Add a closeaction ipsec.conf keyword to configure close action

8 files changed, 30 insertions, 17 deletions

diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index 2b3164384..a657e9008 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -775,13 +775,28 @@ static void add_ts(private_stroke_config_t *this,
 }
 
 /**
+ * map starter magic values to our action type
+ */
+static action_t map_action(int starter_action)
+{
+	switch (starter_action)
+	{
+		case 2: /* =hold */
+			return ACTION_ROUTE;
+		case 3: /* =restart */
+			return ACTION_RESTART;
+		default:
+			return ACTION_NONE;
+	}
+}
+
+/**
  * build a child config from the stroke message
  */
 static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
 									stroke_msg_t *msg)
 {
 	child_cfg_t *child_cfg;
-	action_t dpd;
 	lifetime_cfg_t lifetime = {
 		.time = {
 			.life = msg->add_conn.rekey.ipsec_lifetime,
@@ -808,23 +823,11 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
 		.mask = msg->add_conn.mark_out.mask
 	};
 
-	switch (msg->add_conn.dpd.action)
-	{	/* map startes magic values to our action type */
-		case 2: /* =hold */
-			dpd = ACTION_ROUTE;
-			break;
-		case 3: /* =restart */
-			dpd = ACTION_RESTART;
-			break;
-		default:
-			dpd = ACTION_NONE;
-			break;
-	}
-
 	child_cfg = child_cfg_create(
-				msg->add_conn.name, &lifetime,
-				msg->add_conn.me.updown, msg->add_conn.me.hostaccess,
-				msg->add_conn.mode, ACTION_NONE, dpd, dpd, msg->add_conn.ipcomp,
+				msg->add_conn.name, &lifetime, msg->add_conn.me.updown,
+				msg->add_conn.me.hostaccess, msg->add_conn.mode, ACTION_NONE,
+				map_action(msg->add_conn.dpd.action),
+				map_action(msg->add_conn.close_action), msg->add_conn.ipcomp,
 				msg->add_conn.inactivity, msg->add_conn.reqid,
 				&mark_in, &mark_out, msg->add_conn.tfc);
 	child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode,
diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index 74374ba96..7b38c6606 100644
--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -190,6 +190,9 @@ static void stroke_add_conn(private_stroke_socket_t *this, stroke_msg_t *msg)
 	DBG2(DBG_CFG, "  aaa_identity=%s", msg->add_conn.aaa_identity);
 	DBG2(DBG_CFG, "  ike=%s", msg->add_conn.algorithms.ike);
 	DBG2(DBG_CFG, "  esp=%s", msg->add_conn.algorithms.esp);
+	DBG2(DBG_CFG, "  dpddelay=%d", msg->add_conn.dpd.delay);
+	DBG2(DBG_CFG, "  dpdaction=%d", msg->add_conn.dpd.action);
+	DBG2(DBG_CFG, "  closeaction=%d", msg->add_conn.close_action);
 	DBG2(DBG_CFG, "  mediation=%s", msg->add_conn.ikeme.mediation ? "yes" : "no");
 	DBG2(DBG_CFG, "  mediated_by=%s", msg->add_conn.ikeme.mediated_by);
 	DBG2(DBG_CFG, "  me_peerid=%s", msg->add_conn.ikeme.peerid);
diff --git a/src/starter/args.c b/src/starter/args.c
index 4d8003aab..78439e2b2 100644
--- a/src/starter/args.c
+++ b/src/starter/args.c
@@ -228,6 +228,7 @@ static const token_info_t token_info[] =
 	{ ARG_TIME, offsetof(starter_conn_t, dpd_delay), NULL                          },
 	{ ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL                        },
 	{ ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action               },
+	{ ARG_ENUM, offsetof(starter_conn_t, close_action), LST_dpd_action             },
 	{ ARG_TIME, offsetof(starter_conn_t, inactivity), NULL                         },
 	{ ARG_MISC, 0, NULL  /* KW_MODECONFIG */                                       },
 	{ ARG_MISC, 0, NULL  /* KW_XAUTH */                                            },
diff --git a/src/starter/confread.h b/src/starter/confread.h
index 4f9c5f7d0..fe3219f32 100644
--- a/src/starter/confread.h
+++ b/src/starter/confread.h
@@ -143,6 +143,8 @@ struct starter_conn {
 		dpd_action_t    dpd_action;
 		int             dpd_count;
 
+		dpd_action_t    close_action;
+
 		time_t          inactivity;
 
 		bool            me_mediation;
diff --git a/src/starter/keywords.h b/src/starter/keywords.h
index 9f46a8b4b..02be919ea 100644
--- a/src/starter/keywords.h
+++ b/src/starter/keywords.h
@@ -91,6 +91,7 @@ typedef enum {
 	KW_DPDDELAY,
 	KW_DPDTIMEOUT,
 	KW_DPDACTION,
+	KW_CLOSEACTION,
 	KW_INACTIVITY,
 	KW_MODECONFIG,
 	KW_XAUTH,
diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt
index 2c0e5de3d..548fa2f70 100644
--- a/src/starter/keywords.txt
+++ b/src/starter/keywords.txt
@@ -82,6 +82,7 @@ pfsgroup,          KW_PFSGROUP
 dpddelay,          KW_DPDDELAY
 dpdtimeout,        KW_DPDTIMEOUT
 dpdaction,         KW_DPDACTION
+closeaction,       KW_CLOSEACTION
 inactivity,        KW_INACTIVITY
 modeconfig,        KW_MODECONFIG
 xauth,             KW_XAUTH
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index 7272b2530..cfb9bc6fa 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -258,6 +258,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
 	msg.add_conn.algorithms.esp = push_string(&msg, conn->esp);
 	msg.add_conn.dpd.delay = conn->dpd_delay;
 	msg.add_conn.dpd.action = conn->dpd_action;
+	msg.add_conn.close_action = conn->close_action;
 	msg.add_conn.inactivity = conn->inactivity;
 	msg.add_conn.ikeme.mediation = conn->me_mediation;
 	msg.add_conn.ikeme.mediated_by = push_string(&msg, conn->me_mediated_by);
diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h
index 3c1221aee..8324c775d 100644
--- a/src/stroke/stroke_msg.h
+++ b/src/stroke/stroke_msg.h
@@ -251,6 +251,7 @@ struct stroke_msg_t {
 			time_t inactivity;
 			int proxy_mode;
 			int install_policy;
+			int close_action;
 			u_int32_t reqid;
 			u_int32_t tfc;