diff options
| author | Martin Willi <martin@revosec.ch> | 2013-10-11 10:15:43 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-10-11 10:15:43 +0200 |
| commit | b59bcba2b38dda5f0f6301b7ae90acc58b4a069b (patch) | |
| tree | 65c3cee3a20b6f323f5887b95bd88bc1981fa59c /src/starter/args.c | |
| parent | 4524e128f845f8842cdf9ffecf4c1978218212cb (diff) | |
| parent | 5fdbb3c6ad49f992c5df7075f920a2a133a81860 (diff) | |
| download | strongswan-b59bcba2b38dda5f0f6301b7ae90acc58b4a069b.tar.bz2 strongswan-b59bcba2b38dda5f0f6301b7ae90acc58b4a069b.tar.xz | |
Merge branch 'ah'
Brings support for Security Associations integrity protected by the
Authentication Header protocol, both to IKEv1 and IKEv2. Currently only plain
AH is supported, but no (now deprecated) RFC2401 style AH+ESP bundles.
Diffstat (limited to 'src/starter/args.c')
| -rw-r--r-- | src/starter/args.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/starter/args.c b/src/starter/args.c index 5fbf51856..f5a617eaa 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -140,7 +140,6 @@ static const token_info_t token_info[] = { ARG_MISC, 0, NULL /* KW_COMPRESS */ }, { ARG_ENUM, offsetof(starter_conn_t, install_policy), LST_bool }, { ARG_ENUM, offsetof(starter_conn_t, aggressive), LST_bool }, - { ARG_MISC, 0, NULL /* KW_AUTH */ }, { ARG_STR, offsetof(starter_conn_t, authby), LST_authby }, { ARG_STR, offsetof(starter_conn_t, eap_identity), NULL }, { ARG_STR, offsetof(starter_conn_t, aaa_identity), NULL }, @@ -161,6 +160,7 @@ static const token_info_t token_info[] = { ARG_MISC, 0, NULL /* KW_REAUTH */ }, { ARG_STR, offsetof(starter_conn_t, ike), NULL }, { ARG_STR, offsetof(starter_conn_t, esp), NULL }, + { ARG_STR, offsetof(starter_conn_t, ah), NULL }, { ARG_TIME, offsetof(starter_conn_t, dpd_delay), NULL }, { ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL }, { ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action }, @@ -295,6 +295,15 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base, return FALSE; } + if (token == KW_ESP || token == KW_AH) + { + if (*seen & (SEEN_KW(KW_ESP, first) | SEEN_KW(KW_AH, first))) + { + DBG1(DBG_APP, "# can't have both 'ah' and 'esp' options"); + return FALSE; + } + } + /* set flag that this argument has been seen */ *seen |= SEEN_KW(token, first); |