Changeset 4612

Timestamp:

11/11/08 07:37:37 (2 months ago)

Author:

andreas

Message:

preliminary support of Mobile IPv6

Files:

• trunk/src/charon/config/peer_cfg.c (modified) (3 diffs)
• trunk/src/charon/plugins/stroke/stroke_config.c (modified) (1 diff)
• trunk/src/charon/processing/jobs/migrate_job.c (modified) (1 diff)
• trunk/src/charon/sa/child_sa.c (modified) (6 diffs)
• trunk/src/charon/sa/child_sa.h (modified) (1 diff)
• trunk/src/charon/sa/ike_sa.c (modified) (11 diffs)
• trunk/src/charon/sa/ike_sa.h (modified) (1 diff)
• trunk/src/charon/sa/tasks/child_create.c (modified) (1 diff)
• trunk/src/pluto/constants.c (modified) (1 diff)
• trunk/src/pluto/constants.h (modified) (1 diff)
• trunk/src/starter/args.c (modified) (1 diff)
• trunk/src/starter/confread.c (modified) (5 diffs)
• trunk/src/starter/confread.h (modified) (1 diff)
• trunk/src/starter/keywords.h (modified) (1 diff)
• trunk/src/starter/keywords.txt (modified) (1 diff)
• trunk/src/starter/starterstroke.c (modified) (3 diffs)
• trunk/src/stroke/stroke_msg.h (modified) (1 diff)

trunk/src/charon/config/peer_cfg.c

@@ -22 +22 @@
-#include "peer_cfg.h"
-
+#include <daemon.h>
+
-#include <utils/mutex.h>
-#include <utils/linked_list.h>
@@ -229 +231 @@
- * Check if child_cfg contains traffic selectors
- */
-bool
+int
-                        host_t *host)
-{
-    linked_list_t *selected;
-
-
+
+
+
+
+
+
-    selected = child->get_traffic_selectors(child, mine, ts, host);
-contains = selected->get_count(selected)
+prio = selected->get_count(selected) ? 1 : 0
-    selected->destroy_offset(selected, offsetof(traffic_selector_t, destroy));
-contains
+prio
-}
-
@@ -251 +257 @@
-    child_cfg_t *current, *found = NULL;
-    enumerator_t *enumerator;
-
+
+
+
-    enumerator = create_child_cfg_enumerator(this);
-    while (enumerator->enumerate(enumerator, &current))
-    {
-
-
+
+
+
+
-        {
-
-
+
+
+
+
+
+
+
+
-        }
-    }
-    enumerator->destroy(enumerator);
+    if (found)
+    {
+        DBG2(DBG_CFG, "found matching child config \"%s\" with prio %d",
+             found->get_name(found), best);
+    }
-    return found;
-}

trunk/src/charon/plugins/stroke/stroke_config.c

@@ -776 +776 @@
-                msg->add_conn.me.updown, msg->add_conn.me.hostaccess,
-                msg->add_conn.mode, dpd, dpd, msg->add_conn.ipcomp);
-
+
+
-    add_ts(this, &msg->add_conn.me, child_cfg, TRUE);
-    add_ts(this, &msg->add_conn.other, child_cfg, FALSE);

trunk/src/charon/processing/jobs/migrate_job.c

@@ -84 +84 @@
-                                                        this->reqid, TRUE);
-    }
- == NULL
+
-    {
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
-    }
-    else
-    {
-
-
-
-
-
-
-
-
-
+
-    }
-    charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
-    destroy(this);
-}

