diff options
author | Martin Willi <martin@revosec.ch> | 2013-06-20 16:09:51 +0200 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2013-10-11 10:15:20 +0200 |
commit | 057641298924c0122fd68c49b21d29e9b520e283 (patch) | |
tree | 5c942a8cb10846c2e0c65f07e55366dcf59bd1b0 /src | |
parent | a07b97e8042752c7b1b85828dc2bfcf60d49a0da (diff) | |
download | strongswan-057641298924c0122fd68c49b21d29e9b520e283.tar.bz2 strongswan-057641298924c0122fd68c49b21d29e9b520e283.tar.xz |
stroke: Configure proposal with AH protocol if 'ah' option set
Diffstat (limited to 'src')
-rw-r--r-- | src/libcharon/plugins/stroke/stroke_config.c | 25 | ||||
-rw-r--r-- | src/libcharon/plugins/stroke/stroke_socket.c | 2 |
2 files changed, 16 insertions, 11 deletions
diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index edfa8a9c3..2e10f324b 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -131,19 +131,14 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, * parse a proposal string, either into ike_cfg or child_cfg */ static void add_proposals(private_stroke_config_t *this, char *string, - ike_cfg_t *ike_cfg, child_cfg_t *child_cfg) + ike_cfg_t *ike_cfg, child_cfg_t *child_cfg, protocol_id_t proto) { if (string) { char *single; char *strict; proposal_t *proposal; - protocol_id_t proto = PROTO_ESP; - if (ike_cfg) - { - proto = PROTO_IKE; - } strict = string + strlen(string) - 1; if (*strict == '!') { @@ -178,11 +173,11 @@ static void add_proposals(private_stroke_config_t *this, char *string, } if (ike_cfg) { - ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); + ike_cfg->add_proposal(ike_cfg, proposal_create_default(proto)); } else { - child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); + child_cfg->add_proposal(child_cfg, proposal_create_default(proto)); } } @@ -270,7 +265,7 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg msg->add_conn.fragmentation, msg->add_conn.ikedscp); - add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, NULL); + add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, NULL, PROTO_IKE); return ike_cfg; } @@ -1159,8 +1154,16 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, add_ts(this, &msg->add_conn.me, child_cfg, TRUE); add_ts(this, &msg->add_conn.other, child_cfg, FALSE); - add_proposals(this, msg->add_conn.algorithms.esp, NULL, child_cfg); - + if (msg->add_conn.algorithms.ah) + { + add_proposals(this, msg->add_conn.algorithms.ah, + NULL, child_cfg, PROTO_AH); + } + else + { + add_proposals(this, msg->add_conn.algorithms.esp, + NULL, child_cfg, PROTO_ESP); + } return child_cfg; } diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c index 88f73f3b0..3adebb523 100644 --- a/src/libcharon/plugins/stroke/stroke_socket.c +++ b/src/libcharon/plugins/stroke/stroke_socket.c @@ -186,6 +186,7 @@ static void stroke_add_conn(private_stroke_socket_t *this, stroke_msg_t *msg) pop_string(msg, &msg->add_conn.xauth_identity); pop_string(msg, &msg->add_conn.algorithms.ike); pop_string(msg, &msg->add_conn.algorithms.esp); + pop_string(msg, &msg->add_conn.algorithms.ah); pop_string(msg, &msg->add_conn.ikeme.mediated_by); pop_string(msg, &msg->add_conn.ikeme.peerid); DBG2(DBG_CFG, " eap_identity=%s", msg->add_conn.eap_identity); @@ -193,6 +194,7 @@ static void stroke_add_conn(private_stroke_socket_t *this, stroke_msg_t *msg) DBG2(DBG_CFG, " xauth_identity=%s", msg->add_conn.xauth_identity); DBG2(DBG_CFG, " ike=%s", msg->add_conn.algorithms.ike); DBG2(DBG_CFG, " esp=%s", msg->add_conn.algorithms.esp); + DBG2(DBG_CFG, " ah=%s", msg->add_conn.algorithms.ah); DBG2(DBG_CFG, " dpddelay=%d", msg->add_conn.dpd.delay); DBG2(DBG_CFG, " dpdtimeout=%d", msg->add_conn.dpd.timeout); DBG2(DBG_CFG, " dpdaction=%d", msg->add_conn.dpd.action); |