diff options
Diffstat (limited to 'Source/charon')
| -rw-r--r-- | Source/charon/config/connections/connection.c | 20 | ||||
| -rw-r--r-- | Source/charon/config/connections/connection.h | 19 | ||||
| -rwxr-xr-x | Source/charon/config/connections/connection_store.h | 16 | ||||
| -rw-r--r-- | Source/charon/config/connections/local_connection_store.c | 28 | ||||
| -rw-r--r-- | Source/charon/config/policies/local_policy_store.c | 11 | ||||
| -rw-r--r-- | Source/charon/daemon.h | 6 | ||||
| -rw-r--r-- | Source/charon/sa/child_sa.c | 10 | ||||
| -rw-r--r-- | Source/charon/sa/child_sa.h | 6 | ||||
| -rw-r--r-- | Source/charon/sa/ike_sa.c | 26 | ||||
| -rw-r--r-- | Source/charon/sa/ike_sa.h | 19 | ||||
| -rw-r--r-- | Source/charon/sa/ike_sa_manager.c | 22 | ||||
| -rw-r--r-- | Source/charon/sa/ike_sa_manager.h | 46 | ||||
| -rwxr-xr-x | Source/charon/threads/stroke_interface.c | 118 |
13 files changed, 206 insertions, 141 deletions
diff --git a/Source/charon/config/connections/connection.c b/Source/charon/config/connections/connection.c index d2e50c780..2ce544cc9 100644 --- a/Source/charon/config/connections/connection.c +++ b/Source/charon/config/connections/connection.c @@ -20,6 +20,8 @@ * for more details. */ +#include <string.h> + #include "connection.h" #include <utils/linked_list.h> @@ -49,6 +51,11 @@ struct private_connection_t { connection_t public; /** + * Name of the connection + */ + char *name; + + /** * ID of us */ identification_t *my_id; @@ -80,6 +87,14 @@ struct private_connection_t { }; /** + * Implementation of connection_t.get_name. + */ +static char *get_name (private_connection_t *this) +{ + return this->name; +} + +/** * Implementation of connection_t.get_my_id. */ static identification_t *get_my_id (private_connection_t *this) @@ -253,6 +268,7 @@ static connection_t *clone(private_connection_t *this) iterator_t *iterator; proposal_t *proposal; private_connection_t *clone = (private_connection_t*)connection_create( + this->name, this->my_host->clone(this->my_host), this->other_host->clone(this->other_host), this->my_id->clone(this->my_id), @@ -295,11 +311,12 @@ static void destroy (private_connection_t *this) /** * Described in header. */ -connection_t * connection_create(host_t *my_host, host_t *other_host, identification_t *my_id, identification_t *other_id, auth_method_t auth_method) +connection_t * connection_create(char *name, host_t *my_host, host_t *other_host, identification_t *my_id, identification_t *other_id, auth_method_t auth_method) { private_connection_t *this = malloc_thing(private_connection_t); /* public functions */ + this->public.get_name = (char*(*)(connection_t*))get_name; this->public.get_my_id = (identification_t*(*)(connection_t*))get_my_id; this->public.get_other_id = (identification_t*(*)(connection_t*))get_other_id; this->public.get_my_host = (host_t*(*)(connection_t*))get_my_host; @@ -316,6 +333,7 @@ connection_t * connection_create(host_t *my_host, host_t *other_host, identifica this->public.destroy = (void(*)(connection_t*))destroy; /* private variables */ + this->name = strdup(name); this->my_host = my_host; this->other_host = other_host; this->my_id = my_id; diff --git a/Source/charon/config/connections/connection.h b/Source/charon/config/connections/connection.h index 39b076411..fb960d1a0 100644 --- a/Source/charon/config/connections/connection.h +++ b/Source/charon/config/connections/connection.h @@ -186,6 +186,17 @@ struct connection_t { auth_method_t (*get_auth_method) (connection_t *this); /** + * @brief Get the connection name. + * + * Name must not be freed, since it points to + * internal data. + * + * @param this calling object + * @return name of the connection + */ + char* (*get_name) (connection_t *this); + + /** * @brief