diff options
| author | Martin Willi <martin@strongswan.org> | 2007-01-03 13:16:21 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2007-01-03 13:16:21 +0000 |
| commit | af87afed474993d34b87ac09524bd8124704ca92 (patch) | |
| tree | bc9f4c5b224b65e91afb02c2d69cec5f2516db9e /src | |
| parent | f73d4c9eb091772e0f232cd8f07793422be60a37 (diff) | |
| download | strongswan-af87afed474993d34b87ac09524bd8124704ca92.tar.bz2 strongswan-af87afed474993d34b87ac09524bd8124704ca92.tar.xz | |
added config option for BEET mode
Diffstat (limited to 'src')
| -rw-r--r-- | src/pluto/constants.h | 1 | ||||
| -rw-r--r-- | src/starter/confread.c | 2 | ||||
| -rw-r--r-- | src/starter/starterstroke.c | 13 |
3 files changed, 15 insertions, 1 deletions
diff --git a/src/pluto/constants.h b/src/pluto/constants.h index 3459a3b46..57e9cf93a 100644 --- a/src/pluto/constants.h +++ b/src/pluto/constants.h @@ -845,6 +845,7 @@ extern const char *prettypolicy(lset_t policy); #define POLICY_XAUTH_RSASIG LELEM(19) /* do we support XAUTH????RSA? */ #define POLICY_XAUTH_SERVER LELEM(20) /* are we an XAUTH server? */ #define POLICY_DONT_REAUTH LELEM(21) /* don't reauthenticate on rekeying, IKEv2 only */ +#define POLICY_BEET LELEM(22) /* bound end2end tunnel, IKEv2 */ /* Any IPsec policy? If not, a connection description * is only for ISAKMP SA, not IPSEC SA. (A pun, I admit.) diff --git a/src/starter/confread.c b/src/starter/confread.c index cc2c98186..03b223878 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -388,6 +388,8 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg) conn->policy &= ~(POLICY_TUNNEL | POLICY_SHUNT_MASK); if (streq(kw->value, "tunnel")) conn->policy |= POLICY_TUNNEL; + else if (streq(kw->value, "beet")) + conn->policy |= POLICY_BEET; else if (streq(kw->value, "passthrough") || streq(kw->value, "pass")) conn->policy |= POLICY_SHUNT_PASS; else if (streq(kw->value, "drop")) diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index dc81acf8a..9d4e0a13a 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -194,7 +194,18 @@ int starter_stroke_add_conn(starter_conn_t *conn) msg.add_conn.name = push_string(&msg, connection_name(conn)); msg.add_conn.auth_method = (conn->policy & POLICY_PSK)? SHARED_KEY_MESSAGE_INTEGRITY_CODE : RSA_DIGITAL_SIGNATURE; - msg.add_conn.mode = (conn->policy & POLICY_TUNNEL) ? 1 : 0; + if (conn->policy & POLICY_TUNNEL) + { + msg.add_conn.mode = 1; /* XFRM_MODE_TRANSPORT */ + } + else if (conn->policy & POLICY_BEET) + { + msg.add_conn.mode = 4; /* XFRM_MODE_BEET */ + } + else + { + msg.add_conn.mode = 0; /* XFRM_MODE_TUNNEL */ + } if (conn->policy & POLICY_DONT_REKEY) { |