diff options
Diffstat (limited to 'Source/charon/config')
| -rw-r--r-- | Source/charon/config/Makefile.config | 4 | ||||
| -rw-r--r-- | Source/charon/config/init_config.c | 6 | ||||
| -rw-r--r-- | Source/charon/config/init_config.h | 12 | ||||
| -rw-r--r-- | Source/charon/config/starter_configuration.h | 60 | ||||
| -rwxr-xr-x | Source/charon/config/static_configuration.c | 10 | ||||
| -rwxr-xr-x | Source/charon/config/stroke_configuration.c (renamed from Source/charon/config/starter_configuration.c) | 224 | ||||
| -rw-r--r-- | Source/charon/config/stroke_configuration.h | 111 | ||||
| -rw-r--r-- | Source/charon/config/traffic_selector.c | 69 | ||||
| -rw-r--r-- | Source/charon/config/traffic_selector.h | 18 |
9 files changed, 381 insertions, 133 deletions
diff --git a/Source/charon/config/Makefile.config b/Source/charon/config/Makefile.config index f4786be10..b8b966282 100644 --- a/Source/charon/config/Makefile.config +++ b/Source/charon/config/Makefile.config @@ -36,6 +36,6 @@ OBJS+= $(BUILD_DIR)static_configuration.o $(BUILD_DIR)static_configuration.o : $(CONFIG_DIR)static_configuration.c $(CONFIG_DIR)static_configuration.h $(CC) $(CFLAGS) -c -o $@ $< -OBJS+= $(BUILD_DIR)starter_configuration.o -$(BUILD_DIR)starter_configuration.o : $(CONFIG_DIR)starter_configuration.c $(CONFIG_DIR)starter_configuration.h +OBJS+= $(BUILD_DIR)stroke_configuration.o +$(BUILD_DIR)stroke_configuration.o : $(CONFIG_DIR)stroke_configuration.c $(CONFIG_DIR)stroke_configuration.h $(CC) $(CFLAGS) -c -o $@ $<
\ No newline at end of file diff --git a/Source/charon/config/init_config.c b/Source/charon/config/init_config.c index 92871dd3b..e639c2fce 100644 --- a/Source/charon/config/init_config.c +++ b/Source/charon/config/init_config.c @@ -215,7 +215,7 @@ static void destroy (private_init_config_t *this) /** * Described in header. */ -init_config_t * init_config_create(char * my_ip, char *other_ip, u_int16_t my_port, u_int16_t other_port) +init_config_t * init_config_create(host_t *me, host_t *other) { private_init_config_t *this = allocator_alloc_thing(private_init_config_t); @@ -232,8 +232,8 @@ init_config_t * init_config_create(char * my_ip, char *other_ip, u_int16_t my_po this->public.destroy = (void(*)(init_config_t*))destroy; /* private variables */ - this->my_host = host_create(AF_INET,my_ip, my_port); - this->other_host = host_create(AF_INET,other_ip, other_port); + this->my_host = me; + this->other_host = other; this->proposals = linked_list_create(); diff --git a/Source/charon/config/init_config.h b/Source/charon/config/init_config.h index f63df61cf..e9f1aa5af 100644 --- a/Source/charon/config/init_config.h +++ b/Source/charon/config/init_config.h @@ -148,12 +148,18 @@ struct init_config_t { }; /** - * @brief Creates a init_config_t object. + * @brief Creates a init_config_t object from two host_t's. * + * Supplied hosts become owned by init_config, so + * do not modify or destroy them after a call to + * init_config_create_from_hosts(). + * + * @param me host_t object representing local address + * @param other host_t object representing remote address * @return init_config_t object. * * @ingroup config */ -init_config_t * init_config_create(char *my_ip, char *other_ip, u_int16_t my_port, u_int16_t other_port); +init_config_t * init_config_create(host_t *me, host_t *other); -#endif //_INIT_CONFIG_H_ +#endif /* _INIT_CONFIG_H_ */ diff --git a/Source/charon/config/starter_configuration.h b/Source/charon/config/starter_configuration.h deleted file mode 100644 index 408b84e56..000000000 --- a/Source/charon/config/starter_configuration.h +++ /dev/null @@ -1,60 +0,0 @@ -/** - * @file starter_configuration_t.h - * - * @brief Interface of starter_configuration_t. - * - */ - -/* - * Copyright (C) 2005 Jan Hutter, Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef STARTER_CONFIGURATION_H_ -#define STARTER_CONFIGURATION_H_ - -#include <config/configuration.h> - - -typedef struct starter_configuration_t starter_configuration_t; - -/** - * @brief A config backend which uses the ipsec starter - * from pluto, wich parses config files. - * - * This configuration implementation opens a Whack-Socket - * and waits for input from ipsec starter. - * - * @b Constructors: - * - starter_configuration_create() - * - * @ingroup config - */ -struct starter_configuration_t { - - /** - * Implements configuration_t interface - */ - configuration_t configuration_interface; -}; - -/** - * @brief Creates an configuration using ipsec starter as input. - * - * @return starter_configuration_t object - * - * @ingroup config - */ -starter_configuration_t *starter_configuration_create(); - -#endif /*STARTER_CONFIGURATION_H_*/ diff --git a/Source/charon/config/static_configuration.c b/Source/charon/config/static_configuration.c index 0cec6e195..e0c76dabd 100755 --- a/Source/charon/config/static_configuration.c +++ b/Source/charon/config/static_configuration.c @@ -297,9 +297,15 @@ static void load_default_config (private_static_configuration_t *this) proposal_t *proposal; sa_config_t *sa_config_a, *sa_config_b; traffic_selector_t *ts; + host_t *alice, *bob, *any; - init_config_a = init_config_create("0.0.0.0","192.168.0.2",IKEV2_UDP_PORT,IKEV2_UDP_PORT); - init_config_b = init_config_create("0.0.0.0","192.168.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT); + bob = host_create(AF_INET, "192.168.0.2", IKEV2_UDP_PORT); + any = host_create(AF_INET, "0.0.0.0", IKEV2_UDP_PORT); + init_config_a = init_config_create(any, bob); + + alice = host_create(AF_INET, "192.168.0.1", IKEV2_UDP_PORT); + any = host_create(AF_INET, "0.0.0.0", IKEV2_UDP_PORT); + init_config_b = init_config_create(any, alice); /* IKE proposals for alice */ proposal = proposal_create(1); diff --git a/Source/charon/config/starter_configuration.c b/Source/charon/config/stroke_configuration.c index 938a2b7f1..5110be183 100755 --- a/Source/charon/config/starter_configuration.c +++ b/Source/charon/config/stroke_configuration.c @@ -1,7 +1,7 @@ /** - * @file starter_configuration.c + * @file stroke_configuration.c * - * @brief Implementation of starter_configuration_t. + * @brief Implementation of stroke_configuration_t. * */ @@ -30,12 +30,12 @@ #include <errno.h> #include <pthread.h> -#include "starter_configuration.h" +#include "stroke_configuration.h" #include <types.h> #include <daemon.h> #include <utils/allocator.h> - +#include <queues/jobs/initiate_ike_sa_job.h> /** * First retransmit timeout in milliseconds. @@ -57,7 +57,7 @@ #define MAX_RETRANSMIT_COUNT 0 -struct sockaddr_un socket_addr = { AF_UNIX, "/var/run/pluto.ctl"}; +struct sockaddr_un socket_addr = { AF_UNIX, "/var/run/charon.ctl"}; typedef struct preshared_secret_entry_t preshared_secret_entry_t; @@ -182,17 +182,17 @@ static configuration_entry_t * configuration_entry_create(char * name, init_conf return entry; } -typedef struct private_starter_configuration_t private_starter_configuration_t; +typedef struct private_stroke_configuration_t private_stroke_configuration_t; /** - * Private data of an starter_configuration_t object. + * Private data of an stroke_configuration_t object. */ -struct private_starter_configuration_t { +struct private_stroke_configuration_t { /** - * Public part of starter_configuration_t object. + * Public part of stroke_configuration_t object. */ - starter_configuration_t public; + stroke_configuration_t public; /** * Holding all configurations. @@ -257,7 +257,7 @@ struct private_starter_configuration_t { * @param init_config init_config_t object * @param sa_config sa_config_t object */ - void (*add_new_configuration) (private_starter_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config); + void (*add_new_configuration) (private_stroke_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config); /** * Adds a new preshared secret. @@ -267,7 +267,7 @@ struct private_starter_configuration_t { * @param id_string identification as string * @param preshared_secret preshared secret as string */ - void (*add_new_preshared_secret) (private_starter_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret); + void (*add_new_preshared_secret) (private_stroke_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret); /** * Adds a new rsa private key. @@ -278,7 +278,7 @@ struct private_starter_configuration_t { * @param key_pos location of key * @param key_len length of key */ - void (*add_new_rsa_private_key) (private_starter_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len); + void (*add_new_rsa_private_key) (private_stroke_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len); /** * Adds a new rsa public key. @@ -289,17 +289,39 @@ struct private_starter_configuration_t { * @param key_pos location of key * @param key_len length of key */ - void (*add_new_rsa_public_key) (private_starter_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len); + void (*add_new_rsa_public_key) (private_stroke_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len); - void (*whack_receive) (private_starter_configuration_t *this); + void (*whack_receive) (private_stroke_configuration_t *this); }; +extern u_int8_t public_key_1[]; +extern u_int8_t private_key_1[]; +extern u_int8_t public_key_2[]; +extern u_int8_t private_key_2[]; + +static void fix_string(stroke_msg_t *msg, char **string) +{ + /* check for sanity of string pointer and string */ + if (string < (char**)msg || + string > (char**)msg + sizeof(stroke_msg_t) || + *string < (char*)msg->buffer - (u_int)msg || + *string > (char*)(u_int)msg->length) + { + *string = "(invalid char* in stroke msg)"; + } + else + { + *string = (char*)msg + (u_int)*string; + } +} + /** - * Implementation of private_starter_configuration_t.listen. + * Implementation of private_stroke_configuration_t.listen. */ -static void whack_receive(private_starter_configuration_t *this) +static void whack_receive(private_stroke_configuration_t *this) { - u_int8_t buffer[5000]; + stroke_msg_t *msg; + u_int16_t msg_length; struct sockaddr_un whackaddr; int whackaddrlen = sizeof(whackaddr); ssize_t n; @@ -311,33 +333,121 @@ static void whack_receive(private_starter_configuration_t *this) if (whackfd < 0) { - this->logger->log(this->logger, ERROR, "accept() failed in whack_handle()"); + this->logger->log(this->logger, ERROR, "accepting stroke connection failed"); continue; } - if (fcntl(whackfd, F_SETFD, FD_CLOEXEC) < 0) + + /* peek the length */ + n = recv(whackfd, &msg_length, sizeof(msg_length), MSG_PEEK); + if (n != sizeof(msg_length)) { - this->logger->log(this->logger, ERROR, "failed to set CLOEXEC in whack_handle()"); + this->logger->log(this->logger, ERROR, "reading lenght of stroke message failed"); close(whackfd); continue; } - - n = read(whackfd, &buffer, sizeof(buffer)); - - if (n == -1) + + /* read message */ + msg = allocator_alloc(msg_length); + n = recv(whackfd, msg, msg_length, 0); + if (n != msg_length) { - this->logger->log(this->logger, ERROR, "read() failed in whack_handle()"); + this->logger->log(this->logger, ERROR, "reading stroke message failed"); close(whackfd); continue; } - this->logger->log_bytes(this->logger, CONTROL, "Whackinput", buffer, n); + + this->logger->log_bytes(this->logger, RAW|LEVEL1, "Whackinput", (void*)msg, msg_length); + + switch (msg->type) + { + case STR_INITIATE: + { + initiate_ike_sa_job_t *job; + fix_string(msg, &(msg->initiate.name)); + this->logger->log(this->logger, CONTROL|LEVEL1, "received stroke: initiate \"%s\"", msg->initiate.name); + job = initiate_ike_sa_job_create(msg->initiate.name); + charon->job_queue->add(charon->job_queue, (job_t*)job); + break; + } + case STR_INSTALL: + { + fix_string(msg, &(msg->install.name)); + this->logger->log(this->logger, CONTROL|LEVEL1, "received stroke: install \"%s\"", msg->install.name); + break; + } + case STR_ADD_CONN: + { + sa_config_t *sa_config; + init_config_t *init_config; + host_t *me, *other; + proposal_t *proposal; + traffic_selector_t *ts; + + this->logger->log(this->logger, CONTROL|LEVEL1, "my id is: \"%p\"", msg->add_conn.me.id); + this->logger->log(this->logger, CONTROL|LEVEL1, "other id is: \"%p\"", msg->add_conn.other.id); + fix_string(msg, &msg->add_conn.name); + fix_string(msg, &msg->add_conn.me.id); + fix_string(msg, &msg->add_conn.other.id); + this->logger->log(this->logger, CONTROL|LEVEL1, "received stroke: add connection \"%s\"", msg->add_conn.name); + + msg->add_conn.me.address.v4.sin_port = htons(500); + msg->add_conn.other.address.v4.sin_port = htons(500); + me = host_create_from_sockaddr(&msg->add_conn.me.address.saddr); + other = host_create_from_sockaddr(&msg->add_conn.other.address.saddr); + + init_config = init_config_create(me, other); + proposal = proposal_create(1); + proposal->add_algorithm(proposal, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); + proposal->add_algorithm(proposal, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); + proposal->add_algorithm(proposal, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0); + proposal->add_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); + init_config->add_proposal(init_config, proposal); + + this->logger->log(this->logger, CONTROL|LEVEL1, "my id is: \"%s\"", msg->add_conn.me.id); + this->logger->log(this->logger, CONTROL|LEVEL1, "other id is: \"%s\"", msg->add_conn.other.id); + + sa_config = sa_config_create(ID_IPV4_ADDR, msg->add_conn.me.id, + ID_IPV4_ADDR, msg->add_conn.other.id, + SHARED_KEY_MESSAGE_INTEGRITY_CODE, 30000); + + this->add_new_preshared_secret(this, ID_IPV4_ADDR, "192.168.0.1","verschluesselt"); + this->add_new_preshared_secret(this, ID_IPV4_ADDR, "192.168.0.2","verschluesselt"); + + proposal = proposal_create(1); + proposal->add_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); + proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); + sa_config->add_proposal(sa_config, proposal); + + me = host_create_from_sockaddr(&msg->add_conn.me.subnet.saddr); + ts = traffic_selector_create_from_subnet(me, msg->add_conn.me.subnet_netbits); + sa_config->add_my_traffic_selector(sa_config,ts); + chunk_t chunk = ts->get_to_address(ts); + this->logger->log_chunk(this->logger, CONTROL|LEVEL1, "my toaddr", &chunk); + other = host_create_from_sockaddr(&msg->add_conn.other.subnet.saddr); + ts = traffic_selector_create_from_subnet(other, msg->add_conn.other.subnet_netbits); + sa_config->add_other_traffic_selector(sa_config,ts); + chunk = ts->get_to_address(ts); + this->logger->log_chunk(this->logger, CONTROL|LEVEL1, "other toaddr", &chunk); + + this->add_new_configuration(this, msg->add_conn.name, init_config, sa_config); + this->logger->log(this->logger, CONTROL|LEVEL1, "connection added \"%s\"", msg->add_conn.name); + + break; + } + case STR_DEL_CONN: + default: + this->logger->log(this->logger, ERROR, "received invalid stroke"); + } + + allocator_free(msg); } } /** - * Implementation of starter_configuration_t.get_init_config_for_host. + * Implementation of stroke_configuration_t.get_init_config_for_host. */ -static status_t get_init_config_for_host (private_starter_configuration_t *this, host_t *my_host, host_t *other_host,init_config_t **init_config) +static status_t get_init_config_for_host (private_stroke_configuration_t *this, host_t *my_host, host_t *other_host,init_config_t **init_config) { iterator_t *iterator; status_t status = NOT_FOUND; @@ -407,9 +517,9 @@ static status_t get_init_config_for_host (private_starter_configuration_t *this, } /** - * Implementation of starter_configuration_t.get_init_config_for_name. + * Implementation of stroke_configuration_t.get_init_config_for_name. */ -static status_t get_init_config_for_name (private_starter_configuration_t *this, char *name, init_config_t **init_config) +static status_t get_init_config_for_name (private_stroke_configuration_t *this, char *name, init_config_t **init_config) { iterator_t *iterator; status_t status = NOT_FOUND; @@ -437,9 +547,9 @@ static status_t get_init_config_for_name (private_starter_configuration_t *this, } /** - * Implementation of starter_configuration_t.get_sa_config_for_name. + * Implementation of stroke_configuration_t.get_sa_config_for_name. */ -static status_t get_sa_config_for_name (private_starter_configuration_t *this, char *name, sa_config_t **sa_config) +static status_t get_sa_config_for_name (private_stroke_configuration_t *this, char *name, sa_config_t **sa_config) { iterator_t *iterator; status_t status = NOT_FOUND; @@ -466,9 +576,9 @@ static status_t get_sa_config_for_name (private_starter_configuration_t *this, c } /** - * Implementation of starter_configuration_t.get_sa_config_for_init_config_and_id. + * Implementation of stroke_configuration_t.get_sa_config_for_init_config_and_id. */ -static status_t get_sa_config_for_init_config_and_id (private_starter_configuration_t *this, init_config_t *init_config, identification_t *other_id, identification_t *my_id,sa_config_t **sa_config) +static status_t get_sa_config_for_init_config_and_id (private_stroke_configuration_t *this, init_config_t *init_config, identification_t *other_id, identification_t *my_id,sa_config_t **sa_config) { iterator_t *iterator; status_t status = NOT_FOUND; @@ -517,9 +627,9 @@ static status_t get_sa_config_for_init_config_and_id (private_starter_configurat } /** - * Implementation of private_starter_configuration_t.add_new_configuration. + * Implementation of private_stroke_configuration_t.add_new_configuration. */ -static void add_new_configuration (private_starter_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config) +static void add_new_configuration (private_stroke_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config) { iterator_t *iterator; bool found; @@ -564,9 +674,9 @@ static void add_new_configuration (private_starter_configuration_t *this, char * } /** - * Implementation of private_starter_configuration_t.add_new_preshared_secret. + * Implementation of private_stroke_configuration_t.add_new_preshared_secret. */ -static void add_new_preshared_secret (private_starter_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret) +static void add_new_preshared_secret (private_stroke_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret) { preshared_secret_entry_t *entry = allocator_alloc_thing(preshared_secret_entry_t); @@ -579,9 +689,9 @@ static void add_new_preshared_secret (private_starter_configuration_t *this,id_t } /** - * Implementation of private_starter_configuration_t.add_new_preshared_secret. + * Implementation of private_stroke_configuration_t.add_new_preshared_secret. */ -static void add_new_rsa_public_key (private_starter_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len) +static void add_new_rsa_public_key (private_stroke_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len) { chunk_t key; key.ptr = key_pos; @@ -597,9 +707,9 @@ static void add_new_rsa_public_key (private_starter_configuration_t *this, id_ty } /** - * Implementation of private_starter_configuration_t.add_new_preshared_secret. + * Implementation of private_stroke_configuration_t.add_new_preshared_secret. */ -static void add_new_rsa_private_key (private_starter_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len) +static void add_new_rsa_private_key (private_stroke_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len) { chunk_t key; key.ptr = key_pos; @@ -615,9 +725,9 @@ static void add_new_rsa_private_key (private_starter_configuration_t *this, id_t } /** - * Implementation of starter_configuration_t.get_shared_secret. + * Implementation of stroke_configuration_t.get_shared_secret. */ -static status_t get_shared_secret(private_starter_configuration_t *this, identification_t *identification, chunk_t *preshared_secret) +static status_t get_shared_secret(private_stroke_configuration_t *this, identification_t *identification, chunk_t *preshared_secret) { iterator_t *iterator; @@ -638,9 +748,9 @@ static status_t get_shared_secret(private_starter_configuration_t *this, identif } /** - * Implementation of starter_configuration_t.get_shared_secret. + * Implementation of stroke_configuration_t.get_shared_secret. */ -static status_t get_rsa_public_key(private_starter_configuration_t *this, identification_t *identification, rsa_public_key_t **public_key) +static status_t get_rsa_public_key(private_stroke_configuration_t *this, identification_t *identification, rsa_public_key_t **public_key) { iterator_t *iterator; @@ -661,9 +771,9 @@ static status_t get_rsa_public_key(private_starter_configuration_t *this, identi } /** - * Implementation of starter_configuration_t.get_shared_secret. + * Implementation of stroke_configuration_t.get_shared_secret. */ -static status_t get_rsa_private_key(private_starter_configuration_t *this, identification_t *identification, rsa_private_key_t **private_key) +static status_t get_rsa_private_key(private_stroke_configuration_t *this, identification_t *identification, rsa_private_key_t **private_key) { iterator_t *iterator; @@ -684,9 +794,9 @@ static status_t get_rsa_private_key(private_starter_configuration_t *this, ident } /** - * Implementation of starter_configuration_t.get_retransmit_timeout. + * Implementation of stroke_configuration_t.get_retransmit_timeout. */ -static