diff -Naur strongswan-2.6.4/Makefile.inc strongswan-2.6.4-charon/Makefile.inc --- strongswan-2.6.4/Makefile.inc 2006-01-25 18:23:15.000000000 +0100 +++ strongswan-2.6.4-charon/Makefile.inc 2006-04-19 14:22:26.000000000 +0200 @@ -84,6 +84,8 @@ FINALLIBDIR=$(INC_USRLOCAL)/lib/ipsec LIBDIR=$(DESTDIR)$(FINALLIBDIR) +# sharedlibdir is where shared libraries go +SHAREDLIBDIR=$(DESTDIR)$(INC_USRLOCAL)/lib # where the appropriate manpage tree is located # location within INC_USRLOCAL @@ -284,6 +286,9 @@ # include PKCS11-based smartcard support USE_SMARTCARD?=false +# support IKEv2 via charon +USE_IKEV2?=true + # Default PKCS11 library # Uncomment this line if using OpenSC <= 0.9.6 PKCS11_DEFAULT_LIB=\"/usr/lib/pkcs11/opensc-pkcs11.so\" diff -Naur strongswan-2.6.4/programs/Makefile strongswan-2.6.4-charon/programs/Makefile --- strongswan-2.6.4/programs/Makefile 2006-01-01 16:14:08.000000000 +0100 +++ strongswan-2.6.4-charon/programs/Makefile 2006-04-19 14:22:26.000000000 +0200 @@ -32,6 +32,10 @@ SUBDIRS+=showpolicy endif +ifeq ($(USE_IKEV2),true) +SUBDIRS+=charon +endif + def: @echo "Please read doc/intro.html or INSTALL before running make" @false diff -Naur strongswan-2.6.4/programs/ipsec/ipsec.in strongswan-2.6.4-charon/programs/ipsec/ipsec.in --- strongswan-2.6.4/programs/ipsec/ipsec.in 2006-03-09 21:09:33.000000000 +0100 +++ strongswan-2.6.4-charon/programs/ipsec/ipsec.in 2006-04-19 14:22:26.000000000 +0200 @@ -123,6 +123,10 @@ down) shift $IPSEC_EXECDIR/whack --name "$1" --terminate + if test -e $IPSEC_EXECDIR/stroke + then + $IPSEC_EXECDIR/stroke down "$1" + fi exit 0 ;; listalgs|listpubkeys|listcerts|listcacerts|\ @@ -134,6 +138,10 @@ op="$1" shift $IPSEC_EXECDIR/whack "$@" "--$op" + if test -e $IPSEC_EXECDIR/stroke + then + $IPSEC_EXECDIR/stroke "$op" + fi exit 0 ;; ready) @@ -180,8 +188,16 @@ if test $# -eq 0 then $IPSEC_EXECDIR/whack "--$op" + if test -e $IPSEC_EXECDIR/stroke + then + $IPSEC_EXECDIR/stroke status + fi else $IPSEC_EXECDIR/whack --name "$1" "--$op" + if test -e $IPSEC_EXECDIR/stroke + then + $IPSEC_EXECDIR/stroke status + fi fi exit 0 ;; @@ -198,6 +214,10 @@ up) shift $IPSEC_EXECDIR/whack --name "$1" --initiate + if test -e $IPSEC_EXECDIR/stroke + then + $IPSEC_EXECDIR/stroke up "$1" + fi exit 0 ;; update) diff -Naur strongswan-2.6.4/programs/pluto/Makefile strongswan-2.6.4-charon/programs/pluto/Makefile --- strongswan-2.6.4/programs/pluto/Makefile 2006-01-25 18:22:19.000000000 +0100 +++ strongswan-2.6.4-charon/programs/pluto/Makefile 2006-04-19 14:22:26.000000000 +0200 @@ -170,6 +170,11 @@ LIBSPLUTO+= -ldl endif +# enable IKEv2 support +ifeq ($(USE_IKEV2),true) + DEFINES+= -DIKEV2 +endif + # This compile option activates the leak detective ifeq ($(USE_LEAK_DETECTIVE),true) DEFINES+= -DLEAK_DETECTIVE diff -Naur strongswan-2.6.4/programs/pluto/demux.c strongswan-2.6.4-charon/programs/pluto/demux.c --- strongswan-2.6.4/programs/pluto/demux.c 2005-02-18 22:08:59.000000000 +0100 +++ strongswan-2.6.4-charon/programs/pluto/demux.c 2006-04-19 14:22:26.000000000 +0200 @@ -1229,6 +1229,15 @@ if (md->packet_pbs.roof - md->packet_pbs.cur >= (ptrdiff_t)isakmp_hdr_desc.size) { struct isakmp_hdr *hdr = (struct isakmp_hdr *)md->packet_pbs.cur; +#ifdef IKEV2 + if ((hdr->isa_version >> ISA_MAJ_SHIFT) == 0x2 && + (hdr->isa_version & ISA_MIN_MASK) == 0x0) + { + /* IKEv2 is handled from charon, ignore */ + return; + } + else +#endif /* IKEV2 */ if ((hdr->isa_version >> ISA_MAJ_SHIFT) != ISAKMP_MAJOR_VERSION) { SEND_NOTIFICATION(INVALID_MAJOR_VERSION); diff -Naur strongswan-2.6.4/programs/starter/Makefile strongswan-2.6.4-charon/programs/starter/Makefile --- strongswan-2.6.4/programs/starter/Makefile 2006-02-17 20:34:02.000000000 +0100 +++ strongswan-2.6.4-charon/programs/starter/Makefile 2006-04-19 14:22:26.000000000 +0200 @@ -34,6 +34,11 @@ DEFINES+= -DLEAK_DETECTIVE endif +# Enable charon support +ifeq ($(USE_IKEV2),true) + DEFINES+= -DIKEV2 +endif + INCLUDES=-I${FREESWANDIR}/linux/include CFLAGS=$(DEFINES) $(INCLUDES) -Wall CFLAGS+=-DIPSEC_EXECDIR=\"${FINALLIBEXECDIR}\" -DIPSEC_CONFDDIR=\"${FINALCONFDDIR}\" @@ -46,6 +51,11 @@ starterwhack.o klips.o netkey.o interfaces.o exec.o cmp.o confread.o \ loglite.o ${PLUTO_OBJS} +# Build charon-only objs +ifeq ($(USE_IKEV2),true) + OBJS+= invokecharon.o starterstroke.o +endif + DISTSRC=$(OBJS:.o=.c) DISTSRC+=cmp.h confread.h confwrite.h exec.h files.h interfaces.h klips.h netkey.h DISTSRC+=parser.h args.h invokepluto.h starterwhack.h keywords.h keywords.txt diff -Naur strongswan-2.6.4/programs/starter/args.c strongswan-2.6.4-charon/programs/starter/args.c --- strongswan-2.6.4/programs/starter/args.c 2006-03-10 21:37:10.000000000 +0100 +++ strongswan-2.6.4-charon/programs/starter/args.c 2006-04-19 14:22:26.000000000 +0200 @@ -86,6 +86,10 @@ static const char *LST_keyexchange[] = { "ike", +#ifdef IKEV2 + "ikev1", + "ikev2", +#endif /* IKEV2 */ NULL }; diff -Naur strongswan-2.6.4/programs/starter/files.h strongswan-2.6.4-charon/programs/starter/files.h --- strongswan-2.6.4/programs/starter/files.h 2006-02-04 19:52:58.000000000 +0100 +++ strongswan-2.6.4-charon/programs/starter/files.h 2006-04-19 14:22:26.000000000 +0200 @@ -37,8 +37,15 @@ #define SECRETS_FILE IPSEC_CONFDIR"/ipsec.secrets" #define PLUTO_CMD IPSEC_EXECDIR"/pluto" -#define CTL_FILE DEFAULT_CTLBASE CTL_SUFFIX -#define PID_FILE DEFAULT_CTLBASE PID_SUFFIX +#define PLUTO_CTL_FILE DEFAULT_CTLBASE CTL_SUFFIX +#define PLUTO_PID_FILE DEFAULT_CTLBASE PID_SUFFIX + +#ifdef IKEV2 +#define CHARON_CMD IPSEC_EXECDIR"/charon" +#define CHARON_BASE "/var/run/charon" +#define CHARON_CTL_FILE CHARON_BASE CTL_SUFFIX +#define CHARON_PID_FILE CHARON_BASE PID_SUFFIX +#endif /* IKEV2 */ #define DYNIP_DIR "/var/run/dynip" #define INFO_FILE "/var/run/ipsec.info" diff -Naur strongswan-2.6.4/programs/starter/invokecharon.c strongswan-2.6.4-charon/programs/starter/invokecharon.c --- strongswan-2.6.4/programs/starter/invokecharon.c 1970-01-01 01:00:00.000000000 +0100 +++ strongswan-2.6.4-charon/programs/starter/invokecharon.c 2006-04-20 08:14:25.000000000 +0200 @@ -0,0 +1,174 @@ +/* strongSwan charon launcher + * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security + * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil + * + * Ported from invokepluto.c to fit charons needs. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * RCSID $Id: invokecharon.c $ + */ + +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "../pluto/constants.h" +#include "../pluto/defs.h" +#include "../pluto/log.h" + +#include "confread.h" +#include "invokecharon.h" +#include "files.h" + +static int _charon_pid = 0; +static int _stop_requested; + +pid_t +starter_charon_pid(void) +{ + return _charon_pid; +} + +void +starter_charon_sigchild(pid_t pid) +{ + if (pid == _charon_pid) + { + _charon_pid = 0; + if (!