Get the DH group to use for connection initialization. * * @param this calling object @@ -225,8 +236,9 @@ struct connection_t { * * Supplied hosts/IDs become owned by connection, so * do not modify or destroy them after a call to - * connection_create(). - * + * connection_create(). Name gets cloned internally. + * + * @param name connection identifier * @param my_host host_t representing local address * @param other_host host_t representing remote address * @param my_id identification_t for me @@ -236,7 +248,8 @@ struct connection_t { * * @ingroup config */ -connection_t * connection_create(host_t *my_host, host_t *other_host, +connection_t * connection_create(char *name, + host_t *my_host, host_t *other_host, identification_t *my_id, identification_t *other_id, auth_method_t auth_method); diff --git a/Source/charon/config/connections/connection_store.h b/Source/charon/config/connections/connection_store.h index f1814a00d..41fd58e42 100755 --- a/Source/charon/config/connections/connection_store.h +++ b/Source/charon/config/connections/connection_store.h @@ -72,7 +72,21 @@ struct connection_store_t { * - NULL otherwise */ connection_t *(*get_connection_by_hosts) (connection_store_t *this, host_t *my_host, host_t *other_host); - + + /** + * @brief Returns a connection identified by its name. + * + * This call is usefull to get a connection identified its + * name, as on an connection setup. + * + * @param this calling object + * @param name name of the connection to get + * @return + * - connection_t, if found + * - NULL otherwise + */ + connection_t *(*get_connection_by_name) (connection_store_t *this, char *name); + /** * @brief Add a connection to the store. * diff --git a/Source/charon/config/connections/local_connection_store.c b/Source/charon/config/connections/local_connection_store.c index 3eee2ba58..3f07f0d21 100644 --- a/Source/charon/config/connections/local_connection_store.c +++ b/Source/charon/config/connections/local_connection_store.c @@ -20,6 +20,8 @@ * for more details. */ +#include <string.h> + #include "local_connection_store.h" #include <utils/linked_list.h> @@ -159,9 +161,32 @@ static connection_t *get_connection_by_ids(private_local_connection_store_t *thi } /** + * Implementation of connection_store_t.get_connection_by_name. + */ +static connection_t *get_connection_by_name(private_local_connection_store_t *this, char *name) +{ + iterator_t *iterator; + connection_t *current, *found = NULL; + + iterator = this->connections->create_iterator(this->connections, TRUE); + while (iterator->has_next(iterator)) + { + iterator->current(iterator, (void**)¤t); + if (strcmp(name, current->get_name(current)) == 0) + { + found = current->clone(current); + break; + } + } + iterator->destroy(iterator); + + return found; +} + +/** * Implementation of connection_store_t.add_connection. */ -status_t add_connection(private_local_connection_store_t *this, connection_t *connection) +static status_t add_connection(private_local_connection_store_t *this, connection_t *connection) { this->connections->insert_last(this->connections, connection); return SUCCESS; @@ -191,6 +216,7 @@ local_connection_store_t * local_connection_store_create() this->public.connection_store.get_connection_by_hosts = (connection_t*(*)(connection_store_t*,host_t*,host_t*))get_connection_by_hosts; this->public.connection_store.get_connection_by_ids = (connection_t*(*)(connection_store_t*,identification_t*,identification_t*))get_connection_by_ids; + this->public.connection_store.get_connection_by_name = (connection_t*(*)(connection_store_t*,char*))get_connection_by_name; this->public.connection_store.add_connection = (status_t(*)(connection_store_t*,connection_t*))add_connection; this->public.connection_store.destroy = (void(*)(connection_store_t*))destroy; diff --git a/Source/charon/config/policies/local_policy_store.c b/Source/charon/config/policies/local_policy_store.c index a03b86a73..7dcdf1728 100644 --- a/Source/charon/config/policies/local_policy_store.c +++ b/Source/charon/config/policies/local_policy_store.c @@ -66,6 +66,9 @@ static policy_t *get_policy(private_local_policy_store_t *this, identification_t iterator_t *iterator; policy_t *current, *found = NULL; + this->logger->log(this->logger, CONTROL|LEVEL0, "Looking for policy for IDs %s - %s", + my_id ? my_id->get_string(my_id) : "%any", + other_id->get_string(other_id)); iterator = this->policies->create_iterator(this->policies, TRUE); while (iterator->has_next(iterator)) { @@ -73,8 +76,12 @@ static policy_t *get_policy(private_local_policy_store_t *this, identification_t identification_t *config_my_id = current->get_my_id(current); identification_t *config_other_id = current->get_other_id(current); + this->logger->log(this->logger, CONTROL|LEVEL0, "Found one for %s - %s", + config_my_id->get_string(config_my_id), + config_other_id->get_string(config_other_id)); + /* check other host first */ - if (config_other_id->belongs_to(config_other_id, other_id)) + if (other_id->belongs_to(other_id, config_other_id)) { /* get it if my_id not specified */ if (my_id == NULL) @@ -82,7 +89,7 @@ static policy_t *get_policy(private_local_policy_store_t *this, identification_t found = current->clone(current); break; } - if (config_my_id->belongs_to(config_my_id, my_id)) + if (my_id->belongs_to(my_id, config_my_id)) { found = current->clone(current); break; diff --git a/Source/charon/daemon.h b/Source/charon/daemon.h index 037f40cc5..5aee21fdb 100644 --- a/Source/charon/daemon.h +++ b/Source/charon/daemon.h @@ -207,21 +207,21 @@ * * @ingroup charon */ -#define IPSEC_DIR "/etc/ipsec.d/" +#define IPSEC_DIR "/etc/ipsec.d" /** * Directory for private keys * * @ingroup charon */ -#define PRIVATE_KEY_DIR IPSEC_DIR "private/" +#define PRIVATE_KEY_DIR IPSEC_DIR "/private" /** * Directory for trusted certificates * * @ingroup charon */ -#define CERTIFICATE_DIR IPSEC_DIR "certs/" +#define CERTIFICATE_DIR IPSEC_DIR "/certs" typedef struct daemon_t daemon_t; diff --git a/Source/charon/sa/child_sa.c b/Source/charon/sa/child_sa.c index f5828be2e..8871b73a1 100644 --- a/Source/charon/sa/child_sa.c +++ b/Source/charon/sa/child_sa.c @@ -467,7 +467,7 @@ static status_t add_policies(private_child_sa_t *this, linked_list_t *my_ts_list /** * Implementation of child_sa_t.log_status. */ -static void log_status(private_child_sa_t *this, logger_t *logger) +static void log_status(private_child_sa_t *this, logger_t *logger, char* name) { iterator_t *iterator; sa_policy_t *policy; @@ -479,7 +479,8 @@ static void log_status(private_child_sa_t *this, logger_t *logger) { logger = this->logger; } - logger->log(logger, CONTROL, " protected with ESP (%x/%x), AH (%x,%x); traffic:", + logger->log(logger, CONTROL|LEVEL1, "\"%s\": protected with ESP (%x/%x), AH (%x,%x):", + name, htonl(this->my_esp_spi), htonl(this->other_esp_spi), htonl(this->my_ah_spi), htonl(this->other_ah_spi)); iterator = this->policies->create_iterator(this->policies, TRUE); @@ -498,7 +499,8 @@ static void log_status(private_child_sa_t *this, logger_t *logger) snprintf(proto_buf, sizeof(proto_buf), "<%d>", policy->upper_proto); } } - logger->log(logger, CONTROL, " %s/%d===%s===%s/%d", + logger->log(logger, CONTROL, "\"%s\": %s/%d==%s==%s/%d", + name, policy->my_net->get_address(policy->my_net), policy->my_net_mask, proto_name, policy->other_net->get_address(policy->other_net), policy->other_net_mask); @@ -570,7 +572,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other) this->public.add = (status_t(*)(child_sa_t*,proposal_t*,prf_plus_t*))add; this->public.update = (status_t(*)(child_sa_t*,proposal_t*,prf_plus_t*))update; this->public.add_policies = (status_t (*)(child_sa_t*, linked_list_t*,linked_list_t*))add_policies; - this->public.log_status = (void (*)(child_sa_t*, logger_t*))log_status; + this->public.log_status = (void (*)(child_sa_t*, logger_t*, char*))log_status; this->public.destroy = (void(*)(child_sa_t*))destroy; /* private data */ diff --git a/Source/charon/sa/child_sa.h b/Source/charon/sa/child_sa.h index c49d85de9..6ccbff13f 100644 --- a/Source/charon/sa/child_sa.h +++ b/Source/charon/sa/child_sa.h @@ -118,12 +118,14 @@ struct child_sa_t { * The status of ESP/AH SAs is logged with the supplied logger in * a human readable form. * Supplying NULL as logger uses the internal child_sa logger - * to do the logging. + * to do the logging. The name is only a log-prefix without further + * meaning. * * @param this calling object * @param logger logger to use for logging + * @param name connection name */ - void (*log_status) (child_sa_t *this, logger_t *logger); + void (*log_status) (child_sa_t *this, logger_t *logger, char *name); /** * @brief Destroys a child_sa. diff --git a/Source/charon/sa/ike_sa.c b/Source/charon/sa/ike_sa.c index 0360695c0..99531d75e 100644 --- a/Source/charon/sa/ike_sa.c +++ b/Source/charon/sa/ike_sa.c @@ -979,11 +979,24 @@ static void reset_message_buffers (private_ike_sa_t *this) /** * Implementation of protected_ike_sa_t.log_status. */ -static void log_status(private_ike_sa_t *this, logger_t *logger) +static void log_status(private_ike_sa_t *this, logger_t *logger, char *name) { iterator_t *iterator; child_sa_t *child_sa; + /* only log if name == NULL or name == connection_name */ + if (name) + { + if (strcmp(this->connection->get_name(this->connection), name) != 0) + { + return; + } + } + else + { + name = this->connection->get_name(this->connection); + } + host_t *my_host = this->connection->get_my_host(this->connection); host_t *other_host = this->connection->get_other_host(this->connection); @@ -994,11 +1007,13 @@ static void log_status(private_ike_sa_t *this, logger_t *logger) { logger = this->logger; } - logger->log(logger, CONTROL, "IKE_SA in state %s, SPIs: %lld %lld", + logger->log(logger, CONTROL|LEVEL1, "\"%s\": IKE_SA in state %s, SPIs: %llx %llx", + name, mapping_find(ike_sa_state_m, this->current_state->get_state(this->current_state)), this->ike_sa_id->get_initiator_spi(this->ike_sa_id), this->ike_sa_id->get_responder_spi(this->ike_sa_id)); - logger->log(logger, CONTROL, "%s[%s]...%s[%s]; tunnels:", + logger->log(logger, CONTROL, "\"%s\": %s[%s]...%s[%s]", + name, my_host->get_address(my_host), my_id->get_string(my_id), other_host->get_address(other_host), @@ -1008,7 +1023,7 @@ static void log_status(private_ike_sa_t *this, logger_t *logger) while (iterator->has_next(iterator)) { iterator->current(iterator, (void**)&child_sa); - child_sa->log_status(child_sa, logger); + child_sa->log_status(child_sa, logger, name); } iterator->destroy(iterator); } @@ -1109,10 +1124,11 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->protected.public.get_other_host = (host_t*(*)(ike_sa_t*)) get_other_host; this->protected.public.get_my_id = (identification_t*(*)(ike_sa_t*)) get_my_id; this->protected.public.get_other_id = (identification_t*(*)(ike_sa_t*)) get_other_id; + this->protected.public.get_connection = (connection_t*(*)(ike_sa_t*)) get_connection; this->protected.public.retransmit_request = (status_t (*) (ike_sa_t *, u_int32_t)) retransmit_request; this->protected.public.get_state = (ike_sa_state_t (*) (ike_sa_t *this)) get_state; this->protected.public.send_delete_ike_sa_request = (void (*)(ike_sa_t*)) send_delete_ike_sa_request; - this->protected.public.log_status = (void (*) (ike_sa_t*,logger_t*))log_status; + this->protected.public.log_status = (void (*) (ike_sa_t*,logger_t*,char*))log_status; this->protected.public.destroy = (void(*)(ike_sa_t*))destroy; /* protected functions */ diff --git a/Source/charon/sa/ike_sa.h b/Source/charon/sa/ike_sa.h index 71688394a..c526c6347 100644 --- a/Source/charon/sa/ike_sa.h +++ b/Source/charon/sa/ike_sa.h @@ -153,6 +153,19 @@ struct ike_sa_t { * @return remote identification_t */ identification_t* (*get_other_id) (ike_sa_t *this); + + /** + * @brief Get the connection of the IKE_SA. + * + * The internal used connection specification + * can be queried to get some data of an IKE_SA. + * The connection is still owned to the IKE_SA + * and must not be manipulated. + * + * @param this calling object + * @return connection_t + */ + connection_t* (*get_connection) (ike_sa_t *this); /** * @brief Get the state of type of associated state object. @@ -167,12 +180,14 @@ struct ike_sa_t { * * The status of the IKE SA and all child SAs is logged. * Supplying NULL as logger uses the internal child_sa logger - * to do the logging. + * to do the logging. The log is only done if the supplied + * connection name is NULL or matches the connections name. * * @param this calling object * @param logger logger to use for logging + * @param name name of the connection */ - void (*log_status) (ike_sa_t *this, logger_t *logger); + void (*log_status) (ike_sa_t *this, logger_t *logger, char *name); /** * @brief Destroys a ike_sa_t object. diff --git a/Source/charon/sa/ike_sa_manager.c b/Source/charon/sa/ike_sa_manager.c index d0120fa7e..01f3f5ad2 100644 --- a/Source/charon/sa/ike_sa_manager.c +++ b/Source/charon/sa/ike_sa_manager.c @@ -574,6 +574,27 @@ linked_list_t *get_ike_sa_list(private_ike_sa_manager_t* this) } /** + * Implementation of ike_sa_manager_t.log_status. + */ +static void log_status(private_ike_sa_manager_t* this, logger_t* logger, char* name) +{ + iterator_t *iterator; + + pthread_mutex_lock(&(this->mutex)); + + iterator = this->ike_sa_list->create_iterator(this->ike_sa_list, TRUE); + while (iterator->has_next(iterator)) + { + ike_sa_entry_t *entry; + iterator->current(iterator, (void**)&entry); + entry->ike_sa->log_status(entry->ike_sa, logger, name); + } + iterator->destroy(iterator); + + pthread_mutex_unlock(&(this->mutex)); +} + +/** * Implementation of ike_sa_manager_t.checkin. */ static status_t checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) @@ -767,6 +788,7 @@ ike_sa_manager_t *ike_sa_manager_create() this->public.checkout = (status_t(*)(ike_sa_manager_t*, ike_sa_id_t*,ike_sa_t**))checkout; this->public.checkout_by_hosts = (status_t(*)(ike_sa_manager_t*,host_t*,host_t*,ike_sa_t**))checkout_by_hosts; this->public.get_ike_sa_list = (linked_list_t*(*)(ike_sa_manager_t*))get_ike_sa_list; + this->public.log_status = (void(*)(ike_sa_manager_t*,logger_t*,char*))log_status; this->public.checkin = (status_t(*)(ike_sa_manager_t*,ike_sa_t*))checkin; this->public.delete = (status_t(*)(ike_sa_manager_t*,ike_sa_id_t*))delete; this->public.checkin_and_delete = (status_t(*)(ike_sa_manager_t*,ike_sa_t*))checkin_and_delete; diff --git a/Source/charon/sa/ike_sa_manager.h b/Source/charon/sa/ike_sa_manager.h index a00f37e4f..e2235b4b6 100644 --- a/Source/charon/sa/ike_sa_manager.h +++ b/Source/charon/sa/ike_sa_manager.h @@ -25,6 +25,7 @@ #include <types.h> #include <sa/ike_sa.h> +#include <utils/logger.h> typedef struct ike_sa_manager_t ike_sa_manager_t; @@ -58,7 +59,7 @@ struct ike_sa_manager_t { * @warning checking out two times without checking in will * result in a deadlock! * - * @param ike_sa_manager the manager object + * @param this the manager object * @param