status_t get_retransmit_timeout (private_starter_configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout) +static status_t get_retransmit_timeout (private_stroke_configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout) { int new_timeout = this->first_retransmit_timeout, i; if ((retransmit_count > this->max_retransmit_count) && (this->max_retransmit_count != 0)) @@ -706,17 +816,17 @@ static status_t get_retransmit_timeout (private_starter_configuration_t *this, u } /** - * Implementation of starter_configuration_t.get_half_open_ike_sa_timeout. + * Implementation of stroke_configuration_t.get_half_open_ike_sa_timeout. */ -static u_int32_t get_half_open_ike_sa_timeout (private_starter_configuration_t *this) +static u_int32_t get_half_open_ike_sa_timeout (private_stroke_configuration_t *this) { return this->half_open_ike_sa_timeout; } /** - * Implementation of starter_configuration_t.destroy. + * Implementation of stroke_configuration_t.destroy. */ -static void destroy(private_starter_configuration_t *this) +static void destroy(private_stroke_configuration_t *this) { this->logger->log(this->logger,CONTROL | LEVEL1, "Going to destroy configuration backend "); @@ -790,9 +900,9 @@ static void destroy(private_starter_configuration_t *this) /* * Described in header-file */ -starter_configuration_t *starter_configuration_create() +stroke_configuration_t *stroke_configuration_create() { - private_starter_configuration_t *this = allocator_alloc_thing(private_starter_configuration_t); + private_stroke_configuration_t *this = allocator_alloc_thing(private_stroke_configuration_t); mode_t old; bool on = TRUE; diff --git a/Source/charon/config/stroke_configuration.h b/Source/charon/config/stroke_configuration.h new file mode 100644 index 000000000..558e43f82 --- /dev/null +++ b/Source/charon/config/stroke_configuration.h @@ -0,0 +1,111 @@ +/** + * @file stroke_configuration_t.h + * + * @brief Interface of stroke_configuration_t. + * + */ + +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef STROKE_CONFIGURATION_H +#define STROKE_CONFIGURATION_H + +#include <config/configuration.h> + +/** + * @brief A message sent over the unix socket. + * + */ +typedef struct stroke_msg_t stroke_msg_t; + +struct stroke_msg_t { + /* length of this message with all strings */ + u_int16_t length; + /* type of the message */ + enum { + /* initiate a connection */ + STR_INITIATE, + /* install SPD entries for a connection */ + STR_INSTALL, + /* add a connection */ + STR_ADD_CONN, + /* delete a connection */ + STR_DEL_CONN, + /* more to come */ + } type; + union { + /* data for STR_INITIATE, STR_INSTALL */ + struct { + char *name; + } initiate, install; + /* data for STR_ADD_CONN */ + struct { + char *name; + struct { + union { + u_int16_t family; + struct sockaddr saddr; + struct sockaddr_in v4; + struct sockaddr_in6 v6; + } address; + char *id; + union { + u_int16_t family; + struct sockaddr saddr; + struct sockaddr_in v4; + struct sockaddr_in6 v6; + } subnet; + u_int8_t subnet_netbits; + } me, other; + } add_conn; + }; + u_int8_t buffer[]; +}; + + +typedef struct stroke_configuration_t stroke_configuration_t; + +/** + * @brief A config backend which uses a unix socket. + * + * Allows config manipulation (as whack in pluto). This config + * is used by the ipsec_starter utility. This configuration + * implementation opens a socket at /var/run/charon.ctl and + * waits for input from ipsec starter. + * + * @b Constructors: + * - stroke_configuration_create() + * + * @ingroup config + */ +struct stroke_configuration_t { + + /** + * Implements configuration_t interface + */ + configuration_t configuration_interface; +}; + +/** + * @brief Creates an configuration with a unix socket interface. + * + * @return stroke_configuration_t object + * + * @ingroup config + */ +stroke_configuration_t *stroke_configuration_create(); + +#endif /*STROKE_CONFIGURATION_H*/ diff --git a/Source/charon/config/traffic_selector.c b/Source/charon/config/traffic_selector.c index 33b176414..9f96718c0 100644 --- a/Source/charon/config/traffic_selector.c +++ b/Source/charon/config/traffic_selector.c @@ -50,14 +50,14 @@ struct private_traffic_selector_t { u_int8_t protocol; /** - * begin of