trunk/src/charon/sa/child_sa.c

@@ -156 +156 @@
-
-/**
-y_
+e
- */
-static char *get_name(private_child_sa_t *this)
@@ -335 +335 @@
-                last_use = max(last_use, in);
-            }
-
+
+
+
-                                other_ts, my_ts, POLICY_FWD, &fwd) == SUCCESS)
-
-
+
+
+
-            }
-        }
@@ -596 +599 @@
-        this->protocol = proto;
-    }
-
+
-    /* apply traffic selectors */
-    enumerator = my_ts_list->create_enumerator(my_ts_list);
@@ -611 +614 @@
-    enumerator->destroy(enumerator);
-    
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
-        
-
-
-
+   
+   
+   
-        
-
+
+
+
-                this->other_addr, this->my_addr, other_ts, my_ts, POLICY_FWD,
-                this->protocol, this->reqid, high_prio, mode, this->ipcomp);
+            }
-        
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
-    if (status == SUCCESS)
-    {
@@ -695 +704 @@
-            this->protocol, this->my_addr, this->other_addr, me, other, encap);
-    
-
-
-
-
-
-
+
+
+
+
+
+
+
+
-        
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-        enumerator = create_policy_enumerator(this);
-        while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
-        {
-            /* remove old policies first */
-            charon->kernel_interface->del_policy(charon->kernel_interface,
-                                                 my_ts, other_ts, POLICY_OUT);
-            charon->kernel_interface->del_policy(charon->kernel_interface,
-
-
+
+
+
+
-                                                 other_ts, my_ts, POLICY_FWD);
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
-        }
-        enumerator->destroy(enumerator);
-    }
-
-    /* apply hosts */
-    if (!me->equals(me, this->my_addr))
-    {
-        this->my_addr->destroy(this->my_addr);
-        this->my_addr = me->clone(me);
-    }
-    if (!other->equals(other, this->other_addr))
-    {
-        this->other_addr->destroy(this->other_addr);
-        this->other_addr = other->clone(other);
-    }
-    
-    set_state(this, old);
-    
-    return SUCCESS;
-}
-
-/**
- * Implementation of child_sa_t.activate_ipcomp.
- */
-static void activate_ipcomp(private_child_sa_t *this, ipcomp_transform_t ipcomp,
-        u_int16_t other_cpi)
-{
-    this->ipcomp = ipcomp;
-    this->other_cpi = other_cpi;
-}
-
-/**
- * Implementation of child_sa_t.allocate_cpi.
- */
-static u_int16_t allocate_cpi(private_child_sa_t *this)
-{
-    if (!this->cpi_allocated)
-    {
-        charon->kernel_interface->get_cpi(charon->kernel_interface,
-            this->other_addr, this->my_addr, this->reqid, &this->my_cpi);
-        this->cpi_allocated = TRUE;
-    }
-    return this->my_cpi;
-}
-
-/**
- * Implementation of child_sa_t.destroy.
- */
-static void destroy(private_child_sa_t *this)
-{
-    enumerator_t *enumerator;
-    traffic_selector_t *my_ts, *other_ts;
-    
-    set_state(this, CHILD_DESTROYING);
-    
-    /* delete SAs in the kernel, if they are set up */
-    if (this->my_spi)
-    {
-        charon->kernel_interface->del_sa(charon->kernel_interface,
-                    this->my_addr, this->my_spi, this->protocol);
-    }
-    if (this->alloc_esp_spi && this->alloc_esp_spi != this->my_spi)
-    {
-        charon->kernel_interface->del_sa(charon->kernel_interface,
-                    this->my_addr, this->alloc_esp_spi, PROTO_ESP);
-    }
-    if (this->alloc_ah_spi && this->alloc_ah_spi != this->my_spi)
-    {
-        charon->kernel_interface->del_sa(charon->kernel_interface,
-                    this->my_addr, this->alloc_ah_spi, PROTO_AH);
-    }
-    if (this->other_spi)
-    {
-        charon->kernel_interface->del_sa(charon->kernel_interface,
-                    this->other_addr, this->other_spi, this->protocol);
-    }
-    if (this->my_cpi)