_stop_requested) + { + plog("charon has died -- restart scheduled (%dsec)" + , CHARON_RESTART_DELAY); + alarm(CHARON_RESTART_DELAY); // restart in 5 sec + } + unlink(CHARON_PID_FILE); + } +} + +int +starter_stop_charon (void) +{ + pid_t pid; + int i; + + pid = _charon_pid; + if (pid) + { + _stop_requested = 1; + + /* be more and more aggressive */ + for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++) + { + if (i == 0) + kill(pid, SIGINT); + else if (i < 10) + kill(pid, SIGTERM); + else + kill(pid, SIGKILL); + usleep(20000); + } + if (_charon_pid == 0) + return 0; + plog("starter_stop_charon(): can't stop charon !!!"); + return -1; + } + else + { + plog("stater_stop_charon(): charon is not started..."); + } + return -1; +} + + +int +starter_start_charon (starter_config_t *cfg, bool debug) +{ + int pid, i; + struct stat stb; + int argc = 1; + char *arg[] = { + CHARON_CMD, NULL, NULL, + }; + + if (!debug) + { + arg[argc++] = "--use-syslog"; + } + + if (_charon_pid) + { + plog("starter_start_charon(): charon already started..."); + return -1; + } + else + { + unlink(CHARON_CTL_FILE); + _stop_requested = 0; + + pid = fork(); + switch (pid) + { + case -1: + plog("can't fork(): %s", strerror(errno)); + return -1; + case 0: + /* child */ + setsid(); + sigprocmask(SIG_SETMASK, 0, NULL); + execv(arg[0], arg); + plog("can't execv(%s,...): %s", arg[0], strerror(errno)); + exit(1); + default: + /* father */ + _charon_pid = pid; + for (i = 0; i < 50 && _charon_pid; i++) + { + /* wait for charon */ + usleep(20000); + if (stat(CHARON_PID_FILE, &stb) == 0) + { + DBG(DBG_CONTROL, + DBG_log("charon (%d) started", _charon_pid) + ) + return 0; + } + } + if (_charon_pid) + { + /* If charon is started but with no ctl file, stop it */ + plog("charon too long to start... - kill kill"); + for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++) + { + if (i == 0) + kill(pid, SIGINT); + else if (i < 10) + kill(pid, SIGTERM); + else + kill(pid, SIGKILL); + usleep(20000); + } + } + else + { + plog("charon refused to be started"); + } + return -1; + } + } + return -1; +} diff -Naur strongswan-2.6.4/programs/starter/invokecharon.h strongswan-2.6.4-charon/programs/starter/invokecharon.h --- strongswan-2.6.4/programs/starter/invokecharon.h 1970-01-01 01:00:00.000000000 +0100 +++ strongswan-2.6.4-charon/programs/starter/invokecharon.h 2006-04-19 14:22:26.000000000 +0200 @@ -0,0 +1,31 @@ +/* strongSwan charon launcher + * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security + * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil + * + * Ported from invokepluto.h to fit charons needs. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * RCSID $Id: invokecharon.h $ + */ + +#ifndef _STARTER_CHARON_H_ +#define _STARTER_CHARON_H_ + +#define CHARON_RESTART_DELAY 5 + +extern void starter_charon_sigchild (pid_t pid); +extern pid_t starter_charon_pid (void); +extern int starter_stop_charon (void); +extern int starter_start_charon(struct starter_config *cfg, bool debug); + +#endif /* _STARTER_CHARON_H_ */ + diff -Naur strongswan-2.6.4/programs/starter/invokepluto.c strongswan-2.6.4-charon/programs/starter/invokepluto.c --- strongswan-2.6.4/programs/starter/invokepluto.c 2006-02-17 22:41:50.000000000 +0100 +++ strongswan-2.6.4-charon/programs/starter/invokepluto.c 2006-04-19 14:22:26.000000000 +0200 @@ -54,7 +54,7 @@ , PLUTO_RESTART_DELAY); alarm(PLUTO_RESTART_DELAY); // restart in 5 sec } - unlink(PID_FILE); + unlink(PLUTO_PID_FILE); } } @@ -203,7 +203,7 @@ } else { - unlink(CTL_FILE); + unlink(PLUTO_CTL_FILE); _stop_requested = 0; if (cfg->setup.prepluto) @@ -252,7 +252,7 @@ { /* wait for pluto */ usleep(20000); - if (stat(CTL_FILE, &stb) == 0) + if (stat(PLUTO_CTL_FILE, &stb) == 0) { DBG(DBG_CONTROL, DBG_log("pluto (%d) started", _pluto_pid) diff -Naur strongswan-2.6.4/programs/starter/starter.c strongswan-2.6.4-charon/programs/starter/starter.c --- strongswan-2.6.4/programs/starter/starter.c 2006-02-15 19:37:46.000000000 +0100 +++ strongswan-2.6.4-charon/programs/starter/starter.c 2006-04-19 14:22:26.000000000 +0200 @@ -37,6 +37,7 @@ #include "files.h" #include "starterwhack.h" #include "invokepluto.h" +#include "invokecharon.h" #include "klips.h" #include "netkey.h" #include "cmp.h" @@ -47,6 +48,9 @@ #define FLAG_ACTION_RELOAD 0x04 #define FLAG_ACTION_QUIT 0x08 #define FLAG_ACTION_LISTEN 0x10 +#ifdef IKEV2 +#define FLAG_ACTION_START_CHARON 0x20 +#endif /* IKEV2 */ static unsigned int _action_ = 0; @@ -65,6 +69,10 @@ { if (pid == starter_pluto_pid()) name = " (Pluto)"; +#ifdef IKEV2 + if (pid == starter_charon_pid()) + name = " (Charon)"; +#endif /* IKEV2 */ if (WIFSIGNALED(status)) DBG(DBG_CONTROL, DBG_log("child %d%s has been killed by sig %d\n", @@ -87,6 +95,10 @@ if (pid == starter_pluto_pid()) starter_pluto_sigchild(pid); +#ifdef IKEV2 + if (pid == starter_charon_pid()) + starter_charon_sigchild(pid); +#endif /* IKEV2 */ } } break; @@ -97,6 +109,9 @@ case SIGALRM: _action_ |= FLAG_ACTION_START_PLUTO; +#ifdef IKEV2 + _action_ |= FLAG_ACTION_START_CHARON; +#endif /* IKEV2 */ break; case SIGHUP: @@ -193,6 +208,9 @@ signal(SIGQUIT, fsig); signal(SIGALRM, fsig); signal(SIGUSR1, fsig); + + + plog("Starting strongSwan IPsec %s [starter]...", ipsec_version_code()); /* verify that we can start */ if (getuid() != 0) @@ -201,12 +219,24 @@ exit(1); } - if (stat(PID_FILE, &stb) == 0) + if (stat(PLUTO_PID_FILE, &stb) == 0) { - plog("pluto is already running (%s exists) -- aborting", PID_FILE); - exit(1); + plog("pluto is already running (%s exists) -- skipping pluto start", PLUTO_PID_FILE); } - + else + { + _action_ |= FLAG_ACTION_START_PLUTO; + } +#ifdef IKEV2 + if (stat(CHARON_PID_FILE, &stb) == 0) + { + plog("charon is already running (%s exists) -- skipping charon start", CHARON_PID_FILE); + } + else + { + _action_ |= FLAG_ACTION_START_CHARON; + } +#endif /* IKEV2 */ if (stat(DEV_RANDOM, &stb) != 0) { plog("unable to start strongSwan IPsec -- no %s!", DEV_RANDOM); @@ -247,7 +277,11 @@ last_reload = time(NULL); - plog("Starting strongSwan IPsec %s [starter]...", ipsec_version_code()); + if (stat(MY_PID_FILE, &stb) == 0) + { + plog("starter is already running (%s exists) -- no fork done", MY_PID_FILE); + exit(0); + } /* fork if we're not debugging stuff */ if (!no_fork) @@ -296,17 +330,19 @@ , &cfg->defaultroute); } - _action_ = FLAG_ACTION_START_PLUTO; - for (;;) { /* - * Stop pluto (if started) and exit - */ + * Stop pluto/charon (if started) and exit + */ if (_action_ & FLAG_ACTION_QUIT) { if (starter_pluto_pid()) starter_stop_pluto(); +#ifdef IKEV2 + if (starter_charon_pid()) + starter_stop_charon(); +#endif IKEV2 if (has_netkey) starter_netkey_cleanup(); else @@ -337,6 +373,9 @@ if (conn->state == STATE_ADDED) { starter_whack_del_conn(conn); +#ifdef IKEV2 + starter_stroke_del_conn(conn); +#endif /* IKEV2 */ conn->state = STATE_TO_ADD; } } @@ -427,6 +466,9 @@ { if (conn->state == STATE_ADDED) starter_whack_del_conn(conn); +#ifdef IKEV2 + starter_stroke_del_conn(conn); +#endif /* IKEV2 */ } /* Look for new ca sections that are already loaded */ @@ -502,6 +544,27 @@ conn->state = STATE_TO_ADD; } } + +#ifdef IKEV2 + /* + * Start charon + */ + if (_action_ & FLAG_ACTION_START_CHARON) + { + if (starter_charon_pid() == 0) + { + DBG(DBG_CONTROL, + DBG_log("Attempting to start charon...") + ) + if (starter_start_charon(cfg, no_fork) != 0) + { + /* schedule next try */ + alarm(PLUTO_RESTART_DELAY); + } + } + _action_ &= ~FLAG_ACTION_START_CHARON; + } +#endif /* IKEV2 */ /* * Tell pluto to reread its interfaces @@ -536,11 +599,36 @@ conn->id = id++; } starter_whack_add_conn(conn); +#ifdef IKEV2 + starter_stroke_add_conn(conn); +#endif /* IKEV2 */ conn->state = STATE_ADDED; if (conn->startup == STARTUP_START) - starter_whack_initiate_conn(conn); + { +#ifdef IKEV2 + if (conn->keyexchange == 2) + { + starter_stroke_initiate_conn(conn); + } + else +#endif /* IKEV2 */ + { + starter_whack_initiate_conn(conn); + } + } else if (conn->startup == STARTUP_ROUTE) - starter_whack_route_conn(conn); + { +#ifdef IKEV2 + if (conn->keyexchange == 2) + { + starter_stroke_route_conn(conn); + } + else +#endif /* IKEV2 */ + { + starter_whack_route_conn(conn); + } + } } } } diff -Naur strongswan-2.6.4/programs/starter/starterstroke.c strongswan-2.6.4-charon/programs/starter/starterstroke.c --- strongswan-2.6.4/programs/starter/starterstroke.c 1970-01-01 01:00:00.000000000 +0100 +++ strongswan-2.6.4-charon/programs/starter/starterstroke.c 2006-04-19 14:28:33.000000000 +0200 @@ -0,0 +1,161 @@ +/* Stroke for charon is the counterpart to whack from pluto + * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * RCSID $Id: starterstroke.c $ + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "../pluto/constants.h" +#include "../pluto/defs.h" +#include "../pluto/log.h" + +#include "../charon/stroke/stroke.h" + +#include "starterstroke.h" +#include "confread.h" +#include "files.h" + +static char* push_string(stroke_msg_t **strm, char *string) +{ + stroke_msg_t *stroke_msg; + size_t string_length; + + if (string == NULL) + { + return NULL; + } + stroke_msg = *strm; + string_length = strlen(string) + 1; + stroke_msg->length += string_length; + + stroke_msg = realloc(stroke_msg, stroke_msg->length); + strcpy((char*)stroke_msg + stroke_msg->length - string_length, string); + + *strm = stroke_msg; + return (char*)(u_int)stroke_msg->length - string_length; +} + +static int +send_stroke_msg (stroke_msg_t *msg) +{ + struct sockaddr_un ctl_addr = { AF_UNIX, CHARON_CTL_FILE }; + int sock; + + sock = socket(AF_UNIX, SOCK_STREAM, 0); + if (sock < 0) + { + plog("socket() failed: %s", strerror(errno)); + return -1; + } + if (connect(sock, (struct sockaddr *)&ctl_addr, + offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0) + { + plog("connect(charon_ctl) failed: %s", strerror(errno)); + close(sock); + return -1; + } + + /* send message */ + if (write(sock, msg, msg->length) != msg->length) + { + plog("write(charon_ctl) failed: %s", strerror(errno)); + close(sock); + return -1; + } + + close(sock); + return 0; +} + +static char * +connection_name(starter_conn_t *conn) +{ + /* if