ike_sa_id[in/out] the SA identifier, will be updated * @param ike_sa[out] checked out SA * @returns @@ -66,7 +67,7 @@ struct ike_sa_manager_t { * - NOT_FOUND when no such SA is available * - CREATED if a new IKE_SA got created */ - status_t (*checkout) (ike_sa_manager_t* ike_sa_manager, ike_sa_id_t *sa_id, ike_sa_t **ike_sa); + status_t (*checkout) (ike_sa_manager_t* this, ike_sa_id_t *sa_id, ike_sa_t **ike_sa); /** * @brief Create and checkout an IKE_SA as original initator. @@ -74,10 +75,10 @@ struct ike_sa_manager_t { * Creates and checks out a SA as initiator. * Management of SPIs is the managers job, he will set it. * - * @param ike_sa_manager the manager object + * @param this the manager object * @param ike_sa[out] checked out SA */ - void (*create_and_checkout) (ike_sa_manager_t* ike_sa_manager,ike_sa_t **ike_sa); + void (*create_and_checkout) (ike_sa_manager_t* this,ike_sa_t **ike_sa); /** * @brief Check out an IKE_SA, defined be the two peers. @@ -86,7 +87,7 @@ struct ike_sa_manager_t { * for kernel traps, status querying and so on... one of the hosts * may be 0.0.0.0 (defaultroute/any), but not both. * - * @param ike_sa_manager the manager object + * @param this the manager object * @param me host on local side * @param other host on remote side * @param ike_sa[out] checked out SA @@ -94,7 +95,7 @@ struct ike_sa_manager_t { * - NOT_FOUND, if no such SA found * - SUCCESS, if SA found and ike_sa set appropriatly */ - status_t (*checkout_by_hosts) (ike_sa_manager_t* ike_sa_manager, host_t *me, host_t *other, ike_sa_t **ike_sa); + status_t (*checkout_by_hosts) (ike_sa_manager_t* this, host_t *me, host_t *other, ike_sa_t **ike_sa); /** * @brief Get a list of all IKE_SA SAs currently set up. @@ -104,10 +105,23 @@ struct ike_sa_manager_t { * corrensponding ID really exists, since it may be deleted * in the meantime by another thread. * - * @param ike_sa_manager the manager object + * @param this the manager object * @return a list with ike_sa_id_t s */ - linked_list_t *(*get_ike_sa_list) (ike_sa_manager_t* ike_sa_manager); + linked_list_t *(*get_ike_sa_list) (ike_sa_manager_t* this); + + /** + * @brief Log the status of the IKE_SA's in the manager. + * + * A informational log is done to the supplied logger. If logger is + * NULL, an internal logger is used. If a name is supplied, + * only connections with the matching name will be logged. + * + * @param this the manager object + * @param logger logger to do the log, or NULL + * @param name name of a connection, or NULL + */ + void (*log_status) (ike_sa_manager_t* this, logger_t* logger, char* name); /** * @brief Checkin the SA after usage. @@ -115,14 +129,14 @@ struct ike_sa_manager_t { * @warning the SA pointer MUST NOT be used after checkin! * The SA must be checked out again! * - * @param ike_sa_manager the manager object + * @param this the manager object * @param ike_sa_id[in/out] the SA identifier, will be updated * @param ike_sa[out] checked out SA * @returns * - SUCCESS if checked in * - NOT_FOUND when not found (shouldn't happen!) */ - status_t (*checkin) (ike_sa_manager_t* ike_sa_manager, ike_sa_t *ike_sa); + status_t (*checkin) (ike_sa_manager_t* this, ike_sa_t *ike_sa); /** * @brief Delete a SA, which was not checked out. @@ -130,33 +144,33 @@ struct ike_sa_manager_t { * @warning do not use this when the SA is already checked out, this will * deadlock! * - * @param ike_sa_manager the manager object + * @param this the manager object * @param ike_sa_id[in/out] the SA identifier * @returns * - SUCCESS if found * - NOT_FOUND when no such SA is available */ - status_t (*delete) (ike_sa_manager_t* ike_sa_manager, ike_sa_id_t *ike_sa_id); + status_t (*delete) (ike_sa_manager_t* this, ike_sa_id_t *ike_sa_id); /** * @brief Delete