-    {
-        charon->kernel_interface->del_sa(charon->kernel_interface,
-                    this->my_addr, htonl(ntohs(this->my_cpi)), IPPROTO_COMP);
-    }
-    if (this->other_cpi)
-    {
-        charon->kernel_interface->del_sa(charon->kernel_interface,
-                    this->other_addr, htonl(ntohs(this->other_cpi)), IPPROTO_COMP);
-    }
-    
-    /* delete all policies in the kernel */
-    enumerator = create_policy_enumerator(this);
-    while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
-    {
-        charon->kernel_interface->del_policy(charon->kernel_interface,
-                                             my_ts, other_ts, POLICY_OUT);
-        charon->kernel_interface->del_policy(charon->kernel_interface,
-                                             other_ts, my_ts, POLICY_IN);
-        charon->kernel_interface->del_policy(charon->kernel_interface,
-                                             other_ts, my_ts, POLICY_FWD);
-    }
-    enumerator->destroy(enumerator);
-    
-    this->my_ts->destroy_offset(this->my_ts, offsetof(traffic_selector_t, destroy));
-    this->other_ts->destroy_offset(this->other_ts, offsetof(traffic_selector_t, destroy));
@@ -910 +936 @@
-    this->config = config;
-    config->get_ref(config);
+
+    /* MIPv6 proxy transport mode sets SA endpoints to TS hosts */  
+    if (config->get_mode(config) == MODE_TRANSPORT &&
+        config->use_proxy_mode(config))
+    {
+        ts_type_t type;
+        int family;
+        chunk_t addr;
+        host_t *host;
+        enumerator_t *enumerator;
+        linked_list_t *my_ts_list, *other_ts_list;
+        traffic_selector_t *my_ts, *other_ts;
+
+        this->mode = MODE_TRANSPORT;
+
+        my_ts_list = config->get_traffic_selectors(config, TRUE, NULL, me);
+        enumerator = my_ts_list->create_enumerator(my_ts_list);
+        if (enumerator->enumerate(enumerator, &my_ts))
+        {
+            if (my_ts->is_host(my_ts, NULL) &&
+               !my_ts->is_host(my_ts, this->my_addr))
+            {
+                type = my_ts->get_type(my_ts);
+                family = (type == TS_IPV4_ADDR_RANGE) ? AF_INET : AF_INET6;
+                addr = my_ts->get_from_address(my_ts);
+                host = host_create_from_chunk(family, addr, 0);
+                free(addr.ptr);
+                DBG1(DBG_CHD, "my address: %H is a transport mode proxy for %H",
+                               this->my_addr, host); 
+                this->my_addr->destroy(this->my_addr);
+                this->my_addr = host;
+            }
+        }
+        enumerator->destroy(enumerator);
+        my_ts_list->destroy_offset(my_ts_list, offsetof(traffic_selector_t, destroy));
+
+        other_ts_list = config->get_traffic_selectors(config, FALSE, NULL, other);
+        enumerator = other_ts_list->create_enumerator(other_ts_list);
+        if (enumerator->enumerate(enumerator, &other_ts))
+        {
+            if (other_ts->is_host(other_ts, NULL) &&
+               !other_ts->is_host(other_ts, this->other_addr))
+            {
+                type = other_ts->get_type(other_ts);
+                family = (type == TS_IPV4_ADDR_RANGE) ? AF_INET : AF_INET6;
+                addr = other_ts->get_from_address(other_ts);
+                host = host_create_from_chunk(family, addr, 0);
+                free(addr.ptr);
+                DBG1(DBG_CHD, "other address: %H is a transport mode proxy for %H",
+                               this->other_addr, host); 
+                this->other_addr->destroy(this->other_addr);
+                this->other_addr = host;
+            }
+        }
+        enumerator->destroy(enumerator);
+        other_ts_list->destroy_offset(other_ts_list, offsetof(traffic_selector_t, destroy));
+    }
-    
-    return &this->public;

