +380,8 @@ medcli_config_t *medcli_config_create(database_t *db) .ike = ike_cfg_create(IKEV2, FALSE, FALSE, "0.0.0.0", FALSE, charon->socket->get_port(charon->socket, FALSE), - "0.0.0.0", FALSE, IKEV2_UDP_PORT, FALSE), + "0.0.0.0", FALSE, IKEV2_UDP_PORT, + FRAGMENTATION_NO), ); this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE)); diff --git a/src/libcharon/plugins/medsrv/medsrv_config.c b/src/libcharon/plugins/medsrv/medsrv_config.c index d16758111..be14380ea 100644 --- a/src/libcharon/plugins/medsrv/medsrv_config.c +++ b/src/libcharon/plugins/medsrv/medsrv_config.c @@ -142,7 +142,8 @@ medsrv_config_t *medsrv_config_create(database_t *db) .ike = ike_cfg_create(IKEV2, FALSE, FALSE, "0.0.0.0", FALSE, charon->socket->get_port(charon->socket, FALSE), - "0.0.0.0", FALSE, IKEV2_UDP_PORT, FALSE), + "0.0.0.0", FALSE, IKEV2_UDP_PORT, + FRAGMENTATION_NO), ); this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE)); diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index 44a593c7b..37bd86671 100644 --- a/src/libcharon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -261,7 +261,8 @@ static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e, ike_cfg = ike_cfg_create(IKEV2, certreq, force_encap, local, FALSE, charon->socket->get_port(charon->socket, FALSE), - remote, FALSE, IKEV2_UDP_PORT, FALSE); + remote, FALSE, IKEV2_UDP_PORT, + FRAGMENTATION_NO); add_ike_proposals(this, ike_cfg, id); return ike_cfg; } diff --git a/src/libcharon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c index 6dae14e3d..de0bf91af 100644 --- a/src/libcharon/plugins/uci/uci_config.c +++ b/src/libcharon/plugins/uci/uci_config.c @@ -155,7 +155,8 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE, local_addr, FALSE, charon->socket->get_port(charon->socket, FALSE), - remote_addr, FALSE, IKEV2_UDP_PORT, FALSE); + remote_addr, FALSE, IKEV2_UDP_PORT, + FRAGMENTATION_NO); ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE)); this->peer_cfg = peer_cfg_create( name, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO, @@ -253,7 +254,8 @@ METHOD(enumerator_t, ike_enumerator_enumerate, bool, this->ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE, local_addr, FALSE, charon->socket->get_port(charon->socket, FALSE), - remote_addr, FALSE, IKEV2_UDP_PORT, FALSE); + remote_addr, FALSE, IKEV2_UDP_PORT, + FRAGMENTATION_NO); this->ike_cfg->add_proposal(this->ike_cfg, create_proposal(ike_proposal, PROTO_IKE)); diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 320aa5e6b..60ec23199 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -406,14 +406,17 @@ static bool send_fragment(private_task_manager_t *this, bool request, static bool send_packet(private_task_manager_t *this, bool request, packet_t *packet) { + fragmentation_t fragmentation; ike_cfg_t *ike_cfg; host_t *src, *dst; chunk_t data; ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); + fragmentation = ike_cfg->fragmentation(ike_cfg); data = packet->get_data(packet); - if (this->ike_sa->supports_extension(this->ike_sa, EXT_IKE_FRAGMENTATION) && - ike_cfg->fragmentation(ike_cfg) && data.len > MAX_FRAGMENT_SIZE) + if (data.len > MAX_FRAGMENT_SIZE && (fragmentation == FRAGMENTATION_FORCE || + (this->ike_sa->supports_extension(this->ike_sa, EXT_IKE_FRAGMENTATION) && + fragmentation == FRAGMENTATION_YES))) { fragment_payload_t *fragment; u_int8_t num, count; diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c index 32eeee353..1bf7bf643 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c @@ -165,7 +165,7 @@ METHOD(task_t, build, status_t, cisco_unity = lib->settings->get_bool(lib->settings, "%s.cisco_unity", FALSE, charon->name); ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); - fragmentation = ike_cfg->fragmentation(ike_cfg); + fragmentation = ike_cfg->fragmentation(ike_cfg) != FRAGMENTATION_NO; if (!this->initiator && fragmentation) { fragmentation = this->ike_sa->supports_extension(this->ike_sa, |