Changeset 4639

Timestamp:

11/12/08 16:09:24 (2 months ago)

Author:

martin

Message:

ported some hard-to-merge cherries back to trunk :-/

shame, svn, shame: this was ways to complicated
we should consider a switch to git...

Files:

• trunk (modified) (1 prop)
• trunk/packages (modified) (1 prop)
• trunk/src/charon/config/traffic_selector.c (modified) (4 diffs)
• trunk/src/charon/config/traffic_selector.h (modified) (3 diffs)
• trunk/src/charon/encoding/payloads/traffic_selector_substructure.c (modified) (1 diff)
• trunk/src/charon/kernel/kernel_interface.c (modified) (1 prop)
• trunk/src/charon/plugins/kernel_klips (modified) (1 prop)
• trunk/src/charon/plugins/kernel_netlink (modified) (1 prop)
• trunk/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c (modified) (1 prop)
• trunk/src/charon/plugins/load_tester (modified) (1 prop)
• trunk/src/charon/plugins/sql/pool.c (modified) (3 diffs)
• trunk/src/charon/plugins/sql/sql_attribute.c (modified) (3 diffs)
• trunk/src/charon/sa/child_sa.c (modified) (12 diffs)
• trunk/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c (modified) (2 diffs)
• trunk/src/libstrongswan/utils/host.c (modified) (1 diff)
• trunk/src/libstrongswan/utils/host.h (modified) (1 diff)

trunk/src/charon/config/traffic_selector.c

@@ -407 +407 @@
-static chunk_t get_from_address(private_traffic_selector_t *this)
-{
-    chunk_t from = chunk_empty;
-    
-    switch (this->type)
-    {
-        case TS_IPV4_ADDR_RANGE:
-
-
-
-
-
-
+
-        case TS_IPV6_ADDR_RANGE:
-
-
-
-
-
-
-
-
+
+
+
+
-}
-    
@@ -434 +423 @@
-static chunk_t get_to_address(private_traffic_selector_t *this)
-{
-    chunk_t to = chunk_empty;
-    
-    switch (this->type)
-    {
-        case TS_IPV4_ADDR_RANGE:
-
-
-
-
-
-
+
-        case TS_IPV6_ADDR_RANGE:
-
-
-
-
-
-
-
-
+
+
+
+
-}
-    
@@ -524 +502 @@
-    }
-    return FALSE;
+}
+
+/**
+ * Implementation of traffic_selector_t.is_dynamic
+ */
+static bool is_dynamic(private_traffic_selector_t *this)
+{
+    return this->dynamic;
-}
-
@@ -870 +856 @@
-    this->public.get_protocol = (u_int8_t(*)(traffic_selector_t*))get_protocol;
-    this->public.is_host = (bool(*)(traffic_selector_t*,host_t*))is_host;
+    this->public.is_dynamic = (bool(*)(traffic_selector_t*))is_dynamic;
-    this->public.is_contained_in = (bool(*)(traffic_selector_t*,traffic_selector_t*))is_contained_in;
-    this->public.includes = (bool(*)(traffic_selector_t*,host_t*))includes;

trunk/src/charon/config/traffic_selector.h

@@ -93 +93 @@
-     * Get starting address of this ts as a chunk.
-     *
-order gets allocated
+and points to internal data
-     *
-     * @return          chunk containing the address
@@ -102 +102 @@
-     * Get ending address of this ts as a chunk.
-     *
-order gets allocated
+and points to internal data
-     *
-     * @return          chunk containing the address
@@ -154 +154 @@
-     */
-    bool (*is_host) (traffic_selector_t *this, host_t* host);
+    
+    /**
+     * Check if a traffic selector has been created by create_dynamic().
+     *
+     * @return          TRUE if TS is dynamic
+     */
+    bool (*is_dynamic)(traffic_selector_t *this);
-    
-    /**

trunk/src/charon/encoding/payloads/traffic_selector_substructure.c

@@ -270 +270 @@
-    this->start_port = traffic_selector->get_from_port(traffic_selector);
-    this->end_port = traffic_selector->get_to_port(traffic_selector);
-traffic_selector->get_from_address(traffic_selector
-traffic_selector->get_to_address(traffic_selector
+chunk_clone(traffic_selector->get_from_address(traffic_selector)
+chunk_clone(traffic_selector->get_to_address(traffic_selector)
-    
-    compute_length(this);

trunk/src/charon/plugins/sql/pool.c

@@ -35 +35 @@
- */
-host_t *start = NULL, *end = NULL;
-
-/**
- * create a host from a blob
- */
-static host_t *host_create_from_blob(chunk_t blob)
-{
-    return host_create_from_chunk(blob.len == 4 ? AF_INET : AF_INET6, blob, 0);
-}
-
-/**
@@ -133 +125 @@
-            }
-            
-blob(start_chunk
-blob(end_chunk
+chunk(AF_UNSPEC, start_chunk, 0
+chunk(AF_UNSPEC, end_chunk, 0
-            size = get_pool_size(start_chunk, end_chunk);
-            printf("%8s %15H %15H ", name, start, end);
@@ -542 +534 @@
-                   "name", "address", "status", len, "start", len, "end", "identity");
-        }
-blob(address_chunk
+chunk(AF_UNSPEC, address_chunk, 0
-        identity = identification_create_from_encoding(identity_type, identity_chunk);
-        