trunk/src/charon/sa/child_sa.h

@@ -324 +324 @@
- * Constructor to create a new child_sa_t.
- *
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
- */
-child_sa_t * child_sa_create(host_t *me, host_t *other, child_cfg_t *config,

trunk/src/charon/sa/ike_sa.c

@@ -251 +251 @@
-     */
-    bool ike_initiator;
+
+    /**
+     * local host address to be used for IKE, set via MIGRATE kernel message
+     */
+    host_t *local_host;
+
+    /**
+     * remote host address to be used for IKE, set via MIGRATE kernel message
+     */
+    host_t *remote_host;
-};
-
@@ -944 +954 @@
-}
-
+/**
+ * Implementation of ike_sa_t.set_kmaddress.
+ */
+static void set_kmaddress(private_ike_sa_t *this, host_t *local, host_t *remote)
+{
+    DESTROY_IF(this->local_host);
+    DESTROY_IF(this->remote_host);
+    this->local_host = local->clone(local);
+    this->remote_host = remote->clone(remote);
+}
+
-#ifdef ME
-/**
@@ -1048 +1069 @@
-    host_t *host;
-    
-
-
+
+
+
+
+
+
+
+
+
+
-    if (host)
-    {
@@ -1055 +1084 @@
-    }
-    
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-                            charon->kernel_interface, this->other_host, NULL);
-
-
-
+
+
+
+
-        }
-    }
@@ -1265 +1302 @@
-    my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, me);
-    other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, other);
+
-    status = child_sa->add_policies(child_sa, my_ts, other_ts,
-
+
+
-    my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));
-    other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy));
@@ -1319 +1358 @@
-    return SUCCESS;
-}
+
-/**
- * Implementation of ike_sa_t.process_message.
@@ -1390 +1430 @@
-        me = message->get_destination(message);
-        other = message->get_source(message);
-
+
-        /* if this IKE_SA is virgin, we check for a config */
-        if (this->ike_cfg == NULL)
@@ -2236 +2276 @@
-    DESTROY_IF(this->my_id);
-    DESTROY_IF(this->other_id);
+    DESTROY_IF(this->local_host);
+    DESTROY_IF(this->remote_host);
-    DESTROY_IF(this->eap_identity);
-    
@@ -2320 +2362 @@
-    this->public.get_virtual_ip = (host_t* (*)(ike_sa_t*,bool))get_virtual_ip;
-    this->public.add_dns_server = (void (*)(ike_sa_t*,host_t*))add_dns_server;
+    this->public.set_kmaddress = (void (*)(ike_sa_t*,host_t*,host_t*))set_kmaddress;
-#ifdef ME
-    this->public.act_as_mediation_server = (void (*)(ike_sa_t*)) act_as_mediation_server;
@@ -2335 +2378 @@
-    this->ike_sa_id = ike_sa_id->clone(ike_sa_id);
-    this->child_sas = linked_list_create();
-from_string("%any", IKEV2_UDP_POR
-from_string("%any", IKEV2_UDP_POR
+any(AF_INE
+any(AF_INE
-    this->my_id = identification_create_from_encoding(ID_ANY, chunk_empty);
-    this->other_id = identification_create_from_encoding(ID_ANY, chunk_empty);
@@ -2363 +2406 @@
-    this->keyingtry = 0;
-    this->ike_initiator = FALSE;
+    this->local_host = NULL;
+    this->remote_host = NULL;
-#ifdef ME
-    this->is_mediation_server = FALSE;

trunk/src/charon/sa/ike_sa.h

@@ -866 +866 @@
-    
-    /**
+     * Set local and remote host addresses to be used for IKE.
+     *
+     * These addresses are communicated via the KMADDRESS field of a MIGRATE
+     * message sent via the NETLINK or PF _KEY kernel socket interface.
+     *
+     * @param local         local kmaddress
+     * @param remote        remote kmaddress
+     */
+    void (*set_kmaddress) (ike_sa_t *this, host_t *local, host_t *remote);
+
+    /**
-     * Inherit all attributes of other to this after rekeying.
-     *

trunk/src/charon/sa/tasks/child_create.c

@@ -301 +301 @@
-        {
-            case MODE_TRANSPORT:
-
-
+
+
+
+
-                {
-                    this->mode = MODE_TUNNEL;

trunk/src/pluto/constants.c

@@ -518 +518 @@
-    "BEET",
-    "MOBIKE",
+    "ECDSA",
+    "PROXY",
-    NULL
-    };

trunk/src/pluto/constants.h

@@ -878 +878 @@
-#define POLICY_MOBIKE       LELEM(23)   /* enable MOBIKE for IKEv2  */
-#define POLICY_FORCE_ENCAP  LELEM(24)   /* force UDP encapsulation (IKEv2)  */
-
+
+
-
-/* Any IPsec policy?  If not, a connection description

trunk/src/starter/args.c

@@ -200 +200 @@
-    { ARG_MISC, 0, NULL  /* KW_PFS */                                              },
-    { ARG_MISC, 0, NULL  /* KW_COMPRESS */                                         },
+    { ARG_ENUM, offsetof(starter_conn_t, install_policy), LST_bool                 },
-    { ARG_MISC, 0, NULL  /* KW_AUTH */                                             },
-    { ARG_MISC, 0, NULL  /* KW_AUTHBY */                                           },

trunk/src/starter/confread.c

@@ -80 +80 @@
-    cfg->conn_default.addr_family           = AF_INET;
-    cfg->conn_default.tunnel_addr_family    = AF_INET;
+    cfg->conn_default.install_policy    = TRUE;
-    cfg->conn_default.dpd_delay     =  30; /* seconds */
-    cfg->conn_default.dpd_timeout       = 150; /* seconds */
@@ -498 +499 @@
-            conn->policy &= ~(POLICY_TUNNEL | POLICY_SHUNT_MASK);
-            if (streq(kw->value, "tunnel"))
+            {
-                conn->policy |= POLICY_TUNNEL;
+            }
-            else if (streq(kw->value, "beet"))
+            {
-                conn->policy |= POLICY_BEET;
+            }
+            else if (streq(kw->value, "transport_proxy"))
+            {
+                conn->policy |= POLICY_PROXY;           
+            }   
-            else if (s