diff options
Diffstat (limited to 'src/charon/config')
| -rw-r--r-- | src/charon/config/backends/sqlite_backend.c | 4 | ||||
| -rw-r--r-- | src/charon/config/ike_cfg.c | 18 | ||||
| -rw-r--r-- | src/charon/config/ike_cfg.h | 12 | ||||
| -rw-r--r-- | src/charon/config/peer_cfg.c | 17 | ||||
| -rw-r--r-- | src/charon/config/peer_cfg.h | 11 |
5 files changed, 32 insertions, 30 deletions
diff --git a/src/charon/config/backends/sqlite_backend.c b/src/charon/config/backends/sqlite_backend.c index be94f9b5f..9ceed9b8b 100644 --- a/src/charon/config/backends/sqlite_backend.c +++ b/src/charon/config/backends/sqlite_backend.c @@ -178,7 +178,8 @@ static peer_cfg_t *process_peer_cfg_row(private_sqlite_backend_t *this, remote_id = identification_create_from_string((char*)sqlite3_column_text(stmt, 3)); if (local_host && remote_host && local_id && remote_id) { - ike_cfg = ike_cfg_create(sqlite3_column_int(stmt, 19), local_host, remote_host); + ike_cfg = ike_cfg_create(sqlite3_column_int(stmt, 19), FALSE, + local_host, remote_host); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); peer_cfg = peer_cfg_create( (char*)sqlite3_column_text(stmt, 1), /* name */ @@ -192,7 +193,6 @@ static peer_cfg_t *process_peer_cfg_row(private_sqlite_backend_t *this, sqlite3_column_int(stmt, 10), /* jitter */ sqlite3_column_int(stmt, 13), /* reauth */ sqlite3_column_int(stmt, 14), /* mobike */ - FALSE, /* force_encap */ sqlite3_column_int(stmt, 11), /* dpd_delay */ sqlite3_column_int(stmt, 12), /* dpd_action */ local_vip, remote_vip); diff --git a/src/charon/config/ike_cfg.c b/src/charon/config/ike_cfg.c index 35f46a6b7..abb300aab 100644 --- a/src/charon/config/ike_cfg.c +++ b/src/charon/config/ike_cfg.c @@ -59,6 +59,11 @@ struct private_ike_cfg_t { bool certreq; /** + * enforce UDP encapsulation + */ + bool force_encap; + + /** * List of proposals to use */ linked_list_t *proposals; @@ -71,6 +76,14 @@ static bool send_certreq(private_ike_cfg_t *this) { return this->certreq; } + +/** + * Implementation of ike_cfg_t.force_encap. + */ +static bool force_encap_meth(private_ike_cfg_t *this) +{ + return this->force_encap; +} /** * Implementation of ike_cfg_t.get_my_host. @@ -201,12 +214,14 @@ static void destroy(private_ike_cfg_t *this) /** * Described in header. */ -ike_cfg_t *ike_cfg_create(bool certreq, host_t *my_host, host_t *other_host) +ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap, + host_t *my_host, host_t *other_host) { private_ike_cfg_t *this = malloc_thing(private_ike_cfg_t); /* public functions */ this->public.send_certreq = (bool(*)(ike_cfg_t*))send_certreq; + this->public.force_encap = (bool (*) (ike_cfg_t *))force_encap_meth; this->public.get_my_host = (host_t*(*)(ike_cfg_t*))get_my_host; this->public.get_other_host = (host_t*(*)(ike_cfg_t*))get_other_host; this->public.add_proposal = (void(*)(ike_cfg_t*, proposal_t*)) add_proposal; @@ -219,6 +234,7 @@ ike_cfg_t *ike_cfg_create(bool certreq, host_t *my_host, host_t *other_host) /* private variables */ this->refcount = 1; this->certreq = certreq; + this->force_encap = force_encap; this->my_host = my_host; this->other_host = other_host; diff --git a/src/charon/config/ike_cfg.h b/src/charon/config/ike_cfg.h index bcdc90d9e..5165d12a6 100644 --- a/src/charon/config/ike_cfg.h +++ b/src/charon/config/ike_cfg.h @@ -102,6 +102,14 @@ struct ike_cfg_t { bool (*send_certreq) (ike_cfg_t *this); /** + * @brief Enforce UDP encapsulation by faking NATD notifies? + * + * @param this calling object + * @return TRUE to enfoce UDP encapsulation + */ + bool (*force_encap) (ike_cfg_t *this); + + /** * @brief Get the DH group to use for IKE_SA setup. * * @param this calling object @@ -140,12 +148,14 @@ struct ike_cfg_t { * * @param name ike_cfg identifier * @param certreq TRUE to send a