a checked out SA. * - * @param ike_sa_manager the manager object + * @param this the manager object * @param ike_sa SA to delete * @returns * - SUCCESS if found * - NOT_FOUND when no such SA is available */ - status_t (*checkin_and_delete) (ike_sa_manager_t* ike_sa_manager, ike_sa_t *ike_sa); + status_t (*checkin_and_delete) (ike_sa_manager_t* this, ike_sa_t *ike_sa); /** * @brief Destroys the manager with all associated SAs. * * Threads will be driven out, so all SAs can be deleted cleanly. * - * @param ike_sa_manager the manager object + * @param this the manager object */ - void (*destroy) (ike_sa_manager_t *ike_sa_manager); + void (*destroy) (ike_sa_manager_t *this); }; /** diff --git a/Source/charon/threads/stroke_interface.c b/Source/charon/threads/stroke_interface.c index 143dcd691..3078c03c6 100755 --- a/Source/charon/threads/stroke_interface.c +++ b/Source/charon/threads/stroke_interface.c @@ -42,24 +42,6 @@ struct sockaddr_un socket_addr = { AF_UNIX, STROKE_SOCKET}; -typedef struct connection_entry_t connection_entry_t; - -/** - * A connection entry combines a connection name with a connection. - */ -struct connection_entry_t { - - /** - * connection name. - */ - char *name; - - /** - * Configuration for IKE_SA_INIT exchange. - */ - connection_t *connection; -}; - typedef struct private_stroke_t private_stroke_t; @@ -74,11 +56,6 @@ struct private_stroke_t { stroke_t public; /** - * Holding all connections as connection_entry_t's. - */ - linked_list_t *connections; - - /** * Assigned logger_t object in charon. */ logger_t *logger; @@ -102,11 +79,6 @@ struct private_stroke_t { * Read from the socket and handle stroke messages */ void (*stroke_receive) (private_stroke_t *this); - - /** - * find a connection in the config list by name - */ - connection_t *(*get_connection_by_name) (private_stroke_t *this, char *name); }; /** @@ -147,7 +119,6 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg) host_t *my_host, *other_host, *my_subnet, *other_subnet; proposal_t *proposal; traffic_selector_t *my_ts, *other_ts; - connection_entry_t *entry; x509_t *cert; pop_string(msg, &msg->add_conn.name); @@ -291,7 +262,9 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg) } } - connection = connection_create(my_host, other_host, my_id->clone(my_id), other_id->clone(other_id), + connection = connection_create(msg->add_conn.name, + my_host, other_host, + my_id->clone(my_id), other_id->clone(other_id), RSA_DIGITAL_SIGNATURE); proposal = proposal_create(1); proposal->add_algorithm(proposal, PROTO_IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); @@ -305,11 +278,6 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg) proposal->add_algorithm(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0); proposal->add_algorithm(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0); connection->add_proposal(connection, proposal); - /* add in our list, so we can manipulate the connection further via name */ - entry = malloc_thing(connection_entry_t); - entry->name = strdup(msg->add_conn.name); - entry->connection = connection; - this->connections->insert_last(this->connections, entry); /* add to global connection list */ charon->connections->add_connection(charon->connections, connection); @@ -337,7 +305,7 @@ static void stroke_initiate(private_stroke_t *this, stroke_msg_t *msg) pop_string(msg, &(msg->initiate.name)); this->logger->log(this->logger, CONTROL, "received stroke: initiate \"%s\"", msg->initiate.name); - connection = this->get_connection_by_name(this, msg->initiate.name); + connection = charon->connections->get_connection_by_name(charon->connections, msg->initiate.name); if (connection == NULL) { this->stroke_logger->log(this->stroke_logger, ERROR, "could not find a