diff options
| -rw-r--r-- | src/starter/args.c | 70 | ||||
| -rw-r--r-- | src/starter/cmp.c | 26 | ||||
| -rw-r--r-- | src/starter/cmp.h | 6 | ||||
| -rw-r--r-- | src/starter/confread.c | 3 | ||||
| -rw-r--r-- | src/starter/confread.h | 28 | ||||
| -rw-r--r-- | src/starter/keywords.h | 49 | ||||
| -rw-r--r-- | src/starter/keywords.txt | 47 |
7 files changed, 26 insertions, 203 deletions
diff --git a/src/starter/args.c b/src/starter/args.c index ab0f740f2..fadbad4eb 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -86,13 +86,6 @@ static const char *LST_startup[] = { NULL }; -static const char *LST_packetdefault[] = { - "drop", - "reject", - "pass", - NULL -}; - static const char *LST_keyexchange[] = { "ike", "ikev1", @@ -100,42 +93,6 @@ static const char *LST_keyexchange[] = { NULL }; -static const char *LST_plutodebug[] = { - "none", - "all", - "raw", - "crypt", - "parsing", - "emitting", - "control", - "lifecycle", - "klips", - "kernel", - "dns", - "natt", - "oppo", - "controlmore", - "private", - NULL -}; - -static const char *LST_klipsdebug[] = { - "tunnel", - "tunnel-xmit", - "pfkey", - "xform", - "eroute", - "spi", - "radij", - "esp", - "ah", - "ipcomp", - "verbose", - "all", - "none", - NULL -}; - static const char *LST_authby[] = { "psk", "secret", @@ -159,37 +116,10 @@ typedef struct { static const token_info_t token_info[] = { /* config setup keywords */ - { ARG_LST, offsetof(starter_config_t, setup.interfaces), NULL }, - { ARG_STR, offsetof(starter_config_t, setup.dumpdir), NULL }, - { ARG_ENUM, offsetof(starter_config_t, setup.charonstart), LST_bool }, - { ARG_ENUM, offsetof(starter_config_t, setup.plutostart), LST_bool }, - - /* pluto/charon keywords */ - { ARG_LST, offsetof(starter_config_t, setup.plutodebug), LST_plutodebug }, { ARG_STR, offsetof(starter_config_t, setup.charondebug), NULL }, - { ARG_STR, offsetof(starter_config_t, setup.prepluto), NULL }, - { ARG_STR, offsetof(starter_config_t, setup.postpluto), NULL }, - { ARG_STR, offsetof(starter_config_t, setup.plutostderrlog), NULL }, { ARG_ENUM, offsetof(starter_config_t, setup.uniqueids), LST_unique }, - { ARG_UINT, offsetof(starter_config_t, setup.overridemtu), NULL }, - { ARG_TIME, offsetof(starter_config_t, setup.crlcheckinterval), NULL }, { ARG_ENUM, offsetof(starter_config_t, setup.cachecrls), LST_bool }, { ARG_ENUM, offsetof(starter_config_t, setup.strictcrlpolicy), LST_strict }, - { ARG_ENUM, offsetof(starter_config_t, setup.nocrsend), LST_bool }, - { ARG_ENUM, offsetof(starter_config_t, setup.nat_traversal), LST_bool }, - { ARG_TIME, offsetof(starter_config_t, setup.keep_alive), NULL }, - { ARG_ENUM, offsetof(starter_config_t, setup.force_keepalive), LST_bool }, - { ARG_STR, offsetof(starter_config_t, setup.virtual_private), NULL }, - { ARG_STR, offsetof(starter_config_t, setup.pkcs11module), NULL }, - { ARG_STR, offsetof(starter_config_t, setup.pkcs11initargs), NULL }, - { ARG_ENUM, offsetof(starter_config_t, setup.pkcs11keepstate), LST_bool }, - { ARG_ENUM, offsetof(starter_config_t, setup.pkcs11proxy), LST_bool }, - - /* KLIPS keywords */ - { ARG_LST, offsetof(starter_config_t, setup.klipsdebug), LST_klipsdebug }, - { ARG_ENUM, offsetof(starter_config_t, setup.fragicmp), LST_bool }, - { ARG_STR, offsetof(starter_config_t, setup.packetdefault), LST_packetdefault }, - { ARG_ENUM, offsetof(starter_config_t, setup.hidetos), LST_bool }, /* conn section keywords */ { ARG_STR, offsetof(starter_conn_t, name), NULL }, diff --git a/src/starter/cmp.c b/src/starter/cmp.c index e65d96f36..c01d273e1 100644 --- a/src/starter/cmp.c +++ b/src/starter/cmp.c @@ -23,8 +23,7 @@ #define SUBCMP(obj) if (!samesubnet(&c1->obj,&c2->obj)) return FALSE #define STRCMP(obj) if (strcmp(c1->obj,c2->obj)) return FALSE -static bool -starter_cmp_end(starter_end_t *c1, starter_end_t *c2) +static bool starter_cmp_end(starter_end_t *c1, starter_end_t *c2) { if ((c1 == NULL) || (c2 == NULL)) return FALSE; @@ -38,8 +37,7 @@ starter_cmp_end(starter_end_t *c1, starter_end_t *c2) return cmp_args(KW_END_FIRST, KW_END_LAST, (char *)c1, (char *)c2); } -bool -starter_cmp_conn(starter_conn_t *c1, starter_conn_t *c2) +bool starter_cmp_conn(starter_conn_t *c1, starter_conn_t *c2) { if ((c1 == NULL) || (c2 == NULL)) return FALSE; @@ -58,8 +56,7 @@ starter_cmp_conn(starter_conn_t *c1, starter_conn_t *c2) return cmp_args(KW_CONN_NAME, KW_CONN_LAST, (char *)c1, (char *)c2); } -bool -starter_cmp_ca(starter_ca_t *c1, starter_ca_t *c2) +bool starter_cmp_ca(starter_ca_t *c1, starter_ca_t *c2) { if (c1 == NULL || c2 == NULL) return FALSE; @@ -67,20 +64,3 @@ starter_cmp_ca(starter_ca_t *c1, starter_ca_t *c2) return cmp_args(KW_CA_NAME, KW_CA_LAST, (char *)c1, (char *)c2); } -bool -starter_cmp_klips(starter_config_t *c1, starter_config_t *c2) -{ - if ((c1 == NULL) || (c2 == NULL)) - return FALSE; - - return cmp_args(KW_KLIPS_FIRST, KW_KLIPS_LAST, (char *)c1, (char *)c2); -} - -bool -starter_cmp_pluto(starter_config_t *c1, starter_config_t *c2) -{ - if ((c1 == NULL) || (c2 == NULL)) - return FALSE; - - return cmp_args(KW_PLUTO_FIRST, KW_PLUTO_LAST, (char *)c1, (char *)c2); -} diff --git a/src/starter/cmp.h b/src/starter/cmp.h index 58c2ef819..c33ce8ec2 100644 --- a/src/starter/cmp.h +++ b/src/starter/cmp.h @@ -15,10 +15,8 @@ #ifndef _STARTER_CMP_H_ #define _STARTER_CMP_H_ -extern bool starter_cmp_conn(starter_conn_t *c1, starter_conn_t *c2); -extern bool starter_cmp_ca(starter_ca_t *c1, starter_ca_t *c2); -extern bool starter_cmp_klips(starter_config_t *c1, starter_config_t *c2); -extern bool starter_cmp_pluto(starter_config_t *c1, starter_config_t *c2); +bool starter_cmp_conn(starter_conn_t *c1, starter_conn_t *c2); +bool starter_cmp_ca(starter_ca_t *c1, starter_ca_t *c2); #endif diff --git a/src/starter/confread.c b/src/starter/confread.c index ee3f25c22..04c20a2e1 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -69,10 +69,7 @@ static void default_values(starter_config_t *cfg) sizeof(cfg->ca_default.seen) * BITS_PER_BYTE); cfg->setup.seen = SEEN_NONE; - cfg->setup.fragicmp = TRUE; - cfg->setup.hidetos = TRUE; cfg->setup.uniqueids = TRUE; - cfg->setup.interfaces = new_list("%defaultroute"); #ifdef START_CHARON cfg->setup.charonstart = TRUE; diff --git a/src/starter/confread.h b/src/starter/confread.h index 9763bf7b8..657526679 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -209,37 +209,11 @@ typedef struct starter_config starter_config_t; struct starter_config { struct { seen_t seen; - char **interfaces; - char *dumpdir; - bool charonstart; - bool plutostart; - - /* pluto/charon keywords */ - char **plutodebug; + bool charonstart; char *charondebug; - char *prepluto; - char *postpluto; - char *plutostderrlog; bool uniqueids; - u_int overridemtu; - time_t crlcheckinterval; bool cachecrls; strict_t strictcrlpolicy; - bool nocrsend; - bool nat_traversal; - time_t keep_alive; - u_int force_keepalive; - char *virtual_private; - char *pkcs11module; - char *pkcs11initargs; - bool pkcs11keepstate; - bool pkcs11proxy; - - /* KLIPS keywords */ - char **klipsdebug; - bool fragicmp; - char *packetdefault; - bool hidetos; } setup; /* number of encountered parsing errors */ diff --git a/src/starter/keywords.h b/src/starter/keywords.h index c0c35a80f..1e443a667 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -1,4 +1,4 @@ -/* strongSwan keywords +/* * Copyright (C) 2005 Andreas Steffen * Hochschule fuer Technik Rapperswil, Switzerland * @@ -18,46 +18,13 @@ typedef enum { /* config setup keywords */ - KW_INTERFACES, - KW_DUMPDIR, - KW_CHARONSTART, - KW_PLUTOSTART, - - /* pluto/charon keywords */ - KW_PLUTODEBUG, KW_CHARONDEBUG, - KW_PREPLUTO, - KW_POSTPLUTO, - KW_PLUTOSTDERRLOG, KW_UNIQUEIDS, - KW_OVERRIDEMTU, - KW_CRLCHECKINTERVAL, KW_CACHECRLS, KW_STRICTCRLPOLICY, - KW_NOCRSEND, - KW_NAT_TRAVERSAL, - KW_KEEP_ALIVE, - KW_FORCE_KEEPALIVE, - KW_VIRTUAL_PRIVATE, - KW_PKCS11MODULE, - KW_PKCS11INITARGS, - KW_PKCS11KEEPSTATE, - KW_PKCS11PROXY, - -#define KW_PLUTO_FIRST KW_PLUTODEBUG -#define KW_PLUTO_LAST KW_PKCS11PROXY - - /* KLIPS keywords */ - KW_KLIPSDEBUG, - KW_FRAGICMP, - KW_PACKETDEFAULT, - KW_HIDETOS, - -#define KW_KLIPS_FIRST KW_KLIPSDEBUG -#define KW_KLIPS_LAST KW_HIDETOS - -#define KW_SETUP_FIRST KW_INTERFACES -#define KW_SETUP_LAST KW_HIDETOS + +#define KW_SETUP_FIRST KW_CHARONDEBUG +#define KW_SETUP_LAST KW_STRICTCRLPOLICY /* conn section keywords */ KW_CONN_NAME, @@ -106,7 +73,7 @@ typedef enum { #define KW_CONN_FIRST KW_CONN_SETUP #define KW_CONN_LAST KW_TFC - /* ca section keywords */ + /* ca section keywords */ KW_CA_NAME, KW_CA_SETUP, KW_CACERT, @@ -121,7 +88,7 @@ typedef enum { #define KW_CA_FIRST KW_CA_SETUP #define KW_CA_LAST KW_CERTURIBASE - /* end keywords */ + /* end keywords */ KW_HOST, KW_IKEPORT, KW_SUBNET, @@ -148,7 +115,7 @@ typedef enum { #define KW_END_FIRST KW_HOST #define KW_END_LAST KW_GROUPS - /* left end keywords */ + /* left end keywords */ KW_LEFT, KW_LEFTIKEPORT, KW_LEFTSUBNET, @@ -175,7 +142,7 @@ typedef enum { #define KW_LEFT_FIRST KW_LEFT #define KW_LEFT_LAST KW_LEFTGROUPS - /* right end keywords */ + /* right end keywords */ KW_RIGHT, KW_RIGHTIKEPORT, KW_RIGHTSUBNET, diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt index da1b1d0f9..82ee23ddf 100644 --- a/src/starter/keywords.txt +++ b/src/starter/keywords.txt @@ -1,5 +1,5 @@ %{ -/* strongSwan keywords +/* * Copyright (C) 2005 Andreas Steffen * Hochschule fuer Technik Rapperswil, Switzerland * @@ -24,37 +24,10 @@ struct kw_entry { kw_token_t token; }; %% -interfaces, KW_INTERFACES -dumpdir, KW_DUMPDIR -charonstart, KW_CHARONSTART -plutostart, KW_PLUTOSTART -klipsdebug, KW_KLIPSDEBUG -plutodebug, KW_PLUTODEBUG charondebug, KW_CHARONDEBUG -prepluto, KW_PREPLUTO -postpluto, KW_POSTPLUTO -plutostderrlog, KW_PLUTOSTDERRLOG -fragicmp, KW_FRAGICMP -packetdefault, KW_PACKETDEFAULT -hidetos, KW_HIDETOS uniqueids, KW_UNIQUEIDS -overridemtu, KW_OVERRIDEMTU -crlcheckinterval, KW_CRLCHECKINTERVAL cachecrls, KW_CACHECRLS strictcrlpolicy, KW_STRICTCRLPOLICY -nocrsend, KW_NOCRSEND -nat_traversal, KW_NAT_TRAVERSAL -keep_alive, KW_KEEP_ALIVE -force_keepalive, KW_FORCE_KEEPALIVE -virtual_private, KW_VIRTUAL_PRIVATE -eap_identity, KW_EAP_IDENTITY -aaa_identity, KW_AAA_IDENTITY -mobike, KW_MOBIKE -forceencaps, KW_FORCEENCAPS -pkcs11module, KW_PKCS11MODULE -pkcs11initargs, KW_PKCS11INITARGS -pkcs11keepstate, KW_PKCS11KEEPSTATE -pkcs11proxy, KW_PKCS11PROXY keyexchange, KW_KEYEXCHANGE type, KW_TYPE compress, KW_COMPRESS @@ -62,21 +35,25 @@ installpolicy, KW_INSTALLPOLICY aggressive, KW_AGGRESSIVE auth, KW_AUTH authby, KW_AUTHBY +eap_identity, KW_EAP_IDENTITY +aaa_identity, KW_AAA_IDENTITY +mobike, KW_MOBIKE +forceencaps, KW_FORCEENCAPS +ikelifetime, KW_IKELIFETIME +lifetime, KW_KEYLIFE keylife, KW_KEYLIFE rekeymargin, KW_REKEYMARGIN -lifetime, KW_KEYLIFE margintime, KW_REKEYMARGIN lifebytes, KW_LIFEBYTES marginbytes, KW_MARGINBYTES lifepackets, KW_LIFEPACKETS marginpackets, KW_MARGINPACKETS -ikelifetime, KW_IKELIFETIME keyingtries, KW_KEYINGTRIES rekeyfuzz, KW_REKEYFUZZ rekey, KW_REKEY reauth, KW_REAUTH -esp, KW_ESP ike, KW_IKE +esp, KW_ESP dpddelay, KW_DPDDELAY dpdtimeout, KW_DPDTIMEOUT dpdaction, KW_DPDACTION @@ -113,10 +90,10 @@ leftfirewall, KW_LEFTFIREWALL lefthostaccess, KW_LEFTHOSTACCESS leftallowany, KW_LEFTALLOWANY leftupdown, KW_LEFTUPDOWN -leftid, KW_LEFTID -leftid2, KW_LEFTID2 leftauth, KW_LEFTAUTH leftauth2, KW_LEFTAUTH2 +leftid, KW_LEFTID +leftid2, KW_LEFTID2 leftrsasigkey, KW_LEFTRSASIGKEY leftcert, KW_LEFTCERT leftcert2, KW_LEFTCERT2 @@ -135,10 +112,10 @@ rightfirewall, KW_RIGHTFIREWALL righthostaccess, KW_RIGHTHOSTACCESS rightallowany, KW_RIGHTALLOWANY rightupdown, KW_RIGHTUPDOWN -rightid, KW_RIGHTID -rightid2, KW_RIGHTID2 rightauth, KW_RIGHTAUTH rightauth2, KW_RIGHTAUTH2 +rightid, KW_RIGHTID +rightid2, KW_RIGHTID2 rightrsasigkey, KW_RIGHTRSASIGKEY rightcert, KW_RIGHTCERT rightcert2, KW_RIGHTCERT2 |