diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/charon/config/ike_cfg.c | 28 | ||||
| -rw-r--r-- | src/charon/config/ike_cfg.h | 18 | ||||
| -rw-r--r-- | src/charon/plugins/load_tester/load_tester_config.c | 3 | ||||
| -rw-r--r-- | src/charon/plugins/medcli/medcli_config.c | 6 | ||||
| -rw-r--r-- | src/charon/plugins/medsrv/medsrv_config.c | 3 | ||||
| -rw-r--r-- | src/charon/plugins/nm/nm_service.c | 3 | ||||
| -rw-r--r-- | src/charon/plugins/sql/sql_config.c | 3 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_config.c | 8 | ||||
| -rw-r--r-- | src/charon/plugins/uci/uci_config.c | 6 |
9 files changed, 64 insertions, 14 deletions
diff --git a/src/charon/config/ike_cfg.c b/src/charon/config/ike_cfg.c index bb0fd87fd..b486d576f 100644 --- a/src/charon/config/ike_cfg.c +++ b/src/charon/config/ike_cfg.c @@ -49,6 +49,16 @@ struct private_ike_cfg_t { char *other; /** + * our source port + */ + u_int16_t my_port; + + /** + * destination port + */ + u_int16_t other_port; + + /** * should we send a certificate request? */ bool certreq; @@ -88,6 +98,18 @@ METHOD(ike_cfg_t, get_other_addr, char*, return this->other; } +METHOD(ike_cfg_t, get_my_port, u_int16_t, + private_ike_cfg_t *this) +{ + return this->my_port; +} + +METHOD(ike_cfg_t, get_other_port, u_int16_t, + private_ike_cfg_t *this) +{ + return this->other_port; +} + METHOD(ike_cfg_t, add_proposal, void, private_ike_cfg_t *this, proposal_t *proposal) { @@ -236,7 +258,7 @@ METHOD(ike_cfg_t, destroy, void, * Described in header. */ ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap, - char *me, char *other) + char *me, u_int16_t my_port, char *other, u_int16_t other_port) { private_ike_cfg_t *this; @@ -246,6 +268,8 @@ ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap, .force_encap = _force_encap_, .get_my_addr = _get_my_addr, .get_other_addr = _get_other_addr, + .get_my_port = _get_my_port, + .get_other_port = _get_other_port, .add_proposal = _add_proposal, .get_proposals = _get_proposals, .select_proposal = _select_proposal, @@ -259,6 +283,8 @@ ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap, .force_encap = force_encap, .me = strdup(me), .other = strdup(other), + .my_port = my_port, + .other_port = other_port, .proposals = linked_list_create(), ); diff --git a/src/charon/config/ike_cfg.h b/src/charon/config/ike_cfg.h index eaac321b9..f1edde255 100644 --- a/src/charon/config/ike_cfg.h +++ b/src/charon/config/ike_cfg.h @@ -53,6 +53,20 @@ struct ike_cfg_t { char* (*get_other_addr) (ike_cfg_t *this); /** + * Get the port to use as our source port. + * + * @return source address port, host order + */ + u_int16_t (*get_my_port)(ike_cfg_t *this); + + /** + * Get the port to use as destination port. + * + * @return destination address, host order + */ + u_int16_t (*get_other_port)(ike_cfg_t *this); + + /** * Adds a proposal to the list. * * The first added proposal has the highest priority, the last @@ -136,10 +150,12 @@ struct ike_cfg_t { * @param certreq TRUE to send a certificate request * @param force_encap enforce UDP encapsulation by faking NATD notify * @param me address/DNS name of local peer + * @param my_port IKE port to use as source, 500 uses IKEv2 port floating * @param other address/DNS name of remote peer + * @param other_port IKE port to use as dest, 500 uses IKEv2 port floating * @return ike_cfg_t object. */ ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap, - char *me, char *other); + char *me, u_int16_t my_port, char *other, u_int16_t other_port); #endif /** IKE_CFG_H_ @}*/ diff --git a/src/charon/plugins/load_tester/load_tester_config.c b/src/charon/plugins/load_tester/load_tester_config.c index 82f408d45..bb9eabf47 100644 --- a/src/charon/plugins/load_tester/load_tester_config.c +++ b/src/charon/plugins/load_tester/load_tester_config.c @@ -189,7 +189,8 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) } }; - ike_cfg = ike_cfg_create(FALSE, FALSE, "0.0.0.0", this->remote); + ike_cfg = ike_cfg_create(FALSE, FALSE, + "0.0.0.0", IKEV2_UDP_PORT, this->remote, IKEV2_UDP_PORT); ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal)); peer_cfg = peer_cfg_create("load-test", 2, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO, 1, /* keytries */ diff --git a/src/charon/plugins/medcli/medcli_config.c b/src/charon/plugins/medcli/medcli_config.c index 2e49ebbf7..e355d55f7 100644 --- a/src/charon/plugins/medcli/medcli_config.c +++ b/src/charon/plugins/medcli/medcli_config.c @@ -120,7 +120,8 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam DESTROY_IF(e); return NULL; } - ike_cfg = ike_cfg_create(FALSE, FALSE, "0.0.0.0", address); + ike_cfg = ike_cfg_create(FALSE, FALSE, + "0.0.0.0", IKEV2_UDP_PORT, address, IKEV2_UDP_PORT); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); med_cfg = peer_cfg_create( "mediation", 2, ike_cfg, @@ -395,7 +396,8 @@ medcli_config_t *medcli_config_create(database_t *db) this->db = db; this->rekey = lib->settings->get_time(lib->settings, "medcli.rekey", 1200); this->dpd = lib->settings->get_time(lib->settings, "medcli.dpd", 300); - this->ike = ike_cfg_create(FALSE, FALSE, "0.0.0.0", "0.0.0.0"); + this->ike = ike_cfg_create(FALSE, FALSE, + "0.0.0.0", IKEV2_UDP_PORT, "0.0.0.0", IKEV2_UDP_PORT); this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE)); schedule_autoinit(this); diff --git a/src/charon/plugins/medsrv/medsrv_config.c b/src/charon/plugins/medsrv/medsrv_config.c index 3df720967..c23955ad0 100644 --- a/src/charon/plugins/medsrv/medsrv_config.c +++ b/src/charon/plugins/medsrv/medsrv_config.c @@ -145,7 +145,8 @@ medsrv_config_t *medsrv_config_create(database_t *db) this->db = db; this->rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200); this->dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300); - this->ike = ike_cfg_create(FALSE, FALSE, "0.0.0.0", "0.0.0.0"); + this->ike = ike_cfg_create(FALSE, FALSE, + "0.0.0.0", IKEV2_UDP_PORT, "0.0.0.0", IKEV2_UDP_PORT); this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE)); return &this->public; diff --git a/src/charon/plugins/nm/nm_service.c b/src/charon/plugins/nm/nm_service.c index b05383c2b..cdf7dc962 100644 --- a/src/charon/plugins/nm/nm_service.c +++ b/src/charon/plugins/nm/nm_service.c @@ -423,7 +423,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, /** * Set up configurations */ - ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", (char*)address); + ike_cfg = ike_cfg_create(TRUE, encap, + "0.0.0.0", IKEV2_UDP_PORT, (char*)address, IKEV2_UDP_PORT); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); peer_cfg = peer_cfg_create(priv->name, 2, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */ diff --git a/src/charon/plugins/sql/sql_config.c b/src/charon/plugins/sql/sql_config.c index afee0896c..23366898a 100644 --- a/src/charon/plugins/sql/sql_config.c +++ b/src/charon/plugins/sql/sql_config.c @@ -182,7 +182,8 @@ static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e, { ike_cfg_t *ike_cfg; - ike_cfg = ike_cfg_create(certreq, force_encap, local, remote); + ike_cfg = ike_cfg_create(certreq, force_encap, + local, IKEV2_UDP_PORT, remote, IKEV2_UDP_PORT); /* TODO: read proposal from db */ ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); return ike_cfg; diff --git a/src/charon/plugins/stroke/stroke_config.c b/src/charon/plugins/stroke/stroke_config.c index 0752f3c93..bfb39008e 100644 --- a/src/charon/plugins/stroke/stroke_config.c +++ b/src/charon/plugins/stroke/stroke_config.c @@ -233,8 +233,8 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg } ike_cfg = ike_cfg_create(msg->add_conn.other.sendcert != CERT_NEVER_SEND, msg->add_conn.force_encap, - msg->add_conn.me.address, - msg->add_conn.other.address); + msg->add_conn.me.address, IKEV2_UDP_PORT, + msg->add_conn.other.address, IKEV2_UDP_PORT); add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, NULL); return ike_cfg; } @@ -697,7 +697,7 @@ static void add_ts(private_stroke_config_t *this, if (!end->subnets) { - net = host_create_from_string(end->address, IKEV2_UDP_PORT); + net = host_create_from_string(end->address, 0); if (net) { ts = traffic_selector_create_from_subnet(net, 0, end->protocol, @@ -726,7 +726,7 @@ static void add_ts(private_stroke_config_t *this, intbits = atoi(bits + 1); } - net = host_create_from_string(start, IKEV2_UDP_PORT); + net = host_create_from_string(start, 0); if (net) { ts = traffic_selector_create_from_subnet(net, intbits, diff --git a/src/charon/plugins/uci/uci_config.c b/src/charon/plugins/uci/uci_config.c index a6ee970ad..bd58afbf0 100644 --- a/src/charon/plugins/uci/uci_config.c +++ b/src/charon/plugins/uci/uci_config.c @@ -170,7 +170,8 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) &ike_proposal, &esp_proposal, &ike_rekey, &esp_rekey)) { DESTROY_IF(this->peer_cfg); - ike_cfg = ike_cfg_create(FALSE, FALSE, local_addr, remote_addr); + ike_cfg = ike_cfg_create(FALSE, FALSE, + local_addr, IKEV2_UDP_PORT, remote_addr, IKEV2_UDP_PORT); ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE)); this->peer_cfg = peer_cfg_create( name, 2, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO, @@ -268,7 +269,8 @@ static bool ike_enumerator_enumerate(ike_enumerator_t *this, ike_cfg_t **cfg) &local_addr, &remote_addr, &ike_proposal)) { DESTROY_IF(this->ike_cfg); - this->ike_cfg = ike_cfg_create(FALSE, FALSE, local_addr, remote_addr); + this->ike_cfg = ike_cfg_create(FALSE, FALSE, local_addr, IKEV2_UDP_PORT, + remote_addr, IKEV2_UDP_PORT); this->ike_cfg->add_proposal(this->ike_cfg, create_proposal(ike_proposal, PROTO_IKE)); |