certificate request + * @param force_encap enforce UDP encapsulation by faking NATD notify * @param my_host host_t representing local address * @param other_host host_t representing remote address * @return ike_cfg_t object. * * @ingroup config */ -ike_cfg_t *ike_cfg_create(bool certreq, host_t *my_host, host_t *other_host); +ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap, + host_t *my_host, host_t *other_host); #endif /* IKE_CFG_H_ */ diff --git a/src/charon/config/peer_cfg.c b/src/charon/config/peer_cfg.c index 7935b9703..6733df08c 100644 --- a/src/charon/config/peer_cfg.c +++ b/src/charon/config/peer_cfg.c @@ -141,11 +141,6 @@ struct private_peer_cfg_t { bool use_mobike; /** - * enforce UDP encapsulation - */ - bool force_encap; - - /** * Time before an SA gets invalid */ u_int32_t lifetime; @@ -369,14 +364,6 @@ static bool use_mobike(private_peer_cfg_t *this) { return this->use_mobike; } - -/** - * Implementation of peer_cfg_t.force_encap. - */ -static bool force_encap_meth(private_peer_cfg_t *this) -{ - return this->force_encap; -} /** * Implements peer_cfg_t.get_dpd_delay @@ -465,7 +452,7 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg, auth_method_t auth_method, eap_type_t eap_type, u_int32_t keyingtries, u_int32_t lifetime, u_int32_t rekeytime, u_int32_t jitter, - bool reauth, bool mobike, bool force_encap, + bool reauth, bool mobike, u_int32_t dpd_delay, dpd_action_t dpd_action, host_t *my_virtual_ip, host_t *other_virtual_ip) { @@ -490,7 +477,6 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg, this->public.get_lifetime = (u_int32_t (*) (peer_cfg_t *, bool rekey))get_lifetime; this->public.use_reauth = (bool (*) (peer_cfg_t *))use_reauth; this->public.use_mobike = (bool (*) (peer_cfg_t *))use_mobike; - this->public.force_encap = (bool (*) (peer_cfg_t *))force_encap_meth; this->public.get_dpd_delay = (u_int32_t (*) (peer_cfg_t *))get_dpd_delay; this->public.get_dpd_action = (dpd_action_t (*) (peer_cfg_t *))get_dpd_action; this->public.get_my_virtual_ip = (host_t* (*) (peer_cfg_t *))get_my_virtual_ip; @@ -518,7 +504,6 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg, this->jitter = jitter; this->use_reauth = reauth; this->use_mobike = mobike; - this->force_encap = force_encap; this->dpd_delay = dpd_delay; this->dpd_action = dpd_action; this->my_virtual_ip = my_virtual_ip; diff --git a/src/charon/config/peer_cfg.h b/src/charon/config/peer_cfg.h index ecd6bcf83..ea53a80e7 100644 --- a/src/charon/config/peer_cfg.h +++ b/src/charon/config/peer_cfg.h @@ -274,14 +274,6 @@ struct peer_cfg_t { bool (*use_mobike) (peer_cfg_t *this); /** - * @brief Enforce UDP encapsulation by faking NATD notifies? - * - * @param this calling object - * @return TRUE to enfoce UDP encapsulation - */ - bool (*force_encap) (peer_cfg_t *this); - - /** * @brief Get the DPD check interval. * * @param this calling object @@ -374,7 +366,6 @@ struct peer_cfg_t { * @param jitter range of random to substract from rekeytime * @param reauth sould be done reauthentication instead of rekeying? * @param mobike use MOBIKE (RFC4555) if peer supports it - * @param force_encap enforce UDP encapsulation by faking NATD notify * @param dpd_delay after how many seconds of inactivity to check DPD * @param dpd_action what to do with CHILD_SAs when detected a dead peer * @param my_virtual_ip virtual IP for local host, or NULL @@ -390,7 +381,7 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ikev_version, ike_cfg_t *ike_cfg, auth_method_t auth_method, eap_type_t eap_type, u_int32_t keyingtries, u_int32_t lifetime, u_int32_t rekeytime, u_int32_t jitter, - bool reauth, bool mobike, bool force_encap, + bool reauth, bool mobike, u_int32_t dpd_delay, dpd_action_t dpd_action, host_t *my_virtual_ip, host_t *other_virtual_ip); |