aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/libcharon/config/child_cfg.c16
-rw-r--r--src/libcharon/config/child_cfg.h10
-rw-r--r--src/libcharon/plugins/android/android_service.c2
-rw-r--r--src/libcharon/plugins/ha/ha_tunnel.c2
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_config.c2
-rw-r--r--src/libcharon/plugins/maemo/maemo_service.c2
-rw-r--r--src/libcharon/plugins/medcli/medcli_config.c4
-rw-r--r--src/libcharon/plugins/nm/nm_service.c2
-rw-r--r--src/libcharon/plugins/sql/sql_config.c2
-rw-r--r--src/libcharon/plugins/stroke/stroke_config.c2
-rw-r--r--src/libcharon/plugins/uci/uci_config.c2
-rw-r--r--src/libcharon/sa/child_sa.c2
12 files changed, 36 insertions, 12 deletions
diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c
index 070b35aba..8ca322484 100644
--- a/src/libcharon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
@@ -123,6 +123,12 @@ struct private_child_cfg_t {
* Optional mark to install outbound CHILD_SA with
*/
mark_t mark_out;
+
+ /**
+ * Traffic Flow Confidentiality padding, if enabled
+ */
+ u_int32_t tfc;
+
/**
* set up IPsec transport SA in MIPv6 proxy mode
*/
@@ -441,6 +447,12 @@ METHOD(child_cfg_t, get_mark, mark_t,
return inbound ? this->mark_in : this->mark_out;
}
+METHOD(child_cfg_t, get_tfc, u_int32_t,
+ private_child_cfg_t *this)
+{
+ return this->tfc;
+}
+
METHOD(child_cfg_t, set_mipv6_options, void,
private_child_cfg_t *this, bool proxy_mode, bool install_policy)
{
@@ -492,7 +504,7 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
ipsec_mode_t mode, action_t start_action,
action_t dpd_action, action_t close_action,
bool ipcomp, u_int32_t inactivity, u_int32_t reqid,
- mark_t *mark_in, mark_t *mark_out)
+ mark_t *mark_in, mark_t *mark_out, u_int32_t tfc)
{
private_child_cfg_t *this;
@@ -517,6 +529,7 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
.get_inactivity = _get_inactivity,
.get_reqid = _get_reqid,
.get_mark = _get_mark,
+ .get_tfc = _get_tfc,
.use_proxy_mode = _use_proxy_mode,
.install_policy = _install_policy,
.get_ref = _get_ref,
@@ -538,6 +551,7 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
.proposals = linked_list_create(),
.my_ts = linked_list_create(),
.other_ts = linked_list_create(),
+ .tfc = tfc,
);
if (mark_in)
diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h
index 1f0c9c826..175ced76c 100644
--- a/src/libcharon/config/child_cfg.h
+++ b/src/libcharon/config/child_cfg.h
@@ -228,6 +228,13 @@ struct child_cfg_t {
mark_t (*get_mark)(child_cfg_t *this, bool inbound);
/**
+ * Get the TFC padding value to use for CHILD_SA.
+ *
+ * @return TFC padding, 0 to disable, -1 for MTU
+ */
+ u_int32_t (*get_tfc)(child_cfg_t *this);
+
+ /**
* Sets two options needed for Mobile IPv6 interoperability
*
* @param proxy_mode use IPsec transport proxy mode (default FALSE)
@@ -292,6 +299,7 @@ struct child_cfg_t {
* @param reqid specific reqid to use for CHILD_SA, 0 for auto assign
* @param mark_in optional inbound mark (can be NULL)
* @param mark_out optional outbound mark (can be NULL)
+ * @param tfc TFC padding size, 0 to disable, -1 to pad to PMTU
* @return child_cfg_t object
*/
child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
@@ -299,6 +307,6 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
ipsec_mode_t mode, action_t start_action,
action_t dpd_action, action_t close_action,
bool ipcomp, u_int32_t inactivity, u_int32_t reqid,
- mark_t *mark_in, mark_t *mark_out);
+ mark_t *mark_in, mark_t *mark_out, u_int32_t tfc);
#endif /** CHILD_CFG_H_ @}*/
diff --git a/src/libcharon/plugins/android/android_service.c b/src/libcharon/plugins/android/android_service.c
index 1a68ff968..487567f2a 100644
--- a/src/libcharon/plugins/android/android_service.c
+++ b/src/libcharon/plugins/android/android_service.c
@@ -292,7 +292,7 @@ static job_requeue_t initiate(private_android_service_t *this)
child_cfg = child_cfg_create("android", &lifetime, NULL, TRUE, MODE_TUNNEL,
ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
- 0, 0, NULL, NULL);
+ 0, 0, NULL, NULL, 0);
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
ts = traffic_selector_create_dynamic(0, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c
index 4accdfbf7..299053ec1 100644
--- a/src/libcharon/plugins/ha/ha_tunnel.c
+++ b/src/libcharon/plugins/ha/ha_tunnel.c
@@ -224,7 +224,7 @@ static void setup_tunnel(private_ha_tunnel_t *this,
child_cfg = child_cfg_create("ha", &lifetime, NULL, TRUE, MODE_TRANSPORT,
ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
- 0, 0, NULL, NULL);