trunk/src/charon/plugins/sql/sql_attribute.c

@@ -46 +46 @@
-
-/**
- * read a host_t address from the addresses table
- */
-static host_t *host_from_chunk(chunk_t chunk)
-{
-    switch (chunk.len)
-    {
-        case 4:
-            return host_create_from_chunk(AF_INET, chunk, 0);
-        case 16:
-            return host_create_from_chunk(AF_INET6, chunk, 0);
-        default:
-            return NULL;
-    }
-}
-
-/**
- * lookup/insert an identity
- */
@@ -146 +130 @@
-                DB_UINT, now, DB_UINT, id, DB_UINT, identity) > 0)
-        {
-from_chunk(address
+create_from_chunk(AF_UNSPEC, address, 0
-            if (host)
-            {
@@ -178 +162 @@
-                DB_UINT, id, DB_UINT, now - timeout) > 0)
-        {
-from_chunk(address
+create_from_chunk(AF_UNSPEC, address, 0
-            if (host)
-            {

trunk/src/charon/sa/child_sa.c

@@ -498 +498 @@
-    soft = this->config->get_lifetime(this->config, TRUE);
-    hard = this->config->get_lifetime(this->config, FALSE);
+
-    status = charon->kernel_interface->add_sa(charon->kernel_interface,
-                src, dst, spi, this->protocol, this->reqid,
@@ -618 +619 @@
-                    this->my_spi, this->protocol, this->reqid, mode, this->ipcomp,
-                    this->my_cpi, routed);
-        
-            if (mode == MODE_TUNNEL)
-            {
@@ -626 +626 @@
-                    this->my_cpi, routed);
-            }
-
+   
-            if (status != SUCCESS)
-            {
@@ -634 +634 @@
-        enumerator->destroy(enumerator);
-    }
-
+
-    if (status == SUCCESS)
-    {
@@ -682 +682 @@
-        return NOT_SUPPORTED;
-    }
-    
-    /* update his (responder) SA */
-    if (charon->kernel_interface->update_sa(charon->kernel_interface, this->other_spi, 
@@ -700 +699 @@
-            enumerator_t *enumerator;
-            traffic_selector_t *my_ts, *other_ts;
-
+   
-            /* always use high priorities, as hosts getting updated are INSTALLED */
-            enumerator = create_policy_enumerator(this);
@@ -715 +714 @@
-                                                 other_ts, my_ts, POLICY_FWD, FALSE);
-                }
-
+
-                /* check whether we have to update a "dynamic" traffic selector */
-                if (!me->ip_equals(me, this->my_addr) &&
@@ -727 +726 @@
-                    other_ts->set_address(other_ts, other);
-                }
-
+   
-                /* we reinstall the virtual IP to handle interface roaming
-                 * correctly */
@@ -735 +734 @@
-                    charon->kernel_interface->add_ip(charon->kernel_interface, vip, me);
-                }
-
+       
-                /* reinstall updated policies */
-                charon->kernel_interface->add_policy(charon->kernel_interface,
@@ -756 +755 @@
-        }
-    }
-
+
-    /* apply hosts */
-    if (!this->config->use_proxy_mode(this->config) || this->mode != MODE_TRANSPORT)
@@ -855 +854 @@
-        enumerator->destroy(enumerator);
-    }
-
+
-    this->my_ts->destroy_offset(this->my_ts, offsetof(traffic_selector_t, destroy));
-    this->other_ts->destroy_offset(this->other_ts, offsetof(traffic_selector_t, destroy));
@@ -982 +981 @@
-    return &this->public;
-}
-

trunk/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c

@@ -43 +43 @@
-     */ 
-    long opt_exponent_len;
-
+
-    /* 
-     * Generator value.
@@ -89 +89 @@
-     */
-    BIGNUM *pub_key;
-
+
-    /**
-     * Shared secret

trunk/src/libstrongswan/utils/host.c

@@ -505 +505 @@
-host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port)
-{
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-    this->address.sa_family = family;
-    switch (family)
-    {
-        case AF_INET:
-
-
-
-
-
-
+
-            this->address4.sin_port = htons(port);
-            this->socklen = sizeof(struct sockaddr_in);
-
-
-
-
-
-
-
-
-
+
+
+
-            this->address6.sin6_port = htons(port);
-            this->socklen = sizeof(struct sockaddr_in6);
-
-
-
-
-
-
-
+
+
+
-}
-

trunk/src/libstrongswan/utils/host.h

@@ -171 +171 @@
-
-/**
-
+
+
+
- *
- * @param family        Address family, such as AF_INET or AF_INET6