diff options
Diffstat (limited to 'src/starter')
| -rw-r--r-- | src/starter/args.c | 9 | ||||
| -rw-r--r-- | src/starter/confread.c | 3 | ||||
| -rw-r--r-- | src/starter/confread.h | 11 | ||||
| -rw-r--r-- | src/starter/starterstroke.c | 2 |
4 files changed, 18 insertions, 7 deletions
diff --git a/src/starter/args.c b/src/starter/args.c index ad73a1635..390062a99 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -108,6 +108,13 @@ static const char *LST_authby[] = { NULL }; +static const char *LST_fragmentation[] = { + "no", + "yes", + "force", + NULL +}; + typedef struct { arg_t type; size_t offset; @@ -138,7 +145,7 @@ static const token_info_t token_info[] = { ARG_STR, offsetof(starter_conn_t, aaa_identity), NULL }, { ARG_MISC, 0, NULL /* KW_MOBIKE */ }, { ARG_MISC, 0, NULL /* KW_FORCEENCAPS */ }, - { ARG_MISC, 0, NULL /* KW_FRAGMENTATION */ }, + { ARG_ENUM, offsetof(starter_conn_t, fragmentation), LST_fragmentation }, { ARG_TIME, offsetof(starter_conn_t, sa_ike_life_seconds), NULL }, { ARG_TIME, offsetof(starter_conn_t, sa_ipsec_life_seconds), NULL }, { ARG_TIME, offsetof(starter_conn_t, sa_rekey_margin), NULL }, diff --git a/src/starter/confread.c b/src/starter/confread.c index dfe7e2c89..fecb998df 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -567,9 +567,6 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg case KW_FORCEENCAPS: KW_SA_OPTION_FLAG("yes", "no", SA_OPTION_FORCE_ENCAP) break; - case KW_FRAGMENTATION: - KW_SA_OPTION_FLAG("yes", "no", SA_OPTION_FRAGMENTATION) - break; case KW_MODECONFIG: KW_SA_OPTION_FLAG("push", "pull", SA_OPTION_MODECFG_PUSH) break; diff --git a/src/starter/confread.h b/src/starter/confread.h index 5e0e0f255..a0f6234f9 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -50,7 +50,7 @@ typedef enum { typedef enum { STRICT_NO, STRICT_YES, - STRICT_IFURI + STRICT_IFURI, } strict_t; typedef enum { @@ -70,6 +70,13 @@ typedef enum { } dpd_action_t; typedef enum { + /* same as in ike_cfg.h */ + FRAGMENTATION_NO, + FRAGMENTATION_YES, + FRAGMENTATION_FORCE, +} fragmentation_t; + +typedef enum { /* IPsec options */ SA_OPTION_AUTHENTICATE = 1 << 0, /* use AH instead of ESP? */ SA_OPTION_COMPRESS = 1 << 1, /* use IPComp */ @@ -81,7 +88,6 @@ typedef enum { SA_OPTION_XAUTH_SERVER = 1 << 5, /* are we an XAUTH server? */ SA_OPTION_MOBIKE = 1 << 6, /* enable MOBIKE for IKEv2 */ SA_OPTION_FORCE_ENCAP = 1 << 7, /* force UDP encapsulation */ - SA_OPTION_FRAGMENTATION = 1 << 8, /* enable IKEv1 fragmentation */ } sa_option_t; typedef struct starter_end starter_end_t; @@ -141,6 +147,7 @@ struct starter_conn { char *authby; ipsec_mode_t mode; bool proxy_mode; + fragmentation_t fragmentation; sa_option_t options; time_t sa_ike_life_seconds; time_t sa_ipsec_life_seconds; diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index 41288531d..4f9e8fb14 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -180,7 +180,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) } msg.add_conn.mobike = conn->options & SA_OPTION_MOBIKE; msg.add_conn.force_encap = conn->options & SA_OPTION_FORCE_ENCAP; - msg.add_conn.fragmentation = conn->options & SA_OPTION_FRAGMENTATION; + msg.add_conn.fragmentation = conn->fragmentation; msg.add_conn.ipcomp = conn->options & SA_OPTION_COMPRESS; msg.add_conn.install_policy = conn->install_policy; msg.add_conn.aggressive = conn->aggressive; |