connection name is '%auto', create a new name like conn_xxxxx */ + static char buf[32]; + + if (streq(conn->name, "%auto")) + { + sprintf(buf, "conn_%ld", conn->id); + return buf; + } + return conn->name; +} + + +int starter_stroke_add_conn(starter_conn_t *conn) +{ + stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); + int res; + + msg->length = sizeof(stroke_msg_t); + msg->type = STR_ADD_CONN; + + msg->add_conn.name = push_string(&msg, connection_name(conn)); + + msg->add_conn.me.id = push_string(&msg, conn->left.id); + msg->add_conn.me.cert = push_string(&msg, conn->left.cert); + msg->add_conn.me.address = push_string(&msg, inet_ntoa(conn->left.addr.u.v4.sin_addr)); + msg->add_conn.me.subnet = push_string(&msg, inet_ntoa(conn->left.subnet.addr.u.v4.sin_addr)); + msg->add_conn.me.subnet_mask = conn->left.subnet.maskbits; + + msg->add_conn.other.id = push_string(&msg, conn->right.id); + msg->add_conn.other.cert = push_string(&msg, conn->right.cert); + msg->add_conn.other.address = push_string(&msg, inet_ntoa(conn->right.addr.u.v4.sin_addr)); + msg->add_conn.other.subnet = push_string(&msg, inet_ntoa(conn->right.subnet.addr.u.v4.sin_addr)); + msg->add_conn.other.subnet_mask = conn->right.subnet.maskbits; + + res = send_stroke_msg(msg); + free(msg); + return res; +} + +int starter_stroke_del_conn(starter_conn_t *conn) +{ + return 0; +} +int starter_stroke_route_conn(starter_conn_t *conn) +{ + stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); + int res; + + msg->length = sizeof(stroke_msg_t); + msg->type = STR_INSTALL; + msg->install.name = push_string(&msg, connection_name(conn)); + res = send_stroke_msg(msg); + free(msg); + return res; +} + +int starter_stroke_initiate_conn(starter_conn_t *conn) +{ + stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); + int res; + + msg->length = sizeof(stroke_msg_t); + msg->type = STR_INITIATE; + msg->initiate.name = push_string(&msg, connection_name(conn)); + res = send_stroke_msg(msg); + free(msg); + return res; +} diff -Naur strongswan-2.6.4/programs/starter/starterstroke.h strongswan-2.6.4-charon/programs/starter/starterstroke.h --- strongswan-2.6.4/programs/starter/starterstroke.h 1970-01-01 01:00:00.000000000 +0100 +++ strongswan-2.6.4-charon/programs/starter/starterstroke.h 2006-04-19 14:22:26.000000000 +0200 @@ -0,0 +1,27 @@ +/* Stroke for charon is the counterpart to whack from pluto + * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * RCSID $Id: starterstroke.h $ + */ + +#ifndef _STARTER_STROKE_H_ +#define _STARTER_STROKE_H_ + +#include "confread.h" + +extern int starter_stroke_add_conn(starter_conn_t *conn); +extern int starter_stroke_del_conn(starter_conn_t *conn); +extern int starter_stroke_route_conn(starter_conn_t *conn); +extern int starter_stroke_initiate_conn(starter_conn_t *conn); + +#endif /* _STARTER_STROKE_H_ */ diff -Naur strongswan-2.6.4/programs/starter/starterwhack.c strongswan-2.6.4-charon/programs/starter/starterwhack.c --- strongswan-2.6.4/programs/starter/starterwhack.c 2006-02-08 21:56:07.000000000 +0100 +++ strongswan-2.6.4-charon/programs/starter/starterwhack.c 2006-04-19 14:22:26.000000000 +0200 @@ -54,7 +54,7 @@ static int send_whack_msg (whack_message_t *msg) { - struct sockaddr_un ctl_addr = { AF_UNIX, CTL_FILE }; + struct sockaddr_un ctl_addr = { AF_UNIX, PLUTO_CTL_FILE }; int sock; ssize_t len; char *str_next, *str_roof;