address range + * begin of address range, host order */ union { u_int32_t from_addr_ipv4; }; /** - * end of address range + * end of address range, host order */ union { u_int32_t to_addr_ipv4; @@ -75,7 +75,7 @@ struct private_traffic_selector_t { }; /** - * internal generic constructor + * internal generic constructor */ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts_type_t type, u_int16_t from_port, u_int16_t to_port); @@ -207,6 +207,36 @@ static u_int8_t get_protocol(private_traffic_selector_t *this) } /** + * Implements traffic_selector_t.get_netmask. + */ +static u_int8_t get_netmask(private_traffic_selector_t *this) +{ + switch (this->type) + { + case TS_IPV4_ADDR_RANGE: + { + u_int32_t from, to, bit; + from = htonl(this->from_addr_ipv4); + to = htonl(this->to_addr_ipv4); + printf("%x - %x\n", from, to); + for (bit = 0; bit < 32; bit++) + { + if ((1<<bit & from) != (1<<bit & to)) + { + return bit; + } + } + return 0; + } + case TS_IPV6_ADDR_RANGE: + default: + { + return 0; + } + } +} + +/** * Implements traffic_selector_t.clone. */ static traffic_selector_t *clone(private_traffic_selector_t *this) @@ -270,9 +300,38 @@ traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, ts_typ return (&this->public); } +/* + * see header + */ +traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t netbits) +{ + private_traffic_selector_t *this = traffic_selector_create(0, 0, 0, 65535); + + switch (net->get_family(net)) + { + case AF_INET: + { + chunk_t from; + + this->type = TS_IPV4_ADDR_RANGE; + from = net->get_address_as_chunk(net); + this->from_addr_ipv4 = ntohl(*((u_int32_t*)from.ptr)); + this->to_addr_ipv4 = this->from_addr_ipv4 | ((1 << (32 - netbits)) - 1); + allocator_free_chunk(&from); + break; + } + case AF_INET6: + default: + { + allocator_free(this); + return NULL; + } + } + return (&this->public); +} /* - * Described in header-file + * see header */ traffic_selector_t *traffic_selector_create_from_string(u_int8_t protocol, ts_type_t type, char *from_addr, u_int16_t from_port, char *to_addr, u_int16_t to_port) { @@ -327,6 +386,7 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts this->public.get_to_port = (u_int16_t(*)(traffic_selector_t*))get_to_port; this->public.get_type = (ts_type_t(*)(traffic_selector_t*))get_type; this->public.get_protocol = (u_int8_t(*)(traffic_selector_t*))get_protocol; + this->public.get_netmask = (u_int8_t(*)(traffic_selector_t*))get_netmask; this->public.clone = (traffic_selector_t*(*)(traffic_selector_t*))clone; this->public.destroy = (void(*)(traffic_selector_t*))destroy; @@ -337,4 +397,3 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts return this; } - diff --git a/Source/charon/config/traffic_selector.h b/Source/charon/config/traffic_selector.h index 553a73e66..685b7d788 100644 --- a/Source/charon/config/traffic_selector.h +++ b/Source/charon/config/traffic_selector.h @@ -66,12 +66,14 @@ typedef struct traffic_selector_t traffic_selector_t; * @brief Object representing a traffic selector entry. * * A traffic selector defines an range of addresses - * and a range of ports. + * and a range of ports. IPv6 is not fully supported yet. * * @b Constructors: * - traffic_selector_create_from_bytes() * - traffic_selector_create_from_string() * + * @todo Add IPv6 support + * * @ingroup config */ struct traffic_selector_t { @@ -161,6 +163,18 @@ struct traffic_selector_t { * @return protocol id */ u_int8_t (*get_protocol) (traffic_selector_t *this); + + /** + * @brief Get the netmask of the address range. + * + * Returns the number of bits associated to the subnet. + * (As the "24" in "192.168.0.0/24"). This is approximated + * if the address range is not a complete subnet! + * + * @param this calling obect + * @return netmask as "bits for subnet" + */ + u_int8_t (*get_netmask) (traffic_selector_t *this); /** * @brief Destroys the ts object @@ -208,4 +222,6 @@ traffic_selector_t *traffic_selector_create_from_string(u_int8_t protocol, ts_ty */ traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, ts_type_t type, chunk_t from_address, int16_t from_port, chunk_t to_address, u_int16_t to_port); +traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t netbits); + #endif //_TRAFFIC_SELECTOR_H_ |