connection named \"%s\"", msg->initiate.name); @@ -361,13 +329,15 @@ static void stroke_terminate(private_stroke_t *this, stroke_msg_t *msg) pop_string(msg, &(msg->terminate.name)); this->logger->log(this->logger, CONTROL, "received stroke: terminate \"%s\"", msg->terminate.name); - connection = this->get_connection_by_name(this, msg->terminate.name); + connection = charon->connections->get_connection_by_name(charon->connections, msg->terminate.name); if (connection) { my_host = connection->get_my_host(connection); other_host = connection->get_other_host(connection); + /* TODO: Do this directly by name now */ + /* TODO: terminate any instance of the name */ status = charon->ike_sa_manager->checkout_by_hosts(charon->ike_sa_manager, my_host, other_host, &ike_sa); @@ -396,31 +366,11 @@ static void stroke_terminate(private_stroke_t *this, stroke_msg_t *msg) */ static void stroke_status(private_stroke_t *this, stroke_msg_t *msg) { - linked_list_t *list; - iterator_t *iterator; - status_t status; - - - list = charon->ike_sa_manager->get_ike_sa_list(charon->ike_sa_manager); - iterator = list->create_iterator(list, TRUE); - while (iterator->has_next(iterator)) - { - ike_sa_id_t *ike_sa_id; - ike_sa_t *ike_sa; - iterator->current(iterator, (void**)&ike_sa_id); - /* TODO: A log_status method (as in IKE_SA/CHILD_SA) would be better than checking - * out every single IKE... - */ - status = charon->ike_sa_manager->checkout(charon->ike_sa_manager, ike_sa_id, &ike_sa); - if (status == SUCCESS) - { - ike_sa->log_status(ike_sa, this->stroke_logger); - charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); - } - ike_sa_id->destroy(ike_sa_id); + if (msg->status.name) + { + pop_string(msg, &(msg->status.name)); } - iterator->destroy(iterator); - list->destroy(list); + charon->ike_sa_manager->log_status(charon->ike_sa_manager, this->stroke_logger, msg->status.name); } logger_context_t get_context(char *context) @@ -607,6 +557,12 @@ static void stroke_receive(private_stroke_t *this) stroke_status(this, msg); break; } + case STR_STATUS_ALL: + { + this->stroke_logger->enable_level(this->stroke_logger, LEVEL1); + stroke_status(this, msg); + break; + } case STR_ADD_CONN: { stroke_add_conn(this, msg); @@ -632,50 +588,14 @@ static void stroke_receive(private_stroke_t *this) } } - -/** - * Implementation of private_stroke_t.get_connection_by_name. - */ -static connection_t *get_connection_by_name(private_stroke_t *this, char *name) -{ - iterator_t *iterator; - connection_t *found = NULL; - - iterator = this->connections->create_iterator(this->connections, TRUE); - while (iterator->has_next(iterator)) - { - connection_entry_t *entry; - iterator->current(iterator,(void **) &entry); - - if (strcmp(entry->name,name) == 0) - { - /* found configuration */ - found = entry->connection; - break; - } - } - iterator->destroy(iterator); - - return found; -} - /** * Implementation of stroke_t.destroy. */ static void destroy(private_stroke_t *this) { - connection_entry_t *entry; pthread_cancel(this->assigned_thread); pthread_join(this->assigned_thread, NULL); - - while (this->connections->remove_first(this->connections, (void **)&entry) == SUCCESS) - { - /* connection is destroyed by global list */ - free(entry->name); - free(entry); - } - this->connections->destroy(this->connections); close(this->socket); unlink(socket_addr.sun_path); @@ -696,7 +616,6 @@ stroke_t *stroke_create() /* private functions */ this->stroke_receive = stroke_receive; - this->get_connection_by_name = get_connection_by_name; this->logger = logger_manager->get_logger(logger_manager, CONFIG); @@ -738,8 +657,5 @@ stroke_t *stroke_create() return NULL; } - /* private variables */ - this->connections = linked_list_create(); - return (&this->public); } |