diff options
| -rw-r--r-- | src/libcharon/config/child_cfg.c | 16 | ||||
| -rw-r--r-- | src/libcharon/config/child_cfg.h | 10 | ||||
| -rw-r--r-- | src/libcharon/plugins/android/android_service.c | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/ha/ha_tunnel.c | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/load_tester/load_tester_config.c | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/maemo/maemo_service.c | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/medcli/medcli_config.c | 4 | ||||
| -rw-r--r-- | src/libcharon/plugins/nm/nm_service.c | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/sql/sql_config.c | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_config.c | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/uci/uci_config.c | 2 | ||||
| -rw-r--r-- | src/libcharon/sa/child_sa.c | 2 |
12 files changed, 36 insertions, 12 deletions
diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index 070b35aba..8ca322484 100644 --- a/src/libcharon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c @@ -123,6 +123,12 @@ struct private_child_cfg_t { * Optional mark to install outbound CHILD_SA with */ mark_t mark_out; + + /** + * Traffic Flow Confidentiality padding, if enabled + */ + u_int32_t tfc; + /** * set up IPsec transport SA in MIPv6 proxy mode */ @@ -441,6 +447,12 @@ METHOD(child_cfg_t, get_mark, mark_t, return inbound ? this->mark_in : this->mark_out; } +METHOD(child_cfg_t, get_tfc, u_int32_t, + private_child_cfg_t *this) +{ + return this->tfc; +} + METHOD(child_cfg_t, set_mipv6_options, void, private_child_cfg_t *this, bool proxy_mode, bool install_policy) { @@ -492,7 +504,7 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, ipsec_mode_t mode, action_t start_action, action_t dpd_action, action_t close_action, bool ipcomp, u_int32_t inactivity, u_int32_t reqid, - mark_t *mark_in, mark_t *mark_out) + mark_t *mark_in, mark_t *mark_out, u_int32_t tfc) { private_child_cfg_t *this; @@ -517,6 +529,7 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, .get_inactivity = _get_inactivity, .get_reqid = _get_reqid, .get_mark = _get_mark, + .get_tfc = _get_tfc, .use_proxy_mode = _use_proxy_mode, .install_policy = _install_policy, .get_ref = _get_ref, @@ -538,6 +551,7 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, .proposals = linked_list_create(), .my_ts = linked_list_create(), .other_ts = linked_list_create(), + .tfc = tfc, ); if (mark_in) diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index 1f0c9c826..175ced76c 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -228,6 +228,13 @@ struct child_cfg_t { mark_t (*get_mark)(child_cfg_t *this, bool inbound); /** + * Get the TFC padding value to use for CHILD_SA. + * + * @return TFC padding, 0 to disable, -1 for MTU + */ + u_int32_t (*get_tfc)(child_cfg_t *this); + + /** * Sets two options needed for Mobile IPv6 interoperability * * @param proxy_mode use IPsec transport proxy mode (default FALSE) @@ -292,6 +299,7 @@ struct child_cfg_t { * @param reqid specific reqid to use for CHILD_SA, 0 for auto assign * @param mark_in optional inbound mark (can be NULL) * @param mark_out optional outbound mark (can be NULL) + * @param tfc TFC padding size, 0 to disable, -1 to pad to PMTU * @return child_cfg_t object */ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, @@ -299,6 +307,6 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, ipsec_mode_t mode, action_t start_action, action_t dpd_action, action_t close_action, bool ipcomp, u_int32_t inactivity, u_int32_t reqid, - mark_t *mark_in, mark_t *mark_out); + mark_t *mark_in, mark_t *mark_out, u_int32_t tfc); #endif /** CHILD_CFG_H_ @}*/ diff --git a/src/libcharon/plugins/android/android_service.c b/src/libcharon/plugins/android/android_service.c index 1a68ff968..487567f2a 100644 --- a/src/libcharon/plugins/android/android_service.c +++ b/src/libcharon/plugins/android/android_service.c @@ -292,7 +292,7 @@ static job_requeue_t initiate(private_android_service_t *this) child_cfg = child_cfg_create("android", &lifetime, NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, - 0, 0, NULL, NULL); + 0, 0, NULL, NULL, 0); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c index 4accdfbf7..299053ec1 100644 --- a/src/libcharon/plugins/ha/ha_tunnel.c +++ b/src/libcharon/plugins/ha/ha_tunnel.c @@ -224,7 +224,7 @@ static void setup_tunnel(private_ha_tunnel_t *this, child_cfg = child_cfg_create("ha", &lifetime, NULL, TRUE, MODE_TRANSPORT, ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, - 0, 0, NULL, NULL); + 0, 0, NULL, NULL, 0); ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535); diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c index 4fe5cf518..71391d593 100644 --- a/src/libcharon/plugins/load_tester/load_tester_config.c +++ b/src/libcharon/plugins/load_tester/load_tester_config.c @@ -225,7 +225,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) child_cfg = child_cfg_create("load-test", &lifetime, NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, - 0, 0, NULL, NULL); + 0, 0, NULL, NULL, 0); proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1"); child_cfg->add_proposal(child_cfg, proposal); ts = traffic_selector_create_dynamic(0, 0, 65535); diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c index 8463f8a56..1a1727b3d 100644 --- a/src/libcharon/plugins/maemo/maemo_service.c +++ b/src/libcharon/plugins/maemo/maemo_service.c @@ -347,7 +347,7 @@ static gboolean initiate_connection(private_maemo_service_t *this, child_cfg = child_cfg_create(this->current, &lifetime, NULL /* updown */, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, - ACTION_NONE, FALSE, 0, 0, NULL, NULL); + ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c index 67f1c7190..b5672dba9 100644 --- a/src/libcharon/plugins/medcli/medcli_config.c +++ b/src/libcharon/plugins/medcli/medcli_config.c @@ -183,7 +183,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, - 0, 0, NULL, NULL); + 0, 0, NULL, NULL, 0); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net)); @@ -262,7 +262,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, - 0, 0, NULL, NULL); + 0, 0, NULL, NULL, 0); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net)); diff --git a/src/libcharon/plugins/nm/nm_service.c b/src/libcharon/plugins/nm/nm_service.c index 44b5f0c98..4300b57cf 100644 --- a/src/libcharon/plugins/nm/nm_service.c +++ b/src/libcharon/plugins/nm/nm_service.c @@ -519,7 +519,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, child_cfg = child_cfg_create(priv->name, &lifetime, NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */ ACTION_NONE, ACTION_NONE, ACTION_NONE, ipcomp, - 0, 0, NULL, NULL); + 0, 0, NULL, NULL, 0); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index 82ff36a82..dc016012c 100644 --- a/src/libcharon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -174,7 +174,7 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e) }; child_cfg = child_cfg_create(name, &lft, updown, hostaccess, mode, start, dpd, close, ipcomp, 0, reqid, - NULL, NULL); + NULL, NULL, 0); add_esp_proposals(this, child_cfg, id); add_traffic_selectors(this, child_cfg, id); return child_cfg; diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index 00fbabde8..0f55e5107 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -801,7 +801,7 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, msg->add_conn.me.updown, msg->add_conn.me.hostaccess, msg->add_conn.mode, ACTION_NONE, dpd, dpd, msg->add_conn.ipcomp, msg->add_conn.inactivity, msg->add_conn.reqid, - &mark_in, &mark_out); + &mark_in, &mark_out, 0); child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode, msg->add_conn.install_policy); add_ts(this, &msg->add_conn.me, child_cfg, TRUE); diff --git a/src/libcharon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c index f16da22bc..4e43388ec 100644 --- a/src/libcharon/plugins/uci/uci_config.c +++ b/src/libcharon/plugins/uci/uci_config.c @@ -197,7 +197,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, ACTION_NONE, - FALSE, 0, 0, NULL, NULL); + FALSE, 0, 0, NULL, NULL, 0); child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, create_ts(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, create_ts(remote_net)); diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index 47518d6ad..4110815bc 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -591,6 +591,8 @@ METHOD(child_sa_t, install, status_t, dst = this->other_addr; this->other_spi = spi; this->other_cpi = cpi; + + tfc = this->config->get_tfc(this->config); } DBG2(DBG_CHD, "adding %s %N SA", inbound ? "inbound" : "outbound", |