+ 0, 0, NULL, NULL, 0);
ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535);
diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c
index 4fe5cf518..71391d593 100644
--- a/src/libcharon/plugins/load_tester/load_tester_config.c
+++ b/src/libcharon/plugins/load_tester/load_tester_config.c
@@ -225,7 +225,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
child_cfg = child_cfg_create("load-test", &lifetime, NULL, TRUE, MODE_TUNNEL,
ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
- 0, 0, NULL, NULL);
+ 0, 0, NULL, NULL, 0);
proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1");
child_cfg->add_proposal(child_cfg, proposal);
ts = traffic_selector_create_dynamic(0, 0, 65535);
diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c
index 8463f8a56..1a1727b3d 100644
--- a/src/libcharon/plugins/maemo/maemo_service.c
+++ b/src/libcharon/plugins/maemo/maemo_service.c
@@ -347,7 +347,7 @@ static gboolean initiate_connection(private_maemo_service_t *this,
child_cfg = child_cfg_create(this->current, &lifetime, NULL /* updown */,
TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE,
- ACTION_NONE, FALSE, 0, 0, NULL, NULL);
+ ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0);
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
ts = traffic_selector_create_dynamic(0, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c
index 67f1c7190..b5672dba9 100644
--- a/src/libcharon/plugins/medcli/medcli_config.c
+++ b/src/libcharon/plugins/medcli/medcli_config.c
@@ -183,7 +183,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
- 0, 0, NULL, NULL);
+ 0, 0, NULL, NULL, 0);
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
@@ -262,7 +262,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
- 0, 0, NULL, NULL);
+ 0, 0, NULL, NULL, 0);
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
diff --git a/src/libcharon/plugins/nm/nm_service.c b/src/libcharon/plugins/nm/nm_service.c
index 44b5f0c98..4300b57cf 100644
--- a/src/libcharon/plugins/nm/nm_service.c
+++ b/src/libcharon/plugins/nm/nm_service.c
@@ -519,7 +519,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
child_cfg = child_cfg_create(priv->name, &lifetime,
NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */
ACTION_NONE, ACTION_NONE, ACTION_NONE, ipcomp,
- 0, 0, NULL, NULL);
+ 0, 0, NULL, NULL, 0);
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
ts = traffic_selector_create_dynamic(0, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c
index 82ff36a82..dc016012c 100644
--- a/src/libcharon/plugins/sql/sql_config.c
+++ b/src/libcharon/plugins/sql/sql_config.c
@@ -174,7 +174,7 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e)
};
child_cfg = child_cfg_create(name, &lft, updown, hostaccess, mode,
start, dpd, close, ipcomp, 0, reqid,
- NULL, NULL);
+ NULL, NULL, 0);
add_esp_proposals(this, child_cfg, id);
add_traffic_selectors(this, child_cfg, id);
return child_cfg;
diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index 00fbabde8..0f55e5107 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -801,7 +801,7 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
msg->add_conn.me.updown, msg->add_conn.me.hostaccess,
msg->add_conn.mode, ACTION_NONE, dpd, dpd, msg->add_conn.ipcomp,
msg->add_conn.inactivity, msg->add_conn.reqid,
- &mark_in, &mark_out);
+ &mark_in, &mark_out, 0);
child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode,
msg->add_conn.install_policy);
add_ts(this, &msg->add_conn.me, child_cfg, TRUE);
diff --git a/src/libcharon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c
index f16da22bc..4e43388ec 100644
--- a/src/libcharon/plugins/uci/uci_config.c
+++ b/src/libcharon/plugins/uci/uci_config.c
@@ -197,7 +197,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
ACTION_NONE, ACTION_NONE, ACTION_NONE,
- FALSE, 0, 0, NULL, NULL);
+ FALSE, 0, 0, NULL, NULL, 0);
child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP));
child_cfg->add_traffic_selector(child_cfg, TRUE, create_ts(local_net));
child_cfg->add_traffic_selector(child_cfg, FALSE, create_ts(remote_net));
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index 47518d6ad..4110815bc 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -591,6 +591,8 @@ METHOD(child_sa_t, install, status_t,
dst = this->other_addr;
this->other_spi = spi;
this->other_cpi = cpi;
+
+ tfc = this->config->get_tfc(this->config);
}
DBG2(DBG_CHD, "adding %s %N SA", inbound ? "inbound" : "outbound",
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-19 11:53:14 +0000